70-294 bundle(86 to 102) for IT engineers: Mar 2016 Edition

Question No. 86

You have a single Active Directory service domain. All users in the IT department are placed into an organizational unit (OU) named IT Users. 

A Group Policy object (GPO) is linked to the IT Users OU. The GPO assigns a software installation package to install the Windows Server 2003 Administration Tools Pack. You select the Install this application at logon option in the software installation package. 

A user has been removed from the IT Users OU, but she still has the Windows Server Administration Tools Pack on her computer. 

You need to ensure that the Windows Server 2003 Administration Tools Pack is removed from a users computer when the user is moved from the IT Users OU. What should you do? 

A. Modify the software installation package to use the Published deployment method. Clear the Auto-install this application by file extension activation check box. Redeploy the software installation package. 

B. Modify the software installation package to clear the Install this application at logon option. Redeploy the software installation package. 

C. Modify the software installation package to select the Uninstall this application when it falls out of the scope of management option. Retain the software installation package in the GPO. 

D. Modify the software installation package to select the Uninstall this application when it falls out of the scope of management option. Delete the software installation package from the GPO. 

Answer:


Question No. 87

You are the network administrator for Southridge Video. The network consists of a single Active Directory domain named southridgevideo.com. The domain contains one domain controller. All servers run Windows Server 2003. All client computers run Windows XP Professional. The company uses Group Policy objects (GPOs) to configure user and computer settings. 

The Active Directory database and the SVSVOL shared folder are stored on separate hard disks. The hard disk containing the SVSVOL folder fails. Some Group Policy settings are still applied, but new users do not receive the Group Policy settings. 

You replace the failed disk. You discover that there are no valid backups of the SYSVOL folder. You have a list of GUIDs and friendly names for each GPO. On the new disk, you create a new shared folder named SYSVOL in the same location as the previous SYSVOL folder. 

You need to configure the network so that the user and computer settings will be applied to all users. 

Which three courses of action should you take? (Each correct answer presents part of the solution. Choose three.) 

A. In the Policies folder, create a folder for each GPO. Name the folders by using the friendly name of each GPO. In the folder for each GPO, create a folder named MACHINE and a folder named USER. 

B. In the Policies folder, create a folder for each GPO. Name the folders by using the GUID of each GPO. In the folder for each GPO, create a folder named MACHINE and a folder named USER. 

C. In the SYSVOL folder, create a folder named southridgevideo.com. In the southridgevideo.com folder, create a folder named Policies. 

D. Use Active Directory Users and Computers to open each GPO. Change at least one setting in each GPO before closing it. 

E. In the SYSVOL folder, create a folder named System State. In the System State folder, create a folder named Policies. 

F. Use Active Directory Users and Computers to open each GPO. Close each GPO without changing any settings. 

Answer: BCD 


Question No. 88

HOTSPOT  

You are the network administrator for your company. The network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains three Active Directory sites named Site1, Site2, and Site3. The sites are connected by site links as shown in the work area. 

SiteLink1 and SiteLink2 include redundant, high-speed WAN connections. 

Each site has one subnet associated with it. The number of computers in each site and the operating system that the computers are running are indicated in the following table. 

Operating system                      Site1       Site2         Site3

Windows 98                           50          30           550

Windows NT Workstation 4.0            50          20           550

Windows 2000 Professional             0           500          100

Windows XP Professional               100          0             0

Windows Server 2003                  10           20           15

Site1 contains a Windows Server 2003 domain controller named Server1 that is the relative ID (RID) master for the domain. Site2 contains two Windows Server 2003 domain controllers named Server2 and Server3. Server2 is the infrastructure master for the domain. Site3 contains a Windows Server 2003 domain controller named Server4. 

You need to decide where to place the PDC emulator role holder. You want to optimize the overall response time for users in all sites. 

Where should you place the PDC emulator role? 

To answer, select the appropriate domain controller or domain controllers in the work area. 


Answer: 


Question No. 89

You are the network administrator for Contoso, Ltd. The network consists of a single Active Directory forest, as shown in the exhibit. (Click the Exhibit button.) 


A domain controller named dcl.corp.contoso.com runs Windows 2000 Server. All other domain controllers run Windows Server 2003. 

Contoso, Ltd., is engaged in a joint venture with Litware, Inc. The network at Litware, Inc., consists of a single Active Directory forest named litwareinc.com that contains one domain. The functional level of the litwareinc.com forest is Windows Server 2003. 

