windows server 2008 r2 questions - updated
TRANSCRIPT
FACULTY OF BUSINESS AND INFORMATION TECHNOLOGY
AUCKLAND CAMPUS
Bachelor of Information Technology
Graduate Diploma in Information Technology
IT6218 Operating Systems
Trimester 1 - 2011
Final Exam
Course Weighting 40%
Time Allowed
180 minutes (3 Hours) + 10 minute reading time
Section Description Weight Section
Marks
Questions to
answer
Marks per
question
A Multiple Choice 30% 30 15 2
B Short Answers 40% 40 10 4
C Scenario-based
Questions 30% 30 3 10
Total 100% 100
IT6218 T1 2011 Final exam Page 2 of 8
Section A: Multiple Choice (30 marks)
Answer all questions. Each question is worth 2 marks. Write your answer in
the exam booklet.
1. You are the network administrator of your company. You install Windows Server 2008 on all servers on the network. All client computers are configured to run Windows Vista. You want to be able to use Advanced Encryption Standard (AES) with Kerberos for encryption of Ticket Granting Tickets (TGTs), service tickets, and session keys.
What is the minimum domain functional level that is required to support AES encryption with Kerberos? A. Windows 2000 Server mixed B. Windows 2000 Server native C. Windows Server 2003 D. Windows Server 2008
2. Which of the following tools can be used to configure DNS server services? A. The DNS administrative tool B. Computer Management C. Network Properties D. Active Directory Users and Computers
3. You are a systems administrator at WhitireiaNZ.com. You prevent users from starting or stopping a particular service on domain controllers.
Which of the following tools can you use? A. Active Directory Users and Computers tool B. Domain Controller Security Policy C. Domain Security Policy D. Local System Policy
4. WhitireiaNZ.com has a main office and ten branch offices. WhitireiaNZ.com has an Active Directory forest that hosts a single domain. Each office has one domain controller and each is configured as an Active Directory site. All sites are connected with the DEFAULTIPSITELINK object. You need to decrease the replication latency between the domain controllers.
What should you do to achieve this task? A. Decrease the cost between the connection objects B. Decrease the connection replication interval for all connection objects C. Decrease the replication interval for the DEFAULTIPSITELINK object D. Increase the replication interval for the DEFAULTIPSITELINK object
5. You have a single Active Directory domain. All domain controllers run Windows Server 2008 and are configured as DNS servers. The domain contains one Active Directory-integrated DNS zone. You need to ensure that outdated DNS records are automatically removed from the DNS zone.
What should you do? A. From the properties of the zone, modify the TTL of the SOA record. B. From the properties of the zone, enable scavenging. C. From the command prompt, run ipconfig /flushdns. D. From the properties of the zone, disable dynamic updates.
IT6218 T1 2011 Final exam Page 3 of 8
6. You need to remove the Active Directory Domain Services role from a domain controller named DC1. What should you do? A. Run the netdom remove DC1 command. B. Run the Dcpromo utility. Remove the Active Directory Domain Services role. C. Run the nltest /remove_server: DC1 command. D. Reset the Domain Controller computer account by using the Active Directory Users and
Computers utility.
7. Your company has an Active Directory domain. The company has two domain controllers named DC1 and DC2. DC1 holds the Schema Master role. DC1 fails. You log on to Active Directory by using the administrator account. You are not able to transfer the Schema Master operations role. You need to ensure that DC2 holds the Schema Master role.
What should you do? A. Configure DC2 as a bridgehead server. B. On DC2, seize the Schema Master role. C. Log off and log on again to Active Directory by using an account that is a member of the
Schema Administrators group. Start the Active Directory Schema snap-in. D. Register the Schmmgmt.dll. Start the Active Directory Schema snap-in.
8. Your company has an Active Directory domain. A user attempts to log on to a computer that was turned off for twelve weeks. The administrator receives an error message that authentication has failed. You need to ensure that the user is able to log on to the computer. What should you do? A. Run the netsh command with the set and machine options. B. Reset the computer account. Disjoin the computer from the domain, and then rejoin the
computer to the domain. C. Run the netdom TRUST /reset command. D. Run the Active Directory Users and Computers console to disable, and then enable the
computer account.
9. You network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. You need to reset the Directory Services Restore Mode (DSRM) password on a domain controller. What tool should you use? A. Active Directory Users and Computers snap-in B. ntdsutil C. Local Users and Groups snap-in D. Dsmod
10. Your company has a main office and a branch office. You deploy a read-only domain controller (RODC) that runs Microsoft Windows Server 2008 to the branch office. You need to ensure that users at the branch office are able to log on to the domain by using the RODC.
What should you do? A. Add another RODC to the branch office. B. Configure a new bridgehead server in the main office. C. Decrease the replication interval for all connection objects by using the Active Directory
Sites and Services console. D. Configure the Password Replication Policy on the RODC.
IT6218 T1 2011 Final exam Page 4 of 8
11. Your company has an Active Directory domain that runs Windows Server 2008 R2. The Sales OU contains an OU for Computers, an OU for Groups, and an OU for Users. You perform nightly backups. An administrator deletes the Groups OU. You need to restore the Groups OU without affecting users and computers in the Sales OU. What should you do? A. Perform an authoritative restore of the Sales OU. B. Perform a non-authoritative restore of the Sales OU. C. Perform an authoritative restore of the Groups OU. D. Perform a non-authoritative restore of the Groups OU.
12. Your company has two Active Directory forests named Auckland.com and NorthShore.com. Both forests run only domain controllers that run Windows Server 2008. The domain functional level of Auckland.com is Windows Server 2008. The domain functional level of Northshore.com is Windows Server 2003 Native mode.
You configure an external trust between Auckland.com and NorthShore.com. You need to enable the Kerberos AES encryption option. What should you do? A. Raise the forest functional level of NorthShore.com to Windows Server 2008. B. Raise the domain functional level of NorthShore.com to Windows Server 2008. C. Raise the forest functional level of Auckland.com to Windows Server 2008. D. Create a new forest trust and enable forest-wide authentication.
13. You work as a Network Administrator for Tech Perfect Inc. The company has an Active Directory based network. You have installed Windows Server 2008 on a computer. You want to configure the server as a Certificate Authority (CA). Which of the following utilities will you use to accomplish the task? A. Manage Your Server B. Configure Your Server C. Security Configuration Wizard D. Server Manager
14. Which of the following is an administrative benefit of using Group Policy?
A. Administrators have control over centralized configuration of user settings, application
installation, and desktop configuration.
B. Problems due to missing application files and other minor application errors often can be
alleviated by the automation of application repairs.
C. Centralized backup of user files eliminates the need and cost of trying to recover files
from a damaged drive.
D. All of the above
15. You are the network administrator for organization. Your organization has three subnets controlled by two multi-homed Windows Server 2008 servers. You have discovered that Subnet-A is sending ICMP traffic to Subnet-C. You want to stop the ICMP traffic from being sent to the other subnet. What do you need to set up? A. Traffic filters B. Traffic rules
C. Traffic denials D. Traffic relays
IT6218 T1 2011 Final exam Page 5 of 8
Section B: Short answers (40 marks)
Answer all questions. Each question is worth 4 marks.
1. You work as the network administrator at Auckland.com. The Auckland.com network has a domain named Auckland.com. All servers on the Auckland.com network run Windows Server 2008 and all client computers run Windows 7. The Auckland.com network contains a file server named AKL-SR007 used by all Auckland.com users to store their information.
In order to manage the server space you decide to configure quotas on AKL-SR007. What action should you take to display the quota usage of all users?
2. Your company has an Active Directory domain. A user attempts to log on to the domain from
a client computer and receives the following message: "This user account has expired. Ask your administrator to reactivate the account." You need to ensure that the user is able to log on to the domain. What should you do?
3. You administer your company network, which consists of a single Active Directory domain. The network is not connected to the Internet. The network contains two Windows Server 2008 domain controllers, 10 Windows Server 2008 member servers, and 100 Windows 7 client computers. Server01 hosts a standard primary DNS zone for the Active Directory domain.
You must ensure that if a DNS client queries Server01 for external name resolution, Server01 will not attempt to contact DNS servers outside the corporate network. What should you do?
4. You work as the network administrator at WhitireiaNZ.com. The WhitireiaNZ.com network has
a domain named WhitireiaNZ.com. All servers on the WhitireiaNZ.com network run Windows
Server 2008 and all client computers run Windows 7. Your manager asks you to move a user
from the Auckland OU to the Wellington OU. In order to perform the task, which command
can you use?
5. You install the File Server role on a Windows Server 2008 member server named RES01 You create a shared folder named CAD_docs that will be accessible to members of the Engineers domain global group. Members of Engineers need to be able to read and write files in the folder but must not be granted too much privilege to the folder. What action should you perform? In other word, which permission level should be granted to the Engineers group?
IT6218 T1 2011 Final exam Page 6 of 8
6. You work as the network administrator at Homer.com. The Homer.com network has a domain named homer.com. All servers on the Homer.com network run Windows Server 2008 and all client computers run Windows Vista. The Homer.com network contains file server named HOMER-SR007. HOMER-SR007 contains a shared folder that is used by all users to store data. Due to the critical nature of the data, you do not want to deny users the ability to store data on the shared folder when it surpasses the 1 GB data storage limit.
