[updated thursday, september 24, 1998] · web view[updated thursday, september 24, 1998]...

[Updated Thursday, September 24, 1998]

[Question 1]:BWhat information is contained in the metabase?

[Alternatives:]?: IIS Help file location?: Web site home directory location?: MMC snap-in information?: Site Server toolbar settings

[Answer:]The metabase includes all the entries pertinent to Internet Information Server administration. The different types of property settings stored in the metabase are:

1. Computer and Web site properties2. Logging properties3. FTP-specific properties4. HTTP-specific properties5. Virtual directory and directory properties6. File properties7. ISAPI filter properties8. SSL key properties

The Web site home directory location is stored in the metabase and can be viewed using Internet Service Manager. MMC snap-in information is stored in the MMC configuration. Site Server toolbar settings are stored in that administrative application.The IIS Help file location is stored in the IIS Help application.The IIS metabase is located in %systemroot%\system32\Inetsrv\metabase.bin.Some parameters/settings stored in the metabase are:

-- Virtual roots-- Mime map-- Access rights-- Bandwidth throttling-- Maximum connections-- HTTP keep-alive-- Primary Scripting Language-- FTP messages-- Web Default Document-- Enable Logging

-------------------------------------------------------------[Question 2]:B

You are the system administrator of a firm dealing with images and artwork through the Internet. You have a RAID5 disk array on the IIS Server 4.0 computer. The Web site home directory is located on the RAID5 disk array.Within months, the information stored on this IIS Server 4.0 computer doubles. Now people accessing the Web site of the company start complaining that the Web site is slower than before. How do you improve the performance of the Web site?

[Alternatives:]?: Move the files in the home directory to a virtual directory on the RAID5 disk array.?: Move the files in the home directory to multiple RAID5 disk arrays.?: Move the files in the home directory to one volume set in the RAID5 disk array.?: Move the files in the home directory to separate virtual directories on a single RAID5 disk array.

[Answer:]RAID level 5 means disk striping with parity. It provides not only fault tolerance, but also faster access to data.This is possible because data is distributed on multiple disks (a disk array) in the stripe set, and pieces of data can be read from multiple disks concurrently.If the data is already stored on a RAID5 disk array, you can improve performance by adding more RAID5 disk arrays and distributing the files on multiple RAID5 disk arrays.Note that all the other answer choices suggest keeping the data on the same disk array, which will not improve performance.

-------------------------------------------------------------[Question 3]:B

John is accessing the Web site of his company from home. While browsing the site, he receives the following error message:

HTTP/1.1 403 Access Forbidden

Which of the following problems could be causing the above error?

[Alternatives:]?: The system administrator of the Web site changed John's access to the Web site yesterday.?: The default document has not been specified in the Web site, Properties, Documents tab.?: The hypertext link John is trying to access is broken.?: Windows Challenge/Response is being used.

[Answer:]The HTTP/1.1 403 Access Forbidden error may be caused by any of the following:1. The file designated as the default document for the site does not exist. This default file for a Web site is typically Default.htm or Default.asp.2. The site has been configured to use to use a secure channel over the HTTPS protocol, but the browser uses HTTP as its protocol instead.3. The user is trying to execute a CGI, ISAPI, or other execution program from a directory that does not allow programs to be executed.HTTP 401.x errors refer to authentication failures. HTTP 403.x errors occur because access to data is forbidden. HTTP 404.x errors occur when a resource is not located. Here is a list of some common 401.x, 403.x, and 404.x errors:

401.1 Unauthorized -- Logon failed401.2 Unauthorized -- Logon failed due to server configuration401.3 Unauthorized -- Unauthorized due to ACL on resource401.4 Unauthorized -- Authorization failed by filter401.5 Unauthorized -- Authorization failed by ISAPI/CGI application403.1 Forbidden -- Execute Access Denied403.2 Forbidden -- Read Access Denied403.3 Forbidden -- Write Access Denied403.4 Forbidden -- SSL required (use https:// ... on client)403.5 Forbidden -- SSL 128 required (128-bit version of SSL)403.6 Forbidden -- IP Address rejected (client's IP address has been blocked)403.7 Forbidden -- Client Certificate Required403.8 Forbidden -- Site Access Denied (Web server is down or user does not have permission to connect to the site)403.9 Forbidden -- Too many users403.10 Forbidden -- Invalid configuration (on the Web server)403.11 Forbidden -- Password change (user entered wrong password)403.12 Forbidden -- Mapper denied access (client certificate map is denied access)404 File not found

If the system administrator modifies John's access to the Web site, it will affect his access from work as well as from home.If John's browser does not support Windows NT Challenge/Response Authentication, and no other authentication method is supported by IIS, then he will get HTTP Error 401.If the hypertext link is broken, he will get HTTP Error 404 -- file not found.

-------------------------------------------------------------[Question 4]:B

As a security measure, you change the TCP port in FTP Site Properties to 19,860. Some users complain that they are unable to access the FTP site. What might be the cause of the problem?

[Alternatives:]?: You cannot set the TCP port to a number above 1023.?: The users having problems are still accessing port number 21.?: The users must access port number 80.?: You cannot set the TCP port to an even number.

[Answer:]If you want to limit access to your FTP site, you can change the control connection port number (default 21) to a TCP port number greater than 1023. This effectively "hides" your site.Any application using TCP or UDP for its transport is assigned a unique identification. This is known as its TCP (or UDP) port number. On the client, the application uses a dynamically assigned port number.

On the server, the administrator can configure the port number. To connect to the server, the client application must know which port number is being used on the server so that it can direct packets to that application on the server.Since port numbers 1 through 1023 are already reserved for commonly used applications, an administrator should assign port numbers greater than 1023.

-------------------------------------------------------------[Question 5]:D

Which of the following is the default TCP port number for the WWW service?

[Alternatives:]?: 20?: 21?: 25?: 80

[Answer:]A server application or process that uses TCP as a transport protocol has at least one preassigned port number.For example, the preassigned port numbers for FTP server services are 20 (data) and 21 (control); the preassigned port number for the SMTP service is 25; and the preassigned port number for the HTTP (WWW) service is 80.The preassigned port number for the NNTP service is 119. SSL connections are made through separate ports. For example, the SSL port for WWW is 443; the SSL port for NNTP is 563.-------------------------------------------------------------[Question 6]:B

You want to monitor FTP service sessions in real time. What is the best utility to use?

[Alternatives:]?: netstat?: Performance Monitor?: Windows NT Application Event Viewer?: FTP Logging

[Answer:]Both netstat and Performance Monitor are used to monitor FTP sessions.The major difference between the two tools is that netstat shows static information (a "snapshot") about events at a given point in time, whereas Performance Monitor shows events happening in real time.You can also use "Current Sessions" in FTP Site properties in Internet Service Manager to monitor current sessions. Windows NT Event Viewer only logs critical errors; it does not log application usage.FTP log files can be enabled to log usage, but they are generally processed offline and not in realtime.

-------------------------------------------------------------[Question 7]:BCE

What are the requirements for the installation of the SMTP service?

[Alternatives:]?: DHCP?: NTFS?: TCP/IP on the clients?: Server NetBIOS name resolution?: Server host name resolution

[Answer:]NTFS is required for SMTP to provide file- and folder-level security (e.g., for Pickup and Queue mail folders). TCP/IP is required on all SMTP clients because SMTP is a TCP/IP application.TCP/IP uses host name resolution to resolve host names to IP addresses. NetBIOS name resolution resolves NetBIOS names to IP addresses, and only works on Windows operating systems. Other operating systems, such as Unix, may not use NetBIOS names.DHCP is not required for SMTP; it is a service for automatically configuring TCP/IP on clients.

[Question 8]:C

During the installation of IIS on the Windows NT server named PCAGE, an account named IUSR_PCAGE is created.After one week Mike, the system administrator, changes that account's default password in the Web Site Properties, Directory Security, Anonymous user account.The users start complaining that they cannot log on as anonymous users. What should Mike do to fix this problem?

[Alternatives:]?: Re-install IIS.?: Re-generate the randomly generated password.?: Change the IUSR_PCAGE account password in User Manager to the same password assigned in IIS.?: Change the Guest account password in User Manager to the same password assigned in IIS.

[Answer:]The Internet Guest account specified here, IUSR_PCAGE, is automatically created during installation of IIS on the Windows NT server named PCAGE.It must be a valid Windows NT user account on the server computer, and the password specified in the Web Site Properties, Directory Security, Anonymous user account must match the password for this user in the computer's user database.The user accounts and passwords are configured using Windows NT User Manager.The Guest account mentioned in Choice D is the account, created during Windows NT installation, by which users who do not have a specific account can log on to Windows NT and access the file and print services of the server.The Internet Guest Account, IUSR_<computername>, which is created during IIS installation, is not the same as the Guest account mentioned in Choice D.Windows internally uses the Internet Guest account when anonymous users log in to access various IIS services such as WWW and FTP.

-------------------------------------------------------------[Question 9]:B

Mike was a member of the Sales group. In the restructuring of the company, he is promoted to the Finance department of the company. The Finance department people access an ISAPI application, Books.dll, over the intranet.Mike tries to use this application, but he receives an error message. Tom, another employee of the Finance department, is able to run the application without any problems. What is the best way to allow Mike to run the finance application?

[Alternatives:]?: Give Mike the appropriate NTFS file permissions on the finance application.?: Add Mike to the Finance group using User Manager for Domains.?: Configure Mike's account to give him access to all the files being accessed by the Finance department.?: Mike has to use an SSL-enabled browser to use the finance application on the intranet.

[Answer:]To run the finance application, the user needs access to the Books.dll file.The two ways to allow Mike to run the finance application are to assign permissions on the file to his individual user account, or to add his account to the Finance group which has access to the file.When any user account is added to a group, it inherits all the permissions of that group. This is the best way to grant permissions. Note that this question assumes that Mike is not a member of any group which has No Access permission on Books.dll.If he were a member of such a group, he would automatically have No Access permission, no matter what other permissions he had through other groups.

-------------------------------------------------------------[Question 10]:AC

What can be saved in the MMC file which has the extension .msc?

[Alternatives:]?: Loaded snap-ins?: Web site security settings?: Window configuration?: Virtual directory location?: TCP port numbers for Web sites

[Answer:]

Saving a console to a file preserves its list of loaded snap-ins and window configuration for later use. After you save a console, you can deliver it on a floppy disk or put it in a shared folder on your network.You can prevent users from changing the console by giving users read-only access to the shared folder containing the MMC file. Console files have a default extension of .msc.

-------------------------------------------------------------[Question 11]:D

John's friend gives him the URL of a new Web site he designed himself. John goes home and tries to access the new site, but he gets the following message:

Error 403.2 Access Forbidden

Why did John get this error message?

[Alternatives:]?: SSL is not being used on the browser.?: SSL is being used on the browser.?: Windows NT Challenge/Response is being used.?: The NTFS file permissions are not correct.


401.1 Unauthorized -- Logon failed401.2 Unauthorized -- Logon failed due to server configuration401.3 Unauthorized -- Unauthorized due to ACL on resource401.4 Unauthorized -- Authorization failed by filter401.5 Unauthorized -- Authorization failed by ISAPI/CGI application403.1 Forbidden -- Execute Access Denied403.2 Forbidden -- Read Access Denied403.3 Forbidden -- Write Access Denied403.4 Forbidden -- SSL required (use https:// ... on client)403.5 Forbidden -- SSL 128 required (128-bit version of SSL)403.6 Forbidden -- IP Address rejected (client's IP address has been blocked)403.7 Forbidden -- Client Certificate Required403.8 Forbidden -- Site Access Denied (Web server is down or user does not have permission to connect to the site)403.9 Forbidden -- Too many users403.10 Forbidden -- Invalid configuration (on the Web server)403.11 Forbidden -- Password change (user entered wrong password)403.12 Forbidden -- Mapper denied access (client certificate map is denied access)404 File not found

Error 403.2 occurs if the permissions (NTFS or IIS) on the file or folder being accessed are not sufficient. If the server had SSL-enabled content and the browser was using HTTP, John would get HTTP Error 403.4: SSL Required.An incorrect authentication method would result in authentication failure, and John would get HTTP Error 401.

-------------------------------------------------------------[Question 12]:D

Your company has been assigned one IP address from InterNic. You want to configure two virtual servers on IIS 4.0. What is the best way you can configure two virtual servers using just one IP address?

[Alternatives:]?: Assign the same IP address to each server.?: You cannot configure two virtual servers using just one IP address. You must obtain another IP address.

?: Use custom HTTP headers on IIS 4.0.?: Add host headers on IIS 4.0.

[Answer:]IIS 4.0 not only provides support for hosting multiple Web sites on a single computer running Windows NT Server, but also for hosting them on a single IP address.IIS provides this capability through the use of a host header that is supported by most newer browsers (Internet Explorer 4.0 and Netscape 4.0, for example) and some older ones. Host headers are supported by HTTP 1.1.Web sites have a descriptive name and can support one or more host header names. Host header names make the hosting of multiple domain names on one Web site possible.The browser sends the host header (which includes the name of the Web site it is trying to access) to the server. The client must also be able to resolve the host name to an IP address using DNS or a HOSTS file.Not all browsers support the use of host header names.If a visitor attempts to contact your site with an older browser that does not support host headers, the visitor gets the default Web site assigned to the address (if a default site is enabled), which may not necessarily be the site requested.Custom HTTP headers are used to send messages such as cache pages from the server to the browser. You can configure two virtual servers on a computer using the same or different IP addresses.The two virtual servers may use the same Web content or different Web content.

-------------------------------------------------------------[Question 13]:D

You are away from your office for a meeting with representatives of a prospective client. Your company creates Web sites for its customers.You want to show the representatives a sample of a site you developed, but they do not have an Internet connection. You have access to the Internet in your hotel room, and you have a laptop computer running Windows NT Server 4.0.You decide to download a Web site, along with all of its links and linked pages, onto your laptop to show the representatives. What can you use to do this?

[Alternatives:]?: Microsoft Certificate Server?: Microsoft Transaction Server?: Microsoft Index Server?: Microsoft Site Server Express

[Answer:]You can use the Copy Site option in Site Server Express to copy a site from a Web server to your local hard disk as Control Analyzer builds up the Webmap.Microsoft Site Server Express 2.0 is available for Windows NT Server 4.0, Windows NT Workstation 4.0, and Windows 95. Internet Explorer also provides a way to download a Web site using subscriptions.

-------------------------------------------------------------[Question 14]:C

You have a Web site named www.pcage.com. The IP address of the site is 209.1.86.6. Which utility will help in the resolution of your site's Internet domain name to its IP address?

[Alternatives:]?: WINS?: DHCP?: DNS?: TCP/IP

[Answer:]A Fully Qualified Domain Name (FQDN), such as www.pcage.com, can be resolved by a DNS server or a HOSTS file.Domain Name System (DNS) is a protocol used on the Internet to map Internet Protocol (IP) addresses to user-friendly names (host names, or FQDNs).Windows Internet Name Service (WINS) is a protocol for assigning and resolving the NetBIOS names of computers to their Internet Protocol (IP) addresses.Dynamic Host Configuration Protocol (DHCP) is a protocol for automatic TCP/IP configuration of hosts.Transmission Control Protocol/Internet Protocol (TCP/IP) is an industry standard suite of protocols providing communications in a heterogeneous environment.

[Question 15]:C

You have a Web site which contains a lot of image and audio files. You want to find out how may HTML pages have images which are larger than 32K. What is the easiest way to find this out?

[Alternatives:]?: Perform a Windows NT Explorer search for files larger than 32K.?: Perform an Index Server search for files larger than 32K.?: Use a Webmap in Site Server Express and search Load Size over 32K.?: Set the Performance Monitor counter for Files over 32K.

[Answer:]The easiest and fastest way to search a Webmap is to use Site Server Express, Content Analyzer's predefined searches (called Quick Searches). With just a click, you can find all your broken links, hidden objects, images without ALT strings, and more.A Load Size over 32K search will return all pages whose load size (the size of the HTML page plus any linked inline resources, such as images) is larger than 32K.

-------------------------------------------------------------[Question 16]:A

You are the IIS administrator of your Web site, and you want to make your Web site secure. You want a certain range of computers to be unable to access the Web site.In the Directory Security tab and in the IP Address and Domain Name Restrictions in the Web Site properties, you check the Granted Access option and type the following in the exception list: IP address 125.45.65.32 and subnet mask 255.255.255.248.Which range of computers will be denied access to your Web site?

