Thư viện tri thức trực tuyến
Kho tài liệu với 50,000+ tài liệu học thuật
© 2023 Siêu thị PDF - Kho tài liệu học thuật hàng đầu Việt Nam
Planning, Implementing and maintaining a Microsoft Windows server 2003 active directory Infrastructure
Nội dung xem thử
Mô tả chi tiết
70-294
Planning, Implementing, and Maintaining
a Microsoft Windows Server 2003 Active Directory Infrastructure
Version 25.0
70 - 294
Leading the way in IT testing and certification tools, www.testking.com
- 2 -
Important Note, Please Read Carefully
Study Tips
This product will provide you questions and answers along with detailed explanations carefully compiled and
written by our experts. Try to understand the concepts behind the questions instead of cramming the questions.
Go through the entire document at least twice so that you make sure that you are not missing anything.
Further Material
For this test TestKing also provides:
* Online Testing. Practice the questions in an exam environment.
Check out an Online Testing Demo at http://www.testking.com/index.cfm?pageid=724
* Study Guide (Concepts and Labs).
Latest Version
We are constantly reviewing our products. New material is added and old material is revised. Free updates are
available for 90 days after the purchase. You should check your member zone at TestKing an update 3-4 days
before the scheduled exam date.
Here is the procedure to get the latest version:
1. Go to www.testking.com
2. Click on Member zone/Log in
3. The latest versions of all purchased products are downloadable from here. Just click the links.
For most updates, it is enough just to print the new questions at the end of the new version, not the whole
document.
Feedback
Feedback on specific questions should be send to [email protected]. You should state: Exam number and
version, question number, and login ID.
Our experts will answer your mail promptly.
Copyright
Each pdf file contains a unique serial number associated with your particular name and contact information for
security purposes. So if we find out that a particular pdf file is being distributed by you, TestKing reserves the
right to take legal action against you according to the International Copyright Laws.
70 - 294
Leading the way in IT testing and certification tools, www.testking.com
- 3 -
Table of Contents
Topic 1: Planning and Implementing an Active Directory Infrastructure (74 Questions) ..................................... 5
Part 1: Plan a strategy for placing global catalog servers. ................................................................................ 5
A: Evaluate network traffic considerations when placing global catalog servers. (9 questions) ............... 5
B: Evaluate the need to enable universal group caching. (6 questions).................................................... 18
Part 2: Plan a flexible operations master role placement................................................................................ 27
A: Plan for business continuity of operations master roles. (3 questions)................................................ 27
B: Identify operations master role dependencies. (5 questions) ............................................................... 32
Part 3: Implement an Active Directory directory service forest and domain structure. ................................. 39
A: Create the forest root domain. (0 questions)........................................................................................ 39
B: Create a child domain. (1 question) ..................................................................................................... 39
C: Create and configure Application Data Partitions. (0 questions)......................................................... 40
D: Install and configure an Active Directory domain controller. (5 questions) ....................................... 40
E: Set an Active Directory forest and domain functional level. (9 questions) ......................................... 46
F: Establish trust relationships. Types of trust relationships might include external trusts, shortcut trusts,
and cross-forest trusts. (8 questions)................................................................................................... 65
Part 4: Implement an Active Directory site topology. .................................................................................... 75
A: Configure site links. (6 questions) ....................................................................................................... 75
B: Configure preferred bridgehead servers. (8 questions)........................................................................ 87
C. Configure Intersite Replication (4 questions) .................................................................................... 101
Part 5: Plan an administrative delegation strategy........................................................................................ 106
A: Plan an organizational unit (OU) structure based on delegation requirements. (8 questions)........... 106
B: Plan a security group hierarchy based on delegation requirements. (2 questions) ............................ 122
Topic 2: Managing and Maintaining an Active Directory Infrastructure (32 Questions) .................................. 128
Part 1: Manage an Active Directory forest and domain structure. ............................................................... 128
A: Manage trust relationships. (3 questions) .......................................................................................... 128
B: Manage schema modifications. (2 questions) .................................................................................... 133
C: Add or remove a UPN suffix. (2 questions)....................................................................................... 136
Part 2: Monitor Active Directory replication failures. Tools might include Replication Monitor, Event
Viewer, and support tools. ...................................................................................................................... 139
A: Monitor Active Directory replication. (1 question) ........................................................................... 139
B: Monitor File Replication service (FRS) replication. (0 questions).................................................... 140
Part 3: Restore Active Directory directory services. .................................................................................... 140
A: Perform an authoritative restore operation. (6 questions).................................................................. 140
B: Perform a nonauthoritative restore operation. (7 questions).............................................................. 147
Part 4: Troubleshoot Active Directory.......................................................................................................... 157
A: Diagnose and resolve issues related to Active Directory replication. (7 questions).......................... 158
B: Diagnose and resolve issues related to operations master role failure. (1 question).......................... 166
C: Diagnose and resolve issues related to the Active Directory database. (3 questions) ....................... 168
70 - 294
Leading the way in IT testing and certification tools, www.testking.com
- 4 -
Topic 3: Planning and Implementing User, Computer, and Group Strategies (23 Questions)........................... 172
Part 1: Plan a distribution group strategy. (1 question) ................................................................................ 172
Part 2: Plan a security group strategy. (6 questions)..................................................................................... 173
Part 3: Plan a user authentication strategy. ................................................................................................... 180
A: Plan a smart card authentication strategy. (3 questions).................................................................... 180
B: Create a password policy for domain users. (2 questions)................................................................. 184
Part 4: Plan an OU structure. ........................................................................................................................ 187
A: Analyze the administrative requirements for an OU. (0 questions)................................................... 187
B: Analyze the Group Policy requirements for an OU structure. (1 question)....................................... 187
Part 5: Implement an OU structure. .............................................................................................................. 188
A: Create an OU. (2 questions)............................................................................................................... 188
B: Delegate permissions for an OU to a user or to a security group. (6 questions)................................ 191
C: Move objects within an OU hierarchy. (2 questions) ........................................................................ 202
Topic 4: Planning and Implementing Group Policy (69 Questions)................................................................... 205
Part 1: Plan Group Policy strategy................................................................................................................ 205
A: Plan a Group Policy strategy by using Resultant Set of Policy (RSoP) Planning mode. (0 questions)
........................................................................................................................................................... 205
B: Plan a strategy for configuring the user environment by using Group Policy. (8 questions) ............ 205
C: Plan a strategy for configuring the computer environment by using Group Policy. (17 questions).. 216
Part 2: Configure the user environment by using Group Policy................................................................... 238
A: Distribute software by using Group Policy. (12 questions)............................................................... 238
B: Automatically enroll user certificates by using Group Policy. (2 questions) .................................... 254
C: Redirect folders by using Group Policy. (2 questions) ...................................................................... 256
D: Configure user security settings by using Group Policy. (10 questions)........................................... 258
Part 3: Deploy a computer environment by using Group Policy. ................................................................. 272
A: Distribute software applications by using Group Policy. (10 questions)........................................... 272
B: Automatically enroll computer certificates by using Group Policy. (1 question).............................. 290
C: Configure computer security settings by using Group Policy. (7 questions)..................................... 292
Topic 5: Managing and Maintaining Group Policy (24 Questions) ................................................................... 301
Part 1: Troubleshoot issues related to Group Policy application deployment. Tools might include RSoP and
the gpresult command. (7 questions) ...................................................................................................... 301
Part 2: Maintain installed software by using Group Policy. ......................................................................... 309
A: Distribute updates to software distributed by Group Policy. (4 questions) ....................................... 309
B: Configure automatic updates for network clients by using Group Policy. (4 questions) .................. 314
Part 3: Troubleshoot the application of Group Policy security settings. Tools might include RSoP and the
gpresult command. (9 questions) ............................................................................................................ 319
Topic 6: Miscellaneous Questions (13 Questions) ............................................................................................. 331
Total Number of Questions: 235
70 - 294
Leading the way in IT testing and certification tools, www.testking.com
- 5 -
Topic 1: Planning and Implementing an Active Directory Infrastructure (74
Questions)
Part 1: Plan a strategy for placing global catalog servers.
