Limited Time Discount Offer 30% Off - Ends in 02:00:00

×

Microsoft 70-214 Exam - Implementing and Administering Security in a Microsoft Windows 2000 Network

Questions & Answers for Microsoft 70-214

Showing 1-15 of 150 Questions

Question #1 - Topic 0

You are the network administrator for your company. The network consists of a Windows
2000 Active Directory domain. The domain contains 100 Windows 2000 Server computers,
5,000 Windows 2000 Professional computers, and 1,000 Windows XP Professional
computers.
The computer accounts for all servers are located in an organizational unit (OU) named
Servers. The computer accounts for all client computers are located in an OU named
Desktops. All user accounts are located in an OU named CorpUsers.
You download a new Windows 2000 service pack from the Microsoft Web site. The service
pack is distributed as a Microsoft Windows Installer package.
You need to ensure that all Windows 2000 Professional computers receive the service
pack. The service pack must not be deployed to any Windows XP Professional computers.
Which three actions should you take? (Each correct answer presents part of the solution.
Choose three.)

A. Create a child OU named WinXP under the Desktops OU. Move all Windows XP Professional computer accounts to the WinXP OU.

B. Create a child OU named Win2000 under the Desktops OU. Move all Windows 2000 Professional computer accounts to the Win2000 OU.

C. Create a Group Policy object (GPO) named W2KSP. In the user configuration section of W2KSP, publish the service pack installer file.

D. Create a Group Policy object (GPO) named W2KSP. In the computer configuration section of W2KSP, assign the service pack installer file.

E. Link W2KSP to the Desktops OU.

F. Link W2KSP to the CorpUsers OU.

G. Link W2KSP to the Win2000 OU.

Question #2 - Topic 0

You are the network administrator for your company. The network consists of a Windows
2000 Active Directory domain. The network contains two Windows 2000 Server computers
configured as domain controllers and 1,500 Windows 2000 Professional client computers.
You place three client computers in a public waiting area for guests. You create an
organizational unit (OU) named Public and move the three client computer accounts into it.
You create a Group Policy object (GPO) named Publock. You enable several restrictions
for the desktop, Start menu, and Taskbar in the Publock GPO.
You need to ensure that all settings in the Publock GPO are applied to any user who logs
on to the three client computers in the public waiting area. What should you do?

A. Configure Block Policy inheritance on the Public OU.

B. Configure the Publock GPO to enable User Group Policy loopback processing mode in Replace Mode .

C. Modify the DACL of the Publock GPO and give the Everyone group Read and Apply Group Policy permissions.

D. Select the Disable User Configuration settings option on the Publock GPO. Configure the Deny access to this computer from the network policy in the computer configuration section of the GPO.

Question #3 - Topic 0

You are the administrator of a Windows 2000 Active Directory domain. The domain
contains Windows 2000 Professional client computers and Windows 2000 Server
computers. The domain has five Windows 2000 domain controllers. All computers are in
the same site.
A user named Bruno reports that he receives an access-denied error message when he
attempts to connect from his Windows 2000 Professional client computer to a share named

A. Instruct Bruno to log off and log on to his Windows 2000 Professional client computer again.

B. On ServerA, run the net use command to delete all connections to Bruno's computer.

C. On ServerA, use the Computer Management console to disconnect all sessions that are connected from Bruno's computer.

D. Use the Active Directory Sites and Services console to force replication on the five domain controllers.

Question #4 - Topic 0

You are the network administrator for your company. The network consists of a Windows
2000 Active Directory domain. The Web developers in your company use portable
computers, which are members of the domain. These computers run Windows XP
Professional and Internet Information Services (IIS). The developers use IIS to create Web
applications for your company.
A developer reports that his computer becomes infected with a virus every time he uses the
computer at home. Your company's anti-virus software successfully removes the virus
each time the problem occurs.
You discover that the developer uses a USB network adapter to connect his computer to a
cable modem when he works at home. You also discover that the same virus infects the
computer each time by attacking IIS.
You need to prevent the virus from infecting the developer's computer and allow the
developer to use the computer normally while working at home.
How should you configure the developer's computer?