[Alternatives:]?: IP addresses 125.45.65.32 to 125.45.65.39?: IP addresses 125.45.65.32 to 125.45.65.57?: IP addresses 125.45.65.64 to 125.45.65.71?: IP addresses 125.45.65.64 to 125.45.65.79

[Answer:]You can either deny access to every IP address with certain exceptions, or grant access to every IP address with certain exceptions. Using a subnet mask as a filter allows you to block host IDs into contiguous IP address units.The subnet mask 255.255.255.248 creates a block of 8 IP addresses; so in this question, 8 addresses are being denied access, and the range would be IP address 125.45.65.32 to IP address 125.45.65.39 (which is 8 IP addresses inclusive).The effective block (group) of IP addresses is a range of IP addresses for which all bits corresponding to 1s in the subnet mask are the same.In this question, this includes IP addresses (in binary representation) 0111 1101.0010 1101.0100 0001.0010 0xxx, where the last three bits (xxx) can have any one of eight possible values: 000, 001, 010, 011, 100, 101, 110, or 111.Translating all the possible values of xxx to decimal representation shows that this last byte (0010 0xxx) of an IP address in this block can be 32, 33, 34, 35, 36, 37, 38, or 39.

-------------------------------------------------------------[Question 17]:D

You have 2 IIS servers: one in Los Angeles and one in Seattle. Each location has 100 Web sites on its IIS server. To limit bandwidth usage, you want to change the maximum number of connections for each Web site to 1000.What is the easiest way to change the maximum connections parameter in Web Site Properties for each of the 200 Web sites?

[Alternatives:]?: Use Internet Service Manager to change ports on individual sites.?: Use Internet Service Manager (HTML) to change ports on individual sites.?: Write a VB script and run it at both IIS servers.?: Write a VB script and run it at one IIS server.?: Write a VB script and run it at all 200 virtual Web sites.

[Answer:]Using the Windows Scripting Host (WSH), administrators can automate the administration tasks on the server using any scripting language supported by Active Server Pages.For example, an administrator can write a Microsoft Visual Basic script to create a new virtual directory, and then with WSH, run the script file from the command line to create a new virtual directory on the Web site.

Administrators can write a single script to target multiple Web sites, or multiple physical servers, to provide effective grouped server administration.In the above case, the administrator can run a VB Script and run it at one site to change the Web site properties of both the Los Angeles and Seattle servers.

-------------------------------------------------------------[Question 18]:A

You have installed a new content filter on the Index Server. You issue a query for documents that you know are in the directory in which the content filter is installed, but you get no response. What is the best way to fix this problem?

[Alternatives:]?: Force a full scan.?: Force an incremental scan.?: Force a master merge.?: Force a shadow merge.

[Answer:]A content filter is an Index Server component that is responsible for reading a document from the disk and extracting the textual content from that document. Typically, filters are associated with particular document formats.For example, Microsoft Word documents have their contents extracted by a different filter than Microsoft Excel documents.The process of inventorying the virtual roots (and the physical directories to which the virtual roots point) to determine which documents should be indexed is called scanning. By default, all readable virtual roots are indexed.If some readable virtual roots should not be indexed, they can be configured by the administrator. There are two basic types of scans: Full Scan and Incremental Scan.In a full scan, all the documents in the inventoried directories are added to the list of documents to be filtered. A full scan is performed the first time a directory is added to the list of indexed directories.A full scan is also performed as part of recovery if a serious error occurs.In an incremental scan, only the documents that have been modified since the last time they were filtered are added to the list of documents to be filtered.You should force a full scan after installing a new filter, removing a filter, or repairing a filter's registration information.You should also force a full scan after making other global changes, such as changing the size of the characterization (the summary of the document) or adding a new word breaker.To perform a full scan, select the virtual directory in Index Server Manager and select Scan. In the Full Scan dialog box, click Yes to perform a full scan (clicking No will perform an incremental scan).

-------------------------------------------------------------[Question 19]:B

In IIS 4.0, where are the MIME settings stored?

[Alternatives:]?: Registry?: Metabase?: Windows Explorer, File, Options?: Internet Service Manager

[Answer:]In IIS 4.0, MIME settings and other pertinent IIS information is stored in the metabase.The metabase includes all the entries pertinent to Internet Information Server administration. The different types of property settings stored in the metabase are:


In IIS 3.0, MIME settings are stored in the Registry, in the location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters\MimeMap.

-------------------------------------------------------------[Question 20]:C

On your IIS server, you have defined a virtual directory on a server running NetWare Server 4.11. During virtual directory configuration, you enter the UNC path for the virtual directory.You have also configured the IUSR_<computername> account with the necessary Read permission using Windows NT User Manager for Domains.Anonymous users still cannot connect to the Web site on the virtual directory. What is the most likely reason that these users cannot connect to the site?

[Alternatives:]?: You cannot enter an UNC name for a NetWare-based virtual directory.?: You have to give Execute permission on the resources to the IUSR_<computername> account.?: You have to create a similar IUSR_<computername> account on the NetWare server which has access to the resources in the NetWare server.?: You cannot have a virtual directory on a NetWare server. Copy the files from the NetWare server to the Windows NT server and make that the path to the virtual directory.

[Answer:]You can use remote virtual directories for folders stored on disks installed in other computers.As with local virtual directories, when configuring a remote virtual directory, you are asked to assign an alias to the folder. You must also supply the folder's universal naming convention (UNC) address.In order to access the folder with a UNC, you have to enter a valid user name and password. The user name and password you enter is automatically used by visitors who access data contained within this virtual directory.IUSR_<computername> is not automatically created on the NetWare server. You have to create a similar account for anonymous access on the NetWare server and give it access to the specified directory.

-------------------------------------------------------------[Question 21]:AC

On your Microsoft Index Server, the word lists are taking up too much memory. What can you do to decrease the amount of memory used by the word lists?

[Alternatives:]?: Decrease the number of word lists.?: Increase the number of word lists.?: Decrease the size of word lists.?: Increase the size of word lists.?: You cannot adjust the size of word lists.?: You cannot adjust the number of word lists.

[Answer:]Word lists are small, temporary indexes stored in the server's RAM. Each word list contains data for a small number of documents.There are two registry parameters that deal with word lists: MaxWordLists (range 10 to 30, default 20) and MaxWordListSize (unit of 128 KB, range 10 to infinity, default 14). MaxWordLists is the maximum number of word lists that can exist at one time.MaxWordListSize is the maximum amount of memory that can be consumed by an individual word list; when this limit is reached, a new word list is created.In the above question, if we decrease the number of word lists, the MaxWordLists value will be reached more often. When this happens it triggers a shadow merge, which frees up memory.If we decrease the size of the word lists, the MaxWordListSize value will be reached more often. When this happens it triggers the creation of new word lists.This in turn increases the number of word lists, causing the MaxWordLists number to be reached earlier. This, as described above, triggers an early shadow merge, which frees up memory.

-------------------------------------------------------------[Question 22]:A

Carol is interested in setting up a private Web site that would be accessed on the intranet. What can you use to authenticate users to this intranet Web site?

[Alternatives:]?: Microsoft Certificate Server?: Microsoft Transaction Server?: Microsoft Site Server?: Microsoft Internet Information Server

[Answer:]Microsoft Certificate Server is a standards-based, highly customizable server application for managing the issuance, revocation, and renewal of digital certificates. Certificate Server generates certificates in standard X.509 format.These certificates can be used for any number of public-key applications including, but not limited to, the following:

--Server and client authentication under the Secure Sockets Layer (SSL) protocol--Secure e-mail using Secure/Multipurpose Internet Mail Extensions (S/MIME)--Secure payment using Secure Electronic Transaction (SET)

-------------------------------------------------------------[Question 23]:D

You are the IIS administrator of your Web site. In the IP Address and Domain Name Restrictions dialog box, you check the Denied Access option and type the following in the exception list: IP address 192.80.245.96 and subnet mask 255.255.255.224.Which range of computers will be granted access to your Web site?


[Answer:]You can either deny access to every IP address with certain exceptions, or grant access to every IP address with certain exceptions. Using a subnet mask allows you to block host IDs into contiguous IP address units.The subnet mask 255.255.255.224 creates a block of 32 IP addresses; so in this question, 32 addresses are being granted access, and the range would be IP address 192.80.245.96 to IP address 192.80.245.127 (which is 32 IP addresses inclusive).The effective block (group) of IP addresses is a range of IP addresses for which all bits corresponding to 1s in the subnet mask are the same.In this question, this includes IP addresses (in binary representation) 1100 0000.0101 0000.1111 0101.001x xxxx, where the last five bits (x xxxx) can have any one of thirty-two possible values:00000, 00001, 00010, 00011, 00100, 00101, 00110, 00111, 01000, 01001, 01010, 01011, 01100, 01101, 01110, 01111, 10000, 10001, 10010, 10011, 10100, 10101, 10110, 10111, 11000, 11001, 11010, 11011, 11100, 11101, 11110, 11111.Translating all the possible values of xxxxx to decimal representation shows that this last byte (001x xxxx) of an IP address in this block can be96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, or 127.

-------------------------------------------------------------[Question 24]:C

In Windows NT, which group should a user belong to if he has to manage IIS using the Internet Service Manager (HTML)?

[Alternatives:]?: Everyone?: Domain Users?: Administrators?: Internet Users

[Answer:]To use Internet Service Manager (HTML), you must be logged on to a user account that has Administrator privileges on the computer being administered.This can be the Administrator account, or any other account added to the Server Operators list in the Service Properties, Operators tab.

-------------------------------------------------------------[Question 25]:C

What would you use to add your company logo to the bottom of every page on your company's Web site?

[Alternatives:]?: A .htx template?: A .htm template

?: A server-side include?: You cannot automatically add the logo. You must cut and paste it into each Web page.

[Answer:]IIS and many other Web servers have a feature called server-side include (SSI) which automatically inserts the contents of a Web page in place of special HTML tags.This feature enables you to create a single page for headers, footers, navigation button bars, or any other set of common elements, and then include these elements in other pages.A .htx template is used to format the results of a database query.

-------------------------------------------------------------[Question 26]:ABCD

Which of the following can you do from the Internet Service Manager (HTML)?

[Alternatives:]?: Start and stop the Web site.?: Change the anonymous logon account for the Web site.?: Change the type of password authentication.?: Change the TCP port number.

[Answer:]The Internet Service Manager (HTML) program provides most of the same administrative functions as Internet Service Manager. You can use Internet Service Manager (HTML) with your Web browser to administer Internet Information Server over the Internet.Property changes which require coordination with Windows NT utilities (such as certificate mapping) cannot be made with the HTML version of Internet Service Manager.

-------------------------------------------------------------[Question 27]:A

You create a remote virtual directory called PCAGE on the IIS server PCAGE1. The physical directory is located on a server called PCAGE2. Anonymous users cannot access the virtual directory from your Web site.Which of the following is causing the problem?

[Alternatives:]?: The account name and password which IIS will use to access the virtual directory have not been assigned in Web Site Properties.?: Users have not been assigned the necessary share permissions to access the directory.?: IIS is configured for Basic authentication.?: IIS is configured for Windows NT Challenge/Response authentication.

[Answer:]When you specify a virtual directory location that resides on another computer in the network, you should enter an account name and password that IIS will use to access the directory.You do not need to assign share permissions to anonymous users. By default, Windows NT uses the IUSR_<computername> account to represent an anonymous user.Multiple authentication methods (Anonymous Access, Basic, and Windows NT Challenge/Response) can be enabled on IIS simultaneously.

-------------------------------------------------------------[Question 28]:B

You are in an organization which has 200 Windows NT users. These users have to access three intranet Web sites which have been set up to use host headers. You do not have DNS enabled on the intranet.How can you let the users resolve the names of these intranet sites?

[Alternatives:]?: Add a HOSTS file on the Internet Information Server.?: Add a HOSTS file on each client.?: Add a LMHOSTS file on each client.?: Add static IP addresses in the WINS server and enable WINS server resolution.

[Answer:]A client should be able to resolve a name used in a host header to its IP address. This can be done by using a host name resolution method, such as DNS or a HOSTS file.Install a HOSTS file on each client (in the %systemroot%\system32\etc\drivers folder). The file should contain entries for Web server names (as specified by the host headers) and their corresponding IP addresses.

Since the name resolution has to be performed by the client (browser), the HOSTS file is not needed on the IIS computer. An administrator can choose to install a centralized HOSTS file on a server and let clients refer to this file for name resolution.This can be done using directory replication, or by specifying a different location for the HOSTS file in the Registry parameter DataBasePath.

-------------------------------------------------------------[Question 29]:A

You have an IIS 4.0 installation which has 32 MB of RAM and 44 MB of virtual memory. You get calls that the Index Server is slow, so you increase the property cache value. But the Index Server is still slow. Why?

[Alternatives:]?: The property cache is now using the RAM.?: The property cache is now using the virtual memory.?: The RAM is now using the virtual memory.?: You cannot change the property cache value.

[Answer:]The property cache is a disk cache used to speed up queries for frequently accessed values (properties) of documents (such as path, abstract, title, attributes, and size).The property cache is a large data structure. The registry parameter PropertyStoreMappedCache controls how much of the property cache is always kept in memory. There are two cases in which you change the default setting:First, on large index servers, increasing this value tends to yield better performance. But if the physical memory (RAM) is inadequate, the performance might suffer.Second, if the default is not adequate to handle a heavy query load, and the system is overworked even when the index is up to date.Hence if we increase the property cache value, it uses part of the RAM, which affects the performance of the system.The property cache is specified in 64 KB units; the default value is 16 (which is 16 * 64 KB, or 1 MB).

-------------------------------------------------------------[Question 30]:A

As a user, you have to download sensitive information from the Web server to your client. Which of the following would you use to access this information over the Internet?

[Alternatives:]?: SSL (Secure Sockets Layer)?: Windows NT Challenge/Response Authentication?: Microsoft Site Server?: NTFS file system

[Answer:]You can configure your Web server's Secure Sockets Layer (SSL) security features to guarantee the integrity of your content, verify the identity of servers or clients, and encrypt network transmissions.Windows NT Challenge/Response authentication is a user authentication method which uses encrypted user names and passwords for security. It does not perform data encryption.Microsoft Site Server can be used to download a Web site, but does not itself provide security.The NTFS file system provides file- and folder-level security, but only on local disks.

-------------------------------------------------------------[Question 31]:B

You do not want users to be able to search for certain high-security documents in your company which have the word "CONFIDENTIAL" in the heading. How can you prevent them from doing this?

[Alternatives:]?: Use restrictive NTFS file permissions on the directory where documents are stored.?: Use the word "CONFIDENTIAL" in the noise word file.?: Use the word "CONFIDENTIAL" in the loud word file.?: Use the word "CONFIDENTIAL" in the restricted word file.

[Answer:]Words that are not significant for searching are called noise words or stop words. If you do not want specific words to be in the result set, you can add these words to the noise word file.

Noise words are stored in the %systemroot%\system32 directory in various noise word files (Noise.dat, by default). The noise word files are language-dependent. The noise word file for a particular language is specified in the registry under the key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex\Language\<language>\NoiseFile

For example, the noise word file for English_US is listed as the registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex\Language\English_US\NoiseFile\noise.dat

The noise word files can be edited with a text editor to either add new words or remove words that are not considered "noise" at a particular installation. Note that querying for noise words will not yield any hits.If the user issuing the query does not have access permissions on a certain document, this document will not show up in the results list. Therefore, NTFS or virtual directory permissions can be applied to certain documents to hide them.Be aware, however, that these permissions will apply to all files in the directory, and can inadvertently hide other files.

-------------------------------------------------------------[Question 32]:C

You have configured a Web site to log usage in an ASCII text file. Where can you get information on the user names and number of hits for the Web site?

[Alternatives:]?: Web Application log in Event Viewer?: Web Site Properties, Number of hits field?: Web log file in %systemroot%\system32\LogFiles?: Performance Monitor

[Answer:]You can configure your Web or FTP sites to log information about user activity.This logging should not be confused with the usual logging carried out through Windows NT Server; the logging in IIS is more extensive, and is viewed as ASCII text files or ODBC-compliant databases (not by using the Event Viewer).You can find out which users accessed your sites and what information they accessed.The following log file formats are available:

a) NCSA Common log file format (not available for FTP sites)b) ODBC Loggingc) W3C Extended log file formatd) MS IIS log file format

NCSA, W3C, and MS IIS are ASCII text log file formats.Performance Monitor can also be used to provide some information (such as number of anonymous/non-anonymous connections), but it will not show user information (such as user names) or other detailed information.

-------------------------------------------------------------[Question 33]:BC

In an organization, there are two domains: Finance and Technology. There is no trust relationship between the two domains.IIS 4.0 and Index Server 2.0 are running on the server Finance1 in the Finance domain. The server Technology1 is located in the Technology domain. The system administrator wants to index \\Technology1\Data.What should the administrator do to index the information using Microsoft Index Server?

[Alternatives:]?: Create an account in the Technology domain that has access to the IIS server in the Finance domain.?: Create an account in the Finance domain that has permission to connect to \\Technology1\Data.?: Create a trust relationship in which the Technology domain trusts the Finance domain.?: You cannot use Microsoft Index Server to index across domains; the servers should be in the same domain.

[Answer:]Windows NT supports multiple security domains. If you want to use Index Server to index data on a remote domain, the following requirements must be met:

1. A trust relationship must exist between the two domains. The domain being accessed (the domain containing the documents) must trust the accessing domain (the domain in which Index Server is installed).2. A user account (e.g. WebUser) with Interactive Logon privileges should be created in the accessing domain (the domain in which Index Server is installed).3. A user account with access to the data being indexed should be used in the UNC paths (e.g. \\Technology1\Data) when configuring the virtual directory.4. Index Server should be stopped and restarted.

-------------------------------------------------------------[Question 34]:A

When you run Microsoft Index Server (HTML), you see the following error message with certain browsers:

Cannot open the Internet site http://localhost/iisadmin/isadmin/admin.htm

What is the most likely cause of this error?

[Alternatives:]?: Allow Anonymous authentication is selected.?: Basic authentication is selected.?: Windows NT Challenge/Response authentication is selected.?: None of the above.

[Answer:]By default, Index Server allows only the Administrative accounts to access the administrative functions of the server.If you only have Allow Anonymous selected in Microsoft Internet Service Manager Password Authentication, all users are denied access and will get the above error message.This is because anonymous users use the security context of IUSR_<computername>, but administrative privileges are required to administer an index server.Check either Basic or Microsoft Windows NT Challenge/Response authentication under Microsoft Internet Service Manager Password Authentication. Basic authentication will allow users to use any browser for Index Server administration.Windows NT Challenge/Response authentication is only supported by Internet Explorer 3.0 or later.

-------------------------------------------------------------[Question 35]:B

You have an application file with the extension .frm. Whenever you click its link, your browser opens it as a text file instead of running the associated application, FormBuild. What should you do to fix this problem?

[Alternatives:]?: Edit the text/html entry under \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Inetinfo\Parameters\MimeMap.?: Create a MIME mapping for .frm on the IIS server.?: Modify the MIME mapping for .frm on the IIS server, and use text/html as the MIME type.?: Remove the MIME mapping for .frm on the IIS server.

[Answer:]The IIS server is probably sending an incorrect MIME type, or no MIME type at all, to the client. In Web Site Properties, select HTTP Headers, File Types in MimeMap to create or modify MIME mappings.Once the file type is registered (using a file name extension, such as .frm, and a MIME type, such as application/formbuild), the proper MIME type will be sent to the browser in the HTTP header.

-------------------------------------------------------------[Question 36]:C

What is the result of reducing the permissible amount of word lists in Index Server?

[Alternatives:]?: Shadow merges will occur less often.?: Full scan will occur more often.?: Master merges will occur more often.?: The number of persistent indexes will increase.

[Answer:]Word lists are small, temporary indexes stored in the server's RAM. Each word list contains data for a small number of documents.There are two registry parameters that deal with word lists: MaxWordLists (range 10 to 30, default 20) and MaxWordListSize (unit of 128 KB, range 10 to infinity, default 14). MaxWordLists is the maximum number of word lists that can exist at one time.MaxWordListSize is the maximum amount of memory that can be consumed by an individual word list; when this limit is reached, a new word list is created.In the above question, if we decrease the number of word lists, the MaxWordLists value will be reached more often. When this happens it triggers a shadow merge, which frees up memory.When the total disk space occupied by shadow indexes exceeds the MaxShadowIndexSize parameter, the Index Server starts a master merge in order to combine the shadow indexes.Therefore, the result of reducing the permissible number of word lists in Index Server would be an increase in the frequency of master merges.The number of persistent indexes (shadow indexes) will increase temporarily, but the master merge will merge all indexes into a single persistent index.

-------------------------------------------------------------[Question 37]:D

You do not want anonymous users to be able to access your Web site. You have assigned the NTFS permission READ to the IUSR_<computername> account. What group should have NO ACCESS permission?

[Alternatives:]?: Everyone?: Interactive?: Network?: Guests

[Answer:]The Internet Guest account, IUSR_<computername>, is created on installation of IIS and is added to the Guests group by default. This account is used for anonymous access to the Web site.By assigning No Access permission to Guests, you are denying access to all members of the Guests group, including IUSR_<computername>.

-------------------------------------------------------------[Question 38]:AB

You have SSL (Secure Socket Layer) enabled on the Web site of PC Age, Inc. Which URLs will the users be able to access?

[Alternatives:]?: http://www.pcage.com/public?: https://www.pcage.com/private?: httpssl://www.pcage.com/private?: httpssi://www.pcage.com/private

[Answer:]When you have SSL (Secure Socket Layer) enabled on the Web site, authorized users can access the http://<yourcompany> and https://<yourcompany> directories.To access a directory secured by SSL, use https://. To access a directory not secured by SSL, use http://.

-------------------------------------------------------------[Question 39]:D

Which of the following rights should the IUSR_<computername> account have?

[Alternatives:]?: Access this computer from a network?: Take ownership of files or other objects?: Log on remotely?: Log on locally

[Answer:]The Internet Guest account, IUSR_<computername>, is created during the setup of Microsoft Internet Information Server (IIS). All anonymous users use this account by default. IUSR_<computername> is only permitted to log on locally.No other rights are granted that could allow a hacker to damage your server or its files.

-------------------------------------------------------------

[Question 40]:C

After you install SSL (Secure Socket Layer) on your Web server, the performance of the server decreases. What is the best way to fix this problem?

[Alternatives:]?: Remove SSL (Secure Socket Layer).?: Increase the paging file size.?: Upgrade to a faster processor.?: Create more free space on the hard drive on which SSL (Secure Socket Layer) has been installed.

[Answer:]SSL uses the processor to encrypt data, so enabling SSL has a significant impact on the performance of the processor. SSL's efficiency depends on the speed of the processor, not on the paging file size or the amount of free disk space on the hard drive.

-------------------------------------------------------------[Question 41]:A

Your data that is retrieved using Index Server has grown to 200 MB, and people have started complaining that their Index Server queries are slow.You add another 100 MB free space to Index Server, but there is still no improvement in performance. How can you improve the query response?

[Alternatives:]?: Perform a master merge.?: Perform a shadow merge.?: Filter all documents into the 100 MB of free space.?: Start and stop the WWW Service.

[Answer:]Query response can be improved by forcing a master merge so that a single compressed index is able to serve all queries. Too many persistent indexes (shadow indexes) can slow down queries.

-------------------------------------------------------------[Question 42]:B

You are running SMTP Service on your IIS 4.0. You want e-mail message FROM lines to show a different domain name than the local domain name. Where should you enter the different domain name?

[Alternatives:]?: SMTP Properties, Delivery Tab, in the Alias Domain?: SMTP Properties, Delivery Tab, in the Masquerade Domain?: SMTP Properties, Delivery Tab, in the Smart Host?: SMTP Properties, Messages Tab, in the Masquerade Domain

[Answer:]The masquerade domain name replaces the local domain name listing in FROM lines in the message header or MAIL FROM lines in the protocol. This is configured in the SMTP Properties, Delivery Tab, in the Masquerade Domain field.

-------------------------------------------------------------[Question 43]:C

You have 2 GB of corpus in the Index Server. To function optimally, what percentage of free space does the system need on the hard drive on which it is loaded?

[Alternatives:]?: 20%?: 30%?: 40%?: None. The paging file should be large enough for it to perform well.

[Answer:]The disk space needed to store the Catalog Index depends upon the size of the corpus and the type of documents. The free disk space must be roughly 40 percent of the size of the corpus--in this case, 800 MB.

-------------------------------------------------------------[Question 44]:B

You have a serious security problem in your company's IIS, which is installed on the PDC: Anonymous users have the same access privileges as domain users. What is the reason for this security lapse?

[Alternatives:]?: The Allow Anonymous option is not checked in Web Site Properties.?: IIS is installed on the PDC.?: The IUSR_<computername> account is in the Everyone group.?: The Allow Anonymous option is checked in Web Site Properties.

[Answer:]In IIS, you can allow both anonymous and domain users to access the Web pages if you select both the Allow Anonymous option and the Windows NT Challenge/Response option in Web Site Properties.You can then use the NTFS security permissions to specify individual groups or users who will have access to the Web server contents. IIS creates a special account called IUSR_<computername> for anonymous logons.However, if you install IIS on a PDC, the IUSR_<computername> account becomes a member of Domain Users. As a result, anonymous users have the same access as Domain Users.NOTE: Any user account that you create on a PDC or a BDC automatically becomes a member of the Domain Users group.

-------------------------------------------------------------[Question 45]:C

You have a serious security problem in your company's IIS, which is installed on the PDC: Anonymous users have the same access privileges as domain users. What is the best way to correct this problem?

[Alternatives:]?: Re-install IIS on a Windows NT member Server.?: Redefine the access privileges of each user.?: Remove IUSR_<computername> from the Domain Users global group and add it to the Guests group using User Manager for Domains.?: Install SSL (Secure Socket Layer) to counter the effect of the access privileges of the anonymous users.?: Disable the Windows NT Guest account.

[Answer:]In IIS, you can allow both anonymous and domain users to access the Web pages if you select both the Allow Anonymous option and the Windows NT Challenge/Response option in Web Site Properties.You can then use the NTFS security permissions to specify individual groups or users who will have access to the Web server contents. IIS creates a special account called IUSR_<computername> for anonymous logons.However, if you install IIS on a PDC, the IUSR_<computername> account becomes a member of Domain Users. As a result, anonymous users have the same access as Domain Users.To correct this problem, remove IUSR_<computername> from the Domain Users global group and add it to the Guests group using User Manager for Domains.NOTE: Any user account that you create on a PDC or a BDC automatically becomes a member of the Domain Users group.The Windows NT Guest account is different from the Windows NT Internet Guest account (IUSR_<computername>).Reinstalling IIS on a Windows NT member server will also solve the problem, but it is unnecessary and time-consuming.

-------------------------------------------------------------[Question 46]:D

You are the system administrator of the FTP site for a large software company. Your team has designed the FTP site so that if traffic increases by 100% in the next year, the site will be able to accommodate the increase in traffic.The FTP site allows your customers to download the latest software updates.Users start to complain that the site is sometimes inaccessible, but at other times it is perfectly fine. You set up Performance Monitor to test the system and identify the problem. Which counter will you use to find the problem?

[Alternatives:]?: Total Non-Anonymous Users?: Total Anonymous Users?: Current Anonymous Users?: Maximum Anonymous Users

[Answer:]

You can use Performance Monitor to monitor the maximum, current, or total number of connections, anonymous users, or non-anonymous users.A connection is merely a connection between the FTP client and the FTP server; it does not mean that a user is logged in. When a user connects to the FTP server, the number of connections increases by one.When the user logs in to the FTP server, the number of users increases by one--but the user cannot log in without first making a connection, although a user can connect without logging in.The total number of connections (or users) is the cumulative number of connections (or users) since the FTP service was last started. The maximum number of connections (or users) should be used to determine the load on an FTP server.Maximum Anonymous Users is the maximum number of anonymous users that are simultaneously logged in to the FTP Server. This counter allows you to determine whether the bandwidth of the IIS server is enough to accommodate the number of simultaneous users.

-------------------------------------------------------------[Question 47]:C

A user issues a query to find all the files on the Web site having a link to "Anti-Dandruff Shampoos" and related articles.You know that the result should be a bunch of articles, but a message appears on the screen saying that the directory cannot be found. You remember that you had recently moved the index catalog to another disk.What should you check to find out what is causing the problem?

[Alternatives:]?: The CiScope parameter in the .IDQ file?: The NTFS file permissions on the documents?: The CiCatalog parameter in the .IDQ file?: The .HTX file

[Answer:]The Internet data query (.IDQ) file defines query parameters such as the scope of your search, any restrictions, and query results sets.The IDQ file has the CiCatalog parameter, which contains the exact path of the location of the Index Server Catalogs.If the error message says that the directory is not found, then the problem is surely that the correct location of the Catalogs has not been updated in the .IDQ file.The .HTX file is used as a template to format query results.Incorrect NTFS file permissions on documents can also result in missing hits, but the question points to a more probable cause, that the index catalog is now in a different location.

Which of the following is true of the HTTP keep-alive option?

[Alternatives:]?: It increases the access speed of the Web site.?: It transports data without any errors.?: It helps in downloading large files like image and audio files.?: It keeps the last page accessed in cache.

[Answer:]IIS allows keep-alive connections as an optimization to reduce the total number of TCP connections a client needs to download all the elements (images, audio, etc.) defined on a page.Keep-alive connections allow clients to re-use established TCP connections to the HTTP server to download several elements on a page.Without keep-alive connections, a separate TCP connection is established to get each element on a page, increasing the load on the HTTP server.HTTP keep-alive can be enabled in the Performance tab of Web Properties in Internet Service Manager. When HTTP keep-alive is enabled on the Web server, clients have the option to request the server to keep the connection alive.

-------------------------------------------------------------[Question 49]:C

How can you limit the number of records returned by a query issued to an Index Server?

[Alternatives:]?: Define the number of records in the CiScope parameter of the .IDQ file.?: Define the number of records in the CiMaxRecordsPerPage parameter in the .IDQ file.?: Define the number of records in the CiMaxRecordsInResultSet parameter in the .IDQ file.?: This number cannot be limited within the scope of Index Server.

[Answer:]The Internet data query (.IDQ) file defines query parameters such as the scope of your search, any restrictions, and query results sets.CiMaxRecordsInResultSet=200 sets the maximum number of results to be returned--in this example, 200.CiMaxRecordsPerPage=8 determines how many results are shown on each Web page returned--in this example, 8.CiScope=/ tells where to start the query--in this example, at the root of the storage space.

-------------------------------------------------------------[Question 50]:AB

You have Index Server installed on your company's IIS. Paul enters a query in the Index Server, and it returns files that should not be returned because they are highly confidential documents and are stored in a proprietary format.What is the most likely cause of the problem?

[Alternatives:]?: The hard drive containing the documents is formatted as a FAT file system and proper file permissions cannot be set.?: The hard drive containing the documents is formatted as a NTFS file system and proper file permissions have not been set.?: Paul is using Internet Explorer as the browser.?: Paul is using Netscape as the browser.

[Answer:]If a query issued to the Index Server returns files that should not be returned, this problem can occur because the NTFS file system permissions have not been set up properly;because the file system is FAT and so the proper permissions are not available on the file; or because the Index Server is filtering files of all types when it should restrict filters to known types only.For security reasons, it is recommended that Index Server data be stored on a Windows NT File System (NTFS) drive and the proper file level permissions set for the system's security.

-------------------------------------------------------------[Question 51]:ABCD

Bob uses the Index Server to access the knowledge base. He is in charge of the help desk on a company's toll-free number, and has to give responses immediately. He finds that the responses to his queries are taking too long.How can he avoid this problem?

[Alternatives:]?: Force master merges more often.?: Reduce the number of users accessing the Index Server.?: Split the catalog into multiple catalogs.?: Move some data to another server.

[Answer:]Bob can correct the optimization problem by forcing master merges more often or by reducing the number of users.He can also consider moving the data to another server (load balancing) or, if the data does not need to be searched in a single index, creating more catalogs.You can limit the number of users accessing the Index Server by limiting the number of connections to IIS in Web Site Properties in Internet Service Manager.

-------------------------------------------------------------[Question 52]:ABCD

Mary works at the technical support center of a software company. She is often forced to put people on hold while she refers to the hard copy of the technical manual for her company's software.This is because her queries often fail to return any data, though she knows the data is present. What can be causing the problem?

[Alternatives:]?: Corrupted Index Server files?: Overloaded Index Server?: Network Connectivity problem?: Wrong NTFS file permissions on documents

[Answer:]When the Index Server is overloaded, the query will fail outright rather than merely taking too long to fulfill. This problem can also be caused by network connectivity problems and/or corrupted Index Server files.If the network connection is determined to be working, then Index Server has to be reinstalled to correct the problem.Incorrect NTFS file permissions on documents can also result in missing hits.

-------------------------------------------------------------[Question 53]:B

You are the administrator of your company's Web site. The employees complain that they cannot log on to some special areas of the Web site as employees, whereas when they log on from home as anonymous users they can get into those areas.What can be causing this problem?