You need to ensure that the users at Contoso, Ltd., can log on to the litwaremc.com forest. You upgrade dcl.corp.contoso.com to windows Server 2003. 

Which two additional courses of action should you take? (Each correct answer presents part of the solution. Choose two.) 

A. Raise the functional level of the corp.contoso.com domain and the east.corp.contoso.com domain to Windows 2000 native. Raise the functional level of the contoso.com forest to Windows Server 2003. 

B. Raise the functional level of the corp.contoso.com domain to Windows 2000 native. Raise the functional level of the east.corp.contoso.com domain to Windows Server 2003. Raise the functional level of the west.contoso.com domain to Windows Server 2003. 

C. Create a one-way forest trust relationship in which the litwareinc.com forest trusts the contoso.com forest. 

D. Create a one-way forest trust relationship in which the contoso.com forest trusts the litwareinc.com forest. 

Answer: AC 


Question No. 90

CORRECT TEXT 

You are deploying applications using GPO. You have two applications that are used for video playing. You must change the GPO so users can decide what application to install. What should you do? 

Answer: 


70-294 question

Question No. 91

You are the network administrator for your company. The network consists of a single Active Directory domain. You are testing Group Policy objects (GPOs) on an organizational unit (OU) named Test. The Test OU contains a Windows XP Professional client computer that you use as a test computer. The domain contains a group named Security. You create a new GPO and configure the Computer Configuration section to grant the Security group the Change the system time user right. You log on to the test computer and discover that the setting you set through the GPO is not in effect. You need to apply the GPO settings immediately. What should you do? 

A. Log off the test computer and log on again. 

B. Log off the test computer. Create a test user account in the Test OU and then log on as the test user account. 

C. On the test computer, run the gpupdate /force command. 

D. On the test computer, run the gpresult command. 

Answer:


Question No. 92

You have a single Active Directory directory service forest with two domains named contoso.com and corp.contoso.com. The domain functional level of each domain is set to Windows 2000 mixed. You need to enable users from both domains to access resources in both domains. What should you do? 

A. Create universal distribution groups in corp.contoso.com and add users from both domains. 

B. Create a universal distribution group in contoso.com and add users from both domains. 

C. Create global security groups in both domains and add users to the newly created security groups in their respective domain. 

D. Create a domain local security group in contoso.com and add users from both domains. 

Answer:


Question No. 93

You have a Windows Server 2003 Active Directory directory service environment that contains an organizational unit (OU) named Corp. All computers and users are located in the Corp OU. An existing Group Policy object (GPO) named HR is linked to the Corp OU. 

You deploy a new GPO named Software to the Corp OU. A global group named Corp Users contains all users and has the Read and the Apply Group Policy permissions for the Software GPO and the Corp OU. 

You need to ensure that the settings in the Software GPO are applied to all users except one specific user. The setting in the HR GPO must continue to be applied to all users. 

What should you do? 

A. Remove the specific user from the Corp Users group. 

B. Remove the Corp Users group permissions from the Software GPO. 

C. Add the specific user to the Access Control List (ACL) for the Software GPO and apply the Deny Apply Group Policy permission. 

D. Add the specific user to the Access Control List (ACL) for the Software GPO and apply the Allow Read and Apply Group Policy permission. 

Answer:


Question No. 94

CORRECT TEXT 

You are the administrator for Litware, Inc. The network consists of a single Active Directory domain named litwareinc.com. All servers run Windows Server 2003. All client computers run Windows XP Professional. 

Each Desktop support team member is configured as a Local Administrator so that the team members can install software and support the end users. 

You create a software restriction policy that only prevents users from running registry editing tools by file hash rule. You apply the policy to all user accounts in the domain. 

The desktop support team report that they are unable to run registry editing tools. 

You need to ensure that only the desktop support team can run registry editing tools. You must accomplish this task by using the Default Domain Security Settings console. Your operation must not affect other settings. 

Answer: 


Question No. 95

DRAG DROP 

You are the network administrator for TestKing.com. The network consists of a single Active Directory forest that contains two domains with three sites. Domain1 isused as an empty root domain for security purposes. Domain1 has a domain controller only in Testking1. Domain2 has domain controllers in all three sites. The domain controllers in Testking1 and Testking2 are global catalog servers. Each client computer on the network runs Windows NT Workstation 4.0, Windows 2000Professional, or Windows XP Professional. You and your administration staff are located at Testking1, where you performadministrative tasks. You want to minimize network traffic as much as possible. The number of user accounts per site for each domain is shown in the following table. 

