Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). You enable auditing for failed logon attempts on all domain controllers. You need to ensure that a record of failed logon attempts is retained for 90 days on all domain controllers. What should you do?

From the Security Templates snap in, open the hisecdc template. Modify the Retain System Log setting.

From the Security Templates snap in, open the securedc template. Modify the Retain Security Log setting.

Open the Default Domain Policy. Modify the Retain System Log setting.

Open the Default Domain Controller Policy. Modify the Retain Security Log setting.

Correct Answer: Open the Default Domain Controller Policy. Modify the Retain Security Log setting.

Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Service Pack 3 (SP3). You install and configure Microsoft Windows Server Update Services (WSUS) 3.0 on a member server named Server1. You create a new Group Policy Object named GPO1 that enables automatic updating. You link GPO1 to the domain. You need to ensure that each client computer obtains software updates from Server1. What should you do?

On each client computer, run Gpupdate \/Force.

On each client computer, run wuauclt \/detectnow.

From GPO1, configure the Enable client side targeting setting.

From GPO1, configure the Specify intranet Microsoft update service location setting.

Your network consists of a single Active Directory domain that contains two domain controllers. Both domain controllers run Windows Server 2003 Service Pack 2 (SP2). Auditing of successful account logon events is enabled on all computers in the domain. You need to identify the last time a specific user logged on to the domain. What should you do?

Examine the System Event Log on the user's computer.

Examine the System Event Log on both domain controllers.

Examine the Security Event Log on both domain controllers.

Examine the Application Event Log on the user's computer.

Your network contains 10 domain controllers, 10 member servers, and approximately 1,000 client computers. All the servers run Windows 2000 Server, and all the client computers run Windows 2000 Professional. Two of the domain controllers act as DNS servers. Users of client computers use file sharing to grant access to files stored locally. The network has 10 subnets and uses TCP/IP as the only network protocol. You want to configure the network so that all computers can resolve the addresses of all other computers by using DNS. Client computers must be able to register and resolve addresses if a server fails. How should you configure the DNS servers?

Configure one server with a standard primary zone for the domain, and configure at least one server with standard secondary zone

Configure one server with a standard primary zone for the domain, and configure at least one server with an Active Directory integrated primary zone

Configure one server with an Active directory integrated primary zone for the domain, and configure at least one server with a standard secondary zone

Configure at least two servers with Active Directory integrated primary zones for the domain

Configure at least two servers with standard primary zones for the domain

Your network consists of a single Active Directory domain. You have 10 Web servers run Windows Server 2003 Service Pack 2 (SP2). You need to archive all of the application event logs for all the Web servers. The archived logs must contain all information from the original logs. What should you do?

Connect to each Web Server by using Event Viewer. Save the Application logs as the CSV file type.

Connect to each Web Server by using Event Viewer. Save the Application logs as the Event Log file type.

On each Web server, open the Security Configuration and Analysis snap in, analyze the computer, and then export the settings.

Run Security Configuration Wizard for each Web Server. Save the data to an .inf file.

Your network consists of a single Active Directory domain. The domain includes a group named SalesUsers. You have a file server that runs Windows Server 2003 Service Pack 2 (SP2). The server has a folder named CorpData. You share the CorpData folder and assign the Domain Users group the Full Control share permission. In the CorpData folder, you create a folder named Sales. You need to configure security for the Sales folder to meet the following requirements: -Members of the SalesUsers group must be able to read, create, and modify all files and folders. -All other users must be able to view items in the folder. What should you do?

On the Sales folder, block permission inheritance and remove permissions. Assign the Allow Modify permission to the SalesUsers group.

On the Sales folder, block permission inheritance and copy permissions. On the Sales folder, assign the Allow Modify permission to the SalesUsers group.

On the CorpData share, change the share permission for Domain Users to Read. On the Sales folder, assign the Allow Modify permissions to the SalesUsers group.

On the CorpData folder, block permission inheritance and remove permissions. In the Sales folder, assign the Allow Modify permissions to the SalesUsers group.

You are the administrator of a Windows 2000 domain that has three domain controllers. Each day, you use Windows Backup to perform full backups of each domain controller. You run a script to make changes to account information in Active Directory. As a result of errors in the script, the incorrect user accounts are modified. Active Directory replication then replicates the changes to the other two domain controllers. You want to revert Active Directory to the version that was backed up the previous day. What should you do?

On a single domain controller, use Windows Backup to restore the System State data. Shut down and restart the computer

Shut down and restart a single domain controller in directory services restore mode. Use Windows Backup to restore the System State data. Run the Ntdsutil utility. Restart the computer

Shut down, and restart a single domain controller by using the Recovery Console. Use Windows Backup to restore the System State data. Exit the Recovery Console. Restart the computer

Shut down and restart each domain controller by using the Recovery Console. Use Windows Backup to restore the Sysvol folder. Exit the Recovery Console. Restart the computer

None of above

You are the administrator of Windows 2000 domain and TWO Windows NT domains. The Windows 2000 domains trust each of the Windows NT domains. Each of Windows NT domains trust the Windows 2000 domain. A Windows 2000 domain controller named DC1 is configured to use a highly secure domain controller template. Users in the Windows NT domain report that they cannot access DC1. You need to allow the users of computers in the Windows NT domain to access resources on DC1. What should you do?

Apply a less restrictive custom security template to DC1

Apply a less restrictive custom policy to Windows NT domain controller

Ensure the Windows 2000 domain is configured in the mixed mode

Ensure the Windows 2000 domain is configured to run in the native mode

None of above

Your network consists of a single Active Directory domain named contoso.com. The functional level of the domain is Windows Server 2003. You have a file server named Server1 that is used to store users' home folders and profiles. On Server1, you create a folder named D:data and share the folder as UserData. You create a new user account named TemplateUser in Active Directory. You need to ensure that each user account you create by copying TemplateUser is configured to have a unique home folder stored in the UserData share. Which home folder path should you specify?

D:\\data\\%homedrive%

D:\\data\\%username%

\\\\server1\\userdata\\%homedrive%

\\\\server1\\userdata\\%username%

You want to implement Active Directory on your Windows 2000 network. Your network consists of Windows 2000 Server computers, Windows 2000 Professional computers, Windows NT Workstation 4.0 computers, and Windows 98 computers. You want to achieve optimum functionality of all the client computers with Active Directory. What should you do?

Install the Directory Service Client on all of the Windows 98 computers.

Upgrade all of the Windows 98 computers to Windows 2000 Professional

Upgrade all of the Windows NT Workstation 4.0 computers and Windows 98 computers to Windows 2000 Professional

Nothing. Windows 2000 will automatically detect all client computers and optimize them to function with Active Directory.

You are the administrator of a network that consists of a single Windows NT 4.0 domain. The network contains five Windows NT Server domain controllers and 1,000 Windows NT Workstation client computers. You want to install Windows 2000 Server on a new computer. You want the new computer to act as a domain controller in the existing domain. What should you do?

On the new computer, install Windows NT Server 4.0 and designate the computer as a BDC in the existing domain. Promote the computer to the PDC of the domain. Upgrade the computer to Windows 2000 Serve

On the new computer, install Windows NT Server 4.0 and designate the computer as a PDC in a new domain that has the same NetBIOS name as the existing Windows NT domain. Upgrade the computer to Windows

Shut down the PDC of the existing Windows NT domain from the network. On the new computer, install Windows 2000 Server, and then run the Active Directory Installation wizard to install Active Director

None of above