How to pass Microsoft 70-293 Real Exam in 24 Hours [exam prep 145-160]

Exam Code: 70-293 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Planning and Maintaining a Windows Server 2003 Network Infrastructure
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-293 Exam.

2016 Mar 70-293 Study Guide Questions:

Q145. Your company has an Active Directory directory service domain. All servers run Windows Server 2003. Your security baseline requires you to control local group membership on all member servers. You need to automatically remove users from the Power Users group on member servers. You must ensure that only the Domain Admins security group and the local Administrator account are members of the local Administrators group. 

Which predefined security template should you use? 

A. hisecws.inf 

B. rootsec.inf 

C. securews.inf 

D. Setup security.inf 

Answer: A 


Q146. You are a network administrator for your company. The network consists of a single Windows 2000 Active Directory forest that has four domains. All client computers run Windows XP Professional. The company's written security policy states that all e-mail messages must be electronically signed when sent to other employees. You decide to deploy Certificate Services and automatically enroll users for e-mail authentication certificates. You install Windows Server 2003 on two member servers and install Certificate Services. You configure one Windows Server 2003 computer as a root certification authority (CA). You configure the other Windows Server 2003 server as an enterprise subordinate CA. You open Certificate Templates on the enterprise subordinate CA, but you are unable to configure certificates templates for autoenrollment. The Certificate Templates administration tool is shown in the exhibit. (Click the Exhibit button.) 


You need to configure Active Directory to support autoenrollment of certificates. What should you do? 

A. Run the adprep /forestprep command on the schema operations master. 

B. Run the adprep /domainprep command on a Windows 2000 Server domain controller that is in the same domain as the enterprise subordinate CA. 

C. Place the enterprise subordinate CA's computer account in the Cert Publishers Domain Local group. 

D. Install Active Directory on the Windows Server 2003 member server that is functioning as the enterprise subordinate CA. Configure this server as an additional domain controller in the Windows 2000 Active Directory domain. 

Answer: A 


Q147. Your company has an Active Directory directory service domain. All servers in your environment run Windows Server 2003 and are members of the domain. You apply an IPSec policy to a Group Policy container that contains all servers. One server does not appear to have the policy applied. You need to identify which IPSec policies are being applied to the server. 

Which tool should you use? 

A. Resultant Set of Policy (RSoP) in logging mode 

B. Resultant Set of Policy (RSoP) in planning mode 

C. Ipsecpol 

D. Ipseccmd 

Answer: A 


Q148. You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers, 300 Windows 2000 Professional computers, and 150 Windows XP Professional computers. According to the network design specification, the Kerberos version 5 authentication protocol must be used for all client computers on the internal network. You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network. What should you do? 

A. Upgrade all Windows 98 computers to Windows NT Workstation 4.0. 

B. Install the Active Directory Client Extensions software on the Windows 98 computers. 

C. On each domain controller, disable Server Message Block (SMB) signing and encryption of the secure channel traffic. 

D. Replace all Windows 98 computers with new Windows XP Professional computers. 

Answer: D 


Q149. Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You have a stand-alone server that serves as a Stand-alone root certification authority (CA). You need to ensure that a specific user can back up the CA and configure the audit parameters on the CA. 

What should you do? 

A. Assign the user account to the CA Admin role. 

B. Add the user account to the local Administrators group. 

C. Grant the user the Back up files and directories user right. 

D. Grant the user the Manage auditing and security log user right. 

Answer: B 


70-293 free question

Most recent 70-293 test question:

Q150. Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You assign a persistent IPSec policy to a member server by using Group Policy. You need to ensure that inbound communication is permitted only in response to outbound traffic from the member server until Group Policy applies the IPSec policy. 

What should you do? 

A. Set the IPSec driver startup mode to Block. 

B. Set the IPSec driver startup mode to Stateful. 

C. Set the IPSec Policy Agent service startup type to Manual. 

D. Set the IPSec Policy Agent service startup type to Automatic. 

Answer: B 


Q151. You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. You administer a three-node Network Load Balancing cluster. Each cluster node runs Windows Server 2003 and has a single network adapter. The cluster has converged successfully. You notice that the nodes in the cluster run at almost full capacity most of the time. You want to add a fourth node to the cluster. You enable and configure Network Load Balancing on the fourth node. However, the cluster does not converge to a four-node cluster. In the System log on the existing three nodes, you find the exact same TCP/IP error event. The event has the following description: "The system detected an address conflict for IP address 10.50.8.70 with the system having network hardware address 02:BF:0*32:08:46." In the System log on the new fourth node, you find a similar TCP/error event with the following description: "The system detected an address conflict for IP address 

10.50.8.70 with the system having network hardware address 03:BF:0*32:08:46." Only the hardware address is different in the two descriptions. You verify that IP address 10.50.8.70 is configured as the cluster IP address on all four nodes. You want to configure a four-node Network Load Balancing cluster. What should you do? 

A. On the fourth node, run the wlbs.exe reload command. 

B. On the fourth node, run the nlb.exe resume command. 

C. Configure the fourth node to use multicast mode. 

D. Remove 10.50.8.70 from the Network Connections Properties of the fourth node. 

Answer: C 


Q152. Your company has an Active Directory directory service domain. All servers run Windows Server 2003 SP2. You need to create and test security policies based on multiple server roles. Which tool should you use? 

