[Breathing] 70-291 Microsoft exam price 76-90 (Apr 2016)

Exam Code: 70-291 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: MCDBA Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-291 Exam.

2016 Apr 70-291 Study Guide Questions:

Q76. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The network contains a Web server named Server1 that runs IIS 6.0 and hosts a secure Web site. The Web site is accessible from the intranet, as well as from the Internet. All users must authenticate when they connect to Server1. All users on the Internet must use a secure protocol to connect to the Web site. Users on the intranet do not need to use a secure protocol. You need verify that all users are using a secure protocol to connect to Server1 from the Internet. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.) 

A. Monitor network traffic to Server1 by using Network Monitor. 

B. Monitor the Web server connections on Server1 by using a performance log. 

C. Monitor the events in the application log on Server1. 

D. Monitor the events in the security log on Server1. 

E. Monitor the IIS logs on Server1. 

Answer: AE 


Q77. Your network consists of a single Active Directory domain. An organizational unit (OU) named Servers contains all member servers in the domain. 

The domain contains a Group Policy object (GPO) named Policy1. A user account named Admin1 is used to administer the member servers. 

You need to allow Admin1 to apply Policy1 to the member servers. You must prevent Admin1 from modifying Policy1. 

What should you do? 

A. Add Admin1 to the Server Operators group. 

B. Add Admin1 to the Group Policy Creator Owners group. 

C. On the Servers OU, assign Admin1 the permission to link GPOs. 

D. On Policy1, assign Admin1 the permission to apply group policy. 

Answer: C 


Q78. You are the administrator of an Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. All computers are members of the domain. The Secure Server (Require Security) IPSec policy is assigned to a file server named Server6. The policy is configured as shown in the exhibit. (Click the Exhibit button.) Users report that they cannot access shared folders on Server6. Users were able to access shared folders on Server6 prior to the implementation of the IPSec policy. You need to ensure that all client computers in the domain can access the shared folders on Server6. You must ensure that all communications between client computers and Server6 be encrypted. What should you do? 


A. On all client computers, assign the Client (Respond Only) IPSec policy. 

B. On Server6, enable the All ICMP Traffic IP Security rule in the properties of the Secure Server (Require Security) IPSec policy. 

C. On all client computers, install an IPSec communication certificate in the local machine store. 

D. On Server6, enable the <Dynamic> IP Security rule in the properties of the Secure Server (Require Security) IPSec policy. 

Answer: A 


Q79. Your network consists of a single Active Directory domain. The network contains a Web server that runs Windows Server 2003 Service Pack 2 (SP2). 

You need to enable a user named User1 to stop and start the World Wide Web Publishing Service on the Web server.User1 must be prevented from stopping other services on the Web server. 

What should you do? 

A. Add User1 to the Server Operators group. 

B. Apply a Group Policy object (GPO) to the server and configure the System Services setting in the GPO. 

C. From Local Security Policy, modify the User Rights Assignment settings. 

D. From the Services snap-in, modify the properties of the World Wide Web Publishing Service. 

Answer: B 


Q80. Your network consists of a single Active Directory domain. The domain contains a server named Server1. Server1 runs windows Server 2003 Service Pack 2 (SP2). 

You install Windows Support Tools on server1. 

You need to view the IPSec settings applied to Server1. 

What command should you run on Server1? 

A. Netstat-r IP 

B. Netdiag /test:ipsec 

C. Sc query policyagent 

D. Netsh ipsec static show all 

Answer: D 


70-291 exam guide

Refresh 70-291 exam question:

Q81. You have a server that runs Windows Server 2003 Service Pack 2 (SP2). The server has Windows Server Update Services (WSUS) 3.0 installed. The server contains a single 30-GB volume named Volume1. Volume1 is 90 percent full. 

You install a new 136-GB hard disk in the server. You create a new 136-GB volume named Volume2. You need to increase the storage space available to WSUS. 

What should you do? 

A. Use wsusutil.exe to copy the updates to Volume2. Manually delete the folder that contains the updates on Volume1. 

B. Use ntbackup.exe to backup the updates on Volume1. Restore the updates to Volume2. Manually delete the folder that contains the updates on Volume1. 

C. From the Update Services console, configure the server to download Express Installation files. 

D. Modify the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup\ContentDir registry setting. Restart the Update Services service. 

Answer: A 


Q82. Your company consists of a single Active Directory domain that is configured in windows 2000 native mode. All servers run Windows Server 2003 Service Pack 2 (SP2). 

You deploy a Routing and Remote Access server to provide vpn access to the network. 

You need to ensure that only members of a group named Sales can access the network through the vpn. The solution must minimize the administrative effort required to manage remote access. 

What should you do? 

A. Allow dial-in access for the user accounts of all Sales group members. 

B. Deny dial-in access for the user accounts of all users except the Sales group members. 

C. Create a remote access policy and assign the Allow - Remote Access permission. Add the Windows-Groups condition and specify the Sales group. 

D. Create a remote access policy and assign the Deny - Remote Access permission. Add the Windows-Groups condition and specify all Active Directory groups except for Sales. 

Answer: C 


Q83. You are the network administrator for your company. All servers run Windows Server 2003. You configure a server named Server2 as a Network Address Translation (NAT) server. Server2 has a single network adapter and a modem. Server2 connects to the Internet through a demand-dial connection. Users report that when they attempt to connect to Internet Web sites, they intermittently receive the following error messag*"Page not found." After waiting for several minutes, they can connect to the Web sites. These errors occur throughout the day. You need to configure Server2 to allow users to always connect to Internet Web sites. What should you do? 

A. Set the dial-out hours on the demand-dial connection to any day and any time. 

B. Set a demand-dial filter. Configure the filter for Only allow the following traffic. Specify a new filter for outbound port 80. 

C. Set the demand-dial connection to Persistent. 

D. Configure the demand-dial interface as the private interface. 

Answer: C 


Q84. You are the network administrator for Contoso, Ltd. The network consists of a single Active Directory domain named contoso.com. The network topology is shown in the exhibit. (Click the Exhibit button.) The configurations of the DNS servers that host the zone named contoso.com are shown in the following table. 


The refresh interval for the zone is one hour. The zone contains 10,000 records.The network connection to Caracas is operating at 90 percent of capacity. You remove Server3 from the network to perform hardware maintenance. Two hours later, you bring Server3 back on the network.You need to ensure that Server3 can immediately provide accurate responses to client computer requests for datA. You also need to ensure that no unnecessary network traffic is generated by the DNS servers.What should you do on Server3? 

A. Update server data files. 

B. Scavenge stale resource records. 

C. Transfer the zone from the master server. 

D. Reload the zone from the master server. 

Answer: C 


Q85. Your company has a stand-alone server named Server2 that runs Windows Server 2003 Service Pack 2 (SP2).Server2 is a Web server. You monitor two client connections to your Web site on 

Server2 and obtain the results shown in the exhibit. (Click the Exhibit button.) 


You need to ensure that all connections to the Web server are encrypted. What should you do? 

A. Install a Web server certificate on Server2. 

B. Configure the Web site to require a secure channel. 

C. Configure the Web site to redirect all requests to https://Server2. 

D. Configure the Web site to require integrated Windows authentication. 

Answer: B 


70-291 exam question

Tested 70-291 forum:

Q86. You have a vpn server that runs windows Server 2003 Service Pack 2 (SP2). The VPN server is configured to have a static IP address pool. The IP address range is 10.10.10.1 to 10.10.10.200. 

All clients connect to the server by using pptp. 

You discover that the VPN server supports only five concurrent VPN connections. 

You need to ensure that the VPN server supports 100 concurrent VPN connections. 

What should you do? 

A. From Network interfaces, create a new demand-dial interface. 

B. From the properties of the server, disable multilink connections. 

C. From the port properties, configure the WAN Miniport (PPTP) device. 

D. From the properties of the server, configure the IP address assignment settings. 

Answer: C 


Q87. You are a network administrator for your company. The network consists of a single Active Directory domain. The domain contains three Windows Server 2003 domain controllers, 20 Windows Server 2003 member servers, and 750 Windows XP Professional computers. The domain is configured to use only Kerberos authentication for all server connections. A user reports that she receives an "Access denied" error message when she attempts to connect to one of the member servers. You want to test the functionality of Kerberos authentication on the user's client computer.Which command should you run from the command prompt on the user's computer? 

A. netsh 

B. ktpass 

C. netdiag 

D. ksetup 

Answer: C 


Q88. Your network consists of a single Active Directory forest that contains two domains named contoso.com and litwareinc.com. 

All domain controllers for contoso.com are in an office located in Singapore. All domain controllers for litwareinc.com are in an office located in Los Angeles. 

There is a single 128-Kbps WAN link between the two offices. 

All domain controllers run Windows Server 2003 Service Pack 2 (SP2) and are configured as DNS servers. Each domain controller contains a standard DNS zone for its respective domain. 

You need to ensure that users in the Singapore office can resolve IP addresses for servers in the Los Angeles office. The solution must minimize replication traffic over the WAN link. 

What should you do? 

A. Create a shortcut trust between contoso.com and litwareinc.com. 

B. Place a domain controller for litwareinc.com in the Singapore office. 

C. On a domain controller in the Singapore office, create a secondary zone for the litwareinc.com domain. 

D. On a domain controller in the Singapore office, create a conditional forwarder for the litwareinc.com domain. 

Answer: D 


Q89. Your network consists of a single Active Directory domain. 

You have a Web server named server1.contoso.com that runs Windows Server 2003 Service Pack 2 (SP2). 

Users access a Web site on Server1 by using the URL http://server1.contoso.com. Users also access the Web site on Server1 by using the URL http://192.168.1.10. 

You need to configure DNS to enable users to access the Web site by using the URL http://www.contoso.com. The solution must prevent the need to manually update DNS if the IP address of Server1 changes. 

Which type of resource record should you create in DNS? 

A. alias (CNAME) 

B. host (A) 

C. host (AAAA) 

D. host information (HINFO) 

Answer: A 


Q90. Your network consists of a single Active Directory named contoso.com.All servers run Windows Server 2003 Service Pack 2 (SP2). 

You have two DNS servers named Server1 and Server2. Server1 has a primary DNS zone for contoso.com. 

Server2 has a secondary DNS zone for contoso.com. 

You need to log all zone transfer requests and client queries made to Server1. 

What should you configure from the DNS snap-in on Server1? 

A. the debug logging settings 

B. the event logging settings 

C. the monitoring settings for the contoso.com zone 

D. the zone transfer settings for the contoso.com zone 

Answer: D