Leading 70-293: Pass4sure real testing bible from 97 to 112

70-293 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library! Try it Free Today!

https://www.exambible.com/70-293-exam/

Product Description:
Exam Number/Code: 70-293
Exam name: Planning and Maintaining a Windows Server 2003 Network Infrastructure
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Free Certification Real IT 70-293 Exam pdf Collection

Question No. 97

Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You are planning a public key infrastructure (PKI) to issue smart card certificates. You need to support certificate autoenrollment for smart cards. 

What should you do first? 

A. Create a Version 1 certificate template. 

B. Create a Version 2 certificate template. 

C. In the template properties, set the number of authorized signatures to 2. 

D. In the template properties, select the Enroll subject without requiring any user inputoption. 

Answer:


Question No. 98

You are a network administrator for Alpine Ski House. The internal network has an Active Directory-integrated zone for the alpineskihouse.org domain. Computers on the internal network use the Active Directory-integrated DNS service for all host name resolution. The Alpine Ski House Web site and DNS server are hosted at a local ISP. The public Web site for Alpine Ski House is accessed at www.alpineskihouse.com. The DNS server at the ISP hosts the alpineskihouse.com domain. To improve support for the Web site, your company wants to move the Web site and DNS service from the ISP to the company's perimeter network. The DNS server on the perimeter network must contain only the host (A) resource records for computers on the perimeter network. You install a Windows Server 2003 computer on the perimeter network to host the DNS service for the alpineskihouse.com domain. You need to ensure that the computers on the internal network can properly resolve host names for all internal resources, all perimeter resources, and all Internet resources. Which two actions should you take? (Each correct answer presents part of the solution. Choose two.) 

A. On the DNS server that is on the perimeter network, configure a root zone. 

B. On the DNS server that is on the perimeter network, install a stub zone for alpineskihouse.com. 

C. Configure the DNS server that is on the internal network to conditionally forward lookup requests to the DNS server that is on the perimeter network. 

D. Configure the computers on the internal network to use one of the internal DNS servers as the preferred DNS server. Configure the the TCP/IP settings on the computers on the internal network to use the DNS server on the perimeter network as an alternate DNS server. 

E. On the DNS server that is on the perimeter network, install a primary zone for alpineskihouse.com. 

Answer: CE 


Question No. 99

Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. Your company uses an internal certification authority (CA). Your company has a partnership with another company that has its own Active Directory domain. Users from the partner company require access to an application that resides on a member server on your network. You need to ensure that users from the partner company can access the application by using IPSec. What should you do? 

A. Create an external trust between the two Active Directory domains. 

B. Create a Kerberos Realm trust between the two Active Directory forests. 

C. Create an IPSec policy that uses the Kerberos authentication method. 

D. Create an IPSec policy that uses the Public Key Certificate authentication method. 

Answer:


Question No. 100

You are a network administrator for your company. The network contains a perimeter network. 

The perimeter network contains four Windows Server 2003, Web Edition computers that are configured as a Network Load Balancing cluster. The cluster hosts an e-commerce Web site that must be available 24 hours per day. The cluster is located in a physically secure data center and uses an Internet-addressable virtual IP address. All servers in the cluster are configured with the Hisecws.inf template. You need to implement protective measures against the cluster's most significant security vulnerability. What should you do? 

A. Use packet filtering on all inbound traffic to the cluster. 

B. Use Security Configuration and Analysis regularly to compare the security settings on all servers in the cluster with the baseline settings 

C. Use intrusion detection on the perimeter network. 

D. Use Encrypting File System (EFS) for all files that contain confidential data stored on the cluster. 

Answer:


Question No. 101

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. The network consists of three physical subnets, which correspond to the three buildings on the company's campus, as shown in the Network Diagram exhibit. (Click the Exhibit button.) All servers have manually configured IP addresses. All client computers receive their TCP/IP configuration information from a DHCP server located on the Building1 subnet. The DHCP server has one scope configured for each subnet. Users on the Building2 subnet and the Building3 subnet report that they periodically cannot connect to network resources located on any subnet. You discover that during times of high network usage, client computers in Building2 and Building3 are configured as shown in the Network Connection Details exhibit. (Click the Exhibit button.) You need to ensure that all client computers receive valid IP addresses for their subnet even during times of high network usage. What should you do? 



A. Configure an administrative template in the Default Domain Policy Group Policy object (GPO) to disable Automatic Private IP Addressing (APIPA) on the client computers. 

B. Install one DHCP server on the Building2 subnet and one on the Building3 subnet. On each DHCP server, configure identical scopes for each subnet. 

C. Configure one DHCP relay agent on the Building2 subnet and one on the Building3 subnet to forward DHCP requests to the Building1 subnet DHCP server. 

D. Install one DHCP server on the Building2 subnet and one on the Building3 subnet. On each DHCP server, configure a single subnet-specific scope. 

Answer:


Question No. 102

You are the security analyst for your company. The company's written security policy does not allow direct dial-in connections to the network. During a routine security audit, you discover a Windows Server 2003 server named Server1 that has a modem installed and is connected to an outside analog phone line. You investigate and discover that Server1 is also running Routing and Remote Access and is used by the sales department. The modem supports the caller ID service. This remote access connection is used by an application at a partner company to upload product and inventory information to Server1. Each day at midnight, the partner application connects to Server1 and uploads the information. The connection never lasts longer than 30 minutes. The application is currently using the sales manager's domain user account to make the connection. The partner application does not support incoming connections. The partner company has no plans to update this application to support your written security policy, and the sales department requires this updated product and inventory information to be available each morning. Company management directs you to design a solution that provides the highest level of security for this connection until a more secure solution can be developed by the two companies. You need to design and implement a solution that will ensure that only the partner's application can connect to your network over the dial-up connection. Your solution must prevent the connection from being used by unauthorized users, and it must allow only the minimum amount of access to the network. Which two actions should you take? (Each correct answer presents part of the solution. Choose two.) 

A. Configure a remote access policy on Server1 that allows the connection for only the specified user account between midnight and 1:00 A.M. Configure the policy to require callback authentication to the partner company's server. 

B. Create an local account named PartnerDialup on Server1, and add this account to the local Users group. Grant this user account permissions for the folder to which the sales information is uploaded. Direct the partner company to use this account for remote access. 

C. Create an account named PartnerDialup in the domain, and add this account to the Domain Guests group. Grant this user account permissions for the folder to which the sales information is uploaded. Direct the partner cofmpany to use this account for remote access. 

D. Configure a remote access policy on Server1 that allows the connection for only the specifed user account between midnight and 1:00 A.M. Configure the policy to allow only the specific calling station identifier of the partner company's computer. 

Answer: BD 


Question No. 103

Servers in your company run Windows Server 2003. You use dynamically assigned IP addresses. You set up a new client computer that has an IP address of 169.254.1.10. The client computer cannot access the Internet. 

You verify that physical network connectivity for the client computer is functional. The DHCP server shows 253 IP leases active on the 192.168.0.0/24 network that the client computer is attached to. You need to restore network connectivity on the new client computer. What should you do first? 

A. Delete an existing address lease on the DHCP server. 

B. Run the ipconfig /renew command on the client computer. 

C. Run the ipconfig /release command on the client computer. 

D. Add a persistent route on the client computer to the default gateway. 

Answer:


Question No. 104

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 50 application servers that run Windows Server 2003. The security configuration of the application servers is not uniform. The application servers were deployed by local administrators who configured the settings for each of the application servers differently based on their knowledge and skills. The application servers are configured with different authentication methods, audit settings, and account policy settings. The security team recently completed a new network security design. The design includes a baseline configuration for security settings on all servers. The baseline security settings use the Hisecws.inf predefined security template. The design also requires modified settings for servers in an application role. These settings include system service startup requirements, renaming the administrator account, and more stringent account lockout policies. The security team created a security template named Application.inf that contains the modified settings. You need to plan the deployment of the new security design. You need to ensure that all security settings for the application servers are standardized, and that after the deployment, the security settings on all application servers meet the design requirements. What should you do? 

A. Apply the Application.inf template first, the Setup security.inf template next, and then the Hisecws.inf template. 

B. Apply the Application.inf template and then the Hisecws.inf template. 

C. Apply the Setup security.inf template and then the Application.inf template. 

D. Apply the Setup security.inf template first, the Hisecws.inf template next, and then the Application.inf template. 

Answer:


Question No. 105

Your company has an Active Directory directory service domain. The network environment includes servers that run Windows Server 2003 and servers that run Windows 2000 Server. You plan to create a custom security template that configures the NTLM protocol setting that is used by the domain controllers to the most secure setting possible. You need to ensure that all servers continue to communicate with the domain controllers. 

What should you do in the custom security template? 

A. Set Network security. LAN Manager authentication level to Send NTLMv2 response only. 

B. Set Network security. LAN Manager authentication level to Send NTLMv2 response only\ refuse LM. 

C. Set Network security. Minimum session security for NTLM SSP based (including secure RPC) servers to Require NTLMv2 session security. 

D. Set Network security. Minimum session security for NTLM SSP based (including secure RPC) servers to Require 128-bit encryption. 

Answer:


Question No. 106

All servers in your company run Windows Server 2003. You publish Web applications by using IIS 6.0. You plan to publish a new Web application. The Web application connects to a Microsoft SQL Server 2005 database and accepts unfiltered SQL queries. You need to examine SQL queries for injection threats. 

Which tool should you use? 

A. URLScan 3.1 

B. Permissions Verifier 

C. IIS Lockdown Tool 2.1 

D. Microsoft Baseline Security Analyzer (MBSA) 2.1.1 

Answer:


Question No. 107

Your company has an Active Directory directory service domain. All servers run Windows Server 2003. You are developing a domain controller logon policy. Domain controllers must be protected from keylogging attacks during logon. You need to specify a security setting that meets this requirement. 

Which setting should you specify? 

A. Set Number of previous logons to cache to 0. 

B. Set Do not require CTRL+ALT+DEL to Disabled. 

C. Set Do not display the last user name to Enabled. 

D. Set Store password using reversible encryption to Enabled. 

Answer:


Question No. 108

You are the network administrator for your company. You need to provide Internet name resolution services for the company. You set up a Windows Server 2003 computer running the DNS Server service to provide this network service. 

During testing, you notice the following intermittent problems: 

Name resolution queries sometimes take longer than one minute to resolve. 

Some valid name resolution queries receive the following error message in the Nslookup command-line tool: "Non-existent domain." 

You suspect that there is a problem with name resolution. You need to review the individual queries that the server handles. You want to configure monitoring on the DNS server to troubleshoot the problem. What should you do? 

A. In the DNS server properties, on the Debug Logging tab, select the Log packets for debugging option. 

B. In System Monitor, monitor the Recursive Query Failure counter in the DNS object. 

C. In the DNS server properties, on the Event Logging tab, select the Errors and warnings option. 

D. In the DNS server properties, on the Monitoring tab, select the monitoring options. 

Answer:


Question No. 109

All servers in your environment run Windows Server 2003. You are preparing to enforce new security standards on servers in the environment. You need to copy settings from a predefined security template to a custom security template. 

What should you use? 

