Limited Time Discount Offer
30% Off - Ends in 02:00:00

X

Microsoft 70-297 Dumps

Microsoft
Designing a Windows Server 2003 Active Directory and Network Infrastructure
Microsoft
Designing a Windows Server 2003 Active Directory and Network Infrastructure

Questions & Answers for Microsoft 70-297

Showing 1-15 of 101 Questions

Question #1 - Topic 1

You are designing a DNS implementation strategy for the network. Which two zone types
should you use? (Each correct answer presents part of the solution. Choose two.)

A. standard secondary zones

B. reverse lookup zones

C. Active Directory-integrated zones

D. standard primary zones

Explanation:
Explanation:
Reverse lookup zones provide IP and Hostname restrictions for IIS.
Active Directory-integrated zones are fault tolerant and secure.
Reference:
Walter Glenn, and Michael T. Simpson; MCSE 70-297 Training Kit - Designing a Windows
server 2003 Active Directory and Network Infrastructure, Chapter 6, pp. 6-15.
Martin Grasdal, Laura E. Hunter, and Michael Cross; Planning and Maintaining a Windows
Server 2003 Network Infrastructure: Exam 70-293 Study Guide & DVD Training System,
Syngress, Chapter 6, pp. 469.

Question #2 - Topic 1

You are designing an Active Directory implementation strategy to present to executives
from your company and from Contoso, Ltd. Which implementation strategy should you
use?

A. Upgrade the New York domain. Upgrade the Chicago domain. Create a pristine forest for Contoso, Ltd.

B. Create a pristine forest. Upgrade the New York domain. Upgrade the Chicago domain. Create a new child domain for Contoso, Ltd.

C. Create a pristine forest. Upgrade the New York domain. Upgrade the Chicago domain. Do nothing further.

D. Create a pristine forest. Upgrade the New York domain. Upgrade the Chicago domain. Create a pristine forest for Contoso, Ltd.

Explanation:
Explanation:
The case study states:the company has decided to implement a Windows Server
2003 Active Directory environment. It also says that Currently, Litware, Inc. has two
Windows NT 4.0 domains
The Active Directory Installation Wizard simplifies upgrading a Windows NT domain to
Windows Server 2003 Active Directory. The Active Directory Installation Wizard installs and
configures domain controllers, which provide network users and computers access to the
Active Directory directory service. Any member server (except those with restrictive license
agreements) can be promoted to domain controllers using the Active Directory Installation
Wizard. During this process you will define one of the following roles for the new domain
controller:
✑ New forest (also a new domain)
✑ New child domain
✑ New domain tree in an existing forest
✑ Additional domain controller in an existing domain
By creating two new forests, you are providing isolation and. This satisfies the
organizational requirements.

Question #3 - Topic 1

You are designing a forest and domain structure to address the concerns of Contoso, Ltd.,
and to meet the business and technical requirements. You want to use the minimum
number of domains and forests that are required. Which domain structure should you use?

A. one forest and two domains

B. one forest and four domains

C. one forest and three domains

D. two forests and four domains

E. two forests and three domains

Explanation:
Explanation:
This question address a concept Microsoft has recently adopted for Windows 2003:
isolation vs. autonomy.
The "Organizational Goals" section of the case states:
The company has also agreed that management of Contoso, Ltd. data must be completely
isolated from all other Litware, Inc. data. This included the ability to manage security of
Contoso, Ltd. resources. There will be no exceptions.
The key phrases in the case are "data must be completely isolated" and "included the
ability to manage security". If Contoso becomes a sub-domain or OU in the Litware forest,
there will always be higher level administrators (non-client related) who can assign
themselves rights to Contoso data. The security boundary for isolation is the forest, and the
answer should reflect that.
Use multiple forests when you need to provide support for multiple distinct companies or
when you need to provide autonomy or isolation to a unit within a company.

Question #4 - Topic 1

You are designing an IP addressing strategy for your VPN solution.
How many public addresses should you use?

A. 1

B. 25

C. 50

D. 255

Explanation: Explanation:
VPN connections will be assigned through the New York office.

Question #5 - Topic 1

You are designing the placement of the global catalog servers. You want to use the
minimum number of global catalog servers that are required. Which design should you
use?

A. one global catalog server in New York

B. two global catalog servers in Chicago and two global catalog servers in New York

C. one global catalog server in Chicago, one global catalog server in New York, and one global catalog server in Boston

D. one global catalog server in Chicago and one global catalog server in New York

E. two global catalog servers in New York

Explanation:
The "Network Infrastucture" section of the case states that Boston requires high availability
and reduced latency. The only way to achieve these goals is to give them their own GC
which would process logons locally (universal group membership needs to be checked
during logon), instead of contacting a GC in the NY office. An argument could be made that
a DC in the Boston office could have universal group membership caching enabled, thus
removing the requirement for a local GC, but this was not an option in the answer matrix.

Question #6 - Topic 1

You are designing the top-level organizational unit (OU) structure to meet the
administrative requirements. What should you do?

A. Create a top-level OU named Coho. Place all user and computer accounts that are assigned to the Coho Vineyard customer project in the Coho OU.

B. Create a top-level OU named New York. Place all user and computer accounts from New York in the New York OU.

C. Create a top-level OU named Chicago. Place all user and computer accounts from Chicago in the Chicago OU.

D. Create a top-level OU named Sales. Place all user and computer accounts from the sales department in the Sales OU.

Explanation:
Explanation:
The case study states: To reduce the burden on IT staff, trusted individuals within the
organization should be identified to help reduce the IT administrative burden.
In the Active Directory section of the case study it states: "The trusted individuals will be
allowed to manage only user accounts within the customer project to which they have been
assigned. So we would create OU's for each project and Delegate Authority.

Question #7 - Topic 1

You are designing a strategy to upgrade the DHCP servers after the new Active Directory
structure is in place. Who can authorize the DHCP servers? (Choose all that apply.)

A. network administrator in Chicago

B. IT support staff in Boston

C. IT support staff in New York

D. network administrator in New York

E. chief information officer

Explanation:
The case study states: The chief information officer is the only person who is
authorized to implement any changes that will impact the entire company.

Question #8 - Topic 1

You are designing a security group strategy to meet the business and technical
requirements. What should you do?

A. Create one global group named G_Executives. Make all executive user accounts members of that group.

B. Create two global groups named G_Executives and one universal group named U_Executives. Make the two global groups members of U_Executives. Make the executive user accounts members of the appropriate global group.

C. Create three global groups named G_NY_Executives and G_Chi_Executives and G_Executives. Make G_NY_Executives and G_Chi_Executives members of G_Executives. Make the executive user accounts members of the appropriate global group.

D. Create one domain local group named DL_Executives. Make all executive user accounts members of that group.

Explanation:
Explanation:
Global groups are used to gather users that have similar permissions requirements. One of
its characteristics is they can be assigned permissions or be added to local groups in any
domain in a forest. We have already established the need for two forests, so we also need
two global groups because each forest can have only one global group.
Universal groups are normally used to assign permissions to related resources in multiple
domains. Universal groups share the following characteristics:
✑ Universal groups are available only when the forest functional level is set to
Windows 2000 native or Windows Server 2003.
✑ Universal groups exist outside the boundaries of any particular domain and are
managed by Global Catalog servers.
✑ Universal groups are used to assign permissions to related resources in multiple
domains.
✑ Universal groups can contain users, global groups, and other universal groups
from any domain in a forest.
✑ You can grant permissions for a universal group to any resource in any domain.
Reference:
Walter Glenn, and Michael T. Simpson; MCSE 70-297 Training Kit - Designing a Windows
server 2003 Active Directory and Network Infrastructure, Chapter 4, pp. 4-27 to 4-28.

Question #9 - Topic 1

You are designing the DNS infrastructure to meet the business and technical requirements.
What should you do?

A. Create an Active Directory-integrated zone on DC4. Set the replication scope to all DNS servers in the domain.

B. Create a standard primary zone on DC4.

C. Create a standard primary zone on any domain controller in the forest root domain.

D. Create an Active Directory-integrated zone on any domain controller in the forest root domain. Set the replication scope to all domain controllers in the domain.

