Mar 2016 updated: Pass4sure Microsoft 70-293 exam prep 113-128

70-293 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library! Try it Free Today!

https://www.exambible.com/70-293-exam/

Product Description:
Exam Number/Code: 70-293
Exam name: Planning and Maintaining a Windows Server 2003 Network Infrastructure
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Free Certification Real IT 70-293 Exam pdf Collection

Question No. 113

You are a network administrator for Alpine Ski House. The network consists of a single Active Directory domain. The domain name is alpineskihouse.com. The network contains three Windows Server 2003 domain controllers. You are creating the recovery plan for the company. According to the existing backup plan, domain controllers are backed up by using normal backups each night. The normal backups of the domain controllers include the system state of each domain controller. 

Your recovery plan must incorporate the following organizational requirements: 

Active Directory objects that are accidentally or maliciously deleted must be recoverable. 

Active Directory must be restored to its most recent state as quickly as possible. 

Active Directory database replication must be minimized. 

You need to create a plan to restore a deleted organizational unit (OU). Which two actions should you include in your plan? (Each correct answer presents part of the solution. Choose two.) 

A. Restart a domain controller in Safe Mode. 

B. Restore the system state by using the Always replace the file on my computer option. 

C. Use the Ntdsutil utility to perform an authoritative restore operation of the Active Directory database. 

D. Restart a domain controller in Directory Services Restore Mode. 

E. Use the Ntdsutil utility to perform an authoritative restore operation of the appropriate subtree. 

Answer: DE 


Question No. 114

You are the network administrator for your company. The network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains a Windows Server 2003 computer named Server1 that is running Routing and Remote Access. The domain contains a universal group named Managers and a global group named Operations. User accounts in the Managers group require remote access between the hours of 

8:00 A.M. and 8:00 P.M. User accounts in the Operations group require remote access 24 hours per day. You configure a remote access policy on Server1 named RA_Managers with the appropriate settings for the Managers group, and you configure a second remote access policy named RA_Operations on Server1 with the appropriate settings for the Operations group. The default remote access policies on Server1 remain unmodified. Members of the Managers group report that they can establish a remote access connection to Server1, but members of the Operations group report that they cannot establish a remote access connection to Server1. You open the Routing and Remote Access administrative tool and note that the remote access policies are in the order presented in the following table. 


You need to enable the appropriate remote access for the members of the Managers and Operations groups while restricting remote access to all other users. What should you do? 

A. Delete the Connections to other access servers policy. 

B. Move the RA_Operations policy up so that it is the second policy in the order. 

C. Re-create the Operations global group as a universal group. 

D. Move the Connections to Microsoft Routing and Remote Access server policy up so that it is the first policy in the order. 

Answer:


Question No. 115

You are the network administrator for your company. The relevant portion of the network is shown in the exhibit. (Click the Exhibit button.) All servers run Windows Server 2003. Each subnet of the network contains 100 Windows XP Professional computers. Each subnet also contains a DHCP server, which provides TCP/IP configuration information to all computers on its local subnet. You create and configure Subnet3 for a new department at your company. Users in Subnet3 report that they cannot connect to resources located on servers in Subnet1 and Subnet2. When they attempt to connect to these resources, they receive the following error message "Server ." The users can successfully connect to resources located on servers in Subnet3. Users in Subnet1 and Subnet2 report that they cannot connect to resources located on servers in Subnet3. When they attempt to connect to these resources, they receive the following error message "Server did not respond in a timely manner." The users can successfully connect to resources in both Subnet1 and Subnet2. You need to ensure that all client computers can connect to server-based resources on all subnets. What should you do? 


A. Configure the Router2 Interface E1 to use a subnet mask of 255.255.0.0. 

B. Configure the DHCP servers in Subnet1 and Subnet2 to provide a subnet mask of 255.255.0.0. 

C. Configure the DHCP server in Subnet3 to provide a subnet mask of 255.255.255.0. 

D. Configure the IP address of the Router2 Interface E1 as the default gateway for Subnet2. 

E. Configure the IP address of the Router2 Interface E0 as the default gateway for Subnet3. 

Answer:


Question No. 116

Your company has a single Active Directory directory service domain. You are planning a security model for an application. You will use role-based security. You install a server that runs Windows Server 2003. You promote the server to be the first domain controller for a new child domain. You need to configure Authorization Manager to use an Active Directory store type to support role-based security. 

What should you do first? 

A. Create a new authorization store. 

B. Set Authorization Manager to Developer Mode. 

C. Create a new application in Authorization Manager. 

D. Raise the domain functional level to Windows Server 2003. 

Answer:


Question No. 117

Your company has an Active Directory directory service domain. All servers run Windows Server 2003. You are designing a security plan to reduce the risk in the event of a brute force password attack. 

You need to modify Group Policy settings to record unauthorized access attempts. Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.) 

A. Audit failure events. 

B. Audit success events. 

C. Enable the Audit. Shut down system immediately if unable to log security audits policy setting. 

D. Disable the Audit. Shut down system immediately if unable to log security audits policy setting. 

Answer: AC 


Question No. 118

Your company has an Active Directory directory service domain with a single site. All servers run Windows Server 2003. All Web servers run IIS 6.0. Web servers on the internal network are member servers. Web servers in the perimeter network (also known as DMZ) are stand-alone servers. All Web servers on the internal network are located in a single organizational unit (OU). You create a security template for Web servers. You need to apply the security template to all Web servers in the perimeter network. 

What should you do? 

A. Configure settings on the Web servers in the perimeter network by using the Security Configuration Wizard. 

B. Use the Secedit command-line tool to apply the security template to the Web servers in the perimeter network. 

C. Create a Group Policy object (GPO), import the security template into the GPO, and then link the GPO to the Active Directory site. 

D. Create a Group Policy object (GPO), import the security template into the GPO, and then link the GPO to the OU. 

Answer:


Question No. 119

Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003 SP2. You create a new security policy on a server named Server1 by using the Security Configuration Wizard (SCW). You plan to distribute the security policy to a group of servers by using Group Policy. You need to prepare the security policy to support distribution by Group Policy. 

What should you do? 

A. Run the scwcmd command on Server1. 

B. Run the gpupdate command on Server1. 

C. Re-run the SCW and edit the new security policy. 

D. Use the Group Policy Object Editor (GPOE). 

Answer:


Question No. 120

You are the network administrator for your company. The network contains Windows Server 2003 computers and Windows XP Professional computers. The company deploys two DNS servers. Both DNS servers run Windows Server 2003. One DNS server is inside of the corporate firewall, and the other DNS server is outside of the firewall. The external DNS server provides name resolution for the external Internet name of the company on the Internet, and it is configured with root hints. The internal DNS server hosts the DNS zones related to the internal network configuration, and it is not configured with root hints.You want to limit the exposure of the client computers to DNS-related attacks from the Internet, without limiting their access to Internet-based sites.Which two actions should you take? (Each correct answer presents part of the solution. Choose two.) 

A. Configure the firewall to allow only network traffic on the DNS ports. 

B. On the internal DNS server, add the external DNS server as the only root hint. 

C. On the internal DNS server, disable recursion. 

D. Configure the client computers to use both DNS servers. List the internal DNS server first. 

E. On the internal DNS server, configure the external DNS server as forwarder. 

F. Configure the client computers to use only the internal DNS server. 

Answer: EF 


Question No. 121

You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. All servers run Windows Server 2003 and all client computers run Windows XP Professional. You are planning a security update infrastructure. You need to find out which computers are exposed to known vulnerabilities. You need to collect the information on existing vulnerabilities for each computer every night. You want this process to occur automatically. What should you do? 

A. Install Software Update Services (SUS) on one of the servers. Configure the SUS server to update every night. 

B. Schedule the secedit command to run every night. 

C. Schedule the mbsacli.exe command to run every night. 

D. Install Microsoft Baseline Security Analyzer (MBSA) on one of the servers. Configure Automatic Updates on all other computers to use that server. 

Answer:


Question No. 122

Servers in your environment run Windows Server 2003. You plan to configure a highly available file server. You need to choose the appropriate high-availability technology and the minimum Windows Server 2003 edition for this server. 

Which technology and edition should you choose? (Each correct answer presents part of the solution. Choose two.) 

A. failover clustering 

B. Network Load Balancing 

C. Windows Server 2003, Standard Edition 

D. Windows Server 2003, Enterprise Edition 

Answer: AD 


Question No. 123

Your company has a single Active Directory directory service forest with three domains. All servers in your environment run Windows Server 2003. You are planning a public key infrastructure (PKI). You plan to deploy one root certification authority (CA), one policy CA, and two issuing CAs. You need to manage the health of all the CAs simultaneously. Which console should you use? 

A. Certificate Manager 

B. Certificate Services 

C. Certificate Templates 

D. Enterprise PKI 

Answer:


Question No. 124

Your company has an Active Directory directory service domain. All file servers run Windows Server 2003 and are located in the FilePrint organizational unit (OU). You create a security template named FilePrint.inf that modifies existing audit settings and disables unwanted services. 

You need to apply the FilePrint.inf security template to all file servers, and you must ensure that the security settings applied by the template cannot be overwritten. 

What should you do? 

A. Import the FilePrint.inf security template into the local Group Policy on all file servers. 

B. Use the Security Configuration and Analysis tool to apply the FilePrint.inf security template to all file servers. 

C. Import the FilePrint.inf security template into a new Group Policy object (GPO), and link the GPO to the FilePrint OU. 

D. Import the FilePrint.inf security template into a new Group Policy object (GPO), and link a WMI filter that is specific to file servers to the GPO. Then link the GPO to the domain. 

Answer:


Question No. 125

Your company has a single Active Directory directory service domain. Servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You plan to create an internal centrally managed security update infrastructure for client computers. You need to choose a security update management tool that supports all the client computers. 

Which tool should you choose? 

A. Microsoft Assessment and Planning (MAP) Toolkit 

B. Microsoft Baseline Security Analyzer (MBSA) 

C. Microsoft System Center Operations Manager 

D. Windows Server Update Services (WSUS) 

Answer:


Question No. 126

All the servers in your environment run Windows Server 2003. You plan to monitor network traffic that is generated by the servers. You need to capture the network traffic and identify the server processes that are generating the traffic. Which tool should you use? 

A. NMcap 

B. NetMon 

C. NetDiag 

D. NetDom 

Answer:


Question No. 127

Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. An organizational unit (OU) contains a group of application servers. You configure an IPSec security policy and link it to the OU. 

You need to analyze the servers in the OU and generate a report in XML format that displays compliance with the IPSec policy. 

What should you use? 

A. the netdiag command 

B. the scwcmd command 

C. the IP Security Monitor console 

D. the Security Configuration and Analysis console 

Answer:


Question No. 128

Your company has a single Active Directory directory service domain with an Enterprise root certification authority (CA). All servers run Windows Server 2003. All portable client computers run Windows XP SP3 and connect to the network through wireless access points. The wireless network uses 802.1x authentication. You are designing a security plan for the wireless network. 

You need to ensure that portable client computers can connect to the wireless network. You issue and install computer certificates on each portable client computer. 

What should you do next? 

A. Set the startup type for the WLAN AutoConfig service to Automatic. 

B. Set the startup type for the Network Access Protection Agent service to Automatic. 

C. Install and configure Internet Authentication Service (IAS) on an existing server. 

D. Install and configure the Routing and Remote Access Service (RRAS) role on an existing server. 

Answer: