examwise for installing, configuring, and administering microsoft windows 2000 directory service...
TRANSCRIPT
![Page 1: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/1.jpg)
![Page 2: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/2.jpg)
ExamWise For
Installing, Configuring, and Administering Microsoft Windows 2000
Directory Services Infrastructure
Examination 70-217
Online practice exam provided by BeachFront Quizzer, Inc., Friendswood, Texas
www.bfqonline.com
Author Patrick Simpson
MCSE, MCT, MCNI, MCNE Published by
1103 Middlecreek TotalRecall Publications, Inc.
Friendswood, TX 77546 281-992-3131
NOTE: THIS IS BOOK IS GUARANTEED:
See details at www.TotalRecallPress.com
![Page 3: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/3.jpg)
TotalRecall Publications, Inc.
This Book is sponsored by BeachFront Quizzer, Inc.
Copyright 2003 by TotalRecall Publications, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the United States Copyright Act of 1976, No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means electronic or mechanical or by photocopying, recording, or otherwise without the prior permission of the publisher.
The views expressed in this book are solely those of the author, and do not represent the views of any other party or parties.
Printed in United States of America Printed and bound by Data Duplicators of Houston Texas Printed and bound by Lightning Source, Inc. in the USA and UK
ISBN: 1-59095-618-4 UPC: 6-43977-03217-1
The sponsoring editor is Bruce Moran and the production supervisor is Corby R. Tate.
Worldwide eBook distribution by:
This publication is not sponsored by, endorsed by, or affiliated with Microsoft, Inc. The “Windows® 2000, MCSE™, MCSD™, MCSE+I™, MCT™” Microsoft logos are trademarks or registered trademarks of Microsoft, Inc. in the United States and certain other countries. All other trademarks are trademarks of their respective owners. Throughout this book, trademarked names are used. Rather than put a trademark symbol after every occurrence of a trademarked name, we used names in an editorial fashion only and to the benefit of the trademark owner. No intention of infringement on trademarks is intended.
Disclaimer Notice: Judgments as to the suitability of the information herein for purchaser’s purposes are necessarily the purchaser’s responsibility. BeachFront Quizzer, Inc. and TotalRecall Publications, Inc. extends no warranties, makes no representations, and assumes no responsibility as to the accuracy or suitability of such information for application to the purchaser’s intended purposes or for consequences of its use.
![Page 4: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/4.jpg)
This book is dedicated to my wife Joy, and my children Lucas, Bethany and
Alexander, for their patience and support. Thanks also to Bruce for the
encouragement and support. Lastly, but mostly, thanks be to God, from whom all
gifts proceed
Patrick Simpson
![Page 5: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/5.jpg)
ExamWise™ For
Installing, Configuring, and Administering Microsoft® Windows® 2000 Directory Services Infrastructure
Examination 70-217
BY Patrick Simpson
MCSE, MCT, MCNI, MCNE
About the Author
Patrick Simpson has been a networking professional for more than a decade. Already an
MCSE under Windows NT 4.0, he was an early adopter of Windows 2000, having earned
his Windows 2000 MCSE in May 2001. He is also certified as a Microsoft Certified
Trainer and teaches other networking professionals around the country. Along with his
Microsoft experience, Patrick is a Master CNE and a Master CNI, with expertise in
NetWare 3.x to NetWare 6, GroupWise, ZenWorks, BorderManager, etc. Along with
teaching and consulting, Patrick has authored numerous certification study aids, and
another BFQ Press Book, Designing Security for a Windows 2000 Network.
Patrick lives in Green Bay, WI along with his wife, Joy and three children, Lucas,
Bethany and Alexander. He enjoys playing guitar, camping and boating with the family
and follows the Green Bay Packers with enthusiasm.
About the Contributing Author
Travis Kelly has worked in computer repair and helpdesk for over 7 years and is
currently CIW Certifiable. His computer background is quite varied and he has an
intense interest in the current and future state of technology.
Travis is working towards his bachelor’s degree in Houston, TX.
![Page 6: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/6.jpg)
About The Book
Part of TotalRecall, The Question Book Series, this new Self Help and Interactive Exam
Study Aid with 30-day voucher for online testing is now available for candidate’s
preparing to sit the Microsoft 70-217 Windows 2000 Directory Services Infrastructure
certification exam. The book covers the information associated with each of the exam
topics in detail and includes information found in no other book.
Using the book will help readers determine if they are ready for the Microsoft 70-217
Windows 2000 Directory Services Infrastructure certification exam. This book explains
the concepts in a clear and easy-to-understand manner to help you not only pass the
exam, but to apply the knowledge later in a real-world situation. Helpful tips and time
management techniques will alleviate pre-exam jitters and put you in control.
About Online Testing
www.bfqonline.com practice tests include SelfStudy sessions with instant feed back,
simulative and adaptive testing with detailed explanations. Register at
www.TotalRecallPress.com or send an email Located in the back of the book is a 30-day
voucher for online testing.
NOTE: THIS BOOK IS GUARANTEED: See details at www.TotalRecallPress.com
![Page 7: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/7.jpg)
![Page 8: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/8.jpg)
Table of Contents VII
Table of Contents
About the Author ......................................................................................IV
About the Contributing Author..................................................................IV
About The Book ........................................................................................V
About Online Testing ................................................................................V
About 70-217 Certification .....................................................................VIII
Credit Toward Certification ....................................................................VIII
Audience Profile .....................................................................................VIII
Skills Being Measured .............................................................................IX
Chapter 1: Active Directory 1 Introduction ............................................................................................. 14
Chapter 2: Using DNS With Active Directory Service 101 Introduction ........................................................................................... 100
Chapter 3: Configuration Management 143 Introduction ........................................................................................... 142
Chapter 4: Components of Active Directory 245 Introduction ........................................................................................... 244
Chapter 5: Security in a Directory Services Infrastructure 287 Introduction ........................................................................................... 286
Chapter 6: Remote Installation Services Configuration 315 Introduction ........................................................................................... 314
Chapter 7: Terminology Questions 379 Introduction ........................................................................................... 378
Money Back Book Guarantee 469
Free Practice Exam Online 470
![Page 9: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/9.jpg)
VIII About 70-217 Certification
About 70-217 Certification
Exam 70-217:Installing, Configuring, and Administering Microsoft® Windows 2000
Directory Services Infrastructure
http://www.microsoft.com/traincert/exams/70-217.asp
Information you will find in their document will include the following.
Credit Toward Certification
When you pass the Implementing and Administering a Microsoft® Windows® 2000
Directory Services Infrastructure exam, you achieve Microsoft Certified Professional
status. You also earn credit toward the following certifications:
Core credit toward Microsoft Certified Systems Engineer on Microsoft Windows 2000
certification
Audience Profile
Candidates for this exam operate in medium to very large computing environments that
use the Windows 2000 network operating system. They have a minimum of one year's
experience implementing and administering network operating systems in environments
that have the following characteristics:
• Supported users range from 200-26,000+
• Physical locations range from 5-150+
• Typical network services and applications include file and print, database,
messaging, proxy server or firewall, dial-in server, desktop management, and Web
hosting.
• Connectivity needs include connecting individual offices and users at remote
locations to the corporate network and connecting corporate networks to the Internet.
![Page 10: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/10.jpg)
About 70-217 Certification IX
Skills Being Measured
This certification exam measures your ability to install, configure, and troubleshoot the
Windows 2000 Active Directory™ components, DNS for Active Directory, and Active
Directory security solutions. In addition, this test measures the skills required to manage,
monitor, and optimize the desktop environment by using Group Policy. Before taking the
exam, you should be proficient in the job skills listed below.
A. Installing and Configuring Active Directory
1. Install forests, trees, and domains.
• Automate domain controller installation.
2. Create sites, subnets, site links, and connection objects.
3. Configure server objects. Considerations include site membership and
global catalog designation.
4. Transfer operations master roles.
5. Verify and troubleshoot Active Directory installation.
6. Implement an organizational unit (OU) structure.
B. Installing, Configuring, Managing, Monitoring, and Troubleshooting
DNS for Active Directory
1. Install and configure DNS for Active Directory.
• Integrate Active Directory DNS zones with existing DNS
infrastructure.
• Configure zones for dynamic updates and secure dynamic updates.
• Create and configure DNS records.
2. Manage, monitor, and troubleshoot DNS.
C. Configuring, Managing, Monitoring, Optimizing, and
Troubleshooting Change and Configuration Management
1. Implement and troubleshoot Group Policy.
• Create and modify a Group Policy object (GPO).
• Link to an existing GPO.
• Delegate administrative control of Group Policy.
• Configure Group Policy options.
• Filter Group Policy settings by using security groups.
• Modify Group Policy prioritization.
![Page 11: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/11.jpg)
X About 70-217 Certification
2. Manage and troubleshoot user environments by using Group Policy.
3. Install, configure, manage, and troubleshoot software by using Group
Policy.
4. Manage network configuration by using Group Policy.
5. Configure Active Directory to support Remote Installation Services (RIS).
• Configure RIS options to support remote installations.
• Configure RIS security.
D. Managing, Monitoring, and Optimizing the Components of Active
Directory
1. Manage Active Directory objects.
• Move Active Directory objects.
• Publish resources in Active Directory.
• Locate objects in Active Directory.
• Create and manage objects manually or by using scripting.
• Control access to Active Directory objects.
• Delegate administrative control of objects in Active Directory.
2. Monitor, optimize, and troubleshoot Active Directory performance and
replication.
3. Back up and restore Active Directory.
• Perform an authoritative and a nonauthoritative restore of Active
Directory.
• Recover from a system failure.
• Seize operations master roles.
E. Configuring, Managing, Monitoring, and Troubleshooting Security in
a Directory Services Infrastructure
1. Apply security policies by using Group Policy.
2. Create, analyze, and modify security configurations by using the Security
Configuration and Analysis snap-in and the Security Templates snap-in.
3. Implement an audit policy.
4. Monitor and analyze security events.
![Page 12: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/12.jpg)
Networking Terminology XI
F. Networking Terminology
There are a lot of different terms and acronyms that you will be learning in this book. It
must be assumed that you have a certain amount of networking experience or you may
find it necessary to supplement this material with some other books on the subject of
networks in general. Before we go very far we will need to define some of the common
network terms that we will be using often throughout our text.
• Access control entry (ACE) – A single permissions designation that identifies,
through the use of a SID, a user or groups rights to a given resource.
• Access control list (ACL) – A grouping of different ACEs that is associated with an
object. The ACL tells the operating system what permissions are associated with the
object.
• Active Directory – The directory service architecture that’s included with the
Windows 2000 Server operating system. It provides the basis for Microsoft’s new
distributed network architecture. It allows users to locate objects more easily while
allowing for better network scalability.
• Attribute – The basic properties of an object.
• Container – A specific type of object that is used to hold other Active Directory
objects. Probably the most common container object in Active Directory is the
Organizational Unit (OU).
• Distinguished name (DN) – A naming convention that consists of the entire path
required to get to an object. Every object in Active Directory has a unique DN.
• Domain – The primary method of grouping objects in Active Directory. There is
always at least one domain in Active Directory. Domains represent a single security
boundary in Windows NT and 2000. In Active directory multiple domains that share
a common namespace are referred to as a tree.
• Domain controller – A Windows 2000 Server that maintains a copy of the Active
Directory database. In Windows 2000 all domain controllers are multimaster
enabled. Simply put this means that all domain controllers contain a copy of the
Active Directory database that is editable.
• Domain Name System (DNS) – A hierarchical database used to translate computer
names to IP addresses. It is the primary method of name resolution used on the
Internet as well as in Active Directory.
![Page 13: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/13.jpg)
XII Networking Terminology
• Forest – A grouping of one or more Active Directory. All domains in a forest share
a common schema and global catalog. Trees within a forest trust each other through
two-way transitive trusts.
• Global Catalog – Contains a partial copy of the Active Directory database. The
items found in the Global Catalog are the ones that are most often accessed.
• Group – An object that can contain users, computers or other groups. They are used
by Active Directory as an easy method to assign permissions to different groupings
of objects. In Windows 2000 there are three different types of groups: domain local,
global and universal.
• Group Policy – A method of applying different configuration settings to Active
Directory containers and the objects within them. Collections of policies are referred
to as Group Policy objects (GPOs).
• Kerberos – The primary method of authenticating users in Windows 2000.
• Knowledge Consistency Checker (KCC) – The service that runs on all Active
Directory domain controllers that is responsible for intrasite replication objects.
• Mixed mode – The default mode that domains are created in. This mode allows for
down level compatibility with Windows NT domain controllers.
• Native mode – The mode in which all domain controllers in a given domain are
running the Windows 2000 Server operating system. This mode allows for
additional features that are not available in mixed mode.
• Object – A single unit in Active Directory that is defined by a set of attributes. An
object might be a user, computer or printer.
• Organizational Unit (OU) – An Active Directory container object that can be used
to better categorize objects as well as delegate authority to them.
• Policy – A given set of rules that are applied to a particular object.
• Relative distinguished name (RDN) – The part of the Distinguished Name (DN)
that refers to the name of the object itself.
• Replication – The process of synchronizing a distributed database. Active Directory
uses a method called multi-master replication.
• Schema – The component of Active Directory that defines all of the objects and
attributes within the Active Directory database.
• Site – One or more well-connected subnets that contain Active directory servers.
• Tree – A collection of one or more domains that have two-way transitive trusts and
are part of a contiguous namespace. Multiple trees that trust each other are called a
forest.
![Page 14: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/14.jpg)
Networking Terminology XIII
• Trust – Relationships that are established between domains, trees or forests. In
Windows 2000 these trusts are transitive by default. This means that they are two-
way and that they allow trust to be inherited by others who are trusted. This means
that if A trust B and B trusts C then A will trust C.
• Well-connected – By Microsoft’s reasoning, a network path that is 10MB/sec or
faster
![Page 15: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/15.jpg)
Chapter 1:
Introduction
The purpose of this first chapter is to help familiarize you with the basic concepts of
Active Directory. How quickly you are able to master these concepts will depend on
your background in the computer industry. Those who have an extensive Novell
background will find many of the features of Windows 2000 Active Directory familiar.
As will those of you who have worked with Microsoft Exchange server. A good
fundamental understanding of Windows NT will also be helpful as you strive to learn
these topics.
Regardless of your background, please make sure to spend as much time in Chapter One
as necessary for you to feel comfortable with these ideas. They form the foundation upon
which the understanding of all Active Directory concepts are built. While all of the
concepts in Chapter One are covered much more in depth throughout the rest of the book,
it’s still important to spend the appropriate time in this section.
You might have heard the parable about the man who built his house on sand. Likewise,
if you simply skim through the first chapter you could be building a foundation for
yourself that isn’t solid at all. Now that the ominous warning is out of the way, let’s
move on. Without further ado, let’s begin our journey together into the realm of Active
Directory.
![Page 16: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/16.jpg)
Active Directory 1
Chapter 1: Active Directory
1.
4.
5.
6.
7.
The objective of this chapter is to provide the reader with an understanding of
the following:
Install forests, trees, and domains.
2. Automate domain controller installation.
3. Create sites, subnets, site links, and connection objects.
Configure server objects. Considerations include site membership and global
catalog designation.
Transfer operations master roles.
Verify and troubleshoot Active Directory installation.
Implement an organizational unit (OU) structure.
1. What are two special designations given to domain controllers in Active Directory?
(Choose 2)
A. PDC
B. Global Catalog Server
C. Master Catalog Server
D. Operations Master
2. What are two important functions that a Global Catalog Server performs for users in
Active Directory? (Choose 2)
A. A Global Catalog Server enables a user to search the entire forest to find directory
information.
B. A Global Catalog Server maintains a list of the user's resources.
C. A Global Catalog Server enables the logon process by providing universal group
membership information to the domain controller.
D. A Global Catalog Server allows users to find services anywhere in the world.
![Page 17: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/17.jpg)
Chapter 1:
1. What are two special designations given to domain controllers in Active Directory?
(Choose 2)
A. PDC
*B. Global Catalog Server C. Master Catalog Server
*D. Operations Master Explanation: One of the most significant changes in Windows 2000 is the introduction
of Active Directory. The installation of Active Directory on a domain controller is
invoked by the dcpromo.exe file or choosing the Active Directory Installation
Wizard. As you install Active Directory, you can either specify that this domain
controller will be a domain controller for a new domain or an additional domain
controller for an existing domain. There are no longer PDC and BDC servers in
Windows 2000, just domain controllers and member servers. There are two other
Windows 2000 Server roles that may be assigned to domain controllers: Global
Catalog Server and Operations Master.
2. What are two important functions that a Global Catalog Server performs for users in
Active Directory? (Choose 2)
*A. A Global Catalog Server enables a user to search the entire forest to find
directory information. B. A Global Catalog Server maintains a list of the user's resources.
*C. A Global Catalog Server enables the logon process by providing universal group
membership information to the domain controller. D. A Global Catalog Server allows users to find services anywhere in the world.
Explanation: There are no longer PDC and BDC servers in Windows 2000, just domain
controllers and member servers. There are two other Windows 2000 Server roles that
may be assigned to domain controllers: that of Global Catalog Server and that of
Operations Master. A Global Catalog Server contains information on all objects in
Active Directory, and will respond to queries from clients attempting to locate
resources. An Operations Master is a domain controller that has been assigned to fill
one of five special roles: Schema Master, Domain Naming Master, RID Master, PDC
Emulator and Infrastructure Master.
![Page 18: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/18.jpg)
Active Directory 3
3. What are three of the five Operations Master roles for domain controllers in Active
Directory? (Choose 3)
A. PDC
B. Domain Naming Master
C. Schema Master
D. DNS Master
E. Relative Identifier (RID) Master
![Page 19: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/19.jpg)
Chapter 1:
3. What are three of the five Operations Master roles for domain controllers in Active
Directory? (Choose 3)
A. PDC
*B. Domain Naming Master
*C. Schema Master D. DNS Master
*E. Relative Identifier (RID) Master Explanation: There are no longer PDC and BDC servers in Windows 2000, just domain
controllers and member servers. There are two other Windows 2000 Server roles that
may be assigned to domain controllers: that of Global Catalog Server and that of
Operations Master. A Global Catalog Server contains information on all objects in
Active Directory, and will respond to queries from clients attempting to locate
resources. An Operations Master is a domain controller that has been assigned to fill
one of five special roles: Schema Master, Domain Naming Master, RID Master, PDC
Emulator and Infrastructure Master.
![Page 20: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/20.jpg)
Active Directory 5
4. What type of domain controller in Windows 2000 provides for support of a mixed
mode network containing both Windows 2000 and Windows NT servers?
A. Schema Master
B. Infrastructure Master
C. PDC Emulator
D. RID Master
![Page 21: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/21.jpg)
Chapter 1:
4. What type of domain controller in Windows 2000 provides for support of a mixed
mode network containing both Windows 2000 and Windows NT servers?
A. Schema Master
B. Infrastructure Master
*C. PDC Emulator D. RID Master
Explanation: There are no longer PDC and BDC servers in Windows 2000, just domain
controllers and member servers. There are two other Windows 2000 Server roles that
may be assigned to domain controllers: that of Global Catalog Server and that of
Operations Master. A Global Catalog Server contains information on all objects in
Active Directory, and will respond to queries from clients attempting to locate
resources. An Operations Master is a domain controller that has been assigned to fill
one of five special roles: Schema Master, Domain Naming Master, RID Master, PDC
Emulator and Infrastructure Master. There can only be one Schema Master in a
forest, and it controls all updates to the Active Directory database schema. There can
only be one Domain Naming Master and it controls the addition or removal of
domains in the forest. There can be one RID Master in each domain and it is
responsible for allocating sequences of RIDs to each of the domain controllers in its
domain. PDC Emulators are necessary in networks with Windows NT servers or
computers not yet running Windows 2000 client software. Each domain also needs
an Infrastructure Master to coordinate changes to user accounts and group
memberships.
![Page 22: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/22.jpg)
Active Directory 7
5. How is Active Directory installed in Windows 2000?
A. Active Directory is installed using the Administrative Tool named Active Directory
Manager.
B. Active Directory is installed using the Active Directory Installation Wizard.
C. Active Directory must be installed during the installation of Windows 2000.
D. Active Directory is installed automatically when Windows 2000 is installed.
6. What are three requirements for the installation of Active Directory? (Choose 3)
A. The server needs at least 1 Gb of hard drive space available.
B. The network must be running TCP/IP and using DNS.
C. All workstations must be running Windows 2000 Professional.
D. Your network must have a DNS server that supports SRV records and Dynamic DNS
(DDNS) updates.
E. All servers must be running Windows 2000 Server, Advanced Server or Datacenter
Server.
![Page 23: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/23.jpg)
Chapter 1:
5. How is Active Directory installed in Windows 2000?
A. Active Directory is installed using the Administrative Tool named Active
Directory Manager.
*B. Active Directory is installed using the Active Directory Installation Wizard. C. Active Directory must be installed during the installation of Windows 2000.
D. Active Directory is installed automatically when Windows 2000 is installed.
Explanation: One of the most significant changes in Windows 2000 is the introduction
of Active Directory. The installation of Active Directory on a domain controller is
invoked by the dcpromo.exe file or choosing the Active Directory Installation
Wizard. As you install Active Directory, you can either specify that this domain
controller will be a domain controller for a new domain or an additional domain
controller for an existing domain.
6. What are three requirements for the installation of Active Directory? (Choose 3)
*A. The server needs at least 1 Gb of hard drive space available.
*B. The network must be running TCP/IP and using DNS. C. All workstations must be running Windows 2000 Professional.
*D. Your network must have a DNS server that supports SRV records and Dynamic
DNS (DDNS) updates. E. All servers must be running Windows 2000 Server, Advanced Server or
Datacenter Server.
Explanation: One of the most significant changes in Windows 2000 is the introduction
of Active Directory. The installation of Active Directory on a domain controller is
invoked by the dcpromo.exe file or choosing the Active Directory Installation
Wizard. As you install Active Directory, you can either specify that this domain
controller will be a domain controller for a new domain or an additional domain
controller for an existing domain. Before you install Active Directory, you must have
a server running Windows 2000 Server, Advanced Server or Datacenter Server, an
NTFS volume with 1Gb of space, TCP/IP installed with DNS and a DNS server that
supports SRV records and the Dynamic DNS (DDNS) update protocol. The answer
"All servers must be running Windows 2000 Server, Advanced Server or Datacenter
Server. " would not be correct because not all servers need be Windows 2000.
![Page 24: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/24.jpg)
Active Directory 9
7. What happens when you install Active Directory for the first time in your network?
A. You create the first domain controller and three Active Directory consoles are added
to the Administrative Tools menu.
B. You create the PDC and three Active Directory consoles are added to the
Administrative Tools menu.
C. You create the first domain controller and three Active Directory consoles are added
to the MMC menu.
D. You create the PDC and three Active Directory consoles are added to the MMC menu.
8. What are the two options presented to you by the Active Directory Installation Wizard
when it is first launched? (Choose 2)
A. Create a new domain tree
B. Add a domain controller in an existing domain
C. Join existing forest
D. Create a domain controller for new domain
E. Create a new forest
![Page 25: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/25.jpg)
Chapter 1:
7. What happens when you install Active Directory for the first time in your network?
*A. You create the first domain controller and three Active Directory consoles are
added to the Administrative Tools menu. B. You create the PDC and three Active Directory consoles are added to the
Administrative Tools menu.
C. You create the first domain controller and three Active Directory consoles are
added to the MMC menu.
D. You create the PDC and three Active Directory consoles are added to the MMC
menu.
Explanation: As you install Active Directory, you can either specify that this domain
controller will be a domain controller for a new domain or an additional domain
controller for an existing domain. If you are installing Active Directory for the first
time on your network, then you will create the first domain controller in the forest
and establish the root domain. At the same time, three new consoles are added to
your Windows 2000 Server to aid in Active Directory management: Active Directory
Users and Computers, Active Directory Domains and Trusts, and Active Directory
Sites and Services.
8. What are the two options presented to you by the Active Directory Installation Wizard
when it is first launched? (Choose 2)
A. Create a new domain tree
*B. Add a domain controller in an existing domain C. Join existing forest
*D. Create a domain controller for new domain E. Create a new forest
Explanation: As you install Active Directory, you can either specify that this domain
controller will be a domain controller for a new domain or an additional domain
controller for an existing domain. If you are installing Active Directory for the first
time on your network you will create the first domain controller in the forest and
establish the root domain. At the same time, three new consoles are added to your
Windows 2000 Server to aid in Active Directory management: Active Directory
Users and Computers, Active Directory Domains and Trusts, and Active Directory
Sites and Services.
![Page 26: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/26.jpg)
Active Directory 11
9. What must you configure when creating a new Active Directory domain so that pre-
Windows 2000 workstations can find the domain?
A. DNS
B. New Domain Name
C. Domain NetBIOS Name
D. Domain WINS Name
10. What are the three consoles automatically added to Administrative Tools on the
domain controller during the installation of Active Directory? (Choose 3)
A. Active Directory Users and Groups
B. Active Directory Users and Computers
C. Active Directory Domains and Trusts
D. Active Directory Sites and Services
E. Active Directory Computers and Servers
![Page 27: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/27.jpg)
Chapter 1:
9. What must you configure when creating a new Active Directory domain so that pre-
Windows 2000 workstations can find the domain?
A. DNS
B. New Domain Name
*C. Domain NetBIOS Name D. Domain WINS Name
Explanation: As you install Active Directory, you can either specify that this domain
controller will be a domain controller for a new domain or an additional domain
controller for an existing domain. If you are installing Active Directory for the first
time on your network you will create the first domain controller in the forest and
establish the root domain. To make this domain visible to pre-Windows 2000 clients
and servers, you need to specify a Domain NetBIOS Name. At the same time, three
new consoles are added to your Windows 2000 Server to aid in Active Directory
management: Active Directory Users and Computers, Active Directory Domains and
Trusts, and Active Directory Sites and Services.
10. What are the three consoles automatically added to Administrative Tools on the
domain controller during the installation of Active Directory? (Choose 3)
A. Active Directory Users and Groups
*B. Active Directory Users and Computers
*C. Active Directory Domains and Trusts
*D. Active Directory Sites and Services E. Active Directory Computers and Servers
Explanation: As you install Active Directory, you can either specify that this domain
controller will be a domain controller for a new domain or an additional domain
controller for an existing domain. If you are installing Active Directory for the first
time on your network you will create the first domain controller in the forest and
establish the root domain. To make this domain visible to pre-Windows 2000 clients
and servers, you need to specify a Domain NetBIOS Name. At the same time, three
new consoles are added to your Windows 2000 Server to aid in Active Directory
management: Active Directory Users and Computers, Active Directory Domains and
Trusts, and Active Directory Sites and Services.
![Page 28: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/28.jpg)
Active Directory 13
11. In relation to BFQ.COM, what is SALES.BFQ.COM called?
A. A sub-domain
B. A secondary zone
C. A child domain
D. A parent domain
12. What object is used to centralize control of traffic generated by Active Directory in
networks with multiple subnets connected with links of varying capacity?
A. Replication Manager Object
B. Connection Objects
C. Site Object
D. Site Link Bridge Object
![Page 29: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/29.jpg)
Chapter 1:
11. In relation to BFQ.COM, what is SALES.BFQ.COM called?
A. A sub-domain
B. A secondary zone
*C. A child domain D. A parent domain
Explanation: As you install Active Directory, you can either specify that this domain
controller will be a domain controller for a new domain or an additional domain
controller for an existing domain. If you are installing Active Directory for the first
time on your network you will create the first domain controller in the forest and
establish the root domain. To make this domain visible to pre-Windows 2000 clients
and servers, you need to specify a Domain NetBIOS Name. As you create new
domains, they join the forest as child domains of either the root domain or another
pre-existing domain. In this example the SALES domain has been added beneath the
domain BFQ.COM, thus SALES is said to be a child domain of BFQ.COM.
12. What object is used to centralize control of traffic generated by Active Directory in
networks with multiple subnets connected with links of varying capacity?
A. Replication Manager Object
B. Connection Objects
*C. Site Object D. Site Link Bridge Object
Explanation: The process of updating from one domain controller to another is called
replication. The physical structure of the network, especially the capacity between
subnetworks, has a great impact on this process. To control replication more
effectively, Active Directory provides sites. A site is defined as one or more well-
connected IP subnets. The term well-connected is relative to the speed of the link and
the traffic on the link. When you create the first domain controller in Active
Directory, the Active Directory Installation Wizard creates the Default-First-Site-
Name and assigns the domain controller to the site. This default site will contain all
IP subnets by default, unless you specify otherwise in the creation process.
![Page 30: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/30.jpg)
Active Directory 15
13. What name is given to the Site object created when you install Active Directory for
the first time in your network?
A. Default-First-Site-Name
B. Default-Site
C. First-Site
D. Default-Site-Name
14. What are three objects used by the Knowledge Consistency Checker to configure the
connections between domain controllers? (Choose 3)
A. Server Object
B. KCC Settings Object
C. NTDS Settings Object
D. Connection Object
E. NTDS Link Object
![Page 31: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/31.jpg)
Chapter 1:
13. What name is given to the Site object created when you install Active Directory for
the first time in your network?
*A. Default-First-Site-Name B. Default-Site
C. First-Site
D. Default-Site-Name
Explanation: The process of updating from one domain controller to another is called
replication. The physical structure of the network, especially the capacity between
subnetworks, has a great impact on this process. To control replication more
effectively, Active Directory provides sites. A site is defined as one or more well-
connected IP subnets. The term well-connected is relative to the speed of the link and
the traffic on the link. When you create the first domain controller in Active
Directory the Active Directory Installation Wizard creates the Default-First-Site-
Name and assigns the domain controller to the site. This default site will contain all
IP subnets by default, unless you specify otherwise in the creation process.
14. What are three objects used by the Knowledge Consistency Checker to configure the
connections between domain controllers? (Choose 3)
*A. Server Object B. KCC Settings Object
*C. NTDS Settings Object
*D. Connection Object E. NTDS Link Object
Explanation: A site is defined as one or more well-connected IP subnets. The term well-
connected is relative to the speed of the link and the traffic on the link. When you
create the first domain controller in Active Directory the Active Directory
Installation Wizard creates the Default-First-Site-Name and assigns the domain
controller to the site. This default site will contain all IP subnets by default, unless
you specify otherwise in the creation process. When you add domain controllers to a
site, a process called the Knowledge Consistency Checker (KCC) automatically
configures connections between controllers for replication. The KCC creates
connection objects to represent a one-way replication path between domain
controllers. The connection objects are children of NTDS Settings objects, which are
children of server objects, which represent the actual domain controller.
![Page 32: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/32.jpg)
Active Directory 17
15. What are two situations for which Connection objects need to exist and be
configured? (Choose 2)
A. For workstations to be able to connect for authentication
B. For domain controllers within a site to be able to maintain replication
C. For BDCs to be able to replicate with PDCs
D. For domain controllers in different sites to be able to maintain replication
16. What service is not available when you configure replication between two sites?
A. Change Notification
B. Compressed Traffic
C. Urgent Replication
D. Replication Scheduling
![Page 33: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/33.jpg)
Chapter 1:
15. What are two situations for which Connection objects need to exist and be
configured? (Choose 2)
A. For workstations to be able to connect for authentication
*B. For domain controllers within a site to be able to maintain replication C. For BDCs to be able to replicate with PDCs
*D. For domain controllers in different sites to be able to maintain replication Explanation: When you add domain controllers to a site, a process called the Knowledge
Consistency Checker (KCC) automatically configures connections between
controllers for replication. The KCC creates connection objects to represent a one-
way replication path between domain controllers. The connection objects are
children of NTDS Settings objects, which are children of server objects, which
represent the actual domain controller. The connection objects are necessary for
domain controllers within a site or domain controllers between different sites to
maintain replication.
16. What service is not available when you configure replication between two sites?
A. Change Notification
B. Compressed Traffic
*C. Urgent Replication D. Replication Scheduling
Explanation: When you add domain controllers to a site, a process called the Knowledge
Consistency Checker (KCC) automatically configures connections between
controllers for replication. The KCC creates connection objects to represent a one-
way replication path between domain controllers. The connection objects are
children of NTDS Settings objects, which are children of server objects, which
represent the actual domain controller. The connection objects are necessary for
domain controllers within a site or domain controllers between different sites to
maintain replication. Replication within a site occurs through a change notification
process, whereby a domain controller waits for a configurable interval (by default 5
minutes) and then informs replication partners of changes. Within a site replication
traffic is uncompressed and urgent replication, consisting of security-sensitive
updates, is available. Between sites, replication is defined based on a schedule and an
interval and traffic is always compressed. Urgent replication is not available for
replication between sites.
![Page 34: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/34.jpg)
Active Directory 19
17. What is the name of the process that waits a configurable amount of time after a
change has been made to an object and then sends a notification message to its
replication partners?
A. Replication Scheduling
B. Urgent Replication
C. Change Notification
D. Replication Between Sites
18. What protocol does Active Directory use for replication within a site?
A. TCP/IP
B. RPC over IP
C. SMTP
D. SNMP
![Page 35: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/35.jpg)
Chapter 1:
17. What is the name of the process that waits a configurable amount of time after a
change has been made to an object and then sends a notification message to its
replication partners?
A. Replication Scheduling
B. Urgent Replication
*C. Change Notification D. Replication Between Sites
Explanation: Replication within a site occurs through a change notification process,
whereby a domain controller waits for a configurable interval (by default 5 minutes)
and then informs replication partners of changes. Within a site replication traffic is
uncompressed and urgent replication, consisting of security-sensitive updates, is
available. Between sites, replication is defined based on a schedule and an interval
and traffic is always compressed. Urgent replication is not available for replication
between sites.
18. What protocol does Active Directory use for replication within a site?
A. TCP/IP
*B. RPC over IP C. SMTP
D. SNMP
Explanation: Replication within a site occurs through a change notification process,
whereby a domain controller waits for a configurable interval (by default 5 minutes)
and then informs replication partners of changes. Within a site replication traffic is
uncompressed and urgent replication, consisting of security-sensitive updates, is
available. Active Directory uses remote procedure calls (RPC) over IP for replication
within a site. Between sites, replication is defined based on a schedule and an
interval and traffic is always compressed. Urgent replication is not available for
replication between sites. Active directory replication between sites can be
accomplished either through RPC over IP or SMTP (Simple Mail Transfer Protocol).
![Page 36: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/36.jpg)
Active Directory 21
19. What are the two protocols used for replication between sites by Active Directory?
(Choose 2)
A. NetBIOS
B. RPC over IP
C. SMTP
D. SNMP
20. What are two additional objects in Active Directory for use in configuring replication
between sites? (Choose 2)
A. Site Links
B. Site Bridges
C. Link Bridges
D. Site Link Bridges
![Page 37: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/37.jpg)
Chapter 1:
19. What are the two protocols used for replication between sites by Active Directory?
(Choose 2)
A. NetBIOS
*B. RPC over IP
*C. SMTP D. SNMP
Explanation: Replication within a site occurs through a change notification process,
whereby a domain controller waits for a configurable interval (by default 5 minutes)
and then informs replication partners of changes. Within a site replication traffic is
uncompressed and urgent replication, consisting of security-sensitive updates, is
available. Active Directory uses remote procedure calls (RPC) over IP for replication
within a site. Between sites, replication is defined based on a schedule and an
interval and traffic is always compressed. Urgent replication is not available for
replication between sites. Active directory replication between sites can be
accomplished either through RPC over IP or SMTP (Simple Mail Transfer Protocol).
20. What are two additional objects in Active Directory for use in configuring replication
between sites? (Choose 2)
*A. Site Links B. Site Bridges
C. Link Bridges
*D. Site Link Bridges Explanation: When you add domain controllers to a site, a process called the Knowledge
Consistency Checker (KCC) automatically configures connections between
controllers for replication. The KCC creates connection objects to represent a one-
way replication path between domain controllers. The connection objects are
children of NTDS Settings objects, which are children of server objects, which
represent the actual domain controller. The connection objects are necessary for
domain controllers within a site or domain controllers between different sites to
maintain replication. Between sites, replication is defined based on a schedule and an
interval and traffic is always compressed. Urgent replication is not available for
replication between sites. Active directory replication between sites can be
accomplished either through RPC over IP or SMTP (Simple Mail Transfer Protocol).
For configuration of replication between sites there are two additional objects: site
link objects and site link bridge objects.
![Page 38: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/38.jpg)
Active Directory 23
21. What are three values that you can configure in the Site Link Properties box? (Choose
3)
A. Protocol (RPC over IP or SMTP)
B. Replication Cost
C. Replication Interval
D. Replication Schedule
E. Replication Compression
22. What two setting are required to create a new site in Active Directory? (Choose 2)
A. Site Name
B. Site Cost
C. Association with a Site Link
D. Association with a Domain Controller
![Page 39: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/39.jpg)
Chapter 1:
21. What are three values that you can configure in the Site Link Properties box? (Choose
3)
A. Protocol (RPC over IP or SMTP)
*B. Replication Cost
*C. Replication Interval
*D. Replication Schedule E. Replication Compression
Explanation: Between sites, replication is defined based on a schedule and an interval
and traffic is always compressed. Urgent replication is not available for replication
between sites. Active directory replication between sites can be accomplished either
through RPC over IP or SMTP (Simple Mail Transfer Protocol). For configuration of
replication between sites there are two additional objects: site link objects and site
link bridge objects. Site links contain three values that can be used to configure
replication: cost, interval and schedule. Cost is an arbitrary value, interval defines
how frequently replication should occur and schedule says when the site link is
available for replication to occur at all.
22. What two setting are required to create a new site in Active Directory? (Choose 2)
*A. Site Name B. Site Cost
*C. Association with a Site Link D. Association with a Domain Controller
Explanation: A site is defined as one or more well-connected IP subnets, where the term
well-connected is relative to the speed of the link and the traffic on the link. When
you create the first domain controller in Active Directory the Active Directory
Installation Wizard creates the Default-First-Site-Name and assigns the domain
controller to the site. This default site will contain all IP subnets by default, unless
you specify otherwise in the creation process. To manually create a site, simply open
Active Directory Sites and Services, click create new site, then name the site and
associate it with a site link.
![Page 40: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/40.jpg)
Active Directory 25
23. After creating sites in Active Directory, what is the next step in implementing the
physical structure?
A. The next step involves creating Site Links.
B. The next step involves setting replication configuration.
C. The next step involves creating IP subnets.
D. The next step involves creating a Global Catalog.
![Page 41: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/41.jpg)
Chapter 1:
23. After creating sites in Active Directory, what is the next step in implementing the
physical structure?
A. The next step involves creating Site Links.
B. The next step involves setting replication configuration.
*C. The next step involves creating IP subnets. D. The next step involves creating a Global Catalog.
Explanation: A site is defined as one or more well-connected IP subnets, where the term
well-connected is relative to the speed of the link and the traffic on the link. When
you create the first domain controller in Active Directory the Active Directory
Installation Wizard creates the Default-First-Site-Name and assigns the domain
controller to the site. This default site will contain all IP subnets by default, unless
you specify otherwise in the creation process. To manually create a site, simply open
Active Directory Sites and Services, click create new site, then name the site and
associate it with a site link. After you have created sites, the next step in creating the
physical structure in Active Directory is creating subnets.
![Page 42: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/42.jpg)
Active Directory 27
24. You are the administrator of BFQ, Inc., and have just installed Active Directory and 8
additional Domain Controllers. After you create sites and subnets, where will the
server objects corresponding to the Domain Controllers reside in Active Directory?
A. The server objects for the Domain Controllers will reside in their respective subnets.
B. The server objects for the Domain Controllers will reside in the sites you specify when
you create the site object.
C. The server objects for the Domain Controllers will reside in the Default-First-Site-
Name site and will need to be moved to the correct site using Active Directory Sites
and Services.
D. The server objects for the Domain Controllers will not yet exist and can now be
created in the appropriate site.
![Page 43: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/43.jpg)
Chapter 1:
24. You are the administrator of BFQ, Inc., and have just installed Active Directory and 8
additional Domain Controllers. After you create sites and subnets, where will the
server objects corresponding to the Domain Controllers reside in Active Directory?
A. The server objects for the Domain Controllers will reside in their respective
subnets.
B. The server objects for the Domain Controllers will reside in the sites you specify
when you create the site object.
*C. The server objects for the Domain Controllers will reside in the Default-First-
Site-Name site and will need to be moved to the correct site using Active
Directory Sites and Services. D. The server objects for the Domain Controllers will not yet exist and can now be
created in the appropriate site.
Explanation: A site is defined as one or more well-connected IP subnets, where the term
well-connected is relative to the speed of the link and the traffic on the link. When
you create the first domain controller in Active Directory the Active Directory
Installation Wizard creates the Default-First-Site-Name and assigns the domain
controller to the site. This default site will contain all IP subnets by default, unless
you specify otherwise in the creation process. Additionally, the Default-First-Site-
Name will be associated with all domain controller server objects unless you specify
otherwise. If you have created your domain controllers before defining sites, you will
need to use Active Directory Sites and Services console to move the domain
controller server objects to the appropriate site.
![Page 44: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/44.jpg)
Active Directory 29
25. What must you do to move a server object in Active Directory?
A. Server objects cannot be moved. You must delete the object and re-create it.
B. Server objects cannot be moved. You must reinstall Active Directory on the Domain
Controller.
C. In Active Directory Sites and Services, right click the server object and choose move,
then drag and drop it.
D. You can move the server object from within the Site object by browsing in Active
Directory and choosing the server object.
26. What are two properties that need to be identified when creating a Site Link?
(Choose 2)
A. Site Link Name
B. Site Link Subnet
C. Site Link Protocol
D. Site Link Sites
![Page 45: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/45.jpg)
Chapter 1:
25. What must you do to move a server object in Active Directory?
A. Server objects cannot be moved. You must delete the object and re-create it.
B. Server objects cannot be moved. You must reinstall Active Directory on the
Domain Controller.
*C. In Active Directory Sites and Services, right click the server object and choose
move, then drag and drop it. D. You can move the server object from within the Site object by browsing in
Active Directory and choosing the server object.
Explanation: A site is defined as one or more well-connected IP subnets, where the term
well-connected is relative to the speed of the link and the traffic on the link. When
you create the first domain controller in Active Directory the Active Directory
Installation Wizard creates the Default-First-Site-Name and assigns the domain
controller to the site. This default site will contain all IP subnets by default, unless
you specify otherwise in the creation process. Additionally, the Default-First-Site-
Name will be associated with all domain controller server objects unless you specify
otherwise. If you have created your domain controllers before defining sites, you will
need to use Active Directory Sites and Services console to move the domain
controller server objects to the appropriate site.
26. What are two properties that need to be identified when creating a Site Link?
(Choose 2)
*A. Site Link Name B. Site Link Subnet
C. Site Link Protocol
*D. Site Link Sites Explanation: For configuration of replication between sites there are two additional
objects: site link objects and site link bridge objects. Site links contain three values
that can be used to configure replication: cost, interval and schedule. Cost is an
arbitrary value, Interval defines how frequently replication should occur and
schedule says when the site link is available for replication to occur at all. The
creation of a site link in Active Directory Sites and Services requires a name and two
or more sites to be linked. Configuration of the site link then consists of specifying
the replication protocol and setting the cost, interval and schedule values.
![Page 46: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/46.jpg)
Active Directory 31
27. What must you do if your network is not fully routed and you need to create site link
bridges?
A. You must first enable routing across your network.
B. You must disable the default bridging of site links.
C. You must enable routing in the protocol section of the site links.
D. You must first disable the default routing of all site links.
![Page 47: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/47.jpg)
Chapter 1:
27. What must you do if your network is not fully routed and you need to create site link
bridges?
A. You must first enable routing across your network.
*B. You must disable the default bridging of site links. C. You must enable routing in the protocol section of the site links.
D. You must first disable the default routing of all site links.
Explanation: For configuration of replication between sites there are two additional
objects: site link objects and site link bridge objects. Site links contain three values
that can be used to configure replication: cost, interval and schedule. Cost is an
arbitrary value, Interval defines how frequently replication should occur and
schedule says when the site link is available for replication to occur at all. The
creation of a site link in Active Directory Sites and Services requires a name and two
or more sites to be linked. Configuration of the site link then consists of specifying
the replication protocol and setting the cost, interval and schedule values. Site link
bridges represent sets of site links that all use the same replication protocol. If your
network is routed, then site links are bridged by default and you need not create site
link bridges. Otherwise, to create a site link bridge, you must open Site in Active
Directory Sites and Services and choose Inter-Site Transports - New Site Link
Bridge. Then you simply name the bridge and assign two or more site links and click
Add.
![Page 48: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/48.jpg)
Active Directory 33
28. As the administrator for BFQ, Inc. what can you do to decrease the traffic created by
queries to the Global Catalog across sites?
A. You can limit Global Catalog searches to the local site only.
B. You can create separate forests so that searches will remain local.
C. You can create additional Global Catalog Servers so that the catalog is available
locally.
D. You can create a local catalog, and then searches will not cross WAN links.
![Page 49: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/49.jpg)
Chapter 1:
28. As the administrator for BFQ, Inc. what can you do to decrease the traffic created by
queries to the Global Catalog across sites?
A. You can limit Global Catalog searches to the local site only.
B. You can create separate forests so that searches will remain local.
*C. You can create additional Global Catalog Servers so that the catalog is available
locally. D. You can create a local catalog, and then searches will not cross WAN links.
Explanation: For configuration of replication between sites there are two additional
objects: site link objects and site link bridge objects. Site links contain three values
that can be used to configure replication: cost, interval and schedule. Cost is an
arbitrary value, Interval defines how frequently replication should occur and
schedule says when the site link is available for replication to occur at all. The
creation of a site link in Active Directory Sites and Services requires a name and two
or more sites to be linked. Configuration of the site link then consists of specifying
the replication protocol and setting the cost, interval and schedule values. To reduce
traffic further between sites, you can create a separate Global Catalog Server at each
site, so that queries will not cross slow network links. This is done in the NTDS
Settings tab under Sites in Active Directory Sites and Services.
![Page 50: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/50.jpg)
Active Directory 35
29. What are the two main types of network traffic affected by the existence of sites?
(Choose 2)
A. Routing traffic
B. Logon traffic
C. Replication traffic
D. IP broadcast traffic
30. You are the administrator of BFQ, Inc., a company with offices in Dallas, London
and New York City. New York City has T-1 lines to both of the other locations,
while they have only a 56KBps between them. How many sites will need to be
created for this network?
A. 2 sites
B. 3 sites
C. 4 sites
D. None
E. 6 sites
![Page 51: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/51.jpg)
Chapter 1:
29. What are the two main types of network traffic affected by the existence of sites?
(Choose 2)
A. Routing traffic
*B. Logon traffic
*C. Replication traffic D. IP broadcast traffic
Explanation: Clearly, of the answers presented, only replication and logon traffic are
reasonable. Routing traffic on large IP internetworks is already well optimized
through the use of OSPF, and IP broadcasts are not forwarded across routers by
default.
30. You are the administrator of BFQ, Inc., a company with offices in Dallas, London
and New York City. New York City has T-1 lines to both of the other locations,
while they have only a 56KBps between them. How many sites will need to be
created for this network?
A. 2 sites
*B. 3 sites C. 4 sites
D. None
E. 6 sites
Explanation: 3 Sites will need to be created for this network. One for Dallas, one for
London, and one for New York City.
![Page 52: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/52.jpg)
Active Directory 37
31. What do you use to create Organizational Unit objects in Active Directory?
A. Active Directory Users and Computers
B. Active Directory Sites and Services
C. Active Directory Domains and Forests
D. Active Directory Tree
32. What are the three scopes available for groups in Active Directory? (Choose 3)
A. Domain Local
B. Global
C. Security
D. Distribution
E. Universal
![Page 53: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/53.jpg)
Chapter 1:
31. What do you use to create Organizational Unit objects in Active Directory?
*A. Active Directory Users and Computers B. Active Directory Sites and Services
C. Active Directory Domains and Forests
D. Active Directory Tree
Explanation: Organizational Unit objects are container objects in Active Directory, and
can contain other AD objects such as user, computer, and group objects. To create an
Organizational Unit object below another OU, the user must have the Read, List
Contents and Create Organizational Unit Objects permissions. Certainly, members of
the Administrators group can create OUs anywhere in the forest by default. To create
an OU, open Active Directory Users and Computers, then right-click the container in
which you wish to create an OU, select New, and name the new OU.
32. What are the three scopes available for groups in Active Directory? (Choose 3)
*A. Domain Local
*B. Global C. Security
D. Distribution
*E. Universal Explanation: Organizational Unit objects are container objects in Active Directory and
can contain other AD objects such as user, computer, and group objects. In Active
Directory there are two basic group types: Security groups and Distribution groups.
Security groups are used to grant or deny rights or permissions while Distribution
groups are used for sending e-mails with e-mail applications. Both types of groups
have an attribute called scope, which determines who can be a member and where
the group can be used. The three scopes are domain local, global and universal.
Domain Local groups (in a native mode domain) can contain user accounts, Global
groups and Universal groups from any domain in the forest, and other domain Local
groups from the same domain. In a mixed mode domain, domain Local groups can
contain user accounts and Global groups from any domain. Global groups, in a
native domain, can contain user accounts and Global groups from the domain in
which the Global group exists. In mixed mode the Global group can contain only
user accounts from the domain in which it exists. Universal groups can only be
created in domains operating in native mode. They can contain user accounts, Global
groups and other Universal groups from any domain in the forest.
![Page 54: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/54.jpg)
Active Directory 39
33. As the administrator in your domain you are trying to troubleshoot your domain's
replication topology. The first step in the troubleshooting process is to determine the
number of replication topologies that exist within your single Windows 2000 Active
Directory domain structure. Which of the following represent a replication topology
naming context? (Choose three.)
A. Schema naming context
B. Domain naming context
C. Configuration naming context
D. Site naming context
E. Global Catalog naming context
![Page 55: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/55.jpg)
Chapter 1:
33. As the administrator in your domain you are trying to troubleshoot your domain's
replication topology. The first step in the troubleshooting process is to determine the
number of replication topologies that exist within your single Windows 2000 Active
Directory domain structure. Which of the following represent a replication topology
naming context? (Choose three.)
*A. Schema naming context
*B. Domain naming context
*C. Configuration naming context D. Site naming context
E. Global Catalog naming context
Explanation: The Configuration naming context is an enterprise-wide naming context
that includes information about all the sites, domain and domain controllers in the
forest and the domain controller replication connections. The Schema naming
context is also an enterprise-wide naming context that contains the definitions of the
objects and attributes that can be created within the Active Directory namespace. The
Domain naming context is only replicated within the domain to other domain
controllers in that domain. A naming context is a specific region within the Active
directory namespace and defines the boundary of replication. There are no site or
global catalog naming contexts.
![Page 56: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/56.jpg)
Active Directory 41
34. As the domain administrator you are responsible for the creation of multiple user
accounts. You have established the naming convention of the first letter of the user's
first name, and first six characters of the last name. As you begin to add users, you
get an error message indicating that an object with that username already exists.
What is responsible for preventing user objects with the same name from being
created in the Active Directory?
A. Active Directory Users and Computers prevent the creation of user objects with
identical object names within the same domain.
B. Active Directory Sites and Services prevent the creation of user objects with identical
object names within the same domain.
C. The Active Directory polices itself, preventing the creation of user objects with
identical object names within the same domain.
D. The Schema prevents the creation of user objects with identical object names within
the same domain.
![Page 57: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/57.jpg)
Chapter 1:
34. As the domain administrator you are responsible for the creation of multiple user
accounts. You have established the naming convention of the first letter of the user's
first name, and first six characters of the last name. As you begin to add users, you
get an error message indicating that an object with that username already exists.
What is responsible for preventing user objects with the same name from being
created in the Active Directory?
*A. Active Directory Users and Computers prevent the creation of user objects with
identical object names within the same domain. B. Active Directory Sites and Services prevent the creation of user objects with
identical object names within the same domain.
C. The Active Directory polices itself, preventing the creation of user objects with
identical object names within the same domain.
D. The Schema prevents the creation of user objects with identical object names
within the same domain.
Explanation: Active Directory Users and Computers prevent the creation of user objects
with identical object names. If you use an alternative method of adding users to the
domain, such as scripting, you should incorporate duplication checking into your
script. Active Directory Sites and Services are used to add sites and replication
connections. The Active Directory does not police itself. The schema defines the
object classes and object attributes that can be created within the Active Directory
but does not prevent against object duplication.
![Page 58: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/58.jpg)
Active Directory 43
35. You are the administrator responsible for the implementation of the AD logical
structure. What tools can you use to add objects to the Active Directory? (Choose
four.)
A. Active Directory Users and Computers
B. Active Directory Sites and Services
C. ADSI
D. Movetree
E. LDIFDE.exe
36. As the administrator you have been asked to move users from one domain to another
domain within the same forest. What tool would you use to accomplish this?
A. Movetree
B. Cloneprincipal
C. Active Directory Users and Computers
D. Active Directory Sites and Services
![Page 59: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/59.jpg)
Chapter 1:
35. You are the administrator responsible for the implementation of the AD logical
structure. What tools can you use to add objects to the Active Directory? (Choose
four.)
*A. Active Directory Users and Computers B. Active Directory Sites and Services
*C. ADSI
*D. Movetree
*E. LDIFDE.exe Explanation: Active Directory Users and Computers, ADSI scripts, Movetree, and
LDIFDE.exe can all be used to add objects to the Active Directory. Active Directory
Users and Computers is one of the default Administrative tools included with the
operating system. It is also possible to write an Active Directory Scripting Interface
(ADSI) script to add objects. Movetree is a Resource Kit utility that can be used to
move users from one domain to another within the same forest. LDIFDE.exe is a
Resource Kit utility that can be used perform bulk imports or exports of users into
the Active Directory. Xcopy is a DOS utility that is used for copying files, not Active
Directory objects. Usrmgr is the Windows NT 4 User Manager utility and can not be
used to add objects to the Active Directory.
36. As the administrator you have been asked to move users from one domain to another
domain within the same forest. What tool would you use to accomplish this?
*A. Movetree B. Cloneprincipal
C. Active Directory Users and Computers
D. Active Directory Sites and Services
Explanation: Movetree is a utility found on the Windows 2000 Resource Kit that allows
you to move users between different domains in the same forest. Cloneprincipal is
also a utility found on the Windows 2000 Resource Kit but it is used to move users
and groups between domains in different forests and only works between different
domains in different forests. Active Directory Users and Computers can be used to
create, modify and delete users in a domain but not move them. Active Directory
Sites and Services does not allow you to manage users and groups.
![Page 60: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/60.jpg)
Active Directory 45
37. As the administrator you have been asked to move users from one domain in one
forest to another domain in a second forest. What tool would you use to accomplish
this?
A. Movetree
B. Cloneprincipal
C. Active Directory Users and Computers
D. Active Directory Sites and Services
38. NASA spent millions of dollars on a space program project that involved trying to
design a pen that works in a zero gravity environment. At the same time the Russian
space program decided to use a pencil in zero gravity environments. Which of the
following planning guidelines best represents the Russians' methodology?
A. Keep it simple
B. Aim for the ideal design
C. Evaluate multiple alternatives
D. Anticipate change
![Page 61: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/61.jpg)
Chapter 1:
37. As the administrator you have been asked to move users from one domain in one
forest to another domain in a second forest. What tool would you use to accomplish
this?
A. Movetree
*B. Cloneprincipal C. Active Directory Users and Computers
D. Active Directory Sites and Services
Explanation: Cloneprincipal is a utility found on the Windows 2000 Resource Kit and is
used to move users and groups between domains in different forests but only works
between different domains in different forests. Movetree is also a utility found on the
Windows 2000 Resource Kit that allows you to move users between different
domains in the same forest. Active Directory Users and Computers can be used to
create, modify and delete users in a domain but not move them. Active Directory
Sites and Services does not allow you to manage users and groups.
38. NASA spent millions of dollars on a space program project that involved trying to
design a pen that works in a zero gravity environment. At the same time the Russian
space program decided to use a pencil in zero gravity environments. Which of the
following planning guidelines best represents the Russians' methodology?
*A. Keep it simple B. Aim for the ideal design
C. Evaluate multiple alternatives
D. Anticipate change
Explanation: Keeping it simple best represents the Russians' methodology. Aiming for
the ideal design would be the methodology used by the Americans. Evaluating
multiple alternatives could have applied to both countries in this example but not
enough information was given to make that assumption. Anticipate change too could
have applied to both countries but again not enough information was given to make
that assumption.
![Page 62: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/62.jpg)
Active Directory 47
39. NASA spent millions of dollars to do with a space program project that involved
trying to design a pen that works in a zero gravity environment. At the same time the
Russian space program decided to use a pencil in a zero gravity environment. Which
of the following planning guidelines best represents the Americans' methodology?
A. Keep it simple
B. Aim for the ideal design
C. Evaluate multiple alternatives
D. Anticipate change
40. As the administrator of the mcsejobs.net Windows 2000 directory service you are
responsible for the creation, management and deletion of all the objects in the
directory. You have recently hired a summer student named Chloe Ward to assist
you in your responsibilities, and are trying to explain the concept of a distinguished
name to help Chloe locate the correct object in the directory service. To demonstrate
this, you open Active Directory Users and Computers and create an account for
Chloe with a username of "cward" in the Users container. What is the distinguished
name of Chloe's user object?
A. CN=Chloe Ward,CN=Users,DC=mcsejobs,DC=net
B. CN=Cward,CN=Users,DC=mcsejobs, DC=net
C. CN=Chloe Ward,OU=Users,DC=mcsejobs,DC=net
D. CN=Cward,CN=Users,DC=mcsejobs.net
![Page 63: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/63.jpg)
Chapter 1:
39. NASA spent millions of dollars to do with a space program project that involved
trying to design a pen that works in a zero gravity environment. At the same time the
Russian space program decided to use a pencil in a zero gravity environment. Which
of the following planning guidelines best represents the Americans' methodology?
A. Keep it simple
*B. Aim for the ideal design C. Evaluate multiple alternatives
D. Anticipate change
Explanation: Aiming for the ideal design represents the Americans' methodology in this
case. Obviously one of the problems with aiming for the ideal design is that it is
possible that you can get caught up in the pursuit of excellence and lose sight of
other important decision criteria. Keeping it simple best represents the Russians'
methodology. Evaluating multiple alternatives could have applied to both countries
in this example but not enough information was given to make that assumption.
Anticipate change too could have applied to both countries but again not enough
information was given to make that assumption.
40. As the administrator of the mcsejobs.net Windows 2000 directory service you are
responsible for the creation, management and deletion of all the objects in the
directory. You have recently hired a summer student named Chloe Ward to assist
you in your responsibilities, and are trying to explain the concept of a distinguished
name to help Chloe locate the correct object in the directory service. To demonstrate
this, you open Active Directory Users and Computers and create an account for
Chloe with a username of "cward" in the Users container. What is the distinguished
name of Chloe's user object?
*A. CN=Chloe Ward,CN=Users,DC=mcsejobs,DC=net B. CN=Cward,CN=Users,DC=mcsejobs, DC=net
C. CN=Chloe Ward,OU=Users,DC=mcsejobs,DC=net
D. CN=Cward,CN=Users,DC=mcsejobs.net
Explanation: Every object in the Active Directory has a distinguished name that
identifies the domain in which the object is located and the complete path by which
the object is reached. The path consists of common names (CN), organizational units
(OU) and domain components (DC). The correct distinguished name in this example
points to the common name Chloe Ward, followed by the common name Users, the
container where the Chloe Ward object resides. Next are the domain components
mcsejobs and net which indicate the correct domain that the object is located in.
![Page 64: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/64.jpg)
Active Directory 49
41. As the administrator you have been asked to move computers from one domain in one
forest to another domain in a different forest. What tool would you use to accomplish
this?
A. Movetree
B. Cloneprincipal
C. Active Directory Users and Computers
D. Netdom
42. As the administrator of your organization's Active Directory domain, you have
learned through working with the directory service that certain names and identifiers
are required to be unique in the Active Directory. Which of the following names and
identifiers are required to be unique within a forest? (Choose four.)
A. Distinguished name
B. Relative distinguished name
C. Globally Unique Identifier (GUID)
D. User Principal Name
E. Object Identifier (OID)
![Page 65: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/65.jpg)
Chapter 1:
41. As the administrator you have been asked to move computers from one domain in one
forest to another domain in a different forest. What tool would you use to accomplish
this?
A. Movetree
B. Cloneprincipal
C. Active Directory Users and Computers
*D. Netdom Explanation: Netdom.exe is a Resource Kit utility that can be used to move computers
from one domain in one forest to another domain in another forest. Cloneprincipal is
a Resource Kit utility that can be used to move users and groups between domains,
but only if the domains are in different forests. Movetree is a Resource Kit utility
that can be used to move users and groups between domains in the same forest.
Active Directory Users and Computers can not be used to move computers between
domains, only between OUs within the same domain.
42. As the administrator of your organization's Active Directory domain, you have
learned through working with the directory service that certain names and identifiers
are required to be unique in the Active Directory. Which of the following names and
identifiers are required to be unique within a forest? (Choose four.)
*A. Distinguished name B. Relative distinguished name
*C. Globally Unique Identifier (GUID)
*D. User Principal Name
*E. Object Identifier (OID)Explanation: A distinguished name is guaranteed to be unique in a forest as the Active
Directory does not allow two objects with the same relative distinguished name
within the same container. The Relative Distinguished Name only has to be unique
within its parent container, not within the forest. An example of this would be two
users named Jane Smith existing in the forest but in different containers. The first
Jane Smith could be created in the Users container and the second Jane Smith could
be created within an OU named Sales. A GUID is a 128-bit hexadecimal
representation that Windows 2000 assigns to an object when created and is required
to be unique. An OID is also required to be unique. An OID is required when adding
object classes or object attributes to the schema.
![Page 66: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/66.jpg)
Active Directory 51
43. As the administrator of your organization's Active Directory domain, you have
learned through working with the directory service that certain names and identifiers
are required to be unique in the Active Directory. Of the following names and
identifiers which two could be duplicated within a forest even though they are
required to be unique? (Choose two.)
A. Distinguished name
B. Relative distinguished name
C. Globally Unique Identifier (GUID)
D. User Principal Name
E. Object Identifier (OID)
44. In designing your Active Directory structure, you have decided to replace some
existing NT 4.0 domains with organizational units in Windows 2000. Within which
of the following logical and physical components can an organizational unit be
created? (Choose two.)
A. Domain
B. Organizational Unit
C. Schema
D. Site
![Page 67: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/67.jpg)
Chapter 1:
43. As the administrator of your organization's Active Directory domain, you have
learned through working with the directory service that certain names and identifiers
are required to be unique in the Active Directory. Of the following names and
identifiers which two could be duplicated within a forest even though they are
required to be unique? (Choose two.)
A. Distinguished name
*B. Relative distinguished name C. Globally Unique Identifier (GUID)
*D. User Principal Name E. Object Identifier (OID)
Explanation: A Relative Distinguished Name only has to be unique within its parent
container, not within the forest. The creation of users simultaneously on different
domain controllers could allow for two users with identical Relative Distinguished
names to be created. The same is true of User Principal Names. If two users were
created simultaneously, two identical UPNs could be created. A distinguished name
is guaranteed to be unique in a forest as the Active Directory does not allow two
objects with the same relative distinguished name within the same container. A
GUID is a 128-bit hexadecimal representation that Windows 2000 assigns to an
object when created and is required to be unique. An OID is also required to be
unique. An OID is required when adding object classes or object attributes to the
schema.
44. In designing your Active Directory structure, you have decided to replace some
existing NT 4.0 domains with organizational units in Windows 2000. Within which
of the following logical and physical components can an organizational unit be
created? (Choose two.)
*A. Domain
*B. Organizational Unit C. Schema
D. Site
Explanation: An organizational unit can be created in both a domain and in another
organizational unit. An organizational unit cannot be created within the schema or at
the site level. The schema allows for organizational units to be created but the
schema is an object itself within the Active Directory. A domain can be a member of
a site, and an organizational unit can be created within a domain, but an OU can not
be created directly within a site.
![Page 68: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/68.jpg)
Active Directory 53
45. There are two modes that the Active Directory service can be set to run in. What
mode is the domain in after you install Active Directory and establish a domain?
A. native mode
B. mixed mode
C. primary mode
D. default mode
46. You have just been hired by mcsejobs.net to work as an administrator of the
company's Windows 2000 network. One of the first questions you have upon joining
is whether the domain is in mixed or native mode. Before asking, you decide to open
Active Directory Users and Computers and create a group to determine what mode
the domain is in. What type of group will you be unable to create if the domain is in
mixed mode?
A. Universal Security
B. Universal Distribution
C. Global Security
D. Global Distribution
E. Domain Local Security
![Page 69: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/69.jpg)
Chapter 1:
45. There are two modes that the Active Directory service can be set to run in. What
mode is the domain in after you install Active Directory and establish a domain?
A. native mode
*B. mixed mode C. primary mode
D. default mode
Explanation: Mixed mode is the default mode that all domains are in after the
installation of Active Directory. Mixed mode allows for both Windows 2000 domain
controllers and Windows NT 4.0 domain controllers to exist and participate in the
domain. An Administrator must convert the domain to native mode. Switching to
native mode allows the administrator to take advantage of more features of the
Windows 2000 operating system.
46. You have just been hired by mcsejobs.net to work as an administrator of the
company's Windows 2000 network. One of the first questions you have upon joining
is whether the domain is in mixed or native mode. Before asking, you decide to open
Active Directory Users and Computers and create a group to determine what mode
the domain is in. What type of group will you be unable to create if the domain is in
mixed mode?
*A. Universal Security B. Universal Distribution
C. Global Security
D. Global Distribution
E. Domain Local Security
Explanation: Universal Security groups can only be created when the domain is in
native mode, not is mixed mode. All other types of groups can be created in both
domain modes.
![Page 70: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/70.jpg)
Active Directory 55
47. You are the network administrator of Great Lava Plc., which consists of one domain tree broken into a root domain called greatlava.com and four child domains named Europe, Asia, NA and SA. The root domain has a total of four domain controllers, two of which are running Windows 2000, and the other two are configured as BDC's running Windows NT 4. The administrator of the Europe child domain would like to change his domain to native mode. What would be the correct procedure to change the Europe domain to native mode?
A. Upgrade the two remaining BDC's in the root domain to Windows 2000, and upgrade the root domain. Then upgrade the Europe domain to native mode.
B. Upgrade the Europe domain to native mode.
C. Upgrade the root domain to native mode and prepare the other child domains for the upgrade, then upgrade the Europe domain and all other domains in the tree will be upgraded automatically.
D. Upgrade the two remaining BDC's in the root domain to Windows 2000, and upgrade the root domain. Upgrading the root domain will upgrade all the child domains.
![Page 71: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/71.jpg)
Chapter 1:
47. You are the network administrator of Great Lava Plc., which consists of one domain
tree broken into a root domain called greatlava.com and four child domains named
Europe, Asia, NA and SA. The root domain has a total of four domain controllers,
two of which are running Windows 2000, and the other two are configured as BDC's
running Windows NT 4. The administrator of the Europe child domain would like to
change his domain to native mode. What would be the correct procedure to change
the Europe domain to native mode?
A. Upgrade the two remaining BDC's in the root domain to Windows 2000, and
upgrade the root domain. Then upgrade the Europe domain to native mode.
*B. Upgrade the Europe domain to native mode. C. Upgrade the root domain to native mode and prepare the other child domains for
the upgrade, then upgrade the Europe domain and all other domains in the tree
will be upgraded automatically.
D. Upgrade the two remaining BDC's in the root domain to Windows 2000, and
upgrade the root domain. Upgrading the root domain will upgrade all the child
domains.
Explanation: Domains can be upgraded to native mode individually without concern for
the state of other domains in the tree or forest. Upgrading a domain only upgrades
that one domain and not any others in the tree or forest.
![Page 72: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/72.jpg)
Active Directory 57
48. In implementing your Active Directory structure, you have decided to collapse a number of existing Windows NT 4.0 resource domains into a single Windows 2000 domain and replace them with organizational units. Management has asked you to explain the reasoning behind your decision. In order to do that, you have outlined a number of reasons for using organizational units. Which of the following statements about organizational units are true? (Choose three.)
A. Organizational units can be nested in other organizational units.
B. Objects can be moved between organizational units within a domain.
C. Objects can be moved between organizational units within a forest.
D. Organizational units can be used instead of groups to assign permissions.
E. Organizational units can contain printers, users, groups, and computers.
![Page 73: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/73.jpg)
Chapter 1:
48. In implementing your Active Directory structure, you have decided to collapse a
number of existing Windows NT 4.0 resource domains into a single Windows 2000
domain and replace them with organizational units. Management has asked you to
explain the reasoning behind your decision. In order to do that, you have outlined a
number of reasons for using organizational units. Which of the following statements
about organizational units are true? (Choose three.)
*A. Organizational units can be nested in other organizational units.
*B. Objects can be moved between organizational units within a domain. C. Objects can be moved between organizational units within a forest.
D. Organizational units can be used instead of groups to assign permissions.
*E. Organizational units can contain printers, users, groups, and computers. Explanation: Organizational units can be nested in other organizational units, and
objects within one OU can be moved to another OU within the same domain but not
between domains. Organizational units can not be used instead of groups and
assigned permissions. An OU is a logical grouping of objects that can be delegated
control of for task based administration but can not be used as a replacement to
security groups. Printers, users, groups and computers can be placed in an OU.
![Page 74: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/74.jpg)
Active Directory 59
49. As one of the network administrators in your organization, you sit on the design
committee and are trying to decide on reasons to or not to use multiple domains. Of
the reasons below, which of the following is not a valid reason for creating multiple
domains?
A. Politics
B. Different security requirements
C. Large number of objects
D. Better control of replication
E. Decentralized administration
50. As one of the network administrators in your Windows 2000 domain you are
explaining the concept of transitive trusts to a colleague. Which of the following
statements best represents the concept of a transitive trust?
A. If domain A trusts domain B and domain B trusts domain C then domain A trusts
domain C.
B. If domain A trusts domain C and domain B trusts domain C then domain A and
domain B trust domain C.
C. If domain A trusts domain B and domain B trusts domain A then domain A is trusted
by domain B.
D. If domain A trusts domain B and domain B trusts domain C then domain C trusts
domain B.
![Page 75: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/75.jpg)
Chapter 1:
49. As one of the network administrators in your organization, you sit on the design
committee and are trying to decide on reasons to or not to use multiple domains. Of
the reasons below, which of the following is not a valid reason for creating multiple
domains?
A. Politics
B. Different security requirements
*C. Large number of objects D. Better control of replication
E. Decentralized administration
Explanation: Politics, different security requirements like password policy, control, or
replication, and decentralized administration are all valid reasons for choosing a
multiple model. Having a large number of objects is not a valid reason. The
scalability of a domain is not limited to the domain but to the forest. It is the global
catalog that is forest-wide and must be able to store all the objects of the forest.
Domain controllers store all the objects and their respective attributes within their
domain. Global catalog servers store all the objects from all domains in the forest but
only selected properties of objects not within the domain the global catalog is a
member of. Global catalog servers are also domain controllers, so they are also
responsible for storing all the objects and object attributes of the objects within their
own domain.
50. As one of the network administrators in your Windows 2000 domain you are
explaining the concept of transitive trusts to a colleague. Which of the following
statements best represents the concept of a transitive trust?
*A. If domain A trusts domain B and domain B trusts domain C then domain A
trusts domain C. B. If domain A trusts domain C and domain B trusts domain C then domain A and
domain B trust domain C.
C. If domain A trusts domain B and domain B trusts domain A then domain A is
trusted by domain B.
D. If domain A trusts domain B and domain B trusts domain C then domain C trusts
domain B.
Explanation: Transitive trusts mean that if one domain trusts a second domain and that
second domain trusts a third domain, then the first domain also trusts the third
domain due to the trusts.
![Page 76: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/76.jpg)
Active Directory 61
51. You are the network administrator for your organization. Your Windows 2000
domain consists of a forest of two trees. The root of the forest is called gotcha.com
and has two child domains called east and west. The second tree's root is called
voodoo.com and also has two child domains named east and west. As the
administrator of east.voodoo.com you would like to make changes to the schema. In
which domain would you need to be added to the Schema Admins group?
A. East.voodoo.com
B. Voodoo.com
C. Gotcha.com
D. Voodoo.com and East.voodoo.com
52. As the administrator of your organization's Windows 2000 domain, you are interested
in measuring the size of the Active Directory database. What is the name of the
Active Directory database file and where is it stored?
A. %windir%\system32\ntds.dit
B. %windir%\ntds\ntds.dit
C. %windir%\system32\edb.chk
D. %windir%\ntds\edb.chk
E. %windir%\security\database\secedit.sdb
![Page 77: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/77.jpg)
Chapter 1:
51. You are the network administrator for your organization. Your Windows 2000
domain consists of a forest of two trees. The root of the forest is called gotcha.com
and has two child domains called east and west. The second tree's root is called
voodoo.com and also has two child domains named east and west. As the
administrator of east.voodoo.com you would like to make changes to the schema. In
which domain would you need to be added to the Schema Admins group?
A. East.voodoo.com
B. Voodoo.com
*C. Gotcha.com D. Voodoo.com and East.voodoo.com
Explanation: The Schema Admins group only exists in the root domain of the forest,
which in this case is gotcha.com. Therefore that is the domain in which you will have
to be added to the Schema Admins group.
52. As the administrator of your organization's Windows 2000 domain, you are interested
in measuring the size of the Active Directory database. What is the name of the
Active Directory database file and where is it stored?
A. %windir%\system32\ntds.dit
*B. %windir%\ntds\ntds.dit C. %windir%\system32\edb.chk
D. %windir%\ntds\edb.chk
E. %windir%\security\database\secedit.sdb
Explanation: The correct path to the Active Directory database is %windir%\ntds\ and
the name of the file is ntds.dit. There is a second ntds.dit file in the system32
directory but that file is the original that gets copied when Active Directory is
installed and moved to its new located in the ntds directory on the domain controller.
The edb.chk files are the checkpoint files that track the transactions that have or have
not been committed to the database.
![Page 78: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/78.jpg)
Active Directory 63
53. As one of the network administrators in your organization, you sit on the design
committee and are trying to decide on reasons to or not to use multiple sites. Of the
reasons below, what are two valid reasons to use multiple sites?
A. To optimize replication traffic
B. To optimize authentication traffic
C. To allow for faster searches of the Active Directory
D. To optimize administration
E. To optimize operations masters
54. You are one of the administrators responsible for making schema changes in your
organization. You launch the MMC from the Run command and try to add the
Schema management snap-in, but it's not in the list of available snap-ins. What can
you do to get the schema management snap-in to appear in the list?
A. At the Run command type regsvr32 schmmgmt.dll
B. At the Run command type regedt32
C. At the Run command type runas /user:america\administrator "mmc
%windir%\system32\schmgmt.msc"
D. At the Run command type runas /user:mcsejobs.net\administrator "mmc
%windir%\system32\schmgmt.msc"
![Page 79: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/79.jpg)
Chapter 1:
53. As one of the network administrators in your organization, you sit on the design
committee and are trying to decide on reasons to or not to use multiple sites. Of the
reasons below, what are two valid reasons to use multiple sites?
*A. To optimize replication traffic
*B. To optimize authentication traffic C. To allow for faster searches of the Active Directory
D. To optimize administration
E. To optimize operations masters
Explanation: Sites are used for two primary reasons; to optimize replication and
authentication traffic. By creating sites, as an administrator you can govern when the
connections between sites are used for replication and you can force your users to try
to authenticate to a domain controller within their own site before using a costly
connection to authenticate to a distant domain controller.
54. You are one of the administrators responsible for making schema changes in your
organization. You launch the MMC from the Run command and try to add the
Schema management snap-in, but it's not in the list of available snap-ins. What can
you do to get the schema management snap-in to appear in the list?
*A. At the Run command type regsvr32 schmmgmt.dll B. At the Run command type regedt32
C. At the Run command type runas /user:america\administrator "mmc
%windir%\system32\schmgmt.msc"
D. At the Run command type runas /user:mcsejobs.net\administrator "mmc
%windir%\system32\schmgmt.msc"
Explanation: The Schema Management snap-in is not available in the list of available
add-ins until the adminpak.msi, which contains all the administrative tools, is
installed or the schema management .dll is registered. Using the runas command will
not register the schema management .dll by itself. Running the regedt32 utility will
not register the .dll.
![Page 80: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/80.jpg)
Active Directory 65
55. You are the administrator of the Canada OU in the America domain of your
organization's Windows 2000 Active Directory network. You have created a number
of user accounts in the OU under the following naming convention: the first initial of
the user's first name and the first 6 characters of the last name. You are now
interested in creating computer accounts in the same OU for the Windows 2000
Professional computers. Of the following naming conventions, which one will not
work in the Canada OU?
A. First initial of the computer user's first name, and first 6 characters of the last name
B. First initial of the computer user's last name, and first 6 characters of the first name
C. First initial of the computer user's first name, and first 6 characters of the last name
followed by and number 1
D. First initial of the computer user's last name, and first 6 characters of the first name
followed by the users department id
56. As the administrator of your Windows 2000 network, you are trying to decide upon a
group strategy that will minimize replication between global catalog servers in your
Active Directory multiple domain structure. Which of the following strategies will
minimize the replication between global catalog servers?
A. Place users into global groups and add global groups to universal groups.
B. Place users into both global groups and universal groups.
C. Place users into universal groups and add universal groups to global groups.
D. Place users into universal groups and add universal groups to domain local groups.
![Page 81: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/81.jpg)
Chapter 1:
55. You are the administrator of the Canada OU in the America domain of your
organization's Windows 2000 Active Directory network. You have created a number
of user accounts in the OU under the following naming convention: the first initial of
the user's first name and the first 6 characters of the last name. You are now
interested in creating computer accounts in the same OU for the Windows 2000
Professional computers. Of the following naming conventions, which one will not
work in the Canada OU?
*A. First initial of the computer user's first name, and first 6 characters of the last
name B. First initial of the computer user's last name, and first 6 characters of the first
name
C. First initial of the computer user's first name, and first 6 characters of the last
name followed by and number 1
D. First initial of the computer user's last name, and first 6 characters of the first
name followed by the users department id
Explanation: The naming convention used for computers can not be the same as the user
account naming convention because of the requirements of distinguished names.
Distinguished names must be unique in the Active Directory. The naming
conventions could be the same if used in different organizational units but not in the
same organizational unit.
56. As the administrator of your Windows 2000 network, you are trying to decide upon a
group strategy that will minimize replication between global catalog servers in your
Active Directory multiple domain structure. Which of the following strategies will
minimize the replication between global catalog servers?
*A. Place users into global groups and add global groups to universal groups. B. Place users into both global groups and universal groups.
C. Place users into universal groups and add universal groups to global groups.
D. Place users into universal groups and add universal groups to domain local
groups.
Explanation: Placing users into global groups and global groups into universal groups
will minimize the replication between global catalog servers. If a universal group's
membership is made up of individual user accounts, replication will occur whenever
the universal groups membership changes. By adding global groups to universal
groups, the membership of a global group can change without affecting the
membership of the universal group.
![Page 82: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/82.jpg)
Active Directory 67
57. Your manager has been attending a number of Microsoft Windows 2000 briefings
and hearing about the idea of delegating administration and how with Windows 2000
it is possible to collapse your multiple domain structures into fewer domains. What
component of the logical structure allows you as the administrator to do all this?
A. The creation of organizational units
B. The creation of group policy
C. The creation of sites
D. The creation of universal groups
58. Your organization's Windows 2000 network consists of one root domain named
planet.com and two child domains named east and west. You currently have one
global catalog server in the planet.com domain and would like to configure a second
in the east.planet.com domain. Which criteria do you have to meet in order to
configure a global catalog server?
A. Must be a member of the Enterprise Administrators group
B. Must be a member of the Domain Administrators group
C. Must be a member of the Schema Administrators group
D. Must be a member of the planet.com domain administrators group
![Page 83: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/83.jpg)
Chapter 1:
57. Your manager has been attending a number of Microsoft Windows 2000 briefings
and hearing about the idea of delegating administration and how with Windows 2000
it is possible to collapse your multiple domain structures into fewer domains. What
component of the logical structure allows you as the administrator to do all this?
*A. The creation of organizational units B. The creation of group policy
C. The creation of sites
D. The creation of universal groups
Explanation: Organizational units allow for administration to be delegated in whole or in
part to a user or a group of users for a specific organizational unit. Task-based
delegation would include such things as the ability to change passwords. The
creation of group policies does not allow for administration to be delegated, but
rather a set of rules to be applied at various levels in the logical structure. The
creation of sites is useful for the administration of replication and authentication
traffic.
58. Your organization's Windows 2000 network consists of one root domain named
planet.com and two child domains named east and west. You currently have one
global catalog server in the planet.com domain and would like to configure a second
in the east.planet.com domain. Which criteria do you have to meet in order to
configure a global catalog server?
A. Must be a member of the Enterprise Administrators group
*B. Must be a member of the Domain Administrators group C. Must be a member of the Schema Administrators group
D. Must be a member of the planet.com domain administrators group
Explanation: In order to configure a domain controller to be a global catalog server you
must be a member of the domain administrators group.
![Page 84: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/84.jpg)
Active Directory 69
59. Your organization's Windows 2000 network consists of one root domain named
planet.com and two child domains named east and west. You currently have one
global catalog server in the planet.com domain and would like to configure a second
in the east.planet.com domain. Which utility can be used to configure a domain
controller to be a global catalog server?
A. Active Directory Users and Computers
B. Active Directory Sites and Services
C. Dcpromo /gc
D. Schema Management
E. Security Templates
60. Your manager has been attending a number of Microsoft Windows 2000 briefings
and hearing about the idea of global catalog servers. He is not sure what these
servers are used for. He suggests a number of features of a global catalog server
below. Which of the following are global catalog features? (Choose three.)
A. Allow for easier searching of objects.
B. Can use universal group membership information to log on to the network.
C. Allow a domain to be switched to Native mode.
D. Allow for more than one million objects to be stored in the Active Directory.
E. Contains the access permissions for each object and attribute in the forest.
![Page 85: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/85.jpg)
Chapter 1:
59. Your organization's Windows 2000 network consists of one root domain named
planet.com and two child domains named east and west. You currently have one
global catalog server in the planet.com domain and would like to configure a second
in the east.planet.com domain. Which utility can be used to configure a domain
controller to be a global catalog server?
A. Active Directory Users and Computers
*B. Active Directory Sites and Services C. Dcpromo /gc
D. Schema Management
E. Security Templates
Explanation: Active Directory Sites and Services. When you get into this utility, you
expand the Servers folder, then you expand the NTDS settings of the particular
server. You then right-click on NTDS Settings and click on properties. There you
will see the check box labeled "Global Catalog" that you would check.
60. Your manager has been attending a number of Microsoft Windows 2000 briefings
and hearing about the idea of global catalog servers. He is not sure what these
servers are used for. He suggests a number of features of a global catalog server
below. Which of the following are global catalog features? (Choose three.)
*A. Allow for easier searching of objects.
*B. Can use universal group membership information to log on to the network. C. Allow a domain to be switched to Native mode.
D. Allow for more than one million objects to be stored in the Active Directory.
*E. Contains the access permissions for each object and attribute in the forest. Explanation: Global catalog servers store all of the objects in your forest and act as a
central repository that can be easily searched by your users. The global catalog can
also be used to allow users to log on via universal group memberships. A global
catalog also contains the access permissions for each object and attribute meaning
that only users with the permission to view the object they are searching for will see
that object in the result set. A global catalog doesn't have anything to do with the
number of objects that can be stored in the Active Directory and doesn't specifically
prevent or allow switching between domain modes.
![Page 86: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/86.jpg)
Active Directory 71
61. As the administrator of your company's single domain model you are interested in
dividing the Operations Master roles amongst the four domain controllers in your
domain. What is the recommended method to do this?
A. Use NTDSUTIL to seize the roles from one domain controller to another.
B. Use Active Directory Sites and Services to transfer the roles from one domain
controller to another.
C. Use Active Directory Users and Computers to transfer the roles from one domain
controller to another.
D. Use NTDSUTIL to transfer the roles from one domain controller to another.
62. You and another administrator are adding users to your organization's single domain
on two different domain controllers. A third administrator changes a password of a
domain user account. During the next replication cycle, how will the password
change replicate between domain controllers?
A. The entire user object and all properties will be replicated between domain controllers.
B. The entire object and all properties will be replicated to the domain controller's
replication partners.
C. The object's password property will be replicated between domain controllers.
D. The object's password property will be replicated to the domain controller's replication
partners.
![Page 87: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/87.jpg)
Chapter 1:
61. As the administrator of your company's single domain model you are interested in
dividing the Operations Master roles amongst the four domain controllers in your
domain. What is the recommended method to do this?
A. Use NTDSUTIL to seize the roles from one domain controller to another.
B. Use Active Directory Sites and Services to transfer the roles from one domain
controller to another.
*C. Use Active Directory Users and Computers to transfer the roles from one
domain controller to another. D. Use NTDSUTIL to transfer the roles from one domain controller to another.
Explanation: Active Directory Users and Computers should be used to transfer the roles
amongst the domain controllers. Seizing the roles is only recommended when the
domain controller that has the role has crashed and is unrecoverable. NTDSUTIL is
the utility used to seize but not transfer the operations master roles.
62. You and another administrator are adding users to your organization's single domain
on two different domain controllers. A third administrator changes a password of a
domain user account. During the next replication cycle, how will the password
change replicate between domain controllers?
A. The entire user object and all properties will be replicated between domain
controllers.
B. The entire object and all properties will be replicated to the domain controller's
replication partners.
C. The object's password property will be replicated between domain controllers.
*D. The object's password property will be replicated to the domain controller's
replication partners. Explanation: Replication occurs at the attribute level in Windows 2000, so only the
password change itself would be replicated, not all the properties of the object. The
attribute will be replicated to the domain controller's replication partners, not all
domain controllers.
![Page 88: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/88.jpg)
Active Directory 73
63. As the administrator of your company's Windows 2000 domain you are required to
import all of the users and groups from another LDAP compliant directory. What
tool will you use to do this?
A. LDIFDE
B. Active Directory Users and Computers
C. CSVDE
D. NTDSUTIL
64. You are the administrator of your organization's newly migrated Windows 2000
network. The network currently consists of both Windows NT domain controllers
and Windows 2000 domain controllers. Your users and groups have been
successfully migrated to the Users container. During the migration, you decided that
some reengineering of your organization's existing groups was in order to take
advantage of some of the new features of Windows 2000. As you begin to make
some changes to the groups, you find that you are unable to nest global groups
within other global groups. What is preventing you from doing this?
A. You must be a member of the enterprise administrators group to nest groups.
B. Nesting of groups is a special right that must be assigned to a user to allow them to
perform that task.
C. The domain must be in native mode to nest groups.
D. Group nesting must be performed at the global catalog server, not just any domain
controller.
![Page 89: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/89.jpg)
Chapter 1:
63. As the administrator of your company's Windows 2000 domain you are required to
import all of the users and groups from another LDAP compliant directory. What
tool will you use to do this?
*A. LDIFDE B. Active Directory Users and Computers
C. CSVDE
D. NTDSUTIL
Explanation: LDIFDE is a command line utility that can be used to import and export
directory information. Active Directory Users and Computers and NTDSUTIL both
cannot be used to importing from another LDAP compliant directory. CSVDE is
used to import or export data from comma-separated value (csv) formatted files like
those used in Excel.
64. You are the administrator of your organization's newly migrated Windows 2000
network. The network currently consists of both Windows NT domain controllers
and Windows 2000 domain controllers. Your users and groups have been
successfully migrated to the Users container. During the migration, you decided that
some reengineering of your organization's existing groups was in order to take
advantage of some of the new features of Windows 2000. As you begin to make
some changes to the groups, you find that you are unable to nest global groups
within other global groups. What is preventing you from doing this?
A. You must be a member of the enterprise administrators group to nest groups.
B. Nesting of groups is a special right that must be assigned to a user to allow them
to perform that task.
*C. The domain must be in native mode to nest groups. D. Group nesting must be performed at the global catalog server, not just any
domain controller.
Explanation: In order to nest groups, the domain must be in native mode, not mixed
mode. You do not have to be a member of the enterprise administrators group and
there is no special right to nest groups that would allow for nesting in native mode.
The nesting of groups can be performed on any domain controller or even remotely
with the administrative tools installed on a Windows 2000 professional computer.
![Page 90: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/90.jpg)
Active Directory 75
65. You are one of five administrators in your organization and are part of the Windows
2000 system administration team. You originally migrated your five Windows NT 4
domains to Windows 2000 domains but have now collapsed all five into one
Windows 2000 domain. When you removed the four existing domains you did not
choose the option that specified that this domain controller was the last domain
controller in the domain, hence the domains did not get deleted. How can you delete
the domains?
A. Use Active Directory Domains and Trusts to remove the domains
B. Use eseutil to remove the domains
C. Use ntdsutil to remove the domains
D. Use Active Directory Users and Computers to remove the domains
66. You are the senior Windows 2000 system administrator in your organization and are
guiding a junior administrator through the process of installing a domain controller
in an existing Windows 2000 domain. What two choices will you inform the junior
administrator are available?
A. During the installation of Windows 2000 Server, choose the role of the computer to be
a domain controller.
B. After the installation of Active Directory, at the Run command, have the junior
administrator type dcpromo and answer the prompts in the Wizard.
C. After the installation of Active Directory, from the Administrative Tools menu, select
to Configure the Computer, choose the Active Directory hyperlink, select to install
and answer the prompts in the Wizard.
D. From the Command Prompt, type dcpromote and answer the prompts in the Wizard.
![Page 91: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/91.jpg)
Chapter 1:
65. You are one of five administrators in your organization and are part of the Windows
2000 system administration team. You originally migrated your five Windows NT 4
domains to Windows 2000 domains but have now collapsed all five into one
Windows 2000 domain. When you removed the four existing domains you did not
choose the option that specified that this domain controller was the last domain
controller in the domain, hence the domains did not get deleted. How can you delete
the domains?
A. Use Active Directory Domains and Trusts to remove the domains
B. Use eseutil to remove the domains
*C. Use ntdsutil to remove the domains D. Use Active Directory Users and Computers to remove the domains
Explanation: ntdsutil is a command line utility that can be used to add and remove
domains. Domains cannot be removed with Active Directory Domains and Trusts or
Active Directory Users and Computers. Eseutil is a command line utility that can be
used to repair, check, move, compact, and dump the directory database files and is
often called by ntdsutil to perform these various operations.
66. You are the senior Windows 2000 system administrator in your organization and are
guiding a junior administrator through the process of installing a domain controller
in an existing Windows 2000 domain. What two choices will you inform the junior
administrator are available?
A. During the installation of Windows 2000 Server, choose the role of the computer
to be a domain controller.
*B. After the installation of Active Directory, at the Run command, have the junior
administrator type dcpromo and answer the prompts in the Wizard.
*C. After the installation of Active Directory, from the Administrative Tools menu,
select to Configure the Computer, choose the Active Directory hyperlink, select
to install and answer the prompts in the Wizard. D. From the Command Prompt, type dcpromote and answer the prompts in the
Wizard.
Explanation: The dcpromo command and the Configure Your Server selection on the
Administrative Tools menu are the two ways in which you can promote a Windows
2000 member server to be a Windows 2000 Active Directory domain controller.
Unlike NT 4.0, there is no longer a choice during the installation of the operating
system to choose a role for the server.
![Page 92: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/92.jpg)
Active Directory 77
67. You are the senior Windows 2000 system administrator in your organization and are
about to demote one of your original Windows 2000 domain controllers to a
Windows 2000 member server. What is the correct procedure to do this?
A. Log on to the domain as a user that is a member of the Enterprise Admins group. At
the Run Command type dcpromo and answer the prompts from the wizard.
B. Log on to the domain as a user that is a member of the Schema Admins group. At the
Run Command type dcpromo and answer the prompts from the wizard.
C. Log on to the domain as a user that is a member of the Domain Admins group. At the
Run Command type dcpromo and answer the prompts from the wizard.
D. Log on to the computer as local Administrator. At the Run Command type dcpromo
and answer the prompts from the wizard.
E. Reinstall the operating system and choose the Domain Controller role during setup.
![Page 93: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/93.jpg)
Chapter 1:
67. You are the senior Windows 2000 system administrator in your organization and are
about to demote one of your original Windows 2000 domain controllers to a
Windows 2000 member server. What is the correct procedure to do this?
*A. Log on to the domain as a user that is a member of the Enterprise Admins
group. At the Run Command type dcpromo and answer the prompts from the
wizard. B. Log on to the domain as a user that is a member of the Schema Admins group. At
the Run Command type dcpromo and answer the prompts from the wizard.
C. Log on to the domain as a user that is a member of the Domain Admins group. At
the Run Command type dcpromo and answer the prompts from the wizard.
D. Log on to the computer as local Administrator. At the Run Command type
dcpromo and answer the prompts from the wizard.
E. Reinstall the operating system and choose the Domain Controller role during
setup.
Explanation: In order to demote a Windows 2000 domain controller to a member server,
you must be logged on as a user that is a member of the Enterprise Admins group.
The Enterprise Admins group only exists in the root domain of the Forest. Logging
on locally to a domain controller is not possible except as a member of the Domain
Administrators group and even in this case, the option would not be available from
the logon dialog box. Reinstalling the operating system is no longer required as it
was in NT 4.0 to change a domain controller to a member server or vice versa.
![Page 94: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/94.jpg)
Active Directory 79
68. As the senior Windows 2000 administrator in your organization, you are responsible
for the planning and implementation of the Active Directory site, domain and
organizational unit structures. In your design, you have created a root domain named
mcsejobs.net and two child domains, America and Europe. You have also create a
second tree named techiejobs.com with two child domains, America and Europe.
Your organization has just gone through a leveraged buyout and the name of the
company is going to be changing to mcsejobs.com. How can you rename the root
domain?
A. Install a new domain controller in the new root domain named mcsejobs.com and then
reinstall all the other domain controllers in both the root and child domains and the
second tree.
B. Rename the exiting root domain controller first to the new root domain named
mcsejobs.com. Then rename all of the other domain controllers in the root domain
followed by all the domain controllers in the child domains and the second tree.
C. Create a new DNS zone for the new Active Directory root named mcsejobs.com. Next,
rename the exiting root domain controller to the new root domain named
mcsejobs.com. Then rename all of the other domain controllers in the root domain
followed by all the domain controllers in the child domains and the second tree.
D. Create a new DNS zone for the new Active Directory root named mcsejobs.com. Then
demote the domain controller acting as the global catalog server in the root domain
and re-promote it to the new root domain.
![Page 95: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/95.jpg)
Chapter 1:
68. As the senior Windows 2000 administrator in your organization, you are responsible
for the planning and implementation of the Active Directory site, domain and
organizational unit structures. In your design, you have created a root domain named
mcsejobs.net and two child domains, America and Europe. You have also create a
second tree named techiejobs.com with two child domains, America and Europe.
Your organization has just gone through a leveraged buyout and the name of the
company is going to be changing to mcsejobs.com. How can you rename the root
domain?
*A. Install a new domain controller in the new root domain named mcsejobs.com
and then reinstall all the other domain controllers in both the root and child
domains and the second tree. B. Rename the exiting root domain controller first to the new root domain named
mcsejobs.com. Then rename all of the other domain controllers in the root
domain followed by all the domain controllers in the child domains and the
second tree.
C. Create a new DNS zone for the new Active Directory root named mcsejobs.com.
Next, rename the exiting root domain controller to the new root domain named
mcsejobs.com. Then rename all of the other domain controllers in the root
domain followed by all the domain controllers in the child domains and the
second tree.
D. Create a new DNS zone for the new Active Directory root named mcsejobs.com.
Then demote the domain controller acting as the global catalog server in the root
domain and re-promote it to the new root domain.
Explanation: If the root domain controller needs to be renamed, your entire Active
directory structure must be recreated. There is no way at this time to rename the root
domain controller without reinstalling all domain controllers in your forest.
![Page 96: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/96.jpg)
Active Directory 81
69. You are installing Active Directory on your first domain controller in your
organization. The computer has five physical disks and you want to optimize the
performance of the Active Directory. What is the best choice you can make during
installation to optimize performance?
A. Install the Active Directory database on a separate physical disk than the Winnt folder.
B. Install the Active Directory database on a separate physical disk than the database log
files.
C. Install the Active Directory database on a separate physical disk than the Sysvol
folder.
D. Install the Sysvol folder on a separate physical disk than Winnt folder.
70. As the Windows 2000 system administrator for your organization, you are going over
your Active Directory installation checklist before you begin your installation.
Which of the following should be on your checklist for Active Directory to install
correctly? (Choose three.)
A. A partition or volume formatted with the NTFS file system is required for the Sysvol
folder.
B. A partition or volume formatted with the NTFS file system is required for the Winnt
folder.
C. The username and password of an account that is a member of the Enterprise Admins
group.
D. The username and password of an account that is a member of the Domain Admins
group.
E. The DNS service is installed on the computer to be promoted to a domain controller.
![Page 97: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/97.jpg)
Chapter 1:
69. You are installing Active Directory on your first domain controller in your
organization. The computer has five physical disks and you want to optimize the
performance of the Active Directory. What is the best choice you can make during
installation to optimize performance?
A. Install the Active Directory database on a separate physical disk than the Winnt
folder.
*B. Install the Active Directory database on a separate physical disk than the
database log files. C. Install the Active Directory database on a separate physical disk than the Sysvol
folder.
D. Install the Sysvol folder on a separate physical disk than Winnt folder.
Explanation: Installing the Active Directory database on a separate physical disk than
the database log files will improve the performance of the domain controller.
70. As the Windows 2000 system administrator for your organization, you are going
over your Active Directory installation checklist before you begin your
installation. Which of the following should be on your checklist for Active
Directory to install correctly? (Choose three.)
*A. A partition or volume formatted with the NTFS file system is required for the
Sysvol folder. B. A partition or volume formatted with the NTFS file system is required for the
Winnt folder.
*C. The username and password of an account that is a member of the Enterprise
Admins group.
*D. The username and password of an account that is a member of the Domain
Admins group. E. The DNS service is installed on the computer to be promoted to a domain
controller.
Explanation: Before you install Active Directory, you should confirm that you have
access to a username and password of an account that is a member of either the
Enterprise Admins or Domain Admins group and that there is an NTFS partition or
volume that the Sysvol folder can be created on. It is recommended that the Winnt
folder be placed on an NTFS partition but not required. A DNS server that supports
SRV records must be available in the domain but does not have to be on the
computer configured as a domain controller.
![Page 98: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/98.jpg)
Active Directory 83
71. As the Windows 2000 system administrator for your organization, you are planning
your Active Directory installation and want to ensure fault tolerance. How can you
create a fault tolerant environment?
A. Add a second domain controller to the domain.
B. Add a second domain controller in a child domain and configure that it as a global
catalog server.
C. Configure an existing domain controller in a child domain as a global catalog server.
D. Configure Windows load balancing.
72. You have just installed a computer named Tordc1 and configured it as the first
domain controller in the mcsejobs.net domain. You want to confirm that the Active
Directory installation was successful. Where would you look for the server object
that is created when a server is promoted to a domain controller?
A. Look in the Domain Controllers organizational unit in the Mcsejobs.net domain with
Active Directory Users and Computers.
B. Look in the Server container under the Default-First-Site-Name site with Active
Directory Sites and Services.
C. Look in the Computers container in the Mcsejobs.net domain with Active Directory
Users and Computers.
D. Look in the NTDS Settings object in the Default-First-Site-Name site with Active
Directory Sites and Services.
![Page 99: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/99.jpg)
Chapter 1:
71. As the Windows 2000 system administrator for your organization, you are planning
your Active Directory installation and want to ensure fault tolerance. How can you
create a fault tolerant environment?
*A. Add a second domain controller to the domain. B. Add a second domain controller in a child domain and configure that it as a
global catalog server.
C. Configure an existing domain controller in a child domain as a global catalog
server.
D. Configure Windows load balancing.
Explanation: Adding a second domain controller to the domain will create a fault-
tolerant environment. Adding a second domain controller in a child domain and
configuring it as a global catalog server will not create a fault tolerant environment.
As a global catalog server, all forest objects will be replicated but not all attributes of
the objects of the parent domain. Configuring Windows load balancing will not work
with the basic Server operating system, only Windows 2000 Advanced Server.
72. You have just installed a computer named Tordc1 and configured it as the first
domain controller in the mcsejobs.net domain. You want to confirm that the Active
Directory installation was successful. Where would you look for the server object
that is created when a server is promoted to a domain controller?
*A. Look in the Domain Controllers organizational unit in the Mcsejobs.net domain
with Active Directory Users and Computers.
*B. Look in the Server container under the Default-First-Site-Name site with Active
Directory Sites and Services. C. Look in the Computers container in the Mcsejobs.net domain with Active
Directory Users and Computers.
D. Look in the NTDS Settings object in the Default-First-Site-Name site with
Active Directory Sites and Services.
Explanation: A server object is created for each domain controller in the Default-First-
Site-Name site container. You can confirm this with the Active Directory Sites and
Services snap-in.
![Page 100: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/100.jpg)
Active Directory 85
73. You are attempting to add a domain controller to an existing Windows 2000 Active
Directory domain and are prompted during the promotion for a user's credentials
with sufficient permissions. What is the correct combination or combinations of user
credentials to choose?
A. Username, password, domain name
B. User Principle Name, password, domain name
C. Username, password, Fully Qualified Domain Name
D. User Principle Name, password, Fully Qualified Domain Name
74. As the administrator of your company's Windows 2000 domain, you have noticed
some differences in how a domain controller gets added to a site. The first domain
controller you installed was placed in one site, but the second domain controller you
installed had a server object created in a second site. Which of the following
explanations most accurately describe the reasoning behind this? (Choose two.)
A. The first domain controller created in a new Active Directory domain is added to the
Default-First-Name-Site.
B. Additional domain controllers are added to sites based on the domain controller's IP
address.
C. The first domain controller created in a new Active Directory domain is added to the
site that the administrator specifies during the domain controller's installation.
D. Additional domain controllers are added to sites based on the domain controller's host
name.
![Page 101: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/101.jpg)
Chapter 1:
73. You are attempting to add a domain controller to an existing Windows 2000 Active
Directory domain and are prompted during the promotion for a user's credentials
with sufficient permissions. What is the correct combination or combinations of user
credentials to choose?
*A. Username, password, domain name B. User Principle Name, password, domain name
C. Username, password, Fully Qualified Domain Name
D. User Principle Name, password, Fully Qualified Domain Name
Explanation: The correct information to specify is a username, password and domain
name. A User Principle Name is not accepted as valid credentials. Only the domain
for which the username you are specifying is required, not the fully qualified domain
name.
74. As the administrator of your company's Windows 2000 domain, you have noticed
some differences in how a domain controller gets added to a site. The first domain
controller you installed was placed in one site, but the second domain controller you
installed had a server object created in a second site. Which of the following
explanations most accurately describe the reasoning behind this? (Choose two.)
*A. The first domain controller created in a new Active Directory domain is added
to the Default-First-Name-Site.
*B. Additional domain controllers are added to sites based on the domain
controller's IP address. C. The first domain controller created in a new Active Directory domain is added to
the site that the administrator specifies during the domain controller's
installation.
D. Additional domain controllers are added to sites based on the domain controller's
host name.
Explanation: The first domain controller created in a new Active Directory domain is
added to the Default-First-Name-Site, which is the default site created during the
installation of Active Directory. Additional domain controllers are added to sites
based on their IP address. A site consists of one or more IP subnets connected by a
high-speed connection. When a site is created, subnets should be associated with that
site for site membership to be determined. If a site with a subnet object is found
during the installation of Active Directory and the domain controller's IP address is
within that subnet then the server object is created in the associated site.
![Page 102: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/102.jpg)
Active Directory 87
75. After the promotion of a member server to a domain controller, you want to confirm
that the three directory partitions have been created successfully on the new domain
controller. You use ADSIEdit to look for what three partitions? (Choose three.)
A. The domain directory partition
B. The configuration directory partition
C. The Schema directory partition
D. The Site directory partition
E. The Forest directory partition
76. The first domain controller in the root domain is required to have its system time
synchronized with an external time source. What command would you schedule to
run daily to perform this synchronization?
A. net time /setsntp://server.domain.domain
B. net time /set /sntp:\\server.domain.domain
C. net time /sntpset:\\server.domain.domain
D. net time /sntp /set://server.domain.domain
![Page 103: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/103.jpg)
Chapter 1:
75. After the promotion of a member server to a domain controller, you want to confirm
that the three directory partitions have been created successfully on the new domain
controller. You use ADSIEdit to look for what three partitions? (Choose three.)