[Alternatives:]?: The password of the IUSR_<computername> account is not the same in User Manager for Windows NT and Web Site Properties.?: NTFS file security is not defined properly.?: The browser which the employees are using in the office does not support SSL (Secure Socket Layer).?: Windows NT Challenge/Response password authentication is being used when the users access the Web site from the office.

[Answer:]The Windows NT server denies access to the Web files on your company's site because the logged on user does not have the same permissions as an anonymous user.All anonymous users are logged on through the single Windows NT account created by IIS on installation, IUSR_<computername>.It is possible that the employees' permissions are not set properly while the IUSR_<computername> account that gives access to the Web site has all the necessary permissions.An incorrect password for IUSR_<computername> will cause access problems for anonymous users. A browser without SSL support will only cause access problems for SSL-enabled virtual directories.Windows NT Challenge/Response authentication should allow users with valid Windows NT accounts to access the Web site.

-------------------------------------------------------------[Question 54]:C

Mark has IIS installed on the Windows NT server which contains the company's Web site. He also has one virtual server with its home directory on a NetWare server. When users try to connect to that virtual server, they get the following error message:

Logon failure: unknown user or password

The Windows NT server has the IPX/SPX protocol installed. What might be the cause of this logon failure?

[Alternatives:]?: The user account and password are invalid on the NetWare server.?: The user account and password are invalid on the Windows NT server.?: The user account and password are invalid on either the NetWare server or the Windows NT server.?: The network is not using TCP/IP as the network protocol.

[Answer:]IIS uses the username and password in the home directory configuration dialog to connect to the NetWare server. Internet Information Server assumes this account is valid on both the NetWare server and the Windows NT server.

-------------------------------------------------------------[Question 55]:B

What permission allows anonymous users to upload to an FTP site, but not to download from that site?

[Alternatives:]?: Read?: Write?: Execute?: Read and Write

[Answer:]Anonymous users can be allowed to only upload to, not download from, an FTP directory. This can be configured in two ways:a) Use Internet Service Manager to assign only Write permission to the directory. All FTP users, both anonymous and non-anonymous, will now only be able to upload files.b) Assign NTFS Write permission on the directory to the IUSR_<computername> account. Anonymous users will now only be able to upload files.Be aware that if the NTFS and IIS permissions on a file or folder conflict, the most restrictive permissions apply.

-------------------------------------------------------------[Question 56]:C

Your company has a Web site and an FTP site on IIS on a Windows NT member server. You have enabled Basic and Windows NT Challenge/Response password authentication on IIS.You have some important information on a directory which you want accessible only by company employees who have valid usernames and passwords, and you specifically do not want anonymous users to be able to access the Web site.To which account group must you assign NO ACCESS permission?

[Alternatives:]?: Interactive group?: Network group?: Guests group?: Everyone group?: Internet Guests group

[Answer:]The Internet Guest account, IUSR_<computername>, is created on installation of IIS and is added to the Guests group by default. This account is used for anonymous access to the Web site.By assigning No Access permission to Guests, you are denying access to all members of the Guests group, including IUSR_<computername>. There is no Internet Guests group.

-------------------------------------------------------------[Question 57]:C

Your company's FTP site is implemented using IIS on a Windows NT server. You have configured a two-line welcome message in FTP Site Properties. You are using the UNIX directory listing style.Some browsers have problems connecting to the FTP site, receiving an error message instead. What can be done to fix this problem?

[Alternatives:]?: Enable FTP directory annotation.?: Check the protocol being used for connection.?: Reduce the welcome message to one line.?: Add the maximum connections message.

[Answer:]If the welcome message has more than one line, then some browsers may have difficulty connecting to the FTP site. To solve the problem, reduce the welcome message to one line of text.

-------------------------------------------------------------[Question 58]:B

By default, which permission does IIS grant to the Scripts virtual directory?

[Alternatives:]?: Read?: Execute?: Script?: No Access

[Answer:]By default, IIS grants only Execute permission to the Scripts virtual directory. This enables users to use applications, script engines, and scripts in this directory.Read permission should never be granted to the Scripts virtual directory, to prevent users from downloading the files.

-------------------------------------------------------------

[Question 59]:BC

What must be configured on the operating system before you can install IIS 4.0? (Select two.)

[Alternatives:]?: FAT?: TCP/IP?: NTFS?: PPTP

[Answer:]A fully functional Internet Information Server installation on Windows NT Server 4.0 requires that you first configure the operating system with Transmission Control Protocol/Internet Protocol (TCP/IP) and Windows NT File System (NTFS).TCP/IP provides the Internet connectivity necessary for retrieving data from, and hosting a site on, the Internet. With NTFS you can limit permission to files and folders on a Windows NT server.Without NTFS, certain security features will not be available.

-------------------------------------------------------------[Question 60]:C

You are the administrator of your company's Web site. There is a lot of traffic on the Web site and you are feeling constrained by the hardware. You want to improve the Web server performance by disconnecting inactive connections.What is the best way to minimize the inactive connections to your Web site?

[Alternatives:]?: Change the default TCP port.?: Increase the connection timeout in Web Site Properties.?: Decrease the connection timeout in Web Site Properties.?: Grant Access to Fast Connections only.

[Answer:]The connection timeout property value closes all inactive connections. The value is defined in seconds, and all connections that have been idle for that time value are automatically closed, thus freeing up resources.

-------------------------------------------------------------[Question 61]:B

What is the best way to improve the performance of your IIS server?

[Alternatives:]?: Enable SSL.?: Disable SSL.?: Install SQL Server on the IIS server.?: Add the NetBEUI protocol on the IIS server.

[Answer:]SSL uses the processor to encrypt data, so enabling SSL has a significant impact on the performance of the processor, which in turn has an impact on the performance of the IIS Server.Disabling SSL can considerably improve the performance of the IIS Server, but it increases the security risks.Adding more services or protocols will increase the load on the IIS server, degrading its performance.

-------------------------------------------------------------[Question 62]:BC

Which services can be installed during the IIS 4.0 installation process?

[Alternatives:]?: GOPHER service?: FTP publishing service?: WWW publishing service?: Proxy Server service

[Answer:]During installation of IIS 4.0, the WWW and FTP publishing services are installed.Other services that can be installed during IIS 4.0 setup are:-- Content Index (Index Server)

-- IIS Admin Service (Internet Service Manager snap-in)-- NNTP Service-- SMTP Service-- MS Distributed Transaction Coordinator

Gopher service was included in IIS 3.0, but it is no longer available in IIS 4.0. Proxy Server is a separate product from Microsoft which is used to create firewalls.

-------------------------------------------------------------[Question 63]:B

Which of the following will shorten the download time from the IIS Web Server?

[Alternatives:]?: Enabling SSL?: Enabling HTTP keep-alives?: Enabling Disk Compression?: Adding FTP Service on the IIS computer and creating an FTP site for downloading

[Answer:]SSL uses the processor to encrypt data, so enabling SSL has a significant impact on the performance of the processor, which in turn has an impact on the performance of the IIS Server.Disabling SSL can considerably improve the performance of the IIS Server, but it increases the security risks.Disk Compression increases the load on the processor, which in turn has an impact on the performance of the IIS Web server.Adding more services or protocols will also increase the load on the IIS server, degrading its performance.If the client's browser has configured a keep-alive option, then the connection is not closed. Instead it is kept active for subsequent downloads. This shortens the download time because there is less connection setup overhead.

-------------------------------------------------------------[Question 64]:B

You have sensitive information on your Web site. You have enabled Windows NT Challenge/Response on the IIS server. Which of the following is true?

[Alternatives:]?: The data is encrypted, but the password is not encrypted.?: The data is not encrypted, but the password is encrypted.?: Both the data and the password are encrypted.?: Neither the data nor the password is encrypted.

[Answer:]In Windows NT Challenge/Response authentication, data is not encrypted but passwords are. The question's statement that the information is sensitive is designed to confuse you and make you think that the data is encrypted.

-------------------------------------------------------------[Question 65]:B

How can you search documents that have been corrupted in the Microsoft Index Server?

[Alternatives:]?: Issue a query: @filtered = true?: Issue a query: @unfiltered = true?: Issue a query: @scanned <> true?: Issue a query: @unfiltered <> true

[Answer:]Files that are corrupted, or files that could not be filtered because of problems in a filter DLL, are called unfiltered files and can be viewed by issuing the administrative command for unfiltered files.This command issues the query: @unfiltered=true.

-------------------------------------------------------------[Question 66]:D

You have confidential company information on your Web site. You have enabled Basic authentication on the Web site. Which of the following is true?

[Alternatives:]?: The data is encrypted, but the password is not encrypted.?: The data is not encrypted, but the password is encrypted.?: Both the data and the password are encrypted.?: Neither the data nor the password is encrypted.

[Answer:]In Basic authentication, neither passwords nor data are encrypted. The question's statement that the information is confidential is designed to confuse you and make you think that the data, the passwords, or both are encrypted.

-------------------------------------------------------------[Question 67]:C

You have installed SSL on your IIS Server. In which of the following cases would you need two certificates on your IIS 4.0?

[Alternatives:]?: You have two IP addresses on one IIS 4.0 server.?: You have two home directories on one IIS 4.0 server.?: A second organization shares the same IIS 4.0 server.?: You create a virtual server on the IIS 4.0 server.

[Answer:]When another organization shares the same IIS 4.0 server, another certificate is required which specifies the second organization's own credentials.

-------------------------------------------------------------[Question 68]:B

Which account in Windows NT User Manager must have Log On Locally rights?

[Alternatives:]?: The Guest account?: The Internet Guest account?: All user accounts?: None of the above. Log On Locally rights jeopardize the security of the IIS 4.0 server.

[Answer:]Configure the Internet Guest account, IUSR_<computername>, in Microsoft Windows NT User Manager with the Log on Locally right. If this right is not granted, users trying to access IIS services can experience the following symptoms:

--A client trying to access an HTML page on IIS will get the following error message: Error: Access is denied.

--A client trying to access the FTP server on IIS will get the following error message: Login failed.

This is because all anonymous users are logged on to IIS using this computer account.

However, for security reasons, it may be undesirable for the IIS Administrator to grant users the Log On Locally right.

-------------------------------------------------------------[Question 69]:B

Which of the following methods of logging the usage activity of IIS 4.0 yields the best performance?

[Alternatives:]?: Logging to a SQL Database?: Logging to a text file?: Logging to the Windows NT application log?: Logging to a non-ODBC database

[Answer:]Logging the IIS 4.0 usage to a text file yields the best performance. You cannot log IIS usage to a non-ODBC database. Logging to a SQL database is slower than logging to a text file. The Windows NT application log does not contain usage activity.

-------------------------------------------------------------[Question 70]:AB

Which of the following can be used to monitor the performance of an Index Server? (Select two.)

[Alternatives:]?: Performance Monitor?: .IDA script?: Network Monitor?: Application Log in Event Viewer

[Answer:]There are two ways to monitor the performance of an Index Server: by using Performance Monitor and by running an .ida script. The information provided by these two solutions is nearly identical, but the method of retrieval differs.Both solutions can be used either locally or from a remote client. Performance Monitor has the advantage of automatic refresh, plus graphing and logging capabilities.The .ida script method offers more flexible .htx formatting of the output and the ability to be viewed from a client running an operating system other than Windows.Network Monitor is used to analyze packets on the network. Application Log in Event Viewer does not contain Index Server performance data.

-------------------------------------------------------------[Question 71]:C

You want to include a copyright notice in every page of your company's Web site. What would you do to accomplish this?

[Alternatives:]?: Change the .IDC file.?: Change the .HTM file to a .HTX file.?: Use server-side include in the .HTM file.?: Change the .IDQ file.

[Answer:]IIS and many other Web servers have a feature called server-side include (SSI) which automatically inserts the contents of a Web page in place of special HTML tags.This feature enables you to create a single page for headers, footers, navigation button bars, or any other set of common elements, and then include these elements in other pages..IDC and .IDQ files are used for database queries. .HTX files are used as templates to format query results. .HTM files are HTML files.

-------------------------------------------------------------[Question 72]:BC

You want to make sure that anonymous users cannot access the FTP site on your IIS server. You have the following NTFS permissions set on the FTP home directory:

Administrators FULL CONTROL Guests RX Users RX

What should you do to prevent anonymous users from accessing the FTP site?

[Alternatives:]?: Give NO ACCESS permission on the home directory to the Everyone group.?: Give NO ACCESS permission on the home directory to IUSR_<computername>.?: Remove READ permission on the home directory from the Guests group.?: Remove READ permission on the home directory from the Users group.

[Answer:]The Internet Guest account, IUSR_<computername>, is created on installation of IIS and is added to the Guests group by default. This account is used for anonymous access to the Web site.By restricting the access of the Guests group and/or IUSR_<computername>, you can deny anonymous access to the FTP site.Assigning No Access to Everyone will deny access to all users, both anonymous and non-anonymous. NTFS Execute permission on a folder will not allow an FTP user to read (or access) the folder.

-------------------------------------------------------------

[Question 73]:D

In the IIS you are managing, the Scripts virtual directory has IIS Read permission. When you run an .IDC script, you receive the following error message:

ERROR 403: Access Forbidden

What should you do to keep the error from occurring?

[Alternatives:]?: Assign NTFS Read permission on the wwwroot directory to the user.?: Assign NTFS Read permission on the Scripts virtual directory to the user.?: Assign IIS Execute permission to the wwwroot directory.?: Assign IIS Execute permission to the Scripts virtual directory.

[Answer:]The HTTP Error 403 can result from improper NTFS file permissions on a particular directory. In this case, the error is occurring because there is no Execute permission on the Scripts virtual directory.To fix this problem, give the Scripts virtual directory the necessary IIS Execute permission.

-------------------------------------------------------------[Question 74]:C

You have a virtual directory named PC AGE on your IIS installation. Some users complain that whenever they try to access the directory through a link on your home page, they get the following error:

HTTP Error 404: Object Not Found

Other users do not have this problem. What should you do so that all the users can access the directory?

[Alternatives:]?: Change the Web browser to an SSL-enabled browser.?: Change the IIS permission on the wwwroot directory to Execute.?: Change the directory name from PC AGE to PCAGE.?: Change the IIS permission on the Scripts virtual directory to Read.

[Answer:]Some browsers do not recognize directory names that have spaces in them. This problem can be avoided by using a hyphen or an underscore instead of a space.You can also join the two words and eliminate the space entirely--for example, changing PC AGE to PCAGE.If you are trying to access an SSL-enabled folder, but SSL is not enabled or supported by the browser, you will get HTTP Error 403.If you are trying to run a program, and the permissions on the folder do not allow programs to be executed, you will get HTTP Error 403.The Scripts virtual directory should not be given Read permission, to prevent users from downloading the script files.The HTTP/1.1 403 Access Forbidden error may be caused by any of the following:1. The file designated as the default document for the site does not exist. This default file for a Web site is typically Default.htm or Default.asp.2. The site has been configured to use to use a secure channel over the HTTPS protocol, but the browser uses HTTP as its protocol instead.3. The user is trying to execute a CGI, ISAPI, or other execution program from a directory that does not allow programs to be executed.HTTP 401.x errors refer to authentication failures. HTTP 403.x errors occur because access to data is forbidden. HTTP 404.x errors occur when a resource is not located. Here is a list of some common 401.x, 403.x, and 404.x errors:

401.1 Unauthorized -- Logon failed401.2 Unauthorized -- Logon failed due to server configuration401.3 Unauthorized -- Unauthorized due to ACL on resource401.4 Unauthorized -- Authorization failed by filter401.5 Unauthorized -- Authorization failed by ISAPI/CGI application403.1 Forbidden -- Execute Access Denied403.2 Forbidden -- Read Access Denied403.3 Forbidden -- Write Access Denied403.4 Forbidden -- SSL required (use https:// ... on client)403.5 Forbidden -- SSL 128 required (128-bit version of SSL)

403.6 Forbidden -- IP Address rejected (client's IP address has been blocked)403.7 Forbidden -- Client Certificate Required403.8 Forbidden -- Site Access Denied (Web server is down or user does not have permission to connect to the site)403.9 Forbidden -- Too many users403.10 Forbidden -- Invalid configuration (on the Web server)403.11 Forbidden -- Password change (user entered wrong password)403.12 Forbidden -- Mapper denied access (client certificate map is denied access)404 File not found

-------------------------------------------------------------[Question 75]:B

In your organization, you have 512 MB of RAM in the IIS computer. The Web site on the server contains mainly static Web pages. You want the Web server to return query results in less time when a query is submitted.How can you improve the query response?

[Alternatives:]?: Disable memory caching.?: Disable the object-cache scavenger.?: Decrease the ObjectCacheTTL value.?: Add an entry to the LMHOSTS file.

