http://www.exam4actual.com/70-293.html
1. You are a network administrator for your company. The network contains Windows Server 2003 computers and Windows XP Professional client computers. All computers are members of the same Active Directory forest. The company uses a public key infrastructure (PKI) enabled application to manage marketing data. Certificates used with this application are managed by the application administrators. You install Certificate Services to create an offline stand-alone root certification authority (CA) on one Windows Server 2003 computer. You configure a second Windows Server 2003 computer as a stand-alone subordinate CA. You instruct users in the marketing department to enroll for certificates by using the Web enrollment tool on the stand-alone subordinate CA. Some users report that when they attempt to complete the enrollment process, they receive an error message on their certificate, as shown in the exhibit. (Click the Exhibit button.) Other users in the marketing department do not report receiving the error. You need to ensure that users in the marketing department do not continue to receive this error message. You also need to ensure that only users in the marketing department trust certificates issued by this CA. You create a new organizational unit (OU) named Marketing. What else should you do?
A. Place all marketing department computer objects in the Marketing OU. Create a new Group Policy object (GPO) and link it to the Marketing OU. Publish the root CA’s root certificate in the Trusted Root Certification Authorities section of the GPO.
B. Place all marketing department user objects in the Marketing OU. Create a new Group Policy object (GPO) and link it to the Marketing OU. In the User Configuration section of the GPO, configure a certificate trust list (CTL) that contains the subordinate CA’s certificate.
C. Place all marketing department computer objects in the Marketing OU. Create a new Group Policy object (GPO) and link it to the Marketing OU. In the Computer Configuration section of the GPO, configure a certificate trust list (CTL) that contains the subordinate CA’s certificate.
D. Place all marketing department user objects in the Marketing OU. Create a new Group Policy object (GPO) and link it to the Marketing OU. In the User Configuration section of the GPO, configure a certificate trust list (CTL) that contains the root CA’s certificate.
Answer: D
2. Servers in your environment run Windows Server 2003. You plan to configure a highly available file server. You need to choose the appropriate high-availability technology and the minimum Windows Server 2003 edition for this server. Which technology and edition should you choose? (Each correct answer presents part of the solution. Choose two.)
A. failover clustering
B. Network Load Balancing
C. Windows Server 2003, Standard Edition
D. Windows Server 2003, Enterprise Edition
Answer: A D
3. You are the network administrator for Contoso, Ltd. The network consists of a single Active Directory domain named contoso.com. The functional level of the domain is Windows Server 2003. The domain contains Windows Server 2003 computers and Windows XP Professional computers. The domain consists of the containers shown in the exhibit. (Click the Exhibit button.) All production server computer accounts are located in an organizational unit (OU) named Servers. All production client computer accounts are located in an OU named Desktops. There are Group Policy objects (GPOs) linked to the domain, to the Servers OU, and to the Desktops OU. The company recently added new requirements to its written security policy. Some of the new requirements apply to all of the computers in the domain, some requirements apply to only servers, and some requirements apply to only client computers. You intend to implement the new requirements by making modifications to the existing GPOs. You configure 10 new Windows XP Professional computers and 5 new Windows Server 2003 computers in order to test the deployment of settings that comply with the new security requirements by using GPOs. You use the Group Policy Management Console (GPMC) to duplicate the existing GPOs for use in testing. You need to decide where to place the test computer accounts in the domain. You want to minimize the amount of administrative effort required to conduct the test while minimizing the impact of the test on production computers. You also want to avoid linking GPOs to multiple containers. What should you do?
A. Place all test computer accounts in the contoso.com container.
B. Place all test computer accounts in the Computers container.
C. Place the test client computer accounts in the Desktops OU and the test server computer accounts in the Servers OU.
D. Create a child OU under the Desktops OU for the test client computer accounts. Create a child OU under the Servers OU for the test server computer accounts.
E. Create a new OU named Test under the contoso.com container. Create a child OU under the Test OU for the test client computer accounts. Create a second child OU under the Test OU for the test server computer accounts.
Answer: E
http://www.certtop.com/70-293.html
4. Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You have a stand-alone server that serves as a Stand-alone root certification authority (CA). You need to ensure that a specific user can back up the CA and configure the audit parameters on the CA. What should you do?