*A. The domain directory partition
*B. The configuration directory partition
*C. The Schema directory partition D. The Site directory partition
E. The Forest directory partition
Explanation: The domain, configuration, and schema directory partitions are the three
partitions that get created on a domain controller. The domain directory partition
contains the domain objects and their attributes for a single domain. The
configuration directory partition contains information about the sites, services, and
domains within the forest. The schema directory partition contains class and attribute
definitions for all existing and possible Active Directory objects.
76. The first domain controller in the root domain is required to have its system time
synchronized with an external time source. What command would you schedule to
run daily to perform this synchronization?
*A. net time /setsntp://server.domain.domain B. net time /set /sntp:\\server.domain.domain
C. net time /sntpset:\\server.domain.domain
D. net time /sntp /set://server.domain.domain
Explanation: The correct command for the time synchronization service is net time
/setsntp://server.domain.domain.
![Page 104: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/104.jpg)
Active Directory 89
77. You are one of the administrators on the Web Team at a large Internet Service
Provider. The ISP is evaluating whether to install Windows 2000 Server or
Advanced Server as a Web hosting platform to support the use of FrontPage Server
Extensions for their clients. In the evaluation process, you have been asked to design
an Active Directory logical structure that best represents the needs of the ISP. The
ISP's customers are broken into two groups; residential and commercial. From an
administrative standpoint there is no difference but from a marketing standpoint,
different levels of service are available to the two groups. How would you design
your Active Directory logical structure?
A. Create a single domain and within that domain create a single organizational unit
within the Users container called customers.
B. Create an empty root domain and two child domains. Name the child domains
residential and commercial.
C. Create an empty root domain and a single child domain with two organizational units
called residential and commercial.
D. Create a single domain and within that domain an organizational unit named
customers. Within the customers organizational unit create two other organizational
units named residential and commercial.
78. Which of the following single master operations roles are forest-wide?
A. RID Master
B. Schema Master
C. PDC Emulator
D. Domain Naming Master
E. Backup Domain Controller
![Page 105: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/105.jpg)
Chapter 1:
77. You are one of the administrators on the Web Team at a large Internet Service
Provider. The ISP is evaluating whether to install Windows 2000 Server or
Advanced Server as a Web hosting platform to support the use of FrontPage Server
Extensions for their clients. In the evaluation process, you have been asked to design
an Active Directory logical structure that best represents the needs of the ISP. The
ISP's customers are broken into two groups; residential and commercial. From an
administrative standpoint there is no difference but from a marketing standpoint,
different levels of service are available to the two groups. How would you design
your Active Directory logical structure?
A. Create a single domain and within that domain create a single organizational unit
within the Users container called customers.
B. Create an empty root domain and two child domains. Name the child domains
residential and commercial.
C. Create an empty root domain and a single child domain with two organizational
units called residential and commercial.
*D. Create a single domain and within that domain an organizational unit named
customers. Within the customers organizational unit create two other
organizational units named residential and commercial. Explanation: The recommended strategy for an organizational design in this case would
be to create an organizational unit called customers within a single domain and two
sub-OUs within that. There is no need now to differentiate the customers into
different OUs but that need may arise in the future. Using a single domain is useful
because it minimizes the administration required and can offer the scalability
required. An OU cannot be created with the Users container, making that in invalid
option. Multiple domains are also not required, eliminating those options.
78. Which of the following single master operations roles are forest-wide?
A. RID Master
*B. Schema Master C. PDC Emulator
*D. Domain Naming Master E. Backup Domain Controller
![Page 106: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/106.jpg)
Active Directory 91
79. You have just finished the installation of Active Directory on a member server and
reboot the computer as a domain controller. You would like to verify that the SRV
records were created and use nslookup to do this. Nslookup reports a time-out when
you run it at the command prompt. What is causing the time outs?
A. A reverse lookup zone is not configured.
B. The DNS server you are querying does not support SRV records.
C. A forward lookup zone is not configured.
D. The DNS server you are querying does not support dynamic update.
80. Which version of Windows 2000 includes Windows Clustering and load balancing?
A. Windows 2000 Server
B. Windows 2000 Advanced Server
C. Windows 2000 Professional
D. Windows 2000 Datacenter
![Page 107: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/107.jpg)
Chapter 1:
79. You have just finished the installation of Active Directory on a member server and
reboot the computer as a domain controller. You would like to verify that the SRV
records were created and use nslookup to do this. Nslookup reports a time-out when
you run it at the command prompt. What is causing the time outs?
*A. A reverse lookup zone is not configured. B. The DNS server you are querying does not support SRV records.
C. A forward lookup zone is not configured.
D. The DNS server you are querying does not support dynamic update.
Explanation: You will receive time-outs when running nslookup if a reverse lookup
zone is not configured. Nslookup generates a reverse lookup to find the host name of
the DNS server based on its IP address and if a reverse lookup zone is not
configured, it will report a time out.
80. Which version of Windows 2000 includes Windows Clustering and load balancing?
A. Windows 2000 Server
*B. Windows 2000 Advanced Server C. Windows 2000 Professional
*D. Windows 2000 Datacenter
Explanation: Windows 2000 Advanced Server, designed for use in a large enterprise
network, contains all the features available in Windows 2000 Server, in addition to
Windows Clustering and load balancing. Windows 2000 Datacenter Server also
includes these features.
![Page 108: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/108.jpg)
Active Directory 93
81. You have successfully upgraded all of your company's Windows NT 4.0 domain
controllers to Windows 2000 and would like to take advantage of all of the new
features that Windows 2000 has to offer by switching domain modes. How will you
switch modes?
A. In Active Directory Users and Computers, right click the domain, click the change
button and confirm your choice.
B. In Active Directory Users and Computers, right click the domain controllers OU, click
the change button, and confirm your choice.
C. In Active Directory Sites and Services, right click the server object named after the
domain controller, click the change button, and confirm your choice.
D. In Active Directory Sites and Services, right click the domain controller's NTDS
Settings object, click the change button, and confirm your choice.
E. At the Run command, type change mode /native.
82. As the domain administrator you would like to grant a user, Chloe Ward, the
permissions to create OUs within the Musicians OU but only that OU. What would
be the recommended way to grant Chloe the permission to do this?
A. Add Chloe to the Administrators group.
B. Grant Chloe List and Create Child OU permissions within the domain.
C. Grant Chloe List, Read, and Create Child OU permissions within the Musicians OU.
D. Grant Chloe Read, and Manage Child OU permissions within the Musicians OU.
![Page 109: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/109.jpg)
Chapter 1:
81. You have successfully upgraded all of your company's Windows NT 4.0 domain
controllers to Windows 2000 and would like to take advantage of all of the new
features that Windows 2000 has to offer by switching domain modes. How will you
switch modes?
*A. In Active Directory Users and Computers, right click the domain, click the
change button and confirm your choice. B. In Active Directory Users and Computers, right click the domain controllers OU,
click the change button, and confirm your choice.
C. In Active Directory Sites and Services, right click the server object named after
the domain controller, click the change button, and confirm your choice.
D. In Active Directory Sites and Services, right click the domain controller's NTDS
Settings object, click the change button, and confirm your choice.
E. At the Run command, type change mode /native.
Explanation: The mode of the domain can be changed from Mixed to Native mode with
the Active Directory Users and Computers snap-in by right-clicking the domain and
selecting the change button.
82. As the domain administrator you would like to grant a user, Chloe Ward, the
permissions to create OUs within the Musicians OU but only that OU. What would
be the recommended way to grant Chloe the permission to do this?
A. Add Chloe to the Administrators group.
B. Grant Chloe List and Create Child OU permissions within the domain.
*C. Grant Chloe List, Read, and Create Child OU permissions within the Musicians
OU. D. Grant Chloe Read, and Manage Child OU permissions within the Musicians OU.
Explanation: To create OUs, a user must be a member of the Domain Admins or
Enterprise Admins groups or have Read, and Create Child OU permissions. List
permission is not required to create OUs, but without it, the user is not able to see the
new Child OU after it is created.
![Page 110: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/110.jpg)
Active Directory 95
83. As you are installing the first Windows 2000 domain controller in your domain. You
have upgraded your Windows NT 4.0 PDC to Windows 2000 and during the
promotion to a domain controller you receive an Access Denied message. What is
the most likely cause of the problem?
A. You are not logged on as an Administrator.
B. DNS is not configured properly to allow for authentication.
C. The default permissions on the Winnt folder are preventing you from proceeding with
the promotion to a domain controller.
D. The partition that you have selected to install the Sysvol folder on is not formatted
with the NTFS file system.
84. One of the domain controllers in your Windows 2000 domain is going to be demoted
to a member server because a newer computer was brought online last week. In the
demotion, what will happen to the user accounts?
A. The user accounts will be deleted and only the default user accounts for the
administrator and the guest will exist.
B. The user accounts will be removed from the Active Directory database and created in
the local computers security account manager database.
C. During the demotion you will be prompted to delete or create the user accounts as
local accounts.
D. All domain local groups become local groups, all global groups are deleted, and all
users become local computer accounts.
![Page 111: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/111.jpg)
Chapter 1:
83. As you are installing the first Windows 2000 domain controller in your domain. You
have upgraded your Windows NT 4.0 PDC to Windows 2000 and during the
promotion to a domain controller you receive an Access Denied message. What is
the most likely cause of the problem?
*A. You are not logged on as an Administrator. B. DNS is not configured properly to allow for authentication.
C. The default permissions on the Winnt folder are preventing you from proceeding
with the promotion to a domain controller.
D. The partition that you have selected to install the Sysvol folder on is not
formatted with the NTFS file system.
Explanation: You must be logged on as the Administrator to create the first domain
controller in a new forest. An improperly configured DNS server would generate an
error but not an Access Denied message. The Sysvol folder must also be located on a
partition or volume formatted with the NTFS file system but not doing that would
not generate an access denied message. The default permissions on the Winnt folder
would not result in an Access Denied message.
84. One of the domain controllers in your Windows 2000 domain is going to be demoted
to a member server because a newer computer was brought online last week. In the
demotion, what will happen to the user accounts?
*A. The user accounts will be deleted and only the default user accounts for the
administrator and the guest will exist. B. The user accounts will be removed from the Active Directory database and
created in the local computers security account manager database.
C. During the demotion you will be prompted to delete or create the user accounts as
local accounts.
D. All domain local groups become local groups, all global groups are deleted, and
all users become local computer accounts.
Explanation: During the demotion from a domain controller to a member server, all user
accounts other than the default accounts are removed from the computer. Only the
administrator and guest account as well as the other default local groups remain.
![Page 112: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/112.jpg)
Active Directory 97
85. YCorp has hired you as a consultant to help install 300 Windows 2000 servers on
their 25,000-node network. The company has already hired a team study the network
and an installation task list has been created. The distribution and placements of the
servers has already been decided as shown in the table below:
Location Number of servers OS types Number of clients
Koh Samui 2 Windows NT 30
Workstation 4.0
Penang 2 Windows NT 30
Server 4.0
Narita 100 Mix of Windows NT 10000
4.0 Server and
Windows NT 3.51
Server
Songtan 45 Mix of Windows NT 2440
4.0 Workstation
and Windows NT
4.0 Server
Mallersdorf 25 Windows 98 and 1800
Windows 95
Utrecht 100 Windows NT 4.0 10000
Server
Flagstaff 26 Mix of Windows NT 700
4.0 Server and
Windows 98
Which of the following operating systems will be able to upgrade instead of requiring a
fresh installation?
A. Windows 95
B. Windows 98
C. Windows NT 4.0 Workstation
D. Windows NT 4.0 Server
E. Windows NT 3.51 Server
![Page 113: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/113.jpg)
Chapter 1:
85. YCorp has hired you as a consultant to help install 300 Windows 2000 servers on
their 25,000-node network. The company has already hired a team study the network
and an installation task list has been created. The distribution and placements of the
servers has already been decided as shown in the table below:
Location Number of servers OS types Number of clients
Koh Samui 2 Windows NT 30
Workstation 4.0
Penang 2 Windows NT 30
Server 4.0
Narita 100 Mix of Windows NT 10000
4.0 Server and
Windows NT 3.51
Server
Songtan 45 Mix of Windows NT 2440
4.0 Workstation
and Windows NT
4.0 Server
Mallersdorf 25 Windows 98 and 1800
Windows 95
Utrecht 100 Windows NT 4.0 10000
Server
Flagstaff 26 Mix of Windows NT 700
4.0 Server and
Windows 98
Which of the following operating systems will be able to upgrade instead of requiring a
fresh installation?
A. Windows 95
B. Windows 98
C. Windows NT 4.0 Workstation
*D. Windows NT 4.0 Server
*E. Windows NT 3.51 Server Explanation: The only operating systems that can be upgraded to Windows 2000 are the
existing Windows NT Servers (either 3.51 or 4.0). However, assuming that all the
above computers meet the hardware standards for Windows 2000 installation, the
systems that are not already installed as Windows NT Servers can be given fresh
Windows 2000 installations.
![Page 114: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/114.jpg)
Notes:
![Page 115: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/115.jpg)
100 Chapter 2
In
Introduction
this section we will examine Microsoft’s DNS service in Windows 2000, its
configuration and optimization, and its relationship to Active Directory. DNS is used by
Windows 2000 in place of the older WINS service, necessary for the discovery of servers
in the enterprise. In Windows 2000, a client will use DNS to discover the location of
servers, in the initial access to the network, during the process we used to call logon but
now call authentication. To install Active Directory, the version of DNS running in the
network must support SRV (Service Resource Records) records. As their name indicates,
these DNS records provide the location of services. Their format is
service.protocol.name.ttl.class.SRV.priority.weight.port.target
So that a server named BFQ-1 providing telnet services would have a record something
like _telnet._tcp.BFQ-Site.BFQ.msft 600 IN SRV 0 100 23 BFQ-1.BFQ.msft.
In addition to supporting SRV records, Microsoft recommends that your version of DNS
support dynamic updates and incremental zone transfers. Dynamic updates allow records
to be created automatically in DNS, rather than having to create them manually as was in
the case in traditional DNS implementations. Incremental zone transfers allows
secondary DNS servers to only update their zone database with the changes in the
database since the last update, rather than transferring the entire zone as in older DNS
implementations.
![Page 116: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/116.jpg)
Using DNS with Active Directory Service 101
Chapter 2: Using DNS With Active Directory Service
1.
2.
3.
4.
5.
The objective of this chapter is to provide the reader with an understanding of
the following:
Install and configure DNS for Active Directory.
Integrate Active Directory DNS zones with existing DNS infrastructure.
Configure zones for dynamic updates and secure dynamic updates.
Create and configure DNS records.
Manage, monitor, and troubleshoot DNS.
1. What two things must you do before installing DNS service on a Windows 2000
server? (Choose 2)
A. Install Active Directory on the server.
B. Configure the computer with a static IP address.
C. Configure the computer with a DNS domain name.
D. Install DHCP services on the computer.
2. What are the three types of zones supported by DNS in Windows 2000? (Choose 3)
A. Primary zones
B. Active Directory integrated zones
C. Standard primary zones
D. Secondary zones
E. Standard secondary zones
![Page 117: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/117.jpg)
102 Chapter 2
1. What two things must you do before installing DNS service on a Windows 2000
server? (Choose 2)
A. Install Active Directory on the server.
*B. Configure the computer with a static IP address.
*C. Configure the computer with a DNS domain name. D. Install DHCP services on the computer.
Explanation: Before the administrator can install DNS on a Windows 2000 Server, the
server must be assigned a static IP address and must be given a host name and a
domain name. The DNS service install then installs the DNS server service, starts the
service and installs the DNS console. Additionally, the appropriate registry entry is
made for the startup of the DNS service and DNS database files are placed in the
newly created folder systemroot\System32\DNS. There are two ways to install the
DNS service: during the Windows 2000 installation or using Add/Remove
Programs-/Add/Remove Windows Components-Networking Services. DNS must be
installed prior to Active Directory.
2. What are the three types of zones supported by DNS in Windows 2000? (Choose 3)
A. Primary zones
*B. Active Directory integrated zones
*C. Standard primary zones D. Secondary zones
*E. Standard secondary zones Explanation: Before the administrator can install DNS on a Windows 2000 Server, the
server must be assigned a static IP address and must be given a host name and a
domain name. There are two ways to install the DNS service: during the Windows
2000 installation or using Add/Remove Programs-/Add/Remove Windows
Components-Networking Services. DNS must be installed prior to Active Directory.
DNS services in Windows 2000 support three types of zones: standard primary,
standard secondary and Active Directory integrated. A standard primary zone is the
master copy of the zone database and is stored as a standard text file. A standard
secondary is a copy (or replica) of the master database and are read-only. Active
Directory integrated zones are zones that are stored in Active Directory and so are
replicated during AD replication.
![Page 118: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/118.jpg)
Using DNS with Active Directory Service 103
3. What two events can trigger a zone transfer in DNS? (Choose 2)
A. The secondary server queries a master server for changes in the zone database.
B. The secondary server sends a notification of a change to the master server.
C. The master server queries its secondary servers for changes in the zone database.
D. The master server notifies the secondary servers about a change in the zone database.
4. Where is the zone database stored for a standard primary zone in Windows 2000?
A. In an Active Directory object
B. In the systemroot\System32\DNS folder
C. In the DNS server Active Directory object
D. In the systemroot\System32\etc folder
![Page 119: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/119.jpg)
104 Chapter 2
3. What two events can trigger a zone transfer in DNS? (Choose 2)
*A. The secondary server queries a master server for changes in the zone database. B. The secondary server sends a notification of a change to the master server.
C. The master server queries its secondary servers for changes in the zone database.
*D. The master server notifies the secondary servers about a change in the zone
database. Explanation: DNS services in Windows 2000 support three types of zones: standard
primary, standard secondary and Active Directory integrated. A standard primary
zone is the master copy of the zone database and is stored as a standard text file and
in the newly created folder systemroot\System32\DNS. A standard secondary is a
copy (or replica) of the master database and are read-only. Active Directory
integrated zones are zones that are stored in Active Directory and so are replicated
during AD replication. Zone transfers in DNS are triggered two ways: a master
server sends a change notification to the secondary servers, or the secondary server
queries the master for changes in the master database.
4. Where is the zone database stored for a standard primary zone in Windows 2000?
A. In an Active Directory object
*B. In the systemroot\System32\DNS folder C. In the DNS server Active Directory object
D. In the systemroot\System32\etc folder
Explanation: DNS services in Windows 2000 support three types of zones: standard
primary, standard secondary and Active Directory integrated. A standard primary
zone is the master copy of the zone database and is stored as a standard text file and
in the newly created folder systemroot\System32\DNS. A standard secondary is a
copy (or replica) of the master database and are read-only. Active Directory
integrated zones are zones that are stored in Active Directory and so are replicated
during AD replication. Zone transfers in DNS are triggered two ways: a master
server sends a change notification to the secondary servers, or the secondary server
queries the master for changes in the master database.
![Page 120: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/120.jpg)
Using DNS with Active Directory Service 105
5. Where is the zone database stored for an Active Directory integrated zone in Windows
2000?
A. In an Active Directory object
B. In the systemroot\System32\DNS folder
C. In the Active Directory DNS Zone object
D. In the systemroot\System32\etc folder
6. What two events occur in Dynamic DNS (DDNS)? (Choose 2)
A. The client computer automatically queries DNS for a dynamic domain name.
B. The DHCP client automatically updates an A resource record.
C. The DHCP server obtains a domain or host name for the DHCP client.
D. The DHCP server updates the PTR record in DNS.
![Page 121: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/121.jpg)
106 Chapter 2
5. Where is the zone database stored for an Active Directory integrated zone in Windows
2000?
*A. In an Active Directory object B. In the systemroot\System32\DNS folder
C. In the Active Directory DNS Zone object
D. In the systemroot\System32\etc folder
Explanation: DNS services in Windows 2000 support three types of zones: standard
primary, standard secondary and Active Directory integrated. A standard primary
zone is the master copy of the zone database and is stored as a standard text file and
in the newly created folder systemroot\System32\DNS. A standard secondary is a
copy (or replica) of the master database and are read-only. Active Directory
integrated zones are zones that are stored in Active Directory and so are replicated
during AD replication. Zone transfers in DNS are triggered two ways: a master
server sends a change notification to the secondary servers, or the secondary server
queries the master for changes in the master database.
6. What two events occur in Dynamic DNS (DDNS)? (Choose 2)
A. The client computer automatically queries DNS for a dynamic domain name.
*B. The DHCP client automatically updates an A resource record. C. The DHCP server obtains a domain or host name for the DHCP client.
*D. The DHCP server updates the PTR record in DNS. Explanation: DNS services in Windows 2000 support three types of zones: standard
primary, standard secondary and Active Directory integrated. A standard primary
zone is the master copy of the zone database and is stored as a standard text file and
in the newly created folder systemroot\System32\DNS. A standard secondary is a
copy (or replica) of the master database and are read-only. Active Directory
integrated zones are zones that are stored in Active Directory and so are replicated
during AD replication. Zone transfers in DNS are triggered two ways: a master
server sends a change notification to the secondary servers, or the secondary server
queries the master for changes in the master database. Windows 2000 includes in
DNS the ability to accept dynamic updates rather than just manual updates to the
zone database. When a DHCP server leases an address, the client updates the A
record in DNS and the server updates the PTR record in DNS - automatically.
![Page 122: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/122.jpg)
Using DNS with Active Directory Service 107
7. What types of zones in Windows 2000 can be configured for secure dynamic updates?
A. Standard primary zone
B. Standard secondary zone
C. Active Directory integrated zone
D. Master zone
8. What is the zone replication method that is new with Windows 2000 and allows for
replication of only the changes made to the authoritative database?
A. AXFR (Full-zone transfer)
B. IXFR (Incremental zone transfer)
C. DDNS (Dynamic DNS)
D. Replication Services
![Page 123: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/123.jpg)
108 Chapter 2
7. What types of zones in Windows 2000 can be configured for secure dynamic updates?
A. Standard primary zone
B. Standard secondary zone
*C. Active Directory integrated zone D. Master zone
Explanation: DNS services in Windows 2000 support three types of zones: standard
primary, standard secondary and Active Directory integrated. A standard primary
zone is the master copy of the zone database and is stored as a standard text file and
in the newly created folder systemroot\System32\DNS. A standard secondary is a
copy (or replica) of the master database and are read-only. Active Directory
integrated zones are zones that are stored in Active Directory and so are replicated
during AD replication. Zone transfers in DNS are triggered two ways: a master
server sends a change notification to the secondary servers, or the secondary server
queries the master for changes in the master database. Windows 2000 includes in
DNS the ability to accept dynamic updates rather than just manual updates to the
zone database. When a DHCP server leases an address, the client updates the A
record in DNS and the server updates the PTR record in DNS - automatically. Secure
dynamic updates can only be provided in Active Directory integrated zones.
8. What is the zone replication method that is new with Windows 2000 and allows for
replication of only the changes made to the authoritative database?
A. AXFR (Full-zone transfer)
*B. IXFR (Incremental zone transfer) C. DDNS (Dynamic DNS)
D. Replication Services
Explanation: DNS services in Windows 2000 support three types of zones: standard
primary, standard secondary and Active Directory integrated. A standard primary
zone is the master copy of the zone database and is stored as a standard text file and
in the newly created folder systemroot\System32\DNS. A standard secondary is a
copy (or replica) of the master database and are read-only. Active Directory
integrated zones are zones that are stored in Active Directory and so are replicated
during AD replication. Zone transfers in DNS are triggered two ways: a master
server sends a change notification to the secondary servers, or the secondary server
queries the master for changes in the master database. Zone transfers may occur
using AXFR, which is a full-zone transfer or IXFR (incremental zone transfer),
which only replicates the changes to the secondary zone. IXFR is new in Windows
2000.
![Page 124: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/124.jpg)
Using DNS with Active Directory Service 109
9. What are two utilities for testing the DNS service in Windows 2000? (Choose 2)
A. DNS Console
B. Active Directory Users and Computers
C. Nslookup
D. DNS Manager
![Page 125: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/125.jpg)
110 Chapter 2
9. What are two utilities for testing the DNS service in Windows 2000? (Choose 2)
*A. DNS Console B. Active Directory Users and Computers
*C. Nslookup D. DNS Manager
Explanation: DNS services in Windows 2000 support three types of zones: standard
primary, standard secondary and Active Directory integrated. A standard primary
zone is the master copy of the zone database and is stored as a standard text file and
in the newly created folder systemroot\System32\DNS. A standard secondary is a
copy (or replica) of the master database and are read-only. Active Directory
integrated zones are zones that are stored in Active Directory and so are replicated
during AD replication. Zone transfers in DNS are triggered two ways: a master
server sends a change notification to the secondary servers, or the secondary server
queries the master for changes in the master database. Windows 2000 includes in
DNS the ability to accept dynamic updates rather than just manual updates to the
zone database. When a DHCP server leases an address, the client updates the A
record in DNS and the server updates the PTR record in DNS - automatically.
Finally, there are two types of queries supported in Windows 2000 DNS: simple
queries, which use a DNS client to query a local DNS server, and recursive where
the client request must be forwarded from one DNS server to another to complete the
query. DNS can be tested either using Nslookup, which supports both interactive and
noninteractive modes, and the DNS console.
![Page 126: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/126.jpg)
Using DNS with Active Directory Service 111
10. What utility is used to manage DNS on a Windows 2000 server?
A. Active Directory Users and Computers
B. Active Directory Servers and Services
C. DNS Console
D. DNS Manager
![Page 127: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/127.jpg)
112 Chapter 2
10. What utility is used to manage DNS on a Windows 2000 server?
A. Active Directory Users and Computers
B. Active Directory Servers and Services
*C. DNS Console D. DNS Manager
Explanation: Before the administrator can install DNS on a Windows 2000 Server, the
server must be assigned a static IP address and must be given a host name and a
domain name. There are two ways to install the DNS service: during the Windows
2000 installation or using Add/Remove Programs-/Add/Remove Windows
Components-Networking Services. DNS must be installed prior to Active Directory.
DNS services in Windows 2000 support three types of zones: standard primary,
standard secondary and Active Directory integrated. A standard primary zone is the
master copy of the zone database and is stored as a standard text file. A standard
secondary is a copy (or replica) of the master database and are read-only. Active
Directory integrated zones are zones that are stored in Active Directory and so are
replicated during AD replication. When DNS is installed a shortcut is added to
Administrative Tools for the DNS console.
![Page 128: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/128.jpg)
Using DNS with Active Directory Service 113
11. What default setting of Windows 2000 computers must be changed prior to the
installation of DNS?
A. Windows 2000 servers by default do not have Active Directory installed; therefore the
administrator must first install AD.
B. By default, Windows 2000 servers do not install TCP/IP, but NetBEUI. The
administrator must first install TCP/IP.
C. The administrator must change the default DHCP setting from Automatically Obtain
an Address to a statically assigned address.
D. The administrator must enable IP forwarding, which is disabled by default in
Windows 2000.
![Page 129: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/129.jpg)
114 Chapter 2
11. What default setting of Windows 2000 computers must be changed prior to the
installation of DNS?
A. Windows 2000 servers by default do not have Active Directory installed;
therefore the administrator must first install AD.
B. By default, Windows 2000 servers do not install TCP/IP, but NetBEUI. The
administrator must first install TCP/IP.
*C. The administrator must change the default DHCP setting from Automatically
Obtain an Address to a statically assigned address. D. The administrator must enable IP forwarding, which is disabled by default in
Windows 2000.
Explanation: Before the administrator can install DNS on a Windows 2000 Server, the
server must be assigned a static IP address and must be given a host name and a
domain name. There are two ways to install the DNS service: during the Windows
2000 installation or using Add/Remove Programs-/Add/Remove Windows
Components-Networking Services. DNS must be installed prior to Active Directory.
DNS services in Windows 2000 support three types of zones: standard primary,
standard secondary and Active Directory integrated. A standard primary zone is the
master copy of the zone database and is stored as a standard text file. A standard
secondary is a copy (or replica) of the master database and are read-only. Active
Directory integrated zones are zones that are stored in Active Directory and so are
replicated during AD replication.
![Page 130: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/130.jpg)
Using DNS with Active Directory Service 115
12. What resource record type in Windows 2000 enables integration of Active Directory
and DNS?
A. A records
B. PTR records
C. SRV records
D. In.addr.arpa records
![Page 131: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/131.jpg)
116 Chapter 2
12. What resource record type in Windows 2000 enables integration of Active Directory
and DNS?
A. A records
B. PTR records
*C. SRV records D. In.addr.arpa records
Explanation: SRV records in DNS allow Active Directory domain controllers to be
located with DNS. DNS services in Windows 2000 support three types of zones:
standard primary, standard secondary and Active Directory integrated. A standard
primary zone is the master copy of the zone database and is stored as a standard text
file and in the newly created folder systemroot\System32\DNS. A standard
secondary is a copy (or replica) of the master database and are read-only. Active
Directory integrated zones are zones that are stored in Active Directory and so are
replicated during AD replication. Zone transfers in DNS are triggered two ways: a
master server sends a change notification to the secondary servers, or the secondary
server queries the master for changes in the master database. Windows 2000 includes
in DNS the ability to accept dynamic updates rather than just manual updates to the
zone database. When a DHCP server leases an address, the client updates the A
record in DNS and the server updates the PTR record in DNS - automatically.
Finally, there are two types of queries supported in Windows 2000 DNS: simple
queries, which use a DNS client to query a local DNS server, and recursive where
the client request must be forwarded from one DNS server to another to complete the
query.
![Page 132: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/132.jpg)
Using DNS with Active Directory Service 117
13. As the administrator of BFQ, Inc you wish to convert an existing DNS standard
primary zone to an Active Directory integrated zone, however you do not have that
option in the Change Zone Type dialog box. What have you failed to do properly?
A. You did not change the server's DHCP setting from dynamic to static for IP
addressing.
B. You have not installed DNS on the domain controller.
C. You installed DNS, but did not specify that Active Directory integrated zones would
be available.
D. You have not implemented Active Directory.
14. What is a Windows 2000 server requirement for converting a standard primary zone
to an Active Directory integrated zone?
A. The server running DNS must be a domain controller.
B. The server holding the standard primary zone must be also a DHCP server.
C. The partition holding the zone file must be formatted with NTFS.
D. The server must be configured for full zone transfers.
![Page 133: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/133.jpg)
118 Chapter 2
13. As the administrator of BFQ, Inc you wish to convert an existing DNS standard
primary zone to an Active Directory integrated zone, however you do not have that
option in the Change Zone Type dialog box. What have you failed to do properly?
A. You did not change the server's DHCP setting from dynamic to static for IP
addressing.
B. You have not installed DNS on the domain controller.
C. You installed DNS, but did not specify that Active Directory integrated zones
would be available.
*D. You have not implemented Active Directory. Explanation: DNS services in Windows 2000 support three types of zones: standard
primary, standard secondary and Active Directory integrated. A standard primary
zone is the master copy of the zone database and is stored as a standard text file and
in the newly created folder systemroot\System32\DNS. A standard secondary is a
copy (or replica) of the master database and are read-only. Active Directory
integrated zones are zones that are stored in Active Directory and so are replicated
during AD replication. Standard primary zones can be converted to Active Directory
integrated zones, providing that Active Directory has been installed, and that the
server running DNS is a domain controller.
14. What is a Windows 2000 server requirement for converting a standard primary zone
to an Active Directory integrated zone?
*A. The server running DNS must be a domain controller. B. The server holding the standard primary zone must be also a DHCP server.
C. The partition holding the zone file must be formatted with NTFS.
D. The server must be configured for full zone transfers.
Explanation: DNS services in Windows 2000 support three types of zones: standard
primary, standard secondary and Active Directory integrated. A standard primary
zone is the master copy of the zone database and is stored as a standard text file and
in the newly created folder systemroot\System32\DNS. A standard secondary is a
copy (or replica) of the master database and are read-only. Active Directory
integrated zones are zones that are stored in Active Directory and so are replicated
during AD replication. Standard primary zones can be converted to Active Directory
integrated zones, providing that Active Directory has been installed, and that the
server running DNS is a domain controller.
![Page 134: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/134.jpg)
Using DNS with Active Directory Service 119
15. You are configuring DNS for dynamic updates, but the Allow Only Secure Updates
choice does not appear in the Dynamic update list. What have you failed to configure
correctly?
A. The server must be running DHCP.
B. The zone must be converted to an Active Directory integrated zone.
C. The zone must be a standard primary zone.
D. The DNS service must be stopped and restarted.
16. In what two modes will nslookup operate? (Choose 2)
A. Active
B. Nonactive
C. Interactive
D. noninteractive
E. Passive
![Page 135: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/135.jpg)
120 Chapter 2
15. You are configuring DNS for dynamic updates, but the Allow Only Secure Updates
choice does not appear in the Dynamic update list. What have you failed to configure
correctly?
A. The server must be running DHCP.
*B. The zone must be converted to an Active Directory integrated zone. C. The zone must be a standard primary zone.
D. The DNS service must be stopped and restarted.
Explanation: DNS services in Windows 2000 support three types of zones: standard
primary, standard secondary and Active Directory integrated. A standard primary
zone is the master copy of the zone database and is stored as a standard text file and
in the newly created folder systemroot\System32\DNS. A standard secondary is a
copy (or replica) of the master database and are read-only. Active Directory
integrated zones are zones that are stored in Active Directory and so are replicated
during AD replication. Standard primary zones can be converted to Active Directory
integrated zones, providing that Active Directory has been installed, and that the
server running DNS is a domain controller. Once converted, the zone can then be
configured for secure dynamic updates, where the server will only accept updates
from authorized computers and DHCP servers.
16. In what two modes will nslookup operate ? (Choose 2)
A. Active
B. Nonactive
*C. Interactive
*D. noninteractive E. Passive
Explanation: Zone transfers in DNS are triggered two ways: a master server sends a
change notification to the secondary servers, or the secondary server queries the
master for changes in the master database. Windows 2000 includes in DNS the
ability to accept dynamic updates rather than just manual updates to the zone
database. When a DHCP server leases an address, the client updates the A record in
DNS and the server updates the PTR record in DNS - automatically. Finally, there
are two types of queries supported in Windows 2000 DNS: simple queries, which
use a DNS client to query a local DNS server, and recursive where the client request
must be forwarded from one DNS server to another to complete the query. DNS can
be tested either using Nslookup, which supports both interactive and noninteractive
modes, and the DNS console.
![Page 136: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/136.jpg)
Using DNS with Active Directory Service 121
17. What must be present for Nslookup to work properly in Windows 2000 DNS?
A. A PTR resource record for the DNS name server must exist in the server's database.
B. A SRV record for the DNS name server must exist in the DNS server's database.
C. An Active Directory integrated zone database must exist on the server.
D. The name server must be a domain controller.
18. What type of zone transfer does Windows NT 4.0 support?
A. AXFR (Full)
B. IXFR (Incremental)
C. AD integrated
D. DHCP synchronized
![Page 137: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/137.jpg)
122 Chapter 2
17. What must be present for Nslookup to work properly in Windows 2000 DNS?
*A. A PTR resource record for the DNS name server must exist in the server's
database. B. A SRV record for the DNS name server must exist in the DNS server's database.
C. An Active Directory integrated zone database must exist on the server.
D. The name server must be a domain controller.
Explanation: Zone transfers in DNS are triggered two ways: a master server sends a
change notification to the secondary servers, or the secondary server queries the
master for changes in the master database. Windows 2000 includes in DNS the
ability to accept dynamic updates rather than just manual updates to the zone
database. When a DHCP server leases an address, the client updates the A record in
DNS and the server updates the PTR record in DNS - automatically. Finally, there
are two types of queries supported in Windows 2000 DNS: simple queries, which
use a DNS client to query a local DNS server, and recursive where the client request
must be forwarded from one DNS server to another to complete the query. DNS can
be tested either using Nslookup, which supports both interactive and noninteractive
modes, and the DNS console. Nslookup requires a PTR record for the DNS name
server in the server's database.
18. What type of zone transfer does Windows NT 4.0 support?
*A. AXFR (Full) B. IXFR (Incremental)
C. AD integrated
D. DHCP synchronized
Explanation: DNS services in Windows 2000 support three types of zones: standard
primary, standard secondary and Active Directory integrated. A standard primary
zone is the master copy of the zone database and is stored as a standard text file and
in the newly created folder systemroot\System32\DNS. A standard secondary is a
copy (or replica) of the master database and are read-only. Active Directory
integrated zones are zones that are stored in Active Directory and so are replicated
during AD replication. Zone transfers in DNS are triggered two ways: a master
server sends a change notification to the secondary servers, or the secondary server
queries the master for changes in the master database. Zone transfers may occur
using AXFR, which is a full-zone transfer or IXFR (incremental zone transfer),
which only replicates the changes to the secondary zone. IXFR is new in Windows
2000. Windows NT 4.0 only supports AXFR (full) zone transfers.
![Page 138: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/138.jpg)
Using DNS with Active Directory Service 123
19. What do we call that portion of the domain namespace in Windows 2000 that is
defined by resource records stored in a database file?
A. Partition
B. Replica
C. Zone
D. Domain
20. As the administrator of a Windows 2000 Active Directory domain, you are
responsible for creating and maintaining both the DNS namespace and Active
Directory forest design. Which of the following statements best represents the DNS
requirements in a Windows 2000 Active Directory structure?
A. Each Active Directory domain requires a corresponding DNS domain.
B. Each DNS domain requires a corresponding Active Directory domain.
C. Each Active Directory domain requires a corresponding Active Directory zone.
D. Each DNS domain requires a corresponding Active Directory zone.
![Page 139: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/139.jpg)
124 Chapter 2
19. What do we call that portion of the domain namespace in Windows 2000 that is
defined by resource records stored in a database file?
A. Partition
B. Replica
*C. Zone D. Domain
Explanation: DNS services in Windows 2000 support three types of zones: standard
primary, standard secondary and Active Directory integrated. A standard primary
zone is the master copy of the zone database and is stored as a standard text file and
in the newly created folder systemroot\System32\DNS. A standard secondary is a
copy (or replica) of the master database and are read-only. Active Directory
integrated zones are zones that are stored in Active Directory and so are replicated
during AD replication. Zone transfers in DNS are triggered two ways: a master
server sends a change notification to the secondary servers, or the secondary server
queries the master for changes in the master database. Zone transfers may occur
using AXFR, which is a full-zone transfer or IXFR (incremental zone transfer),
which only replicates the changes to the secondary zone. IXFR is new in Windows
2000. Windows NT 4.0 only supports AXFR (full) zone transfers.
20. As the administrator of a Windows 2000 Active Directory domain, you are
responsible for creating and maintaining both the DNS namespace and Active
Directory forest design. Which of the following statements best represents the DNS
requirements in a Windows 2000 Active Directory structure?
*A. Each Active Directory domain requires a corresponding DNS domain. B. Each DNS domain requires a corresponding Active Directory domain.
C. Each Active Directory domain requires a corresponding Active Directory zone.
D. Each DNS domain requires a corresponding Active Directory zone.
Explanation: Each Active Directory domain requires a corresponding DNS domain for
resolution of the services and hosts within the directory structure. DNS is the
primary means of resolution in Windows 2000 domains and replaces the
functionality that was previously provided by WINS. An Active Directory domain is
not required for each DNS domain that exists. An example of this could be a
company with five registered Internet domain names but only one internal Active
Directory domain name. Creating five Active Directory domains for the external
Internet domain names is not necessary. There is no such thing as an Active
Directory zone, so those two answers are not correct.
![Page 140: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/140.jpg)
Using DNS with Active Directory Service 125
21. As the DNS and Windows 2000 administrator in your company, you are planning the
DNS namespace. Because DNS is the primary means of resolution in Windows
2000, you are trying to remember the type of zone to create if you want to be able to
resolve a host to an IP address. What type of zone would you create?
A. Forward lookup zone
B. Reverse lookup zone
C. Standard Primary zone
D. Standard Secondary zone
22. As the DNS and Windows 2000 administrator in your company, you are planning the
DNS namespace. Because DNS is the primary means of resolution in Windows
2000, you are trying to remember the type of zone to create if you want to be able to
resolve an IP address to a host name. What type of zone would you create?
A. Forward lookup zone
B. Reverse lookup zone
C. Standard Primary zone
D. Standard Secondary zone
E. Active Directory integrated zone
![Page 141: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/141.jpg)
126 Chapter 2
21. As the DNS and Windows 2000 administrator in your company, you are planning the
DNS namespace. Because DNS is the primary means of resolution in Windows
2000, you are trying to remember the type of zone to create if you want to be able to
resolve a host to an IP address. What type of zone would you create?
*A. Forward lookup zone B. Reverse lookup zone
C. Standard Primary zone
D. Standard Secondary zone
Explanation: A forward lookup zone is used to resolve host names to IP addresses. A
reverse lookup zone is used to resolve IP addresses to names. A standard primary
zone is one of three types of zones that can be created and can be either forward or
reverse lookup zones, but alone do not discriminate between types of resolution. A
standard secondary is also one type of zone that can be created and can be used for
either forward or reverse lookup.
22. As the DNS and Windows 2000 administrator in your company, you are planning the
DNS namespace. Because DNS is the primary means of resolution in Windows
2000, you are trying to remember the type of zone to create if you want to be able to
resolve an IP address to a host name. What type of zone would you create?
A. Forward lookup zone
*B. Reverse lookup zone C. Standard Primary zone
D. Standard Secondary zone
E. Active Directory integrated zone
Explanation: A reverse lookup zone would be created to resolve an IP address to a host
name. A forward lookup zone is used to resolve host names to IP addresses. Standard
primary, Standard secondary, and Active Directory integrated zones are the three
types of zones that can be created. Each type can be configured as either a forward or
reverse lookup zone, but the type does not have anything to do with resolution.
![Page 142: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/142.jpg)
Using DNS with Active Directory Service 127
23. Your current network has a BIND 8.1.0 server and you are planning an upgrade to
Windows 2000 for your NT 4 clients and servers. Which of the following strategies
will support the installation of Active Directory? (Choose three)
A. Upgrade your BIND server to 8.1.2 or higher.
B. Install a Windows 2000 server as standard primary DNS server to replace your BIND
server.
C. Delegate a zone for the Active Directory on your BIND server and install Windows
2000 server as a standard primary DNS server to support Active Directory.
D. Delegate a zone for the Active Directory on your BIND server and install Windows
2000 server as a standard secondary DNS server to support Active Directory.
E. Install a Windows 2000 server as standard secondary DNS server to replace your
BIND server.
![Page 143: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/143.jpg)
128 Chapter 2
23. Your current network has a BIND 8.1.0 server and you are planning an upgrade to
Windows 2000 for your NT 4 clients and servers. Which of the following strategies
will support the installation of Active Directory? (Choose three)
*A. Upgrade your BIND server to 8.1.2 or higher.
*B. Install a Windows 2000 server as standard primary DNS server to replace your
BIND server.
*C. Delegate a zone for the Active Directory on your BIND server and install
Windows 2000 server as a standard primary DNS server to support Active
Directory. D. Delegate a zone for the Active Directory on your BIND server and install
Windows 2000 server as a standard secondary DNS server to support Active
Directory.
E. Install a Windows 2000 server as standard secondary DNS server to replace your
BIND server.
Explanation: Upgrading your BIND server to BIND 8.1.2 or higher is one solution to get
Active Directory installed. Another solution is to install a Windows 2000 server as a
standard primary to replace the BIND server. A third solution is to create a zone on
the BIND server and delegate authority to a Windows 2000 server configured as a
standard primary DNS server. Configuring Windows 2000 as a standard secondary
DNS server first requires a standard primary making this an invalid option.
![Page 144: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/144.jpg)
Using DNS with Active Directory Service 129
24. As the administrator responsible for upgrading all of your current Windows NT
domain controllers to Windows 2000, you must plan for resolution. Your
organization currently uses a BIND implementation for resolution that supports SRV
records but not dynamic update and will not permit you to upgrade or use Windows
2000 DNS. What can you do to create the SRV records on your BIND server?
A. Print out the contents of cache.dns and manually enter the SRV records on the BIND
server.
B. Print out the contents of netlogon.dns and manually enter the SRV records on the
BIND server.
C. Print out the contents of the services file and manually enter the SRV records on the
BIND server.
D. Print out the contents of place.dns and manually enter the SRV records on the BIND
server.
![Page 145: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/145.jpg)
130 Chapter 2
24. As the administrator responsible for upgrading all of your current Windows NT
domain controllers to Windows 2000, you must plan for resolution. Your
organization currently uses a BIND implementation for resolution that supports SRV
records but not dynamic update and will not permit you to upgrade or use Windows
2000 DNS. What can you do to create the SRV records on your BIND server?
A. Print out the contents of cache.dns and manually enter the SRV records on the
BIND server.
*B. Print out the contents of netlogon.dns and manually enter the SRV records on
the BIND server. C. Print out the contents of the services file and manually enter the SRV records on
the BIND server.
D. Print out the contents of place.dns and manually enter the SRV records on the
BIND server.
Explanation: The Netlogon.dns file is found in the path %windir%\system32\config and
contains all the required SRV entries and can be used to manually enter the records
on a BIND server that does not support dynamic update. The cache.dns file contains
all the default root servers but not SRV records. The services files contain a listing of
services and service ports used by specific services.
![Page 146: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/146.jpg)
Using DNS with Active Directory Service 131
25. You are the DNS administrator in for your company. You are trying to identify which
port the global catalog service is listening on. When you open the DNS snap-in, you
see the following service record:
_ldap._tcp.gc._msdcs 600 IN SRV 0 100 3268 masterdc.learnix.com.
Based on the service record, which port is the global catalog listening on?
A. TCP port 600
B. TCP port 100
C. TCP port 3268
D. UDP port 600
E. UCP port 100
26. You are the DNS administrator in your organization and have been looking at your
DNS zone file after the installation of Active Directory. One of the SRV records that
you have identified is the following:
ldap._tcp.gc._msdcs 600 IN SRV 0 100 3268 masterdc.mcsejobs.net
Which of the following statements accurately describe this service record?
A. Provides the global catalog service
B. Provides the ldap service
C. Uses the UDP protocol
D. Uses the TCP protocol
E. Has a FQDN of masterdc.mcsejobs.net
![Page 147: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/147.jpg)
132 Chapter 2
25. You are the DNS administrator in for your company. You are trying to identify which
port the global catalog service is listening on. When you open the DNS snap-in, you
see the following service record:
_ldap._tcp.gc._msdcs 600 IN SRV 0 100 3268 masterdc.learnix.com.
Based on the service record, which port is the global catalog listening on?
A. TCP port 600
B. TCP port 100
*C. TCP port 3268 D. UDP port 600
E. UCP port 100
Explanation: The global catalog listens for ldap communications on TCP port 3268. A
service record is broken into the following format: service._protocol.name ttl class
SRV priority weight port target
26. You are the DNS administrator in your organization and have been looking at your
DNS zone file after the installation of Active Directory. One of the SRV records that
you have identified is the following:
ldap._tcp.gc._msdcs 600 IN SRV 0 100 3268 masterdc.mcsejobs.net
Which of the following statements accurately describe this service record?
A. Provides the global catalog service
*B. Provides the ldap service C. Uses the UDP protocol
*D. Uses the TCP protocol
*E. Has a FQDN of masterdc.mcsejobs.net Explanation: The above service record provides the ldap service, using tcp in the
registered domain mcsejobs.net on the computer with a fully qualified domain name
of masterdc.mcsejobs.net. The service record does not use the udp protocol, nor does
it provide the global catalog service. A domain controller configured as a global
catalog server listens for and replies to ldap queries on tcp port 3268 but does not run
a global catalog service. The correct domain name is mcsejobs.net, not
masterdc.mcsejobs.net because masterdc is the host name, not a part of the domain
name.
![Page 148: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/148.jpg)
Using DNS with Active Directory Service 133
27. As the DNS administrator in your organization's Windows 2000 domain, you are
responsible for maintaining DNS. You have just made a number of changes to your
Windows 2000 DNS settings in an effort to experiment with the new DNS
functionality. You are interested in seeing the changes that were recorded in the zone
database file from the changes you made through the GUI. Using Windows Explorer,
you open %windir%\system32\dns to view the zone database file but it is not there.
What change could have caused this to disappear?
A. The zone type was changed from Standard Primary to Standard Secondary.
B. The zone type was changed from Standard Secondary to Standard Primary.
C. The zone type was changed from Standard Primary to Active Directory Integrated.
D. The forward lookup zone was configured to allow dynamic updates.
![Page 149: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/149.jpg)
134 Chapter 2
27. As the DNS administrator in your organization's Windows 2000 domain, you are
responsible for maintaining DNS. You have just made a number of changes to your
Windows 2000 DNS settings in an effort to experiment with the new DNS
functionality. You are interested in seeing the changes that were recorded in the zone
database file from the changes you made through the GUI. Using Windows Explorer,
you open %windir%\system32\dns to view the zone database file but it is not there.
What change could have caused this to disappear?
A. The zone type was changed from Standard Primary to Standard Secondary.
B. The zone type was changed from Standard Secondary to Standard Primary.
*C. The zone type was changed from Standard Primary to Active Directory
Integrated. D. The forward lookup zone was configured to allow dynamic updates.
Explanation: When the zone type is changed to Active Directory integrated, the DNS
zone file is added as an object to Active Directory and deleted from its original
location in the path %windir%\system32\dns. Changing the zone type from Standard
Primary to Standard Secondary or vice versa will not affect the location of the zone
database file. Configuring the zone to allow dynamic updates will not affect the
location of the zone database file.
![Page 150: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/150.jpg)
Using DNS with Active Directory Service 135
28. You are the administrator of your organization's Windows NT 4 network. Your
network consists of three Windows NT 4 domains that you are planning on
upgrading to a single Windows 2000 domain. You are beginning the migration by
upgrading the two Windows NT 4 member servers that act as DNS servers to
Windows 2000. After the upgrade, you open the DNS snap-in to ensure that all your
resource records were preserved and to look at the new functionality. You notice that
the option to configure an Active Directory integrated zone is not available. What
would cause this?
A. Active Directory must first be installed to configure the zone as Active Directory
integrated.
B. You must be logged on as a member of the enterprise administrators group.
C. You must first stop and start the netlogon service.
D. An upgraded DNS service does not support configuring a zone as Active Directory
integrated. The DNS service should be removed before upgrading the operating
system and reinstalled after the upgrade.
![Page 151: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/151.jpg)
136 Chapter 2
28. You are the administrator of your organization's Windows NT 4 network. Your
network consists of three Windows NT 4 domains that you are planning on
upgrading to a single Windows 2000 domain. You are beginning the migration by
upgrading the two Windows NT 4 member servers that act as DNS servers to
Windows 2000. After the upgrade, you open the DNS snap-in to ensure that all your
resource records were preserved and to look at the new functionality. You notice that
the option to configure an Active Directory integrated zone is not available. What
would cause this?
*A. Active Directory must first be installed to configure the zone as Active Directory
integrated. B. You must be logged on as a member of the enterprise administrators group.
C. You must first stop and start the netlogon service.
D. An upgraded DNS service does not support configuring a zone as Active
Directory integrated. The DNS service should be removed before upgrading the
operating system and reinstalled after the upgrade.
Explanation: Active Directory must first be installed to configure a zone as Active
Directory. As you have not yet installed Active Directory, there is no enterprise
administrators group to be a member of. Stopping and starting the netlogon service is
the recommended way of forcing the creation of the SRV records after the Active
Directory is installed but will not affect your ability to configure the zone as Active
Directory integrated. There are no restrictions on configuring an upgraded DNS
service as an Active Directory integrated zone.
![Page 152: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/152.jpg)
Using DNS with Active Directory Service 137
29. As one of the team members of the Windows 2000 administrative team, you are
responsible for providing reasons to management why specific decisions were made.
Which of the following benefits only apply to Active Directory DNS and would have
influenced your decision to use Active Directory integrated DNS? (Choose two.)
A. Eliminates single point of failure
B. Allows for secure dynamic update
C. Allows zone transfers only to other Active Directory integrated zones on Windows
2000 servers running DNS
D. The zone file is stored as a text file in the path %windir%\system32\dns
30. Your organization is planning on installing Active Directory and you are working on
getting the DNS configured properly before the rollout. You currently have a BIND
server handling all resolution, and you have created a sub-zone named
ad.mcsejobs.net on the BIND server and delegated authority of that zone to the
Windows 2000 DNS server that will act as the Active directory domain. You would
like to verify that the Windows 2000 DNS server is authoritative for the newly
delegated zone. Which of the following nslookup commands would provide you with
that information?
A. nslookup -type=ns mscejobs.net
B. nslookup -type=auth mcsejobs.net
C. nslookup -type=ns ad.mcsejobs.net
D. nslookup -type=auth ad.mcsejobs.net
E. nslookup -type=server ad.mcsejobs.net
![Page 153: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/153.jpg)
138 Chapter 2
29. As one of the team members of the Windows 2000 administrative team, you are
responsible for providing reasons to management why specific decisions were made.
Which of the following benefits only apply to Active Directory DNS and would have
influenced your decision to use Active Directory integrated DNS? (Choose two.)
*A. Eliminates single point of failure
*B. Allows for secure dynamic update C. Allows zone transfers only to other Active Directory integrated zones on
Windows 2000 servers running DNS
D. The zone file is stored as a text file in the path %windir%\system32\dns
Explanation: Active directory integrated zones eliminate the single point of failure
associated with a standard primary DNS server because the DNS zone file becomes
an object in Active Directory and replicates with the Active Directory to all domain
controllers within the domain. Being an object in Active Directory also allows
permissions to be set on records within zones to control which computers can update
their records. Active Directory integrated DNS zones can be transfers to any other
DNS server, not just Windows 2000 servers running DNS through a zone transfer.
30. Your organization is planning on installing Active Directory and you are working on
getting the DNS configured properly before the rollout. You currently have a BIND
server handling all resolution, and you have created a sub-zone named
ad.mcsejobs.net on the BIND server and delegated authority of that zone to the
Windows 2000 DNS server that will act as the Active directory domain. You would
like to verify that the Windows 2000 DNS server is authoritative for the newly
delegated zone. Which of the following nslookup commands would provide you with
that information?
A. nslookup -type=ns mscejobs.net
B. nslookup -type=auth mcsejobs.net
*C. nslookup -type=ns ad.mcsejobs.net D. nslookup -type=auth ad.mcsejobs.net
E. nslookup -type=server ad.mcsejobs.net
Explanation: The correct nslookup command is nslookup -type=ns ad.mcsejobs.net.
Nslookup specifies the utility to use as nslookup. -type=ns sets the type of record to
search for to name servers and ad.mcsejobs.net is the domain in which you want to
search for the information.
![Page 154: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/154.jpg)
Using DNS with Active Directory Service 139
31. You are having problems with name resolution in your Windows 2000 Active
Directory domain named ad.mcsejobs.net. You want to confirm that your DNS
forward lookup zone file contains all the address records of your client computers.
What nslookup command would you run to see this information?
A. At the command prompt type nslookup and hit enter. Then type ls -t A
ad.mcsejobs.net
B. At the command prompt type nslookup and hit enter. Then type ls -t IN
ad.mcsejobs.net
C. At the command prompt type nslookup and hit enter. Then type ls -t=A
ad.mcsejobs.net
D. At the command prompt type nslookup ls -t A ad.mcsejobs.net
32. You have just configured a zone on a BIND server to handle resolution for your
Active Directory. The BIND server is version 8.2.2. What can you do to force the
registration of the SRV records?
A. At the Command Prompt type net stop netlogon, followed by net start netlogon.
B. At the Command Prompt type net stop dnssrv, followed by net start dnssrv.
C. At the Command Prompt type ipconfig /registerdns.
D. At the Command Prompt type ipconfig /flushdns
![Page 155: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/155.jpg)
140 Chapter 2
31. You are having problems with name resolution in your Windows 2000 Active
Directory domain named ad.mcsejobs.net. You want to confirm that your DNS
forward lookup zone file contains all the address records of your client computers.
What nslookup command would you run to see this information?
*A. At the command prompt type nslookup and hit enter. Then type ls -t A
ad.mcsejobs.net B. At the command prompt type nslookup and hit enter. Then type ls -t IN
ad.mcsejobs.net
C. At the command prompt type nslookup and hit enter. Then type ls -t=A
ad.mcsejobs.net
D. At the command prompt type nslookup ls -t A ad.mcsejobs.net
Explanation: To list all of the address or host records in the domain, type nslookup at the
command prompt followed by enter. Then type ls to list, -t for type, and A for an
Address type of record followed by the domain name of the Active Directory
domain.
32. You have just configured a zone on a BIND server to handle resolution for your
Active Directory. The BIND server is version 8.2.2. What can you do to force the
registration of the SRV records?
*A. At the Command Prompt type net stop netlogon, followed by net start netlogon. B. At the Command Prompt type net stop dnssrv, followed by net start dnssrv.
C. At the Command Prompt type ipconfig /registerdns.
D. At the Command Prompt type ipconfig /flushdns
Explanation: Stopping and starting the netlogon service with the net stop and net start
commands is one way to force the registration of the SRV records in the DNS or
BIND database.
![Page 156: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/156.jpg)
Notes:
![Page 157: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/157.jpg)
142 Chapter 3
Introduction
Group Policy in Windows 2000 allows the administrator tremendous control over user
and computer configuration, as well as providing for automation of scripting and for
folder redirection. This is a major feature of Windows 2000 and a feature that Microsoft
has been trumpeting quite loudly. As such, you can expect this area of Windows 2000 to
be tested extensively. If you are not solid on the ins and outs of Group Policy, you will
not pass the test. Preliminary information about Group Policy is covered in other
Windows 2000 books and/or courses. Lastly, familiarity with earlier Windows System
Policy Editor and ntconfig.pol and config.pol configurations will save the reader some
time in learning this very rich area of Active Directory.
![Page 158: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/158.jpg)
Change & Configuration Management 143
Chapter 3: Configuration Management
2.
3.
5.
8.
9.
The objective of this chapter is to provide the reader with an understanding of
the following:
1. Implement and troubleshoot Group Policy.
Create and modify a Group Policy object (GPO).
Link to an existing GPO.
4. Delegate administrative control of Group Policy.
Configure Group Policy options.
6. Filter Group Policy settings by using security groups.
7. Modify Group Policy prioritization.
Manage and troubleshoot user environments by using Group Policy.
Install, configure, manage, and troubleshoot software by using Group Policy.
10. Manage network configuration by using Group Policy.
11. Configure Active Directory to support Remote Installation Services (RIS).
12. Configure RIS options to support remote installations.
13. Configure RIS security.
1. What are three areas in which settings can be made to establish policy for user and
computer configurations? (Choose 3)
A. Administrative Templates
B. Folder Redirection
C. Taskbar Settings
D. Shell Restrictions
E. Software Installation
![Page 159: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/159.jpg)
144 Chapter 3
1. What are three areas in which settings can be made to establish policy for user and
computer configurations? (Choose 3)
*A. Administrative Templates
*B. Folder Redirection C. Taskbar Settings
D. Shell Restrictions
*E. Software Installation Explanation: In Windows 2000 the concept of policies takes on new meaning and
increased power and flexibility. The Group Policy allows you to apply
configurations to computer and user accounts across your network, specifying
settings through five extensions: Administrative Templates, Security, Software
Installation, Scripts and Folder Redirection. The Group Policy object is an Active
Directory object that stores the various configuration settings for specified users and
computers. When you create a Group Policy object (GPO), a Group Policy container
is created that stores the version and status information for the GPO, while a folder
structure is created on a specified domain controller to store all of the detailed
information in the five areas named above.
![Page 160: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/160.jpg)
Change & Configuration Management 145
2. Where are Group Policy settings saved in Active Directory?
A. Group Policy settings are a property of an OU object
B. Group Policy settings are a property of a group object
C. Group Policy settings are a property of a Group Policy object
D. Group Policy settings are saved as a file in My Documents on Domain Controllers
3. What two things are automatically created when you create a Group Policy object in
Active Directory?
A. Universal group object
B. Group Policy container
C. Group Policy settings
D. Group Policy template
![Page 161: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/161.jpg)
146 Chapter 3
2. Where are Group Policy settings saved in Active Directory?
A. Group Policy settings are a property of an OU object
B. Group Policy settings are a property of a group object
*C. Group Policy settings are a property of a Group Policy object D. Group Policy settings are saved as a file in My Documents on Domain
Controllers
Explanation: In Windows 2000 the concept of policies takes on new meaning and
increased power and flexibility. The Group Policy allows you to apply
configurations to computer and user accounts across your network, specifying
settings through five extensions: Administrative Templates, Security, Software
Installation, Scripts and Folder Redirection. The Group Policy object is an Active
Directory object that stores the various configuration settings for specified users and
computers. When you create a Group Policy object (GPO), a Group Policy container
is created that stores the version and status information for the GPO, while a folder
structure is created on a specified domain controller to store all of the detailed
information in the five areas named above.
3. What two things are automatically created when you create a Group Policy object in
Active Directory?
A. Universal group object
*B. Group Policy container C. Group Policy settings
*D. Group Policy template Explanation: In Windows 2000 the concept of policies takes on new meaning and
increased power and flexibility. The Group Policy allows you to apply
configurations to computer and user accounts across your network, specifying
settings through five extensions: Administrative Templates, Security, Software
Installation, Scripts and Folder Redirection. The Group Policy object is an Active
Directory object that stores the various configuration settings for specified users and
computers. When you create a Group Policy object (GPO), a Group Policy container
is created that stores the version and status information for the GPO, while a folder
structure is created on a specified domain controller to store all of the detailed
information in the five areas named above.
![Page 162: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/162.jpg)
Change & Configuration Management 147
4. What two steps must you take to implement Group Policies in Active Directory?
(Choose 2)
A. You must create a Group Policy object.
B. You must create a Group Policy template.
C. You must create a Group Policy container.
D. You must associate the Group Policy object with the appropriate container.
E. You must associate the Group Policy object with the appropriate Group Policy
template.
![Page 163: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/163.jpg)
148 Chapter 3
4. What two steps must you take to implement Group Policies in Active Directory?
(Choose 2)
*A. You must create a Group Policy object. B. You must create a Group Policy template.
C. You must create a Group Policy container.
*D. You must associate the Group Policy object with the appropriate container. E. You must associate the Group Policy object with the appropriate Group Policy
template.
Explanation: The Group Policy object is an Active Directory object that stores the
various configuration settings for specified users and computers. When you create a
Group Policy object (GPO), a Group Policy container is created that stores the
version and status information for the GPO, while a folder structure is created on a
specified domain controller to store all of the detailed information in the five areas
named above. To implement policies using Group Policy, you must create a GPO
and then associate it with a specific container so that the policies will affect all users
or computers in that container and all child containers. It is possible for multiple
policies to affect a given object, so Active Directory applies policies in the order site,
then domain, then OU. This gives OU-level policies precedence. This "inheritance"
of policies from parent OU to child OU can be modified by setting either No
Override, which will prevent a child OU from overriding a parent OU setting, or
Block Inheritance, which will allow a child OU to block policies from its parent.
![Page 164: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/164.jpg)
Change & Configuration Management 149
5. What GPO is applied last in Active Directory?
A. Site
B. Domain
C. Parent Container
D. Child Container
![Page 165: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/165.jpg)
150 Chapter 3
5. What GPO is applied last in Active Directory?
A. Site
B. Domain
C. Parent Container
*D. Child Container Explanation: The Group Policy object is an Active Directory object that stores the
various configuration settings for specified users and computers. When you create a
Group Policy object (GPO), a Group Policy container is created that stores the
version and status information for the GPO, while a folder structure is created on a
specified domain controller to store all of the detailed information in the five areas
named above. To implement policies using Group Policy, you must create a GPO
and then associate it with a specific container so that the policies will affect all users
or computers in that container and all child containers. It is possible for multiple
policies to affect a given object, so Active Directory applies policies in the order site,
then domain, then OU. This gives OU-level policies precedence. This "inheritance"
of policies from parent OU to child OU can be modified by setting either No
Override, which will prevent a child OU from overriding a parent OU setting, or
Block Inheritance, which will allow a child OU to block policies from its parent.
![Page 166: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/166.jpg)
Change & Configuration Management 151
6. What setting can prevent child container policies from overriding parent container
policies?
A. Block Inheritance
B. No Override
C. No Inheritance
D. Block Override
![Page 167: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/167.jpg)
152 Chapter 3
6. What setting can prevent child container policies from overriding parent container
policies?
A. Block Inheritance
*B. No Override C. No Inheritance
D. Block Override
Explanation: The Group Policy object is an Active Directory object that stores the
various configuration settings for specified users and computers. When you create a
Group Policy object (GPO), a Group Policy container is created that stores the
version and status information for the GPO, while a folder structure is created on a
specified domain controller to store all of the detailed information in the five areas
named above. To implement policies using Group Policy, you must create a GPO
and then associate it with a specific container so that the policies will affect all users
or computers in that container and all child containers. It is possible for multiple
policies to affect a given object, so Active Directory applies policies in the order site,
then domain, then OU. This gives OU-level policies precedence. This "inheritance"
of policies from parent OU to child OU can be modified by setting either No
Override, which will prevent a child OU from overriding a parent OU setting, or
Block Inheritance, which will allow a child OU to block policies from its parent.
![Page 168: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/168.jpg)
Change & Configuration Management 153
7. What are two settings in Group Policies that are not refreshed periodically by
Windows 2000?
A. Administrative Templates
B. Software Installation
C. Security
D. Folder Redirection
E. Scripts
![Page 169: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/169.jpg)
154 Chapter 3
7. What are two settings in Group Policies that are not refreshed periodically by
Windows 2000?
A. Administrative Templates
*B. Software Installation C. Security
*D. Folder Redirection E. Scripts
Explanation: Permissions in Active Directory are applied in Active Directory Users and
Computers - View - Advanced Features - Properties - Security. Permissions can be
set using standard permissions, which include Full Control, Read, Write, Create All
Child Objects, and Delete All Child Objects. Permissions can be granted or denied,
and deny takes precedence over the granting of a permission. When permissions are
set in Active Directory, the administrator can decide how the permission should
inherit down the AD structure. This can allow the administrator to set fewer
permissions and let the inheritance process continue to grant access. Windows 2000
will periodically refresh policies settings, by default every 90 minutes, except for
Software Installation and Folder Redirection, which only apply when the computer
starts, or when the user logs in to the network.
![Page 170: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/170.jpg)
Change & Configuration Management 155
8. What are the steps for applying a Group Policy in Active Directory?
A. Go to the appropriate container, right click and choose Properties - Group Policy -
Properties-Security and then check the box for APPLY Group Policy.
B. Go to the appropriate Group Policy object, right click and choose Properties - Group
Policy - Security and then check the box for Allow Group Policy.
C. Go to the appropriate Group Policy container, right click and choose Properties
Group Policy - Security and then check the box for Allow Group Policy.
D. Open Active Directory Users and Computers and choose Properties - Group Policy
Security and then check the box for Allow Group Policy.
![Page 171: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/171.jpg)
156 Chapter 3
8. What are the steps for applying a Group Policy in Active Directory?
*A. Go to the appropriate container, right click and choose Properties - Group
Policy - Properties-Security and then check the box for APPLY Group Policy. B. Go to the appropriate Group Policy object, right click and choose Properties
Group Policy - Security and then check the box for Allow Group Policy.
C. Go to the appropriate Group Policy container, right click and choose Properties
Group Policy - Security and then check the box for Allow Group Policy.
D. Open Active Directory Users and Computers and choose Properties - Group
Policy - Security and then check the box for Allow Group Policy.
Explanation: The Group Policy object is an Active Directory object that stores the
various configuration settings for specified users and computers. When you create a
Group Policy object (GPO), a Group Policy container is created that stores the
version and status information for the GPO, while a folder structure is created on a
specified domain controller to store all of the detailed information in the five areas
named above. To implement policies using Group Policy, you must create a GPO
and then associate it with a specific container so that the policies will affect all users
or computers in that container and all child containers. When you first create a GPO
there are two sets of defaults: the Authenticated Users group will have Read and
Apply Group Policy permissions and the System account and Domain Admins and
Enterprise Admins will have Read, Create All Child Objects and Delete All Child
Objects permissions. The actual setting of the policy occurs in the appropriate
container, right click and choose Properties - Group Policy - Security and then check
the box for Allow Group Policy.
![Page 172: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/172.jpg)
Change & Configuration Management 157
9. What are the two main ways to modify inheritance for Group Polices?
A. Set the "No Override" option
B. Change the order in which GPOs are processed.
C. Set an Inheritance Filter option
D. Set Block Group Policy option
E. Check the "Block Policy Inheritance" option on the Group Policies tab
10. What object in Active Directory enables filtering of GPOs?
A. The associated container object
B. Security groups
C. Universal groups
D. GPO Filters
![Page 173: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/173.jpg)
158 Chapter 3
9. What are the two main ways to modify inheritance for Group Polices?
*A. Set the "No Override" option B. Change the order in which GPOs are processed.
C. Set an Inheritance Filter option
D. Set Block Group Policy option
*E. Check the "Block Policy Inheritance" option on the Group Policies tab Explanation: To implement policies using Group Policy, you must create a GPO and
then associate it with a specific container so that the policies will affect all users or
computers in that container and all child containers. It is possible for multiple
policies to affect a given object, so Active Directory applies policies in the order site,
then domain, then OU. This gives OU-level policies precedence. This "inheritance"
of policies from parent OU to child OU can be modified by setting either No
Override, which will prevent a child OU from overriding a parent OU setting, or
Block Inheritance, which will allow a child OU to block policies from its parent.
Additionally, you can modify the order in which the policies are processed by
changing the order of the GPOs on the Group Policy tab.
10. What object in Active Directory enables filtering of GPOs?
A. The associated container object
*B. Security groups C. Universal groups
D. GPO Filters
Explanation: To implement policies using Group Policy, you must create a GPO and
then associate it with a specific container so that the policies will affect all users or
computers in that container and all child containers. It is possible for multiple
policies to affect a given object, so Active Directory applies policies in the order site,
then domain, then OU. This gives OU-level policies precedence. This "inheritance"
of policies from parent OU to child OU can be modified by setting either No
Override, which will prevent a child OU from overriding a parent OU setting, or
Block Inheritance, which will allow a child OU to block policies from its parent.
Additionally, you can modify the order in which the policies are processed by
changing the order of the GPOs on the Group Policy tab. Lastly you can filter who is
affected by a Group Policy by creating Security groups and granting them Apply
Group Policy and Read permissions or removing the permissions to remove them
from the policy.
![Page 174: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/174.jpg)
Change & Configuration Management 159
11. What are the two areas of configuration displayed in the MMC when you use the
Group Policy console? (Choose 2)
A. Group Policy container
B. Computer Configuration
C. User Configuration
D. Group Policy template
12. What are the three default folders named that are created below the User and
Computer Configuration folders in the Group Policy console? (Choose 3)
A. Software Settings
B. Hardware Settings
C. Windows Settings
D. Administrative Settings
E. Administrative Templates
![Page 175: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/175.jpg)
160 Chapter 3
11. What are the two areas of configuration displayed in the MMC when you use the
Group Policy console? (Choose 2)
A. Group Policy container
*B. Computer Configuration
*C. User Configuration D. Group Policy template
Explanation: To implement policies using Group Policy, you must create a GPO and
then associate it with a specific container so that the policies will affect all users or
computers in that container and all child containers. Once created, GPOs can be
edited either in the properties of the associated OU, or by creating a custom MMC
using the Group Policy snap-in. Group Policy has two main sections, User
Configuration and Computer Configuration, within each of which are folders entitled
Software Settings, Windows Settings and Administrative Templates.
12. What are the three default folders named that are created below the User and
Computer Configuration folders in the Group Policy console? (Choose 3)
*A. Software Settings B. Hardware Settings
*C. Windows Settings D. Administrative Settings
*E. Administrative Templates Explanation: To implement policies using Group Policy, you must create a GPO and
then associate it with a specific container so that the policies will affect all users or
computers in that container and all child containers. Once created, GPOs can be
edited either in the properties of the associated OU, or by creating a custom MMC
using the Group Policy snap-in. Group Policy has two main sections, User
Configuration and Computer Configuration, within each of which are folders entitled
Software Settings, Windows Settings and Administrative Templates.
![Page 176: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/176.jpg)
Change & Configuration Management 161
13. What Windows 2000 server does the GPO MMC point to when you are configuring
Group Policies?
A. PDC
B. BDC
C. (PDC) Operations Master
D. Master Domain Controller
14. What are the three settings for policies in the Administrative Template? (Choose 3)
A. Allow
B. Deny
C. Enabled
D. Disabled
E. Not Configured
![Page 177: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/177.jpg)
162 Chapter 3
13. What Windows 2000 server does the GPO MMC point to when you are configuring
Group Policies?
A. PDC
B. BDC
*C. (PDC) Operations Master D. Master Domain Controller
Explanation: To implement policies using Group Policy, you must create a GPO and
then associate it with a specific container so that the policies will affect all users or
computers in that container and all child containers. Once created, GPOs can be
edited either in the properties of the associated OU, or by creating a custom MMC
using the Group Policy snap-in. Group Policy has two main sections, User
Configuration and Computer Configuration, within each of which are folders entitled
Software Settings, Windows Settings and Administrative Templates. While you are
configuring Group Policy, the console is always pointed to the domain controller
designated as the (PDC) Operations Master.
14. What are the three settings for policies in the Administrative Template? (Choose 3)
A. Allow
B. Deny
*C. Enabled
*D. Disabled
*E. Not Configured Explanation: To implement policies using Group Policy, you must create a GPO and
then associate it with a specific container so that the policies will affect all users or
computers in that container and all child containers. Once created, GPOs can be
edited either in the properties of the associated OU, or by creating a custom MMC
using the Group Policy snap-in. Group Policy has two main sections, User
Configuration and Computer Configuration, within each of which are folders entitled
Software Settings, Windows Settings and Administrative Templates. Within these
folders, settings are made by modifying the state of check boxes, Enabled, Disabled
and Not Configured are the choices.
![Page 178: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/178.jpg)
Change & Configuration Management 163
15. What is the last script to execute by default when Windows 2000 executes scripts
from Group Policy settings?
A. Computer/Startup
B. Computer/Shutdown
C. User/Logon
D. User/Logoff
16. What are three folders that can be redirected to network locations with Folder
Redirection in Group Policies? (Choose 3)
A. Application Data
B. Applications
C. Program Files
D. My Documents
E. Start Menu
![Page 179: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/179.jpg)
164 Chapter 3
15. What is the last script to execute by default when Windows 2000 executes scripts
from Group Policy settings?
A. Computer/Startup
*B. Computer/Shutdown C. User/Logon
D. User/Logoff
Explanation: The Group Policy allows you to apply configurations to computer and user
accounts across your network, specifying settings through five extensions:
Administrative Templates, Security, Software Installation, Scripts and Folder
Redirection. Scripts in Windows 2000 can be associated with users or computers,
and so the last script to execute, if one exists, would be the last one listed in the
corresponding Properties dialog box, generally the shutdown script.
16. What are three folders that can be redirected to network locations with Folder
Redirection in Group Policies? (Choose 3)
*A. Application Data B. Applications
C. Program Files
*D. My Documents
*E. Start Menu Explanation: The Group Policy allows you to apply configurations to computer and user
accounts across your network, specifying settings through five extensions:
Administrative Templates, Security, Software Installation, Scripts and Folder
Redirection. Folder Redirection allows for the redirection of Application Data,
Desktop, My Documents, My Pictures and Start Menu.
![Page 180: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/180.jpg)
Change & Configuration Management 165
17. What are three guidelines for the implementation of Group Policies in Windows 2000
networks? (Choose 3)
A. Create one Group Policy object for all users in your network to simplify management.
B. Disable the unused portion of a GPO.
C. Limit the number of GPOs that affect a given user or computer.
D. Do not create separate GPOs for each domain.
E. Group related settings in the same GPO rather than in separate GPOs.
18. What are two technologies included in Windows 2000 to help deploy and manage
software throughout a company? (Choose 2)
A. ZAK
B. Windows Installer
C. Installation Wizard
D. Software Installation and Maintenance
![Page 181: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/181.jpg)
166 Chapter 3
17. What are three guidelines for the implementation of Group Policies in Windows 2000
networks? (Choose 3)
A. Create one Group Policy object for all users in your network to simplify
management.
*B. Disable the unused portion of a GPO.
*C. Limit the number of GPOs that affect a given user or computer. D. Do not create separate GPOs for each domain.
*E. Group related settings in the same GPO rather than in separate GPOs. Explanation: Microsoft details a number of guidelines for the implementation of Group
Policy in Windows 2000. They suggest that you limit the use of Block Inheritance
and No Override, limit the number of GPOs, disable the unused portion of a GPO,
group related settings in a single GPO, and altogether consider the impact on your
network traffic and logon performance by the creation of GPOs.
18. What are two technologies included in Windows 2000 to help deploy and manage
software throughout a company? (Choose 2)
A. ZAK
*B. Windows Installer C. Installation Wizard
*D. Software Installation and Maintenance Explanation: Windows 2000 includes two technologies for deploying and managing
software throughout an organization: Windows Installer and the Software Installation
and Maintenance technology. Windows Installer replaces the old standby
SETUP.EXE with the Windows Installer package or .msi file. This technology
provides for optional features of software being visible in the user interface, but only
installed if used, thereby saving storage space and simplifying installation.
Additionally, Windows Installer can replace missing files automatically, and the
uninstall process is improved. Windows 2000 Software Installation and Maintenance
technology allows for software deployment and management to be integrated with
Active Directory and Group Policy. Working in coordination with Windows Installer
packages, this technology allows for association of Group Policy objects with .msi
packages. Thus, software deployment and maintenance can be automated through
Active Directory.
![Page 182: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/182.jpg)
Change & Configuration Management 167
19. What Windows 2000 technology allows for the automatic install or update of
applications upon startup or logon?
A. Windows Installer
B. ZAK
C. Software Installation and Maintenance
D. Windows 2000 Installation Wizard
20. What are the four stages of the software life cycle? (Choose 4)
A. Preparation
B. Installation
C. Deployment
D. Maintenance
E. Removal
![Page 183: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/183.jpg)
168 Chapter 3
19. What Windows 2000 technology allows for the automatic install or update of
applications upon startup or logon?
A. Windows Installer
B. ZAK
*C. Software Installation and Maintenance D. Windows 2000 Installation Wizard
Explanation: Windows 2000 includes two technologies for deploying and managing
software throughout an organization: Windows Installer and the Software Installation
and Maintenance technology. Windows Installer replaces the old standby
SETUP.EXE with the Windows Installer package or .msi file. This technology
provides for optional features of software being visible in the user interface, but only
installed if used, thereby saving storage space and simplifying installation.
Additionally, Windows Installer can replace missing files automatically, and the
uninstall process is improved. Windows 2000 Software Installation and Maintenance
technology allows for software deployment and management to be integrated with
Active Directory and Group Policy. Working in coordination with Windows Installer
packages, this technology allows for association of Group Policy objects with .msi
packages. Thus, software deployment and maintenance can be automated through
Active Directory.
20. What are the four stages of the software life cycle? (Choose 4)
*A. Preparation B. Installation
*C. Deployment
*D. Maintenance
*E. Removal Explanation: The four phases of the software life cycle are Preparation, Deployment,
Maintenance and Removal. The Preparation phase in Windows 2000 involves
securing a Windows Installer package (.msi) for the application, and/or modifying
the file for deployment. The Deployment phase is centered around either assigning
applications, which will advertise the application on the user desktop, or publishing
applications, which will not advertise the application, but make the installation
available through Add/Remove Programs. The Maintenance phase involves the
delivery of service packs or upgrades, and the Removal phase involves either a
forced removal, where the software is automatically removed, or optional removal,
where the software is not uninstalled and new users cannot install the software.
![Page 184: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/184.jpg)
Change & Configuration Management 169
21. What are three of the steps for deploying software using the Software Installation and
Maintenance technology in Windows 2000? (Choose 3)
A. Visit each workstation and take an inventory of software.
B. Create or acquire an .msi file and the related files for the application.
C. Place the .msi file and associated files on a shared folder.
D. Associate the shared folder with the appropriate OU.
E. Create or modify a GPO to facilitate delivery.
22. How would you deliver a software package using the Software Installation and
Maintenance technology for a department if the software was a primary tool for the
department users?
A. Create a GPO and publish the software to the users.
B. Create a GPO and assign the software to the users.
C. Create a GPO but do not advertise the software.
D. Create a GPO and publish it to the computers in that department.
![Page 185: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/185.jpg)
170 Chapter 3
21. What are three of the steps for deploying software using the Software Installation and
Maintenance technology in Windows 2000? (Choose 3)
A. Visit each workstation and take an inventory of software.
*B. Create or acquire an .msi file and the related files for the application.
*C. Place the .msi file and associated files on a shared folder. D. Associate the shared folder with the appropriate OU.
*E. Create or modify a GPO to facilitate delivery. Explanation: The deployment phase is centered around either assigning applications,
which will advertise the application on the user desktop, or publishing applications,
which will not advertise the application, but make the installation available through
Add/Remove Programs. First the administrator needs to acquire the appropriate .msi
file, then place the file on a shared folder, create or modify a GPO, and finally
configure the GPO to specify whether the software is associated with users or
computers and whether to assign or publish the software.
22. How would you deliver a software package using the Software Installation and
Maintenance technology for a department if the software was a primary tool for the
department users?
A. Create a GPO and publish the software to the users.
*B. Create a GPO and assign the software to the users. C. Create a GPO but do not advertise the software.
D. Create a GPO and publish it to the computers in that department.
Explanation: The deployment phase is centered around either assigning applications,
which will advertise the application on the user desktop, or publishing applications,
which will not advertise the application, but make the installation available through
Add/Remove Programs. First the administrator needs to acquire the appropriate .msi
file, then place the file on a shared folder, create or modify a GPO, and finally
configure the GPO to specify whether the software is associated with users or
computers and whether to assign or publish the software. If the use of the application
is required, then you will assign the software to the computers so that the software
will automatically be installed upon startup. If the software is published, it will show
up on the desktop and be installed when the user double-clicks on the icon.
![Page 186: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/186.jpg)
Change & Configuration Management 171
23. You have a department with users who time-share the computers. What is the best
way to deploy software using Software Installation and Maintenance technology so
that the software will be available for all users?
A. Create a GPO and assign the software to the users.
B. Create a GPO and publish the software to the users.
C. Create a GPO and assign the software to the computers.
D. Create a GPO and force install the software on the computers using the Force Run
option.
24. When a software package is published using Software Installation and Maintenance,
how can a user then install the software?
A. The user can install the software by double-clicking on the icon.
B. The user can use Add/Remove Programs in Control Panel to install the software.
C. The user can install the software by simply double-clicking on a file associated with
the software.
D. The user cannot install the software, it will only run remotely.
![Page 187: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/187.jpg)
172 Chapter 3
23. You have a department with users who time-share the computers. What is the best
way to deploy software using Software Installation and Maintenance technology so
that the software will be available for all users?
A. Create a GPO and assign the software to the users.
B. Create a GPO and publish the software to the users.
*C. Create a GPO and assign the software to the computers. D. Create a GPO and force install the software on the computers using the Force
Run option.
Explanation: The deployment phase is centered around either assigning applications,
which will advertise the application on the user desktop, or publishing applications,
which will not advertise the application, but make the installation available through
Add/Remove Programs. First the administrator needs to acquire the appropriate .msi
file, then place the file on a shared folder, create or modify a GPO, and finally
configure the GPO to specify whether the software is associated with users or
computers and whether to assign or publish the software. If the use of the application
is required, then you will assign the software to the computers so that the software
will automatically be installed upon startup. If the software is published, it will show
up on the desktop and be installed when the user double-clicks on the icon.
24. When a software package is published using Software Installation and Maintenance,
how can a user then install the software?
A. The user can install the software by double-clicking on the icon.
*B. The user can use Add/Remove Programs in Control Panel to install the
software. C. The user can install the software by simply double-clicking on a file associated
with the software.
D. The user cannot install the software, it will only run remotely.
Explanation: The deployment phase is centered around either assigning applications,
which will advertise the application on the user desktop, or publishing applications,
which will not advertise the application, but make the installation available through
Add/Remove Programs. First the administrator needs to acquire the appropriate .msi
file, then place the file on a shared folder, create or modify a GPO, and finally
configure the GPO to specify whether the software is associated with users or
computers and whether to assign or publish the software. If the use of the application
is required, then you will assign the software to the computers so that the software
will automatically be installed upon startup. If the software is published, it will show
up on the desktop and be installed when the user double-clicks on the icon.
![Page 188: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/188.jpg)
Change & Configuration Management 173
25. What are two differences between assigning and publishing software using Software
Installation and Maintenance technology in Windows 2000? (Choose 2)
A. Published software is not advertised.
B. Assigned software is not advertised.
C. Software cannot be published to computers.
D. Software cannot be published to users.
![Page 189: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/189.jpg)
174 Chapter 3
25. What are two differences between assigning and publishing software using Software
Installation and Maintenance technology in Windows 2000? (Choose 2)
*A. Published software is not advertised. B. Assigned software is not advertised.
*C. Software cannot be published to computers. D. Software cannot be published to users.
Explanation: The Deployment phase is centered around either assigning applications,
which will advertise the application on the user desktop, or publishing applications,
which will not advertise the application, but make the installation available through
Add/Remove Programs. First the administrator needs to acquire the appropriate .msi
file, then place the file on a shared folder, create or modify a GPO, and finally
configure the GPO to specify whether the software is associated with users or
computers and whether to assign or publish the software. If the use of the application
is required, then you will assign the software to the computers so that the software
will automatically be installed upon startup. If the software is published, it will show
up on the desktop and be installed when the user double-clicks on the icon.
Publishing software can only be done through users, not through computers, while
assigning can be done through either.
![Page 190: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/190.jpg)
Change & Configuration Management 175
26. What can an administrator use to publish applications when a Windows Installer
package is not available?
A. A Group Policy Object
B. A .zap file
C. An .msi file
D. An Administrative Template
![Page 191: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/191.jpg)
176 Chapter 3
26. What can an administrator use to publish applications when a Windows Installer
package is not available?
A. A Group Policy Object
*B. A .zap file C. An .msi file
D. An Administrative Template
Explanation: The Deployment phase is centered around either assigning applications,
which will advertise the application on the user desktop, or publishing applications,
which will not advertise the application, but make the installation available through
Add/Remove Programs. First the administrator needs to acquire the appropriate .msi
file, then place the file on a shared folder, create or modify a GPO, and finally
configure the GPO to specify whether the software is associated with users or
computers and whether to assign or publish the software. If a Windows Installer
package is not available, the administrator can create a .zap file, a text file that can be
executed by Windows 2000 Software Installation and Maintenance. These files have
limitations: they can only be published; they will not auto-repair software; they run
the software's SETUP.EXE and often will require users input, and finally, .zap files
require user rights to install the software, something users generally do not have on a
Windows 2000 workstation.
![Page 192: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/192.jpg)
Change & Configuration Management 177
27. What are three limitations when using a .zap file to publish non-Windows Installer
applications? (Choose 3)
A. The applications cannot be assigned.
B. These applications do not show up in Add/Remove Programs in Control Panel.
C. These applications do not auto-repair when files have been deleted or damaged.
D. These applications generally cannot support user customization during the installation.
E. These programs seldom will support an unattended install.
![Page 193: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/193.jpg)
178 Chapter 3
27. What are three limitations when using a .zap file to publish non-Windows Installer
applications? (Choose 3)
*A. The applications cannot be assigned. B. These applications do not show up in Add/Remove Programs in Control Panel.
*C. These applications do not auto-repair when files have been deleted or damaged. D. These applications generally cannot support user customization during the
installation.
*E. These programs seldom will support an unattended install. Explanation: The deployment phase is centered around either assigning applications,
which will advertise the application on the user desktop, or publishing applications,
which will not advertise the application, but make the installation available through
Add/Remove Programs. First the administrator needs to acquire the appropriate .msi
file, then place the file on a shared folder, create or modify a GPO, and finally
configure the GPO to specify whether the software is associated with users or
computers and whether to assign or publish the software. If a Windows Installer
package is not available, the administrator can create a .zap file, a text file that can be
executed by Windows 2000 Software Installation and Maintenance. These files have
limitations: they can only be published; they will not auto-repair software; they run
the software's SETUP.EXE and often will require users input, and finally, .zap files
require user rights to install the software, something users generally do not have on a
Windows 2000 workstation.
![Page 194: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/194.jpg)
Change & Configuration Management 179
28. If a previous version of an application has been installed, what happens during logon
when the administrator has configured a mandatory upgrade in Software Installation
and Maintenance?
A. The software upgrade will proceed automatically.
B. The users will be prompted to upgrade the software at the time of logon.
C. The user will not be allowed to logon until the mandatory upgrade has been
completed.
D. Nothing
![Page 195: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/195.jpg)
180 Chapter 3
28. If a previous version of an application has been installed, what happens during logon
when the administrator has configured a mandatory upgrade in Software Installation
and Maintenance?
A. The software upgrade will proceed automatically.
B. The users will be prompted to upgrade the software at the time of logon.
C. The user will not be allowed to logon until the mandatory upgrade has been
completed.
*D. Nothing Explanation: The four phases of the software life cycle are preparation, deployment,
maintenance and removal. The preparation phase in Windows 2000 involves
securing a Windows Installer package (.msi) for the application, and/or modifying
the file for deployment. The Maintenance phase involves the delivery of service
packs or upgrades. Upgrades can be deployed as optional or mandatory. Mandatory
upgrades are used to discontinue the use of a previous version of software and force
all users to the new version. This is done in the GPO for the new software,
specifying the original version and checking Required Upgrade for Existing
Packages. The next time the users launches the original software, the upgrade will
proceed. Optional upgrades follow the same process, however, the administrator will
clears the Required Upgrade for Existing Packages box.
![Page 196: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/196.jpg)
Change & Configuration Management 181
29. What method is most effective in deploying a new service pack or software patch in
Software Installation and Maintenance?
A. Mandatory Upgrade
B. Optional Upgrade
C. Redeploy Application
D. Reinstall Application
30. What method would you use to uninstall applications from computers in your
Windows 2000 network?
A. Forced Removal
B. Optional Removal
C. Forced Uninstall
D. Optional Uninstall
![Page 197: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/197.jpg)
182 Chapter 3
29. What method is most effective in deploying a new service pack or software patch in
Software Installation and Maintenance?
A. Mandatory Upgrade
B. Optional Upgrade
*C. Redeploy Application D. Reinstall Application
Explanation: The four phases of the software life cycle are Preparation, Deployment,
Maintenance and Removal. The Maintenance phase involves the delivery of service
packs or upgrades, and the Removal phase involves either a forced removal, where
the software is automatically removed, or optional removal, where the software is
not uninstalled and new users cannot install the software. Upgrades can be deployed
as optional or mandatory. Mandatory upgrades are used to discontinue the use of a
previous version of software and force all users to the new version. This is done in
the GPO for the new software, specifying the original version and checking Required
Upgrade for Existing Packages. The next time the users launches the original
software, the upgrade will proceed. Optional upgrades follow the same process,
however, the administrator will clears the Required Upgrade for Existing Packages
box. The Maintenance phase of software often involves applying a service pack to
the software. The service pack is placed in the same folder with the original .msi and
the original GPO is modified by checking the Redeploy Application box. The service
pack will then be applied in the same manner as the original application.
30. What method would you use to uninstall applications from computers in your
Windows 2000 network?
*A. Forced Removal B. Optional Removal
C. Forced Uninstall
D. Optional Uninstall
Explanation: The four phases of the software life cycle are Preparation, Deployment,
Maintenance and Removal. The Removal phase involves either a forced removal,
where the software is automatically removed, or optional removal, where the
software is not uninstalled and new users cannot install the software. Forced removal
causes the software to be automatically uninstalled, and the software cannot be
reinstalled. Optional removal allows the users to continue to use the software, but
does not allow any new installs. Once deleted manually, the application cannot be
reinstalled.
![Page 198: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/198.jpg)
Change & Configuration Management 183
31. What are three capabilities that administrators have when using Software Installation
to manage software on their Windows 2000 network? (Choose 3)
A. The ability to associate file extensions with applications
B. Creating categories of software to prevent users from installing too many applications.
C. The ability to assign to computers based on operating system, for example, Windows
95/98, NT 4.0, 2000.
D. The ability to prevent application installation being invoked through associated
documents.
![Page 199: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/199.jpg)
184 Chapter 3
31. What are three capabilities that administrators have when using Software Installation
to manage software on their Windows 2000 network? (Choose 3)
*A. The ability to associate file extensions with applications
*B. Creating categories of software to prevent users from installing too many
applications. C. The ability to assign to computers based on operating system, for example,
Windows 95/98, NT 4.0, 2000.
*D. The ability to prevent application installation being invoked through associated
documents. Explanation: Windows 2000 includes two technologies for deploying and managing
software throughout an organization: Windows Installer and the Software Installation
and Maintenance technology. Windows 2000 Software Installation and Maintenance
technology allows for software deployment and management to be integrated with
Active Directory and Group Policy. Working in coordination with Windows Installer
packages, this technology allows for association of Group Policy objects with .msi
packages. Thus, software deployment and maintenance can be automated through
Active Directory. Additionally, administrators can associate file extensions with
programs in Software Installation, prevent installation through document invocation,
control what programs are listed in Add/Remove Programs, categorize programs in
Add/Remove Programs and have a program automatically uninstall when a GPO no
longer applies to a user.
![Page 200: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/200.jpg)
Change & Configuration Management 185
32. What are three of the deployment options for an application using Windows 2000
Software Installation and Maintenance? (Choose 3)
A. Enable/Disable Auto-install
B. Force Run Yes/No
C. Choice of the Deployment Type
D. Choice of the Installation User Interface
![Page 201: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/201.jpg)
186 Chapter 3
32. What are three of the deployment options for an application using Windows 2000
Software Installation and Maintenance? (Choose 3)
*A. Enable/Disable Auto-install B. Force Run Yes/No
*C. Choice of the Deployment Type
*D. Choice of the Installation User Interface Explanation: Windows 2000 includes two technologies for deploying and managing
software throughout an organization: Windows Installer and the Software Installation
and Maintenance technology. Windows 2000 Software Installation and Maintenance
technology allows for software deployment and management to be integrated with
Active Directory and Group Policy. Working in coordination with Windows Installer
packages, this technology allows for association of Group Policy objects with .msi
packages. Thus, software deployment and maintenance can be automated through
Active Directory. Additionally, administrators can associate file extensions with
programs in Software Installation, prevent installation through document invocation,
control what programs are listed in Add/Remove Programs, categorize programs in
Add/Remove Programs and have a program automatically uninstall when a GPO no
longer applies to a user. Within the GPO the administrator can set options on the
Deployment tab of the package including changing deployment type from assigned
to published (or vice versa), setting auto-install upon document activation, causing
an uninstall when the GPO is no longer associated, not allowing the application to be
listed in Add/Remove Programs and choosing the user interface during installation.
![Page 202: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/202.jpg)
Change & Configuration Management 187
33. As the administrator of BFQ, Inc., you have deployed an application using Windows
2000 Software Installation. What are two things that you can do to troubleshoot if the
deployment does not go as planned? (Choose 2)
A. Delete the Group Policy objects and recreate them.
B. Check to see that the application shows up in Add/Remove Programs.
C. Look for an icon on the user desktop.
D. Look for Group Policy conflicts.
34. In a typical software life cycle, what are the four primary tasks for software
management? (Choose 4)
A. Acquire software
B. Test software
C. Deploy Software
D. Maintain software
E. Remove software
![Page 203: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/203.jpg)
188 Chapter 3
33. As the administrator of BFQ, Inc., you have deployed an application using Windows
2000 Software Installation. What are two things that you can do to troubleshoot if the
deployment does not go as planned? (Choose 2)
A. Delete the Group Policy objects and recreate them.
*B. Check to see that the application shows up in Add/Remove Programs. C. Look for an icon on the user desktop.
*D. Look for Group Policy conflicts. Explanation: Windows 2000 includes two technologies for deploying and managing
software throughout an organization: Windows Installer and the Software Installation
and Maintenance technology. Windows 2000 Software Installation and Maintenance
technology allows for software deployment and management to be integrated with
Active Directory and Group Policy. While this technology can streamline software
issues, troubleshooting can be troublesome. There are three things that can be
checked if software deployment is not proceeding as expected. First, verify that the
application appears in Add/Remove Programs to determine whether the software was
assigned or published. Secondly, verify that the user has access to the server hosting
the software distribution - that is, is the server available for anyone? Lastly, look for
potential conflicts with GPOs.
34. In a typical software life cycle, what are the four primary tasks for software
management? (Choose 4)
*A. Acquire software B. Test software
*C. Deploy Software
*D. Maintain software
*E. Remove software Explanation: The four primary tasks for software maintenance are: Acquisition,
Deployment, Maintenance, and Removal. The Acquisition phase in Windows 2000
involves securing a Windows Installer package (.msi) for the application, and/or
modifying the file for deployment, or creating a .zap file for deployment. The
Deployment phase is centered around either assigning applications, which will
advertise the application on the user desktop, or publishing applications, which will
not advertise the application, but make the installation available through
Add/Remove Programs. The Maintenance phase involves the delivery of service
packs or upgrades, and the Removal phase involves either a forced removal, where
the software is automatically removed, or optional removal, where the software is
not uninstalled and new users cannot install the software.
![Page 204: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/204.jpg)
Change & Configuration Management 189
35. What are three types of files that can be used with Group Policy to deploy
applications? (Choose 3)
A. .sif files
B. Native Windows Installer packages (.msi files)
C. .zip files
D. Repackaged applications (.msi files)
E. .zap files
36. What are two disadvantages of using repackaged application files (.msi) for
application deployment with Group Policies? (Choose 2)
A. Repackaged applications do not self-repair.
B. Repackaged applications will not install features on demand.
C. Repackaged applications cannot be used with an unattended install.
D. Repackaged applications actually cannot be deployed with Group Policies.
![Page 205: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/205.jpg)
190 Chapter 3
35. What are three types of files that can be used with Group Policy to deploy
applications? (Choose 3)
A. .sif files
*B. Native Windows Installer packages (.msi files) C. .zip files
*D. Repackaged applications (.msi files)
*E. .zap files Explanation: First the administrator needs to acquire the appropriate .msi file, then place
the file on a shared folder, create or modify a GPO, and finally configure the GPO to
specify whether the software is associated with users or computers and whether to
assign or publish the software. If a Windows Installer package is not available, the
administrator can repackage the application (creating a .msi file) or create a .zap file,
a text file that can be executed by Windows 2000 Software Installation and
Maintenance. These .zap files have limitations: they can only be published; they will
not auto-repair software; they run the software's SETUP.EXE and often will require
users input, and finally, .zap files require user rights to install the software,
something users generally do not have on a Windows 2000 workstation. Repackaged
(.msi) files also do not support auto-repair and do not install features on-demand.
36. What are two disadvantages of using repackaged application files (.msi) for
application deployment with Group Policies? (Choose 2)
*A. Repackaged applications do not self-repair.
*B. Repackaged applications will not install features on demand. C. Repackaged applications cannot be used with an unattended install.
D. Repackaged applications actually cannot be deployed with Group Policies.
Explanation: First the administrator needs to acquire the appropriate .msi file, then place
the file on a shared folder, create or modify a GPO, and finally configure the GPO to
specify whether the software is associated with users or computers and whether to
assign or publish the software. If a Windows Installer package is not available, the
administrator can repackage the application (creating a .msi file) or create a .zap file,
a text file that can be executed by Windows 2000 Software Installation and
Maintenance. These .zap files have limitations: they can only be published; they will
not auto-repair software; they run the software's SETUP.EXE and often will require
users input, and finally, .zap files require user rights to install the software,
something users generally do not have on a Windows 2000 workstation. Repackaged
(.msi) files also do not support auto-repair and do not install features on-demand.
![Page 206: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/206.jpg)
Change & Configuration Management 191
37. How does a .zap file improve the deployment process for applications that have
native Windows Installer packages (.msi)?
A. The .zap file provides the unattended information for the installation of the
application.
B. The .zap file contains instructions on how to publish the application, and is used to
point to the .msi file.
C. It does not, but the .zap file contains instructions on how to publish the application,
which is then installed using the setup.exe for the application.
D. The .zap file contains the application program code compressed so that the installation
can proceed more quickly.
![Page 207: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/207.jpg)
192 Chapter 3
37. How does a .zap file improve the deployment process for applications that have
native Windows Installer packages (.msi)?
A. The .zap file provides the unattended information for the installation of the
application.
B. The .zap file contains instructions on how to publish the application, and is used
to point to the .msi file.
*C. It does not, but the .zap file contains instructions on how to publish the
application, which is then installed using the setup.exe for the application. D. The .zap file contains the application program code compressed so that the
installation can proceed more quickly.
Explanation: First the administrator needs to acquire the appropriate .msi file, then place
the file on a shared folder, create or modify a GPO, and finally configure the GPO to
specify whether the software is associated with users or computers and whether to
assign or publish the software. If a Windows Installer package is not available, the
administrator can repackage the application (creating a .msi file) or create a .zap file,
a text file that can be executed by Windows 2000 Software Installation and
Maintenance. These .zap files have limitations: they can only be published; they will
not auto-repair software; they run the software's SETUP.EXE and often will require
users input, and finally, .zap files require user rights to install the software,
something users generally do not have on a Windows 2000 workstation. Repackaged
(.msi) files also do not support auto-repair and do not install features on-demand.
![Page 208: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/208.jpg)
Change & Configuration Management 193
38. After you have acquired software and wish to deploy it using Windows 2000, what
are your next two steps? (Choose 2)
A. Install it on a source computer.
B. Copy the software to a distribution computer.
C. Create or edit an answer file for the deployment of the software.
D. Create or edit a Group Policy for the deployment of the software.
E. Create a CD-based image of the software for deployment.
![Page 209: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/209.jpg)
194 Chapter 3
38. After you have acquired software and wish to deploy it using Windows 2000, what
are your next two steps? (Choose 2)
A. Install it on a source computer.
*B. Copy the software to a distribution computer. C. Create or edit an answer file for the deployment of the software.
*D. Create or edit a Group Policy for the deployment of the software. E. Create a CD-based image of the software for deployment.
Explanation: The Deployment phase is centered around either assigning applications,
which will advertise the application on the user desktop, or publishing applications,
which will not advertise the application, but make the installation available through
Add/Remove Programs. First the administrator needs to acquire the appropriate .msi
file, then place or copy the file on a shared folder at a distribution point, create or
modify a GPO, and finally configure the GPO to specify whether the software is
associated with users or computers and whether to assign or publish the software. If
the use of the application is required, then you will assign the software to the
computers so that the software will automatically be installed upon startup. If the
software is published, it will show up on the desktop and be installed when the user
double-clicks on the icon. Publishing software can only be done through users, not
through computers, while assigning can be done through either.
![Page 210: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/210.jpg)
Change & Configuration Management 195
39. What are three options available during the configuration of deployment options in a
Group Policy? (Choose 3)
A. Deployment type
B. Auto installs this application by file extension activation
C. Auto-repair this application
D. Uninstall this application when GPO no longer applies to users or computers
E. Custom deployment
40. When configuring deployment options in a Group Policy, what are two choices that
may be presented to a user during the installation of an application using an .msi
file? (Choose 2)
A. Basic
B. Compact
C. Custom
D. Maximum
![Page 211: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/211.jpg)
196 Chapter 3
39. What are three options available during the configuration of deployment options in a
Group Policy? (Choose 3)
*A. Deployment type
*B. Auto installs this application by file extension activation C. Auto-repair this application
*D. Uninstall this application when GPO no longer applies to users or computers E. Custom deployment
Explanation: The Deployment phase is centered around either assigning applications,
which will advertise the application on the user desktop, or publishing applications,
which will not advertise the application, but make the installation available through
Add/Remove Programs. First the administrator needs to acquire the appropriate .msi
file, then place or copy the file on a shared folder at a distribution point, create or
modify a GPO, and finally configure the GPO to specify whether the software is
associated with users or computers and whether to assign or publish the software. In
the configuration of the GPO, the administrator has five options for deployment: to
specify the deployment type (assigned or published), auto install by file activation,
uninstall when GPO no longer applies to users or computers, do not display in
Add/Remove Programs, and setting the user interface options.
40. When configuring deployment options in a Group Policy, what are two choices that
may be presented to a user during the installation of an application using an .msi
file? (Choose 2)
*A. Basic B. Compact
C. Custom
*D. Maximum Explanation: In the configuration of the GPO, the administrator has five options for
deployment: to specify the deployment type (assigned or published), auto install by
file activation, uninstall when GPO no longer applies to users or computers, do not
display in Add/Remove Programs, and setting the user interface options. Installations
involving an .msi file may support a Basic or Maximize installation; otherwise the
user interface options are meaningless.
![Page 212: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/212.jpg)
Change & Configuration Management 197
41. In planning for the deployment of an application, you have learned that the vendor
does not have an .msi file, and the application cannot be repackaged. What is your
next alternative for deployment of this application using Group Policies?
A. Create a CD-based image.
B. Create a RIPrep image.
C. Create a .zap file.
D. Create a GPO boot disk.
42. What two parameters are required for the creation and use of a .zap file? (Choose 2)
A. [Ext]
B. FriendlyName
C. Publisher
D. SetupCommand
E. [Application]
![Page 213: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/213.jpg)
198 Chapter 3
41. In planning for the deployment of an application, you have learned that the vendor
does not have an .msi file, and the application cannot be repackaged. What is your
next alternative for deployment of this application using Group Policies?
A. Create a CD-based image.
B. Create a RIPrep image.
*C. Create a .zap file. D. Create a GPO boot disk.
Explanation: The administrator needs to acquire the appropriate .msi file, then place the
file on a shared folder, create or modify a GPO, and finally configure the GPO to
specify whether the software is associated with users or computers and whether to
assign or publish the software. If a Windows Installer package is not available, the
administrator can repackage the application (creating a .msi file) or create a .zap file,
a text file that can be executed by Windows 2000 Software Installation and
Maintenance. These .zap files have limitations: they can only be published; they will
not auto-repair software; they run the software's SETUP.EXE and often will require
users input, and finally, .zap files require user rights to install the software,
something users generally do not have on a Windows 2000 workstation. Repackaged
(.msi) files also do not support auto-repair and do not install features on-demand.
42. What two parameters are required for the creation and use of a .zap file? (Choose 2)
A. [Ext]
*B. FriendlyName C. Publisher
*D. SetupCommand E. [Application]
Explanation: If a Windows Installer package is not available, the administrator can
repackage the application (creating a .msi file) or create a .zap file, a text file that can
be executed by Windows 2000 Software Installation and Maintenance. A .zap file is
a text file and has two main sections: [Application] and [Ext]. The [Application]
section contains parameters FriendlyName, to specify a descriptive name,
SetupCommand, for the UNC path to the setup.exe for installation, DisplayVersion,
for the application version number, Publisher, to specify the vendor and URL to
specify the vendor website location.
![Page 214: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/214.jpg)
Change & Configuration Management 199
43. What can you create to make the published applications that appear in Add/Remove
Programs easier to locate?
A. .zap files
B. Categories
C. Program groups
D. .msi files
44. What are three tasks that can be automated through Group Policies to make
application deployment easier? (Choose 3)
A. Application upgrades
B. Service pack deployment
C. Menu customization
D. Software removal
![Page 215: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/215.jpg)
200 Chapter 3
43. What can you create to make the published applications that appear in Add/Remove
Programs easier to locate?
A. .zap files
*B. Categories C. Program groups
D. .msi files
Explanation: The administrator needs to acquire the appropriate .msi file, then place the
file on a shared folder, create or modify a GPO, and finally configure the GPO to
specify whether the software is associated with users or computers and whether to
assign or publish the software. If the administrator decides to publish the application
(and they will then appear in Add/Remove Programs), then these applications can be
further organized by logically grouping them in Add/Remove Programs into
categories.
44. What are three tasks that can be automated through Group Policies to make
application deployment easier? (Choose 3)
*A. Application upgrades
*B. Service pack deployment C. Menu customization
*D. Software removal Explanation: Maintaining and removing software involves the delivery of service packs
for applications, upgrades, and the eventual removal of the application. Upgrades can
be deployed as optional or mandatory. Mandatory upgrades are used to discontinue
the use of a previous version of software and force all users to the new version. This
is done in the GPO for the new software, specifying the original version and
checking Required Upgrade for Existing Packages. The next time the users launches
the original software, the upgrade will proceed. Optional upgrades follow the same
process, however, the administrator will clears the Required Upgrade for Existing
Packages box.
![Page 216: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/216.jpg)
Change & Configuration Management 201
45. What are the two types of automatic upgrades available in Group Policy deployment?
(Choose 2)
A. Automatic
B. Mandatory
C. Custom
D. Optional
46. What two tasks must you perform to deploy a service pack or software update?
(Choose 2)
A. Place the service pack or software update in the same folder as the original .msi file
and also place an updated .msi or an .msp file for deployment.
B. Place the service pack or software update in the same folder as the original .msi file
and create a .zap file for deployment.
C. In the GPO that originally deployed the application, click Redeploy Application.
D. In the GPO that was originally used for deployment, click Service Pack or Software
Update.
![Page 217: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/217.jpg)
202 Chapter 3
45. What are the two types of automatic upgrades available in Group Policy deployment?
(Choose 2)
A. Automatic
*B. Mandatory C. Custom
*D. Optional Explanation: Maintaining and removing software involves the delivery of service packs
for applications, upgrades, and the eventual removal of the application. Upgrades can
be deployed as optional or mandatory. Mandatory upgrades are used to discontinue
the use of a previous version of software and force all users to the new version. This
is done in the GPO for the new software, specifying the original version and
checking Required Upgrade for Existing Packages. The next time the users launches
the original software, the upgrade will proceed. Optional upgrades follow the same
process, however, the administrator needs to clear the Required Upgrade for Existing
Packages box.
46. What two tasks must you perform to deploy a service pack or software update?
(Choose 2)
*A. Place the service pack or software update in the same folder as the original .msi
file and also place an updated .msi or an .msp file for deployment. B. Place the service pack or software update in the same folder as the original .msi
file and create a .zap file for deployment.
*C. In the GPO that originally deployed the application, click Redeploy Application. D. In the GPO that was originally used for deployment, click Service Pack or
Software Update.
Explanation: Maintaining and removing software involves the delivery of service packs
for applications, upgrades, and the eventual removal of the application. The
deployment of service packs requires the administrator to acquire not only the
service pack, but also the new .msi or .msp file. These must be placed in the same
folder as the original .msi file, and then the original GPO must be modified to
Redeploy Application.
![Page 218: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/218.jpg)
Change & Configuration Management 203
47. What are the two software removal options in software deployment using Group
Policy? (Choose 2)
A. Automatic
B. Forced
C. Custom
D. Optional
48. What are three strategies for assigning or publishing software? (Choose 3)
A. Assign the application to users
B. Publish the application to users
C. Assign the application to computers
D. Publish the application to computers
![Page 219: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/219.jpg)
204 Chapter 3
47. What are the two software removal options in software deployment using Group
Policy? (Choose 2)
A. Automatic
*B. Forced C. Custom
*D. Optional Explanation: Maintaining and removing software involves the delivery of service packs
for applications, upgrades, and the eventual removal of the application. Software
removal allows for a forced or optional removal. With forced, the software is
automatically deleted, either the next time the user logs on or the next time the
computer is turned on (depending on whether the application was assigned to the
user or the computer). In optional removal, any new users or computers simply
cannot install the application. It is not automatically removed, and cannot be
reinstalled if it is manually removed.
48. What are three strategies for assigning or publishing software? (Choose 3)
*A. Assign the application to users
*B. Publish the application to users
*C. Assign the application to computers D. Publish the application to computers
Explanation: Deployment is centered on either assigning or publishing applications.
Assigning applications to users will advertise the application on the user Start menu,
while assigning applications to computers will cause the application install to start
immediately upon computer startup. Publishing applications to can only be done to
users and will not advertise the application but make the installation available
through Add/Remove Programs. If the use of the application is required, then you
will assign the software to the computers so that the software will automatically be
installed upon startup. If the software is published, it will show up on the desktop
and be installed when the user double-clicks on the icon.
![Page 220: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/220.jpg)
Change & Configuration Management 205
49. You want an application to always appear on a user's Start menu. What strategy will
you use to accomplish this?
A. Assign the application to users
B. Assign the application to computers
C. Publish the application to users
D. Publish the application to computers
50. You do not want users to be able to remove an application from their computers.
What strategy will you use to accomplish this?
A. Assign the application to users
B. Assign the application to computers
C. Publish the application to users
D. Publish the application to computers
![Page 221: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/221.jpg)
206 Chapter 3
49. You want an application to always appear on a user's Start menu. What strategy will
you use to accomplish this?
*A. Assign the application to users B. Assign the application to computers
C. Publish the application to users
D. Publish the application to computers
Explanation: Deployment is centered on either assigning or publishing applications.
Assigning applications to users will advertise the application on the user Start menu,
while assigning applications to computers will cause the application install to start
immediately upon computer startup. Publishing applications to can only be done to
users and will not advertise the application but make the installation available
through Add/Remove Programs. If the use of the application is required, then you
will assign the software to the computers so that the software will automatically be
installed upon startup. If the software is published, it will show up on the desktop
and be installed when the user double-clicks on the icon.
50. You do not want users to be able to remove an application from their computers.
What strategy will you use to accomplish this?
A. Assign the application to users
*B. Assign the application to computers C. Publish the application to users
D. Publish the application to computers
Explanation: Deployment is centered on either assigning or publishing applications.
Assigning applications to users will advertise the application on the user Start menu,
while assigning applications to computers will cause the application install to start
immediately upon computer startup. Publishing applications to can only be done to
users and will not advertise the application but make the installation available
through Add/Remove Programs. If the use of the application is required, then you
will assign the software to the computers so that the software will automatically be
installed upon startup. If the software is published, it will show up on the desktop
and be installed when the user double-clicks on the icon.
![Page 222: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/222.jpg)
Change & Configuration Management 207
51. What are two strategies for applying software deployment policies in Active
Directory? (Choose 2)
A. Create OUs based on software needs
B. Deploy software in the lowest level OUs
C. Create OUs based on location
D. Deploy software high in the Active Directory tree
52. What are three recommendations for optimizing the software deployment process?
(Choose 3)
A. Use domain controllers for software distribution.
B. Assign applications to users rather than to computers.
C. Use member servers for software distribution.
D. Use DFS for software deployment.
E. Assign applications to computers rather than to users.
![Page 223: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/223.jpg)
208 Chapter 3
51. What are two strategies for applying software deployment policies in Active
Directory? (Choose 2)
*A. Create OUs based on software needs B. Deploy software in the lowest level OUs
C. Create OUs based on location
*D. Deploy software high in the Active Directory tree Explanation: Microsoft recommends four strategies for deploying applications through
policies in Active Directory: create OUs based on software needs for targeted
applications, deploy software high in the AD tree for organizational-wide
applications, deploy one application for each GPO for more flexibility in maintaining
applications, or deploying multiple applications with a single GPO to reduce
administrative overhead.
52. What are three recommendations for optimizing the software deployment process?
(Choose 3)
A. Use domain controllers for software distribution.
*B. Assign applications to users rather than to computers.
*C. Use member servers for software distribution.
*D. Use DFS for software deployment. E. Assign applications to computers rather than to users.
Explanation: To optimize the performance of the actual deployment process,
administrators can use member servers as distribution points so that domain
controllers will not be burdened by the additional load, assign applications to users
rather than computers so that they will not be automatically installed when the
computer starts up, and use DFS (Distributed File System) to load balance the
software distribution.
![Page 224: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/224.jpg)
Change & Configuration Management 209
53. What are two strategies for deploying software across slow network links? (Choose 2)
A. Disable software installation across slow links
B. Modify slow link detection for Group Policy
C. In Deployment Properties check the Auto-install this application by file extension
activation button.
D. Modify deployment options to prevent published software installation across slow
links.
54. What do you check when users cannot find an assigned application on their Start
menu or in Add/Remove Programs?
A. Verify that the user has logged on to the computer.
B. Verify that the users have access to the software distribution computer.
C. Make sure the appropriate .msi file is located in the application folder.
D. Verify that you deployed the application by using a UNC path rather than a local path.
E. Check for a lower-level GPO within its Block Policy Inheritance option set.
![Page 225: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/225.jpg)
210 Chapter 3
53. What are two strategies for deploying software across slow network links? (Choose 2)
A. Disable software installation across slow links
*B. Modify slow link detection for Group Policy C. In Deployment Properties check the Auto-install this application by file extension
activation button.
*D. Modify deployment options to prevent published software installation across
slow links. Explanation: Software deployment across slow WAN links can be especially
troublesome. Try opening the Default Domain Policy GPPO and resetting the slow
link detection threshold (by default 500 Kbps). Administrators need to be aware that
policies are disable across slow links by default, and must be allowed to enable
installation at remote locations. Lastly, published applications can still be installed at
remote locations through Add/Remove Programs, unless the administrator sets the
application to not display in Add/Remove Programs and clears the Auto-install by
file extension activation box.
54. What do you check when users cannot find an assigned application on their Start
menu or in Add/Remove Programs?
A. Verify that the user has logged on to the computer.
B. Verify that the users have access to the software distribution computer.
C. Make sure the appropriate .msi file is located in the application folder.
D. Verify that you deployed the application by using a UNC path rather than a local
path.
*E. Check for a lower-level GPO within its Block Policy Inheritance option set. Explanation: Deployment is centered on either assigning or publishing applications.
Assigning applications to users will advertise the application on the user Start menu,
while assigning applications to computers will cause the application install to start
immediately upon computer startup. Publishing applications to can only be done to
users and will not advertise the application but make the installation available
through Add/Remove Programs. If the use of the application is required, then you
will assign the software to the computers so that the software will automatically be
installed upon startup. If the software is published, it will show up on the desktop
and be installed when the user double-clicks on the icon. If an application does not
appear in Add/Remove Programs, then the administrator should check to see if a
lower-level GPO has Block Policy Inheritance set.
![Page 226: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/226.jpg)
Change & Configuration Management 211
55. What do you check when users cannot install an application that you either assigned
or published to users?
A. Verify that the user has logged on to the computer.
B. Verify that the users have access to the software distribution computer.
C. Make sure the appropriate .msi file is located in the application folder.
D. Verify that you deployed the application by using a UNC path rather than a local path.
E. Check for a lower-level GPO within its Block Policy Inheritance option set.
![Page 227: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/227.jpg)
212 Chapter 3
55. What do you check when users cannot install an application that you either assigned
or published to users?
A. Verify that the user has logged on to the computer.
*B. Verify that the users have access to the software distribution computer. C. Make sure the appropriate .msi file is located in the application folder.
D. Verify that you deployed the application by using a UNC path rather than a local
path.
E. Check for a lower-level GPO within its Block Policy Inheritance option set.
Explanation: Deployment is centered on either assigning or publishing applications.
Assigning applications to users will advertise the application on the user Start menu,
while assigning applications to computers will cause the application install to start
immediately upon computer startup. Publishing applications to can only be done to
users and will not advertise the application but make the installation available
through Add/Remove Programs. If the use of the application is required, then you
will assign the software to the computers so that the software will automatically be
installed upon startup. If the software is published, it will show up on the desktop
and be installed when the user double-clicks on the icon. If users can see the
application, but cannot install it, then check their permissions to the distribution
point.
![Page 228: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/228.jpg)
Change & Configuration Management 213
56. What do you check when Windows Installer cannot locate a package when users
attempt to install an application?
A. Verify that the user has logged on to the computer.
B. Verify that the users have access to the software distribution computer.
C. Make sure the appropriate .msi file is located in the application folder.
D. Verify that you deployed the application by using a UNC path rather than a local path.
E. Check for a lower-level GPO within its Block Policy Inheritance option set.
![Page 229: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/229.jpg)
214 Chapter 3
56. What do you check when Windows Installer cannot locate a package when users
attempt to install an application?
A. Verify that the user has logged on to the computer.
B. Verify that the users have access to the software distribution computer.
C. Make sure the appropriate .msi file is located in the application folder.
*D. Verify that you deployed the application by using a UNC path rather than a
local path. E. Check for a lower-level GPO within its Block Policy Inheritance option set.
Explanation: Deployment is centered on either assigning or publishing applications.
Assigning applications to users will advertise the application on the user Start menu,
while assigning applications to computers will cause the application install to start
immediately upon computer startup. Publishing applications to can only be done to
users and will not advertise the application but make the installation available
through Add/Remove Programs. If the use of the application is required, then you
will assign the software to the computers so that the software will automatically be
installed upon startup. If the software is published, it will show up on the desktop
and be installed when the user double-clicks on the icon. If Windows Installer cannot
locate the application package when users attempt to install, then check to see if you
set the path to the .msi file using a local path or UNC (correct way!).
![Page 230: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/230.jpg)
Change & Configuration Management 215
57. What are the two main uses for Administrative Templates? (Choose 2)
A. They define the rights and permissions that Administrators have in the appropriate
OU.
B. They define the user interface for the GPO console.
C. They determine the registry modifications that may be applied to anyone who uses the
template.
D. They can be used to create Administrative accounts with the same properties?
![Page 231: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/231.jpg)
216 Chapter 3
57. What are the two main uses for Administrative Templates? (Choose 2)
A. They define the rights and permissions that Administrators have in the
appropriate OU.
*B. They define the user interface for the GPO console.
*C. They determine the registry modifications that may be applied to anyone who
uses the template. D. They can be used to create Administrative accounts with the same properties?
Explanation: Administrative Templates define the user interface for the Group Policy
console and also determine registry modifications that can be made whenever the
template is used. Each time a GPO is created, two default templates are added:
System.adm and Inetrs.adm. Rather than creating custom templates, administrators
should modify the System.adm and add their custom settings. Otherwise, a separate
custom template has to be added to each GPO separately as needed. Templates
written for Windows 2000 applications use Group Policy settings, which write to
either \Software\Policies or \Software\Microsoft\Windows\Current\Version\Policies,
and are automatically removed if the GPO is deleted or unlinked. Users cannot
override these Group Policy settings. For applications that are not written for
Windows 2000, the administrator will configure Administrative Templates using
preferences. Preferences write to the registry anywhere but the two locations above.
These registry modifications remain even if the GPO is unlinked or deleted and may
be modified by the users.
![Page 232: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/232.jpg)
Change & Configuration Management 217
58. What are two differences between Group Policy settings and preferences? (Choose 2)
A. Settings create registry entries that users can modify, while preferences create entries
that cannot be modified.
B. Preferences create registry entries that users can modify, while settings create entries
that cannot be modified.
C. Settings write to \Software\Policies or
\Software\Microsoft\Windows\Current\Version\Policies while preferences write to
any registry key but these.
D. Preferences write to \Software\Policies or
\Software\Microsoft\Windows\Current\Version\Policies while settings write to any
registry key but these.
![Page 233: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/233.jpg)
218 Chapter 3
58. What are two differences between Group Policy settings and preferences? (Choose 2)
A. Settings create registry entries that users can modify, while preferences create
entries that cannot be modified.
*B. Preferences create registry entries that users can modify, while settings create
entries that cannot be modified.
*C. Settings write to \Software\Policies or
\Software\Microsoft\Windows\Current\Version\Policies while preferences write
to any registry key but these. D. Preferences write to \Software\Policies or
\Software\Microsoft\Windows\Current\Version\Policies while settings write to
any registry key but these.
Explanation: Administrative Templates define the user interface for the Group Policy
console and also determine registry modifications that can be made whenever the
template is used. Each time a GPO is created, two default templates are added:
System.adm and Inetrs.adm. Rather than creating custom templates, administrators
should modify the System.adm and add their custom settings. Otherwise, a separate
custom template has to be added to each GPO separately as needed. Templates
written for Windows 2000 applications use Group Policy settings, which write to
either \Software\Policies or \Software\Microsoft\Windows\Current\Version\Policies,
and are automatically removed if the GPO is deleted or unlinked. Users cannot
override these Group Policy settings. For applications that are not written for
Windows 2000, the administrator will configure Administrative Templates using
preferences. Preferences write to the registry anywhere but the two locations above.
These registry modifications remain even if the GPO is unlinked or deleted and may
be modified by the users.
![Page 234: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/234.jpg)
Change & Configuration Management 219
59. What three things are required elements in Administrative Templates? (Choose 3)
A. Tags
B. Properties
C. Values
D. Settings
E. Controls
![Page 235: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/235.jpg)
220 Chapter 3
59. What three things are required elements in Administrative Templates? (Choose 3)
*A. Tags B. Properties
*C. Values D. Settings
*E. Controls Explanation: Administrative Templates define the user interface for the Group Policy
console and also determine registry modifications that can be made whenever the
template is used. Each time a GPO is created, two default templates are added:
System.adm and Inetrs.adm. Rather than creating custom templates, administrators
should modify the System.adm and add their custom settings. Otherwise, a separate
custom template has to be added to each GPO separately as needed. Templates are
text files made up of Tags, Values and Controls. Tags provide and action or
command name, Values are variables that might appear in the user interface or might
be written to the registry, and Controls define user interface elements manipulated
within the Group Policy. The required Tags in creating an Administrative Template
are CLASS, which specifies which root key and has two Tags: CLASS USER for
HKEY_CURRENT_USER and CLASS MACHINE for
HKEY_LOCAL_MACHINE; CATEGORY, for naming registry-based policies that
are not the default policies; POLICY, KEYNAME, PART and VALUENAME.
Within controls, the most significant entry is specifying a CHECKBOX control
under PART. This defines a graphical toggle for enabling or disabling a policy-based
registry setting. Similar to the check box in the old System Policy Editor, this allows
the administrator to create checkboxes for controlling settings. Other important
control elements include EDITTEXT, COMBOBOX, DROPDOWNLIST,
NUMERIC and LISTBOX.
![Page 236: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/236.jpg)
Change & Configuration Management 221
60. What are three elements in Administrative Templates that can provide interface
elements (controls) that can be manipulated in Group Policy? (Choose 3)
A. CHECKBOX
B. CLASS
C. EDITTEXT
D. CATEGORY
E. NUMERIC
![Page 237: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/237.jpg)
222 Chapter 3
60. What are three elements in Administrative Templates that can provide interface
elements (controls) that can be manipulated in Group Policy? (Choose 3)
*A. CHECKBOX B. CLASS
*C. EDITTEXT D. CATEGORY
*E. NUMERIC Explanation: Administrative Templates define the user interface for the Group Policy
console and also determine registry modifications that can be made whenever the
template is used. Each time a GPO is created, two default templates are added:
System.adm and Inetrs.adm. Rather than creating custom templates, administrators
should modify the System.adm and add their custom settings. Otherwise, a separate
custom template has to be added to each GPO separately as needed. Templates are
text files made up of Tags, Values and Controls. Tags provide and action or
command name, Values are variables that might appear in the user interface or might
be written to the registry, and Controls define user interface elements manipulated
within the Group Policy. The required Tags in creating an Administrative Template
are CLASS, which specifies which root key and has two Tags: CLASS USER for
HKEY_CURRENT_USER and CLASS MACHINE for
HKEY_LOCAL_MACHINE; CATEGORY, for naming registry-based policies that
are not the default policies; POLICY, KEYNAME, PART and VALUENAME.
Within controls, the most significant entry is specifying a CHECKBOX control
under PART. This defines a graphical toggle for enabling or disabling a policy-based
registry setting. Similar to the check box in the old System Policy Editor, this allows
the administrator to create checkboxes for controlling settings. Other important
control elements include EDITTEXT, COMBOBOX, DROPDOWNLIST,
NUMERIC and LISTBOX.
![Page 238: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/238.jpg)
Change & Configuration Management 223
61. What control is the recommended control for most policies when configuring
Administrative Templates?
A. CHECKBOX
B. EDITTEXT
C. COMBOBOX
D. DROPDOWNLIST
![Page 239: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/239.jpg)
224 Chapter 3
61. What control is the recommended control for most policies when configuring
Administrative Templates?
*A. CHECKBOX B. EDITTEXT
C. COMBOBOX
D. DROPDOWNLIST
Explanation: Administrative Templates define the user interface for the Group Policy
console and also determine registry modifications that can be made whenever the
template is used. Each time a GPO is created, two default templates are added:
System.adm and Inetrs.adm. Rather than creating custom templates, administrators
should modify the System.adm and add their custom settings. Otherwise, a separate
custom template has to be added to each GPO separately as needed. Templates are
text files made up of Tags, Values and Controls. Tags provide and action or
command name, Values are variables that might appear in the user interface or might
be written to the registry, and Controls define user interface elements manipulated
within the Group Policy. The required Tags in creating an Administrative Template
are CLASS, which specifies which root key and has two Tags: CLASS USER for
HKEY_CURRENT_USER and CLASS MACHINE for
HKEY_LOCAL_MACHINE; CATEGORY, for naming registry-based policies that
are not the default policies; POLICY, KEYNAME, PART and VALUENAME.
Within controls, the most significant entry is specifying a CHECKBOX control
under PART. This defines a graphical toggle for enabling or disabling a policy-based
registry setting. Similar to the check box in the old System Policy Editor, this allows
the administrator to create checkboxes for controlling settings. Other important
control elements include EDITTEXT, COMBOBOX, DROPDOWNLIST,
NUMERIC and LISTBOX.
![Page 240: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/240.jpg)
Change & Configuration Management 225
62. What character(s) indicate the use of a variable in an Administrative Template string?
A. %
B. *
C. !!
D. %string%
![Page 241: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/241.jpg)
226 Chapter 3
62. What character(s) indicate the use of a variable in an Administrative Template string?
A. %
B. *
*C. !! D. %string%
Explanation: Administrative Templates define the user interface for the Group Policy
console and also determine registry modifications that can be made whenever the
template is used. Each time a GPO is created, two default templates are added:
System.adm and Inetrs.adm. Rather than creating custom templates, administrators
should modify the System.adm and add their custom settings. Otherwise, a separate
custom template has to be added to each GPO separately as needed. Templates are
text files made up of Tags, Values and Controls. Tags provide and action or
command name, values are variables that might appear in the user interface or might
be written to the registry, and controls define user interface elements manipulated
within the Group Policy. Strings are used to define variables used within the body of
the template and can be modified for templates that will be converted to other
languages (French, German, etc). Variables are indicated in the body of a template
by preceding the string with !!.
![Page 242: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/242.jpg)
Change & Configuration Management 227
63. What are the two default Administrative Templates that are added to every GPO as it
is created? (Choose 2)
A. System.adm
B. Default.adm
C. Inetres.adm
D. Policy.adm
![Page 243: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/243.jpg)
228 Chapter 3
63. What are the two default Administrative Templates that are added to every GPO as it
is created? (Choose 2)
*A. System.adm B. Default.adm
*C. Inetres.adm D. Policy.adm
Explanation: Administrative Templates define the user interface for the Group Policy
console and also determine registry modifications that can be made whenever the
template is used. Each time a GPO is created, two default templates are added:
System.adm and Inetrs.adm. Rather than creating custom templates, administrators
should modify the System.adm and add their custom settings. Otherwise, a separate
custom template has to be added to each GPO separately as needed. Templates are
text files made up of Tags, Values and Controls. Tags provide and action or
command name, values are variables that might appear in the user interface or might
be written to the registry, and controls define user interface elements manipulated
within the Group Policy. Strings are used to define variables used within the body of
the template and can be modified for templates that will be converted to other
languages (French, German, etc). Variables are indicated in the body of a template
by preceding the string with !!.
![Page 244: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/244.jpg)
Change & Configuration Management 229
64. You are the administrator of a small Windows 2000 domain that consists of 4
member servers and two domain controllers in one domain named Wazzoo.com. The
company has 45 users and is growing quickly. You would like to provide the 45
users with access to an inventory database on one of the Windows 2000 member
servers. What is the best way to grant all users access to the database?
A. Create a domain local group and add the Domain Users global group to the domain
local group. Grant the domain local group read and write permission to the database.
B. Create a local group on the member server and add the Domain Users global group to
the local group. Grant the local group read and write permission to the database.
C. Grant read and write permission to the Domain Users global group for the database.
D. Create a global security group called dbusers and add the Domain Users global group
to the dbusers group. Create a domain local group called database and add the
dbusers global group as a member. Grant the dbusers group read and write
permission to the database.
65. What are three security settings available in Group Policy to ensure network security?
(Choose 3)
A. Account Policies
B. Event Log
C. Application Data
D. Registry
![Page 245: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/245.jpg)
230 Chapter 3
64. You are the administrator of a small Windows 2000 domain that consists of 4
member servers and two domain controllers in one domain named Wazzoo.com. The
company has 45 users and is growing quickly. You would like to provide the 45
users with access to an inventory database on one of the Windows 2000 member
servers. What is the best way to grant all users access to the database?
*A. Create a domain local group and add the Domain Users global group to the
domain local group. Grant the domain local group read and write permission to
the database. B. Create a local group on the member server and add the Domain Users global
group to the local group. Grant the local group read and write permission to the
database.
C. Grant read and write permission to the Domain Users global group for the
database.
D. Create a global security group called dbusers and add the Domain Users global
group to the dbusers group. Create a domain local group called database and add
the dbusers global group as a member. Grant the dbusers group read and write
permission to the database.
Explanation: Domain local groups are designed to be used to assign permissions to
resources. Global groups should contain users and should be added to domain local
groups to grant their members access to resources based on local group
memberships.
65. What are three security settings available in Group Policy to ensure network security?
(Choose 3)
*A. Account Policies
*B. Event Log C. Application Data
*D. Registry Explanation: The Group Policy allows you to apply configurations to computer and user
accounts across your network, specifying settings through five extensions:
Administrative Templates, Security, Software Installation, Scripts and Folder
Redirection. The Security settings extension allows the administrator to configure
settings in the areas of Account policies, which can include password policies,
account lockout policies and Kerberos v5 policies, Local Policies, for computers and
mostly concerned with auditing policies, user rights etc, Event Log, specifying the
parameters for the logs, Restricted Group, allowing the management of built-in
groups and registry settings.
![Page 246: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/246.jpg)
Change & Configuration Management 231
Note: The remaining questions in this chapter cover two pages each.
![Page 247: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/247.jpg)
232 Chapter 3
66. Role:
You are the administrator of the mcsejobs.net Windows 2000 network.
Company:
Mcsejobs.net has been growing at an annual rate of 45% and anticipates sustained growth
for the next five years. The company's original focus was as a Web portal that
provided links to jobs for MCSEs on the Internet. It quickly grew into much more,
offering job seekers valuable information about the Windows 2000 operating system.
Network:
The network consists of one domain tree called mcsejobs.net and two child domains
named America and Europe. Administration of the domains is centralized and
located in the company's head office in Toronto, Canada. The company has offices in
New York City, San Francisco, London, and Vienna. The mcsejobs.net domain is an
empty root domain with only the default users and groups including the Enterprise
and Schema Admins.
The America domain contains all the companies North American users and groups and
the Europe domain contains all the European users and groups. Each office has a
RAS server named after the city it is located in. The servers' names are NYRAS,
SFRAS, LNRAS, VARAS, and TORAS. The mcsejobs.net domain has three domain
controllers, one located in Toronto, one located in San Francisco, and one in New
York City. The America domain has two domain controllers, one located in New
York and the other in San Francisco. The Europe domain has two domain controllers
as well, with one located in London and the other in Vienna. Both the American and
the European offices contain the following departments; Sales, Product Support,
Marketing, Human Resources, and Accounting.
Connectivity:
Each office has a 128Kbps connection to the Internet and a connection to the head office
via a VPN. Each office is located in its own site.
![Page 248: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/248.jpg)
Change & Configuration Management 233
You are responsible for creating a group policy that establishes password and account
policy settings to employees of mcsejobs.net. You need to ensure that the group
policies are always available to users when they are logging on. Where would you
create and place the group policy that contains the password and account policy
settings?
A. Create one group policy in the mcsejobs.net domain.
B. Create one group policy for each domain with the same settings.
C. Create one group policy in the mcsejobs.net domain and create links from each
child domain to the parent domain.
D. Create one group policy in the mcsejobs.net domain and enable the No Override
option.
E. Create one group policy with the same settings in both the America and Europe
domains.
![Page 249: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/249.jpg)
234 Chapter 3
66. Role:
You are the administrator of the mcsejobs.net Windows 2000 network.
Company:
Mcsejobs.net has been growing at an annual rate of 45% and anticipates sustained growth
for the next five years. The company's original focus was as a Web portal that
provided links to jobs for MCSEs on the Internet. It quickly grew into much more,
offering job seekers valuable information about the Windows 2000 operating system.
Network:
The network consists of one domain tree called mcsejobs.net and two child domains
named America and Europe. Administration of the domains is centralized and
located in the company's head office in Toronto, Canada. The company has offices in
New York City, San Francisco, London, and Vienna. The mcsejobs.net domain is an
empty root domain with only the default users and groups including the Enterprise
and Schema Admins.
The America domain contains all the companies North American users and groups and
the Europe domain contains all the European users and groups. Each office has a
RAS server named after the city it is located in. The servers' names are NYRAS,
SFRAS, LNRAS, VARAS, and TORAS. The mcsejobs.net domain has three domain
controllers, one located in Toronto, one located in San Francisco, and one in New
York City. The America domain has two domain controllers, one located in New
York and the other in San Francisco. The Europe domain has two domain controllers
as well, with one located in London and the other in Vienna. Both the American and
the European offices contain the following departments; Sales, Product Support,
Marketing, Human Resources, and Accounting.
Connectivity:
Each office has a 128Kbps connection to the Internet and a connection to the head office
via a VPN. Each office is located in its own site.
![Page 250: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/250.jpg)
Change & Configuration Management 235
You are responsible for creating a group policy that establishes password and account
policy settings to employees of mcsejobs.net. You need to ensure that the group
policies are always available to users when they are logging on. Where would you
create and place the group policy that contains the password and account policy
settings?
A. Create one group policy in the mcsejobs.net domain.
B. Create one group policy for each domain with the same settings.
C. Create one group policy in the mcsejobs.net domain and create links from each
child domain to the parent domain.
D. Create one group policy in the mcsejobs.net domain and enable the No Override
option.
*E. Create one group policy with the same settings in both the America and Europe
domains. Explanation: Creating one group policy with the same settings in both America and
Europe would achieve the required results and allow all users to receive the security
settings. Creating one group policy for each domain with the same settings would
allow the all users in each domain to receive the policy but because there are no
users other than those created by default in the mcsejobs.net domain there is no need
to place a policy there. Creating a single group policy in the mcsejobs.net domain
would not configure any users with the security settings because no users exist in
that domain. The no override option would not have an effect in the mcsejobs.net
domain because no users exist there.
![Page 251: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/251.jpg)
236 Chapter 3
67. Role:
You are the administrator of the mcsejobs.net Windows 2000 network.
Company:
Mcsejobs.net has been growing at an annual rate of 45% and anticipates sustained growth
for the next five years. The company's original focus was as a web portal that
provided links to jobs for MCSEs on the Internet. It quickly grew into much more,
offering job seekers valuable information about the Windows 2000 operating system.
Network:
The network consists of one domain tree called mcsejobs.net and two child domains
named America and Europe. Administration of the domains is centralized and
located in the company's head office in Toronto, Canada. The company has offices in
New York City, San Francisco, London, and Vienna. The mcsejobs.net domain is an
empty root domain with only the default users and groups including the Enterprise
and Schema Admins.
The America domain contains all the companies North American users and groups and
the Europe domain contains all the European users and groups. Each office has a
RAS server named after the city it is located in. The servers' names are NYRAS,
SFRAS, LNRAS, VARAS, and TORAS. The mcsejobs.net domain has three domain
controllers, one located in Toronto, one located in San Francisco, and one in New
York City. The America domain has two domain controllers, one located in New
York and the other in San Francisco. The Europe domain has two domain controllers
as well, with one located in London and the other in Vienna. Both the American and
the European offices contain the following departments; Sales, Product Support,
Marketing, Human Resources, and Accounting.
Connectivity:
Each office has a 128Kbps connection to the Internet and a connection to the head office
via a VPN. Each office is located in its own site.
![Page 252: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/252.jpg)
Change & Configuration Management 237
You are also responsible for establishing a group policy whose settings restrict the
Europe domain's sales group from having the Run command on the Start menu. How
would you accomplish this?
A. Create a group policy at the Europe domain level and configure the settings to restrict
the Run command from appearing on the Start menu. Change the permissions of the
group policy by adding the Sales group and granting them the Read and Apply group
policy permission. Remove the Authenticated Users group from the permission list.
B. Create a group policy at the Europe domain controllers OU level and configure the
settings to restrict the Run command from appearing on the Start menu. Change the
permissions of the group policy by adding the Sales group and granting them the
Read and Apply group policy permission. Remove the Authenticated Users group
from the permission list.
C. Create a group policy at the Europe domain level and configure the settings to restrict
the Run command from appearing on the Start menu. Change the permissions of the
group policy by adding the Sales group and granting them the Read and Apply group
policy permission. Change the permissions on the Authenticated Users group to
Deny Read permission.
D. Create a group policy at the Europe domain controllers OU level and configure the
settings to restrict the Run command from appearing on the Start menu. Change the
permissions of the group policy by adding the Sales group and granting them the
Read and Apply group policy permission. Change the permissions on the
Authenticated Users group to Deny Read permission.
![Page 253: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/253.jpg)
238 Chapter 3
67. Role:
You are the administrator of the mcsejobs.net Windows 2000 network.
Company:
Mcsejobs.net has been growing at an annual rate of 45% and anticipates sustained growth
for the next five years. The company's original focus was as a web portal that
provided links to jobs for MCSEs on the Internet. It quickly grew into much more,
offering job seekers valuable information about the Windows 2000 operating system.
Network:
The network consists of one domain tree called mcsejobs.net and two child domains
named America and Europe. Administration of the domains is centralized and
located in the company's head office in Toronto, Canada. The company has offices in
New York City, San Francisco, London, and Vienna. The mcsejobs.net domain is an
empty root domain with only the default users and groups including the Enterprise
and Schema Admins.
The America domain contains all the companies North American users and groups and
the Europe domain contains all the European users and groups. Each office has a
RAS server named after the city it is located in. The servers' names are NYRAS,
SFRAS, LNRAS, VARAS, and TORAS. The mcsejobs.net domain has three domain
controllers, one located in Toronto, one located in San Francisco, and one in New
York City. The America domain has two domain controllers, one located in New
York and the other in San Francisco. The Europe domain has two domain controllers
as well, with one located in London and the other in Vienna. Both the American and
the European offices contain the following departments; Sales, Product Support,
Marketing, Human Resources, and Accounting.
Connectivity:
Each office has a 128Kbps connection to the Internet and a connection to the head office
via a VPN. Each office is located in its own site.
![Page 254: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/254.jpg)
Change & Configuration Management 239
You are also responsible for establishing a group policy whose settings restrict the
Europe domain's sales group from having the Run command on the Start menu. How
would you accomplish this?
*A. Create a group policy at the Europe domain level and configure the settings to
restrict the Run command from appearing on the Start menu. Change the
permissions of the group policy by adding the Sales group and granting them
the Read and Apply group policy permission. Remove the Authenticated Users
group from the permission list. B. Create a group policy at the Europe domain controllers OU level and configure
the settings to restrict the Run command from appearing on the Start menu.
Change the permissions of the group policy by adding the Sales group and
granting them the Read and Apply group policy permission. Remove the
Authenticated Users group from the permission list.
C. Create a group policy at the Europe domain level and configure the settings to
restrict the Run command from appearing on the Start menu. Change the
permissions of the group policy by adding the Sales group and granting them the
Read and Apply group policy permission. Change the permissions on the
Authenticated Users group to Deny Read permission.
D. Create a group policy at the Europe domain controllers OU level and configure
the settings to restrict the Run command from appearing on the Start menu.
Change the permissions of the group policy by adding the Sales group and
granting them the Read and Apply group policy permission. Change the
permissions on the Authenticated Users group to Deny Read permission.
Explanation: For the group policy settings to only restrict the European sales group, the
group policy must be set at the European domain as that is the domain the Sales
users log on to. The policy must then be filtered so that it applies only to the Sales
group and not all authenticated users. To accomplish this you should add the Sales
group to the permission list and grant them both Read and Apply group policy
permission and remove the authenticated users group from the permission list.
Denying the authenticated users group read permission would result in the Sales
group not having read permission either and therefore not inherit the group policy
settings. Applying the group policy at the domain controllers OU level would not
result in the Sales group receiving the group policy unless the Sales group was
located in the domain controllers OU and that was not stated.
![Page 255: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/255.jpg)
240 Chapter 3
68. Role:
You are the administrator of the mcsejobs.net Windows 2000 network.
Company:
Mcsejobs.net has been growing at an annual rate of 45% and anticipates sustained growth
for the next five years. The company's original focus was as a web portal that
provided links to jobs for MCSEs on the Internet. It quickly grew into much more,
offering job seekers valuable information about the Windows 2000 operating system.
Network:
The network consists of one domain tree called mcsejobs.net and two child domains
named America and Europe. Administration of the domains is centralized and
located in the company's head office in Toronto, Canada. The company has offices in
New York City, San Francisco, London, and Vienna. The mcsejobs.net domain is an
empty root domain with only the default users and groups including the Enterprise
and Schema Admins.
The America domain contains all the companies North American users and groups and
the Europe domain contains all the European users and groups. Each office has a
RAS server named after the city it is located in. The servers' names are NYRAS,
SFRAS, LNRAS, VARAS, and TORAS. The mcsejobs.net domain has three domain
controllers, one located in Toronto, one located in San Francisco, and one in New
York City. The America domain has two domain controllers, one located in New
York and the other in San Francisco. The Europe domain has two domain controllers
as well, with one located in London and the other in Vienna. Both the American and
the European offices contain the following departments; Sales, Product Support,
Marketing, Human Resources, and Accounting.
Connectivity:
Each office has a 128Kbps connection to the Internet and a connection to the head office
via a VPN. Each office is located in its own site.
![Page 256: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/256.jpg)
Change & Configuration Management 241
You are an administrator responsible for creating one group policy for all the computers
and another group policy for all the users in the America domain. You are concerned
about inheritance and want to ensure that all users receive the settings in the group
policy, and that they are not overridden by the settings of another group policy. How
can you ensure that the policies are effective?
A. Create one group policy for all the computers at the Computers container and create
another group policy for all the users at the Users container. Enable the no override
setting on both group policies.
B. Create one group policy for all computers at the America domain level and create
another group policy for all the users at the America domain level. Enable no
override on both group policies.
C. Create one group policy for all the computers at the Computers container and create
another group policy for all the users at the Users container. Enable the block
inheritance setting on both group policies.
D. Create one group policy for all computers at the America domain level and create
another group policy for all the users at the America domain level. Enable the block
inheritance setting on both group policies.
![Page 257: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/257.jpg)
242 Chapter 3
68. Role:
You are the administrator of the mcsejobs.net Windows 2000 network.
Company:
Mcsejobs.net has been growing at an annual rate of 45% and anticipates sustained growth
for the next five years. The company's original focus was as a web portal that
provided links to jobs for MCSEs on the Internet. It quickly grew into much more,
offering job seekers valuable information about the Windows 2000 operating system.
Network:
The network consists of one domain tree called mcsejobs.net and two child domains
named America and Europe. Administration of the domains is centralized and
located in the company's head office in Toronto, Canada. The company has offices in
New York City, San Francisco, London, and Vienna. The mcsejobs.net domain is an
empty root domain with only the default users and groups including the Enterprise
and Schema Admins.
The America domain contains all the companies North American users and groups and
the Europe domain contains all the European users and groups. Each office has a
RAS server named after the city it is located in. The servers' names are NYRAS,
SFRAS, LNRAS, VARAS, and TORAS. The mcsejobs.net domain has three domain
controllers, one located in Toronto, one located in San Francisco, and one in New
York City. The America domain has two domain controllers, one located in New
York and the other in San Francisco. The Europe domain has two domain controllers
as well, with one located in London and the other in Vienna. Both the American and
the European offices contain the following departments; Sales, Product Support,
Marketing, Human Resources, and Accounting.
Connectivity:
Each office has a 128Kbps connection to the Internet and a connection to the head office
via a VPN. Each office is located in its own site.
![Page 258: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/258.jpg)
Change & Configuration Management 243
You are an administrator responsible for creating one group policy for all the computers
and another group policy for all the users in the America domain. You are concerned
about inheritance and want to ensure that all users receive the settings in the group
policy, and that they are not overridden by the settings of another group policy. How
can you ensure that the policies are effective?
A. Create one group policy for all the computers at the Computers container and
create another group policy for all the users at the Users container. Enable the no
override setting on both group policies.
*B. Create one group policy for all computers at the America domain level and
create another group policy for all the users at the America domain level.
Enable no override on both group policies. C. Create one group policy for all the computers at the Computers container and
create another group policy for all the users at the Users container. Enable the
block inheritance setting on both group policies.
D. Create one group policy for all computers at the America domain level and create
another group policy for all the users at the America domain level. Enable the
block inheritance setting on both group policies.
Explanation: Creating two group policies, one for users and the other for computers, at
the domain level and setting the no override option would ensure that all users and
computers receive the settings of the group policy. Group policies cannot be set on
containers, meaning that the computers container and the users container will not
support the creation of group policies. Group policies can only be configured at the
Site, domain, or organizational unit level.
![Page 259: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/259.jpg)
244 Chapter 4
Introduction
Certainly no one would argue with the statement that Active Directory is the centerpiece
of Windows 2000 networking. This distributed, replicated database provides a central
point from which all network management can be coordinated. Maintenance of Active
Directory, the optimization of Active Directory and disaster recovery for Active
Directory becomes essential in the on-going administration of a Windows 2000 network.
In this section we will look at how to create objects in Active Directory, either manually
or through the use of scripting, how to move objects, how to locate objects in Active
Directory, as well as how to provide access to objects and how to delegate administration
in Active Directory. We will then look at how to monitor, optimize and troubleshoot
domain controllers and AD. This is a major undertaking, given the fact that Active
Directory has been designed with no limitations on size, and has been designed to
encompass multiple locations. Lastly we will cover disaster recovery options including
recovering Active Directory from a failed domain controller.
![Page 260: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/260.jpg)
Active Directory Components 245
Chapter 4: Components of Active Directory
1.
4.
5. j
6.
7. j
8.
9.
The objective of this chapter is to provide the reader with an understanding of
the following:
Manage Active Directory objects.
2. Move Active Directory objects.
3. Publish resources in Active Directory.
Locate objects in Active Directory.
Create and manage ob ects manually or by using scripting.
Control access to Active Directory objects.
Delegate administrative control of ob ects in Active Directory.
Monitor, optimize, and troubleshoot Active Directory performance and
replication.
Back up and restore Active Directory.
10. Perform an authoritative and a nonauthoritative restore of Active Directory.
11. Recover from a system failure.
12. Seize operations master roles.
1. When creating user accounts in Active Directory, there are four names that are given.
What name provides for backwards compatibility to users logging on from Windows
NT 3.51 or 4.0 computers?
A. First and Last Name
B. Name
C. User Logon Name
D. Downlevel Logon Name
![Page 261: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/261.jpg)
246 Chapter 4
1. When creating user accounts in Active Directory, there are four names that are given.
What name provides for backwards compatibility to users logging on from Windows
NT 3.51 or 4.0 computers?
A. First and Last Name
B. Name
C. User Logon Name
*D. Downlevel Logon Name Explanation: Organizational Unit objects are container objects in Active Directory and
can contain other AD objects such as user, computer, and group objects. To create an
Organizational Unit object below another OU, the user must have the Read, List
Contents and Create Organizational Unit Objects permissions. Certainly, members of
the Administrators group can create OUs anywhere in the forest by default. To create
an OU, open Active Directory Users and Computers, then right-click the container in
which you wish to create an OU, select New, and name the new OU. The most
fundamental account in Active Directory is the user account, since all access to
resources in the network eventually originates from this object. New user accounts
are created in Active Directory Users and Computers. In creating users, there are five
name properties to configure: first name and last name, generally used for searching
for users, name, which AD displays as the account name and must be unique in the
OU, User logon name (or user principal name UPN), which is the logon name for the
user, and downlevel logon name, which is used to logon to computers running
previous versions of Windows.
![Page 262: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/262.jpg)
Active Directory Components 247
2. What name given a User account must be unique within the container?
A. Last Name
B. User Logon Name
C. First Name
D. Downlevel Logon Name
![Page 263: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/263.jpg)
248 Chapter 4
2. What name given a User account must be unique within the container?
A. Last Name
*B. User Logon Name C. First Name
D. Downlevel Logon Name
Explanation: Organizational Unit objects are container objects in Active Directory and
can contain other AD objects such as user, computer, and group objects. To create an
Organizational Unit object below another OU, the user must have the Read, List
Contents and Create Organizational Unit Objects permissions. Certainly, members of
the Administrators group can create OUs anywhere in the forest by default. To create
an OU, open Active Directory Users and Computers, then right-click the container in
which you wish to create an OU, select New, and name the new OU. The most
fundamental account in Active Directory is the user account, since all access to
resources in the network eventually originates from this object. New user accounts
are created in Active Directory Users and Computers. In creating users, there are five
name properties to configure: first name and last name, generally used for searching
for users, name, which AD displays as the account name and must be unique in the
OU, User logon name (or user principal name UPN), which is the logon name for the
user, and downlevel logon name, which is used to logon to computers running
previous versions of Windows. The downlevel logon name must be unique within a
given domain.
![Page 264: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/264.jpg)
Active Directory Components 249
3. What happens to permissions when you move objects in Active Directory? (Choose 2)
A. Permissions granted directly to the object are lost and must be restored.
B. Permissions inherited from the former OU are retained.
C. Permissions from the new OU are inherited.
D. Permissions granted directly to the object are retained.
4. How can objects can be located in Active Directory? (Choose 2)
A. Users can use Start-Find.
B. Administrators can use Active Directory Users and Computers - Find.
C. Users can search in Explorer/Tools/Find.
D. Administrators and Users can use the Find option in Active Directory Users and
Computers.
![Page 265: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/265.jpg)
250 Chapter 4
3. What happens to permissions when you move objects in Active Directory? (Choose 2)
A. Permissions granted directly to the object are lost and must be restored.
B. Permissions inherited from the former OU are retained.
*C. Permissions from the new OU are inherited.
*D. Permissions granted directly to the object are retained. Explanation: Organizational Unit objects are container objects in Active Directory and
can contain other AD objects such as user, computer, and group objects. To create an
Organizational Unit object below another OU, the user must have the Read, List
Contents and Create Organizational Unit Objects permissions. Certainly, members of
the Administrators group can create OUs anywhere in the forest by default. Objects
can be moved within Active Directory Users and Computers by simply right-clicking
the object and choosing Move. You then expand the domain tree, click the
destination container and choose OK. Permissions that were granted directly to the
moved object remain the same and the object will inherit the permissions in effect in
the new parent OU.
4. How can objects can be located in Active Directory? (Choose 2)
A. Users can use Start-Find.
*B. Administrators can use Active Directory Users and Computers - Find. C. Users can search in Explorer/Tools/Find.
D. Administrators and Users can use the Find option in Active Directory Users and
Computers.
Explanation: Certainly, members of the Administrators group can create OUs anywhere
in the forest by default. Objects can be moved within Active Directory Users and
Computers by simply right-clicking the object and choosing Move. You then expand
the domain tree, click the destination container and choose OK. Permissions that
were granted directly to the moved object remain the same, and the object will
inherit the permissions in effect in the new parent OU. Active Directory Users and
Computers also provides a Find function on the Action menu in the main console.
![Page 266: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/266.jpg)
Active Directory Components 251
5. What are the two basic group types that are now supported in Active Directory?
(Choose 2)
A. Domain Local groups
B. Global groups
C. Universal groups
D. Security groups
E. Distribution groups
6. What type of group should you create in Active Directory if you want the access token
used during logon to be reduced in size?
A. Local groups
B. Global groups
C. Security groups
D. Distribution groups
E. Universal groups
![Page 267: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/267.jpg)
252 Chapter 4
5. What are the two basic group types that are now supported in Active Directory?
(Choose 2)
A. Domain Local groups
B. Global groups
C. Universal groups
*D. Security groups
*E. Distribution groups Explanation: Organizational Unit objects are container objects in Active Directory, and
can contain other AD objects such as user, computer, and group objects. In Active
Directory there are two basic group types: Security groups and Distribution groups.
Security groups are used to grant or deny rights or permissions while Distribution
groups are used for sending e-mails with e-mail applications.
6. What type of group should you create in Active Directory if you want the access token
used during logon to be reduced in size?
A. Local groups
B. Global groups
C. Security groups
*D. Distribution groups E. Universal groups
Explanation: Organizational Unit objects are container objects in Active Directory and
can contain other AD objects such as user, computer, and group objects. In Active
Directory there are two basic group types: Security groups and Distribution groups.
Security groups are used to grant or deny rights or permissions while Distribution
groups are used for sending e-mails with e-mail applications. Because Windows
2000 creates an access token (containing the SIDs of all of the Security groups to
which the user belongs) and forwards that to the user in the logon process, creating
less Security groups and more Distribution groups can reduce the size of the token
and improve the logon process.
![Page 268: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/268.jpg)
Active Directory Components 253
7. What accounts can be added as members of a Domain Local group?
A. Accounts from the local domain only
B. Accounts from any domain in the forest
C. Accounts from the same OU as the group object is in
D. Accounts cannot exist in Domain Local groups.
![Page 269: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/269.jpg)
254 Chapter 4
7. What accounts can be added as members of a Domain Local group?
A. Accounts from the local domain only
*B. Accounts from any domain in the forest C. Accounts from the same OU as the group object is in
D. Accounts cannot exist in Domain Local groups.
Explanation: Organizational Unit objects are container objects in Active Directory and
can contain other AD objects such as user, computer, and group objects. In Active
Directory there are two types of Groups: Security groups and Distribution groups.
Security groups are used to grant or deny rights or permissions, while Distribution
groups are used for sending e-mails with e-mail applications. Both types of groups
have an attribute called scope, which determines who can be a member and where
the group can be used. The three scopes are domain local, global and universal.
Domain Local groups (in a native mode domain) can contain user accounts, Global
groups and Universal groups from any domain in the forest, and other domain Local
groups from the same domain. In a mixed mode domain, domain Local groups can
contain user accounts and Global groups from any domain. Global groups, in a
native domain, can contain user accounts and Global groups from the domain in
which the Global group exists. In mixed mode the Global group can contain only
user accounts from the domain in which it exists. Universal groups can only be
created in domains operating in native mode. They can contain user accounts, Global
groups and other Universal groups from any domain in the forest.
![Page 270: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/270.jpg)
Active Directory Components 255
8. What accounts can a Universal group contain when in mixed mode?
A. Only accounts from the local domain
B. Accounts from any domain in the forest
C. You cannot create a Universal group in a domain operating in mixed mode.
D. Only user accounts from the local domain and any Global groups in the forest.
![Page 271: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/271.jpg)
256 Chapter 4
8. What accounts can a Universal group contain when in mixed mode?
A. Only accounts from the local domain
B. Accounts from any domain in the forest
*C. You cannot create a Universal group in a domain operating in mixed mode. D. Only user accounts from the local domain and any Global groups in the forest.
Explanation: Organizational Unit objects are container objects in Active Directory and
can contain other AD objects such as user, computer, and group objects. In Active
Directory there are two types of Groups: Security groups and Distribution groups.
Security groups are used to grant or deny rights or permissions, while Distribution
groups are used for sending e-mails with e-mail applications. Both types of groups
have an attribute called scope, which determines who can be a member and where
the group can be used. The three scopes are domain local, global and universal.
Domain Local groups (in a native mode domain) can contain user accounts, Global
groups and Universal groups from any domain in the forest, and other domain Local
groups from the same domain. In a mixed mode domain, domain Local groups can
contain user accounts and Global groups from any domain. Global groups, in a
native domain, can contain user accounts and Global groups from the domain in
which the Global group exists. In mixed mode the Global group can contain only
user accounts from the domain in which it exists. Universal groups can only be
created in domains operating in native mode. They can contain user accounts, Global
groups and other Universal groups from any domain in the forest.
![Page 272: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/272.jpg)
Active Directory Components 257
9. What is the recommended strategy for using groups to grant permissions to access
resources?
A. Place accounts into Domain Local groups, then Domain local into global and then
grant permissions to the Global groups.
B. Place accounts into Domain Local groups, Domain local into global, global into
Universal and then grant permissions to the Universal groups.
C. Place accounts into Global groups, then global into Domain local and then grant
permissions to the Local groups.
10. What are three properties of groups that must be specified to create the group in
Active Directory? (Choose 3)
A. Group Name
B. Group Members
C. Group Type
D. Group Location
E. Group Scope
![Page 273: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/273.jpg)
258 Chapter 4
9. What is the recommended strategy for using groups to grant permissions to access
resources?
A. Place accounts into Domain Local groups, then Domain local into global and
then grant permissions to the Global groups.
B. Place accounts into Domain Local groups, Domain local into global, global into
Universal and then grant permissions to the Universal groups.
*C. Place accounts into Global groups, then global into Domain local and then grant
permissions to the Local groups. Explanation: Organizational Unit objects are container objects in Active Directory and
can contain other AD objects such as user, computer, and group objects. In Active
Directory there are two types of Groups: Security groups and Distribution groups.
Security groups are used to grant or deny rights or permissions, while Distribution
groups are used for sending e-mails with e-mail applications. Both types of groups
have an attribute called scope, which determines who can be a member and where
the group can be used. The three scopes are domain local, global and universal. The
recommended strategy for using groups is to put user accounts into Global groups
and Global groups into domain Local groups and then grant permissions to the
domain Local groups.
10. What are three properties of groups that must be specified to create the group in
Active Directory? (Choose 3)
*A. Group Name B. Group Members
*C. Group Type D. Group Location
*E. Group Scope Explanation: In Active Directory there are two types of Groups: Security groups and
Distribution groups. Security groups are used to grant or deny rights or permissions,
while Distribution groups are used for sending e-mails with e-mail applications. Both
types of groups have an attribute called scope, which determines who can be a
member and where the group can be used. The three scopes are domain local, global
and universal. To create a group in Active Directory Users and Computers, right-
click the appropriate OU, select New and click Group. Then provide the group name,
downlevel name, type and scope.
![Page 274: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/274.jpg)
Active Directory Components 259
11. After you create a group, what are three types of objects that can be added as
members? (Choose 3)
A. User accounts
B. Group objects
C. Container objects
D. Computer objects
12. What are two situations in which you cannot change the scope of a group in Active
Directory? (Choose 2)
A. When the group is in a different tree in the forest.
B. When the domain is in mixed mode.
C. When the group scope is universal.
D. When the group is in a "Locked" state.
![Page 275: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/275.jpg)
260 Chapter 4
11. After you create a group, what are three types of objects that can be added as
members? (Choose 3)
*A. User accounts
*B. Group objects C. Container objects
*D. Computer objects Explanation: In Active Directory there are two types of Groups: Security groups and
Distribution groups. Security groups are used to grant or deny rights or permissions,
while Distribution groups are used for sending e-mails with e-mail applications. Both
types of groups have an attribute called scope, which determines who can be a
member and where the group can be used. The three scopes are domain local, global
and universal. To create a group in Active Directory Users and Computers, right-
click the appropriate OU, select New and click Group. Then provide the group name,
downlevel name, type and scope. After the group is created, you can add users, other
groups and computers as members.
12. What are two situations in which you cannot change the scope of a group in Active
Directory? (Choose 2)
A. When the group is in a different tree in the forest.
*B. When the domain is in mixed mode.
*C. When the group scope is universal. D. When the group is in a "Locked" state.
Explanation: In Active Directory there are two types of Groups: Security groups and
Distribution groups. Security groups are used to grant or deny rights or permissions,
while Distribution groups are used for sending e-mails with e-mail applications. Both
types of groups have an attribute called scope, which determines who can be a
member and where the group can be used. The three scopes are domain local, global
and universal. To create a group in Active Directory Users and Computers, right-
click the appropriate OU, select New and click Group. Then provide the group name,
downlevel name, type and scope. Once a group has been created, you may wish to
change either the type or scope of the group. You can change the type between
security and distribution on the General tab of the Properties box for the group.
Scope would be changed in the same dialog box. These two changes are only
possible if the domain is operating in native mode. Lastly, you cannot change the
scope of a universal group, since the other scopes have more restrictive membership
properties.
![Page 276: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/276.jpg)
Active Directory Components 261
13. What are three of the standard permissions in Active Directory security? (Choose 3)
A. Full Control
B. Write All Properties
C. Read
D. Write
E. Administer
14. When allowing and denying permissions conflict, which takes precedence?
A. The permissions allowed for a group always takes precedence over user denied
permissions.
B. The user allowed permissions always takes precedence over the group denied
permissions.
C. Denied permissions always take precedence.
D. Allowed permissions always take precedence.
![Page 277: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/277.jpg)
262 Chapter 4
13. What are three of the standard permissions in Active Directory security? (Choose 3)
*A. Full Control B. Write All Properties
*C. Read
*D. Write E. Administer
Explanation: Every object in Active Directory has an attribute called the Discretionary
Access Control List (DACL). Objects on this list have access either granted or
denied to the object. Permissions can be set using standard permissions, which
include Full Control, Read, Write, Create All Child Objects, and Delete All Child
Objects. Permissions can be granted or denied, and deny takes precedence over the
granting of a permission. When permissions are set in Active Directory, the
administrator can decide how the permission should inherit down the AD structure.
This can allow the administrator to set fewer permissions and let the inheritance
process continue to grant access.
14. When allowing and denying permissions conflict, which takes precedence?
A. The permissions allowed for a group always takes precedence over user denied
permissions.
B. The user allowed permissions always takes precedence over the group denied
permissions.
*C. Denied permissions always take precedence. D. Allowed permissions always take precedence.
Explanation: Every object in Active Directory has an attribute called the Discretionary
Access Control List (DACL). Objects on this list have access either granted or
denied to the object. Permissions can be set using standard permissions, which
include Full Control, Read, Write, Create All Child Objects, and Delete All Child
Objects. Permissions can be granted or denied, and deny takes precedence over the
granting of a permission. When permissions are set in Active Directory, the
administrator can decide how the permission should inherit down the AD structure.
This can allow the administrator to set fewer permissions and let the inheritance
process continue to grant access.
![Page 278: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/278.jpg)
Active Directory Components 263
15. What is the process through which permissions are passed on to child objects from
their parent in Active Directory?
A. Transitive permissions
B. Inheritance
C. There is no such process. Permissions must be applied at each level in the tree.
D. Universal permissions
16. Where are permissions for Active Directory objects applied?
A. In Active Directory Users and Computers -<object>- View - Advanced Features -
Properties - Security
B. In Active Directory Users and Computers -<object>- Properties - Security
C. In Active Directory Users and Computers -<object>- View - Security
D. In Active Directory Users and Computers -<object>- Security
![Page 279: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/279.jpg)
264 Chapter 4
15. What is the process through which permissions are passed on to child objects from
their parent in Active Directory?
A. Transitive permissions
*B. Inheritance C. There is no such process. Permissions must be applied at each level in the tree.
D. Universal permissions
Explanation: Every object in Active Directory has an attribute called the Discretionary
Access Control List (DACL). Objects on this list have access either granted or
denied to the object. Permissions can be set using standard permissions, which
include Full Control, Read, Write, Create All Child Objects, and Delete All Child
Objects. Permissions can be granted or denied, and deny takes precedence over the
granting of a permission. When permissions are set in Active Directory, the
administrator can decide how the permission should inherit down the AD structure.
This can allow the administrator to set fewer permissions and let the inheritance
process continue to grant access.
16. Where are permissions for Active Directory objects applied?
*A. In Active Directory Users and Computers -<object>- View - Advanced Features
- Properties - Security B. In Active Directory Users and Computers -<object>- Properties - Security
C. In Active Directory Users and Computers -<object>- View - Security
D. In Active Directory Users and Computers -<object>- Security
Explanation: Permissions in Active Directory are applied in Active Directory Users and
Computers - View - Advanced Features - Properties - Security. Permissions can be
set using standard permissions, which include Full Control, Read, Write, Create All
Child Objects, and Delete All Child Objects. Permissions can be granted or denied,
and deny takes precedence over the granting of a permission. When permissions are
set in Active Directory, the administrator can decide how the permission should
inherit down the AD structure. This can allow the administrator to set fewer
permissions and let the inheritance process continue to grant access.
![Page 280: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/280.jpg)
Active Directory Components 265
17. Who is the default owner of an object in Active Directory?
A. The Administrator account
B. The container administrator
C. The user who created the object
D. The Administrators group
18. What application helps simplify the process of delegating administrative permissions
in Active Directory?
A. Active Directory Users and Computers
B. Active Directory Domains and Services
C. Delegation of Control Wizard
D. Active Directory Administrative Control MMC
![Page 281: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/281.jpg)
266 Chapter 4
17. Who is the default owner of an object in Active Directory?
A. The Administrator account
B. The container administrator
*C. The user who created the object D. The Administrators group
Explanation: Permissions in Active Directory are applied in Active Directory Users and
Computers - View - Advanced Features - Properties - Security. Permissions can be
set using standard permissions, which include Full Control, Read, Write, Create All
Child Objects, and Delete All Child Objects. Permissions can be granted or denied,
and deny takes precedence over the granting of a permission. When permissions are
set in Active Directory, the administrator can decide how the permission should
inherit down the AD structure. This can allow the administrator to set fewer
permissions and let the inheritance process continue to grant access. By default, the
creator of an object becomes the owner and controls the DACL.
18. What application helps simplify the process of delegating administrative permissions
in Active Directory?
A. Active Directory Users and Computers
B. Active Directory Domains and Services
*C. Delegation of Control Wizard D. Active Directory Administrative Control MMC
Explanation: Permissions in Active Directory are applied in Active Directory Users and
Computers - View - Advanced Features - Properties - Security. Permissions can be
set using standard permissions, which include Full Control, Read, Write, Create All
Child Objects, and Delete All Child Objects. Permissions can be granted or denied,
and deny takes precedence over the granting of a permission. When permissions are
set in Active Directory, the administrator can decide how the permission should
inherit down the AD structure. This can allow the administrator to set fewer
permissions and let the inheritance process continue to grant access. By default, the
creator of an object becomes the owner and controls the DACL. Administrators can
take ownership of an object and thus grant permissions. Further administration in
Active Directory can be established using the Delegation of Control Wizard,
accessed from within Active Directory Users and Computers by right-clicking on the
appropriate OU and choosing Delegate Control. This will allow permissions to be
granted at the OU level and then inherited into the subordinate objects below.
![Page 282: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/282.jpg)
Active Directory Components 267
19. What are two ways in which administrative control can be delegated in Active
Directory? (Choose 2)
A. Permissions can be granted to create or modify objects in a domain
B. Permissions can be granted to create or modify objects in a specific OU
C. Permission can be granted to modify the permissions to an object
D. Permission can be granted to modify password restrictions at the OU level
20. What is the file extension for saved customized MMC consoles?
A. .MMC
B. .MSC
C. .EXE
D. .CUS
![Page 283: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/283.jpg)
268 Chapter 4
19. What are two ways in which administrative control can be delegated in Active
Directory? (Choose 2)
A. Permissions can be granted to create or modify objects in a domain
*B. Permissions can be granted to create or modify objects in a specific OU
*C. Permission can be granted to modify the permissions to an object D. Permission can be granted to modify password restrictions at the OU level
Explanation: Permissions in Active Directory are applied in Active Directory Users and
Computers - View - Advanced Features - Properties - Security. By default, the
creator of an object becomes the owner and controls the DACL. Administrators can
take ownership of an object and thus grant permissions. Further administration in
Active Directory can be established using the Delegation of Control Wizard,
accessed from within Active Directory Users and Computers by right-clicking on the
appropriate OU and choosing Delegate Control. This will allow permissions to be
granted at the OU level and then inherited into the subordinate objects below. There
are essentially two levels of control that can be delegated: to allow the permission to
create objects in an OU and to grant the permissions to grant permissions to objects.
20. What is the file extension for saved customized MMC consoles?
A. .MMC
*B. .MSC C. .EXE
D. .CUS
Explanation: Introduced originally in IIS, the Microsoft Management Console (MMC)
has become the tool of preference in managing and maintaining Windows networks.
With the release of Windows 2000, administrators have the ability to create
customized MMC consoles. To open an empty MMC console click Start-Run and
type mmc and click OK. Adding the necessary snap-ins and further selecting the
console mode allows for customization. The MMC console is then saved in My
Documents as an .MSC file. This file can be e-mailed to other administrators to
provide them with the same MMC console that was originally created and
configured.
![Page 284: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/284.jpg)
Active Directory Components 269
21. Which of the following statements best describes the concept of a domain in the
Windows 2000 Active Directory structure?
A. A domain is a physical boundary.
B. A domain is a geographical boundary.
C. A domain is an administrative boundary.
D. A domain is a container within a specific site.
22. In Windows 2000, what is the correct term used for a collection of domains into one
larger, contiguous namespace?
A. A tree
B. A forest
C. A site
D. A zone
![Page 285: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/285.jpg)
270 Chapter 4
21. Which of the following statements best describes the concept of a domain in the
Windows 2000 Active Directory structure?
A. A domain is a physical boundary.
B. A domain is a geographical boundary.
*C. A domain is an administrative boundary. D. A domain is a container within a specific site.
Explanation: A domain is an administrative boundary in Windows 2000 and represents a
namespace that corresponds to a DNS domain. A site is a physical boundary in
Active Directory that is used to control replication and authentication traffic across
your WAN.
22. In Windows 2000, what is the correct term used for a collection of domains into one
larger, contiguous namespace?
*A. A tree B. A forest
C. A site
D. A zone
Explanation: A tree is a collection of domains with a contiguous namespace. A forest is
a collection of trees with non-contiguous namespaces. A site is a collection of one or
more IP subnets connected by a high-speed link. A zone is a portion of the DNS
namespace that contains the resource records. The resource records that belong to the
contiguous portion of the DNS namespace are owned and the owner's name is listed
in the records.
![Page 286: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/286.jpg)
Active Directory Components 271
23. As a project manager it is your responsibility to sell the benefits of Active Directory
to management. What are the three core pieces of functionality that the Active
Directory, directory service offers that you could tell management?
A. Organization of resources
B. Management of resources
C. Control of resources
D. Creation of resources
E. Evaluating of resources
24. Your organization's Windows 2000 network consists of one root domain named
planet.com and two child domains named east and west. You currently have one
global catalog server in the planet.com domain and a second in the east.planet.com
domain. What information is contained on the east.planet.com global catalog server?
A. All objects from all three domains, and all attributes of the objects from the
east.planet.com domain, but only selected attributes of the objects from the
west.planet.com and planet.com domains.
B. All objects from the planet.com domain, and all attributes of the objects from the
east.planet.com domain, but only selected attributes of the objects from the
west.planet.com and planet.com domains.
C. All objects from all three domains, and all attributes of the objects from the
east.planet.com domain, but only selected attributes of the objects from the
planet.com domain.
D. All objects from the east.planet.com domain and all attributes of the objects from the
east.planet.com domain.
![Page 287: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/287.jpg)
272 Chapter 4
23. As a project manager it is your responsibility to sell the benefits of Active Directory
to management. What are the three core pieces of functionality that the Active
Directory, directory service offers that you could tell management?
*A. Organization of resources
*B. Management of resources
*C. Control of resources D. Creation of resources
E. Evaluating of resources
Explanation: The Active Directory, directory service offers the ability to organize,
manage, and control resources. The creation and evaluation of resources if up to the
administrator and not a core piece of the directory service functionality.
24. Your organization's Windows 2000 network consists of one root domain named
planet.com and two child domains named east and west. You currently have one
global catalog server in the planet.com domain and a second in the east.planet.com
domain. What information is contained on the east.planet.com global catalog server?
*A. All objects from all three domains, and all attributes of the objects from the
east.planet.com domain, but only selected attributes of the objects from the
west.planet.com and planet.com domains. B. All objects from the planet.com domain, and all attributes of the objects from the
east.planet.com domain, but only selected attributes of the objects from the
west.planet.com and planet.com domains.
C. All objects from all three domains, and all attributes of the objects from the
east.planet.com domain, but only selected attributes of the objects from the
planet.com domain.
D. All objects from the east.planet.com domain and all attributes of the objects from
the east.planet.com domain.
Explanation: A global catalog server contains naming contexts for all the domains in a
forest. All objects of a domain are contained and replicated within a domain naming
context for each domain. A global catalog server contains all the objects from its
own domain and all of the attributes of the objects from its own domain. It also
contains all the objects from all other domains but only selected properties of other
domain objects.
![Page 288: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/288.jpg)
Active Directory Components 273
25. As the domain administrator, you are planning the creation of your user accounts
within you Active Directory domain. You want to ensure that you follow the
recommended guidelines established by Microsoft for the creation and
administration of users and groups. Which of the following guidelines should you
follow?
A. A distinguished name must be unique in the forest.
B. A distinguished name must be unique in the site.
C. A relative distinguished name must be unique in its parent container.
D. A relative distinguished name must be unique in the forest.
E. Always use the guest account for temporary access.
26. When configuring applications for terminal services, when do you use the "change
user" command?
A. When installing the application uses another method than a setup program.
B. When a single-user application is going to be used in conjunction with terminal
services.
C. When a single-user application has to be used in a multi-user environment.
D. When the user-specific registry settings are not being propagated as needed.
![Page 289: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/289.jpg)
274 Chapter 4
25. As the domain administrator, you are planning the creation of your user accounts
within you Active Directory domain. You want to ensure that you follow the
recommended guidelines established by Microsoft for the creation and
administration of users and groups. Which of the following guidelines should you
follow?
*A. A distinguished name must be unique in the forest. B. A distinguished name must be unique in the site.
*C. A relative distinguished name must be unique in its parent container. D. A relative distinguished name must be unique in the forest.
E. Always use the guest account for temporary access.
Explanation: A distinguished name must be unique in the forest and a relative
distinguished name must be unique in its parent container. The guest account should
never be used, even for temporary access. A temporary account should be created
and used for individual temporary access so that there is an audit trail.
26. When configuring applications for terminal services, when do you use the "change
user" command?
*A. When installing the application uses another method than a setup program. B. When a single-user application is going to be used in conjunction with terminal
services.
C. When a single-user application has to be used in a multi-user environment.
D. When the user-specific registry settings are not being propagated as needed.
Explanation: The "change user" command is used only when an application is being
installed using a method other than running a setup program. An example of this is
when Internet Explorer prompts installation of an add-on application.
![Page 290: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/290.jpg)
Active Directory Components 275
27. Which of the following statements are true regarding applications in a Terminal
Services environment?
A. Windows-based 32-bit applications run more efficiently than 16-bit applications.
B. Applications that do not run on Windows 2000 will not run in a multi-user
environment on Terminal server.
C. 16-bit applications can reduce the number of users supported by as much as 40%.
D. Applications that normally would not run on Windows 2000 may be configured to run
on Terminal server.
28. What are two protocols necessary to support Windows 2000 terminal services on a
Windows 2000 client?
(Choose 2)
A. NetMeeting
B. IPX/SPX Compatible Protocol
C. RDP
D. TCP/IP
![Page 291: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/291.jpg)
276 Chapter 4
27. Which of the following statements are true regarding applications in a Terminal
Services environment?
*A. Windows-based 32-bit applications run more efficiently than 16-bit
applications.
*B. Applications that do not run on Windows 2000 will not run in a multi-user
environment on Terminal server.
*C. 16-bit applications can reduce the number of users supported by as much as
40%. D. Applications that normally would not run on Windows 2000 may be configured
to run on Terminal server.
Explanation: Applications that will not run on Windows 2000 will not run on Terminal
Services either. 32-bit applications will run more efficiently than 16-bit applications
because they will take advantage of 32-bit hardware and operating systems. 16-bit
applications can impact the performance of the terminal server by reducing the
number of users that the processor can support by as much as 40%, and increase
memory usage by user by as much as 50%.
28. What are two protocols necessary to support Windows 2000 terminal services on a
Windows 2000 client?
(Choose 2)
A. NetMeeting
B. IPX/SPX Compatible Protocol
*C. RDP
*D. TCP/IP Explanation: Windows 2000 Terminal Services allows a Windows 2000 computer to
host applications, and run the applications for remote users, transferring only mouse
movement, keystrokes and graphical screens between the client and server. The
client can be running Windows 2000 Professional, Windows NT, Windows 95/98,
Windows for Workgroups or even Windows CE. Clients must be running both
TCP/IP and the Remote Desktop Protocol (RDP).
![Page 292: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/292.jpg)
Active Directory Components 277
29. What are four operating systems that can support the terminal services client?
(Choose 4)
A. Windows 2000 Professional
B. UNIX
C. Windows 95
D. Windows NT 4.0
E. Windows CE
30. You have been asked to deploy Terminal Services in your company's network with as
little additional cost as possible. You have 4 Windows 2000 servers, 235 Windows
2000 Professional workstations, 3 UNIX servers and 175 Pentium 120 Mhz PCs
running UNIX . Since Terminal Services does not support non-Windows clients,
what solution would you propose for this implementation to minimize costs?
A. You will need to purchase 175 licenses for Windows 2000 Professional and using RIS,
deploy Professional across all of the UNIX PCs.
B. You will recommend installing Citrix MetaFrame on top of Terminal Services,
providing support for both the Windows 2000 Professional clients and the UNIX
clients.
C. Actually, Terminal Services does support UNIX, so you can simply proceed with the
implementation with no additional costs.
D. You simply need to contact the UNIX vendor and procure their Terminal Services
client for the 175 UNIX workstations.
![Page 293: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/293.jpg)
278 Chapter 4
29. What are four operating systems that can support the terminal services client?
(Choose 4)
*A. Windows 2000 Professional B. UNIX
*C. Windows 95
*D. Windows NT 4.0
*E. Windows CE Explanation: The client operating system can be running Windows 2000 Professional,
Windows NT, Windows 95/98, Windows for Workgroups or even Windows CE.
Clients must be running both TCP/IP and the Remote Desktop Protocol (RDP). The
PC itself requires very little in terms of hardware requirements, since the terminal
server will do all of the processing for the client. The server has extra hardware
requirements, with 4 to 10 Mb of RAM for each terminal session, and high
performance network cards as minimum needs.
30. You have been asked to deploy Terminal Services in your company's network with as
little additional cost as possible. You have 4 Windows 2000 servers, 235 Windows
2000 Professional workstations, 3 UNIX servers and 175 Pentium 120 Mhz PCs
running UNIX . Since Terminal Services does not support non-Windows clients,
what solution would you propose for this implementation to minimize costs?
A. You will need to purchase 175 licenses for Windows 2000 Professional and using
RIS, deploy Professional across all of the UNIX PCs.
*B. You will recommend installing Citrix MetaFrame on top of Terminal Services,
providing support for both the Windows 2000 Professional clients and the
UNIX clients. C. Actually, Terminal Services does support UNIX, so you can simply proceed with
the implementation with no additional costs.
D. You simply need to contact the UNIX vendor and procure their Terminal
Services client for the 175 UNIX workstations.
Explanation: The client operating system can be running Windows 2000 Professional,
Windows NT, Windows 95/98, Windows for Workgroups or even Windows CE.
Clients must be running both TCP/IP and the Remote Desktop Protocol (RDP). The
PC itself requires very little in terms of hardware requirements, since the terminal
server will do all of the processing for the client. For non-windows operating
systems, Citrix MetaFrame extends Terminal Services, and then provides enterprise-
level support for large multi-location network implementations.
![Page 294: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/294.jpg)
Active Directory Components 279
31. What are three recommendations for servers that will run Windows 2000 Terminal
Services?
(Choose 3)
A. The server should be a domain controller in the Active Directory network.
B. The server should not be a domain controller, but rather a member server.
C. The server file system should be NTFS.
D. The server requires between 4 and 10 Mb of additional RAM for each client session
that it will host.
E. The server file system should be FAT32.
32. What type of license will a Windows 2000 Professional workstation use when
accessing Terminal Services?
A. Terminal Services Internet Connection Licenses
B. Terminal Services CALs
C. Temporary Licenses
D. Built-in Licenses
![Page 295: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/295.jpg)
280 Chapter 4
31. What are three recommendations for servers that will run Windows 2000 Terminal
Services?
(Choose 3)
A. The server should be a domain controller in the Active Directory network.
*B. The server should not be a domain controller, but rather a member server.
*C. The server file system should be NTFS.
*D. The server requires between 4 and 10 Mb of additional RAM for each client
session that it will host. E. The server file system should be FAT32.
Explanation: Windows 2000 Terminal Services allows a Windows 2000 computer to
host applications, and run the applications for remote users, transferring only mouse
movement, keystrokes and graphical screens between the client and server. The
server has extra hardware requirements, with Microsoft recommending 4 to 10 Mb of
RAM for each terminal session, high performance network cards, that Terminal
Services be installed on an NTFS partition and that the server not be a domain
controller, but a member server.
32. What type of license will a Windows 2000 Professional workstation use when
accessing Terminal Services?
A. Terminal Services Internet Connection Licenses
B. Terminal Services CALs
C. Temporary Licenses
*D. Built-in Licenses Explanation: Every device that connects to Terminal Services must be licensed. For
Windows 2000 Professional workstations, the CAL will suffice, and is referred to as
built-in license. For access across the Internet, a Terminal Services Internet
Connector license is used. Non-windows systems use a Terminal Services license
purchased separately. A license server maintains licensing for connections to
Terminal Services. In a Windows 2000 domain, the license server will be a domain
controller. If a Terminal Server needs a license, it sends the request to the license
server. If the license server has none, it can issue the last type of Terminal Services
license, the Temporary license.
![Page 296: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/296.jpg)
Active Directory Components 281
33. What are two different means to install the Terminal Services client on your 275
Windows 95 workstations?
(Choose 2)
A. Insert disk 1 of the 4 disk installation set and choose setup.exe.
B. Insert disk 1 of the 2 disk installation set and choose setup.exe.
C. Share the systemroot\system32\clients\tsclient\win32 folder and then connect to the
share from the Windows 95 workstations and run setup.exe.
D. Share the systemroot\system32\clients\tsclient\win16 folder and then connect to the
share from the Windows 95 workstations and run setup.exe.
![Page 297: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/297.jpg)
282 Chapter 4
33. What are two different means to install the Terminal Services client on your 275
Windows 95 workstations?
(Choose 2)
*A. Insert disk 1 of the 4 disk installation set and choose setup.exe. B. Insert disk 1 of the 2 disk installation set and choose setup.exe.
C. Share the systemroot\system32\clients\tsclient\win32 folder and then connect to
the share from the Windows 95 workstations and run setup.exe.
*D. Share the systemroot\system32\clients\tsclient\win16 folder and then connect to
the share from the Windows 95 workstations and run setup.exe. Explanation: Windows 2000 Terminal Services allows a Windows 2000 computer to
host applications, and run the applications for remote users, transferring only mouse
movement, keystrokes and graphical screens between the client and server. The
client can be running Windows 2000 Professional, Windows NT, Windows 95/98,
Windows for Workgroups or even Windows CE. Clients must be running both
TCP/IP and the Remote Desktop Protocol (RDP).
To install the Terminal Services client, either installation disks can be used or the client
can connect to the installation files on a shared folder at the terminal server. For 16
bit Windows clients, the disk-based installation consists of 4 disks, while the
network installation files can be found on the terminal server at
systemroot\system32\clients\tsclients\win16. For 32-bit Windows clients, the disk-
based installation consists of 2 disks, while the network installation files can be
found at systemroot\system32\clients\tsclient\win32.
![Page 298: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/298.jpg)
Active Directory Components 283
34. You are installing Terminal Services for a 300-user organization. The workstations
are all running Windows 2000 Professional. What are two different ways to install
the Terminal Services client for the organization?
(Choose 2)
A. Share the systemroot\system\clients\tsclient\win32 folder and then connect to the
share from the Windows 95 workstations and run setup.exe.
B. Share the systemroot\system32\clients\tsclient\win32 folder and then connect to the
share from the Windows 95 workstations and run setup.exe.
C. Insert disk 1 of the 4 disk installation set and choose setup.exe.
D. Insert disk 1 of the 2 disk installation set and choose setup.exe.
![Page 299: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/299.jpg)
284 Chapter 4
34. You are installing Terminal Services for a 300-user organization. The workstations
are all running Windows 2000 Professional. What are two different ways to install
the Terminal Services client for the organization?
(Choose 2)
A. Share the systemroot\system\clients\tsclient\win32 folder and then connect to the
share from the Windows 95 workstations and run setup.exe.
*B. Share the systemroot\system32\clients\tsclient\win32 folder and then connect to
the share from the Windows 95 workstations and run setup.exe. C. Insert disk 1 of the 4 disk installation set and choose setup.exe.
*D. Insert disk 1 of the 2 disk installation set and choose setup.exe. Explanation: Windows 2000 Terminal Services allows a Windows 2000 computer to
host applications, and run the applications for remote users, transferring only mouse
movement, keystrokes and graphical screens between the client and server. The
client can be running Windows 2000 Professional, Windows NT, Windows 95/98,
Windows for Workgroups or even Windows CE. Clients must be running both
TCP/IP and the Remote Desktop Protocol (RDP).
![Page 300: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/300.jpg)
Notes:
![Page 301: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/301.jpg)
286 Chapter 5
Introduction
Windows 2000 makes a variety of Security Templates available to the administrator for
further securing the network. These templates are inactive until either applied to
individual computers using the Local Security Policy, or imported into a Group Policy.
The ability to organize computer objects in containers and then link those containers to
Group Policy objects with specific security configuration settings provides a tremendous
ability to implement and standardize security across the Windows 2000 network. In this
chapter we will see yet another example of the power of Active Directory in configuring
and managing networks. First we will take a little review of security templates, and then
we will look at how to configure, apply and manage security configurations using Active
Directory.
![Page 302: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/302.jpg)
Active Directory Security Solutions 287
Chapter 5: Security in a Directory Services Infrastructure
1.
2. Security
3.
4.
The objective of this chapter is to provide the reader with an understanding of
the following:
Apply security policies by using Group Policy.
Create, analyze, and modify security configurations by using the
Configuration and Analysis snap-in and the Security Templates snap-in.
Implement an audit policy.
Monitor and analyze security events.
1. At what level in the Active Directory forest can you set password settings, account
lockout settings and Kerberos v5 settings in a Group Policy?
A. Container
B. Site
C. OU
D. Domain
2. What security template in Windows 2000 "opens" up the default Users settings for
modification and therefore is not considered a secure environment?
A. Basic
B. Compatible
C. Secure
D. High Secure
![Page 303: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/303.jpg)
288 Chapter 5
1. At what level in the Active Directory forest can you set password settings, account
lockout settings and Kerberos v5 settings in a Group Policy?
A. Container
*B. Site
*C. OU
*D. Domain Explanation: The Group Policy allows you to apply configurations to computer and user
accounts across your network, specifying settings through five extensions:
Administrative Templates, Security, Software Installation, Scripts and Folder
Redirection. The Security settings extension allows the administrator to configure
settings in the areas of Account policies, which can include password policies,
account lockout policies and Kerberos v5 policies, Local Policies, for computers and
mostly concerned with auditing policies, user rights etc, Event Log, specifying the
parameters for the logs, and Restricted Group, allowing the management of built-in
groups.
2. What security template in Windows 2000 "opens" up the default Users settings for
modification and therefore is not considered a secure environment?
A. Basic
*B. Compatible C. Secure
D. High Secure
Explanation: Windows 2000 makes a variety of Security Templates available to the
administrator for further securing the network. These templates are inactive until
imported into a Group Policy or the Security Analysis and Configuration snap-in for
MMC. Typically the administrator will open the appropriate Group Policy object and
select the Import Policy option. There are four types of Security Templates in
Windows 2000: Basic templates which apply the default Windows 2000 settings and
are generally applied to computers recently upgraded from Windows NT;
Compatible, which loosens the default access control policy for the Users group and
so is not considered a very secure configuration (but is necessary for some older,
legacy applications); Secure, which modifies no ACLs, but does modify settings like
password policy, audit policy, etc; and High Secure, which increases the security to a
point where there are no concerns for computer performance nor operational ease-of-
use. The thrust of these templates is to help restrict the membership of the user in the
local Power Users group, which in many security circles is considered an unsecured
configuration.
![Page 304: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/304.jpg)
Active Directory Security Solutions 289
3. What Windows 2000 security template modifies security parameters to their extreme
settings without regard to performance or ease of use?
A. Basic
B. Compatible
C. Secure
D. High Secure
4. What utility in Windows 2000 can be best used to edit Security Templates?
A. Active Directory Users and Computers
B. Active Directory Servers and Services
C. Security Template snap-in to MMC
D. Security Configuration and Analysis snap-in to MMC
![Page 305: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/305.jpg)
290 Chapter 5
3. What Windows 2000 security template modifies security parameters to their extreme
settings without regard to performance or ease of use?
A. Basic
B. Compatible
C. Secure
*D. High Secure Explanation: Windows 2000 makes a variety of Security Templates available to the
administrator for further securing the network. These templates are inactive until
imported into a Group Policy or the Security Analysis and Configuration snap-in for
MMC. Typically the administrator will open the appropriate Group Policy object and
select the Import Policy option. There are four types of Security Templates in
Windows 2000: Basic templates which apply the default Windows 2000 settings and
are generally applied to computers recently upgraded from Windows NT;
Compatible, which loosens the default access control policy for the Users group and
so is not considered a very secure configuration (but is necessary for some older,
legacy applications); Secure, which modifies no ACLs, but does modify settings like
password policy, audit policy, etc; and High Secure, which increases the security to a
point where there are no concerns for computer performance nor operational ease-of-
use. The thrust of these templates is to help restrict the membership of the user in the
local Power Users group, which in many security circles is considered an unsecured
configuration.
4. What utility in Windows 2000 can be best used to edit Security Templates?
A. Active Directory Users and Computers
B. Active Directory Servers and Services
*C. Security Template snap-in to MMC D. Security Configuration and Analysis snap-in to MMC
Explanation: Windows 2000 makes a variety of Security Templates available to the
administrator for further securing the network. These templates are inactive until
imported into a Group Policy or the Security Analysis and Configuration snap-in for
MMC. Typically the administrator will open the appropriate Group Policy object and
select the Import Policy option. Templates can be edited using the Security
Templates snap-in for MMC.
![Page 306: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/306.jpg)
Active Directory Security Solutions 291
5. What utility would an Administrator use to import or export Security Templates?
A. Active Directory Users and Computers
B. Active Directory Servers and Services
C. Security Templates snap-in for MMC
D. Security Configuration and Analysis snap-in for MMC
6. What are three Security Templates available in Windows 2000? (Choose 3)
A. User
B. Basic
C. Computer
D. Secure
E. Compatible
![Page 307: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/307.jpg)
292 Chapter 5
5. What utility would an Administrator use to import or export Security Templates?
A. Active Directory Users and Computers
B. Active Directory Servers and Services
C. Security Templates snap-in for MMC
*D. Security Configuration and Analysis snap-in for MMC Explanation: Windows 2000 makes a variety of Security Templates available to the
administrator for further securing the network. These templates are inactive until
imported into a Group Policy or the Security Analysis and Configuration snap-in for
MMC. Typically the administrator will open the appropriate Group Policy object and
select the Import Policy option. There are four types of Security Templates in
Windows 2000: Basic templates which apply the default Windows 2000 settings and
are generally applied to computers recently upgraded from Windows NT;
Compatible, which loosens the default access control policy for the Users group and
so is not considered a very secure configuration (but is necessary for some older,
legacy applications); Secure, which modifies no ACLs, but does modify settings like
password policy, audit policy, etc; and High Secure, which increases the security to a
point where there are no concerns for computer performance nor operational ease-of-
use.
6. What are three Security Templates available in Windows 2000? (Choose 3)
A. User
*B. Basic C. Computer
*D. Secure
*E. Compatible Explanation: There are four types of Security Templates in Windows 2000: basic
templates which apply the default Windows 2000 settings and are generally applied
to computers recently upgraded from Windows NT; compatible, which loosens the
default access control policy for the Users group and so is not considered a very
secure configuration (but is necessary for some older, legacy applications); Secure,
which modifies no ACLs, but does modify settings like password policy, audit
policy, etc; and high secure, which increases the security to a point where there are
no concerns for computer performance nor operational ease-of-use. The thrust of
these templates is to help restrict the membership of the user in the local Power
Users group, which in many security circles is considered an unsecured
configuration.
![Page 308: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/308.jpg)
Active Directory Security Solutions 293
7. What are group is created during the installation of Windows 2000 whose
membership may need to be altered by Security Templates?
A. Users
B. Power Users
C. Administrators
D. Server Operators
![Page 309: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/309.jpg)
294 Chapter 5
7. What are group is created during the installation of Windows 2000 whose membership
may need to be altered by Security Templates?
A. Users
*B. Power Users C. Administrators
D. Server Operators
Explanation: There are four types of Security Templates in Windows 2000: Basic
templates which apply the default Windows 2000 settings and are generally applied
to computers recently upgraded from Windows NT; Compatible, which loosens the
default access control policy for the Users group and so is not considered a very
secure configuration (but is necessary for some older, legacy applications); Secure,
which modifies no ACLs, but does modify settings like password policy, audit
policy, etc; and High Secure, which increases the security to a point where there are
no concerns for computer performance nor operational ease-of-use. The thrust of
these templates is to help restrict the membership of the user in the local Power
Users group, which in many security circles is considered an unsecured
configuration.
![Page 310: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/310.jpg)
Active Directory Security Solutions 295
8. What are four categories of events that can be audited in a Windows 2000 network?
(Choose 4)
A. Account Logon
B. Directory Service Access
C. Account Logoff
D. Object Access
E. Privilege Use
![Page 311: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/311.jpg)
296 Chapter 5
8. What are four categories of events that can be audited in a Windows 2000 network?
(Choose 4)
*A. Account Logon
*B. Directory Service Access C. Account Logoff
*D. Object Access
*E. Privilege Use Explanation: Security auditing in Windows 2000, as in Windows NT 4.0, is not enabled
by default. To enable auditing in Windows 2000, the administrator opens the Group
Policy object using the Group Policy snap-in to MMC and activates the type of
auditing desired. Types or area of auditing include: account logon events, account
management, directory service access, logon events, object access, policy change,
privilege use, process tracking and system events. Once enabled, the administrator
then activates auditing for that event in the area where security settings appear; for
example, in NTFS folders on the Auditing tab. Once the events are logged, the
administrator can view the security log using Event Viewer. Microsoft specifies a
number of areas that should be audited if you suspect a threat. For instance, for
attempts to "hack" into someone else's account the failure audit for logon/logoff can
be set. For suspected network intrusions with stolen passwords, set the success audit
for logon/logoff. Lastly, to detect virus outbreaks in the network, set success/failure
of write access to program (.exe and .dll) files.
![Page 312: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/312.jpg)
Active Directory Security Solutions 297
9. What Windows 2000 utility would an administrator use to look at security log files?
A. Event Viewer
B. Security snap-in for MMC
C. Active Directory Users and Computers
D. Security Log Viewer snap-in for MMC
![Page 313: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/313.jpg)
298 Chapter 5
9. What Windows 2000 utility would an administrator use to look at security log files?
*A. Event Viewer B. Security snap-in for MMC
C. Active Directory Users and Computers
D. Security Log Viewer snap-in for MMC
Explanation: Security auditing in Windows 2000, as in Windows NT 4.0, is not enabled
by default. To enable auditing in Windows 2000, the administrator opens the Group
Policy object using the Group Policy snap-in to MMC and activates the type of
auditing desired. Types or area of auditing include: account logon events, account
management, directory service access, logon events, object access, policy change,
privilege use, process tracking and system events. Once enabled, the administrator
then activates auditing for that event in the area where security settings appear; for
example, in NTFS folders on the Auditing tab. Once the events are logged, the
administrator can view the security log using Event Viewer. Microsoft specifies a
number of areas that should be audited if you suspect a threat. For instance, for
attempts to "hack" into someone else's account the failure audit for logon/logoff can
be set. For suspected network intrusions with stolen passwords, set the success audit
for logon/logoff. Lastly, to detect virus outbreaks in the network, set success/failure
of write access to program (.exe and .dll) files.
![Page 314: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/314.jpg)
Active Directory Security Solutions 299
10. What settings in a security audit would help the administrator detect someone
attempting to "hack" into someone else's User account?
A. Success audit for user rights
B. Success audit for logon/logoff
C. Failure audit for logon/logoff
D. Success/failure audit write access for program files (.exe and .dll files)
![Page 315: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/315.jpg)
300 Chapter 5
10. What settings in a security audit would help the administrator detect someone
attempting to "hack" into someone else's User account?
A. Success audit for user rights
B. Success audit for logon/logoff
*C. Failure audit for logon/logoff D. Success/failure audit write access for program files (.exe and .dll files)
Explanation: Security auditing in Windows 2000, as in Windows NT 4.0, is not enabled
by default. To enable auditing in Windows 2000, the administrator opens the Group
Policy object using the Group Policy snap-in to MMC and activates the type of
auditing desired. Types or area of auditing include: account logon events, account
management, directory service access, logon events, object access, policy change,
privilege use, process tracking and system events. Once enabled, the administrator
then activates auditing for that event in the area where security settings appear; for
example, in NTFS folders on the Auditing tab. Once the events are logged, the
administrator can view the security log using Event Viewer. Microsoft specifies a
number of areas that should be audited if you suspect a threat. For instance, for
attempts to "hack" into someone else's account the failure audit for logon/logoff can
be set. For suspected network intrusions with stolen passwords, set the success audit
for logon/logoff. Lastly, to detect virus outbreaks in the network, set success/failure
of write access to program (.exe and .dll) files.
![Page 316: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/316.jpg)
Active Directory Security Solutions 301
11. What settings in a security audit would help the administrator detect someone logging
onto someone else's User account using a stolen password?
A. Success audit for user rights
B. Success audit for logon
C. Failure audit for logon
D. Success/failure audit write access for program files (.exe and .dll files)
![Page 317: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/317.jpg)
302 Chapter 5
11. What settings in a security audit would help the administrator detect someone logging
onto someone else's User account using a stolen password?
A. Success audit for user rights
*B. Success audit for logon C. Failure audit for logon
D. Success/failure audit write access for program files (.exe and .dll files)
Explanation: Security auditing in Windows 2000, as in Windows NT 4.0, is not enabled
by default. To enable auditing in Windows 2000, the administrator opens the Group
Policy object using the Group Policy snap-in to MMC and activates the type of
auditing desired. Types or area of auditing include: account logon events, account
management, directory service access, logon events, object access, policy change,
privilege use, process tracking and system events. Once enabled, the administrator
then activates auditing for that event in the area where security settings appear; for
example, in NTFS folders on the Auditing tab. Once the events are logged, the
administrator can view the security log using Event Viewer. Microsoft specifies a
number of areas that should be audited if you suspect a threat. For instance, for
attempts to "hack" into someone else's account the failure audit for logon/logoff can
be set. For suspected network intrusions with stolen passwords, set the success audit
for logon/logoff. Lastly, to detect virus outbreaks in the network, set success/failure
of write access to program (.exe and .dll) files.
![Page 318: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/318.jpg)
Active Directory Security Solutions 303
12. What settings in a security audit would help the administrator detect a virus outbreak
in the network?
A. Success audit for user rights
B. Success audit for logon/logoff
C. Failure audit for logon/logoff
D. Success/failure audit write access for program files (.exe and .dll files)
![Page 319: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/319.jpg)
304 Chapter 5
12. What settings in a security audit would help the administrator detect a virus outbreak
in the network?
A. Success audit for user rights
B. Success audit for logon/logoff
C. Failure audit for logon/logoff
*D. Success/failure audit write access for program files (.exe and .dll files) Explanation: Security auditing in Windows 2000, as in Windows NT 4.0, is not enabled
by default. To enable auditing in Windows 2000, the administrator opens the Group
Policy object using the Group Policy snap-in to MMC and activates the type of
auditing desired. Types or area of auditing include: account logon events, account
management, directory service access, logon events, object access, policy change,
privilege use, process tracking and system events. Once enabled, the administrator
then activates auditing for that event in the area where security settings appear; for
example, in NTFS folders on the Auditing tab. Once the events are logged, the
administrator can view the security log using Event Viewer. Microsoft specifies a
number of areas that should be audited if you suspect a threat. For instance, for
attempts to "hack" into someone else's account the failure audit for logon/logoff can
be set. For suspected network intrusions with stolen passwords, set the success audit
for logon/logoff. Lastly, to detect virus outbreaks in the network, set success/failure
of write access to program (.exe and .dll) files.
![Page 320: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/320.jpg)
Active Directory Security Solutions 305
13. How is security auditing enabled in Windows 2000?
A. Using Event Viewer
B. Using the Security snap-in for MMC
C. Using the Group Policy snap-in for MMC
D. Using the Security Log Viewer snap-in for MMC
![Page 321: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/321.jpg)
306 Chapter 5
13. How is security auditing enabled in Windows 2000?
A. Using Event Viewer
B. Using the Security snap-in for MMC
*C. Using the Group Policy snap-in for MMC D. Using the Security Log Viewer snap-in for MMC
Explanation: Security auditing in Windows 2000, as in Windows NT 4.0, is not enabled
by default. To enable auditing in Windows 2000, the administrator opens the Group
Policy object using the Group Policy snap-in to MMC and activates the type of
auditing desired. Types or area of auditing include: account logon events, account
management, directory service access, logon events, object access, policy change,
privilege use, process tracking and system events. Once enabled, the administrator
then activates auditing for that event in the area where security settings appear; for
example, in NTFS folders on the Auditing tab. Once the events are logged, the
administrator can view the security log using Event Viewer. Microsoft specifies a
number of areas that should be audited if you suspect a threat. For instance, for
attempts to "hack" into someone else's account the failure audit for logon/logoff can
be set. For suspected network intrusions with stolen passwords, set the success audit
for logon/logoff. Lastly, to detect virus outbreaks in the network, set success/failure
of write access to program (.exe and .dll) files.
![Page 322: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/322.jpg)
Active Directory Security Solutions 307
14. What security template in Windows 2000 applies default settings and would generally
be applied to computers that have been upgraded from Windows NT?
A. Basic
B. Compatible
C. Secure
D. High Secure
![Page 323: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/323.jpg)
308 Chapter 5
14. What security template in Windows 2000 applies default settings and would generally
be applied to computers that have been upgraded from Windows NT?
*A. Basic B. Compatible
C. Secure
D. High Secure
Explanation: Windows 2000 makes a variety of Security Templates available to the
administrator for further securing the network. These templates are inactive until
imported into a Group Policy or the Security Analysis and Configuration snap-in for
MMC. Typically the administrator will open the appropriate Group Policy object and
select the Import Policy option. There are four types of Security Templates in
Windows 2000: Basic templates which apply the default Windows 2000 settings and
are generally applied to computers recently upgraded from Windows NT;
Compatible, which loosens the default access control policy for the Users group and
so is not considered a very secure configuration (but is necessary for some older,
legacy applications); Secure, which modifies no ACLs, but does modify settings like
password policy, audit policy, etc; and High Secure, which increases the security to a
point where there are no concerns for computer performance, operational ease-of-
use, etc. The thrust of these templates is to help restrict the membership of the user in
the local Power Users group, which in many security circles is considered an
unsecured configuration.
![Page 324: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/324.jpg)
Active Directory Security Solutions 309
15. As the administrator of the windows 2000 domain called mcsejobs.net, you are trying
to decide on the trust relationships to create between domains. What are the default
trust relationships in Windows 2000?
A. Transitive
B. Explicit
C. Direct one-way
D. Shortcut
16. As the administrator of the mcsejobs.net Windows 2000 directory service, you are
responsible for the creation, management and deletion of all the objects in the
directory. You are also the DNS administrator for the mcsejobs.net namespace that
all of the objects are created in. Your user naming convention is the user's first initial
and last name. You have recently hired a summer student named Chloe Ward to
assist you in your responsibilities and are explaining the concept of a User Principal
Name. To demonstrate this, you open Active Directory Users and Computers and
select Chloe's account within the mcsejobs.net domain. What is the User Principal
Name of Chloe's account?
A. mcsejobs\cward
B. mcsejobs.net\cward
D. cward@mcsejobs
![Page 325: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/325.jpg)
310 Chapter 5
15. As the administrator of the windows 2000 domain called mcsejobs.net, you are trying
to decide on the trust relationships to create between domains. What are the default
trust relationships in Windows 2000?
*A. Transitive B. Explicit
C. Direct one-way
D. Shortcut
Explanation: Transitive trusts are the default trust relationships created between domains
in a forest in Windows 2000. Explicit trusts can be created with Active Directory
Domains and Trusts and are one-way trust relationships. Direct one-way trusts could
also be considered explicit trusts. Shortcut trusts are used to create a direct
connection between two domains in a forest and allow users in those domains to
directly access resources without following the default trust structure.
16. As the administrator of the mcsejobs.net Windows 2000 directory service, you are
responsible for the creation, management and deletion of all the objects in the
directory. You are also the DNS administrator for the mcsejobs.net namespace that
all of the objects are created in. Your user naming convention is the user's first initial
and last name. You have recently hired a summer student named Chloe Ward to
assist you in your responsibilities and are explaining the concept of a User Principal
Name. To demonstrate this, you open Active Directory Users and Computers and
select Chloe's account within the mcsejobs.net domain. What is the User Principal
Name of Chloe's account?
A. mcsejobs\cward
B. mcsejobs.net\cward
*C. [email protected] D. cward@mcsejobs
Explanation: A User Principal Name is composed of the user's logon name and the DNS
domain name where the user object resides. In this question, Chloe's logon name is
cward and the name of the domain is mcsejobs.net. Therefore, Chloe's user principal
name would be [email protected]. Mcsejobs\cward is Chloe's NetBIOS logon
name, which can be used on both Windows 2000 and Windows NT 4 computers.
Cward@mcsejobs is not correct as it does not contain the entire domain component.
[email protected] is not correct as Chloe.ward is not Chloe's logon name.
![Page 326: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/326.jpg)
Active Directory Security Solutions 311
17. What is the Slang word for Greenwich Mean Time?
A.
18. What is an application compatibility script used for?
A. To modify an application to function better in a multi-user environment.
B. To make an application that normally would not run on Windows 2000 run with
Windows 2000 Terminal Services.
C. To test the compatibility of an application in a terminal services environment.
D. To configure a single-user application to run in multi-user mode.
![Page 327: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/327.jpg)
312 Chapter 5
17. What is the Slang word for Greenwich Mean Time?
*A. Zulu time Explanation: Zulu Time is the Slang word for Greenwich Mean Time.
18. What is an application compatibility script used for?
*A. To modify an application to function better in a multi-user environment. B. To make an application that normally would not run on Windows 2000 run with
Windows 2000 Terminal Services.
C. To test the compatibility of an application in a terminal services environment.
D. To configure a single-user application to run in multi-user mode.
Explanation: Application compatibility scripts, included with Terminal Services, modify
applications to function better in a multi-user environment by modifying global
registry settings and disabling functions that might decrease system performance.
![Page 328: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/328.jpg)
Notes:
![Page 329: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/329.jpg)
314 Chapter 6
Introduction
The installation of Windows 2000 can be automated using Microsoft’s Remote
Installation Services (RIS). RIS consists of three main components, RIS servers, CD-
based or RIPrep images and RIS clients. The clients connect to the RIS servers using a
RIS boot disk, and then download the image to install Windows 2000. Additional
configuration of the operating system can be customized through the use of an
unattend.txt answer file.
![Page 330: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/330.jpg)
Remote Installation Services Configuration 315
Chapter 6: Remote Installation Services Configuration
The objective of this chapter is to provide the reader with an
•
•
•
•
understanding of the following:
The use of Remote Installation Service (RIS) to install Windows 2000
remotely
The use of CD-based and RIPrep images in RIS
How to create a RIS boot disk
How to troubleshoot RIS
1. What are three benefits of Remote OS Installation Services in Windows 2000?
(Choose 3)
A. Enables remote installation of Windows 2000 Professional.
B. Detects plug-and-play hardware during setup.
C. Simplifies the installation of third-party application programs.
D. Support operating system recovery in the event of failure.
2. What three network services must be available for RIS to be installed in a Windows
2000 network? (Choose 3)
A. DNS
B. DHCP
C. Group Policies
D. Active Directory
E. Software Installation and Maintenance
![Page 331: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/331.jpg)
316 Chapter 6
1. What are three benefits of Remote OS Installation Services in Windows 2000?
(Choose 3)
*A. Enables remote installation of Windows 2000 Professional.
*B. Detects plug-and-play hardware during setup. C. Simplifies the installation of third-party application programs.
*D. Support operating system recovery in the event of failure. Explanation: Windows 2000 Remote OS Installation Services (RIS) allows the
installation of Windows 2000 throughout a network from a central location. It
enables remote installation of Windows 2000 Professional, simplifies server image
management, provides for recovery of the original operating system in the event of
failure, retains security settings and lowers the Total Cost of Ownership (TCO) of
the network.
2. What three network services must be available for RIS to be installed in a Windows
2000 network? (Choose 3)
*A. DNS
*B. DHCP C. Group Policies
*D. Active Directory E. Software Installation and Maintenance
Explanation: Windows 2000 Remote OS Installation Services (RIS) allows the
installation of Windows 2000 throughout a network from a central location. It
enables remote installation of Windows 2000 Professional, simplifies server image
management, provides for recovery of the original operating system in the event of
failure, retains security settings and lowers the Total Cost of Ownership (TCO) of
the network. A Windows 2000 Server, either member server or domain controller,
must host RIS. Additionally, DNS, DHCP and Active Directory must be available on
the network.
![Page 332: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/332.jpg)
Remote Installation Services Configuration 317
3. What are two ways to install RIS on a Windows 2000 server? (Choose 2)
A. During the installation of Windows 2000.
B. Using the RIS Setup Wizard
C. Using Configure Your Server from Administrative Tools.
D. From Network - Services you choose RIS.
4. What are three requirements of the shared volume on which RIS is installed on a
Windows 2000 server? (Choose 3)
A. The shared volume must be formatted with NTFS.
B. The shared volume must be on the same drive that is running Windows 2000 server.
C. The shared volume cannot be used for any other user access.
D. The shared volume must be large enough to hold the RIS software and the various
images.
E. The shared volume cannot be on the drive containing Windows 2000 system files.
![Page 333: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/333.jpg)
318 Chapter 6
3. What are two ways to install RIS on a Windows 2000 server? (Choose 2)
*A. During the installation of Windows 2000. B. Using the RIS Setup Wizard
*C. Using Configure Your Server from Administrative Tools. D. From Network - Services you choose RIS.
Explanation: Windows 2000 Remote OS Installation Services (RIS) allows the
installation of Windows 2000 throughout a network from a central location. It
enables remote installation of Windows 2000 Professional, simplifies server image
management, provides for recovery of the original operating system in the event of
failure, retains security settings and lowers the Total Cost of Ownership (TCO) of
the network. A Windows 2000 Server, either member server or domain controller,
must host RIS. Additionally, DNS, DHCP and Active Directory must be available on
the network. RIS is installed by the Remote Installation Services Setup Wizard,
which can be invoked by either typing risetup in Start-Run, by using the Windows
Components Setup program in Add/Remove Programs, or it can be installed during
the initial install of Windows 2000 on the server.
4. What are three requirements of the shared volume on which RIS is installed on a
Windows 2000 server? (Choose 3)
*A. The shared volume must be formatted with NTFS. B. The shared volume must be on the same drive that is running Windows 2000
server.
C. The shared volume cannot be used for any other user access.
*D. The shared volume must be large enough to hold the RIS software and the
various images.
*E. The shared volume cannot be on the drive containing Windows 2000 system
files. Explanation: Windows 2000 Remote OS Installation Services (RIS) allows the
installation of Windows 2000 throughout a network from a central location. It
enables remote installation of Windows 2000 Professional, simplifies server image
management, provides for recovery of the original operating system in the event of
failure, retains security settings and lowers the Total Cost of Ownership (TCO) of
the network. A Windows 2000 Server, either member server or domain controller,
must host RIS. Additionally, DNS, DHCP and Active Directory must be available on
the network. Finally, RIS must be installed on an NTFS volume that is shared over
the network, with enough space to hold RIS and the necessary images and the
volume cannot be running Windows 2000.
![Page 334: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/334.jpg)
Remote Installation Services Configuration 319
5. What command will start the RIS Installation Services Setup Wizard?
A. Start-Run-riswiz
B. Start-Run-ris.exe
C. Start-Run-risetup
D. Start-Run-ristart
6. What are three tasks performed by the RIS Installation Services Setup Wizard?
(Choose 3)
A. Installs RIS on the server.
B. Creates a RIS folder structure.
C. Creates a Windows 2000 Professional image from the CD ROM.
D. Creates a boot disk for client computers.
E. Starts the RIS service.
![Page 335: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/335.jpg)
320 Chapter 6
5. What command will start the RIS Installation Services Setup Wizard?
A. Start-Run-riswiz
B. Start-Run-ris.exe
*C. Start-Run-risetup D. Start-Run-ristart
Explanation: A Windows 2000 Server, either member server or domain controller, must
host RIS. Additionally, DNS, DHCP and Active Directory must be available on the
network. RIS is installed by the Remote Installation Services Setup Wizard, which
can be invoked by either typing risetup in Start-Run, by using the Windows
Components Setup program in Add/Remove Programs, or it can be installed during
the initial install of Windows 2000 on the server.
6. What are three tasks performed by the RIS Installation Services Setup Wizard?
(Choose 3)
A. Installs RIS on the server.
*B. Creates a RIS folder structure.
*C. Creates a Windows 2000 Professional image from the CD ROM. D. Creates a boot disk for client computers.
*E. Starts the RIS service. Explanation: A Windows 2000 Server, either member server or domain controller, must
host RIS. Additionally, DNS, DHCP and Active Directory must be available on the
network. RIS is installed by the Remote Installation Services Setup Wizard, which
can be invoked by either typing risetup in Start-Run, by using the Windows
Components Setup program in Add/Remove Programs, or it can be installed during
the initial install of Windows 2000 on the server. Once the Wizard runs, a RIS folder
structure is created, supporting RIS files are copied to the server, a CD-based image
of Windows 2000 Professional is created and RIS services are started.
![Page 336: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/336.jpg)
Remote Installation Services Configuration 321
7. What is the default setting for Initial Settings in RIS after the Setup Wizard has run?
A. The server will respond to all client requests.
B. The server will not respond to any client requests.
C. The server will only respond to clients that have pre-configured computer accounts.
D. The server will only respond to client computers that have connected with the RIS
boot disk.
8. Through which Windows 2000 service does the administrator authorize a RIS server?
A. DHCP
B. DNS
C. Active Directory
D. RIS
![Page 337: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/337.jpg)
322 Chapter 6
7. What is the default setting for Initial Settings in RIS after the Setup Wizard has run?
A. The server will respond to all client requests.
*B. The server will not respond to any client requests. C. The server will only respond to clients that have pre-configured computer
accounts.
D. The server will only respond to client computers that have connected with the
RIS boot disk.
Explanation: RIS is installed by the Remote Installation Services Setup Wizard, which
can be invoked by either typing risetup in Start-Run, by using the Windows
Components Setup program in Add/Remove Programs, or it can be installed during
the initial install of Windows 2000 on the server. Once the Wizard runs, a RIS folder
structure is created, supporting RIS files are copied to the server, a CD-based image
of Windows 2000 Professional is created and RIS services are started. Initially RIS is
set to not respond to client requests. After installing RIS, the administrator will have
to enable the RIS server to respond to client requests by enabling DHCP services on
the server and authorizing the RIS service. If the server is already a DHCP server,
then the authorizing is DHCP console is all that is necessary.
8. Through which Windows 2000 service does the administrator authorize a RIS server?
*A. DHCP B. DNS
C. Active Directory
D. RIS
Explanation: RIS is installed by the Remote Installation Services Setup Wizard, which
can be invoked by either typing risetup in Start-Run, by using the Windows
Components Setup program in Add/Remove Programs, or it can be installed during
the initial install of Windows 2000 on the server. Once the Wizard runs, a RIS folder
structure is created, supporting RIS files are copied to the server, a CD-based image
of Windows 2000 Professional is created and RIS services are started. Initially RIS is
set to not respond to client requests. After installing RIS, the administrator will have
to enable the RIS server to respond to client requests by enabling DHCP services on
the server and authorizing the RIS service. If the server is already a DHCP server,
then the authorizing is DHCP console is all that is necessary.
![Page 338: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/338.jpg)
Remote Installation Services Configuration 323
9. What right must users have in Active Directory to install a RIS image on their
computer?
A. Users must have Write to the parent container.
B. Users must have Add/Change to the parent container.
C. Users must have the Create Computer object permission in the parent container.
D. Users must have the Register Computer permission in the parent container.
10. What two ways can a user initiate a remote installation on a client computer using
RIS? (Choose 2)
A. By pressing F12 after they turn on their computers.
B. By pressing CTL+ F12 after they turn on their computer.
C. By booting their system with a RIS boot disk.
D. By double-clicking on the RIS icon the administrator has delivered to the desktop.
![Page 339: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/339.jpg)
324 Chapter 6
9. What right must users have in Active Directory to install a RIS image on their
computer?
A. Users must have Write to the parent container.
B. Users must have Add/Change to the parent container.
*C. Users must have the Create Computer object permission in the parent
container. D. Users must have the Register Computer permission in the parent container.
Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. Initially RIS is set to not respond to client requests. After installing RIS,
the administrator will have to enable the RIS server to respond to client requests by
enabling DHCP services on the server and authorizing the RIS service. If the server
is already a DHCP server, then the authorizing is DHCP console is all that is
necessary. Finally, clients need the right to create computers accounts in Active
Directory. The administrator needs to do this in the appropriate OU.
10. What two ways can a user initiate a remote installation on a client computer using
RIS? (Choose 2)
*A. By pressing F12 after they turn on their computers. B. By pressing CTL+ F12 after they turn on their computer.
*C. By booting their system with a RIS boot disk. D. By double-clicking on the RIS icon the administrator has delivered to the
desktop.
Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. Initially RIS is set to not respond to client requests. After installing RIS,
the administrator will have to enable the RIS server to respond to client requests by
enabling DHCP services on the server and authorizing the RIS service. If the server
is already a DHCP server, then the authorizing is DHCP console is all that is
necessary. Finally, clients need the right to create computers accounts in Active
Directory. The administrator needs to do this in the appropriate OU. Once
configured, users request a remote installation by either pressing F12 after they turn
on their computers or by using a RIS boot disk. In either case, the user is presented a
menu with four options: automatic setup, custom setup, restart a previous attempt
and maintenance and troubleshooting.
![Page 340: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/340.jpg)
Remote Installation Services Configuration 325
11. What are three options presented to the users when initiating a remote installation
using RIS? (Choose 3)
A. Automatic Setup
B. Boot Setup
C. Custom Setup
D. Restart a Previous Setup Attempt
E. Restore to Previous Operating System
![Page 341: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/341.jpg)
326 Chapter 6
11. What are three options presented to the users when initiating a remote installation
using RIS? (Choose 3)
*A. Automatic Setup B. Boot Setup
*C. Custom Setup
*D. Restart a Previous Setup Attempt E. Restore to Previous Operating System
Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. Initially RIS is set to not respond to client requests. After installing RIS,
the administrator will have to enable the RIS server to respond to client requests by
enabling DHCP services on the server and authorizing the RIS service. If the server
is already a DHCP server, then the authorizing is DHCP console is all that is
necessary.
Finally, clients need the right to create computers accounts in Active Directory. The
administrator needs to do this in the appropriate OU. Once configured, users request
a remote installation by either pressing F12 after they turn on their computers or by
using a RIS boot disk. In either case, the user is presented a menu with four options:
automatic setup, custom setup, restart a previous attempt and maintenance and
troubleshooting.
![Page 342: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/342.jpg)
Remote Installation Services Configuration 327
12. As the network administrator for BFQ, Inc. you are going to use RIS to install
Windows 2000 Professional on 200 client computers. You have 125 computers with
identical network adapters that support the PXE specification, and 75 computers with
three different adapters that do not support the specification. How many RIS boot
disks will you need to create to enable RIS on the client computers?
A. 1
B. 2
C. 3
D. 4
E. 5
![Page 343: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/343.jpg)
328 Chapter 6
12. As the network administrator for BFQ, Inc. you are going to use RIS to install
Windows 2000 Professional on 200 client computers. You have 125 computers with
identical network adapters that support the PXE specification, and 75 computers with
three different adapters that do not support the specification. How many RIS boot
disks will you need to create to enable RIS on the client computers?
*A. 1 B. 2
C. 3
D. 4
E. 5
Explanation: Users request a remote installation by either pressing F12 after they turn on
their computers (if their network adapter meets the PXE specification) or by using a
RIS boot disk if their network adapter does not meet PXE specs. In either case, the
user is presented a menu with four options: automatic setup, custom setup, restart a
previous attempt and maintenance and troubleshooting. RIS boot disks are created by
using rbfg.exe found in \\RISserver\reminsf\admin\i386. The same RIS boot disk can
be used on multiple computers, and is not adapter-specific. Even if the adapter is not
on the supported list, the boot disk may still work.
![Page 344: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/344.jpg)
Remote Installation Services Configuration 329
13. Your network adapter is not on the list of supported adapters for creating a RIS boot
disk. What is your next option for enabling remote installation for these computers?
A. You can download an updated RIS boot image from Microsoft's web site.
B. Even though the adapter is not listed, you should still check to see if the boot disk
works,
C. You have no option; you must replace the adapters with a compatible type.
D. You must use an updated driver for the network adapter to enable remote installation
(if there is a an RIS enabled one) .
14. What are three remote installation options that you can configure to determine how
the RIS server responds to client requests? (Choose 3)
A. Configuring Client Computer Names and Locations
B. Pre-Staging Client Computers
C. Unattended Client Installation
D. Configuring Client Installation Options
E. Additional Client Software Installations
![Page 345: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/345.jpg)
330 Chapter 6
13. Your network adapter is not on the list of supported adapters for creating a RIS boot
disk. What is your next option for enabling remote installation for these computers?
A. You can download an updated RIS boot image from Microsoft's web site.
*B. Even though the adapter is not listed, you should still check to see if the boot
disk works, C. You have no option; you must replace the adapters with a compatible type.
D. You must use an updated driver for the network adapter to enable remote
installation (if there is a an RIS enabled one) .
Explanation: Users request a remote installation by either pressing F12 after they turn on
their computers (if their network adapter meets the RXE specification) or by using a
RIS boot disk if their network adapter does not meet RXE specs. In either case, the
user is presented a menu with four options: automatic setup, custom setup, restart a
previous attempt and maintenance and troubleshooting. RIS boot disks are created by
using rbfg.exe found in \\RISserver\reminsf\admin\i386. The same RIS boot disk can
be used on multiple computers, and is not adapter-specific. Even if the adapter is not
on the supported list, the boot disk may still work.
14. What are three remote installation options that you can configure to determine how
the RIS server responds to client requests? (Choose 3)
*A. Configuring Client Computer Names and Locations
*B. Pre-Staging Client Computers C. Unattended Client Installation
*D. Configuring Client Installation Options E. Additional Client Software Installations
Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. Before clients attempt to connect to the RIS server, the administrator can
configure in Group Policy in Active Directory Users and Computers how the server
will respond. The options are configuring client computer names and locations,
which allows users to create computer accounts, pre-staging client computers, which
pre-creates a computers account for each installation, configuring client installation
options, which further specifies the options the client will be presented with during
the installation, configuring maintenance and troubleshooting tools, which may allow
users access to some diagnostic utilities and lastly activating client support, where
the administrator specifies how the RIS server will respond to client requests.
![Page 346: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/346.jpg)
Remote Installation Services Configuration 331
15. What tool is used to configure client names and locations for client computers
accessing an RIS server for Windows 2000 Professional installation?
A. RIS Setup Wizard
B. Active Directory Users and Computers
C. Administrative Tools - RIS Configuration
D. Active Directory Domains and Services
16. What does RIS use for the default computer name when performing a remote
installation?
A. The original NetBIOS computer name.
B. The user name of the user performing the installation with an incremental number
appended.
C. The name specified by a text file created before the installation by an administrator.
D. RIS generates a random 8-character name for the computer.
![Page 347: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/347.jpg)
332 Chapter 6
15. What tool is used to configure client names and locations for client computers
accessing an RIS server for Windows 2000 Professional installation?
A. RIS Setup Wizard
*B. Active Directory Users and Computers C. Administrative Tools - RIS Configuration
D. Active Directory Domains and Services
Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. Before clients attempt to connect to the RIS server, the administrator can
configure in Group Policy in Active Directory Users and Computers how the server
will respond. The options are configuring client computer names and locations,
which allows users to create computer accounts using pre-set naming conventions,
pre-staging client computers, which pre-creates a computers account for each
installation, configuring client installation options, which further specifies the
options the client will be presented with during the installation, configuring
maintenance and troubleshooting tools, which may allow users access to some
diagnostic utilities and lastly activating client support, where the administrator
specifies how the RIS server will respond to client requests.
16. What does RIS use for the default computer name when performing a remote
installation?
A. The original NetBIOS computer name.
*B. The user name of the user performing the installation with an incremental
number appended. C. The name specified by a text file created before the installation by an
administrator.
D. RIS generates a random 8-character name for the computer.
Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. Before clients attempt to connect to the RIS server, the administrator can
configure in Group Policy in Active Directory Users and Computers how the server
will respond. The options are configuring client computer names and locations,
which allows users to create computer accounts using pre-set naming conventions.
By default, RIS will name the computers after the users who create them.
![Page 348: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/348.jpg)
Remote Installation Services Configuration 333
17. What are two reasons for using the Pre-staging Client Computers option in RIS client
configuration? (Choose 2)
A. Pre-staging allows users to install Windows 2000 Professional without being
concerned about
which RIS server is servicing their installation.
B. Pre-staging allows RIS servers to be load balanced by pre-assigning RIS servers.
C. Pre-staging is done primarily for security reasons.
D. Pre-staging simplifies the remote installation process.
18. Where in Windows 2000 does the administrator configure the four installation
options that are presented to users at the start of a remote installation?
A. RIS Setup Wizard
B. RIS Client Boot Disk
C. Group Policy
D. RIS server - System Properties
![Page 349: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/349.jpg)
334 Chapter 6
17. What are two reasons for using the Pre-staging Client Computers option in RIS client
configuration? (Choose 2)
A. Pre-staging allows users to install Windows 2000 Professional without being
concerned about
which RIS server is servicing their installation.
*B. Pre-staging allows RIS servers to be load balanced by pre-assigning RIS servers.
*C. Pre-staging is done primarily for security reasons. D. Pre-staging simplifies the remote installation process.
Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. Before clients attempt to connect to the RIS server, the administrator can
configure in Group Policy in Active Directory Users and Computers how the server
will respond. Pre-staging client computers, which pre-creates a computer’s account
for each installation, is done primarily for security reasons. Pre-staging can also
provide load balancing of the installation process on the network.
18. Where in Windows 2000 does the administrator configure the four installation
options that are presented to users at the start of a remote installation?
A. RIS Setup Wizard
B. RIS Client Boot Disk
*C. Group Policy D. RIS server - System Properties
Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. Before clients attempt to connect to the RIS server, the administrator can
configure in Group Policy in Active Directory Users and Computers how the server
will respond. One of the options is Configuring Client Installation Options, which
specifies the options the client will be presented with during the installation. The
administrator can allow, deny or let the specific setting be inherited from the parent
GPO. In any case, the individual choices that may be allowed (or denied) are
automatic setup, custom setup, restart from a previous Setup attempt and
maintenance and troubleshooting. By default, Automatic Setup is enabled when you
first install RIS.
![Page 350: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/350.jpg)
Remote Installation Services Configuration 335
19. What option is used by default when you install RIS?
A. Automatic Setup
B. Custom Setup
C. Restart from a Previous Attempt
D. Maintenance and Troubleshooting
![Page 351: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/351.jpg)
336 Chapter 6
19. What option is used by default when you install RIS?
*A. Automatic Setup B. Custom Setup
C. Restart from a Previous Attempt
D. Maintenance and Troubleshooting
Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. Before clients attempt to connect to the RIS server, the administrator can
configure in Group Policy in Active Directory Users and Computers how the server
will respond. One of the options is Configuring Client Installation Options, which
specifies the options the client will be presented with during the installation. The
administrator can allow, deny or let the specific setting be inherited from the parent
GPO. In any case, the individual choices that may be allowed (or denied) are
automatic setup, custom setup, restart from a previous Setup attempt and
maintenance and troubleshooting. By default, Automatic Setup is enabled when you
first install RIS.
![Page 352: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/352.jpg)
Remote Installation Services Configuration 337
20. What are two tasks that can be performed using the Maintenance and Troubleshooting
option of the RIS Client Installation? (Choose 2)
A. Restart the RIS installation.
B. Upgrade flash BIOS.
C. Create a RIS boot disk.
D. Diagnose hardware-related problems.
![Page 353: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/353.jpg)
338 Chapter 6
20. What are two tasks that can be performed using the Maintenance and Troubleshooting
option of the RIS Client Installation? (Choose 2)
A. Restart the RIS installation.
*B. Upgrade flash BIOS. C. Create a RIS boot disk.
*D. Diagnose hardware-related problems. Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. Before clients attempt to connect to the RIS server, the administrator can
configure in Group Policy in Active Directory Users and Computers how the server
will respond. One of the options is Configuring Client Installation Options, which
specifies the options the client will be presented with during the installation. The
administrator can allow, deny or let the specific setting be inherited from the parent
GPO. In any case, the individual choices that may be allowed (or denied) are
automatic setup, custom setup, restart from a previous Setup attempt and
maintenance and troubleshooting. By default, Automatic Setup is enabled when you
first install RIS. Maintenance and troubleshooting allows the users to install tools
from third-party vendors, diagnose hardware problems, configure optional BIOS
settings or even upgrade flash BIOS.
![Page 354: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/354.jpg)
Remote Installation Services Configuration 339
21. During the remote installation of Windows 2000 using RIS servers, your client
computer displays a DHCP error message, but not a BINL message. What two
troubleshooting steps should you take? (Choose 2)
A. Verify that the RIS server is online and authorized.
B. Stop and start the NetPC Boot Service Manager on the RIS server.
C. In the Remote Disk Boot Generator utility, verify that the network adapter is supported
by RIS.
D. Make sure that DHCP packets are being routed.
22. During the remote installation of Windows 2000 using RIS servers, your client
computer displays the BINL error message but cannot connect to the RIS server.
What is the probable solution to this error?
A. Verify that the RIS server is online and authorized.
B. Stop and start the NetPC Boot Service Manager on the RIS server.
C. In the Remote Disk Boot Generator utility, verify that the network adapter is supported
by RIS.
D. Make sure that DHCP packets are being routed.
![Page 355: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/355.jpg)
340 Chapter 6
21. During the remote installation of Windows 2000 using RIS servers, your client
computer displays a DHCP error message, but not a BINL message. What two
troubleshooting steps should you take? (Choose 2)
*A. Verify that the RIS server is online and authorized. B. Stop and start the NetPC Boot Service Manager on the RIS server.
C. In the Remote Disk Boot Generator utility, verify that the network adapter is
supported by RIS.
*D. Make sure that DHCP packets are being routed. Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. Initially RIS is set to not respond to client requests. After installing RIS,
the administrator will have to enable the RIS server to respond to client requests by
enabling DHCP services on the server and authorizing the RIS service. If the server
is already a DHCP server, then the authorizing is DHCP console is all that is
necessary. If client computers display a DHCP error but not a BINL error, then
verify that the server is online and that DHCP packets are being routed on the
network.
22. During the remote installation of Windows 2000 using RIS servers, your client
computer displays the BINL error message but cannot connect to the RIS server.
What is the probable solution to this error?
A. Verify that the RIS server is online and authorized.
*B. Stop and start the NetPC Boot Service Manager on the RIS server. C. In the Remote Disk Boot Generator utility, verify that the network adapter is
supported by RIS.
D. Make sure that DHCP packets are being routed.
Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. Initially RIS is set to not respond to client requests. After installing RIS,
the administrator will have to enable the RIS server to respond to client requests by
enabling DHCP services on the server and authorizing the RIS service. If the server
is already a DHCP server, then the authorizing is DHCP console is all that is
necessary. If the client computers are displaying a BINL error but cannot connect to
the RIS server, then the administrator should stop and restart the NetPC Boot Service
Manager (BINLSVC) service on the RIS server.
![Page 356: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/356.jpg)
Remote Installation Services Configuration 341
23. During the remote installation of Windows 2000 using RIS servers, your client
computer cannot connect to the RIS server using the RIS boot disk. What do you
check to resolve the problem?
A. Verify that the RIS server is online and authorized.
B. Stop and start the NetPC Boot Service Manager on the RIS server.
C. In the Remote Disk Boot Generator utility, verify that the network adapter is supported
by RIS.
D. Make sure that DHCP packets are being routed.
24. What are two types of images supported by RIS in Windows 2000? (Choose 2)
A. CD-based images
B. Boot images
C. RIPrep images
D. Ghost images
![Page 357: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/357.jpg)
342 Chapter 6
23. During the remote installation of Windows 2000 using RIS servers, your client
computer cannot connect to the RIS server using the RIS boot disk. What do you
check to resolve the problem?
A. Verify that the RIS server is online and authorized.
B. Stop and start the NetPC Boot Service Manager on the RIS server.
*C. In the Remote Disk Boot Generator utility, verify that the network adapter is
supported by RIS. D. Make sure that DHCP packets are being routed.
Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. Initially RIS is set to not respond to client requests. After installing RIS,
the administrator will have to enable the RIS server to respond to client requests by
enabling DHCP services on the server and authorizing the RIS service. If the server
is already a DHCP server, then the authorizing is DHCP console is all that is
necessary. If client computers display no error message, yet are unable to connect to
the RIS server, then verify that the RIS boot disk supports the adapter in the
computer.
24. What are two types of images supported by RIS in Windows 2000? (Choose 2)
*A. CD-based images B. Boot images
*C. RIPrep images D. Ghost images
Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. A standard answer file (Ristndrd.sif) is also created for use with the CD-
based image. Additional answer files can be created using a text editor or the
Windows 2000 Setup Manager Wizard. Using the Remote Installation Preparation
Wizard, the administrator can also create a RIPrep image for use in RIS installations.
![Page 358: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/358.jpg)
Remote Installation Services Configuration 343
25. What two of the following are created by default when you install RIS on a Windows
2000 server? (Choose 2)
A. CD-based image
B. RIPrep image
C. Ristndrd.sif file
D. RIPans.inf file
26. What utility can you use to easily create an answer file for the unattended remote
installation of Windows 2000 on multiple computers using RIS?
A. Active Directory Users and Computers
B. RIS Setup Wizard
C. Windows 2000 Setup Manager Wizard
D. Remote Installation Preparation Wizard
![Page 359: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/359.jpg)
344 Chapter 6
25. What two of the following are created by default when you install RIS on a Windows
2000 server? (Choose 2)
*A. CD-based image B. RIPrep image
*C. Ristndrd.sif file D. RIPans.inf file
Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. A standard answer file (Ristndrd.sif) is also created for use with the CD-
based image. Additional answer files can be created using a text editor or the
Windows 2000 Setup Manager Wizard. Using the Remote Installation Preparation
Wizard, the administrator can also create a RIPrep image for use in RIS installations.
26. What utility can you use to easily create an answer file for the unattended remote
installation of Windows 2000 on multiple computers using RIS?
A. Active Directory Users and Computers
B. RIS Setup Wizard
*C. Windows 2000 Setup Manager Wizard D. Remote Installation Preparation Wizard
Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. A standard answer file (Ristndrd.sif) is also created for use with the CD-
based image. Additional answer files can be created using a text editor or the
Windows 2000 Setup Manager Wizard. Using the Remote Installation Preparation
Wizard, the administrator can also create a RIPrep image for use in RIS installations.
![Page 360: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/360.jpg)
Remote Installation Services Configuration 345
27. What are three levels of user interaction that can be set during the creation of an
answer file with the Windows 2000 Setup Manager Wizard? (Choose 3)
A. Fully Automated
B. Custom
C. Read Only
D. GUI Attended
E. Text only
![Page 361: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/361.jpg)
346 Chapter 6
27. What are three levels of user interaction that can be set during the creation of an
answer file with the Windows 2000 Setup Manager Wizard? (Choose 3)
*A. Fully Automated B. Custom
*C. Read Only
*D. GUI Attended E. Text only
Explanation: Additional answer files can be created using a text editor or the Windows
2000 Setup Manager Wizard. The first setting in the answer file determines the level
of user interaction. The next setting configures how the administrator password will
be provided during installation. Then display settings, network settings additional
settings (time zone, telephony, etc.), printers and initial logon. The five options for
user interaction are: provide defaults, which displays all setup pages for the user,
fully automated, where the installation is unattended, hide pages, which displays
only setup pages with missing information that you have pre-filled with a default that
the user can change, read only, which is the same as hide pages but users cannot
change your pre-sets, and GUI attended, which automates only the text portion of the
setup and requires the users to complete the GUI portion manually.
![Page 362: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/362.jpg)
Remote Installation Services Configuration 347
28. What selection for administrator password in the configuration of an answer file for
RIS will prevent an unattended installation?
A. When the system first boots, automatically log on as administrator.
B. Use the following administrator password.
C. Prompt the user for an administrator password.
![Page 363: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/363.jpg)
348 Chapter 6
28. What selection for administrator password in the configuration of an answer file for
RIS will prevent an unattended installation?
A. When the system first boots, automatically log on as administrator.
B. Use the following administrator password.
*C. Prompt the user for an administrator password. Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. A standard answer file (Ristndrd.sif) is also created for use with the CD-
based image. Additional answer files can be created using a text editor or the
Windows 2000 Setup Manager Wizard. The first setting in the answer file
determines the level of user interaction. The next setting configures how the
administrator password will be provided during installation. Then display settings,
network settings additional settings (time zone, telephony, etc.), printers and initial
logon. The second setting is how the administrator password is set on the client
computers during install. The three options are: prompt the user for an administrator
password, which provides the best security, use the following administrator
password, which allows for a completely unattended install with some security, and
when system first boots, automatically log on as administrator, which provides the
least security.
![Page 364: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/364.jpg)
Remote Installation Services Configuration 349
29. What selection for administrator password in the configuration of an answer file for
RIS is the least secure?
A. When the system first boots, automatically log on as administrator.
B. Use the following administrator password.
C. Prompt the user for an administrator password.
30. What option in Network Settings would you choose in the Windows 2000 Setup
Manager Wizard to automatically enable DHCP on the client computer?
A. Typical Settings
B. Custom Settings
C. Networking Components
D. Number of Network Adapters
![Page 365: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/365.jpg)
350 Chapter 6
29. What selection for administrator password in the configuration of an answer file for
RIS is the least secure?
*A. When the system first boots, automatically log on as administrator. B. Use the following administrator password.
C. Prompt the user for an administrator password.
Explanation: A standard answer file (Ristndrd.sif) is also created for use with the CD-
based image. Additional answer files can be created using a text editor or the
Windows 2000 Setup Manager Wizard. The first setting in the answer file
determines the level of user interaction. The next setting configures how the
administrator password will be provided during installation. Then display settings,
network settings additional settings (time zone, telephony, etc.), printers and initial
logon. The second setting is how the administrator password is set on the client
computers during install. The three options are: prompt the user for an administrator
password, which provides the best security, use the following administrator
password, which allows for a completely unattended install with some security, and
when system first boots, automatically log on as administrator, which provides the
least security.
30. What option in Network Settings would you choose in the Windows 2000 Setup
Manager Wizard to automatically enable DHCP on the client computer?
*A. Typical Settings B. Custom Settings
C. Networking Components
D. Number of Network Adapters
Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. A standard answer file (Ristndrd.sif) is also created for use with the CD-
based image. Additional answer files can be created using a text editor or the
Windows 2000 Setup Manager Wizard Within the answer file, networking settings
need to be configured. The Setup Wizard provides for typical settings, which installs
DHCP and the Client for Microsoft Networks, and custom settings, within which the
number of network adapters, settings for each, TCP/IP settings, additional services,
etc. can be specified.
![Page 366: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/366.jpg)
Remote Installation Services Configuration 351
31. What option in Network Settings would you choose in the Windows 2000 Setup
Manager Wizard to add IPX/SPX to the network adapter?
A. Typical Settings
B. Optional Settings
C. Number of Network Adapters
D. Networking Components
32. How is the default printer specified in the answer file that you create with the
Windows 2000 Setup Manager Wizard?
A. The default printer is specified during configuration by selection in the GUI.
B. The user selects the default printer during the remote installation.
C. The default printer is always the first printer listed in the printers specified during the
configuration process.
D. The default printer is the printer that is currently the default printer for the user.
![Page 367: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/367.jpg)
352 Chapter 6
31. What option in Network Settings would you choose in the Windows 2000 Setup
Manager Wizard to add IPX/SPX to the network adapter?
A. Typical Settings
B. Optional Settings
C. Number of Network Adapters
*D. Networking Components Explanation: The Remote Installation Services Setup Wizard installs RIS. Once the
Wizard runs, a RIS folder structure is created, supporting RIS files are copied to the
server, a CD-based image of Windows 2000 Professional is created and RIS services
are started. A standard answer file (Ristndrd.sif) is also created for use with the CD-
based image. Additional answer files can be created using a text editor or the
Windows 2000 Setup Manager Wizard Within the answer file, networking settings
need to be configured. The Setup Wizard provides for typical settings, which installs
DHCP and the Client for Microsoft Networks, and custom settings, within which the
number of network adapters, settings for each, TCP/IP settings, additional services,
etc can be specified.
32. How is the default printer specified in the answer file that you create with the
Windows 2000 Setup Manager Wizard?
A. The default printer is specified during configuration by selection in the GUI.
B. The user selects the default printer during the remote installation.
*C. The default printer is always the first printer listed in the printers specified
during the configuration process. D. The default printer is the printer that is currently the default printer for the user.
Explanation: Additional answer files can be created using a text editor or the Windows
2000 Setup Manager Wizard. The first setting in the answer file determines the level
of user interaction. The next setting configures how the administrator password will
be provided during installation. Then display settings, network settings additional
settings (time zone, telephony, etc.), printers and initial logon. The Install Printers
page allows the administrator to list shared printers, with the first listed printer
installed as the default. If you have configured administrator passwords as
Automatically Logon as Administrator, then the printers are added to the
administrator profile and will not be available to the user upon logon.
![Page 368: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/368.jpg)
Remote Installation Services Configuration 353
33. You have installed Windows 2000 Professional on all of the organizations
workstations using RIS, but now users are complaining that they have no printers
available on their desktop. What is the most likely cause of this problem?
A. In the RIS Setup Wizard you forgot to specify the installation of any printers for the
users.
B. The users probably forgot to logon to their workstations.
C. The RIS installation was configured to automatically logon as Administrator upon
completion of the setup.
D. The RIS installation did not complete properly.
34. What option in saving an answer file provides information about the purpose and
intended use of a RIS answer file?
A. Descriptive string
B. Help string
C. Answer File Name
D. Answer File Description
![Page 369: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/369.jpg)
354 Chapter 6
33. You have installed Windows 2000 Professional on all of the organizations
workstations using RIS, but now users are complaining that they have no printers
available on their desktop. What is the most likely cause of this problem?
A. In the RIS Setup Wizard you forgot to specify the installation of any printers for
the users.
B. The users probably forgot to logon to their workstations.
*C. The RIS installation was configured to automatically logon as Administrator
upon completion of the setup. D. The RIS installation did not complete properly.
Explanation: Additional answer files can be created using a text editor or the Windows
2000 Setup Manager Wizard. The first setting in the answer file determines the level
of user interaction. The next setting configures how the administrator password will
be provided during installation. Then display settings, network settings additional
settings (time zone, telephony, etc.), printers and initial logon. The Install Printers
page allows the administrator to list shared printers, with the first listed printer
installed as the default. If you have configured administrator passwords as
Automatically Logon as Administrator, then the printers are added to the
administrator profile and will not be available to the user upon logon.
34. What option in saving an answer file provides information about the purpose and
intended use of a RIS answer file?
A. Descriptive string
*B. Help string C. Answer File Name
D. Answer File Description
Explanation: Additional answer files can be created using a text editor or the Windows
2000 Setup Manager Wizard. The first setting in the answer file determines the level
of user interaction. The next setting configures how the administrator password will
be provided during installation. Then display settings, network settings additional
settings (time zone, telephony, etc.), printers and initial logon. Once completed, the
answer file should be saved in the same folder as the image, so that it will
automatically be available to all users. The file can also have a help string for
assistance in identifying the purpose of the file, and a description string to help
identify the file. Answer files are typically saved with a .sif extension.
![Page 370: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/370.jpg)
Remote Installation Services Configuration 355
35. You have created an answer file for use in a RIS installation; however, certain
settings were not available during the creation process. What can you use to further
modify the answer file?
A. RIS Setup Wizard
B. Setup Wizard Extensions
C. Notepad
D. Active Directory Users and Computers
![Page 371: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/371.jpg)
356 Chapter 6
35. You have created an answer file for use in a RIS installation; however, certain
settings were not available during the creation process. What can you use to further
modify the answer file?
A. RIS Setup Wizard
B. Setup Wizard Extensions
*C. Notepad D. Active Directory Users and Computers
Explanation: Additional answer files can be created using a text editor or the Windows
2000 Setup Manager Wizard. The first setting in the answer file determines the level
of user interaction. The next setting configures how the administrator password will
be provided during installation. Then display settings, network settings additional
settings (time zone, telephony, etc.), printers and initial logon. Once completed, the
answer file should be saved in the same folder as the image, so that it will
automatically be available to all users. The file can also have a help string for
assistance in identifying the purpose of the file, and a description string to help
identify the file. Answer files are typically saved with a .sif extension. Modification
of answer files can be accomplished using any text editor (Notepad, etc).
![Page 372: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/372.jpg)
Remote Installation Services Configuration 357
36. You have created an answer file for an RIS installation and are attempting to
associate it with an image. You receive an error "The file you entered is not an
unattended setup information file (.sif) or the .sif is not portable to other images.
Only .sif files for CD-based images should be copied."
What have you done in the configuration process to cause this error?
A. You forgot to add an entry in the "Run Once" section.
B. You set the installation to "GUI Attended".
C. You neglected save the answer file in the same directory with the image.
D. You neglected to edit the [OSChooser] portion of the answer file.
![Page 373: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/373.jpg)
358 Chapter 6
36. You have created an answer file for an RIS installation and are attempting to
associate it with an image. You receive an error "The file you entered is not an
unattended setup information file (.sif) or the .sif is not portable to other images.
Only .sif files for CD-based images should be copied."
What have you done in the configuration process to cause this error?
A. You forgot to add an entry in the "Run Once" section.
B. You set the installation to "GUI Attended".
C. You neglected save the answer file in the same directory with the image.
*D. You neglected to edit the [OSChooser] portion of the answer file. Explanation: Additional answer files can be created using a text editor or the Windows
2000 Setup Manager Wizard. The first setting in the answer file determines the level
of user interaction. The next setting configures how the administrator password will
be provided during installation. Then display settings, network settings additional
settings (time zone, telephony, etc.), printers and initial logon. Once completed, the
answer file should be saved in the same folder as the image, so that it will
automatically be available to all users. The file can also have a help string for
assistance in identifying the purpose of the file, and a description string to help
identify the file. Answer files are typically saved with a .sif extension. Modification
of answer files can be accomplished using any text editor (Notepad, etc). For an
answer file to be associated with a CD-based image, the administrator must edit the
[OSChooser] portion, adding ImageType=Flat and Version="5.0". The Flat value
identifies this as a CD-based image answer file.
![Page 374: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/374.jpg)
Remote Installation Services Configuration 359
37. When configuring the [OSChooser] section of an answer file, what specification
indicates that the image being used is a CD-based image?
A. ImageType=Flat
B. ImageType=CD
C. Version=5.0
D. Version=CD
![Page 375: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/375.jpg)
360 Chapter 6
37. When configuring the [OSChooser] section of an answer file, what specification
indicates that the image being used is a CD-based image?
*A. ImageType=Flat B. ImageType=CD
C. Version=5.0
D. Version=CD
Explanation: Additional answer files can be created using a text editor or the Windows
2000 Setup Manager Wizard. The first setting in the answer file determines the level
of user interaction. The next setting configures how the administrator password will
be provided during installation. Then display settings, network settings additional
settings (time zone, telephony, etc.), printers and initial logon. Once completed, the
answer file should be saved in the same folder as the image, so that it will
automatically be available to all users. The file can also have a help string for
assistance in identifying the purpose of the file, and a description string to help
identify the file. Answer files are typically saved with a .sif extension. Modification
of answer files can be accomplished using any text editor (Notepad, etc). For an
answer file to be associated with a CD-based image, the administrator must edit the
[OSChooser] portion, adding ImageType=Flat and Version="5.0". The Flat value
identifies this as a CD-based image answer file.
![Page 376: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/376.jpg)
Remote Installation Services Configuration 361
38. In what utility can you associate an answer file with a CD-based image file?
A. RIS Setup Wizard
B. Setup Wizard Extensions
C. Active Directory Users and Computers
D. Notepad
![Page 377: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/377.jpg)
362 Chapter 6
38. In what utility can you associate an answer file with a CD-based image file?
A. RIS Setup Wizard
B. Setup Wizard Extensions
*C. Active Directory Users and Computers D. Notepad
Explanation: Additional answer files can be created using a text editor or the Windows
2000 Setup Manager Wizard. The first setting in the answer file determines the level
of user interaction. The next setting configures how the administrator password will
be provided during installation. Then display settings, network settings additional
settings (time zone, telephony, etc.), printers and initial logon. Once completed, the
answer file should be saved in the same folder as the image, so that it will
automatically be available to all users. The file can also have a help string for
assistance in identifying the purpose of the file, and a description string to help
identify the file. Answer files are typically saved with a .sif extension. Modification
of answer files can be accomplished using any text editor (Notepad, etc). For an
answer file to be associated with a CD-based image, the administrator must edit the
[OSChooser] portion, adding ImageType=Flat and Version="5.0". The Flat value
identifies this as a CD-based image answer file. Lastly, in Active Directory Users
and Computers, the RIS server properties are modified to reflect the association of
the answer file to the appropriate image.
![Page 378: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/378.jpg)
Remote Installation Services Configuration 363
39. What do you need to do as an administrator to make images available to users for
unattended installations?
A. You need to give the users permissions to the appropriate image folder.
B. You need to place the images in the PUBLIC folder on the RIS server.
C. Nothing, since they are available to all users by default.
D. You need to specify the users who may access an image file during the creation of the
answer file.
![Page 379: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/379.jpg)
364 Chapter 6
39. What do you need to do as an administrator to make images available to users for
unattended installations?
A. You need to give the users permissions to the appropriate image folder.
B. You need to place the images in the PUBLIC folder on the RIS server.
*C. Nothing, since they are available to all users by default. D. You need to specify the users who may access an image file during the creation
of the answer file.
Explanation: Additional answer files can be created using a text editor or the Windows
2000 Setup Manager Wizard. Answer files are typically saved with a .sif extension.
Modification of answer files can be accomplished using any text editor (Notepad,
etc). For an answer file to be associated with a CD-based image, the administrator
must edit the [OSChooser] portion, adding ImageType=Flat and Version="5.0". The
Flat value identifies this as a CD-based image answer file. Lastly, in Active
Directory Users and Computers, the RIS server properties are modified to reflect the
association of the answer file to the appropriate image. All images are available to all
users by default, but administrators can restrict this by setting NTFS permissions.
Users only need Read and Read and Execute to install images. Microsoft suggests
that you create or use existing Security groups and permit the appropriate Security
group to install using the appropriate images.
![Page 380: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/380.jpg)
Remote Installation Services Configuration 365
40. What would you do to restrict the access of users to certain images for unattended
installation using RIS?
A. Group the users into Security groups and grant only the Security groups permissions
to the image folders.
B. Group the users into Security groups and grant only the Security groups permissions to
the answer file folders.
C. Group the users into Security groups and grant only the Security groups permissions to
the RIS server.
D. Nothing, since the users are restricted to only the images you have specifically granted
them permissions to in the first place.
![Page 381: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/381.jpg)
366 Chapter 6
40. What would you do to restrict the access of users to certain images for unattended
installation using RIS?
A. Group the users into Security groups and grant only the Security groups
permissions to the image folders.
*B. Group the users into Security groups and grant only the Security groups
permissions to the answer file folders. C. Group the users into Security groups and grant only the Security groups
permissions to the RIS server.
D. Nothing, since the users are restricted to only the images you have specifically
granted them permissions to in the first place.
Explanation: Additional answer files can be created using a text editor or the Windows
2000 Setup Manager Wizard. Answer files are typically saved with a .sif extension.
Modification of answer files can be accomplished using any text editor (Notepad,
etc). For an answer file to be associated with a CD-based image, the administrator
must edit the [OSChooser] portion, adding ImageType=Flat and Version="5.0". The
Flat value identifies this as a CD-based image answer file. Lastly, in Active
Directory Users and Computers, the RIS server properties are modified to reflect the
association of the answer file to the appropriate image. All images are available to all
users by default, but administrators can restrict this by setting NTFS permissions.
Users only need Read and Read and Execute to install images. Microsoft suggests
that you create or use existing Security groups and permit the appropriate Security
group to install using the appropriate images.
![Page 382: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/382.jpg)
Remote Installation Services Configuration 367
41. What utility would you use to restrict users access to only certain images for RIS
installs?
A. RIS Setup Wizard
B. Active Directory Users and Computers
C. Windows Explorer
D. Notepad
42. Before you can create a RIPrep image on an RIS server, what must be available on
the server?
A. DNS
B. DHCP
C. CD-based image
D. Windows Explorer
![Page 383: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/383.jpg)
368 Chapter 6
41. What utility would you use to restrict users access to only certain images for RIS
installs?
A. RIS Setup Wizard
B. Active Directory Users and Computers
*C. Windows Explorer D. Notepad
Explanation: Additional answer files can be created using a text editor or the Windows
2000 Setup Manager Wizard. Answer files are typically saved with a .sif extension.
Modification of answer files can be accomplished using any text editor (Notepad,
etc). For an answer file to be associated with a CD-based image, the administrator
must edit the [OSChooser] portion, adding ImageType=Flat and Version="5.0". The
Flat value identifies this as a CD-based image answer file. Lastly, in Active
Directory Users and Computers, the RIS server properties are modified to reflect the
association of the answer file to the appropriate image. All images are available to
all users by default, but administrators can restrict this by setting NTFS permissions.
Users only need Read and Read and Execute to install images. Microsoft suggests
that you create or use existing Security groups and permit the appropriate Security
group to install using the appropriate images. Of the choices, only Windows
Explorer will allow access to the NTFS permissions tab of a folder.
42. Before you can create a RIPrep image on an RIS server, what must be available on
the server?
A. DNS
B. DHCP
*C. CD-based image D. Windows Explorer
Explanation: RIS is installed by the Remote Installation Services Setup Wizard, which
can be invoked by either typing risetup in Start-Run, by using the Windows
Components Setup program in Add/Remove Programs, or it can be installed during
the initial install of Windows 2000 on the server. Once the Wizard runs, a RIS folder
structure is created, supporting RIS files are copied to the server, a CD-based image
of Windows 2000 Professional is created and RIS services are started. While the CD-
based image is appropriate for installing Windows 2000, if the administrator wants to
install applications with the operating system, or wants a faster installation of the
operating system, then creation of a RIPrep image is called for. The RIP rep image
will be created on the RIS server, and requires a CD-based image to begin. The
Remote Installation Preparation Wizard is used to create RIPrep images.
![Page 384: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/384.jpg)
Remote Installation Services Configuration 369
43. What utility is used to create RIPrep images for remote installation of Windows
2000?
A. RIS Setup Wizard
B. Windows 2000 Setup Manager Wizard
C. Remote Installation Preparation Wizard
D. Active Directory Setup Wizard
44. After you have created a RIPrep image and saved it to an RIS server, what utility can
be used to modify the image?
A. Remote Installation Preparation Wizard
B. RIS Setup Wizard
C. Nothing, you must create a new image.
D. Windows 2000 Setup Manager Wizard
![Page 385: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/385.jpg)
370 Chapter 6
43. What utility is used to create RIPrep images for remote installation of Windows
2000?
A. RIS Setup Wizard
B. Windows 2000 Setup Manager Wizard
*C. Remote Installation Preparation Wizard D. Active Directory Setup Wizard
Explanation: RIS is installed by the Remote Installation Services Setup Wizard, which
can be invoked by either typing risetup in Start-Run, by using the Windows
Components Setup program in Add/Remove Programs, or it can be installed during
the initial install of Windows 2000 on the server. Once the Wizard runs, a RIS folder
structure is created, supporting RIS files are copied to the server, a CD-based image
of Windows 2000 Professional is created and RIS services are started. While the CD-
based image is appropriate for installing Windows 2000, if the administrator wants to
install applications with the operating system, or wants a faster installation of the
operating system, then creation of a RIPrep image is called for. The RIP rep image
will be created on the RIS server, and requires a CD-based image to begin. The
Remote Installation Preparation Wizard is used to create RIPrep images.
44. After you have created a RIPrep image and saved it to an RIS server, what utility can
be used to modify the image?