[Answer:]Frequent cache misses harm performance if they result in disk I/O. A value of 80% to 90% for the IIS Global: Cache Hits % counter is considered excellent for sites with many static files.Adding memory increases the cache size, thus improving the performance and query response.Cache flushes can affect the performance of the IIS Object Cache. Cache flushes are regulated, in part, by an internal timer. The timer activates the object-cache scavenger, which deletes expired objects.Objects are flushed from the cache if they change or if they time out before they are reused. If the timer is too quick, objects can be flushed from the cache too frequently.If the timer is too slow, objects can sit around, wasting precious physical memory space.If we disable the memory caching, the performance will deteriorate more. Setting the ObjectCacheTTL value lower will also deteriorate the performance, as memory flushes will occur too frequently, causing the memory to be under-utilized.The LMHOSTS file provides NetBIOS name resolution, and will not improve query response on the Index Server.

-------------------------------------------------------------[Question 76]:D

You have a Scripts virtual directory in your IIS installation. This virtual directory has the Read permission. You want certain Java scripts to run on the client side whenever clients access your Web site.What must you do so that the clients can run the Java scripts?

[Alternatives:]?: Assign IIS Execute permission to the Scripts virtual directory.?: Assign IIS Script permission to the Scripts virtual directory.?: Assign IIS Write permission to the Scripts virtual directory.?: Do nothing. The Java scripts will run by default.

[Answer:]If the Java scripts are to be executed on the server, then you need Script or Execute permission on the Scripts virtual directory. But nothing is required on the server if the processing of the Java script is done on the client side.

-------------------------------------------------------------[Question 77]:D

You make Bob a member of a group that has permission to run ISAPI applications in the Scripts virtual directory. You have also made sure that all other users in the group can run the ISAPI applications.What else must you do before Bob can run the ISAPI applications?

[Alternatives:]?: Assign IIS Script permission to the Scripts virtual directory.

?: Assign IIS Execute permission to the Scripts virtual directory.?: Assign IIS Read permission to the Scripts virtual directory.?: Do nothing. Bob can run the ISAPI applications.

[Answer:]As Bob's group has the necessary permission to run the ISAPI applications, Bob does not have to be assigned the permission individually. He can run the applications if he is merely made a member of the group that has Execute permission.The fact that other users can run the ISAPI applications means that the Scripts virtual directory already has the necessary Execute permission, so nothing more has to be done.

-------------------------------------------------------------[Question 78]:C

You have created a virtual directory and want the FTP users to access it using a Web browser. What must you do to give users access to the virtual directory?

[Alternatives:]?: Change the directory listing style to MS-DOS.?: Change the directory listing style to UNIX.?: Tell the user to add the directory alias to the end of the URL to access the directory.?: Tell the user to use the IP address of the virtual directory to access the directory.

[Answer:]Directory browsing does not list FTP virtual directories, but the user can access the virtual directory whenever he adds the directory alias to the end of the URL.

-------------------------------------------------------------[Question 79]:ABC

You want to use the Internet Service Manager (HTML) to administer the IIS remotely. You have only Allow Anonymous password authentication enabled. You get the following error:

Error: This page cannot be opened without authentication.

What can be causing this error?

[Alternatives:]?: Basic authentication is not enabled in Web Site Properties.?: Windows NT Challenge/Response authentication is not enabled in Web Site Properties.?: The user is not a member of the Administrators group of Windows NT.?: None of the above.

[Answer:]To administer any of the services using the Internet Service Manager (HTML), you must be logged on to a user account that has Administrator privileges on the computer being administered.This is usually the administrator or a site operator (the Administrators group is added to the Site Operators list by default).If you are using a browser that is capable of Windows NT Challenge/Response authentication (such as Microsoft Internet Explorer version 2.0 or later), you can use Windows NT Challenge/Response authentication.If you are not using a browser capable of Windows NT Challenge/Response authentication, then you must use Basic authentication (although this is not recommended because it uses clear text passwords).

-------------------------------------------------------------[Question 80]:A

The IP address resolution on your company network used to be performed using the HOSTS file. You recently changed this, instead configuring the DNS server on the network for IP address resolution. You then assigned a new computer name to the IIS server.Users are complaining that they now cannot access the Web site. How can you fix this problem?

[Alternatives:]?: Add the host name of the IIS computer in the DNS server.?: Install the HOSTS file on the IIS server.?: Use a LMHOSTS file instead of the HOSTS file.?: Enable a DHCP server on the network for IP address resolution.

[Answer:]

Since the host name of the IIS server has changed, it must be entered in the DNS server database for correct mapping to occur. Installing the HOSTS file on the IIS server will not help clients to resolve the IIS server name to its IP address.LMHOSTS is not needed because DNS is providing the host name resolution. DHCP does not resolve host names to IP addresses.

-------------------------------------------------------------[Question 81]:BC

You are required to configure three Web sites on a single IIS computer using a single IP address. What is the best way to configure the three sites with only one IP address?

[Alternatives:]?: Assign a different IP address in the DNS server for each of the three different Web sites and map these IP addresses to a single IP address.?: Assign one IP address to all three Web sites, and modify the DNS server to map the single IP address to three different host names.?: Use three different host header names for the single IP address.?: Access the Web sites using NetBIOS names instead.

[Answer:]IIS 4.0 not only provides support for hosting multiple Web sites on a single computer running Windows NT Server, but also for hosting them on a single IP address.IIS provides this capability through the use of a host header that is supported by most new browsers (Internet Explorer 4.0 and Netscape 4.0, for example) and some older ones. Host headers are supported by HTTP 1.1.The browser sends the name of the Web site in the header (host header) to the IIS server. The IIS server then maps the Web site name to its IP address and connects to the appropriate site.Clients still need a method of host name resolution (DNS or a HOSTS file) to resolve the Web site name to its IP address.

-------------------------------------------------------------[Question 82]:B

Pam is the webmaster of her company's corporate site. She often travels to other cities on company assignments, and has to configure the Web site from her hotel room.To do this, she uses her Windows 95 laptop computer. She does not have IIS installed on her computer. What is the best way for Pam to configure the Web site?

[Alternatives:]?: Using Internet Service Manager?: Using Internet Service Manager (HTML)?: Using MMC snap-ins?: Pam cannot configure the Web site with a Windows 95 computer.

[Answer:]You can use Internet Service Manager to administer servers on your local network or across the Internet. IIS also includes a browser-based Internet Service Manager (HTML) for administration of your Web sites over an intranet or the Internet.For a Windows NT administrator to use the Internet Service Manager (HTML) remotely to administer IIS, the administrator must know the Administration Web site port number.The port number can be found on the Web site property sheet for the Administration Web site in the Internet Service Manager snap-in.An ordinary browser can be used to connect to the Administration Web site and manage it. Nothing additional needs to be installed on the client computer.

-------------------------------------------------------------[Question 83]:B

A user tries to connect to the SQL database through the corporate Web site and receives the following error message:

Microsoft OLE DB Provider for ODBC Drivers error '80004005'[Microsoft][ODBC SQL Server Driver][DBMSSOCN]General Network error. Check your network document

What best describes the cause of the above error?

[Alternatives:]?: The user has insufficient permissions to access the database.

?: The database was recently moved to another server.?: The user has insufficient permissions to access RESOURCES in the database.?: The database was recently renamed.

[Answer:]This error indicates that the Web server could not connect to the SQL server using the name specified in DSN in ODBC driver configuration.This will occur if the SQL server computer is renamed or if the DSN in ODBC driver is changed, resulting in mismatched names. This error can also occur if the SQL server computer is down and hence is not known on the network.

-------------------------------------------------------------[Question 84]:AE

The Site Server database has imported a log file that contains daily usage logs of the Web site. You notice that some entries are missing from this report. Why are these entries missing?

[Alternatives:]?: The Log File Rotation Transitions parameter is set up to discard open visits.?: The client IP addresses could not be mapped to host names.?: The clients have invalid IP addresses.?: The Log File Rotation Transitions parameter is set up to commit open visits.?: The Log File Rotation Transitions parameter is set up to store open visits for next import.

[Answer:]The Log File Rotation Transitions parameter is set up to discard open visits or store them for next import.When a new log is started every day, the connections that are open at that time are discarded or stored for next import, and are not recorded in the log file. To resolve this problem, select the Commit Open Visits to Database option.

-------------------------------------------------------------[Question 85]:A

Mike tries to connect to the SQL database through the corporate intranet and receives the following error message:

Microsoft OLE DB Provider for ODBC Drivers error '80004005'[Microsoft][ODBC SQL Server Driver][dbnmpntw]ConnectionOpen(CreateFile())


[Alternatives:]?: The user has insufficient permissions to access the database.?: The database was recently moved to another server.?: The user has insufficient permissions to access RESOURCES in the database.?: The database is using a connection method other than named pipes.

[Answer:]This error means that the user could not connect to the SQL server. The Web server does not have permissions to open a named pipe connection (dbnmpntw) to the SQL server. This error can occur for several reasons:a) An anonymous user (operating under the context of IUSR_<computername>) is not recognized by the SQL server. This could happen if IUSR_<computername> only exists on the Web server and not on the SQL server.b) Windows NT Challenge/Response authentication is used to authenticate the user on the Web server. If this is the case, the user can only access resources on the Web server, not on remote computers such as the SQL server computer.This is also known as a delegation problem.c) Basic authentication is used to authenticate the user on the Web server, and the user does not have rights to the SQL computer.

[Question 86]:A


Microsoft OLE DB Provider for ODBC Drivers error '80004005'[Microsoft][ODBC SQL Server Driver]Login Failed ()


[Alternatives:]?: The user has insufficient permissions to access the database.?: The database was recently moved to another server.?: The user has insufficient permissions to access RESOURCES in the database.?: The database is using a connection method other than named pipes.

[Answer:]This error message indicates that the Web user could not be authenticated on the SQL server. This could be caused by an incorrect user name or password which keeps the user from logging in to the database.These conditions can also produce the following error:

Microsoft OLE DB Provider for ODBC Drivers error '80004005'[Microsoft][ODBC SQL Server Driver][SQL Server]Login Failed - User: Reason: Not defined as a valid user of a trusted SQL server connection

-------------------------------------------------------------[Question 87]:ACD

As the system administrator, you want to secure sensitive information on the server. What would you do to secure this information with the minimum effect on the system performance?

[Alternatives:]?: Enable Basic and Windows NT Challenge/Response authentication.?: Enable SSL on all directories.?: Enable SSL only on directories that need to be secured.?: Use client certificates.

[Answer:]You can require users attempting to access your Web content over a secure link to log on with a client certificate. Just requiring a client certificate, however, does not protect your content from unauthorized access.Any user with a client certificate can establish a secure connection and access your resource. Requiring a client certificate and mapping it to the Windows NT account ensures that only authorized users can access the site.Using Basic and Windows NT Challenge/Response authentication ensures that only authorized users can access the site. When client certificate mapping is used, Basic and Windows NT Challenge/Response authentication are not needed.Enabling SSL on all directories will degrade system performance; enabling it only on the directories that need to be secured will also slow down system performance, but is necessary in order to provide the required security.(Reference: Microsoft Internet Information Server Online Documentation, "Enabling Client Certificates")

In which of the following situations would you need multiple certificates on the IIS Server?

[Alternatives:]?: Multiple departments access the Web sites.?: Your IIS server hosts Web sites for multiple companies.?: Your IIS server has links to servers in different domains.?: None of the above. You cannot assign multiple certificates on the IIS Server.

[Answer:]When another organization shares the same IIS server, another certificate is required which specifies the second organization's own credentials.

-------------------------------------------------------------[Question 89]:D

The Perl Scripts are moved from your company's existing IIS server to a new installation of IIS Server on a different computer. Users complain that they now cannot run the Perl scripts. Why?

[Alternatives:]?: The Perl Scripts have to be recompiled again.?: The Perl Scripts folder must be given Read permission.?: The Perl Scripts folder must be given Execute permission.?: The Perl Script Interpreter has to be installed on the new computer.

[Answer:]For Perl Scripts to work properly, the Perl Interpreter has to be installed on the local computer where the scripts are stored. The Scripts folder must have Script permission. Scripts are interpreted and not compiled.

-------------------------------------------------------------[Question 90]:AB

You are the system administrator of your company. To keep up the performance of the newsgroup site, you set up an expiration policy on NNTP with a time limit of 10 days and a size limit of 250MB.Which best describes the expiration policy of the NNTP site?

[Alternatives:]?: When any articles in a group are older then 10 days, they are deleted.?: When the total size of articles in the group exceeds 250MB, the oldest articles are deleted.?: When the articles are 10 days old and the total size of the articles in the group exceeds 250MB, then the oldest articles are deleted.?: When either the articles are 10 days old or the total size of the articles in the group has increased to 250 MB, the articles are backed up, but they are not deleted.

[Answer:]You can limit how long articles are kept in a Microsoft NNTP Service newsgroup and how much disk space a newsgroup can occupy by defining expiration policies for newsgroups. Old articles will be deleted when either of these conditions is met.An expiration policy can apply to a single newsgroup or to any number of newsgroups. You can define as many policies as you need. In each case, the oldest articles are deleted first.If you do not specify an expiration policy for a newsgroup, you should delete articles manually when they are no longer needed.

-------------------------------------------------------------[Question 91]:B

In your IIS server on the corporate intranet, you have a separate virtual directory for each department. The users in each department are only allowed to access their own directory.Without doing a lot of administration, what is the best way to ensure that users do not access any other directory?

[Alternatives:]?: Use NTFS folder permissions to set up access.?: Use client certificates.?: Enable SSL on the client side.?: Enable SSL on the server side.

[Answer:]Client certificates are encrypted, digital identifications that contain personal information.Similar to conventional forms of identification, client certificates enable Web servers to authenticate, or confirm, the identity of a user before letting that user log on to a restricted Web site.NTFS folder permissions can also be used to restrict access to certain groups, but will require a lot of administration.Enabling SSL (client side and server side) only identifies to the clients that the Web site is authentic, but does not help in restricting clients' access to the Web site.

-------------------------------------------------------------[Question 92]:A

You are the administrator on Server1 and you set up a virtual directory to \\Server2\webroot2. Users complain that when they access the virtual directory, they get the following error message:

Directory inaccessible, unable to login

Which of the following is causing this error?

[Alternatives:]?: The user account specified when creating the virtual directory has insufficient NTFS rights.?: The user accessing the virtual server has insufficient NTFS rights.?: You cannot set up a virtual directory using a UNC path.?: You must restart the IIS computer after setting up the virtual directory.

[Answer:]

If your Web site contains files that are located on a different drive than the home directory, or on different computers than the computer running Internet Information Server, you must create virtual directories to include those files in your Web site.A directory can be located on a local drive or on another computer on the network.To use a directory on another computer, you must specify the directory's Universal Naming Convention (UNC) name and provide a user name and password to use for access permission.You do not need to restart IIS after adding a virtual directory.

-------------------------------------------------------------[Question 93]:B

What are the minimum requirements for Microsoft Index Server?

[Alternatives:]?: A 386 computer with 16 MB of RAM and Windows NT Server 4.0 installed?: A 486 computer with 16 MB of RAM and Windows NT Server 4.0 installed?: A 386 computer with 32 MB of RAM and Windows NT Server 4.0 installed?: A 486 computer with 32 MB of RAM and Windows NT Server 4.0 installed

[Answer:]The minimum configuration requirements for Microsoft Index Server are basically the same as the requirements for Microsoft Windows NT Server 4.0 (an Intel 486 computer with 16 MB of RAM);however, the configuration for optimum performance depends upon the following factors:

a. The number of documentsb. The size of the data corpusc. The search load on the server

-------------------------------------------------------------[Question 94]:B

You find that your IIS server performance has gone down since you added a Web site with a large number of images and graphics. Before you added this site, the web server's performance was excellent.The Web sites that existed prior to the new site had small HTML pages and were very limited sites. What is the fastest way to optimize your web server's performance?

[Alternatives:]?: Enable SSL on the Web site.?: Enable the HTTP keep-alive option.?: Move the new image-oriented Web site to a virtual directory.?: Enable client certificates.

[Answer:]Most Web browsers ask the server to keep the connection open across multiple requests. This is referred to as HTTP keep-alive. Keep-alive is an HTTP specification that allows for greatly enhanced server performance.Without it, a browser would have to make numerous connection requests for a page containing multiple elements, such as graphics. A separate connection may have to be made for each element.These additional requests and connections require additional server activity and resources, decreasing server efficiency. With IIS, the server administrator can enable or disable keep-alive on the server.HTTP keep-alive is enabled by default during the installation process. Except for highly specialized situations, keep-alive should be kept enabled for better server performance. This allows clients to request that connections be kept alive.Enabling SSL on the Web site will hinder the performance of the Web site drastically, as it consumes more processor resources.Moving the image-oriented Web site to a virtual directory will have no effect on the performance of the site.

-------------------------------------------------------------[Question 95]:AC

What are the two ways to improving the performance of the Web sites hosted on the IIS 4.0 server?

[Alternatives:]?: Limit the maximum number of concurrent users.?: Enable SSL (Secured Sockets Layer).?: Restrict the amount of bandwidth used by IIS.?: Decrease the size of the paging file.

[Answer:]IIS includes many property settings that make it easy for you to fine-tune site performance.If your site is not delivering the performance you expect from it, then you may want to make changes to the default settings of one or more performance tuning properties.

Limiting the number of simultaneous connections to a Web site is another approach to conserving resources for other services using the same connection, or other applications using the same computer.All connection attempts beyond the connection limit are rejected.

By throttling the connection bandwidth used by IIS, you can maintain available bandwidth for other applications, such as e-mail or news servers.If you are running more than one site on IIS, you can also throttle bandwidth on each of the sites individually. Throttling bandwidth on individual sites assures that bandwidth is available for all the sites sharing the network card.Bandwidth throttling limits only the bandwidth used by static HTML files.

-------------------------------------------------------------[Question 96]:C

You install IIS on a Windows 95 machine and want to use Index Server. What do you need to do?

[Alternatives:]?: Stop and start the Content Index service.?: Restart the Windows 95 machine.?: Upgrade to Windows NT Server and install IIS 4.0.?: Issue a query.

[Answer:]Index Server, multiple Web site hosting, ODBC Logging, IP Restrictions, and process isolation features are not available on a Windows 95 platform.Multiple Web site hosting, ODBC Logging, IP Restrictions, and process isolation features are not available on a Windows NT Workstation 4.0 platform.

-------------------------------------------------------------[Question 97]:B

What information is contained in the metabase?

[Alternatives:]?: IIS Help file location?: Virtual directory security information?: MMC snap-in information?: Site Server toolbar settings

[Answer:]The metabase includes all the entries pertinent to Internet Information Server administration. The different types of property settings stored in the metabase are:


Virtual directory security information is stored in the metabase and can be viewed using Internet Service Manager. MMC snap-in information is stored in the MMC configuration. Site Server toolbar settings are stored in that administrative application.The IIS Help file location is stored in the IIS Help application.The IIS metabase is located in %systemroot%\system32\Inetsrv\metabase.bin.Some parameters/settings stored in the metabase are:

-- Virtual roots-- Mime map-- Access rights-- Bandwidth throttling-- Maximum connections-- HTTP keep-alive

-- Primary Scripting Language-- FTP messages-- Web Default Document-- Enable Logging

-------------------------------------------------------------[Question 98]:A

What is stored in the Microsoft Management Console (.msc) file?

[Alternatives:]?: Loaded snap-ins?: Web site home directory location?: IIS Help file location?: Virtual directory security information

[Answer:]The MMC (.msc) file contains loaded snap-ins (such as Internet Information Server, Microsoft Transaction Server, and Index Server) and window configuration.The .msc file can be transferred to another computer, allowing the administrator to manage the services using preconfigured settings in the .msc file.

-------------------------------------------------------------[Question 99]:A

What is stored in the Microsoft Management Console (.msc) file?

[Alternatives:]?: Window configuration?: Web site home directory location?: IIS Help file location?: Virtual directory security information

[Answer:]The MMC (.msc) file contains loaded snap-ins (such as Internet Information Server, Microsoft Transaction Server, and Index Server) and window configuration.The .msc file can be transferred to another computer, allowing the administrator to manage the services using preconfigured settings in the .msc file.

-------------------------------------------------------------[Question 100]:B

John is accessing the Web site of his company from home. While browsing the site, he receives the following error message:

HTTP/1.1 403 Access Forbidden

John does not have any trouble accessing the Web site from his office. Which of the following problems could be causing the above error?

[Alternatives:]?: The system administrator of the Web site changed John's access to the Web site yesterday.?: SSL is enabled on the Web site, and John does not have an SSL-capable browser.?: The hypertext link John is trying to access is broken.?: Windows Challenge/Response is being used.


401.1 Unauthorized -- Logon failed401.2 Unauthorized -- Logon failed due to server configuration401.3 Unauthorized -- Unauthorized due to ACL on resource

401.4 Unauthorized -- Authorization failed by filter401.5 Unauthorized -- Authorization failed by ISAPI/CGI application403.1 Forbidden -- Execute Access Denied403.2 Forbidden -- Read Access Denied403.3 Forbidden -- Write Access Denied403.4 Forbidden -- SSL required (use https:// ... on client)403.5 Forbidden -- SSL 128 required (128-bit version of SSL)403.6 Forbidden -- IP Address rejected (client's IP address has been blocked)403.7 Forbidden -- Client Certificate Required403.8 Forbidden -- Site Access Denied (Web server is down or user does not have permission to connect to the site)403.9 Forbidden -- Too many users403.10 Forbidden -- Invalid configuration (on the Web server)403.11 Forbidden -- Password change (user entered wrong password)403.12 Forbidden -- Mapper denied access (client certificate map is denied access)404 File not found

If the system administrator modifies John's access to the Web site, it will affect his access from work as well as from home.If John's browser does not support Windows NT Challenge/Response Authentication, and no other authentication method is supported by IIS, then he will get HTTP Error 401.If the hypertext link is broken, he will get HTTP Error 404 -- file not found.

-------------------------------------------------------------[Question 101]:B

As a security measure, you change the TCP port in Web Site Properties to 8080. Some users complain that they are unable to access the Web site. What might be the cause of the problem?

[Alternatives:]?: You cannot set the TCP port to a number above 1023.?: The users having problems are still accessing port number 80.?: The users have to access port number 21.?: You cannot set the TCP port to an even number.

[Answer:]If you want to limit access to your Web site, you can change the control connection port number (default 80) to a TCP port number greater than 1023. This effectively "hides" your site.Any application using TCP or UDP for its transport is assigned a unique identification. This is known as its TCP (or UDP) port number. On the client, the application uses a dynamically assigned port number.On the server, the administrator can configure the port number. To connect to the server, the client application must know which port number is being used on the server so that it can direct packets to that application on the server.Since port numbers 1 through 1023 are already reserved for commonly used applications, an administrator should assign port numbers greater than 1023.

-------------------------------------------------------------[Question 102]:A

Mike was a member of the Sales group. In the restructuring of the company, he is promoted to the Finance department of the company. The Finance department people access an ISAPI application, Books.dll, over the intranet.Mike tries to use this application, but he receives an error message. Tom, another employee of the Finance department, is able to run the application without any problems. Tom and Mike have the same NTFS permissions on Books.dll.How would you resolve this problem?

[Alternatives:]?: Restart WWW Publishing Service.?: Assign Mike the NTFS Read permission on Books.dll.?: Assign Mike the NTFS Read permission on the folder containing Books.dll.?: Assign Mike the IIS Read permission on the virtual directory containing Books.dll.

[Answer:]Applications that use ISAPI are compiled as DLLs that are loaded by the WWW Service during startup. Restarting the WWW Service will unload the DLL from memory and load it into the IIS cache.This is necessary if you make changes to the DLL or to the permissions on the DLL file. By default, IIS will hold the DLL in memory. It must be unloaded from the memory and then reloaded into memory for changes to be effective.

Applications, such as .DLL files and .EXE files, do not need to have Read permission assigned. Users will be able to execute an application if they have Execute permission on it.

-------------------------------------------------------------[Question 103]:AD

Your company has been assigned one IP address from InterNic. You want to configure two virtual servers on IIS 4.0. What is the best way you can configure two virtual servers using just one IP address?

[Alternatives:]?: Use host name resolution on the client.?: You cannot configure two virtual servers using just one IP address. You must obtain another IP address.?: Use custom HTTP headers on IIS 4.0.?: Add host headers on IIS 4.0.

[Answer:]IIS 4.0 not only provides support for hosting multiple Web sites on a single computer running Windows NT Server, but also for hosting them on a single IP address.IIS provides this capability through the use of a host header that is supported by most newer browsers (Internet Explorer 4.0 and Netscape 4.0, for example) and some older ones. Host headers are supported by HTTP 1.1.Web sites have a descriptive name and can support one or more host header names. Host header names make the hosting of multiple domain names on one Web site possible.The browser sends the host header (which includes the name of the Web site it is trying to access) to the server. The client must also be able to resolve the host name to an IP address using DNS or a HOSTS file.Not all browsers support the use of host header names.If a visitor attempts to contact your site with an older browser that does not support host headers, the visitor gets the default Web site assigned to the address (if a default site is enabled), which may not necessarily be the site requested.Custom HTTP headers are used to send messages such as cache pages from the server to the browser.You can configure two virtual servers on a computer using the same or different IP addresses. The two virtual servers may use the same Web content or different Web content.

-------------------------------------------------------------[Question 104]:D

You are away from your office for a meeting with representatives of a prospective client. Your company creates Web sites for its customers.You want to show the representatives a sample of a site you developed, but they do not have an Internet connection. You have access to the Internet in your hotel room, and you have a laptop computer running Windows 95.You decide to download a Web site, along with all of its links and linked pages, onto your laptop to show the representatives. What can you use to do this?

[Alternatives:]?: Microsoft Certificate Server?: Microsoft Transaction Server?: Microsoft Index Server?: Microsoft Site Server Express

[Answer:]You can use the Copy Site option in Site Server Express to copy a site from a Web server to your local hard disk as Control Analyzer builds up the Webmap.Microsoft Site Server Express 2.0 is available for Windows NT Server 4.0, Windows NT Workstation 4.0, and Windows 95. Internet Explorer also provides a way to download a Web site using subscriptions.

-------------------------------------------------------------[Question 105]:C

You have a Web site which contains a lot of image and audio files. You want to find out how may HTML pages have images which are larger than 32K. What is the easiest way to find this out?

[Alternatives:]?: Use Microsoft Excel to sort all files by size.?: Use SQL to query for files larger than 32K.?: Use a Webmap in Server Site Express and search Load Size over 32K.?: Set the Performance Monitor counter for Files over 32K.

[Answer:]The easiest and fastest way to search a Webmap is to use Site Server Express, Content Analyzer's predefined searches (called Quick Searches). With just a click, you can find all your broken links, hidden objects, images without ALT strings, and more.A Load Size over 32K search will return all pages whose load size (the size of the HTML page plus any linked inline resources, such as images) is larger than 32K.

-------------------------------------------------------------[Question 106]:B

You are the IIS administrator of your Web site, and you want to make your Web site secure. You want a certain range of computers to be unable to access the Web site.In the Directory Security tab and in the IP Address and Domain Name Restrictions in the Web Site properties, you check the Granted Access option and type the following in the exception list: IP address 125.45.65.32 and subnet mask 255.255.255.240.Which range of computers will be denied access to your Web site?


[Answer:]You can either deny access to every IP address with certain exceptions, or grant access to every IP address with certain exceptions. Using a subnet mask as a filter allows you to block host IDs into contiguous IP address units.The subnet mask 255.255.255.240 creates a block of 16 IP addresses; so in this question, 8 addresses are being denied access, and the range would be IP address 125.45.65.32 to IP address 125.45.65.47 (which is 16 IP addresses inclusive).The effective block (group) of IP addresses is a range of IP addresses for which all bits corresponding to 1s in the subnet mask are the same.In this question, this includes IP addresses (in binary representation) 0111 1101.0010 1101.0100 0001.0010 xxxx, where the last four bits (xxxx) can have any one of sixteen possible values:0000, 0001, 0010, 0011, 0100, 0101, 0110, 0111, 1000, 1001, 1010, 1011, 1100, 1101, 1110, or 1111.Translating all the possible values of xxxx to decimal representation shows that this last byte (0010 xxxx) of an IP address in this block can be 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, or 47.

-------------------------------------------------------------[Question 107]:A

You want to block a computer from accessing your Web site, called MyWeb, on your IIS Server. Which of these procedures would you follow to perform this task?

Procedure 1. Use Internet Service Manager. Select MyWeb and go to its Properties. Select the Directory Security Tab. Select Edit IP Address and Domain Name Restrictions. Select the Granted Access option and click on Add.Select the "Single Computer" option. Enter the IP address of the computer to be denied access.

Procedure 2. Use Internet Service Manager. Select MyWeb and go to its Properties. Select the Directory Security Tab. Select Edit IP Address and Domain Name Restrictions. Select the Denied Access option and click on Add.Select the "Single Computer" option. Enter the IP address of the computer to be denied access.

Procedure 3. Use Internet Service Manager. Select Default Web Site and go to its Properties. Select the Directory Security Tab. Select Edit IP Address and Domain Name Restrictions. Select the Granted Access option and click on Add.Select the "Single Computer" option. Enter the IP address of the computer to be denied access.

Procedure 4. Use Internet Service Manager. Select the IIS server computer name and go to its Properties. Select Edit WWW Master Properties. Select the Directory Security Tab. Select Edit IP Address and Domain Name Restrictions.Select the Granted Access option and click on Add. Select the "Single Computer" option. Enter the IP address of the computer to be denied access.

[Alternatives:]?: Procedure 1?: Procedure 2?: Procedure 3

?: Procedure 4

[Answer:]In this situation you would use the Granted Access option and add clients to the exception list. The clients in this list will not be allowed to access the Web site.Configuring the Master Properties on the IIS server will enable you to create new virtual Web sites which inherit the master properties.So this will only block IP addresses for Web sites created after setting the master properties, not for any existing Web sites. Also, these master properties will be inherited by all Web sites you create in the future.The Default Web site is the one that responds to all IP addresses assigned to the computer in TCP/IP Properties, provided that the IP address is not assigned to another site on the IIS computer.

-------------------------------------------------------------[Question 108]:B

You are testing your Web site, called MyWeb, on your IIS Server. You want to allow only one designated computer to access your Web site. Which of these procedures would you follow to perform this task?

Procedure 1. Use Internet Service Manager. Select MyWeb and go to its Properties. Select the Directory Security Tab. Select Edit IP Address and Domain Name Restrictions. Select the Granted Access option and click on Add.Select the "Single Computer" option. Enter the IP address of the computer to be denied access.

Procedure 2. Use Internet Service Manager. Select MyWeb and go to its Properties. Select the Directory Security Tab. Select Edit IP Address and Domain Name Restrictions. Select the Denied Access option and click on Add.Select the "Single Computer" option. Enter the IP address of the computer to be denied access.

Procedure 3. Use Internet Service Manager. Select Default Web Site and go to its Properties. Select the Directory Security Tab. Select Edit IP Address and Domain Name Restrictions. Select the Granted Access option and click on Add.Select the "Single Computer" option. Enter the IP address of the computer to be denied access.

Procedure 4. Use Internet Service Manager. Select the IIS server computer name and go to its Properties. Select Edit WWW Master Properties. Select the Directory Security Tab. Select Edit IP Address and Domain Name Restrictions.Select the Granted Access option and click on Add. Select the "Single Computer" option. Enter the IP address of the computer to be denied access.

[Alternatives:]?: Procedure 1?: Procedure 2?: Procedure 3?: Procedure 4

[Answer:]In this situation you would use the Denied Access option and add clients to the exception list. Only the clients in this list will be allowed to access the Web site.Configuring the Master Properties on the IIS server will enable you to create new virtual Web sites which inherit the master properties.So this will only block IP addresses for Web sites created after setting the master properties, not for any existing Web sites. Also, these master properties will be inherited by all Web sites you create in the future.The Default Web site is the one that responds to all IP addresses assigned to the computer in TCP/IP Properties, provided that the IP address is not assigned to another site on the IIS computer.

-------------------------------------------------------------[Question 109]:A

You want to block computers with IP addresses 130.10.10.96 to 130.10.10.127 from accessing your Web site, called MyWeb, on your IIS Server. Which of these procedures would you follow to perform this task?

Procedure 1. Use Internet Service Manager. Select MyWeb and go to its Properties. Select the Directory Security Tab. Select Edit IP Address and Domain Name Restrictions. Select the Granted Access option and click on Add.

Select the "Group of Computers" option. Enter the network ID 130.10.10.96 and the subnet mask 255.255.255.224.

Procedure 2. Use Internet Service Manager. Select MyWeb and go to its Properties. Select the Directory Security Tab. Select Edit IP Address and Domain Name Restrictions. Select the Granted Access option and click on Add.Select the "Group of Computers" option. Enter the network ID 130.10.10.96 and the subnet mask 255.255.255.240.

Procedure 3. Use Internet Service Manager. Select Default Web Site and go to its Properties. Select the Directory Security Tab. Select Edit IP Address and Domain Name Restrictions. Select the Granted Access option and click on Add.Select the "Group of Computers" option. Enter the network ID 130.10.10.96 and the subnet mask 255.255.255.224.