A. Group Policy Management Console 

B. Security Templates console 

C. Security Configuration Wizard 

D. Security Configuration and Analysis console 

Answer:


Question No. 110

You are a network administrator for your company. The network consists of a Windows NT 4.0 domain. All servers run Windows NT Server 4.0 and all client computers run Windows NT Workstation 4.0. The company has two offices that are connected by a 56-Kbps WAN connection. All computers are configured to use WINS for name resolution and network browsing capability between the two offices. The company is planning to upgrade the domain controllers to Windows Server 2003 and to deploy Windows Server 2003 and Windows XP Professional computers. You need to maintain name resolution and network browsing support during and after the upgrade process. You need to allow users of Windows NT Workstation 4.0 and Windows XP Professional computers to browse and connect to both Windows NT Server 4.0 and Windows Server 2003 computers. You need to minimize name resolution traffic across the WAN connection. What should you do? 

A. Install a Windows Server 2003 DNS server at only one office. 

Configure all Windows NT Workstation 4.0 and Windows NT Server 4.0 computers to use both 

WINS and DNS for name resolution. 

Configure all Windows Server 2003 computers to use WINS. 


B. Upgrade the WINS servers at each office to Windows Server 2003. 

Install a Windows Server 2003 DNS server at only one office and configure it to use WINS lookup. 

Configure all Windows Server 2003 computers to use WINS. 


C. Upgrade the WINS servers at each office to Windows Server 2003. 

Install a Windows Server 2003 DNS server at each office. Configure each DNS server to use 

WINS lookup. 

Configure all Windows Server 2003 computers to use WINS. 


D. Install a Windows Server 2003 DNS server at each office. 

Configure all Windows NT Workstation 4.0 and Windows NT Server 4.0 computers to use both 

WINS and DNS for name resolution. 

Configure all Windows Server 2003 computers to use WINS. 


Answer:


Question No. 111

You are a network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. The Active Directory domain contains three organizational units (OUs): Payroll Users, Payroll Servers, and Finance Servers. The Windows XP Professional computers used by the users in the payroll department are in the Payroll Users OU. The Windows Server 2003 computers used by the payroll department are in the Payroll Servers OU. The Windows Server 2003 computers used by the finance department are in the Finance Servers OU. You are planning the baseline security configuration for the payroll department. The company's written security policy requires that all network communications with servers in the Payroll Servers OU must be secured by using IPsec. The written security policy states that IPSec must not be used on any other servers in the company. You need to ensure that the baseline security configuration for the payroll department complies with the written security policy. You also need to ensure that members of the Payroll Users OU can access resources in the Payroll Servers OU and in the Finance Servers OU. What should you do? 

A. Create a Group Policy object (GPO) and assign the Server (Request Security) IPSec policy 

setting. Link the GPO to the Payroll Servers OU and to the Finance Servers OU. 

Create a second GPO and assign the Client (Respond Only) IPSec policy setting. Link the second 

GPO to the Payroll Users OU. 


B. Create a Group Policy object (GPO) and assign the Secure Server (Require Security) IPSec 

policy setting. Link the GPO to the Payroll Servers OU and to the Finance Servers OU. 

Create a second GPO and assign the Client (Respond Only) IPSec policy setting. Link the second 

GPO to the Payroll Users OU. 


C. Create a Group Policy object (GPO) and assign the Server (Request Security) IPSec policy 

setting. Link the GPO to only the Payroll Servers OU. 

Create a second GPO and assign the Client (Respond Only) IPSec policy setting. Link the second 

GPO to the Payroll Users OU. 


D. Create a Group Policy object (GPO) and assign the Secure Server (Require Security) IPSec 

policy setting. Link the GPO to only the Payroll Servers OU. 

Create a second GPO and assign the Client (Respond Only) IPSec policy setting. Link the second 

GPO to the Payroll Users OU. 


Answer:


Question No. 112

Your company has an Active Directory directory service domain. File servers run Windows Server 2003 and are joined to the domain. Client computers run Windows XP Professional. You need to encrypt data communications between file servers and client computers by using IPSec. 

Which IPSec transport mode and IPSec authentication method should you use? 

A. Authentication Header (AH) and Kerberos 

B. Authentication Header (AH) and preshared key 

C. Encapsulating Security Payload (ESP) and Kerberos 

D. Encapsulating Security Payload (ESP) and preshared key 

Answer: