Pass4Test est un seul site web qui peut offrir toutes les documentations de test Microsoft 70-291. Ce ne sera pas un problème à réussir le test Microsoft 70-291 si vous préparez le test avec notre guide d'étude.
Les produits de Pass4Test sont recherchés par les experts de Pass4Test qui se profitent de leurs connaissances et leurs expériences dans l'Idustrie IT. Si vous allez participer le test Microsoft 70-291, vous devez choisir Pass4Test. La Q&A de Pass4Test peut vous aider à préparer mieux le test Microsoft 70-291 avec sa grande couiverture des questions. En face d'un test très difficile, vous pouvez obtenir le Certificat Microsoft 70-291 sans aucune doute.
Pass4Test vous permet à réussir le test Certification sans beaucoup d'argents et de temps dépensés. La Q&A Microsoft 70-291 est recherchée par Pass4Test selon les résumés de test réel auparavant, laquelle est bien liée avec le test réel.
Le suucès n'est pas loin de vous une fois que vous choisissez le produit de Q&A Microsoft 70-291 de Pass4Test.
Code d'Examen: 70-291
Nom d'Examen: Microsoft (Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure)
Questions et réponses: 260 Q&As
Le produit de Pass4Test est réputée par une bonne qualité et fiabilité. Vous pouvez télécharger le démo grantuit pour prendre un essai, nons avons la confiance que vous seriez satisfait. Vous n'aurez plus de raison à s'hésiter en face d'un aussi bon produit. Ajoutez notre Q&A au panier, vous aurez une meilleure préparation avant le test.
70-291 Démo gratuit à télécharger: http://www.pass4test.fr/70-291.html
NO.1 You are the network administrator for your company.The network consists of a single Active Directory
domain.
The domain contains an organizational unit (OU) named Webservers.The Webservers OU contains the
computer accounts of 12 Windows Server 2003 computers that function as intranet Web servers.A Group
Policy object (GPO) named WebserversPolicy is linked to the Webservers OU.The GPO is used to
configure various settings on
the computers in the OU.A global group named WebserverAdmins is a member of the Administrators local
group on each intranet Web server.
You plan to install a security scanning application on each intranet Web server.The documentation for the
application states that it uses a service account, which must be able to modify the
HKEY_LOCAL_MACHINE\SYSTEM key in the registry of every computer on which the application is
installed.
You create the service account in the domain.The company's written security policy states that service
accounts must be assigned only the minimum rights and permissions that they require to function.
You need to configure the intranet Web servers so that they comply with the installation requirements of
the security scanning application.You also need to comply with the company's security policy.You want to
achieve this goal by using the minimum amount of administrative effort.
What should you do?
A.Add the service account to the WebserverAdmins global group.
B.Configure the required permissions as registry security settings in the WebserversPolicy GPO.
C.Run the regedit.exe command to add the required permissions to the registry of each intranet Web
server.
D.Run the explorer.exe command to modify NTFS permissions on the
Systemroot\System32\Config\System
file.Assign the service account the Allow - Change permission.
E.Configure file system security settings in the WebserversPolicy GPO to modify NTFS permissions on
the
Systemroot\System32\Config\System file.Assign the service account the Allow - Change permission.
Answer: D
Microsoft 70-291 examen 70-291 70-291
NO.2 You are the network administrator for your company.The network consists of a single Active Directory
domain.The functional level of the domain is Windows Server 2003. All client computers in the domain run
Windows XP Professional.
An application named Inventory.exe is installed on all computers in the domain to remotely gather
software inventory information.The application runs as a service in the security context of the Local
System.The startup type of the service is set to Automatic.
In the Default Domain Policy Group Policy object (GPO), the security administrator has configured a
software restriction policy that is applied to all computers in the domain.The policy contains a hash rule for
the
Inventory.exe application, and the hash rule is configured with a security level of Unrestricted.
The client computers on the network are attacked by a worm that is distributed by e-mail messages
received over the Internet.The worm detects the presence of Inventory.exe on a computer, then starts a
new instance of the application in the security context of the logged-on user.The worm exploits a bug in
the application to cause the
computer to fail.
You need to ensure that Inventory.exe cannot be started by the worm, while still allowing the application to
run as a service.
What should you do?