A: Evaluate network traffic considerations when placing global catalog servers. (9
questions)
QUESTION NO: 1
You are a network administrator for TestKing. The network consists of a single Active Directory forest
that contains three domains. The functional level of the forest and of all three domains is Windows Server
2003. TestKing has a main office and 30 branch offices. Each branch office is connected to the main office
by a 56-Kbps WAN connection.
You configure the main office and each branch office as a separate Active Directory site. You deploy a
Windows Server 2003 domain controller at the main office and at each branch office. Each domain
controller is configured as a DNS server.
You can log on to the network from client computers in the branch offices at any time. However, users in
the branch offices report that they cannot log on to the network during peak hours.
You need to allow users to log on to the network from branch office computers. You do not want to affect
the performance of the branch office domain controllers. You need to minimize Active Directory
replication traffic across the WAN connections.
What should you do?
A. Use Active Directory Sites and Services to enable universal group membership caching for each branch
office site.
B. Use the DNS console to configure the branch office DNS servers to forward requests to a DNS server in
the main office.
C. Use Active Directory Sites and Services to configure each branch office domain controller as a global
catalog server.
D. Use the DNS console to configure the branch office DNS servers to use an Active Directory-integrated
zone.
Answer: A
Explanation:
70 - 294
Leading the way in IT testing and certification tools, www.testking.com
- 6 -
When a user logs on to the network, the global catalog provides universal group membership information for
the account to the domain controller processing the user logon information. If a global catalog is not available
when a user initiates a network logon process, the user is able to log on only to the local computer unless the
site has been specifically configured to cache universal group membership lookups when processing user logon
attempts. In this scenario the domain controller must contact the global catalog server across a WAN link that is
saturated. Enabling universal group membership caching will overcome this problem.
Incorrect Answers:
B: When users log on, the requests are sent to the global catalog not he DNS server.
C: Configure each branch office domain controller as a global catalog server would result in increased
replication traffic. We want to avoid this.
D: An Active Directory-integrated zone is a DNS zone that is part of Active Directory and is part of Active
Directory replication. Making the DNS zone a part of Active Directory will not overcome logon latency and
will lead to an increase in replication traffic.
Reference:
MS Press: MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a
Microsoft Windows Server 2003 Active Directory Infrastructure, 2004, pp. 1-17 to 1-18, 5-41 to 5-43.
QUESTION NO: 2
You are the network administrator for TestKing.com. The network consists of a single Active Directory
domain named testking.com. The functional level of the domain is Windows Server 2003.
You configure two Active Directory sites named Testking1 and Testking2. Testking1 contains all of the
operations masters and two global catalog servers. Testking2 contains a domain controller named
Server1. You create a site link named SiteLink1 that includes Testking1 and Testking2.
You need to provide global catalog services locally in Testking2.
Which Active Directory component should you configure?
To answer, select the appropriate component in the work area.
70 - 294
Leading the way in IT testing and certification tools, www.testking.com
- 7 -
Answer: Select “NTDS Settings” under SERVER1.
Explanation:
The global catalog service is added or removed in the NTDS Settings Properties dialog box of the Active
Directory Sites and Services console.
Reference:
MS Press: MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a
Microsoft Windows Server 2003 Active Directory Infrastructure, 2004, pp. 5-41 to 5-45, 5-48 to 5-50.
Syngress Press, Planning, Implementing, and Maintaining a Windows Server 2003 Active Directory
Infrastructure Study Guide & DVD Training System, 2003, pp. 31, 543, 547, 550-552.
QUESTION NO: 3
You are a network administrator for TestKing. The network consists of two Active Directory domains.
All servers run Windows Server 2003. TestKing has offices in several cities as shown in the exhibit.
Each office is configured as an Active Directory site. There are global catalog servers in the Toronto and
Paris sites. You enable universal group membership caching for all other sites.
Users in your company use an application that is integrated with Active Directory. The application reads
data from the global catalog. Users report that during periods of peak activity, the application responds
slowly.
You need to improve the response time of the application.
What should you do?
A. Disable universal group membership caching in the Chicago, New York, Bonn, and Rome sites.
70 - 294
Leading the way in IT testing and certification tools, www.testking.com
- 8 -
B. Decrease the replication interval on the site links that connect the Chicago and New York sites to the
Toronto sites, and on the site links that connect the Bonn and Rome sites to the Paris site.
C. Configure global catalog servers in the Chicago, New York, Bonn, and Rome sites.
D. Perform an offline defragmentation of the Active Directory database on the domain controllers in the
Toronto and Paris sites.
Answer: C
Explanation:
The application reads data from the global catalog, however, there are Global Catalog servers only in Toronto
and Paris. Therefore, global catalog information must be accessed across the WAN links, which is where the
problem occurs. We need to add Global Catalog servers in the Chicago, New York, Bonn, and Rome sites.
Incorrect Answers:
A: Universal group membership caching is used for logon purposes. It is thus irrelevant to this scenario.
B: Decreasing the replication interval will not improve response times. The Chicago, New York, Bonn, and
Rome sites must still access the global catlog information across the WAN links.
D: Deframenting the Active Directory database will not improve response times significantly; the Chicago,
New York, Bonn, and Rome sites must still access the global catalod information across the WAN links.
Reference:
MS Press: MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a
Microsoft Windows Server 2003 Active Directory Infrastructure, 2004, pp. 1-17 to 1-18, 5-41 to 5-45, 5-48 to 5-
50.
Syngress Press, Planning, Implementing, and Maintaining a Windows Server 2003 Active Directory
Infrastructure Study Guide & DVD Training System, 2003, pp. 547, 550-552.
QUESTION NO: 4
You are the network administrator for TestKing.com. TestKing has offices in Chicago, New York and
Toronto. Each office employs 500 people.
The network consists of a single Active Directory forest with one domain in each office. Each domain
contains two domain controllers named Testking1 and Testking2. All domain controllers run Windows
Server 2003. Each office is configured as an Active Directory site. The domain structure is shown in the
exhibit.
70 - 294
Leading the way in IT testing and certification tools, www.testking.com
- 9 -
New York Toronto
The Windows Server 2003 computer named Testking1.testking.com holds all operations master roles for
its domain, and it holds both forest-level operations master roles. The Windows Server 2003 computer
named Testking1.sales.testking.com and Testking1.prod.testking.com hold all operations master roles for
their respective domains. WAN connectivity between the offices is unreliable.
You need to plan the placement of global catalog servers for the network. You need to ensure that each
user can log on in the event of the failure of a single domain controller and WAN connection. You need to
ensure that the consistency of universal group membership information remains intact.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two)
A. Configure both domain controllers in testking.com as global catalog servers.
70 - 294
Leading the way in IT testing and certification tools, www.testking.com
- 10 -
B. Configure only Testking1 in each domain as a global catalog server.
C. Configure only Testking2 in each domain as a global catalog server.
D. Enable universal group membership caching for each site.
E. Enable universal group membership caching for the Chicago office.
F. Enable universal group membership caching for the Toronto office and the New York office.
Answer: A, F
Explanation:
We could have global catalog server s in each site. This would ensure that users can log on in the event of a
WAN connection failure. However, we also need to ensure the consistency of universal group membership
information. Therefore, placing global catalog servers in the remote sites are not an option. Instead, we need to
enable universal group membership caching for both remote sites. For redundancy purposes, the main site must
have more than one global catalog.