A. Assign the user account to the CA Admin role.
B. Add the user account to the local Administrators group.
C. Grant the user the Back up files and directories user right.
D. Grant the user the Manage auditing and security log user right.
Answer: B
5. You are a network administrator for your company. You install Windows Server 2003, Enterprise Edition on two servers named Server1 and Server2. You configure Server1 and Server2 as a two-node server cluster. Server1 and Server2 are connected to a shared fiber-attached array. You configure the server cluster for file sharing. You configure Server1 as the preferred owner of the file sharing resources. You perform the following backups by using the Backup or Restore Wizard. Tuesday Wednesday Server1 Normal backup including system state Incremental backup and Automated System Recovery (ASR) backup Server2 Normal backup including system state Incremental backup and ASR backup On Thursday morning, Server2 experiences a hard disk failure. The failed disk contains only the operating system for Server2. You evict Server2 from the server cluster. You need to recover Server2 and restore it to the cluster. You need to minimize data loss and recovery time. What should you do?
A. Restore the quorum disk signature and data from the Tuesday backup of Server1, and add Server2 to the server cluster.
B. Restore Server2 by using ASR, and add Server2 to the server cluster.
C. Restore the Tuesday backup of Server2, and add Server2 to the server cluster.
D. Restore the Tuesday normal backup and the Wednesday incremental backup of Server2, and add Server2 to the server cluster.
Answer: B
6. You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. The domain contains a Windows Server 2003 computer named Server1. You are planning a public key infrastructure (PKI) for the company. You want to deploy a certification authority (CA) on Server1. You create a new global security group named Cert Administrators. You need to delegate the tasks to issue, approve, and revoke certificates to members of the Cert Administrators group. What should you do?
A. Add the Cert Administrators group to the Cert Publishers group in the domain.
B. Configure the Certificates Templates container in the Active Directory configuration naming context to assign the Cert Administrators group the Allow – Write permission.
C. Configure the CertSrv virtual directory on Server1 to assign the Cert Administrators group the Allow – Modify permission.
D. Assign the Certificate Managers role to the Cert Administrators group.
Answer: D
http://www.exam4actual.com/70-293.html
7. Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You plan to create a security update scan procedure for client computers. You need to choose a security tool that supports all the client computers. Which tool should you choose?
A. UrlScan Security Tool
B. Enterprise Scan Tool (EST)
C. Malicious Removal Tool (MRT)
D. Microsoft Baseline Security Analyzer (MBSA)
Answer: D
8. Your company has a single Active Directory directory service domain. Servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You plan to create an internal centrally managed security update infrastructure for client computers. You need to choose a security update management tool that supports all the client computers. Which tool should you choose?
A. Microsoft Assessment and Planning (MAP) Toolkit
B. Microsoft Baseline Security Analyzer (MBSA)
C. Microsoft System Center Operations Manager
D. Windows Server Update Services (WSUS)
Answer: D
9. Your company has an Active Directory directory service domain. All servers run Windows Server 2003. You are developing a security monitoring plan. You must monitor the files that are stored in a specific directory on a member server. You have the following requirements. Log all attempts to access the files.Retain log information until the full weekly backup occurs. You need to ensure that the security monitoring plan meets the requirements. What should your plan include?
A. Configure a directory service access audit policy. Increase the maximum size of the security log.
B. Configure a directory service access audit policy. Set the system log to overwrite events older than 7 days.
C. Configure an object access audit policy for the directory. Increase the maximum size of the system log.
D. Configure an object access audit policy for the directory. Set the security log to overwrite events older than 7 days.
Answer: D
http://www.test4actual.com/70-680.html
10. You are a network administrator for your company. The network consists of multiple physical segments. The network contains two Windows Server 2003 computers named Server1 and Server2, and several Windows 2000 Server computers. Server1 is configured with a single DHCP scope for the 10.250.100.0/24 network with an IP address range of 10.250.100.10 to 10.250.100.100. Several users on the network report that they cannot connect to file and print servers, but they can connect to each other’s client computers. All other users on the network are able to connect to all network resources. You run the ipconfig.exe /all command on one of the affected client computers and observe the information in the following table.
You need to configure all affected client computers so that they can communicate with all other hosts on the network. Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
A. Disable the DHCP service on Server2.
B. Increase the IP address range for the 10.250.100.0/24 scope on Server1.
C. Add global DHCP scope options to Server1 for default gateway, DNS servers, and WINS servers.
D. Delete all IP address reservations in the scope on Server1.
E. Run the ipconfig.exe /renew command on all affected client computers.
F. Run the ipconfig.exe /registerdns command on all affected client computers.
Answer: A E
Here is the other Microsoft exams : http://www.scp-500.com