A.In the computer settings section of the Default Domain Policy GPO, configure a software restriction
policy that contains a zone rule for the Internet zone.Configure the zone rule with a security level of
Disallowed.
B.In the user settings section of the Default Domain Policy GPO, configure a software restriction policy
that contains a zone rule for the Internet zone.Configure the zone rule with a security level of Disallowed.
C.In the user settings section of the Default Domain Policy GPO, configure a software restriction policy
that
contains a hash rule for the Inventory.exe application.Configure the hash rule with a security level of
Disallowed.
D.In the computer settings section of the Default Domain Policy GPO, modify the existing software
restriction policy hash rule for the Inventory.exe application so that the hash rule has a security level of
Disallowed.
Answer: D
Microsoft examen certification 70-291 certification 70-291
NO.3 131.107.11.0/24
NO.4 You are a network administrator for A.Datum Corporation.The network consists of a single Active
Directory domain named adatum.net.
Users regularly browse the internal network and the Internet from their client computers.All Web and
e-mail hosting for a separate DNS domain named adatum.com is outsourced to an ISP.All name
resolution requests for adatum.com are resolved by the ISP.You have no administrative control over the
DNS servers at the ISP.You
cannot list the contents of adatum.com by using the nslookup command on the DNS servers at the ISP.
A Windows Server 2003 computer named Server1 is configured with a primary zone for adatum.net.All
root hints have been removed from Server1. All client computers refer to this DNS server for name
resolution.
You need to configure DNS resolution to ensure that all client computers can locate and access resources
in adatum.net, adatum.com, and the Internet.
What should you do?
A.Configure a secondary zone for adatum.com on Server1.
B.Configure a primary zone for adatum.com on Server1.
C.Configure conditional forwarding for adatum.com with the IP address of the DNS server at the ISP.
D.Configure simple forwarding with the default settings with the IP address of the DNS server at the ISP.
Answer: D
Microsoft 70-291 certification 70-291 70-291
NO.5 You are the network administrator for your company.The network consists of a single Active Directory
domain.The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional
computers; and 2,000 Windows 2000 Professional computers.
Windows Server Update Services (WSUS) is installed on a server named Server1. The necessary Group
Policy object (GPO) is configured.
You need to confirm whether all computers in the domain have received all approved updates from
Server1.
What should you do on Server1?
A.Install and configure Urlscan.exe.
B.At the command prompt, type gpresult /scope COMPUTER.
C.Open the WSUS console.Run the Status of Computers report.
D.Open the WSUS console.Run the Synchronization Results report.
Answer: C
certification Microsoft certification 70-291 certification 70-291 certification 70-291 70-291
NO.6 Active Screen
You are the network administrator for your company.The network consists of a single Active Directory
domain.The relevant portion of the network is shown in the exhibit.(Click the Exhibit button.)
You need to configure a server named Server1 to use a valid static IP configuration.You need to enable
Server1 to
communicate with all hosts on the network and on the Internet.You want Server1 to query the DNS server
on the local subnet for name resolution.You also want to configure redundancy for name resolution.
What should you do?
To answer, configure the correct options in the dialog box.Drag the appropriate IP address or addresses
and the appropriate subnet mask or masks to the appropriate location or locations in the dialog box.
Answer:
NO.7 You are the administrator of a Windows Server 2003 computer named Server1. Server1 is a domain
member server that has the DNS service installed.
Server1 is configured with two network interfaces named NIC1 and NIC2. Routing is not enabled between
the two network interfaces.NIC1 and NIC2 are configured as shown in the following table.
Resources on the preproduction network segment use the same fully qualified domain names (FQDNs)
as resources in the production network.The TCP/IP properties on client computers in the preproduction
environment are controlled by individual testers.
You need to ensure that the users in the preproduction environment cannot resolve FQDNs from the
production network.You want to accomplish this goal by using the DNS console on Server1.
What should you do?
A.Configure the interfaces properties on Server1 to listen on 192.168.2.10 only.
B.Configure the forwarders on Server1 to refer requests to 192.168.3.2.
C.Configure Server1 to disable recursion.
D.Configure Server1 to disable round robin.
Answer: A
Microsoft 70-291 examen 70-291 certification 70-291
NO.8 You are the network administrator for your company.The network consists of a single Active Directory
domain.All servers run Windows Server 2003. All client computers run Windows XP Professional.