Incorrect Answers:
B, C: For redundancy purposes, the main site must have more than one global catalog.
E: We need to enable universal group membership caching for both remote sites.
Reference:
MS Press: MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a
Microsoft Windows Server 2003 Active Directory Infrastructure, 2004, pp. 1-17 to 1-18, 5-41 to 5-45, 5-48 to 5-
50.
Syngress Press, Planning, Implementing, and Maintaining a Windows Server 2003 Active Directory
Infrastructure Study Guide & DVD Training System, 2003, pp. 31, 543, 547, 550-552.
QUESTION NO: 5
You are a network administrator for TestKing.com. The network consists of two Active Directory
domains. All servers run Windows Server 2003. TestKing has offices in New York and Rome. The two
offices are connected by a 128-Kbps WAN connection. Each office is configured as a single domain. Each
office is also configured as an Active Directory site.
TestKing stores printer location information in Active Directory. Users frequently perform searches of
Active Directory to find information on printers by selecting the Entire Directory option. Users in the
New York Office report that response time is unacceptably slow when searching for printers.
You need to improve the response time for users in the New York office.
What should you do?
70 - 294
Leading the way in IT testing and certification tools, www.testking.com
- 11 -
A. Place a domain controller for the Rome domain in the New York office.
B. Place a domain controller for the New York domain in the Rome office.
C. Enable universal group membership caching in the New York office.
D. Configure a global catalog server in the New York office.
Answer: D
Explanation:
The global catalog is the central repository of information about Active Directory objects in a tree or forest. The
domain controller that holds a copy of the global catalog is called a global catalog server. The global catalog
enables a user to log on to a network by providing universal group membership information to a domain
controller when a logon process is initiated, and enables finding directory information regardless of which
domain in the forest actually contains the data.
Incorrect Answers:
A: This would work but it is unnecessary. Replicating the entire Active Directory from the Rome office to the
New York office over the slow WAN link is a waste of resources. A global catalog server in the New York
office would suffice.
B: This won’t solve the problem at all.
C: Universal Group caching (as its name implies) caches information about universal groups. This scenario
involves searching for printers which is nothing to do with universal groups.
Reference:
MS Press: MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a
Microsoft Windows Server 2003 Active Directory Infrastructure, 2004, pp. 1-17 to 1-18, 5-41 to 5-45, 5-48 to 5-
50.
Syngress Press, Planning, Implementing, and Maintaining a Windows Server 2003 Active Directory
Infrastructure Study Guide & DVD Training System, 2003, pp. 31, 543, 547, 550-552.
QUESTION NO: 6
You are the network administrator for TestKing.com. The network consists of a single Active Directory
forest that contains a forest root domain named testking.com and a child domain named
child2.testking.com The functional level of the forest is Windows Server 2003.
The company uses universal groups to prevent temporary employees from accessing confidential
information on computers in the forest.
The child1.testking.com domain contains a Windows 2000 Server computer named TestKing1. TestKing1
runs an application that makes frequent LDAP queries to the global catalog. TestKing1 is located on a
70 - 294
Leading the way in IT testing and certification tools, www.testking.com
- 12 -
subnet associated with an Active Directory site named Site2 that has no global catalog servers. Site2 is
connected to another site by a WAN connection.
You need to enable the application on TestKing1 to run at high performance levels and to continue
operating if a WAN connection fails. You also need to minimize traffic over the WAN connection.
What should you do?
A. Enable universal group membership caching in Site2.
B. Configure at least one global catalog server in Site2.
C. Add the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\IgnoreGCF-ailures
key to the registry on all domain controllers in Site2.
D. Remove Server1 from the child1.testking.com domain and add it to a workgroup.
Answer: B
Explanation:
The application needs to read data from the global catalog. This information is stored on the global catalog
servers in the other site. This means that the application needs to contact the global catalog servers over a
WAN link. We can improve performance by configuring a global catalog server in site2. This will enable the
application to contact a global catalog server over fast LAN connections. It will also enable the application to
run if the WAN link fails.
Incorrect Answers:
A: Universal group caching likely has no effect on the application. Universal group information is just a small
part of the information stored in the global catalog. The application would still need to contact a global
catalog server.
C: This setting allows users to log on to a domain if the domain controller is unable to contact a global catalog
server. It will have no effect on the application.
D: The application won’t be able to query the global catalog if the computer isn’t a member of the domain.
Reference:
MS Press: MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a
Microsoft Windows Server 2003 Active Directory Infrastructure, 2004, pp. 1-17 to 1-18, 5-41 to 5-45, 5-48-5 to
50.
Syngress Press, Planning, Implementing, and Maintaining a Windows Server 2003 Active Directory
Infrastructure Study Guide & DVD Training System, 2003, pp. 31, 543, 547, 550-552.
QUESTION NO: 7
70 - 294
Leading the way in IT testing and certification tools, www.testking.com
- 13 -
You are a network administrator for TestKing.com. The relevant portion of your network configuration
is shown in the work area.
TestKing has offices in Toronto and New York. The Toronto office has 500 employees, and the New York
office has 150 employees. Employees in both offices use an application that frequently reads
configuration data in the global catalog.
You install Windows Server 2003 on all domain controllers. You create a single Windows Server 2003
Active Directory domain. The functional level of the forest is Windows Server 2003. You configure
servers as shown in the following table.
Server name Configuration
Testking1 Domain controller, domain naming master, schema master
Testking2 Domain controller, PDC emulator master, relative ID (RID)
Testking3 Member server, file and print server
Testking4 Member server, Web server
Testking5 Domain controller
Testking6 Member server, file and print server
You need to plan the placement of global catalog servers for TestKing.com. You need to ensure that the
application performs well during times of peak activity. You need to ensure that the application continues
to function in the event of multiple global catalog failures.
Where should you place the global catalog server or servers?
To answer, select the appropriate computer or computers in the work area.
Answer: Select Testking1, Testking2 and Testking5.
Explanation:
70 - 294
Leading the way in IT testing and certification tools, www.testking.com
- 14 -
Only domain controllers can function as Global Catalog servers. In this case, only Testking1, Testking2 and
Testking5 are domain controllers. We need to use all domain controllers to ensure that the application continues
to function in the event of multiple global catalog failures.
Reference:
MS Press: MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a
Microsoft Windows Server 2003 Active Directory Infrastructure, 2004, pp. 1-17 to 1-18, 5-41 to 5-45, 5-48 to 5-
50.
Syngress Press, Planning, Implementing, and Maintaining a Windows Server 2003 Active Directory
Infrastructure Study Guide & DVD Training System, 2003, pp. 31, 543, 547, 550-552.
QUESTION NO: 8
You are a network administrator for TestKing.com. The network consists of a single Active Directory
forest that contains 30 domains. TestKing has 400 offices. The network contains 150,000 user objects. All
servers run Windows Server 2003.
You are responsible for administering the marketing department, which has offices in North America
and Europe, as shown in the work area. Offices in Toronto, Chicago, and New York are part of the
america.testking.com domain. Offices in Paris, Bonn, and Rome are part of the europe.testking.com
domain. The number of users in each office is shown in the following table.
Office Number of users
Toronto 750
Chicago 20
New York 650
Paris 650
Bonn 10
Rome 15
Users in the Bonn, New York, and Toronto offices require access to a directory-enabled application that
stores configuration information in the global catalog.
You need to plan the placement of domain controllers for the network. You need to ensure that each user
can log on without using cached credentials and that users have access to the application if a WAN
connection fails. You need to achieve this goal while minimizing the increase in WAN traffic.
What should you do?
To answer, drag the appropriate domain controller configuration or configurations to the correct
location or locations in the work area.
70 - 294
Leading the way in IT testing and certification tools, www.testking.com
- 15 -