A. Remote Installation Preparation Wizard
B. RIS Setup Wizard
*C. Nothing, you must create a new image. D. Windows 2000 Setup Manager Wizard
Explanation: While the CD-based image is appropriate for installing Windows 2000, if
the administrator wants to install applications with the operating system, or wants a
faster installation of the operating system, then creation of a RIPrep image is called
for. The RIP rep image will be created on the RIS server, and requires a CD-based
image to begin. The Remote Installation Preparation Wizard is used to create RIPrep
images. These images are similar to the "ghost"-like third party images from other
vendor solutions, and cannot be altered. Any changes would require the creation of a
new RIPrep image.
![Page 386: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/386.jpg)
Remote Installation Services Configuration 371
45. What must you do to ensure that the changes you have made in creating a RIPrep
image are available to all users?
A. Nothing, since the image is available to all users by default.
B. You must copy the Administrator profile to the Default User profile on the configured
computer.
C. You must give the users the appropriate permissions to the RIPrep image folder.
D. You must specify the users who can access the RIPrep image during the configuration
with the Remote Installation Preparation Wizard.
46. What are three tasks performed by the Remote Installation Preparation Wizard?
(Choose 3)
A. The RIP Wizard removes all settings unique to the configured computer, returning it
to a "generic" state.
B. The RIP Wizard removes HKEY_LOCAL_MACHINE in preparation for installation
on disparate computers.
C. The RIP Wizard creates the RIPrep image on the specified RIS server.
D. The RIP Wizard creates an answer file and automatically can associate with the
appropriate RIPrep image.
E. The RIP Wizard removes all profiles from the configured computer.
![Page 387: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/387.jpg)
372 Chapter 6
45. What must you do to ensure that the changes you have made in creating a RIPrep
image are available to all users?
A. Nothing, since the image is available to all users by default.
*B. You must copy the Administrator profile to the Default User profile on the
configured computer. C. You must give the users the appropriate permissions to the RIPrep image folder.
D. You must specify the users who can access the RIPrep image during the
configuration with the Remote Installation Preparation Wizard.
Explanation: While the CD-based image is appropriate for installing Windows 2000, if
the administrator wants to install applications with the operating system, or wants a
faster installation of the operating system, then creation of a RIPrep image is called
for. The RIP rep image will be created on the RIS server, and requires a CD-based
image to begin. The Remote Installation Preparation Wizard is used to create RIPrep
images. These images are similar to the "ghost"-like third party images from other
vendor solutions, and cannot be altered. Any changes would require the creation of a
new RIPrep image. Once the image has been created, you then copy the
administrator profile on the source computer to the default user profile, so that all of
the customized settings will be available to the user once they logon.
46. What are three tasks performed by the Remote Installation Preparation Wizard?
(Choose 3)
*A. The RIP Wizard removes all settings unique to the configured computer,
returning it to a "generic" state. B. The RIP Wizard removes HKEY_LOCAL_MACHINE in preparation for
installation on disparate computers.
*C. The RIP Wizard creates the RIPrep image on the specified RIS server.
*D. The RIP Wizard creates an answer file and automatically can associate with the
appropriate RIPrep image. E. The RIP Wizard removes all profiles from the configured computer.
Explanation: While the CD-based image is appropriate for installing Windows 2000, if
the administrator wants to install applications with the operating system, or wants a
faster installation of the operating system, then creation of a RIPrep image is called
for. The RIP rep image will be created on the RIS server, and requires a CD-based
image to begin. The Remote Installation Preparation Wizard is used to create RIPrep
images. Running the Wizard removes all unique settings in the source computer,
returning it to a "generic" state, creates the RIP rep image and creates an answer file
and associates the answer file with the image.
![Page 388: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/388.jpg)
Remote Installation Services Configuration 373
47. What are two ways to maintain the same RIPrep image on multiple RIS servers?
(Choose 2)
A. During the running of the Remote Installation Preparation Wizard, you can specify the
RIS servers that will maintain copies of the image.
B. You can manually copy the image to the appropriate RIS servers.
C. You can use Microsoft SMS to manage the replication of images between multiple
RIS servers.
D. You can use Active Directory Users and Computers to specify the link between RIS
servers and RIPrep images.
48. What are two characteristics of a CD-based image for remote installation? (Choose 2)
A. It can contain only the operating system.
B. It can contain the operating system and applications.
C. It performs a full over-the-network setup.
D. It copies only the necessary files and registry keys.
E. You can only deploy it to computers with the same HAL as the source computer.
![Page 389: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/389.jpg)
374 Chapter 6
47. What are two ways to maintain the same RIPrep image on multiple RIS servers?
(Choose 2)
A. During the running of the Remote Installation Preparation Wizard, you can
specify the RIS servers that will maintain copies of the image.
*B. You can manually copy the image to the appropriate RIS servers.
*C. You can use Microsoft SMS to manage the replication of images between
multiple RIS servers. D. You can use Active Directory Users and Computers to specify the link between
RIS servers and RIPrep images.
Explanation: While the CD-based image is appropriate for installing Windows 2000, if
the administrator wants to install applications with the operating system, or wants a
faster installation of the operating system, then creation of a RIPrep image is called
for. The RIP rep image will be created on the RIS server, and requires a CD-based
image to begin. The Remote Installation Preparation Wizard is used to create RIPrep
images. Running the Wizard removes all unique settings in the source computer,
returning it to a "generic" state, creates the RIP rep image and creates an answer file
and associates the answer file with the image. The same image can be copied to other
RIS servers to load balance the installation process or provide fault tolerance.
Systems Management Server (SMS) can also be used to replicate the images to
multiple RIS servers.
48. What are two characteristics of a CD-based image for remote installation? (Choose 2)
*A. It can contain only the operating system. B. It can contain the operating system and applications.
*C. It performs a full over-the-network setup. D. It copies only the necessary files and registry keys.
E. You can only deploy it to computers with the same HAL as the source computer.
Explanation: CD-based images can only contain the operating system, is based on
default settings which can be further customized with an answer file, can be
deployed on any computer with a supported HAL (Hardware Abstraction Layer) and
is created automatically when RIS is installed. RIPrep images can contain the
operating system and applications, is based on a pre-configured source computer
which requires further customization to be done after the install, must be manually
created with the Remote Installation Preparation Wizard, can only be deployed on
computers with the same HAL and install faster since they only copy files and
registry keys necessary to the client computer.
![Page 390: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/390.jpg)
Remote Installation Services Configuration 375
49. What are three characteristics of a RIPrep image for remote installation? (Choose 3)
A. It can contain only the operating system.
B. It can contain the operating system and applications.
C. It performs a full over-the-network setup.
D. It copies only the necessary files and registry keys.
E. You can only deploy it to computers with the same HAL as the source computer.
50. What are two advantages of RIPrep images over CD-based images for remote
installations? (Choose 2)
A. RIPrep images are easier to create than CD-based images.
B. RIPrep images install Windows 2000 faster than do CD-based images.
C. RIPrep images are automatically available to all users for remote installation, while
CD-based are not.
D. RIPrep images allow for the installation of operating system and applications, while
CD-based images only support the installation of the operating system.
![Page 391: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/391.jpg)
376 Chapter 6
49. What are three characteristics of a RIPrep image for remote installation? (Choose 3)
A. It can contain only the operating system.
*B. It can contain the operating system and applications. C. It performs a full over-the-network setup.
*D. It copies only the necessary files and registry keys.
*E. You can only deploy it to computers with the same HAL as the source computer. Explanation: CD-based images can only contain the operating system, is based on
default settings which can be further customized with an answer file, can be
deployed on any computer with a supported HAL (Hardware Abstraction Layer) and
is created automatically when RIS is installed. RIPrep images can contain the
operating system and applications, is based on a pre-configured source computer
which requires further customization to be done after the install, must be manually
created with the Remote Installation Preparation Wizard, can only be deployed on
computers with the same HAL and install faster since they only copy files and
registry keys necessary to the client computer.
50. What are two advantages of RIPrep images over CD-based images for remote
installations? (Choose 2)
A. RIPrep images are easier to create than CD-based images.
*B. RIPrep images install Windows 2000 faster than do CD-based images. C. RIPrep images are automatically available to all users for remote installation,
while CD-based are not.
*D. RIPrep images allow for the installation of operating system and applications,
while CD-based images only support the installation of the operating system. Explanation: CD-based images can only contain the operating system, is based on
default settings which can be further customized with an answer file, can be
deployed on any computer with a supported HAL (Hardware Abstraction Layer) and
is created automatically when RIS is installed. RIPrep images can contain the
operating system and applications, is based on a pre-configured source computer
which requires further customization to be done after the install, must be manually
created with the Remote Installation Preparation Wizard, can only be deployed on
computers with the same HAL and install faster since they only copy files and
registry keys necessary to the client computer.
![Page 392: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/392.jpg)
Notes:
![Page 393: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/393.jpg)
Introduction
Terminology Knowledge is the Exam takers best friend. There are a lot of different terms
and acronyms that you will be presented on the real examination.
We have presented the Terminology in a Fill-In-The-Blank style so you may know which
terms or acronyms you really need to know.
It must be assumed that you have a certain amount of Active Directory experience. If you
find this chapter difficult you may find it necessary to supplement this material with our
other books like ExamInsight For 70-217 or InsideScoop to 70-217 with CD.
![Page 394: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/394.jpg)
Glossary 379
Chapter 7: Terminology Questions
1. What is an adaptation of the Ethernet standard that uses thin coaxial cable and
provides data transfer rates of up to 10 Mbps.
A.
2. What is the original Ethernet standard that uses thick coaxial cable and provides
data transfer rates of up to 10 Mbps.
A.
![Page 395: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/395.jpg)
380 Chapter 7
1. What is an adaptation of the Ethernet standard that uses thin coaxial cable and
provides data transfer rates of up to 10 Mbps.
*A. 10Base-2 Explanation: The maximum effective distance for 10Base-2 is 185 meters. 10Base
2 is also known as thinnet.
2. What is the original Ethernet standard that uses thick coaxial cable and provides
data transfer rates of up to 10 Mbps.
*A. 10Base-5 Explanation: The maximum effective distance for 10Base-5 is 500 meters. 10Base
5 is also known as thicknet.
![Page 396: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/396.jpg)
Glossary 381
3. What is an adaptation of the Ethernet standard that uses optical fiber cable and
provides data transfer rates of up to 10 Mbps.
A.
4. What is an adaptation of the Ethernet standard that runs over unshielded twisted-
pair wiring and provides data transfer rates of 10 Mbps.
A.
![Page 397: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/397.jpg)
382 Chapter 7
3. What is an adaptation of the Ethernet standard that uses optical fiber cable and
provides data transfer rates of up to 10 Mbps.
*A. 10Base-F Explanation: 10Base-F can transmit data over very long distances with little loss of
data integrity.
4. What is an adaptation of the Ethernet standard that runs over unshielded twisted-
pair wiring and provides data transfer rates of 10 Mbps.
*A. 10Base-T Explanation:
![Page 398: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/398.jpg)
Glossary 383
5. What is an emerging high-speed network standard that will use high-capacity
cabling to provide data transfer rates up to 10,000 Mbps.
A.
6. What is a high-speed network standard, based on Ethernet, that provides data
transfer rates as high as 100 Mbps.
A.
![Page 399: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/399.jpg)
384 Chapter 7
5. What is an emerging high-speed network standard that will use high-capacity
cabling to provide data transfer rates up to 10,000 Mbps.
*A. 10 Gigabit Ethernet Explanation:
6. What is a high-speed network standard, based on Ethernet, that provides data
transfer rates as high as 100 Mbps.
*A. 100Base-T Explanation: Sometimes called Fast Ethernet
![Page 400: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/400.jpg)
Glossary 385
7. What is an emerging high-speed network standard, based on Ethernet, that
provides data transfer rates as high as 1000 Mbps.
A.
8. What describes the number of bits used by an operating system to perform an
operation. The term also describes the microprocessor on which the operating
system runs.
A.
![Page 401: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/401.jpg)
386 Chapter 7
7. What is an emerging high-speed network standard, based on Ethernet, that
provides data transfer rates as high as 1000 Mbps.
*A. 1000Base-T Explanation: Sometimes called Gigabit Ethernet
8. What describes the number of bits used by an operating system to perform an
operation. The term also describes the microprocessor on which the operating
system runs.
*A. 32-bit Explanation:
![Page 402: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/402.jpg)
Glossary 387
9. When logging on to a computer or network what is the term used for managing
permissions?
A.
10. ACE is the acronym for ______ ?
A.
![Page 403: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/403.jpg)
388 Chapter 7
9. When logging on to a computer or network what is the term used for managing
permissions?
*A. access control Explanation: Access Control is the management of permissions for logging on or
accessing a computer or network.
10. ACE is the acronym for ______ ?
*A. access control entry Explanation: ACE is the acronym for access control entry.
![Page 404: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/404.jpg)
Glossary 389
11. What object contains a security identifier (SID), which identifies the principal
user and/or group to which it applies?
A.
12. What kind of list is a set of data associated with a file, directory, or other
resource that defines the permissions that users and/or groups have for accessing
it?
A.
![Page 405: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/405.jpg)
390 Chapter 7
11. What object contains a security identifier (SID), which identifies the principal
user and/or group to which it applies?
*A. access control entry Explanation: Each ACE contains a security identifier, which identifies the principal
user and/or group to whom the ACE applies.
It also contains information on what type of access the ACE grants or denies.
12. What kind of list is a set of data associated with a file, directory, or other
resource that defines the permissions that users and/or groups have for accessing
it?
*A. access control list Explanation: An access control list is a set of data associated with a file, directory,
or other resource that defines the permissions that users and/or groups have for
accessing it. In the Active DirectoryTM service, an ACL is a list of access
control entries stored with the object it protects. In the Windows NT operating
system, an ACL is stored as a binary value, called a security descriptor.
![Page 406: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/406.jpg)
Glossary 391
13. ACL is the acronym for ______ ?
A.
14. What is the name of the structure supported by Windows 2000 that lets any
object on a network be tracked and located, and provides the foundation for
Windows 2000 distributed networks?
A.
![Page 407: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/407.jpg)
392 Chapter 7
13. ACL is the acronym for ______ ?
*A. access control list Explanation: ACL is the acronym for access control list.
14. What is the name of the structure supported by Windows 2000 that lets any
object on a network be tracked and located, and provides the foundation for
Windows 2000 distributed networks?
*A. Active Directory Explanation: What structure supported by Windows 2000 that lets any object on a
network be tracked and located. Active Directory is the directory service used in
Windows 2000 Server and provides the foundation for Windows 2000
distributed networks.
![Page 408: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/408.jpg)
Glossary 393
15. What is a client-side product based on the Component Object Model that defines
a directory service model and a set of COM interfaces?
A.
16. ADSI is the acronym for ______ ?
A.
![Page 409: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/409.jpg)
394 Chapter 7
15. What is a client-side product based on the Component Object Model that defines
a directory service model and a set of COM interfaces?
*A. Active Directory Service Interfaces Explanation: Active Directory Service Interfaces are client-side product based on
the Component Object Model. ADSI defines a directory service model and a set
of COM interfaces that enable Windows NT and Windows 95 client applications
to access several network directory services, including Active Directory. ADSI
allow applications to communicate with Active Directory.
ADSI provides the means for directory service clients to use one set of interfaces to
communicate with any namespace that provides an ADSI implementation. ADSI
clients gain a simpler access to namespace services by using ADSI in place of
the network-specific application programming interface calls. ADSI conforms to
and supports standard COM features. ADSI also defines interfaces and objects
accessible from automation-compliant languages such as Java, Visual Basic, and
Visual Basic Scripting Edition, as well as from non-automation-compliant
languages such as C and C++, which enhance performance. In addition, ADSI
supplies its own OLE database provider, and so fully supports any clients
already using an OLE database, including those using ActiveX technologies.
16. ADSI is the acronym for ______ ?
*A. Active Directory Service Interface Explanation:
![Page 410: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/410.jpg)
Glossary 395
17. What do you call a single property of an object?
A.
18. What process verifies the identity of a user who is logging on to a computer
system, or verifies the integrity of a transmitted message?
A.
![Page 411: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/411.jpg)
396 Chapter 7
17. What do you call a single property of an object?
*A. attribute Explanation: An attribute is a single property of an object. An object is described by
the values of its attributes. The term attribute is often used interchangeably with
property. Attributes are also data items used to describe the objects that are
represented by the classes defined in the schema. Attributes are defined in the
schema separately from the classes. This allows a single attribute definition to
be applied to many classes.
18. What process verifies the identity of a user who is logging on to a computer
system, or verifies the integrity of a transmitted message?
*A. authentication Explanation: Authentication verifies the identity of a user who is logging on to a
computer system, or verifies the integrity of a transmitted message.
![Page 412: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/412.jpg)
Glossary 397
19. API is the acronym for what?
A.
20. In a Windows NT Server 4.0 or earlier domain, what is the title given to a
computer running Windows NT Server that receives a copy of the domain's
directory database, and synchronizes periodically and automatically with the
master copy?
A.
![Page 413: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/413.jpg)
398 Chapter 7
19. API is the acronym for what?
*A. application programming interface Explanation: API is the acronym for application programming interface.
20. In a Windows NT Server 4.0 or earlier domain, what is the title given to a
computer running Windows NT Server that receives a copy of the domain's
directory database, and synchronizes periodically and automatically with the
master copy?
*A. backup domain controller Explanation: In a Windows NT Server 4.0 or earlier domain, a computer running
Windows NT Server that receives a copy of the domain's directory database,
which contains all account and security policy information for the domain. The
copy is synchronized periodically and automatically with the master copy on the
primary domain controller. Backup domain controllers also authenticate user
logons and can be promoted to function as PDCs as needed. Multiple backup
domain controllers can exist on a domain.
In a Windows 2000 domain, backup domain controllers are not required; all domain
controllers are peers, and all can perform maintenance on the directory.
Windows NT 4.0 and Windows NT 3.51 backup domain controllers can
participate in a Windows 2000 domain when it is running in mixed mode.
![Page 414: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/414.jpg)
Glossary 399
21. What name is given to a special type of Active Directory object that has
attributes and is part of the Active Directory namespace but does not usually
represent something concrete?
A.
22. What architectural layer of Active Directory isolates the upper layers of the
directory service from the underlying database system by exposing application
programming interfaces to the Directory System Agent layer so that no calls are
made directly to the Extensible Storage Engine?
A.
![Page 415: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/415.jpg)
400 Chapter 7
21. What name is given to a special type of Active Directory object that has
attributes and is part of the Active Directory namespace but does not usually
represent something concrete?
*A. container Explanation: A container is a special type of Active Directory object. A container is
like other directory objects in that it has attributes and is part of the Active
Directory namespace. However, unlike other objects, it does not usually
represent something concrete. It is the container for a group of objects and other
containers.
22. What architectural layer of Active Directory isolates the upper layers of the
directory service from the underlying database system by exposing application
programming interfaces to the Directory System Agent layer so that no calls are
made directly to the Extensible Storage Engine?
*A. database layer Explanation: A database layer is an architectural layer of Active Directory that
isolates the upper layers of the directory service from the underlying database
system by exposing application programming interfaces to the Directory System
Agent layer so that no calls are made directly to the Extensible Storage Engine.
![Page 416: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/416.jpg)
Glossary 401
23. What allows a higher administrative authority to grant specific administrative
rights for containers and subtrees to individuals and groups?
A.
24. What hierarchical structure stores information about objects on the network?
A.
![Page 417: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/417.jpg)
402 Chapter 7
23. What allows a higher administrative authority to grant specific administrative
rights for containers and subtrees to individuals and groups?
*A. delegation Explanation: Delegation allows a higher administrative authority to grant specific
administrative rights for containers and subtrees to individuals and groups. This
eliminates the need for domain administrators with sweeping authority over
large segments of the user population. Access control entries can grant specific
administrative rights on the objects in a container to a user or group. Rights are
granted for specific operations on specific object classes via ACEs in the
container's Access Control List.
24. What hierarchical structure stores information about objects on the network?
*A. directory Explanation: A directory is a hierarchical structure that stores information about
objects on the network.
![Page 418: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/418.jpg)
Glossary 403
25. What kind of service provides the methods for storing directory data and making
this data available to network users and administrators?
A.
26. What would you call the management of network elements such as routers,
applications, and users from a central repository of information about users,
applications, and network resources?
A.
![Page 419: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/419.jpg)
404 Chapter 7
25. What kind of service provides the methods for storing directory data and making
this data available to network users and administrators?
*A. directory service Explanation: A directory service, such as Active Directory, provides the methods
for storing directory data and making this data available to network users and
administrators.
26. What would you call the management of network elements such as routers,
applications, and users from a central repository of information about users,
applications, and network resources?
*A. directory-enabled networking Explanation: Directory-enabled networking is the management of network elements
such as routers, applications, and users from a central repository of information
about users, applications, and network resources.
![Page 420: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/420.jpg)
Glossary 405
27. What contiguous subtree of the directory forms a unit of replication?
A.
28. What kind of name identifies the domain that holds the object as well as the
complete path through the container hierarchy by which the object is reached?
A.
![Page 421: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/421.jpg)
406 Chapter 7
27. What contiguous subtree of the directory forms a unit of replication?
*A. directory partition Explanation: A directory partition is a contiguous subtree of the directory that forms
a unit of replication. A given replica is always a replica of some directory
partition. Active Directory is made up of one or more directory partitions.
28. What kind of name identifies the domain that holds the object as well as the
complete path through the container hierarchy by which the object is reached?
*A. distinguished name Explanation: A Distinguished name identifies the domain that holds the object as
well as the complete path through the container hierarchy by which the object is
reached. Every object in the Active Directory has a unique distinguished name.
![Page 422: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/422.jpg)
Glossary 407
29. DNS is the acronym for ______ ?
A.
30. What term describes a single security boundary of a Windows NT based
computer network?
A.
![Page 423: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/423.jpg)
408 Chapter 7
29. DNS is the acronym for ______ ?
*A. Domain Name System Explanation: DNS is the acronym for Domain Name System.
30. What term describes a single security boundary of a Windows NT based
computer network?
*A. domain Explanation: A domain is a single security boundary of a Windows NT-based
computer network. Active Directory is made up of one or more domains. On a
standalone workstation, the domain is the computer itself. A domain can span
more than one physical location. Every domain has its own security policies and
security relationships with other domains. When multiple domains are connected
by trust relationships and share a common schema, configuration, and global
catalog, they constitute a domain tree. Multiple domain trees can be connected
together to create a forest.
![Page 424: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/424.jpg)
Glossary 409
31. What kind of system is a Windows NT-based server holding an Active Directory
partition?
A.
32. What can contain users and global groups from any domain in the forest,
universal groups, and other domain local groups in its own domain?
A.
![Page 425: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/425.jpg)
410 Chapter 7
31. What kind of system is a Windows NT-based server holding an Active Directory
partition?
*A. domain controller Explanation: A domain controller is a Windows NT-based server holding an Active
Directory partition.
32. What can contain users and global groups from any domain in the forest,
universal groups, and other domain local groups in its own domain?
*A. domain local group Explanation: A domain local group can contain users and global groups from any
domain in the forest, universal groups, and other domain local groups in its own
domain. A domain local group can only be used on ACLs in its own domain.
![Page 426: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/426.jpg)
Glossary 411
33. What hierarchical distributed database is used for name/address translation and
client-server connections?
A.
34. DSA is the acronym for what?
A.
![Page 427: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/427.jpg)
412 Chapter 7
33. What hierarchical distributed database is used for name/address translation and
client-server connections?
*A. Domain Name System Explanation: A Domain Name System (DNS) is a hierarchical distributed database
used for name/address translation and client-server connections. Domain Name
System is the namespace used on the Internet to translate computer and service
names into TCP/IP addresses. Active Directory uses DNS as its location service,
and so clients find domain controllers via DNS queries.
34. DSA is the acronym for what?
*A. Directory System Agent Explanation: DSA is the acronym for Directory System Agent.
![Page 428: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/428.jpg)
Glossary 413
35. ESE is the acronym for what?
A.
36. What engine is the Active Directory database engine?
A.
![Page 429: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/429.jpg)
414 Chapter 7
35. ESE is the acronym for what?
*A. Extensible Storage Engine Explanation: ESE is the acronym for Extensible Storage Engine.
36. What engine is the Active Directory database engine?
*A. Extensible Storage Engine Explanation: The Extensible Storage Engine is the Active Directory database
engine. ESE (Esent.dll) is an improved version of the Jet database that is used in
Microsoft Exchange Server versions 4.x and 5.5. It implements a transacted
database system, which means that it uses log files to ensure that committed
transactions are safe.
![Page 430: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/430.jpg)
Glossary 415
37. What name is given to a group of one or more Active Directory trees that trust
each other?
A.
38. What contains a partial replica of every Windows 2000 domain in the directory?
A.
![Page 431: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/431.jpg)
416 Chapter 7
37. What name is given to a group of one or more Active Directory trees that trust
each other?
*A. forest Explanation: A group of one or more Active Directory trees that trust each other
constitutes a forest. All trees in a forest share a common schema, configuration,
and global catalog. When a forest contains multiple trees, the trees do not form a
contiguous namespace. All trees in a given forest trust each other through
transitive bi-directional trust relationships. Unlike a tree, a forest does not need a
distinct name. A forest exists as a set of cross-referenced objects and trust
relationships known to the member trees. Trees in a forest form a hierarchy for
the purposes of trust.
38. What contains a partial replica of every Windows 2000 domain in the directory?
*A. global catalog Explanation: The global catalog contains a partial replica of every Windows 2000
domain in the directory. The GC lets users and applications find objects in an
Active Directory domain tree given one or more attributes of the target object. It
also contains the schema and configuration of directory partitions. The GC
allows users to find objects of interest quickly without knowing what domain
holds them and without requiring a contiguous extended namespace in the
enterprise. The global catalog is built automatically by the Active Directory
replication system.
![Page 432: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/432.jpg)
Glossary 417
39. GC is the acronym for ______ ?
A.
40. What kind of server is a Windows 2000 domain controller that holds a copy of
the global catalog for the forest?
A.
![Page 433: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/433.jpg)
418 Chapter 7
39. GC is the acronym for ______ ?
*A. global catalog Explanation: GC is the acronym for global catalog.
40. What kind of server is a Windows 2000 domain controller that holds a copy of
the global catalog for the forest?
*A. global catalog server Explanation: A global catalog server is a Windows 2000 domain controller that
holds a copy of the global catalog for the forest. See also global catalog.
![Page 434: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/434.jpg)
Glossary 419
41. This kind of group can appear on ACLs anywhere in the forest and may contain
users and other global groups from its own domain.
A.
42. What entity can users be assigned to for organization and security reasons?
A.
![Page 435: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/435.jpg)
420 Chapter 7
41. This kind of group can appear on ACLs anywhere in the forest and may contain
users and other global groups from its own domain.
*A. global group Explanation: A global group can appear on ACLs anywhere in the forest and may
contain users and other global groups from its own domain.
42. What entity can users be assigned to for organization and security reasons?
*A. group Explanation: Users can be assigned to a group for organization and security reasons.
![Page 436: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/436.jpg)
Glossary 421
43. What term refers to applying policy to groups of computers and/or users
contained within Active Directory containers?
A.
44. What is a virtual collection of policies, given a unique name called?
A.
![Page 437: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/437.jpg)
422 Chapter 7
43. What term refers to applying policy to groups of computers and/or users
contained within Active Directory containers?
*A. Group Policy Explanation: Group Policy refers to applying policy to groups of computers and/or
users contained within Active Directory containers. The type of policy includes
not only registry-based policy found in Windows NT Server 4.0, but is enabled
by Directory Services to store many types of policy data.
44. What is a virtual collection of policies, given a unique name called?
*A. Group Policy object Explanation: A group policy object is a virtual collection of policies. It is given a
unique name, such as a globally unique identifier (GUID). GPOs store group
policy settings in two locations: a Group Policy container (GPC) (preferred) and
a Group Policy template (GPT). The GPC is an Active Directory object that
stores version information, status information, and other policy information (for
example, application objects). The GPT is used for file-based data and stores
software policy, script, and deployment information. The GPT is located on the
system volume folder of the domain controller.
![Page 438: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/438.jpg)
Glossary 423
45. GPO is the acronym for ______ ?
A.
46. What kind of namespace, such as the DNS namespace and the Active Directory
namespace, is hierarchically structured and provides rules that allow the
namespace to be partitioned?
A.
![Page 439: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/439.jpg)
424 Chapter 7
45. GPO is the acronym for ______ ?
*A. Group Policy object Explanation: GPO is the acronym for Group Policy object.
46. What kind of namespace, such as the DNS namespace and the Active Directory
namespace, is hierarchically structured and provides rules that allow the
namespace to be partitioned?
*A. hierarchical namespace Explanation: A hierarchical namespace is a namespace, such as the DNS namespace
and the Active Directory namespace, which is hierarchically structured and
provides rules that allow the namespace to be partitioned.
![Page 440: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/440.jpg)
Glossary 425
47. This is the domain controller assigned to update group-to-user references
whenever group memberships are changed, and to replicate these changes to any
other domain controllers in the domain.
A.
48. A physical location on a hard disk that points to data located at another location
on your hard disk or another storage device can be called a ________ point.
A.
![Page 441: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/441.jpg)
426 Chapter 7
47. This is the domain controller assigned to update group-to-user references
whenever group memberships are changed, and to replicate these changes to any
other domain controllers in the domain.
*A. infrastructure master Explanation: The domain controller assigned to update group-to-user references
whenever group memberships are changed is the infrastructure master. It also
replicates these changes to any other domain controllers in the domain. At any
time, there can be only one infrastructure master in a particular domain.
48. A physical location on a hard disk that points to data located at another location
on your hard disk or another storage device can be called a ________ point.
*A. junction Explanation: A junction point is a physical location on a hard disk that points to
data located at another location on your hard disk or another storage device.
![Page 442: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/442.jpg)
Glossary 427
49. This security system, which is the primary authentication mechanism in the
Windows 2000 operating system, authenticates users establishing an identity at
logon, which is used throughout the session, but doesn't provide authorization to
services or databases.
A.
50. What built-in service runs on all domain controllers and automatically establishes
connections between individual machines in the same site?
A.
![Page 443: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/443.jpg)
428 Chapter 7
49. This security system, which is the primary authentication mechanism in the
Windows 2000 operating system, authenticates users establishing an identity at
logon, which is used throughout the session, but doesn't provide authorization to
services or databases.
*A. Kerberos Explanation: Kerberos is a security system that authenticates users. Kerberos
doesn't provide authorization to services or databases -- it establishes identity at
logon, which is used throughout the session. The Kerberos protocol is the
primary authentication mechanism in the Windows 2000 operating system.
50. What built-in service runs on all domain controllers and automatically establishes
connections between individual machines in the same site?
*A. Knowledge Consistency Checker Explanation: Knowledge Consistency Checker is a built-in service that runs on all
domain controllers and automatically establishes connections between
individual machines in the same site. These are known as Windows 2000
Directory Service connection objects. An administrator may establish additional
connection objects or remove connection objects. At any point, however, where
replication within a site becomes impossible or has a single point of failure, the
KCC will step in and establish as many new connection objects as necessary to
resume Active Directory replication.
![Page 444: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/444.jpg)
Glossary 429
51. This protocol, which currently being implemented in Web browsers and e-mail
programs, is a protocol used to access a directory service.
A.
52. Domain controllers running both Windows 2000 and earlier versions of
Windows NT to co-exist in the domain in which mode?
A.
![Page 445: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/445.jpg)
430 Chapter 7
51. This protocol, which currently being implemented in Web browsers and e-mail
programs, is a protocol used to access a directory service.
*A. Lightweight Directory Access Protocol Explanation: The Lightweight Directory Access Protocol is a protocol used to
access a directory service. LDAP support is currently being implemented in
Web browsers and e-mail programs, which can query an LDAP-compliant
directory. LDAP is a simplified version of the Directory Access Protocol (DAP),
which is used to gain access to X.500 directories. It is easier to code the query in
LDAP than in DAP, but LDAP is less comprehensive. For example, DAP can
initiate searches on other servers if an address is not found, while LDAP cannot
in its initial specification. Lightweight Access Directory Protocol is the primary
access protocol for Active Directory.
52. Domain controllers running both Windows 2000 and earlier versions of
Windows NT to co-exist in the domain in which mode?
*A. mixed mode Explanation: Mixed mode allows domain controllers running both Windows 2000
and earlier versions of Windows NT to co-exist in the domain. In mixed mode,
the domain features from previous versions of Windows NT Server are still
enabled, while some Windows 2000 features are disabled. Windows 2000
Server domains are installed in mixed mode by default. In mixed mode the
domain may have Windows NT 4.0 backup domain controllers present. Nested
groups are not supported in mixed mode.
![Page 446: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/446.jpg)
Glossary 431
53. What feature of Active Directory provides and maintains copies of the directory
across multiple servers in a domain?
A.
54. When all the domain controllers in a given domain are running Windows 2000
Server, what mode is used?
A.
![Page 447: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/447.jpg)
432 Chapter 7
53. What feature of Active Directory provides and maintains copies of the directory
across multiple servers in a domain?
*A. multi-master replication Explanation: Multi-master replication is a feature of Active Directory that provides
and maintains copies of the directory across multiple servers in a domain. Since
all replicas of a given directory partition are writeable, updates can be applied to
any replica of a given partition. The Active Directory replication system
propagates the changes from a given replica to all other replicas. Replication is
automatic and transparent.
Active Directory multi-master replication propagates every object created on any
domain controller to each of the other participating domain controllers. If one
domain controller in a domain slows or fails, other domain controllers in the
same domain can provide the necessary directory access because they contain
the same directory data.
54. When all the domain controllers in a given domain are running Windows 2000
Server, what mode is used?
*A. native mode Explanation: Native mode is used when all the domain controllers in a given
domain are running Windows 2000 Server. This mode allows organizations to
take advantage of new Active Directory features such as Universal groups,
nested group membership, and inter-domain group membership. Compare mixed
mode.
![Page 448: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/448.jpg)
Glossary 433
55. A name or group of names that are defined according to some naming convention
is a ___________.
A.
56. The process of translating a name into an object or the information that the name
represents is called what?
A.
![Page 449: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/449.jpg)
434 Chapter 7
55. A name or group of names that are defined according to some naming convention
is a ___________.
*A. namespace Explanation: A namespace is a name or group of names that are defined according
to some naming convention; any bounded area in which a given name can be
resolved. Active Directory is primarily a namespace, as is any directory service.
A telephone directory is also a namespace. The Internet uses a hierarchical
namespace that partitions names into categories known as top-level domains
such as .com, .edu, and .gov, which are at the top of the hierarchy.
56. The process of translating a name into an object or the information that the name
represents is called what?
*A. name resolution Explanation: Name resolution is the process of translating a name into some object
or information that the name represents. A telephone book forms a namespace in
which the names of telephone subscribers can be resolved into telephone
numbers. The Windows NTFS file system forms a namespace in which the
name of a file can be resolved into the file itself. Similarly, Active Directory
forms a namespace in which the name of an object in the directory can be
resolved into the object itself.
![Page 450: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/450.jpg)
Glossary 435
57. What term is given to a distinct, named set of attributes that represents something
concrete, such as a user, a printer, or an application?
A.
58. What number, issued by issuing authorities, identifies an object class or attribute
in a directory service and form a hierarchy?
A.
![Page 451: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/451.jpg)
436 Chapter 7
57. What term is given to a distinct, named set of attributes that represents something
concrete, such as a user, a printer, or an application?
*A. object Explanation: An object is a distinct, named set of attributes that represents
something concrete, such as a user, a printer, or an application. The attributes
hold data describing the thing that is identified by the directory object.
Attributes of a user might include the user's given name, surname, and e-mail
address.
58. What number, issued by issuing authorities, identifies an object class or attribute
in a directory service and form a hierarchy?
*A. object identifier Explanation: An object identifier is a number identifying an object class or attribute
in a directory service. Object identifiers are issued by issuing authorities and
form a hierarchy. An object identifier is represented as a dotted decimal string.
Enterprises can obtain a root object identifier from an issuing authority and use
it to allocate additional object identifiers.
Most countries in the world have an identified national registration authority
responsible for issuing object identifiers to enterprises. In the United States, the
national registration authority is the American National Standards Institute
(ANSI). An enterprise can register a name for the object identifier as well. There
is a fee associated with both root object identifiers and registered names. For
details, contact the NRA for your country. The International Standards
Organization recognizes NRAs and maintains a list of contacts on the ISO Web
site.
![Page 452: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/452.jpg)
Glossary 437
59. What Active Directory administrative partition is a container object that can
contain users, groups, and resources?
A.
60. OU is the acronym for ______ ?
A.
![Page 453: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/453.jpg)
438 Chapter 7
59. What Active Directory administrative partition is a container object that can
contain users, groups, and resources?
*A. organizational unit Explanation: An organizational unit is a container object that is an Active Directory
administrative partition. OUs can contain users, groups, resources, and other
OUs. Organizational Units enable the delegation of administration to distinct
subtrees of the directory.
60. OU is the acronym for ______ ?
*A. organizational unit Explanation: OU is the acronym for organizational unit.
![Page 454: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/454.jpg)
Glossary 439
61. What two-way, transitive trust relationship is established when you add a domain
to an Active Directory tree?
A.
62. A complete unit of replication within the store is a __________.
A.
![Page 455: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/455.jpg)
440 Chapter 7
61. What two-way, transitive trust relationship is established when you add a domain
to an Active Directory tree?
*A. parent-child trust relationship Explanation: A parent-child trust relationship is the two-way, transitive trust
relationship that is established when you add a domain to an Active Directory
tree. The Active Directory installation process automatically creates a trust
relationship between the domain you are creating (the new child domain) and
the parent domain.
62. A complete unit of replication within the store is a __________.
*A. partition Explanation: A partition is a complete unit of replication within the store.
![Page 456: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/456.jpg)
Glossary 441
63. PDC is the acronym for ______ ?
A.
64. PKI is the acronym for ______ ?
A.
![Page 457: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/457.jpg)
442 Chapter 7
63. PDC is the acronym for ______ ?
*A. primary domain controller Explanation: PDC is the acronym for primary domain controller.
64. PKI is the acronym for ______ ?
*A. public key infrastructure Explanation: PKI is the acronym for public key infrastructure.
![Page 458: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/458.jpg)
Glossary 443
65. The set of rules that govern the interaction between a subject and an object forms
a ________.
A.
66. The software that executes at decision points to perform policy selection, to
evaluate conditions, and determine what actions must be performed is known as
what?
A.
![Page 459: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/459.jpg)
444 Chapter 7
65. The set of rules that govern the interaction between a subject and an object forms
a ________.
*A. policy Explanation: A policy is the set of rules that govern the interaction between a
subject and an object.
66. The software that executes at decision points to perform policy selection, to
evaluate conditions, and determine what actions must be performed is known as
what?
*A. policy engine Explanation: A policy engine is software that executes at decision points to perform
policy selection, to evaluate conditions, and determine what actions must be
performed. The concept of the policy engine is quite diffuse; policy engine
functionality will often be spread through many parts of the distributed system.
![Page 460: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/460.jpg)
Glossary 445
67. In a Windows NT Server 4.0 or earlier domain, what special name is given to the
computer running Windows NT Server that authenticates domain logons and
maintains the directory database for a domain?
A.
68. What collection of information is selected and applied to the interaction between
a subject and an object by an action that is the outcome of evaluation of policy
conditions?
A.
![Page 461: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/461.jpg)
446 Chapter 7
67. In a Windows NT Server 4.0 or earlier domain, what special name is given to the
computer running Windows NT Server that authenticates domain logons and
maintains the directory database for a domain?
*A. primary domain controller Explanation: In a Windows NT Server 4.0 or earlier domain, the primary domain
controller is the computer running Windows NT Server that authenticates
domain logons and maintains the directory database for a domain. The primary
domain controller tracks changes made to accounts of all computers on a
domain. It is the only computer to receive these changes directly. A domain has
only one primary domain controller. In Windows 2000, one of the domain
controllers in each domain is identified as the primary domain controller for
compatibility with down level clients and servers. See domain controller, backup
domain controller.
68. What collection of information is selected and applied to the interaction between
a subject and an object by an action that is the outcome of evaluation of policy
conditions?
*A. profile Explanation: A profile is a collection of information selected and applied to the
interaction between a subject and an object by an action that is the outcome of
evaluation of policy conditions. The content of a profile is specific to the
subjects and objects in question. Profiles can further simplify administration by
reducing the total number of policies.
![Page 462: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/462.jpg)
Glossary 447
69. What is a policy for establishing a secure method for exchanging information
within an organization, an industry, or a nation?
A.
70. This is the amount of disk space available to a user.
A.
![Page 463: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/463.jpg)
448 Chapter 7
69. What is a policy for establishing a secure method for exchanging information
within an organization, an industry, or a nation?
*A. public key infrastructure Explanation: Public key infrastructure is a policy for establishing a secure method
for exchanging information within an organization, an industry, or a nation. PKI
is also an integrated set of services and administrative tools for creating,
deploying, and managing public-key-based applications. It includes the
cryptographic methods, the use of digital certificates and certificate authorities,
and the system for managing the process.
70. This is the amount of disk space available to a user.
*A. quota limit Explanation: The amount of disk space available to a user is known as the quota
limit.
![Page 464: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/464.jpg)
Glossary 449
71. When using the Naming structure, what part of the name for an object is an
attribute of the object itself.
A.
72. This function keeps distributed databases synchronized by routinely copying the
entire database or subsets of the database to other servers in the network.
A.
![Page 465: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/465.jpg)
450 Chapter 7
71. When using the Naming structure, what part of the name for an object is an
attribute of the object itself.
*A. relative distinguished name Explanation: Relative distinguished name is the part of the name of an object that is
an attribute of the object itself. The attribute that provides the RDN for an object
is referred to as the naming attribute.
72. This function keeps distributed databases synchronized by routinely copying the
entire database or subsets of the database to other servers in the network.
*A. replication Explanation: In database management, replication keeps distributed databases
synchronized by routinely copying the entire database or subsets of the database
to other servers in the network. There are several methods of replication,
including primary site replication, shared or transferred ownership replication,
symmetric replication, (also known as update-anywhere or peer-to-peer
replication), and fail over replication.
![Page 466: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/466.jpg)
Glossary 451
73. The definition of an entire database is known as what?
A.
74. The domain controller assigned to control all updates to the schema within a
forest is known as what?
A.
![Page 467: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/467.jpg)
452 Chapter 7
73. The definition of an entire database is known as what?
*A. schema Explanation: Schema is the definition of an entire database; the universe of objects
that can be stored in the directory is defined in the schema. For each object
class, the schema defines what attributes an instance of the class must have,
what additional attributes it may have, and what object class can be a parent of
the current object base.
74. The domain controller assigned to control all updates to the schema within a
forest is known as what?
*A. schema master Explanation: The schema master is the domain controller assigned to control all
updates to the schema within a forest. At any time, there can be only one schema
master in the forest.
![Page 468: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/468.jpg)
Glossary 453
75. SID is the acronym for ______ ?
A.
76. What term is given to operations that are not permitted to occur at different
places in the network at the same time?
A.
![Page 469: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/469.jpg)
454 Chapter 7
75. SID is the acronym for ______ ?
*A. security identifier Explanation: SID is the acronym for security identifier.
76. What term is given to operations that are not permitted to occur at different
places in the network at the same time?
*A. single-master operations Explanation: Single-master operations are Active Directory operations that are
single-master, that is, not permitted to occur at different places in the network at
the same time. Examples of these operations include:
Primary domain controller (PDC) election
Certain infrastructure changes
Relative identifier (RID) allocation
Schema modification
![Page 470: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/470.jpg)
Glossary 455
77. A ________ is defined as one or more well connected TCP/IP subnets.
A.
78. The physical storage for each Active Directory replica is known as what?
A.
![Page 471: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/471.jpg)
456 Chapter 7
77. A ________ is defined as one or more well connected TCP/IP subnets.
*A. site Explanation: A site is a location in a network holding Active Directory servers. A
site is defined as one or more well connected TCP/IP subnets. Well-connected
means that network connectivity is highly reliable and fast (LAN speeds, 10
MM bits-per-second or greater).
Sites play a major role in the Active Directory replication service, which
differentiates between replication using a local network connection (intra-site
replication) and replication over a slower wide area network (WAN) link (inter-
site replication). Administrators use the Active Directory Sites and Services
Manager snap-in to administer replication topology for both intra- and inter-site
replication.
78. The physical storage for each Active Directory replica is known as what?
*A. store Explanation: A store is the physical storage for each Active Directory replica. When
an object is stored in Active Directory, the system will select a copy of the store
and write the object there. The replication system will replicate the object on all
other replicas. The store is implemented using the Extensible Storage Engine.
![Page 472: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/472.jpg)
Glossary 457
79. This is the trust relationship that inherently exists between Windows 2000
domains in a domain tree or forest, or between trees in a forest, or that can exist
between forests.
A.
80. A ________ is a set of Windows NT domains connected together through
transitive, bi-directional trust, sharing a common schema, configuration, and
global catalog.
A.
![Page 473: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/473.jpg)
458 Chapter 7
79. This is the trust relationship that inherently exists between Windows 2000
domains in a domain tree or forest, or between trees in a forest, or that can exist
between forests.
*A. transitive trust Explanation: A transitive trust is the trust relationship that inherently exists between
Windows 2000 domains in a domain tree or forest, or between trees in a forest,
or that can exist between forests. When a domain joins an existing forest or
domain tree, a transitive trust is automatically established. Transitive trusts are
always two-way relationships. This series of trusts, between parent and child
domains in a domain tree and between root domains of domain trees in a forest,
allows all domains in a forest to trust each other for the purposes of
authentication.
80. A ________ is a set of Windows NT domains connected together through
transitive, bi-directional trust, sharing a common schema, configuration, and
global catalog.
*A. tree Explanation: A set of Windows NT domains connected together through transitive,
bi-directional trust, is called a tree. The domains share a common schema,
configuration, and global catalog. The domains must form a contiguous
hierarchical namespace.
![Page 474: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/474.jpg)
Glossary 459
81. This simplest form of group can appear in ACLs anywhere in the forest.
A.
82. What kind of container allows an LDAP-compliant directory to be accessed
through Active Directory?
A.
![Page 475: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/475.jpg)
460 Chapter 7
81. This simplest form of group can appear in ACLs anywhere in the forest.
*A. universal group Explanation: A universal group is the simplest form of group. Universal groups can
appear in ACLs anywhere in the forest, and can contain other universal groups,
global groups, and users from anywhere in the forest. Small installations can use
universal groups exclusively and not concern themselves with global and local
groups.
82. What kind of container allows an LDAP-compliant directory to be accessed
through Active Directory?
*A. virtual container Explanation: Any LDAP-compliant directory can be accessed through Active
Directory using a virtual container.
![Page 476: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/476.jpg)
Glossary 461
83. When answering this question, keep in mind that your particular needs will
determine the precise meaning of this term.
What describes a network that has sufficient connectivity to make Active Directory
useful to clients on your network.
A.
84. Which Standard developed by the International Standards Organization (ISO)
became the standard for defining a distributed directory service?
A.
![Page 477: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/477.jpg)
462 Chapter 7
83. When answering this question, keep in mind that your particular needs will
determine the precise meaning of this term.
What describes a network that has sufficient connectivity to make Active Directory
useful to clients on your network.
*A. well-connected Explanation: Well-connected describes sufficient connectivity to make your
network and Active Directory useful to clients on your network. The precise
meaning of the term is determined by your particular needs.
84. Which Standard developed by the International Standards Organization (ISO)
became the standard for defining a distributed directory service?
*A. X.500 Explanation: The X.500 standard was developed by the International Standards
Organization (ISO), and became the standard for defining a distributed directory
service.
![Page 478: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/478.jpg)
Glossary 463
85. What protocol is an improvement on the XMODEM protocol?
A.
86. What is the acronym used to describe problems computers have with rolling over
to the year 2000?
A.
![Page 479: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/479.jpg)
464 Chapter 7
85. What protocol is an improvement on the XMODEM protocol?
*A. Ymodem Explanation: Ymodem is a variation of the Xmodem file transfer protocol that
includes the following enhancements: the ability to transfer information in 1
kilobyte (1,024-byte) blocks, the ability to send multiple files (batch file
transmission), cyclical redundancy checking (CRC), and the ability to abort
transfer by transmitting two CAN (cancel) characters in a row.
86. What is the acronym used to describe problems computers have with rolling over
to the year 2000?
*A. Y2K Explanation: Y2K is used to describe problems with the year 2000.
![Page 480: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/480.jpg)
Glossary 465
87. What term is used for Random Access Memory (RAM) when it is fast enough to
respond to the processor without requiring a wait state?
A.
88. What is the Slang word for Greenwich Mean Time?
A.
![Page 481: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/481.jpg)
466 Chapter 7
87. What term is used for Random Access Memory (RAM) when it is fast enough to
respond to the processor without requiring a wait state?
*A. zero wait state Explanation: The condition of random access memory (RAM) that is fast enough to
respond to the processor without requiring wait states.
88. What is the Slang word for Greenwich Mean Time?
*A. Zulu time Explanation: Zulu Time is the Slang word for Greenwich Mean Time.
![Page 482: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/482.jpg)
![Page 483: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/483.jpg)
468 Other Microsoft Books
Other Microsoft Certification books by TotalRecall Publications
InsideScoop to MCP / MCSE Certification: Exam 70-217 Managing a Microsoft Directory Services Infrastructure
ExamInsight For MCP / MCSE Certification: Exam 70-217 Managing a Microsoft Directory Services Infrastructure
InsideScoop to MCP / MCSE Certification: Exam 70-210 Managing Microsoft Windows 2000 Professional
InsideScoop to MCP / MCSE Certification: Exam 70-215 Installing, Configuring, and Administering Microsoft Windows 2000 Server
InsideScoop to MCP / MCSE Certification: Exam 70-216 Implementing and Administering a Microsoft Windows 2000 Network Infrastructure
ExamWise For MCP / MCSE Certification: Exam 70-218 Managing a Microsoft Windows 2000 Network Environment
InsideScoop to MCP / MCSE Certification: Exam 70-219 Designing a Windows 2000 Directory Services Infrastructure
InsideScoop to MCP / MCSE Certification: Exam 70-220 Designing Security for a Microsoft Windows 2000 Network
InsideScoop to MCP / MCSE Certification: Exam 70-221 Designing a Microsoft Windows 2000 Network Infrastructure
ExamWise For MCP / MCSE Certification: Exam 70-227 Installing, Configuring, and Administering Microsoft Internet Security and Acceleration (ISA) Server 2000, Enterprise Edition
![Page 484: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/484.jpg)
Money Back Book Guarantee 469
Money Back Book Guarantee
This guarantee applies only to books published by TotalRecall Publications, Inc.! We are so confident in our products, we are prepared to offer the followingguarantee to YOU our valued customer: If you do not pass your certificationexam after two attempts, we will give money back!
Visit http://www.totalrecallpress.comSelect “Money Back Book Guarantee” for details. Registered book purchasers who qualify will receive
1. Receive a 50% cash refund of purchase price 2. Receive a free TotalRecall book of equal value. Note: you must pay for shipping and handling.
To qualify for this TotalRecall Guarantee you must meet these requirements and perform the following tasks:
1. Register your purchase at the TotalRecall web site
http://www.totalrecallpress.com 2. Fail the corresponding exam twice ( No time Limit ) 3. Contact TotalRecall for the RMA # and to claim this guarantee
Send email to mailto:[email protected] Subject must contain your Membership # or Registration #
Ship the following to claim your refund. 1. RMA # from returned email 2. Documents of exam scores for both failed attempts 3. Return the Book to the following address
TotalRecall Publications, Inc.
Attn: Corby Tate 1103 Middlecreek Friendswood, TX 77546
888-992-3131 [email protected] 281-992-3131
281-482-5390 Fax http://www.bfq.com It's a Passing day here at the BeachFront. Thank you for using the TotalREcall Success Program. Bruce Moran President
![Page 485: Examwise for Installing, Configuring, and Administering Microsoft Windows 2000 Directory Service Infrastructure: Examination 70-217](https://reader031.vdocument.in/reader031/viewer/2022022812/57ade2e41a28abbe3a9b195c/html5/thumbnails/485.jpg)
470 Free Practice Exam Online
Free Practice Exam Online
With the purchase of this book you qualify for a Free
Beachfront Quizzer, Inc. Online Practice exam.
Visit www.TotalRecallPress.com for details.
Register your book purchase at www.TotalRecallPress.com
Your Registration Code is: = EW-03217-1000
System Requirements: Internet connection:
Call: 281-992-3131
Good Luck with your certification!
Your Book Registration Number is EW-03217-1000
You cannot go wrong with this book because it is GUARANTEED:
See details at www.TotalRecallPress.com