You need to implement a new software update infrastructure.You discover that security patches, critical
updates, and service packs have never been installed on any client computer on the network.
You install Windows Server Update Services (WSUS) on a Windows Server 2003 computer named
Server5. You synchronize and approve all of the current security patches, critical updates, and service
packs.
You need to ensure that all client computers receive all Microsoft security patches, critical updates, and
service packs.
Which two actions should you perform? (Each correct answer presents part of the solution.Choose two.)
A.Open the WSUS console.Select the option to automatically approve WSUS updates.
B.Install the Automatic Updates client on all client computers.
C.Modify the Microsoft Update settings of the Default Domain Controller organizational unit (OU) Group
Policy object (GPO) to point client computers to http ://server5.
D.Modify the Microsoft Update settings of the Default Domain Policy Group Policy object (GPO) to point
client computers to http: //server5.
E.Open the WSUS console.Create a target group and assign all client computers to the group.
Answer: B D
Microsoft 70-291 certification 70-291 70-291 examen
NO.9 Drag and Drop
You are the network administrator for Contoso, Ltd.The network consists of a single Active Directory
forest.The
forest contains two domains named contoso.com and corp.contoso.com.The functional level of the forest
and the two domains is Windows Server 2003.
The corp.contoso.com zone is configured as an Active Directory-integrated zone.The corp.contoso.com
zone is also configured to replicate to all domain controllers in the domain.
The servers are configured as shown in the following table.
You plan to remove Server1 from the network.You need to install DNS to host the corp.contoso.com
zone.Your solution must be fault-tolerant.
On which server or servers should you install DNS?
To answer, drag the DNS service to the correct server or servers in the work area.
Answer:
NO.10 You are the network administrator for your company.The network consists of a single Active Directory
domain.All servers run Windows Server 2003. All client computers run Windows XP Professional.
You install Windows Server Update Services (WSUS) on a network server named Server1. When you
attempt to synchronize Server1 with the Windows Update servers, you receive an error message.You
open Internet Explorer and verify that you can communicate with an external Web site by using the proxy
server.
You need to ensure that Server1 can communicate with the Windows Update servers.
What should you do on Server1?
A.Restart the IIS administration tool.
B.Configure the Internet Explorer settings to bypass the proxy server.
C.In the WSUS options, configure authentication to the proxy server.
D.Install the ISA Firewall Client.
Answer: C
certification Microsoft 70-291 70-291 70-291 examen
NO.11 You are a network administrator for Alpine Ski House.The network consists of a single Active Directory
domain named alpineskihouse.com.
Your company acquires a company named Adventure Works.The Adventure Works network consists of a
single
Active Directory domain named adventure-works.com.
A server named Server32 is a network-management application server in the adventure-works.com
domain.Server32 accesses all of the desktop client computers to perform automated software upgrades
and hardware inventory.The network-management software on Server32 references desktop computers
by unqualified
host names, which are resolved to clientname.adventure-works.com by using a DNS server.
You join Server32 to your domain to become server32.alpineskihouse.com.The Server32 IP address is
10.10.10.90.
You are gradually migrating all adventure-works.com desktop client computers to your domain to become
clientname.alpineskihouse.com.You do not have access to the adventure-works.com DNS server.When
Server32 attempts to apply an update to the client computers, the network-management software returns
many alerts that say that desktop computers cannot be found.
You want to allow the network-management software on Server32 to resolve unqualified client computer
host
ames in adventure-works.com or alpineskihouse.com, and you want to use the minimum amount of
administrative effort.
What should you do?
A.On the DNS server for alpineskihouse.com, add a zone for adventure-works.com.Create a host (A)
record for server32.adventure-works.com that points to 10.10.10.90.
B.On Server32, in System Properties, type adventure-works.com in the Primary DNS suffix of this
computer field in the DNS Suffix and Netbios Computer Name setting.
C.On Server32, configure a Hosts file that contains the name and IP address of every network computer.
D.On Server32, in Advanced TCP/IP Settings, add adventure-works.com and alpineskihouse.com to the
Append these DNS suffixes (in order) setting.
Answer: D
certification Microsoft 70-291 examen certification 70-291 70-291
NO.12 You are the network administrator for your company.The network contains a Windows Server 2003
computer named Server1.
Three administrators are members of the Administrators local group on Server1. Twelve other
administrators are members of the Domain Admins group.The Domain Admins group is also a member of
the Administrators local group on Server1.
Someone makes an unauthorized change to the HKEY_LOCAL_MACHINE\SYSTEM key in the registry
on
Server1, which causes the computer to fail.You fix the problem.
You need to log all attempts to access the HKEY_LOCAL_MACHINE\SYSTEM key in the registry on
Server1.
You decide to enable auditing in the local security policy on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution.Choose two.)
A.Enable auditing in the local security policy on Server1. Select the Audit object access (success and
failure) option in the audit policy.
B.Enable auditing in the local security policy on Server1. Select the Audit privilege use (success and
failure) option in the audit policy.
C.Enable auditing in the local security policy on Server1. Select the Audit system events (success and
failure) option in the audit policy.
D.Configure the SACL on the HKEY_LOCAL_MACHINE\SYSTEM key in the registry.Specify auditing of
the Full Control permission for Everyone.
E.Configure the SACL on the HKEY_LOCAL_MACHINE\SYSTEM key in the registry.Specify auditing of
the Set Value permission for Everyone.
Answer: D A
certification Microsoft 70-291 70-291 examen
NO.13 Drag and Drop
You are a network administrator for the Graphic Design Institute.The network contains five Windows
Server 2003 computers that also function as DNS servers.The servers are configured as shown in the
work area.
The Lagos and Nairobi branches of the school each have five Windows XP Professional client
computers.The
Tangier branch has 5,000 Windows XP Professional client computers, and the Cape Town branch has
2,500
Windows XP Professional client computers.
Server1 is located in the school's main office in Cairo.Server1 is the authoritative server for a zone named
TestInside.com.No changes are planned for the name server (NS) resource records for TestInside.com.
The DNS servers in the Nairobi and Lagos branches are multiuse servers that are configured with the
minimum hardware necessary to run Windows Server 2003. The DNS servers in the Cape Town and
Tangier branches are configured as dedicated servers with hardware that is sufficient to sustain multiple
DNS zones.
You need to ensure that the following requirements are met:
Each client computer can resolve names on the network as quickly as possible by using a fully qualified
domain name (FQDN).
Prevent zone replication traffic from occurring on the slow network connections.
Minimize hard disk utilization on the DNS servers in the Lagos and Nairobi branches as much as possible.
Ensure that DNS queries in Tangier and Cape Town are resolved locally.
How should you configure the remote DNS servers?
To answer, drag the appropriate server configuration to the correct server or servers in the work area.
Answer:
NO.14 131.107.12.0/23
NO.15 131.107.10.0/24
NO.16 131.107.12.0/24
Answer
:
2.You are the network administrator for your company.All servers run Windows Server 2003. All servers
are configured with static IP addresses.All client computers run Windows XP Professional.All client
computers are configured as DHCP clients.
The company has a main office and one branch office.The offices are separated by a router.A DHCP
server is deployed in each office.
One of the DHCP servers shuts down unexpectedly.It takes four hours to repair the server.During that
time, several mobile users connect their portable computers to the network and report that they cannot
connect to shared resources on the network.
After the server is repaired, you create a new scope on each DHCP server that includes IP addresses for
the other office.You activate the scopes.
You test the new DHCP configuration by shutting down the DHCP server in the main office.You find out
that the client computers in the main office are not receiving IP addresses from the DHCP server in the
branch office. You need to ensure that when the DHCP server in one office fails, the client computers will
receive a correct IP
address configuration from the DHCP server in the other office.
What are two possible ways to achieve this goal? (Each correct answer presents a complete
solution.Choose two.)
A.Configure the router between the offices to forward BOOTP broadcasts.
B.Configure the DHCP server in each office with a DHCP scope that includes the same IP addresses as
the DHCP server in the other office.Activate the scope.
C.Configure the DHCP server in each office with an additional network adapter.Connect each new
network adapter to the local network.Assign an IP address from the other office's network to each new
network adapter.
D.Install and configure a DHCP relay agent in each office.
Answer: DA
Microsoft certification 70-291 70-291 70-291 examen
3.You are the network administrator for your company.The network consists of a single Active Directory
domain.All servers run Windows Server 2003.