A. Resultant Set of Policy (RSoP) 

B. Microsoft Security Assessment Tool 

C. Security Configuration Wizard (SCW) 

D. Microsoft Baseline Security Analyzer (MBSA) 

Answer: C 


Q153. You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains Windows Server 2003 file servers. The network also contains a Windows Server 2003 computer named Server1 that runs Routing and Remote Access and Internet Authentication Service (IAS). Server1 provides VPN access to the network for users' home computers. You suspect that an external unauthorized user is attempting to access the network through Server1. You want to log the details of access attempts by VPN users when they attempt to access the network. You want to compare the IP addresses of users' home computers with the IP addresses used in the access attempts to verify that the users are authorized. You need to configure Server1 to log the details of access attempts by VPN users. What should you do? 

A. Configure the system event log to Do not overwrite. 

B. In IAS, in Remote Access Logging, enable the Authentication requests setting. 

C. Create a custom remote access policy and configure it for Authentication-Type. 

D. Configure the Remote Access server to Log all events. 

Answer: B 


Q154. Your company has an Active Directory directory service domain. File servers run Windows Server 2003. You plan to secure file servers by using a security template. You need to choose a security template that allows only the Domain Admins Active Directory security group and the local Administrator account to be members of the local Administrators group. 

Which security template should you use? 

A. hisecws.inf 

B. rootsec.inf 

C. securews.inf 

D. Setup security.inf 

Answer: A 


70-293 test

100% Correct 70-293 exam prep:

Q155. All servers in your environment run Windows Server 2003. You plan to require the use of a smart card for remote access. You need to choose an authentication protocol. Which protocol should you use? 

A. PAP 

B. EAP-TLS 

C. MS-CHAP 

D. MS-CHAP v2 

Answer: B 


Q156. You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains two IP subnets connected by a Windows Server 2003 computer running Routing and Remote Access. All servers run Windows Server 2003. All client computers run Windows XP Professional. Each subnet contains a domain controller. Each subnet contains a DHCP server, which provides TCP/IP configuration information to the computers on only its subnet. The relevant portion of the network is shown in the exhibit. (Click the Exhibit button.) You recently implemented a Microsoft Internet Security and Acceleration (ISA) Server 2000 array on the network to provide Internet connectivity. The ISA Server array uses Network Load Balancing on the internal adapters. The array's Network Load Balancing cluster address is 

172.30.32.1. You configure the DHCP server on Subnet1 to provide the array's Network Load Balancing cluster address as the new default gateway. You configure the DHCP server on Subnet2 to provide the IP address 172.30.64.1 as the default gateway for Subnet2. Users on Subnet2 report that they cannot connect to Internet-based resources. They can successfully connect to resources located on Subnet1. Users on Subnet1 can successfully connect to Internet-based resources. You investigate and discover that no Internet requests from computers on Subnet2 are being received by the ISA Server array. You need to provide Internet connectivity to users on Subnet2. What should you do? 


A. Configure the DHCP server on Subnet2 to provide the address 172.30.32.2 as the default gateway. 

B. Configure the DHCP server on Subnet2 to provide the address 172.30.32.1 as the default gateway. 

C. On the Routing and Remote Access server, add a default route to 131.107.72.17. 

D. On the Routing and Remote Access server, add a default route to 172.30.32.1. 

Answer: D 


Q157. Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. All domain controllers run Active DirectoryCintegrated DNS. You create several static host (A) resource records. 

You need to verify that the DNS server is sending the correct host records to all client computers. 

Which command-line tool should you use? 

A. netsh 

B. tracert 

C. ntdsutil 

D. nslookup 

Answer: D 


Q158. You are the network administrator for your company. The network consists of a single Active Directory domain. The company's written security policy requires that computers in a file server role must have a minimum file size for event log settings. In the past, logged events were lost because the size of the event log files was too small. You want to ensure that the event log files are large enough to hold history. You also want the security event log to be cleared manually to ensure that no security information is lost. The application log must clear events as needed. You create a security template named Fileserver.inf to meet the requirements. You need to test each file server and take the appropriate corrective action if needed. You audit a file server by using Fileserver.inf and receive the results shown in the exhibit. (Click the Exhibit button.) You want to make only the changes that are required to meet the requirements. Which two actions should you take? (Each correct answer presents part of the solution. Choose two.) 


A. Correct the Retention method for security log setting on the file server. 

B. Correct the Maximum application log size setting on the file server. 

C. Correct the Retention method for system log setting for the file server. 

D. Correct the Retention method for application log setting on the file server. 

E. Correct the Maximum security log size setting on the file server. 

F. Correct the Maximum system log size setting on the file server. 

Answer: AE 


Q159. All servers in your company run Windows Server 2003. All client computers use dynamically assigned IP addresses and DNS for name resolution. A few client computers also use WINS for name resolution. Client computers have difficulty resolving some server names by using a DNS server. You need to ensure that client computers can always resolve server names by using a DNS server. What should you do? 

A. Decrease the WINS Renew interval value. 

B. Decrease the WINS Verification interval value. 

C. Configure WINS forward lookup on all DNS servers. 

D. Configure conditional forwarders on all DNS servers. 

Answer: C 


Q160. Your company has an Active Directory directory service domain. You have a four-node failover cluster that is a member of the domain. You perform a quarterly Automated System Recovery (ASR) backup of the cluster, and you perform daily backups by using Windows Backup. A cluster disk fails. You need to restore the cluster disk signature to the failed cluster disk. 

What should you do? 

A. Run the cluster node command. 

B. Use the Cluster Administratortool. 

C. Power down the node with the failed cluster disk, and then use the ASR functionality. 

D. Power down all cluster nodes other than the node with the failed cluster disk, and then use the ASR functionality. 

Answer: C