A. Modify the Remote Desktop permissions list so that only the local Administrator account is listed.

B. Disable Internet Connection Sharing for all network connections.

C. Enable the Internet Connection Firewall for the network connection used to connect to the developer's cable modem.

D. Create a Group Policy object (GPO) and link it to the organizational unit (OU) that contains the developer's computer. Configure the GPO to disable the World Wide Web Publishing service. In the GPO, select the No Override check box.

Question #5 - Topic 0

You are the network administrator for your company. The network consists of a Windows
2000 Active Directory domain. The domain contains computers that run Windows 2000
Server, Windows 2000 Professional, or Windows XP Professional.

A. Configure IIS to use Bruno's domain user account for anonymous access.

B. Configure the World Wide Web Publishing service to use Bruno's domain user account as the service account.

C. Create a security template that configures Bruno's domain user account as a user account that can stop and start the World Wide Web Publishing service. Apply the template to ServerA.

D. Create a custom administrative template that configures Bruno's domain user account as a user account that has security permissions to the folder containing the company Web site. Apply the template to ServerA.

Question #6 - Topic 0

You are the network administrator for your company. Your network consists of a Windows
2000 Active Directory domain. Your company has three departments: research, sales, and
operations. Each department has a separate organizational unit (OU) in the domain that
contains all user and group accounts for that department.
The network includes two Windows 2000 Server computers configured as domain
controllers. One Windows 2000 Server computer, named ServerC, is running Remote
Installation Services (RIS) and the DHCP service. The network also contains 1,500
Windows 2000 Professional client computers, which were installed from CD-based RIS
images stored on ServerC.
Your company receives 25 new computers of the same type that you are using for your
network client computers. You prepare to install 25 new Windows 2000 Professional client
computers. You must place the computer accounts for these client computers in the
Research OU. All these client computers require a custom set of applications and the latest
service pack.
You install Windows 2000 Professional on a client computer and name the computer
Client1. You install and configure all the custom applications and the latest service pack on
Client1.
You want to install the required applications and the service pack on the rest of the new
client computers with the least amount of administrative effort. What should you do?

A. Create new Group Policy objects (GPOs) and link them to the Research OU. Configure a GPO with an installation package for each required application and the service pack.

B. Create an unattended answer file based on the configuration of Client1. Save that answer file as Risetup.sif and associate it with the CD-based RIS image on ServerC. Use the CD-based RIS image to install the software on each new client computer.

C. Copy the contents of the Windows 2000 Professional CD-ROM to a folder on ServerC. Slipstream the latest service pack to that folder. Create a new RIS image from that folder. Run the riprep command on Client1 to create a new image on ServerC. Use the riprep image to install the new client computers.

D. Install the new client computers by using the existing CD-based RIS image on the RIS server. Install each required application on each client manually. Create a new Group Policy object (GPO) and link it to the domain. Configure the GPO with a software installation package for the latest service pack.

Question #7 - Topic 0

You are the administrator of your company's network. The network consists of a Windows
2000 Active Directory domain. The domain contains a Windows 2000 Server computer that
runs Internet Information Services (IIS) and hosts an extranet research Web site.
You establish the Certification Authority (CA) hierarchy shown in the exhibit to distribute
certificates to all computers and users in the company. (Click the Exhibit button.)
RootCA and PolicyCA are removed from the network. IssuingCA issues all certificates to
the users and computers in your network. IssuingCA publishes its Certificate Revocation
List (CRL) every seven days. Certificates issued by IssuingCA are associated with user
accounts in Active Directory by defining certificate mappings at the IIS server.
A user named Bruno in the research department leaves the company. You must ensure
that he can no longer access the network or connect to the extranet research Web site by

A. Delete the certificate mapping at the IIS server that hosts the Research Web site. Publish the latest version of the Root Certification Authority and Subordinate Certification Authority certificates to the Authority Information Access (AIA) of IssuingCA.