E. Create an Active Directory-integrated zone on DC5. Set the replication scope to all DNS servers in the forest.

Explanation:
Explanation:
The answers refer to a DC4 and DC5 which do not exist in the scenario - a diagram or
chart of some kind is missing. However, answer C does not make any sense. Typically you
will store the root domain DNS info in AD (AD-I zone) and set the replication to Forest DNS
Zones, i.e., to all DCs with DNS in the forest, especially the msdcs subdomain, found in the
root domain. Based on that simple fact, the answer is B, assuming that DC5 is in the root
domain of the forest.
You can control the replication scope of Domain Name System (DNS) zone data stored in
Active Directory so that only specific domain controllers in the forest participate in DNS
zone replication.
Reference:
Jerry Honeycutt; Introducing Microsoft Windows Server 2003, Microsoft Press, Chapter 16.
Topic 2, Graphic Design Institute, Scenario
Exhibit, Existing Domain Model

Exhibit, Existing Network Infrastructure

Overview
Graphic Design Institute is a graphical design company that creates animated graphics for
several advertising companies and move theaters.
The hours of operation are 8:00 A.M. to 5:00 P.M., Monday through Friday.
Physical Locations
The companys main office is located in Los Angeles. The company has five branch offices
in the following locations:
✑ Atlanta
✑ Dallas
✑ Denver
✑ New York
✑ San Francisco
The number of users in each office is shown in the following table.

Planned Changes
To meet new security and customer requirements, the company wants to implement a
Windows Server 2003 Active Directory environment.
Existing Environment
Business Processes
Graphic Design Institute consists of the following primary departments:
✑ Human Resources (HR)
✑ Finance
✑ Information Technology (IT)
✑ Advertising
✑ Movies
✑ Animation
The IT department is responsible for all network management.
Users often work on multiple projects at the

Question #10 - Topic 2

You are designing an Active Directory forest structure to meet the business and
technical requirements. What should you do?

A. Create a single forest that has one domain. Use OUs to separate the departments.

B. Create a single forest that has multiple domains to represent every department.

C. Create a single forest that has three domains: one for finance, one for HR, and one for the remaining departments.

D. Create multiple forests that have a single domain in each forest to represent the departments.

Explanation:
The case study states: The new design must accommodate the finance and HR
departments, which have requirements not addressed by the companys planned
password policy. It also states: A completely decentralized administrative approach
will be used.
This means that they have to have their own domains to which a password policy can be
applied to cater for their respective needs.
There are a number of reasons that you might need to define multiple domains. These
reasons include the following:
✑ You need to implement different domain-level security policies.
✑ You need to provide decentralized administration.
✑ You need to optimize replication traffic across WAN links more than you can by
dividing a domain into multiple sites.
✑ You need to provide a different namespace for different locations, departments, or
functions.
✑ You need to retain an existing Windows NT domain architecture.
✑ You want to put the schema master in a different domain than the domains that
contain users or other resources.
Reference:
Walter Glenn, and Michael T. Simpson; MCSE 70-297 Training Kit - Designing a Windows
server 2003 Active Directory and Network Infrastructure, Chapter 3, pp. 3-4 to 3-7.

Question #11 - Topic 2

You are designing a WAN implementation strategy to meet the business and
technical requirements. What should you do?

A. Configure a demand-dial router.

B. Create multiple Active Directory site links.

C. Configure a VPN connection between each branch office.

D. Install an Internet Authentication Service (IAS) server in each branch office.

Explanation:
Demand-dial connections are used by the Routing and Remote Access service to make
point-to-point connections between LANs over which packets are routed.
Reference:
Jerry Honeycutt: Introducing Microsoft Windows Server 2003, Microsoft Press, Chapter 6.

Question #12 - Topic 2

You are designing a strategy to provide the required security for the Payroll server.You
need to identify the actions that you should perform to achieve this goal.What should you
do?
To answer,move the appropriate actions from the list of actions to the answer area,and
arrange them in the appropriate order.(Use only actions that apply.)

Question #13 - Topic 2

You are designing a NetBIOS name resolution strategy to meet the business and technical
requirements. What should you do?

A. Install one WINS server in each branch office. Configure the WINS servers to use push/pull replication with the WINS server in Los Angeles. Configure all computers to have the IP address of the local WINS server.

B. Configure the DNS servers in each branch office to forward all unanswered queries to a local WINS server. Configure all computers to have the IP addresses of the DNS server in the graphicdesigninstitute.com forest root.

C. Install the DNS Server service on one domain controller in each branch office. Configure the DNS servers to forward all unanswered queries to the WINS server. Configure all computers to have the IP addresses of the DNS servers.

D. Install two additional WINS servers in Los Angeles. Configure the WINS servers to use push/pull replication. Configure all computers to have the IP addresses of the WINS servers.

Explanation:
The question asks for NetBIOS name resolution, which means we must use WINS.
Your goal, when designing a WINS strategy for your network infrastructure, is to have the
WINS service available to client workstations when they need it. Availability is at risk when
there is only one WINS server configured to support a large number of users. If that server
should fail, all of the users will now need to resolve NetBIOS names using one of the other
methods, namely: Lmhosts files or broadcasts. In situations in which a slow link exists
between two subnets, it is highly recommended that a WINS server be placed in both
subnets to maximize performance of client name-resolution requests.
This is the default configuration of a WINS server. A push of an updated WINS database
will occur as discussed previously, and the WINS server is also configured to pull WINS
database information from another WINS server at a designated time. This type of
configuration is recommended in most cases.
After configuring WINS servers as Push/Pull partners, servers, after replication, will contain
NetBIOS records from all subnets. Now, any WINS-enabled client on any subnet can
access resources on a different subnet using the NetBIOS name of that resource.

Question #14 - Topic 2

You are designing a DNS strategy to meet the business and technical requirements.
What should you do?

A. Install the DNS Server service on all domain controllers. Create Active Directory- integrated zones. Replicate the zones to all DNS servers in the forest.

B. Install the DNS Server service on all domain controllers. Create Active Directory- integrated zones. Replicate the zones to all DNS servers in the domain.

C. Install the DNS Server service on all domain controllers. Create primary zones and secondary zones.

D. Create application partitions for the different zones on one domain controller. Configure replication to occur on all DNS servers.

Explanation:
The case study states: the company wants to implement a Windows Server 2003
Active Directory environment. This environment uses DNS for name resolution.
Any domain controller running the DNS Server service can be designated as the primary
source for a zone and can update a zone. In other words, there is not one primary DNS
server, as in the standard primary zone methodology, which can be a single point of failure
for a network. In the Active Directory integrated model, a master copy of the zone is
maintained by Active Directory and replicated to all domain controllers.
Reference:
Walter Glenn, and Michael T. Simpson; MCSE 70-297 Training Kit - Designing a Windows
server 2003 Active Directory and Network Infrastructure, Chapter 6, pp. 6-12 to 6-13.

Question #15 - Topic 2

You are designing a strategy to provide Internet access to all users. What should
you do?

A. Configure Internet Connection Sharing on all client computers.

B. Configure Automatic Private IP Addressing (APIPA) on all client computers.

C. Configure one server as a Routing and Remote Access VPN server.

D. Configure one server as a Routing and Remote Access NAT router.

Explanation:
Computers running a member of the Windows Server 2003 family now allow you to add the
Internal interface as a private interface to the Network Address Translation component of
the Routing and Remote Access service. This allows connected remote access clients to
access the Internet
Incorrect Options:
A: Internet Connection Sharing is recommended only for very small networks.
B: APIPA is an addressing feature for simple networks that consist of a single network
segment. Whenever a computer running Windows Server 2003 has been configured to
obtain an IP address automatically, and when no DHCP server or alternate
configuration is available, the computer uses APIPA to assign itself a private IP address
in the range of 169.254.0.1169.254.255.254.
Reference:
Jerry Honeycutt: Introducing Microsoft Windows Server 2003, Microsoft Press, Chapter 6.
Walter Glenn, and Michael T. Simpson; MCSE 70-297 Training Kit - Designing a Windows
server 2003 Active Directory and Network Infrastructure, Chapter 9, pp. 9-12.

×