The network contains a Web server named Server1 that runs IIS 6.0 and hosts a secure Web site.The
Web site is accessible from the intranet, as well as from the Internet.All users must authenticate when
they connect to Server1.
All users on the Internet must use a secure protocol to connect to the Web site.Users on the intranet do
not need to use a secure protocol.
You need verify that all users are using a secure protocol to connect to Server1 from the Internet.
What are two possible ways to achieve this goal? (Each correct answer presents a complete
solution.Choose two.)
A.Monitor the events in the application log on Server1.
B.Monitor the events in the security log on Server1.
C.Monitor the Web server connections on Server1 by using a performance log.
D.Monitor network traffic to Server1 by using Network Monitor.
E.Monitor the IIS logs on Server1.
Answer: ED
Microsoft 70-291 70-291 70-291 70-291 70-291
4.You are the administrator of an Active Directory domain.All servers run Windows Server 2003. All client
computers run Windows XP Professional.All computers are members of the domain.
The Secure Server (Require Security) IPSec policy is assigned to a file server named Server6. The policy
is configured as shown in the exhibit.(Click the Exhibit button.)
Users report that they cannot access shared folders on Server6. Users were able to access shared
folders on
Server6 prior to the implementation of the IPSec policy.
You need to ensure that all client computers in the domain can access the shared folders on Server6. You
must ensure that all communications between client computers and Server6 be encrypted.
What should you do?
A.On Server6, enable the All ICMP Traffic IP Security rule in the properties of the Secure Server (Require
Security) IPSec policy.
B.On Server6, enable the <Dynamic> IP Security rule in the properties of the Secure Server (Require
Security)
IPSec policy.
C.On all client computers, assign the Client (Respond Only) IPSec policy.
D.On all client computers, install an IPSec communication certificate in the local machine store.
Answer: C
Microsoft examen 70-291 70-291 examen
5.You are a network administrator for your company.The network consists of a single Active Directory
domain.All servers run Windows Server 2003.
The company has a main office and one branch office.The perimeter networks for each office are
configured as shown in the exhibit.(Click the Exhibit button.)
You configure an L2TP/IPSec VPN tunnel between Server1 and Server2. You also configure and assign
an IPSec
policy named RASIPSec that requires secure communications.
You need to ensure that no unsecured traffic from the Internet reaches the internal network through this
VPN.You
also need to ensure that access to the VPN servers from their respective internal networks is not
disrupted. What should you do?
A.Configure input and output L2TP/IPSec packet filters on the internal interfaces of Server1 and Server2.
B.Configure input and output L2TP/IPSec packet filters on the external interfaces of Server1 and Server2.
C.In the properties of RASIPSec, edit the All IP Traffic IP Filter list to include the IP addresses for only
Server1 and Server2.
D.In the properties of RASIPSec, edit the All ICMP Traffic IP Filter list to include the IP addresses for only
Server1 and Server2.
Answer: B
Microsoft 70-291 certification 70-291 70-291 examen 70-291 examen
6.You are the administrator of an Active Directory domain.The network contains a Windows Server 2003
domain controller named Server1.
Users report that they experience intermittent delays when they log on to Server1. Administrators report
that replication attempts between Server1 and other domain controllers are occasionally delayed.
You need to verify the cause of the intermittent connection delays to Server1. You also need to find out
whether the problem is related to a hardware deficiency on Server1. You need to track these delays over
a period of one day.
What should you do first?
A.Run the netdiag /verbose command to perform a network diagnostic test on Server1.
B.Run the replmon command to view the Active Directory replication status on Server1.
C.Use Network Monitor to view the network traffic packet contents between Server1 and all other
computers.
D.Create a System Monitor counter to track the queue lengths on the network adapter on Server1.
Answer: D
Microsoft examen 70-291 examen certification 70-291 certification 70-291 70-291 examen
NO.17 You are the administrator of a Windows Server 2003 computer named Server1. Server1 has a
third-party application installed on it.The third-party application runs as a service that is named Service1.
Service1 fails periodically.
You need to configure the recovery options for Service1 to meet the following requirements:
If Service1 runs successfully for a day or more, you need to ensure that only the service is immediately
restarted upon failure.
If, after this failure, Service1 does not run successfully for another day, you must ensure the entire server
is immediately restarted.
Which three actions should you perform? (Each correct answer presents part of the solution.Choose
three.)
A.Configure the Reset fail count after value for Service1 to 1 day.
B.Configure the Restart service after value for Service1 to 1,440 minutes.
C.Configure the response to the first failure to be to restart Service1.
D.Configure the response to the first failure to be to restart Server1.
E.Configure the response to the second failure to be to restart Service1.
F.Configure the response to the second failure to be to restart Server1.
Answer: FCA
certification Microsoft 70-291 70-291 examen 70-291
NO.18 You are the network administrator for your company.The network consists of a single subnet.A
Windows
Server 2003 computer named Server1 functions as a DHCP server.
Server1 leases IP addresses in the 10.1.1.0/24 range to desktop client computers.There are 12 client
reservations for other servers and network printers.You have configured several detailed scope and
server options. If Server1 fails, you want to have a contingency plan that will allow you to use a domain
controller named DC2 as a DHCP server as quickly as possible.You install DHCP on DC2 without any
configuration and stop the DHCP
Server service.
You want to list the tasks that are required to back up Server1 and the tasks that are required to restore
the backup to DC2. A backup age of 24 hours or less is acceptable.
If Server1 fails, which set of tasks is required to enable DC2 to replace Server1 as the DHCP server?
A.On Server1: Schedule the Backup utility to back up the System State data to tape every 24 hours.
On DC2: Perform a non-authoritative System State restore.Using the Services console, start the DHCP
Server
service.Authorize DHCP.Reconcile the database.
B.On Server1: Use the Backup utility to schedule a tape backup of the DHCP database every 24 hours.
On DC2: Restore the tape backup of the DHCP database to a folder.Using the DHCP console, restore the
backup from the same folder.From the command prompt, type net start dhcpserver.Authorize DHCP.
C.On Server1: Schedule the Backup utility to back up the System State data to tape every 24 hours.
On DC2: Perform an authoritative System State restore.Manually re-create the server and scope options
that were on Server1. From a command prompt, type net start dhcpserver.Authorize DHCP.
D.On Server1: Use the DHCP console to perform a DHCP backup every 24 hours.Copy the backup on a
network share that is accessible by DC2.
On DC2: Copy the backup to a local folder.Using the DHCP console, restore the backup from the local
folder.From a command line, type net start dhcp.Authorize DHCP.Re-create the 12 client reservations.
Answer: B
Microsoft examen 70-291 certification 70-291 70-291 examen
NO.19 131.107.11.0/23
NO.20 Drag drop
You are the network administrator for a Web hosting company.All servers run Windows Server 2003. All
client computers run Windows XP Professional.
Your company is assigned the following IP address ranges by the ISP:
>131.107.10.0 through 131.107.10.255
>131.107.11.0 through 131.107.11.255
The company's data center contains 400 Windows Server 2003 computers and consists of two subnets
named subnet A and subnet B.Subnet A contains 200 servers and uses the 131.107.10.0 network
address.Subnet B also contains 200 servers and uses the 131.107.11.0 network address.All server IP
addresses are assigned by DHCP.All computers in the data center have valid Internet-accessible IP
addresses.
As a result of a corporate acquisition, 200 additional servers will be added to your company's data center
within one month.The new servers will be placed on the network segment that maps to subnet A.The
existing router does not have the capacity for an additional subnet, and the budget does not allow the
purchase of a new router.You will
need to add the additional servers to the existing subnet A.The ISP assigns you the additional IP address
range 131.107.12.0 through 131.107.12.255.
You need to change the IP addressing scheme to accommodate all required servers in subnet A and
subnet B.You are authorized to make any necessary changes.
The diagram in the work area shows the network configuration and the planned number of servers for
each subnet.
Which IP address should be assigned to each subnet?
To answer, drag the appropriate IP address or addresses to the correct locations in the work area.
IP address IP Addresses
1> 131.107.10.0/23
La grande couverture, la bonne qualité et la haute précision permettent le Pass4Test à avancer les autre sites web. Donc le Pass4Test est le meilleur choix et aussi l'assurance pour le succès de test Microsoft 70-291.
没有评论:
发表评论