B. Delete the certificate mapping at the IIS server that hosts the Research Web site. Publish the latest version of the CRL to the CRL Distribution Points (CDPs) of IssuingCA.

C. Disable Bruno's domain user account. Revoke all certificates issued to Bruno by IssuingCA in the Certification Authority console. Publish the latest version of the Root Certification Authority and Subordinate Certification Authority certificates to the Authority Information Access (AIA) of IssuingCA.

D. Disable Bruno's domain user account. Revoke all certificates issued to Bruno by IssuingCA in the Certification Authority console. Publish the latest version of the CRL to the CRL Distribution Points (CDPs) of IssuingCA.

Question #8 - Topic 0

You are the network administrator for your company. The network contains four Windows
2000 Server computers: ServerA, ServerB, ServerC, and ServerD.
ServerA, ServerB, and ServerC run Routing and Remote Access and accept dial-up
connections from company users. Each server is connected to a modem bank, which
automatically directs an incoming phone number to the first free phone line.
ServerD runs Internet Authentication Service (IAS). ServerA, ServerB, and ServerC are
configured to use ServerD as a Remote Authentication Dial-in User Service (RADIUS)
server. ServerD is configured to accept ServerA, ServerB, and ServerC as RADIUS clients.
You configure remote access policies on ServerA as shown in the following table.

Members of the Domain Admins group report that they are sometimes able to connect on
weekends. However, they can also connect at any time during the week. Members of the
Domain Users group report that they are sometimes unable to connect during the week
and are sometimes able to connect on weekends.
You need to ensure that all members of the Domain Users group can dial in only between
5:00 P.M. and 11:00 P.M. on weekdays and that all members of the Domain Admins group
can dial in at any time. You also want to minimize the amount of time required to change or
add remote access policies in the future.
What should you do?

A. Configure ServerD to have the same remote access policies as ServerA.

B. Configure ServerB and ServerC to have the same remote access policies as ServerA.

C. On ServerA, move the Block_Weekend remote access policy to come before the Allow_Admins remote access policy.

D. On ServerA, move the Block_Weekend remote access policy to come before the Allow_DU_Night remote access policy.

Question #9 - Topic 0

You are the network administrator for your company. The network consists of a Windows
2000 Active Directory domain named nwtraders.msft. The network includes Windows 2000
Professional client computers. All consultants' portable computers run Windows 2000
Professional.
The relevant portion of the Active Directory structure is shown in the exhibit. (Click the
Exhibit button.)
Within the organizational unit (OU) structure, the consulting department user objects are
located in the Staff OU. The consultants' portable computer objects are located in the
Laptops OU.
Northwind Traders' written security policy requires that Encrypting File System (EFS) be
enabled for the consultants. The written policy requires that EFS encryption be disabled for
any other employees of the company.
You must ensure that the written policy is enforced.
What should you do?

A. Create a Group Policy object (GPO) and link it to the Staff OU. Configure the GPO to define an EFS Recovery Agent. Define an empty EFS Recovery Agent policy in the Default Domain Policy at the domain.

B. Create a Group Policy object (GPO) and link it to the Laptops OU. Configure the GPO to define an EFS Recovery Agent. Define an empty EFS Recovery Agent policy in the Default Domain Policy at the domain.

C. Create a Group Policy object (GPO) and link it to the Staff OU. Configure the GPO to define an EFS Recovery Agent. Define an empty EFS Recovery Agent policy in the Default Domain Controllers Policy at the Domain Controllers OU.

D. Create a Group Policy object (GPO) and link it to the Laptops OU. Configure the GPO to define an EFS Recovery Agent. Define an empty EFS Recovery Agent policy in the Default Domain Controllers Policy at the Domain Controllers OU.

Question #10 - Topic 0

You are the network administrator for your company. The network consists of a Windows
2000 Active Directory domain. All client computers run Windows 2000 Professional. All
servers run Windows 2000 Server. All company and user data is stored on servers.
Administrators perform remote administration by using Terminal Services connections to
the servers. Remote administration is performed from the internal network during business
hours and from remote locations after business hours. Users do not use Terminal Services
connections.
Users in the accounting department report that several confidential files have been
modified or deleted by an unknown user during the night. You discover that the files were
modified or deleted by the user account of a former employee in the accounting
department. You suspect that the former employee gained access to the data folders by
means of a Web-based Terminal Services connection from outside the network.
You disable the user account. You need to ensure that only authorized administrators can
connect to Terminal Services from outside the network. What should you do? (Each correct
answer presents part of the solution. Choose two.)

A. On the firewall server, disable inbound HTTP connections.

B. On the firewall server, disable inbound Terminal Services connections.

C. On all servers, disable Internet Information Services (IIS).

D. On all servers, configure Terminal Services to use a nonstandard port. Enable this port for inbound access on the firewall server.

E. Configure a Routing and Remote Access server as a virtual private network (VPN) server. Grant only administrators remote access permission and configure the firewall server to allow inbound VPN connections.

Question #11 - Topic 0

You are the network administrator for your company. The network consists of a Windows
2000 Active Directory domain.
Your company has several sales employees who travel with Windows XP portable
computers. To check their e-mail and upload data, the sales employees must dial in to the
company's network using a toll-free number.
The network includes a stand-alone Windows 2000 Server computer named ServerA,
which runs Routing and Remote Access. ServerA is configured to allow PPTP connections
to the network. ServerA is installed at the network perimeter. Employees who work from
home connect to ServerA to gain access to the company network.
Your company wants to reduce long-distance phone charges by finding a cheaper solution.
A national Internet service provider (ISP) has a calling plan that will provide local phone
number Internet access for all cities the sales employees work in. The same phone
numbers are used by all companies who subscribe to the service. Your company
purchases the plan, and you configure the portable computers to use a local phone number
and PPTP to connect to the corporate network.
You must develop a solution that allows users to use a single password when connecting
to the ISP and the corporate network. First you install the Internet Authentication Service
(IAS) on a server on the network of the company to act as a Remote Access Dial-in User
Service (RADIUS) server.
What else should you do?

A. Ask the ISP to configure a RADIUS client to forward authentication requests to the IAS server on your network. Configure ServerA to use Windows Authentication, with ServerA providing authentication.

B. Ask the ISP to configure a RADIUS proxy to forward authentication requests to the IAS server on your network. Configure ServerA to use Windows Authentication, with ServerA providing authentication.

C. Ask the ISP to configure a RADIUS client to forward authentication requests to the IAS server on your network. Configure ServerA to use RADIUS Authentication, with the IAS server on your network providing authentication.

D. Ask the ISP to configure a RADIUS proxy to forward authentication requests to the IAS server on your network. Configure ServerA to use RADIUS Authentication, with the IAS server on your network providing authentication.

Question #12 - Topic 0

You are the network administrator for your company. The network consists of a Windows
2000 Active Directory domain. The domain contains Windows 2000 Server computers and
Windows 2000 Professional client computers.
A Windows 2000 member server named ServerA hosts the corporate intranet Web site.
ServerA runs Internet Information Services (IIS) 5.0. Users on the network use an
anonymous connection to connect to the intranet Web site.
The corporate security department has given you a custom security template for the Web

A. Disable the local IUSR_SERVERA user account.

B. Reset the password for the AnonWeb user account.

C. Configure the AnonWeb user account to enable the User must change password at next logon option.

D. Grant the AnonWeb user account the Access this computer from the network user right on ServerA.

Question #13 - Topic 0

You are the network administrator for your company. The network consists of a Windows
2000 Active Directory domain. The network contains two Windows 2000 Server computers
configured as domain controllers and 1,500 Windows 2000 Professional client computers.
The company has three departments: research, sales, and operations. Each department
has a separate organizational unit (OU) in the domain that contains all user and group
accounts for that department.
The written security policy for your company concerning the Account Lockout Policy
specifies that users entering an invalid password more than three times in 24 hours must
be locked out until the administrator unlocks their account.
A user from the Research OU reports that he accidentally locked out his domain account
before he went on a week long vacation, but now he can log on using his domain account.
You learn that no administrator unlocked his account.
You review the Account Lockout Policy portion of the security template for the organization.
The relevant settings of the security template are shown in the following table.