Procedure 4. Use Internet Service Manager. Select the IIS server computer name and go to its Properties. Select Edit WWW Master Properties. Select the Directory Security Tab. Select Edit IP Address and Domain Name Restrictions.Select the Granted Access option and click on Add. Select the "Group of Computers" option. Enter the network ID 130.10.10.96 and the subnet mask 255.255.255.224.


[Answer:]In this situation you would use the Granted Access option and add clients to the exception list. The clients in this list will not be allowed to access the Web site.Using a network ID of 130.10.10.96 and a subnet mask of 255.255.255.224 will create a group of 32 computers, with IP addresses of 130.10.10.96 to 130.10.10.127 (inclusive), which will be denied access to the Web site.Configuring the Master Properties on the IIS server will enable you to create new virtual Web sites which inherit the master properties.So this will only block IP addresses for Web sites created after setting the master properties, not for any existing Web sites. Also, these master properties will be inherited by all Web sites you create in the future.The Default Web site is the one that responds to all IP addresses assigned to the computer in TCP/IP Properties, provided that the IP address is not assigned to another site on the IIS computer.

-------------------------------------------------------------[Question 110]:A

You want to create a virtual server which will be called CorpA on your IIS. It should be configured with an IP address of 130.10.10.64 and a home directory of C:\InetPub\wwwroot. Which of these procedures would you follow to perform this task?

Procedure 1. Use Internet Service Manager. Select the IIS server computer name. Select Action, New, Web Site. Enter CorpA in the Web Site Description field. Select IP address 130.10.10.64 from the drop-down list. Use the default TCP port (80).Use the default SSL port (443). Enter the path for the home directory as C:\InetPub\wwwroot. Use the default "Allow anonymous access to this Web site" option. Use the default access permissions. Click the Start icon to start the Web site.

Procedure 2. Use Internet Service Manager. Select the IIS server computer name. Select Action, New, Virtual Directory. Use CorpA as the alias. Use C:\InetPub\wwwroot as the physical path. Use the default access permissions.Make sure the IIS computer has the IP address 130.10.10.64.

Procedure 3. Use Internet Service Manager. Select Default Web Site. Select Action, New, Virtual Directory. Use CorpA as the alias. Use C:\InetPub\wwwroot as the physical path. Use the default access permissions.Make sure the IIS computer has the IP address 130.10.10.64.

Procedure 4. Use Internet Service Manager. Select Administration Web Site. Select Action, New, Virtual Directory. Use CorpA as the alias. Use C:\InetPub\wwwroot as the physical path. Use the default access permissions.Make sure the IIS computer has the IP address 130.10.10.64.


[Answer:]A virtual Web server is created by creating a Web site on the IIS computer. A virtual directory is used to create directory aliases.A user connects to a default Web site when he cannot connect to any other Web site (that is, a virtual Web site) on the IIS computer. The Administration Web site is only used for administrative purposes.

-------------------------------------------------------------[Question 111]:A

You want to create a virtual server which will be called CorpA on your IIS. It should be configured with an IP address of 130.10.10.64 and a home directory of C:\InetPub\wwwroot. Which of these procedures would you follow to perform this task?

Procedure 1. Use Internet Service Manager. Select the IIS server computer name. Select Action, New, Web Site. Enter CorpA in the Web Site Description field. Select IP address 130.10.10.64 from the drop-down list. Use the default TCP port (80).Use the default SSL port (443). Enter the path for the home directory as C:\InetPub\wwwroot. Use the default "Allow anonymous access to this Web site" option. Use the default access permissions. Click the Start icon to start the Web site.

Procedure 2. Use Internet Service Manager. Select the IIS server computer name. Select Action, New, Virtual Directory. Use CorpA as the alias. Use C:\InetPub\wwwroot as the physical path. Use the default access permissions.Make sure the IIS computer has the IP address 130.10.10.64.

Procedure 3. Use Internet Service Manager. Select Default Web Site. Click the Advanced button next to IP Address. In Multiple Identities for this Web Site, add an entry: IP address 130.10.10.64, TCP Port 80, and Host Header Name CorpA.

Procedure 4. Use Internet Service Manager. Select Administration Web Site. Select Action, New, Virtual Directory. Use CorpA as the alias. Use C:\InetPub\wwwroot as the physical path. Use the default access permissions.Make sure the IIS computer has the IP address 130.10.10.64.


[Answer:]Host headers can also be used to create virtual servers, but a virtual server implemented using a host header in an existing Web site uses the same content. In other words, all host header entries in a given Web site refer to the same home directory.

-------------------------------------------------------------[Question 112]:AB

You want to enable FTP and Web log files on your IIS server. The FTP site is called CorpFTP, and the Web site is called CorpWeb. You want new log files to be started automatically when the log file size reaches 10 MB.Which of these procedures would you follow to perform this task?

Procedure 1. Use Internet Service Manager. Select CorpFTP. Go to Properties. Check Enable Logging. Select an Active Log format. Click on Log Properties. In the General Properties tab, select the option "When file size reaches" and enter 10 MB.Specify the log file directory path (such as %systemroot%\system32\logfiles).

Procedure 2. Use Internet Service Manager. Select CorpWeb. Go to Properties. Check Enable Logging. Select an Active Log format. Click on Log Properties. In the General Properties tab, select the option "When file size reaches" and enter 10 MB.Specify the log file directory path (such as %systemroot%\system32\logfiles).

Procedure 3. Use Internet Service Manager. Select your IIS computer name. Select Action, Properties. Select Edit Master Properties for WWW Service. Check Enable Logging. Select an Active Log format. Click on Log Properties.In the General Properties tab, select the option "When file size reaches" and enter 10 MB. Specify the log file directory path (such as %systemroot%\system32\logfiles).

Procedure 4. Use Internet Service Manager. Select your IIS computer name. Select Action, Properties. Select Edit Master Properties for FTP Service. Check Enable Logging. Select an Active Log format. Click on Log Properties.In the General Properties tab, select the option "When file size reaches" and enter 10 MB. Specify the log file directory path (such as %systemroot%\system32\logfiles).


[Answer:]You need to configure FTP and Web sites individually. If you change the settings on the Master Property sheets, subsequent virtual sites inherit the new settings, but previously created virtual sites do not.Note that log access to individual folders can be enabled by checking the Log Access under Content Control on the folder (a home directory or virtual directory). This requires that the service (WWW or FTP) logging also be enabled.

-------------------------------------------------------------[Question 113]:A

You want to create a custom error message for HTTP Error 404 for all Web sites on your IIS server. Which of these procedures would you follow to perform this task?

Procedure 1. Use Internet Service Manager. Select your IIS computer name. Select Action, Properties. Select Edit Master Properties for WWW Service. Select the Custom Errors tab. Select and edit HTTP Error 404 Properties.In the Error Mapping Properties dialog box, select message type "File" and enter the pathname of the message file (for example, C:\winnt\help\common\Custom404.htm). In Inheritance Overrides, select all child nodes.

Procedure 2. Use Internet Service Manager. Select the first Web site name. Select Action, Properties. Select the Custom Errors tab. Select and edit HTTP Error 404 Properties.In the Error Mapping Properties dialog box, select message type "File" and enter the pathname of the message file (for example, C:\winnt\help\common\Custom404.htm). In Inheritance Overrides, select all child nodes.Repeat this procedure for each Web site on the IIS server.

Procedure 3. Use Internet Service Manager. Select Default Web Site. Select Action, Properties. Select Edit Master Properties for WWW Service. Select the Custom Errors tab. Select and edit HTTP Error 404 Properties.In the Error Mapping Properties dialog box, select message type "File" and enter the pathname of the message file (for example, C:\winnt\help\common\Custom404.htm). In Inheritance Overrides, select all child nodes.

Procedure 4. Use Internet Service Manager. Select your IIS computer name. Select Action, Properties. Select Edit Master Properties for WWW Service. Select the Custom Errors tab. Select and edit HTTP Error 404 Properties.In the Error Mapping Properties dialog box, select message type "File" and enter the pathname of the message file (for example, C:\winnt\help\common\Custom404.htm). In Inheritance Overrides, do not select any child nodes.


[Answer:]Configuring the master properties for the WWW Service and applying them to existing child nodes will ensure that all existing Web sites, and any new Web sites you create, will inherit those properties.

It is not necessary to configure each Web site individually. The Default Web Site properties will only apply to files under the Default Web Site.

-------------------------------------------------------------[Question 114]:CD

Yesterday you used User Manager for Domains to change the password of the Internet User account (which had been the default password before this change) on your IIS computer, PCAGE.You have received several messages from users complaining that they cannot anonymously access the FTP site, CorpFTP. Which of these procedures would you follow to solve this problem?

Procedure 1. Use User Manager for Domains. Select IUSR_PCAGE. Select User Properties. Replace the password with the default password for IUSR_PCAGE.

Procedure 2. Use User Manager for Domains. Select IWAM_PCAGE. Select User Properties. Replace the password with the default password for IWAM_PCAGE.

Procedure 3. Use Internet Service Manager. Select CorpFTP. Select the Directory Security Tab. Edit Anonymous Access and Authentication Control. Edit Account Used for Anonymous Access.Enter the same password that you entered for IUSR_PCAGE in User Manager for Domains.

Procedure 4. Use Internet Service Manager. Select CorpFTP. Select the Directory Security Tab. Edit Anonymous Access and Authentication Control. Edit Account Used for Anonymous Access.Check Enable Automatic Password Synchronization.


[Answer:]The IUSR_<computername> password specified in the Windows NT accounts database must match the password for the anonymous account specified in FTP Properties.Instead of entering the password manually in the Anonymous User Account dialog box in FTP Properties, you can select the Enable Automatic Password Synchronization option.Enabling synchronization means that the FTP service will get this password automatically from within the Windows NT accounts database.Since the default random password for IUSR_<computername> is generated internally, it is not known to users or administrators.

-------------------------------------------------------------[Question 115]:C

You want to create a new FTP site, CorpFTP, and allow users to upload files to it and download files from it. You want to use C:\InetPub\corpftp as the home directory. Which of these procedures would you follow to perform this task?

Procedure 1. Use Internet Service Manager. Select the IIS server computer name. Select Action, New, FTP Site. Enter CorpA in the FTP Site Description field. Select the IP address from the drop-down list. Use the default TCP port (21).Enter the path for the home directory as C:\InetPub\corpftp. Check the Read permission option. Start the FTP site.

Procedure 2. Use Internet Service Manager. Select Default FTP Site. Select Action, Properties. Enter CorpA in the FTP Site Description field. Select the IP address from the drop-down list. Use the default TCP port (21).Enter the path for the home directory as C:\InetPub\corpftp. Check the Read and Write permission options.

Procedure 3. Create a folder, C:\InetPub\corpftp. Use Internet Service Manager. Select the IIS server computer name. Select Action, New, FTP Site. Enter CorpA in the FTP Site Description field. Select the IP address from the drop-down list.Use the default TCP port (21). Enter the path for the home directory as C:\InetPub\corpftp. Check the Read and Write permission options. Start the FTP site.

Procedure 4. Create a folder, C:\InetPub\corpftp. Use Internet Service Manager. Select Default FTP Site. Select Action, Properties. Enter CorpA in the FTP Site Description field. Select the IP address from the drop-down list.Use the default TCP port (21). Enter the path for the home directory as C:\InetPub\corpftp. Check the Read and Write permission options.


[Answer:]You must specify an existing folder when configuring the home directory of an FTP site. Create a new Web site instead of modifying the Default Web Site.

-------------------------------------------------------------[Question 116]:B

You want to allow anonymous users to access your FTP site, CorpFTP, and you want to log the anonymous accesses. Which of these procedures would you follow to perform this task?

Procedure 1. Use Internet Service Manager. Select CorpFTP. Select Action, Properties. Check Enable Logging. Select an Archive Log format.In Log Properties, make sure the General Logging Properties (and Extended Logging Properties, if applicable) are configured.

Procedure 2. Use Internet Service Manager. Select CorpFTP. Select Action, Properties. Select the Security Access tab. Enable Allow Anonymous Connections. Check Enable Logging. Select an Archive Log format.In Log Properties, make sure the General Logging Properties (and Extended Logging Properties, if applicable) are configured.

Procedure 3. Use Internet Service Manager. Select CorpFTP. Select Action, Properties. Select the Security Access tab. Enable Allow Only Anonymous Connections. Check Enable Logging. Select an Archive Log format.In Log Properties, make sure the General Logging Properties (and Extended Logging Properties, if applicable) are configured.

Procedure 4. Use Internet Service Manager. Select Default FTP Site. Select Action, Properties. Check Enable Logging. Select an Archive Log format.In Log Properties, make sure the General Logging Properties (and Extended Logging Properties, if applicable) are configured.


[Answer:]In order to log anonymous connections, you must first enable anonymous connections. Otherwise, no one will be able to log on anonymously. Non-anonymous connections will also be logged in the log file.Selecting Allow Only Anonymous Connections will prevent non-anonymous users from logging on.

-------------------------------------------------------------[Question 117]:C

In Windows NT, which group should a user belong to if he has to manage IIS using the Internet Service Manager (HTML)?

[Alternatives:]?: Server Operators?: Account Operators?: Administrators?: Power Users

[Answer:]To use Internet Service Manager (HTML), you must be logged on to a user account that has Administrator privileges on the computer being administered.This can be the Administrator account, or any other account added to the Service Operators list in the Service Properties, Operators tab.

-------------------------------------------------------------[Question 118]:B

You want to be able to administer your Web server from a remote computer using the Netscape Navigator browser. Which authentication method should be enabled on the IIS server?

[Alternatives:]?: Allow Anonymous Access?: Basic Authentication?: Windows NT Challenge/Response?: Secure Sockets Layer (SSL)

[Answer:]Allow Anonymous Access will not authenticate a user; it allows all users to connect to the Web site. Allow Anonymous Access should never be enabled on an administrative Web site.Windows NT Challenge/Response will authenticate a user, but it is only supported by Internet Explorer, not Netscape Navigator.Secure Sockets Layer is not a user authentication method; however, it can be used to enable client authentication using client certificates and mapping them into a Windows NT user account.Basic Authentication will authenticate users, but it uses unencrypted passwords.

-------------------------------------------------------------[Question 119]:B

You want to be able to administer your company's Web server from any computer on the Internet using the Internet Explorer browser. Your Web server is protected by a firewall, implemented using Proxy Server.Which authentication method should be enabled on the IIS server?

[Alternatives:]?: Allow Anonymous Access?: Basic Authentication?: Windows NT Challenge/Response?: Secure Sockets Layer (SSL)

[Answer:]Allow Anonymous Access will not authenticate a user; it allows all users to connect to the Web site. Allow Anonymous Access should never be enabled on an administrative Web site.Windows NT Challenge/Response will authenticate a user, but it has the following limitations:a) It cannot be performed through a firewall via a proxy.b) It is only supported by Internet Explorer.c) It cannot pass user credentials to another process (such as SQL Server).Secure Sockets Layer is not a user authentication method; however, it can be used to enable client authentication using client certificates and mapping them into a Windows NT user account.Basic Authentication will authenticate users, but it uses unencrypted passwords.

-------------------------------------------------------------[Question 120]:D

You want to administer your Web server from a remote computer using a Web browser. What should you do?

[Alternatives:]?: Connect to the default Web site on the IIS server using the default TCP port.?: Connect to the default Web site on the IIS server using TCP port 80.?: Connect to the Administration Web site on the IIS server using TCP port 80.?: Connect to the Administration Web site on the IIS server using the TCP port dynamically assigned by IIS.

[Answer:]The default Web site is not used for administration.For security reasons, IIS dynamically assigns a TCP port number to the Administration Web site during IIS installation.You can change this port number if you like, but you must specify this number when connecting to the Administration Web site from a remote computer.To be even more secure, you should use the IP address blocking feature to only allow designated computers to access the Administration Web site.Also, if SSL is installed on the IIS server you should use a port other than the default because, unlike the TCP port, this port is not dynamically assigned.

Microsoft Internet Information Server Online Help)-------------------------------------------------------------[Question 121]:B

You want to be able to administer your company's Web server from any computer on the Internet. Your Web server is protected by a firewall, implemented using Proxy Server. What should you do to enable remote administration?

[Alternatives:]?: Do nothing. You can administer your Web server from a remote computer using Internet Service Manager.?: Enable RPC Listener Port on the proxy server to allow traffic on a designated port.?: Install SSL on the IIS server and use the SSL port to connect to the Web server.?: Install IIS 4.0 on the remote computer.

[Answer:]Proxy Server protects the network from external users as follows:a) It disables IP forwarding. This forces all connections between external and internal networks to use the routing information in the Local Address Table.b) It disables listening to inbound service ports. This prevents users from initiating connections on any application service ports that you do not specifically enable.By enabling RPC Listener Port, an administrator can initiate a connection to the Web server via the proxy server.

-------------------------------------------------------------[Question 122]:E

For security reasons, you want user names and passwords to be encrypted when users access your FTP site. What should you do on the IIS server?

[Alternatives:]?: Install SSL.?: Choose the Allow Only Anonymous Connections option.?: Choose the Basic Authentication option.?: Choose the Windows NT Challenge/Response Authentication option.?: You cannot encrypt the user names and passwords.

[Answer:]FTP does not support SSL, Basic authentication, or Windows NT Challenge/Response Authentication, so it does not provide configuration options for them. FTP always uses clear text user names and passwords.For security reasons, it is best to Allow Only Anonymous Connections to an FTP site, so that real user names and passwords are not used to access the site and therefore cannot be intercepted.

(Reference: Microsoft Internet Information Server 4.0 Training, Hands-On, Self-Paced Training for Supporting Version 4.0, "IIS Security Features", page 150)-------------------------------------------------------------[Question 123]:AC

Users complain that their index queries do not return a complete list of documents. You notice that the noise file is very large, so you remove the file. What effect will this have on the Index Server?

[Alternatives:]?: Users will now be able to get more accurate hits.?: Queries will be processed faster.?: Queries will be processed slower.?: Queries will be processed at the same speed.

[Answer:]Removing the noise file means that there are more keywords and a greater frequency of keywords, which increases the index size and slows down the query.However, there is an advantage in that none of the keywords in the query will be ignored (since none of them are noise words), so the hits will be more accurate.

-------------------------------------------------------------[Question 124]:B

You installed a CGI script in the directory C:\Scripts. Using Internet Service Manager, what permissions would you assign to the Scripts folder so that users can run the script?

[Alternatives:]?: Read?: Script

?: Execute?: Read and Script?: Read and Execute

[Answer:]A folder containing CGI scripts should only be given Script permission.Script permission is safer than Execute permission because Script permission allows you to limit the applications that can be run in the directory, preventing any applications not mapped to a script engine from running.You should disable Read permission on any directory containing CGI scripts, to prevent clients from downloading the files.

-------------------------------------------------------------[Question 125]:C

You installed a Perl interpreter, Perl.exe, in C:\Programs. Using Internet Service Manager, what permissions would you assign to the Programs folder so that users can run CGI scripts written in Perl?

[Alternatives:]?: Read?: Script?: Execute?: Read and Script?: Read and Execute

[Answer:]A folder containing any executable programs or DLLs should only be given Execute permission. You should disable Read permission on any directory containing executable programs or DLLs, to prevent clients from downloading the files.Script permission is used on a folder containing CGI, ASP, or other scripts; it allows you to limit the applications that can be run in the directory, preventing any applications not mapped to a script engine from running.

-------------------------------------------------------------[Question 126]:C

You installed an ISAPI application, Hits.dll, in C:\Programs. Using Internet Service Manager, what permissions would you assign to the Programs folder so that users can use this application?


[Answer:]A folder containing any executable programs or DLLs should only be given Execute permission. You should disable Read permission on any directory containing executable programs or DLLs, to prevent clients from downloading the files.Script permission is used on a folder containing CGI, ASP, or other scripts; it allows you to limit the applications that can be run in the directory, preventing any applications not mapped to a script engine from running.

-------------------------------------------------------------[Question 127]:C

You installed a CGI application, Hits.exe, in C:\Programs. Using Internet Service Manager, what permissions would you assign to the Programs folder so that users can use this application?


[Answer:]

A folder containing any executable programs or DLLs should only be given Execute permission. You should disable Read permission on any directory containing executable programs or DLLs, to prevent clients from downloading the files.Script permission is used on a folder containing CGI, ASP, or other scripts; it allows you to limit the applications that can be run in the directory, preventing any applications not mapped to a script engine from running.But in this case we are running a CGI application, not a CGI script, so Execute is the correct choice.

-------------------------------------------------------------[Question 128]:B

You are the system administrator of the FTP site for a large software company. Your team has designed the FTP site so that if traffic increases by 100% in the next year, the site will be able to accommodate the increase in traffic.The FTP site allows your customers to download the latest software updates. Users start to complain that the site is sometimes inaccessible, but at other times it is perfectly fine.You set up Performance Monitor to test the system and identify the problem. Which counter will you use to find the problem?

[Alternatives:]?: Total Connections?: Maximum Connections?: Current Connections?: Current Anonymous Users

[Answer:]You can use Performance Monitor to monitor the maximum, current, or total number of connections, anonymous users, or non-anonymous users.A connection is merely a connection between the FTP client and the FTP server; it does not mean that a user is logged in. When a user connects to the FTP server, the number of connections increases by one.When the user logs in to the FTP server, the number of users increases by one--but the user cannot log in without first making a connection, although a user can connect without logging in.The total number of connections (or users) is the cumulative number of connections (or users) since the FTP service was last started. The maximum number of connections (or users) should be used to determine the load on an FTP server.Maximum Connections is the maximum number of simultaneous connections to the FTP Server. This counter allows you to determine whether the bandwidth of the IIS server is enough to accommodate the number of simultaneous connections.

-------------------------------------------------------------[Question 129]:CD

You have created an FTP site, CorpFTP, on the IIS server. You want to use the Internet Service Manager (HTML) to administer the IIS from a remote computer on the intranet.What authentication method would you enable in the Authentication Methods dialog box for the Administration Web site?

[Alternatives:]?: Allow Anonymous Access?: Allow Only Anonymous Access?: Basic authentication?: Windows NT Challenge/Response authentication

[Answer:]You must use an authentication method other than anonymous access. To administer any of the services using the Internet Service Manager (HTML), you must be logged on to a user account that has Administrator privileges on the computer being administered.This is usually the administrator or a site operator (the Administrators group is added to the Site Operators list by default).If you are using a browser that is capable of Windows NT Challenge/Response authentication (such as Microsoft Internet Explorer version 2.0 or later), you can use Windows NT Challenge/Response authentication.If you are not using a browser capable of Windows NT Challenge/Response authentication, then you must use Basic authentication (although this is not recommended because it uses clear text passwords).

Enabling both Basic authentication and Windows NT Challenge/Response authentication will allow you to use both browsers that support Windows NT Challenge/Response authentication and browsers that do not support this method.

-------------------------------------------------------------[Question 130]:D

Users on your intranet do not know how to use the FTP command line. They want to use their browser to download files from the department Web site, SalesFTP, using the URL ftp://ftp.sales.com.For the users to be able to do this, what must be started on the IIS server?

[Alternatives:]?: Default FTP site?: Default Web site?: Administration Web site?: None of the above

[Answer:]The FTP site, SalesFTP, from which the files are to be downloaded must be started. Other FTP sites or Web sites need not be started.

-------------------------------------------------------------[Question 131]:D

You have created an FTP site, CorpFTP, on the IIS server. You want to use the Internet Service Manager (HTML) to administer the IIS from a remote computer on the intranet. What must be started on the IIS server?

[Alternatives:]?: CorpFTP site?: Default FTP site?: Default Web site?: Administration Web site

[Answer:]You must connect to the Administration Web site from the remote computer.During IIS installation, a random TCP port number is assigned to this Web site; you will need to specify this TCP port number when you attempt to connect (for example, http://www.pcage.com:9273).Other sites can be started or stopped using Internet Service Manager (HTML).

-------------------------------------------------------------[Question 132]:ABCD

When you install IIS using Custom Installation and select all computers, which objects are added to Performance Monitor?

[Alternatives:]?: Active Server Pages?: Content Index Filter?: Web Service?: Internet Information Service Global

[Answer:]The following are also added: Content Index, FTP Service, HTTP Content Index, NNTP server client requests, NNTP Server, and SMTP Server.

-------------------------------------------------------------[Question 133]:AB

Which tool can you use for remote administration of a Web site?

[Alternatives:]?: Internet Service Manager?: Internet Service Manager (HTML)?: Microsoft Transaction Server?: Index Server

[Answer:]Internet Service Manager is used to administer an IIS server remotely. Microsoft Transaction Server is a transaction processing system. Index Server is used for indexing and querying the Web server content.

-------------------------------------------------------------[Question 134]:A

Which component of IIS provides support for process isolation?

[Alternatives:]?: Web Application Manager?: The Inetinfo process?: Internet Database Connector?: Server Side Include

[Answer:]Web Application Manager (WAM) provides IIS with process isolation capability. The Inetinfo process contains all standard Internet services. Internet Database Connector (IDC) provides communication between the Web service and the database.Server Side Include (SSI) allows IIS to include text, graphics, or application information in HTML pages. SSIs are processed by the Web server.

-------------------------------------------------------------[Question 135]:ABCD

Which features are provided by the Inetinfo process?

[Alternatives:]?: Thread pool?: Cache?: SNMP Services?: Logging

[Answer:]In addition to Internet services, the Inetinfo process contains shared thread pool, cache, logging, and SNMP services.

(Reference: Microsoft Internet Information Server 4.0 Training, Hands-On, Self-Paced Training for Supporting Version 4.0, "Inetinfo Process", page 48)-------------------------------------------------------------[Question 136]:A

You have created a virtual server on an IIS server. You copied Default.asp from the Default Web Site's home folder to the home folder of the virtual server. When users connect to your virtual server, the images in the home page are not displayed.What could be causing this problem?

[Alternatives:]?: The images are stored in virtual directories which do not exist on the virtual server.?: The images were not copied from the Default Web Site.?: The images have Execute permission for the Default Web Site only.?: The browser does not support images in Default.asp.

[Answer:]The Default Web Site contains virtual directories in which the images are stored. You should create a virtual directory for the virtual server and make sure that this virtual directory references the physical folder where the images are stored.It is not necessary to physically copy the images to the virtual server.

-------------------------------------------------------------[Question 137]:ABC

You create ten virtual Web servers on the IIS server using ten different IP addresses. Users complain that they can only access the Default Web Site. What must you do to allow users to access the virtual servers?

[Alternatives:]?: Install a HOSTS file on each client.?: Install a HOSTS file on a server for each client to download.?: Install and configure a DNS server.?: Install a DHCP server.

[Answer:]

Clients need to resolve the names of the virtual servers to their IP addresses.This can be accomplished by installing a HOSTS file on the clients directly or allowing the clients to download the HOSTS file from a server, or by using a DNS server for name resolution.

-------------------------------------------------------------[Question 138]:C

You create ten virtual Web servers on the IIS server using a single IP address. You also install and configure DNS, and configure the users' computers to use DNS. Users complain that they can only access the Default Web Site.What must you do to allow users to access the virtual servers?

[Alternatives:]?: Install a HOSTS file on each client.?: Install a HOSTS file on a server for each client to download.?: Add a host header for each virtual server.?: Add a HTTP header for each virtual server.

[Answer:]DNS already provides a name resolution method, so adding a HOSTS file will not help. For each virtual server, add a name in the Host Header Name box in the Advanced Properties sheet. Each name must also be registered in the DNS database.

-------------------------------------------------------------[Question 139]:AB

You want to temporarily take the Web site offline to configure custom error messages. You do not want it to be accessible to any user during this maintenance period. How can you accomplish this?

[Alternatives:]?: Remove all access permissions from the Web site home folder.?: Stop the Web site.?: Pause the Web site.?: Delete the Web site from the MMC.

[Answer:]Pausing the Web site will prevent users from making new connections, but will continue to allow access to users who are already connected. Deleting the Web site from the MMC does not stop the Web service.

-------------------------------------------------------------[Question 140]:AB

Your company sells its products to several countries. Your IIS server has a Web site which will be used by your company's customers throughout the world. This Web site will allow customers to purchase products using their credit cards.How would you implement security on the Web site?

[Alternatives:]?: Enable Allow Anonymous Access.?: Enable SSL on the folders used to process the credit card orders.?: Enable Windows NT Challenge/Response authentication.?: Enable Basic authentication.

[Answer:]Windows NT Challenge/Response authentication and Basic authentication would prevent the customers from logging on, as they require a valid user name and password on the Windows NT accounts database.

-------------------------------------------------------------[Question 141]:A

Your Web site home folder has the NTFS permissions of Read and Write assigned to the Guests group. In your IIS configuration, you have assigned Read permission and removed Write, Script, and Execute permissions on the same folder.What are the effective permissions of anonymous users on the home folder?

[Alternatives:]?: Read?: Write?: Script

?: Execute

[Answer:]The effective permissions are the most restrictive combination of the NTFS and IIS permissions. For anonymous users (who use the account Internet Guest, which is a member of the Guests group), the permission will be Read.The Script, Execute, and Write permissions will be denied.

-------------------------------------------------------------[Question 142]:A

You want to allow only anonymous users on your Web site. Which options should be checked in the Authentication Methods dialog box?

[Alternatives:]?: Allow Anonymous Access?: Basic authentication?: Windows NT Challenge/Response authentication?: Allow Only Anonymous Access

[Answer:]The only option that should be selected is Allow Anonymous Access. You should clear the Basic authentication and Windows NT Challenge/Response authentication options.The Allow Only Anonymous Access check box is used for FTP site configuration, not for Web site configuration.

-------------------------------------------------------------[Question 143]:B

You want to place an advertisement on your home page which shows the special sale item of the season. What will enable you to implement this feature?

[Alternatives:]?: Content Index?: Content Rotator?: Site Server Express?: Microsoft Transaction Server

[Answer:]Content Rotator is an installable ASP object. It uses Content Schedule to determine how frequently to display new content to Web browsers.

-------------------------------------------------------------[Question 144]:AC

You have an FTP site that has files and updates for the products your company makes. This site is accessed regularly both by company employees and people who are not employees.You do not want employees to use their usernames and passwords to access the site, for fear of this information being intercepted by hackers.Which of the following should you do in the Security Accounts tab in the FTP site properties of your company's FTP site?

[Alternatives:]?: Check Allow Anonymous Connections.?: Uncheck Allow Anonymous Connections.?: Check Allow Only Anonymous Connections.?: Uncheck Allow Only Anonymous Connections.

[Answer:]The IIS FTP Service running on Windows NT has a very important security concern, which is that user passwords are sent unencrypted.This poses a problem for Windows NT users, because when they log on to the service using their usernames and passwords, these may be intercepted, which can compromise the security of the Windows NT domain.If the users access the service using anonymous connections, then Windows NT internally uses the IUSR_<computername> account to access the FTP service.One good way to avoid compromising the security of the domain is to prevent users of Windows NT from logging on using their usernames and passwords.An even better solution is to not allow the Windows NT users (users logging on with usernames and passwords) to access the same FTP site as the anonymous users.

If we check the Allow Anonymous Connections box, then both the Windows NT users and the anonymous users can access the FTP site.To allow only the anonymous users to access the site, check both Allow Anonymous Connections and Allow Only Anonymous Connections on the Security Accounts Tab of the FTP properties page.The Allow Only Anonymous Connections option is not available until the Allow Anonymous Connections option is checked. Therefore, to select Allow Only Anonymous Connections, you must first select Allow Anonymous Connections.

-------------------------------------------------------------[Question 145]:C

The number of employees in your company has doubled in the last year. You notice that it takes too much time for the SMTP process to deliver mail. How can you improve the performance of the SMTP server?

[Alternatives:]?: Enable SSL on the SMTP server.?: Move the mail folders to another server.?: Increase the Local Queue Retry Interval.?: Decrease the Local Queue Retry Interval.

[Answer:]Enabling SSL (or TSL, Transport Sockets Layer, on SMTP) loads the processor, which degrades the server's performance.Increasing the retry interval would reduce the frequency of attempts to deliver mail that could not be delivered on the first attempt, thus reducing the load on the server.Moving the mail folders to another server will increase network traffic, but will not dramatically improve the performance of the SMTP server.

-------------------------------------------------------------[Question 146]:D


Microsoft OLE DB Provider for ODBC Drivers error '80004005'[Microsoft][ODBC Driver Manager] Data Source Name not found and no default driver specified


[Alternatives:]?: The user has insufficient permissions to access the database.?: The database was recently moved to another server.?: The user has insufficient permissions to access RESOURCES in the database.?: ODBC Driver is not properly configured on the Web server.

[Answer:]This error indicates that the Web server (actually the ODBC Driver Manager) could not find the ODBC DSN or the database specified by DSN.This error can occur when the ODBC DSN name and the SQL server name do not match, or if you use an incorrect type of DSN (User DSN, System DSN, File DSN). This error can also occur if incorrect ODBC drivers are installed on the Web server.