What action should you take to be notified whenever a user exceeds the storage limit in the
shared folder?
7. Your organization consists of an Active Directory domain in which all servers run Windows Server 2008 and all client computers are laptops that run Windows Vista with Service Pack 1. You need to configure TCP/IP on the laptops such that users are able to seamlessly connect to both the corporate network, which uses static IP addressing, and their own home networks, which use dynamic IP addressing. What action should you perform?
8. You have upgraded the hardware of DNS servers in your Windows Server 2008 network. You
also added two new domain controllers to the domain. All client computers use DHCP. Users are not able to logon to domain after the upgrade of DNS servers. What should you do to ensure that users are able to log on to the domain?
9. You are an administrator at WhitireiaNZ Research. The WhitireiaNZ Research forest consists
of three domains, each of which includes two domain controllers running Windows Server
2003. You want to upgrade one of the domain controllers to Windows Server 2008. What
must you do first?
10. You are an Enterprise administrator for AUCKLAND.com. The corporate network of the company consists of a single Active Directory domain. All computers are members of the Active Directory domain. All the servers on the corporate network run Windows Server 2008. The network consists of a DHCP server, called AKLDHCP1 that has two network connections named LAN1 and LAN2.
Which of the following options would you choose to prevent the AKLDHCP1 from responding to DHCP client requests on LAN2 while allowing it to continue to respond to non-DHCP-client requests on LAN2?
IT6218 T1 2011 Final exam Page 7 of 8
Section C: Scenario-based Questions (30 marks)
Attempt all four questions. The highest 3 will be considered. Each question is
worth 10 marks.
1. Case Scenario: Working with IPv4 Address Blocks
You work as a network administrator for a company with 500 employees. Your company currently
uses a total of 11 public IP addresses for its public servers and routers, all of which are hosted on the
perimeter network on the company premises.
(A) What is the smallest size address block that can support the servers and routers in your
perimeter network? (Express the network size in slash notation and dotted-decimal notation.)
(B) You have decided to deploy 5 new servers in the perimeter network and assign them each a
public IP address. If your provider sells addresses in blocks only, what size block should you
request to enable you to host all your public servers on a single subnet? Express the size of
the network with a subnet mask in both slash and dotted-decimal notation.
(C) What is the maximum number of servers or routers you could deploy in this new address
block?
Note: A perimeter network, also known as demilitarised zone, or DMZ, and screened subnet) is a
small network that is setup separately from an organization’s private network and the Internet. The
perimeter network allows external user’s access to the specific servers located in the perimeter
network while preventing access to the internal corporate network.
2. Case Scenario: Deploying a Windows Server
(A) You work as a system administrator for a company named WhitireiaNZ.com. WhitireiaNZ.com has five Windows Server 2008 servers all are operating as domain controllers. Your DNS servers are all currently running as primary DNS zones. A DNS strategy which allows all DNS servers to hold the same database will need to be set up and your company necessitates that you use secure DNS dynamic updates for every client. What type of DNS strategy should you implement?
(B) Your network consists of an Active Directory forest that contains one domain named WhitireiaNZ.com. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You have two Active Directory-integrated zones: WhitireiaNZ.com and AucklandCampus.com.
You need to ensure a user is able to modify records in the WhitireiaNZ.com zone. You must prevent the user from modifying the SOA record in the AucklandCampus.com zone. What should you do?
IT6218 T1 2011 Final exam Page 8 of 8
(C) ABC.com has a domain controller that runs Windows Server 2008 R2. It is configured as a DNS server. You need to record all inbound DNS queries to the server. What should you configure in the DNS Manager Console?
3. Case Scenario: Implementing a Group Policy Object
You work as a network administrator at Henderson.com. The Henderson.com network has a domain named henderson.com. All servers on the Henderson.com network run Windows Server 2008. The Henderson.com network has organizational units (OU's) named Sales, Marketing and Admin. The Sales OU contains a file server named Henderson-SR007 that hosts a shared folder named SalesDocs that contains sensitive customer information. What actions should you take to track access to the SalesDocs folder? 4. Case Scenario: Creating User Accounts & Delegating Administrative Task
(A) You work as a network administrator for a company with 500 employees. There are 10 people
in the Marketing Department. The people from Marketing Department want to designate one
of them to be able to reset passwords. What should you do in order to make one member of
the users in this department as a password reset administrator?
(B) Your organization has one Active Directory domain in the Active Directory forest. You are responsible for creating accounts for all users in your domain. Your company just bought another company with 5000 user accounts, and you are required to create their new user accounts without using a third-party tool. Which command should be used to achieve this?