You must ensure that the Account Lockout Policy complies with the written policy. What
should you do?

A. Set the Account lockout duration policy on the security template to 0 minutes . Import the template to the Domain Security Policy.

B. Configure the Account lockout duration policy on the security template as Not defined . Import the template to the Domain Security Policy.

C. Create a new Group Policy object (GPO) and link it to the Research OU. Set the Reset account lockout counter after policy on the security template to 0 minutes . Import the template to the new GPO.

D. Create a new Group Policy object (GPO) and link it to the Research OU. Configure the Reset account lockout counter after policy on the security template as Not defined . Import the template to the new GPO.

Question #14 - Topic 0

You are the network administrator for your company. The network consists of a Windows
2000 Active Directory domain. The domain contains five Windows 2000 Server domain
controllers and 20 Windows 2000 Professional computers. The computer accounts for all
client computers are contained in an organizational unit (OU) named Desktops.
Four Group Policy objects (GPOs) are linked to the Desktops OU. The Desktops OU
properties are configured as shown in the following exhibit.

The administrator of the Desktops OU customizes each GPO by using several settings and
a different security template, as shown in the following table.

On average, the security logs increase by 1,000 KB per day. When you inspect the logs on
one of the desktops, you find that approximately eight days of security logs are being
retained. You want to retain approximately 20 days of security log settings.
On average, the security logs increase by 1,000 KB per day. When you inspect the logs on
one of the desktops, you find that approximately eight days of security logs are being
retained. You want to retain approximately 20 days of security log settings.
What should you do?

A. Make GPO B the highest in the GPO list.

B. Make GPO B the lowest in the GPO list.

C. Create a new domain security group and add the users of the desktops to the new group. Grant the security group Read and Apply Group Policy permissions on GPO B.

D. Create a new domain security group and add the desktop computers to the new group. Grant the security group Read and Apply Group Policy permissions on GPO B.

Question #15 - Topic 0

You are the network administrator for your company. The network consists of a Windows
2000 Active Directory domain. The domain contains Windows 2000 domain controllers and
Windows 2000 Professional computers. The network also includes Windows 98 computers.
You create an organizational unit (OU) named Client_Comps. You move all Windows 2000
client computer accounts to this OU. You create a Group Policy object (GPO) named
GPO1 and link it to the Client_Comps OU. You import the Securews.inf security template to
GPO1.
The Windows 98 computers contain security settings by means of a system policy. You
upgrade the Windows 98 computers to Windows 2000 Professional.
You discover that the upgraded client computers do not have the same security settings as
the other Windows 2000 Professional computers. You need to ensure that all client
computers have the same security settings.
What should you do?

A. Move the computer account for each upgraded computer to the Client_Comps OU.

B. Set No Override on the Default Domain Group Policy object (GPO).

C. Clear the Block Policy inheritance check box in the Client_Comps OU.

D. Perform a clean install of Windows 2000 Professional on each upgraded computer.

You Need Avanset VCE Player in Order to Open VCE Files

AUTUMN SALE: 30% DISCOUNT
This is ONE TIME OFFER

You save
30%

Enter Your Email Address to Receive Your 30% Discount Code

AUTUMN SALE: 30% DISCOUNT

You save
30%

Use Discount Code:

A confirmation link was sent to your e-mail.

Please check your mailbox for a message from support@exam-labs.com and follow the directions.