Testking1          Testking2           Testking3

Users-Domain1     5                  0                   0

Users-Domain2     5                  100                25,000

You are planning the placement of the operations master role holders. You need to place 

your operations master roles in the appropriate sites. 

How many operations master roles should you place in each site? 

To answer, drag the appropriate number of roles to the correct locations in the work area. 


Answer: 


70-294 actual exam

Question No. 96

You have a single Active Directory directory service domain. Users each have a primary client computer but also frequently use shared client computers. You use a Group Policy object (GPO) to publish an application to the users in the marketing department. The users can remove the application when they no longer need it. 

Some users report that when they log on to a shared client computer on which the application has been removed, the application is no longer available to install. 

You need to ensure that the application is available for all users on each client computer, even if another user removes the application. 

What should you do? 

A. Modify the Group Policy software installation package to be Assigned. 

B. Modify the permissions of the GPO to deny the Authenticated Users group the Delete all child objects permission. 

C. Modify the GPO to include a software restriction policy with a Path rule to the application. 

D. Configure the link to the GPO with the Enforced option. 

Answer:


Question No. 97

You are the network administrator for your company. The company consists of two subsidiaries named Contoso, Ltd., and Fabric, Inc. The network consists of a single Active Directory forest that contains three domains. The domain and site configuration is shown in the exhibit. (Click the Exhibit button.) A computer named DC1.asia.contoso.com is a domain controller in the asia.contoso.com domain. DC1.asia.contoso.com is also a global catalog server and the preferred bridgehead server for Asia Site. The Active Directory database on DC1.asia.contoso.com contains 1 GB of data. The Asia departments in the company are implementing an Active Directory-enabled application. You expect size of the database on DC1.asia.contoso.com to increase by 200 MB. Active Directory stops responding on DC1.asia.contoso.com. You discover that the hard disk has less than 5 MB of space remaining. You need to configure DC1.asia.contoso.com so that Active Directory can restart. You also need to configure the server so that additional space is available on the hard disk for the additional data that will be added to the Active Directory database. What should you do? 


A. Install another hard disk in DC1.asia.contoso.com. Use the Ntdsutil utility to move the database to the new hard disk. 

B. Configure another server in the site to operate as a preferred bridgehead server. Configure DC1.asia.contoso.com so that it no longer operates as a preferred bridgehead server. 

C. Install another hard disk in DC1.asia.contoso.com. Use the Ntdsutil utility to move the transaction logs to the new hard disk. 

D. Delete all log files that are located in the NTDS folder. 

Answer:


Question No. 98

You are the network administrator for Contoso, Ltd. The network consists of a single Active Directory forest that contains a single domain named contoso.com. The functional level of the forest is Windows Server 2003. Your company purchases a company named Fabrikam, Inc. The Fabrikam, Inc., network consists of one Windows NT 4.0 account domain and two Windows NT 4.0 resource domains, as shown in the exhibit. (Click the Exhibit button.) All file resources are stored on file servers in the contoso.com domain and in the FABRESOURCE1 domain. You need to accomplish the following goals: You need to minimize the number of trust relationships that must be maintained in the network environment. Users in each company must be able to access the file resources on the file servers in the other company's domain. Which two actions should you take? (Each correct answer presents part of the solution. Choose two.) 


A. Create a one-way external trust relationship in which the contoso.com domain trusts the FABACCOUNT domain. 

B. Create a one-way external trust relationship in which the contoso.com domain trusts the FABRESOURCE1 domain. 

C. Create a one-way external trust relationship in which the FABACCOUNT domain trusts the contoso.com domain. 

D. Create a one-way external trust relationship in which the FABRESOURCE1 domain trusts the contoso.com domain. 

Answer: AD 


Question No. 99

You are the network administrator for Lucerne Publishing. Lucerne Publishing has offices in New York, Copenhagen, and Ankara. The network consists of a single Active Directory domain and three sites. The sites are named NYSite, CopSite, and AnkSite. Lucerne Publishing is adding a new division at the New York office for publishing fiction books. You create a new organizational unit (OU) named Fiction for the fiction division. You add a new network segment and subnet for the fiction division. You plan to place new Windows XP Professional computers for the fiction division in the new subnet. You also plan to add a new domain controller to NYSite. You need to ensure that users in the fiction division use the domain controllers in the New York office when logging on to the network. What should you do? 

A. Decrease the metric for the default gateway on the new Windows XP Professional computers. 

B. Configure the location attribute for the new Windows XP Professional computers to be NYSite. 

C. Move the domain controller objects for the domain controllers in the New York office to the Fiction OU. 

D. Create a new subnet object for the the new subnet. Add the new subnet object to NYSite. 

Answer:


Question No. 100

Your company has a main office and 30 branch offices. You are planning the implementation of Active Directory directory service. You need to implement a solution that allows local administrators in the branch offices to administer user accounts in their own locations while preventing the administrators from administering any other resources in their location. You must ensure that administrators in the main office have the ability to administer all user accounts, in all locations. Main office administrators must not have the ability to edit the contents of the default Users container. What should you do? 

A. Create a forest root domain for the main office, and create a child domain for each branch office. Add the main office administrators to the Enterprise Admins group in the root domain, and add the branch office administrators to the Domain Admins group in the appropriate child domain. 

B. Create a forest root domain for the main office, and create a child domain for each branch office. Add the main office administrators to the Domain Admins group in the root domain, and add the branch office administrators to the Account Operators group in the appropriate child domain C. Create a single domain. Create a separate organizational unit (OU) for the main office and for each branch office. At the domain level, grant the main-office administrators the ability to create, delete, and manage user accounts. On the branch OUs, grant the location-specific administrators the ability to create, delete, and manage user accounts. 

D. Create a single domain. Create an organizational unit (OU) for the main office users and child OUs for each of the branch offices. At the main office OU, grant main-office administrators the ability to create, delete, and manage user accounts. On each child OU, grant the location-specific admin the ability to create, delete, and manage user accounts. 

Answer:


Question No. 101

You are the network administrator for your company. Your network consists of a single Active Directory domain. Three security groups named Accountants, Processors, and Management are located in an organizational unit (OU) named Accounting. All of the user accounts that belong to these three groups are also in the Accounting OU. 

You create a Group Policy object (GPO) and link it to the Accounting OU. You configure the GPO to disable the display options under the User Configuration section of the GPO. 

You need to achieve the following goals: 

. You need to ensure that the GPO applies to all user accounts that are members of the Processors group. 

. You need to prevent the GPO from applying to any user account that is a member of the Accountants group. 

. You need to prevent the GPO from applying to any user account that is a member of the Management group, unless the user account is also a member of the Processors group. 

What should you do? 

A. . Modify the discretionary access control list (DACL) settings of the GPO to assign the Accountants security group the Deny – Read and the Allow - Apply Group Policy permissions. 

. Modify the DACL settings of the GPO to assign the Management security group the Deny 

-Read and the Deny - Apply Group Policy permissions. 

B. . Modify the discretionary access control list (DACL) settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. 

. Modify the DACL of the GPO to assign the users who are in both the Accountants and Management security groups the Allow -Read and the Allow - Apply Group Policy permissions. 

C. . Modify the discretionary access control list (DACL) settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. 

. Create a new security group named Mixed that contains all the user accounts from the Processors group and the specific user accounts from the Management group to which you want the GPO to apply. 

. Modify the DACL of the GPO to assign the Mixed security group the Allow - Read and the Allow - Apply Group Policy permissions. 

D. . Modify the discretionary access control list (DACL) settings of the GPO to assign the Accountants security group the Deny – Read and the Deny - Apply Group Policy permissions. 

. Modify the DACL settings of the GPO to remove the Authenticated Users special group. 

. Modify the DACL settings of the GPO to add the Processors group and assign the Allow -Read and the Allow - Apply Group Policy permissions. 

Answer:


Question No. 102

Your company plans to distribute an application to all of its client computers by using Group Policy. 

You save a file named setup.msi to a local folder on the domain controller. You assign the Authenticated Users group the Read and Read& Execute permissions for the folder. You create a new Group Policy object (GPO) and a new Computer Configuration software installation package, and you point the package to the setup.msi file in the local folder, YOU link the GPO to an organizational unit (OU) that contains a computer object for a test client computer. 

When you log on to the test client computer, you notice that the application is not installed. 

You need to ensure that the application is installed on the test computer. 

What should you do? 

A. Modify the permissions on the folder that contains the setup.msi file so that authenticated users have the List Folder Contents permission. Log off the client computer and then log on. 

B. Modify the permissions on the folder that contains the setup.msi file so that authenticated users have the List Folder Contents permission. Restart the client computer. 

C. Place the setup.msi file into a shared folder. Modify the software installation package to point to the shared folder. Log off the client computer and then log on. 

D. Place the setup.msi file into a shared folder. Modify the software installation package to point to the shared folder. Restart the client computer. 

Answer: