070-294
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 AD Infrastructure Exam: 070-294
Demo Edition
CERT MAGIC
1 http://www.certmagic.com
�070-294
QUESTION: 1 You work as the network administrator at Certmagic.com. All servers on the Certmagic.com network run Windows Server 2003 after they have been upgraded recently. All client computers run Windows XP Professional. Certmagic.com offices are spread over several different buildings and comprise a workforce in excess of 3000 employees. Certmagic.com contains a single Active Directory domain. Each of the different buildings is configured as an Active Directory site that has at least two domain controllers each, several servers and numerous client computers. However, the Certmagic.com users are all complaining that it takes much longer for them to log on to the network since the upgrade. You then receive instruction from the CIO to address the situation. You therefore need to improve logon performance.What should you do? (Choose all that apply.) A. At each site you should configure a server as a global catalog server. B. At each site you should configure a domain controller as a global catalog server. C. For the entire network, you should configure a domain controller as a catalog server. D. You should configure all domain controllers in the Certmagic.com domain to be global catalog servers. Answer: B, D Explanation: In an Active Directory, when a user logs on, the client computer contacts the global catalog to determine universal group membership. If there is no global catalog in the site, then the domain controller in the site that processes the logon request must contact the global catalog server in another site to retrieve the universal group membership. This is what is causing the slow logon times currently. In an effort to address the problem, you should designate a global catalog server at each site. Or alternatively each domain controller must be made a global catalog server. Incorrect Answer: A: Global catalogs cannot exist on a server, only on domain controllers. Therefore this option is invalid. C: The default is to have a domain controller to have the global catalog server role. Therefore this is also the situation that is played out in the current setup and experiencing the slow logon performance. This option is therefore not a modification to improve the situation. QUESTION: 2 You work as the network administrator at Certmagic.com. The Certmagic.com network consists of a Active Directory forest named Certmagic.com. The forest consists of two domains and two sites. These two sites are located in Chicago, which is the head quarters, and in Dallas, which is the branch office, respectively. All servers on the Certmagic.com
2
http://www.certmagic.com
�070-294
network run Windows Server 2003 and all client computers run Windows XP Professional.The Chicago office has ten domain controllers and the Dallas office has one domain controller. The Dallas office is connected to the Chicago office via a reliable 56Kbps link. However, the Dallas users complained about slow response times when they attempt to log on to the network. You therefore received instruction from the CIO to address the problem that the Dallas users are experiencing without incurring extra costs for the company. You need to rectify the problem.What should you do? A. The Dallas office should get a global catalog server. B. The Chicago office should have a global catalog server removed. C. You should increase bandwidth to improve replication. D. You should implement universal group membership caching. Answer: A Explanation: It is mentioned in the question that there is a reliable link between the offices albeit a slow link. This causes slow logon authentication times because users are required to authenticate over the slow WAN link. To prevent slow logon authentication in the Dallas office you should install a global catalog server in the Dallas office on a domain controller. This should improve logon times because the access will not have to traverse the WAN link. Incorrect Answer: B: The first domain controller in the forest becomes the global catalog server by default. Therefore there is already a global catalog server in the Chicago office and you should not remove the global catalog server from the Chicago site because it is needed to handle Active Directory requests in the Chicago office. C: To increase the bandwidth will potentially improve access and logon times. However, not only will it possibly mean a more expensive link between the offices, but it will still not negate to necessity of an additional global catalog server in the Dallas office. D: Universal group membership caching is configured when a global catalog server cannot be placed in a site due to hardware limitations, or when network services are interrupted. In this case universal group membership is not appropriate since there are multiple domains in the forest. QUESTION: 3 You work as the network administrator at Certmagic.com. Certmagic.com has its headquarters in Chicago and a branch office in Dallas. The network contains of two Active Directory domains and two sites. Each office functions as a separate site. All servers on the Certmagic.com network run Windows Server 2003 and all client computers run Windows XP Professional.Only two domain controllers are configured to function as global catalog servers in the Chicago office. The Research department is located in the Dallas office.
3
http://www.certmagic.com
�070-294
Members of the Research department have an application that they use frequently.This application, though used in the Dallas office, often directs LDAP queries of the global catalog server to TCP Port 3268.The Research department users lodged a complaint regarding the application's slow responses. They need to application to perform optimally. The CIO then gave you instruction to address the problem. You now need to improve performance of this application and minimize the inter-site traffic that occurs across the WAN link between the Chicago and Dallas offices.What should you do? A. In order to improve the performance of the application and to minimize the inter-site traffic across the Wide Area Network link the value of the replication interval should be increased. B. The domain controller in the Dallas office should be configured to host the global catalog. C. You should enable universal group membership caching in the Dallas office. D. To adhere to all the requirements the best option would be for you to decrease the value of the replication interval. Answer: B Explanation: The global catalog in a site must be hosted by at least one domain controller if it is operational in a multi-domain forest. The application often queries the global catalogue though TCP port 3268. In this scenario querying occurs across the sites and therefore result in more bandwidth being used. This results in slow response times. It is therefore advisable to configure a Dallas office domain controller as a global catalog. You should add an additional global catalog at the Dallas office. The global catalog stores a replicated, readonly copy of all objects in the forest, including a partial set of each object's attributes. Given that the company is quite large and the performance of the directory searches has degraded, the best solution is to add another global catalog and distribute the load across multiple global catalog servers Incorrect Answer: A: The replication interval is the amount of time between uninterrupted replication sessions that occur over a site link. Increasing this interval will not affect the performance of the application. C: There is no need to enable universal group membership caching in the Dallas office. Universal group membership caching allows domain controllers in sites to contact remote global catalogs during authentication and cache responses for future authentication. Universal group membership caching does not affect directory search performance. D: The replication interval is the amount of time between uninterrupted replication sessions that occurs over a site link. Decreasing this interval will not affect the performance of the application.
4
http://www.certmagic.com
�070-294
QUESTION: 4 You work as the network administrator at Certmagic.com. All servers on the Certmagic.com network run Windows Server 2003 and all client computers run Windows XP Professional. Certmagic.com has its headquarters in Chicago and a branch office in Dallas. This exhibit below illustrates the company network: Exhibit:
Both the Chicago office and the Dallas office are configured as a separate domain and each office has an Active Directory site configured. The Certmagic.com users make use of many shared folders that are published in Active Directory. Consequently the users, when working, need to query the Active Directory often. However, the Certmagic.com helpdesk received complaints from the Dallas office users that the directory searches have become unacceptably slow and their work is negatively affected. You then receive instruction from the CIO to address the problem that the Dallas office users are experiencing. You now need to take action to improve the search response times for the Dallas users.What should you do? A. You should enable a domain controller in the Dallas office to host an additional global catalog. B. You should add a domain controller for the Chicago office to the Dallas office. C. The value of the replication interval should be increased. D. You should enable universal group membership caching in the Dallas office. E. You should enable universal group membership caching in the Chicago office. Answer: A Explanation: you should add an additional global catalog at the Dallas office. The global catalog stores a replicated, read-only copy of all objects in the forest, including a partial set of each object's attributes. Given that the company is quite large and the performance of the directory searches has degraded, the best solution is to add another global catalog and distribute the load across multiple global catalog servers. Incorrect Answer: B: You should not add a domain controller in the Dallas site for the Chicago office. When a user searches for other users or printers from the start menu, that user is searching the global catalog. Adding a domain controller from a remote domain can help when users with
5
http://www.certmagic.com
�070-294
accounts from the remote domain roam to the local domain and log in., but it does not affect performance of directory searches. C: There is no need to increase the replication interval. In this question there is no indication that the new shared resources are causing the delays. There is however a need to an additional global catalog based on the excessive amount of queries to the size of the company. D: There is no need to enable universal group membership caching in the Dallas office. Universal group membership caching allows domain controllers in sites to contact remote global catalogs during authentication and cache responses for future authentication. Universal group membership caching does not affect directory search performance. E: There is no need to enable universal group membership caching in the Chicago office. Universal group membership caching allows domain controllers in sites to contact remote global catalogs during authentication and cache responses for future authentication. Universal group membership caching does not affect directory search performance. QUESTION: 5 DRAG DROP You work as the network design consultant. Certmagic.com has headquarters in London and branch offices in Paris, Berlin, Milan, and Madrid. All servers on the Certmagic.com network will run Windows Server 2003 and all client computers run Windows XP Professional.You have been presented with the opportunity to plan the deployment of Active Directory for Certmagic.com since the company is still relatively new. The intention is to create three domains and five sites; the five sites representing the different offices. The exhibit below illustrates the Certmagic.com network:
Currently bandwidth usage on the WAN links between offices, more specifically between London and the other offices never exceeds 75%. The Milan office is destined to host a custom application. This application routinely queries the global catalog.Your task now is to plan the placement of the domain controllers on the network. Your strategy must be of such a nature so that:
6
http://www.certmagic.com
�070-294
1. computer hardware requirements will be kept to a minimum 2. user logon times should be minimized 3. network traffic over the WAN links should be kept to a minimum What should you do? To answer, select the appropriate applicable type of domain controller from the column on the right and place it in the appropriate office/site in the column on the left. Please note: you may use each domain controller type more than once.
Answer:
Explanation: Domain controllers should be placed in offices that: 1. Have more than 100 users, 2. Is connected to other offices through a WAN link slower than 256 Kbps, 3. WAN bandwidth utilization exceeds 90% during peak hours
7
http://www.certmagic.com
�070-294
4. Availability of WAN connectivity to other offices is less than 99,5% 5. Users in the office use custom applications that query the global catalog via port 3268. There should be at least one domain controller per site in a multi-domain forest. Universal group membership caching should be used for a site that will have a domain controller, but does not need the global catalog. When using universal group membership caching, you minimize the need for extra computer hardware requirements for the domain controller and you also minimize the amount of bandwidth required for the network. Therefore the Paris and Berlin offices get a domain controller with a global catalog each - more than 100 users per office.The Milan office also gets a domain controller with a global catalog - the Milan users make use of the custom application that queries the global catalog. Querying the global catalog requires bandwidth, more than Active Directory replication that is caused by the presence of a global catalog placed locally.The Madrid office should get a domain controller with Universal group membership caching enabled. - You should also specify that the cache be refreshed from the Paris office, which has a global catalog.The London office, being the headquarters, is relatively well-connected to each of the offices that host global catalogs, bandwidth utilization never exceeds 75%, and it has less than 100 users, there is no need for a domain controller. QUESTION: 6 You work as the network administrator at Certmagic.com. The Certmagic.com logical network design consists of a single Active Directory forest that has eight domains, all operating at the Windows 2000 native functional level. All domain controllers on the network run Windows Server 2003. All the client computers run Windows XP Professional and have Outlook 2002 Service Pack 1 installed. Furthermore, Certmagic.com makes use of Windows Exchange 2000 for its messaging infrastructure.You job description includes the maintenance of the company's group structure. You are currently busy creating a distribution group. This group will be used to send e-mail messages. These messages are destined to be distributed to users throughout the entire company's single exchange organization. The only requirement for the configuration of this distribution group is that replication traffic should be minimized when group membership changes are made. You therefore need to make use of a distribution group strategy.What should you do? A. First you should create a universal distribution group and place all the appropriate users of each of the eight Certmagic.com domains in a single global distribution group. Assign domain users to the global distribution group in the domain where the user accounts resides.And then nest each global distribution group in the universal distribution group. B. First you should create a universal distribution group.Place all appropriate users of the eight Certmagic.com domains in the universal distribution group.Assign domain users to the global distribution group in the domain where the user accounts resides.And then nest each global distribution group in the universal distribution group. C. First you should create a universal distribution group.Then, in each of the eight Certmagic.com domains, you should create a global distribution group.Assign domain users to the global distribution group in the domain where the user accounts resides.And then nest
8
http://www.certmagic.com
�070-294
each global distribution group in the universal distribution group. D. First you should create a universal distribution group.Then you should create a global distribution group.Assign domain users to the global distribution group in the domain where the user accounts resides.And then nest each global distribution group in the universal distribution group. Answer: C Explanation: In Windows 2000 native functional level, universal groups can contain user accounts, global groups, and universal groups from any domain in a forest. These are stored in the global catalog and are visible in any domain in the forest. However, there is no provision of all the domain- and forest-wide features that are available in a Windows Server 2003 forest functional level. In this case membership changes in universal groups still require the entire group (i.e. all members with attributes and all) to be replicated to all the global catalogs. To minimize the amount of data to be replicated, and reducing the size of the Active Directory, you should place all user accounts in global groups created in the local domain. You should then nest the global groups in the universal groups. Membership changes to these global groups will then not be replicated across the forest because global groups are stored in Active Directory on all local domain controllers. Universal group will only show the global groups as members, and replication will only take place when groups are added or removed from the universal group. Incorrect Answer: A: You should make use of universal groups which are stored in the global catalog when you create distribution groups. Global groups can contain users and groups from all domains in the forest in Windows 2000 native mode, but making use of universal groups will improve performance as well. You should not place the appropriate users from all domains in a single global distribution group. B: In a Windows 2000 native domain functional level, any changes to universal group membership will require the full group to be replicated with each change that takes place and will therefore result in excessive replication traffic. Therefore you should not place users from all domains in the universal distribution group. D: This option is partly correct, but global distribution groups should be created in each of the eight Certmagic.com domains and not just one global distribution group. QUESTION: 7 You work as the network administrator at Certmagic.com. The Certmagic.com network consists of a single Active Directory forest that contains three domains named us. Certmagic.com, uk. Certmagic.com and sa. Certmagic.com. The functional level of the forest is set at Windows Server 2003 and the functional level for us. Certmagic.com,uk. Certmagic.com and sa. Certmagic.com is Windows Server 2003. Certmagic.com has
9
http://www.certmagic.com
�070-294
headquarters in London and branch offices in Paris, Berlin, Milan, Madrid,Stockholm, Warsaw, Minsk, and Athens. All Certmagic.com branch offices are connected to the London headquarters via a 56-Kbps WAN connection.You have been instructed to configure the London headquarters and each branch office as a separate Active Directory site. You perform this configuration and install a Windows Server 2003 domain controller at the London headquarters and at each of the 8 branch offices. You configure each domain controller as a DNS server. One morning users in the Certmagic.com branch offices complain that they are unable to log on to the Certmagic.com network during peak times. You can log on to the Certmagic.com network from a client computer in either of the 8 branch offices and at whatsoever time.You must ensure that all users working at the either of the branch offices can log on to the Certmagic.com network from their client computers. To accomplish this task, you want to minimize Active Directory replication traffic across the WAN connections and you also do not want to affect performance of the domain controllers located in the branch offices.How will you accomplish these tasks? A. In the Active Directory Sites and Services console, enable universal group membership caching for each Certmagic.com branch office site. B. In the DNS management console, configure all branch office DNS servers to forward requests to a DNS server located at the London headquarters. C. In the Active Directory Sites and Services console, configure all branch office domain controllers to be a global catalog server. D. In the DNS console, configure all branch office DNS servers to use an Active Directoryintegrated zone. Answer: A Explanation: When a user logs on to the network, the global catalog provides universal group membership information for the account to the domain controller processing the user logon information. If a global catalog is not available when a user initiates a network logon process, the user is able to log on only to the local computer unless the site has been specifically configured to cache universal group membership lookups when processing user logon attempts. In this scenario the domain controller must contact the global catalog server across a WAN link that is saturated. Enabling universal group membership caching will overcome this problem. Incorrect Answer: B: When users log on, the requests are sent to the global catalog not the DNS server. C: Configure each branch office domain controller as a global catalog server would result in increased replication traffic. We want to avoid this. D: An Active Directory-integrated zone is a DNS zone that is part of Active Directory and is part of Active Directory replication. Making the DNS zone a part of Active Directory will not overcome logon latency and will lead to an increase in replication traffic.
10
http://www.certmagic.com
�070-294
Reference: Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 1-17 to 1-18, 541 to 5-43. QUESTION: 8 You work as the network administrator at Certmagic.com. Certmagic.com has its headquarters in London and branch offices in Liverpool, Madrid, Paris, Berlin and Milan. The Certmagic.com network consists of two Active Directory domains named uk. Certmagic.com and eu. Certmagic.com. All servers on the Certmagic.com network run Windows Server 2003. The exhibit shows the Certmagic.com WAN.
You configure each Certmagic.com branch office as an Active Directory site. The global catalog servers are located in the two top level Active Directory sites. Universal group membership caching has been enabled for each Active Directory site.Users on the Certmagic.com network make use of an Active Directory integrated application that reads data from the global catalog. A Certmagic.com employee named Clive Wilson works in the Berlin branch office. One morning Clive complains that the application responds slowly during peak hours.What should you do next to ensure that the response time of the application is improved during peak hours? A. Disable universal group membership caching in the four lower level Active Directory sites. B. Decrease the replication interval on the site links that connect the four lower level Active Directory sites to the two upper level Active Directory level sites. C. Configure global catalog servers in the four lower level sites. D. Perform an offline defragmentation of the Active Directory database on the domain controllers in the two top level Active Directory level sites. Answer: C
11
http://www.certmagic.com
�070-294
Explanation: The application reads data from the global catalog, however, there are Global Catalog servers only in the two upper Active Directory level sites. Therefore, global catalog information must be accessed across the WAN links, which is where the problem occurs. We need to add Global Catalog servers in the four lower level Active Directory sites. Incorrect Answer: A: Universalgroup membership caching is used for logon purposes. It is therefore irrelevant to this scenario. B: Decreasing the replication interval will not improve response times. The C lower level Active Directory sites must still access the global catalog information across the WAN links. D: Deframenting the Active Directory database will not improve response times significantly; the lower level Active Directory sites must still access the global catalog information across the WAN links. Reference: Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 1-17 to 1-18, 541 to 5-45, 5-48 to 5-50.Michael Cross, Jeffery A. Martin, Todd A. Walls, Martin Grasdal, Debra Littlejohn Shinder & Dr. Thomas W. Shinder, MCSE: Exam 70-294: Planning, Implementing, and Maintaining a Windows Server 2003 Active Directory Infrastructure Study Guide & DVD Training System, Syngress Publishing, Rockland, MA, 2003, pp. 547, 550-552. QUESTION: 9 You work as the network administrator at Certmagic.com. Certmagic.com has its headquarters in Warsaw, and branch offices in Minsk and Athens. The Certmagic.com network consists of a single Active Directory forest that contains three domains named Certmagic.com, minsk. Certmagic.com and athens. Certmagic.com. The network at each office is configured as a separate Active Directory site. Each domain contains two Windows Server 2003 domain controllers named Certmagic -DC01 and Certmagic -DC02 respectively. The exhibit shows the relevant portion of the Active Directory domain structure.
12
http://www.certmagic.com
�070-294
A Windows Server 2003 computer on the Certmagic.com domain, named Certmagic -DC01, contains the forest-level operations master roles and the operations master roles for the specific domain. The Windows Server 2003 computers named Certmagic -DC02 contain the operations master roles for their specific domains. WAN connectivity between the branch offices is currently considered as being unreliable. You must design a strategy for global catalog server placement for the Certmagic.com network. Your plan must include the following: 1. A strategy that will keep consistency of universal group membership information intact. 2. A strategy that will enable each user to log on in the event single domain controller and WAN connection failure. Which two actions should you perform to achieve your goal in these circumstances?(Each correct answer presents part of the solution. Choose TWO.) A. Configure Certmagic -DC01 and Certmagic -DC02 in the Certmagic.com domain as global catalog servers. B. Configure only Certmagic -DC01 in each domain as a global catalog server. C. Configure only Certmagic -DC02 in each domain as a global catalog server. D. Enable universal group membership caching for each Active Directory site. E. Enable universal group membership caching for the top level branch office. F. Enable universal group membership caching for the two lower level branch offices. Answer: A, F Explanation: We could have global catalog server s in each site. This would ensure that users can log on in the event of a WAN connection failure. However, we also need to ensure the consistency of universal group membership information. Therefore, placing global catalog servers in the remote sites is not an option. Instead, we need to enable universal group membership caching for both remote sites. For redundancy purposes, the main site must have more than
13
http://www.certmagic.com
�070-294
one global catalog. Incorrect Answer: B, C: For redundancy purposes, the main site must have more than one global catalog. E: We need to enable universal group membership caching for both remote sites. Reference: Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 1-17 to 1-18, 541 to 5-45, 5-48 to 5-50.Michael Cross, Jeffery A. Martin, Todd A. Walls, Martin Grasdal, Debra Littlejohn Shinder & Dr. Thomas W. Shinder, MCSE: Exam 70-294: Planning, Implementing, and Maintaining a Windows Server 2003 Active Directory Infrastructure Study Guide & DVD Training System, Syngress Publishing, Rockland, MA, 2003, pp. 31, 543, 547,550-552. QUESTION: 10 You work as the network administrator at Certmagic.com. The Certmagic.com network consists of a single Active Directory domain. The Certmagic.com offices in Paris and Berlin are configured as separate Active Directory sites within the Certmagic.com domain and are connected by a 128-Kbps WAN connection. All servers on the Certmagic.com network run Windows Server 2003.All printer location information is stored in Active Directory, and users in the two branch offices search Active Directory, by selecting the Entire Directory option, to locate printer information. One morning, users in the Paris branch office complain that they experience excessively slow response times when they search Active Directory for information on printers.What should you do next to improve the search response times for users that work in the Paris office? A. Place a domain controller for the Berlin site in the Paris office. B. Place a domain controller for the Paris site in the Berlin office. C. Enable universal group membership caching in the Paris office. D. Configure a global catalog server in the Paris office. Answer: D Explanation: The global catalog is the central repository of information about Active Directory objects in a tree or forest. The domain controller that holds a copy of the global catalog is called a global catalog server. The global catalog enables a user to log on to a network by providing universal group membership information to a domain controller when a logon process is initiated, and enables finding directory information regardless of which domain in the forest actually contains the data.
14
http://www.certmagic.com
�070-294
Incorrect Answer: A: This would work but it is unnecessary. Replicating the entire Active Directory from the Berlin office to the Paris office over the slow WAN link is a waste of resources. A global catalog server in the Paris office would suffice. B: This won't solve the problem at all. C: Universal Group caching (as its name implies) caches information about universal groups.This scenario involves searching for printers which is nothing to do with universal groups. Reference: Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 1-17 to 1-18, 541 to 5-45, 5-48 to 5-50.Michael Cross, Jeffery A. Martin, Todd A. Walls, Martin Grasdal, Debra Littlejohn Shinder & Dr. Thomas W. Shinder, MCSE: Exam 70-294: Planning, Implementing, and Maintaining a Windows Server 2003 Active Directory Infrastructure Study Guide & DVD Training System, Syngress Publishing, Rockland, MA, 2003,pp. 31, 543, 547, 550-552. QUESTION: 11 You work as the network administrator at Certmagic.com. The Certmagic.com network consists of a single domain named Certmagic.com. The functional level of the forest is set at Windows Server 2003.The Certmagic.com domain contains a computer named Certmagic SR24 running Windows 2000 Server. Certmagic -SR24 is used to run an application that sends LDAP queries to the global catalog. Certmagic -SR24 resides on a subnet which is associated with an Active Directory site named CM_SITE01. CM_SITE01 has no global catalog server configured. A WAN connection connects CM_SITE01 to another Active Directory site.You have been instructed to implement the required network configuration that will result in the following: 1. Configure the network so that the application running on Certmagic -SR24 executes at high performance levels. 1. Configure the network to enable the application to continue running in the event of a WAN connection failure. 2. Minimize traffic over the WAN connection What should you do next to accomplish these goals? A. Configure universal group membership caching for CM_SITE01. B. Configure one or more global catalog servers in CM_SITE01. C. Add the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\IgnoreGC Failures key to the registry on all domain controllers residing in CM_SITE01. D. Remove Certmagic -SR24 from the us. Certmagic.com domain and then add it to a workgroup.
15
http://www.certmagic.com
�070-294
Answer: B Explanation: The application needs to read data from the global catalog. This information is stored on the global catalog servers in the other site. This means that the application needs to contact the global catalog servers over a WAN link. We can improve performance by configuring a global catalog server in CM_SITE01. This will enable the application to contact a global catalog server over fast LAN connections. It will also enable the application to run if the WAN link fails. Incorrect Answer: A: Universal group caching likely has no effect on the application. Universal group information is just a small part of the information stored in the global catalog. The application would still need to contact a global catalog server. C: This setting allows users to log on to a domain if the domain controller is unable to contact a global catalog server. It will have no effect on the application. D: The application won't be able to query the global catalog if the computer isn't a member of the domain. Reference: Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 1-17 to 1-18, 541 to 5-45, 5-48-5 to 50.Michael Cross, Jeffery A. Martin, Todd A. Walls, Martin Grasdal, Debra Littlejohn Shinder & Dr. Thomas W. Shinder, MCSE: Exam 70-294: Planning, Implementing, and Maintaining a Windows Server 2003 Active Directory Infrastructure Study Guide & DVD Training System, Syngress Publishing, Rockland, MA, 2003, pp. 31, 543, 547,550-552. QUESTION: 12 HOTSPOT You work as the network administrator at Certmagic.com. The accompanying work area displays the applicable network configuration. Certmagic.com has a branch office in two cities. In each branch office employees make use of an application that reads configuration data in the global catalog.You deploy Windows Server 2003 on all domain controllers and create one Active Directory domain. You set the functional level of the forest to Windows Server 2003. You configure the servers with the following configuration: 1. Certmagic -SR01 - Domain controller, schema master, domain naming master 2. Certmagic -SR02 - Domain controller, relative ID (RID), PDC emulator master 3. Certmagic -SR03 - Member server, file and printer server 4. Certmagic -SR04 - Member server, Web server
16
http://www.certmagic.com
�070-294
5. Certmagic -SR05 - Domain controller 6. Certmagic -SR06 - Member server, file and printer server 7. Certmagic -SR07 - Member server, DHCP server You are busy defining the global catalog server placement strategy for the network. Your global catalog server placement strategy must ensure that the application which reads configuration data in the global catalog can continue to run when multiple global catalogs fail. You must also ensure that the application has high levels of performance during peak times.What should you do next?Answer by selecting the appropriate computer or computers in the work area.
Answer: Select Certmagic -SR01, Certmagic -SR02 and Certmagic -SR05.
Explanation: Only domain controllers can function as Global Catalog servers. In this case, only Certmagic -SR01, Certmagic -SR02 and Certmagic -SR05 are domain controllers. We need to use all domain controllers to ensure that the application continues to function in the event of multiple global catalog failures. Reference: Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 1-17 to 1-18, 541 to 5-45, 5-48 to 5-50.Michael Cross, Jeffery A. Martin, Todd A. Walls, Martin Grasdal, Debra Littlejohn Shinder & Dr. Thomas W. Shinder, MCSE: Exam 70-294: Planning,
17
http://www.certmagic.com
�070-294
Implementing, and Maintaining a Windows Server 2003 Active Directory Infrastructure Study Guide & DVD Training System, Syngress Publishing, Rockland, MA, 2003, pp. 31, 543, 547,550-552. QUESTION: 13 DRAG DROP You work as the network administrator at Certmagic.com. The Certmagic.com network consists of a single Active Directory forest that contains over 20 domains. All servers on the Certmagic.com network run Windows Server 2003. As a company, Certmagic.com has over 300 branch offices worldwide and the Certmagic.com network consists of over 140,000 user objects.You perform administrative functions for the Sales department. The Sales department has branch offices across Europe. The Paris, Athens, and Milan branch offices belong to the Certmagic -west.com domain and the Berlin, Warsaw, and Minsk branch offices belong to the Certmagic -east.com domain.The number of users using the Certmagic.com network in each branch office is shown here: 1. Paris - 700 users 2. Athens - 10 users 3. Milan - 600 users 4. Berlin - 600 users 5. Warsaw - 5 users 6. Minsk - 10 users Users working in the Warsaw, Milan and Paris branch offices must have access to a directory-enabled application which stores configuration information in the global catalog.You must plan the domain controller placement strategy for the Certmagic.com network. Each user must be able to log on without using cached credentials. You must ensure that all users can access the application in the event of a WAN connection failure. You must perform the necessary network configurations and at the same time minimize an increase in WAN traffic. How will you accomplish the task?Answer by dragging the appropriate domain controller configuration or configurations to the correct location or locations in the work area.
18
http://www.certmagic.com
�070-294
Answer:
Explanation:
19
http://www.certmagic.com
�070-294
The application stores configuration information in the Global catalog; therefore, we need to put one Global Catalog server in each site with users who require access to the application; in this case Warsaw, Milan, and Paris.To be able to log on without using cached credentials, we need to enable universal group membership caching in the Athens and Minsk offices (because they don't have Global Catalog servers). The Minsk office connects to the Berlin office. As we have enabled universal group membership caching in the Minsk office, we should have a Global catalog server in the Berlin office, so that the Minskoffice domain controller can cache the universal group membership from the Berlin office Global Catalog. Reference: Michael Cross, Jeffery A. Martin, Todd A. Walls, Martin Grasdal, Debra Littlejohn Shinder & Dr. Thomas W. Shinder, MCSE: Exam 70-294: Planning, Implementing, and Maintaining a Windows Server 2003 Active Directory Infrastructure Study Guide & DVD Training System, Syngress Publishing, Rockland, MA, 2003, pp. 31, 505-509, 543,547, 550-552. Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 1-17 to 1-18, 541 to 5-45, 5-48 to 5-50. QUESTION: 14 You work as the network administrator at Certmagic.com. The Certmagic.com network consists of six Active Directory domains. All servers on the Certmagic.com network run Windows Server 2003. Certmagic.com has headquarters in London and branch offices in Paris, Berlin, Milan, Madrid, and Stockholm. Each branch office is configured as a single domain and as an Active Directory site.Users on the Certmagic.com network use an application server that queries user information from the global catalog. You install application servers at Certmagic.com's headquarters in London and at three branch offices. The relevant network configuration is shown in the exhibit.
20
http://www.certmagic.com
�070-294
One morning while monitoring WAN connections between the headquarters in London and each branch office, you discover that utilization has increased from 60 percent to 90 percent. Users at the various branch offices have complained about slow response times when accessing information on the application servers.You need to plan placement for global catalog servers in the branch offices where they will improve response times for the application servers. You want to accomplish this task with a minimum increase in WAN traffic.What should you do? A. Place a global catalog server in London. B. Place a global catalog server in all branch offices. C. Place a global catalog server in Paris and Madrid only. D. Place a global catalog server in all branch offices except Paris and Madrid. Answer: D Explanation: Because the application server queries Global catalog attributes, we need to put one Global
21
http://www.certmagic.com
�070-294
Catalog server in each site hosting an application server; in this case Berlin, Stockholm and Milan. Incorrect Answer: A: There is already a Global Catalog Server in London. B, C: Paris and Madrid do not host an application server and therefore do not require a Global Catalog Server. Reference: Michael Cross, Jeffery A. Martin, Todd A. Walls, Martin Grasdal, Debra Littlejohn Shinder & Dr. Thomas W. Shinder, MCSE: Exam 70-294: Planning, Implementing, and Maintaining a Windows Server 2003 Active Directory Infrastructure Study Guide & DVD Training System, Syngress Publishing, Rockland, MA, 2003, pp. 31, 505-509. QUESTION: 15 You work as the network administrator at Certmagic.com. The Certmagic.com network consists of a single Active Directory network named Certmagic.com. Certmagic.com has headquarters in London and branch offices in Paris, Berlin, Milan, and Madrid. All servers on the Certmagic.com network run Windows Server 2003 and all client computers run Windows XP Professional. The exhibit below illustrates the Certmagic.com network: Exhibit:
All the branch offices are configured as an Active Directory site, each with at least one IP subnet. Each branch office on the Certmagic.com network is connected to the head quarters via a 56 Kb link and each branch office has a preferred bridgehead server configured. Currently all replication on the network is scheduled to take place during off-peak hours, and all global catalogs are located in the London office. The Certmagic.com helpdesk were inundated with calls reporting sluggish logon performance at the branch offices. To this end the CIO gave you instruction to address the problem without incurring extra costs to the
22
http://www.certmagic.com
�070-294
company. You therefore need to increase performance of logons at the branch offices and decide to implement domain controllers in each of the branch offices. Because you should not incur extra costs and also the slow network links between offices, you cannot configure these domain controllers as global catalog servers. (These domain controllers would need extra hardware to be able to server as global catalogs).What should you do? A. You should enable Universal Group Membership Caching for each of the client computers via a Group Policy. B. You should enable Universal Group Membership Caching for the London office. C. You should enable Universal Group Membership Caching for each of the branch offices. D. You should enable Universal Group Membership Caching at each of the client computers across the network. Answer: C Explanation: Whenever a user logs on to the Certmagic.com network, which is an Active Directory, the client computer must contact a global catalog to determine the universal group membership. If there is no global catalog locally from where the user is trying to authenticate, the domain controller processing the logon request must contact a global catalog server in another site/office. Universal Group Membership Caching is most practical for smaller branch offices with lower-end servers, where it might be problematic to add the additional load of hosting a GC, or locations that have slower WAN connections. You can enable universal group membership caching in Active Directory. The local domain controllers at each branch office retrieves the universal group membership from the global catalog server, the information is cached. Once the information is cached, all following requests for logons will be processed entirely by the local domain controller. Incorrect Answer: A: You cannot use a group policy to configure universal group membership caching n client computers. Universal group membership caching is used on domain controllers in the absence of a local global catalog. B: The global catalog is located in the London office by default. There is therefore no need to make use of Universal group membership caching in the London office. Furthermore, it will not decrease the logon time for the branch offices if caching is done in the London office. D: Client computers are not domain controllers and cannot be configured with universal group membership caching. QUESTION: 16 You work as the network administrator at Certmagic.com. The Certmagic.com network consists of a single forest, two domains, and one site. Certmagic.com has its headquarters in
23
http://www.certmagic.com
�070-294
Chicago and a branch office in Dallas. All servers and domain controllers on the Certmagic.com network run Windows Server 2003 and all client computers run Windows XP Professional.The Dallas office is connected to the Chicago office via a 512 Kbps WAN link. Due to the sheer number of users on the Certmagic.com network, the traffic between the two offices is usually heavy. Against a background of limited available bandwidth between the two offices you should try to minimize the amount of Active Directory replication traffic over the WAN link. Since Certmagic.com is a developing company, the Dallas office has grown rapidly and you were therefore prompted to create a new site in Active Directory. To this end you set up a domain controller at the Dallas office. The only requirement you now need to satisfy is to ensure that the Dallas users will be able to access resources and will be able to log on to the Certmagic.com network even in the event of the WAN link becoming unavailable. What should you do? A. You should install a global catalog in the Dallas office. B. You should remove the global catalog server from the Chicago office. C. You should enable universal group membership caching at the Dallas office. D. You should enable universal group membership caching at the Chicago office. Answer: C Explanation: with limited bandwidth between the two offices you should not even consider making use of a global catalog server in the Dallas office. If you do replication traffic between offices will increase. You should rather be enabling universal group membership caching. When a user first logs in to the network from the Dallas office, the domain controller obtains the logon information from the global catalog server in the Chicago office. It then caches the information, so that with every subsequent logon of that user, the logon information is obtained from the local cache in the Dallas office. Therefore you will be reducing network traffic and improving logon response. Incorrect Answer: A: Deploying a global catalog in the Dallas office will result in increased replication traffic traversing the WAN link between the two offices. B: The first domain controller in the forest by default becomes the global catalog server, therefore there is already a global catalog server in the Chicago office. You should not remove the global catalog server from Chicago because it is needed for handling Active Directory requests in the Chicago office. D: The Chicago office has a global catalog server that was installed automatically and therefore you should not enable universal group membership caching in the Chicago office. QUESTION: 17 You work as the network administrator at Certmagic.com. Certmagic.com has its
24
http://www.certmagic.com
�070-294
headquarters in Chicago and branch offices in Dallas and Miami that are all connected via Wide Area Network WAN links. The Certmagic.com network consists of a single Active Directory forest. All servers on the Certmagic.com network run Windows Server 2003 and all client computers run Windows XP Professional. The exhibit below illustrates the Certmagic.com network: Exhibit:
Each office is configured as a separate site. 1. The Chicago office has four domain controllers named Certmagic -DC01, Certmagic DC02, Certmagic -DC03, and Certmagic -DC04.Certmagic -DC01 and Certmagic -DC02 serves as global catalog servers. The Chicago office has 400 users. 2. The Dallas office has three domain controllers named Certmagic -DC05, Certmagic DC06, and Certmagic -DC07.Certmagic -DC06 serves as a global catalog server. The Dallas office has 250 users. 3. The Miami office has two domain controllers named Certmagic -DC08 and Certmagic DC09.The Miami office has 75 users.The CertM ign.com helpdesk received numerous calls from the Miami office users complaining about unacceptably slow authentication and logon performance when they try to log on to the company network. The CIO gives you instruction to address the problem. You now need to reduce the logon times for the Miami users. You need to accomplish this without increasing the Active Directory replication traffic over the WAN links of the company. What should you do? A. You can increase the Active Directory replication traffic over WAN links by configuring Certmagic -DC08 as a global catalog server. B. In the Chicago office the universal group membership caching needs to be enabled in order to increase the Active Directory replication traffic over WAN links. C. Your best option would be to allow universal group membership caching in the Dallas office. D. In order to increase the Active Directory replication traffic over WAN links you need to
25
http://www.certmagic.com
�070-294
allow universal group membership caching in the Miami office. Answer: D Explanation: Universal group memberships are stored only in the global catalog in a multi-domain forest environment. To process a user's logon request, a domain controller has to query a global catalog server in order to determine the user's universal group membership. In the absence of a global catalog in a site, the domain controller will query a global catalog in another site. Therefore if WAN links between sites are slow, the logon can take long. On the other hand, the domain controller that authenticates a user's logon request queries a global catalog server and then stores the user's universal group memberships in a local cache. The information is stored in the cache indefinitely and is refreshed, by default every eight hours. Therefore to alleviate the problem for the Miami users, you should enable universal group membership caching. Incorrect Answer: A: You should configure Certmagic -DC08 as a global catalog server. However, the presence of a global catalog in the Miami office will increase Active Directory replication traffic across the WAN links, especially between the Dallas office and Miami office. B: The Chicago office contains a global catalog server which was installed automatically. Therefore, you should not enable universal group membership caching in the Chicago office. C: Universal group membership caching is allowed on a site where there are no global catalogs. The scenario states that the Dallas office contains a global catalog server. QUESTION: 18 You work as the network administrator at Certmagic.com. Certmagic.com has its headquarters in Chicago and a branch office in Dallas. The Certmagic.com network consists of two Active Directory domains and two sites. Each office represents a site. All servers on the Certmagic.com network run Windows Server 2003 and all client computers run Windows XP Professional. The offices are connected via a 128 Kbps WAN link. Each office is configured as a separate domain and separate site. The Chicago office has three domain controllers and 1500 users. The Dallas office has one domain controller and 75 users. Two of the domain controllers in the Chicago site host the global catalog. Universal groups are used to accommodate the configuration of access to shared resources.The Certmagic.com helpdesk received calls from the Dallas office users complaining that they sometimes have to wait up to ten minutes just to log on to their domain.The CIO gave you instruction to address the issue. You are instructed to reduce the logon time for the Dallas users.What should you do? A. Your best option would be to decrease the site link cost between the Chicago office and
26
http://www.certmagic.com
�070-294
the Dallas office. B. In order to reduce the logon time for users you need to increase the site link cost between the Chicago office and the Dallas office. C. You can reduce the logon time at the Dallas office by allowing universal group membership caching. D. It is advisable for you to create an extra site link between the Chicago office and the Dallas office. Answer: C Explanation: As soon as a user logs onto the domain the client computer will send a logon request to the closest domain controller for that domain. However, if there is no domain controller in the site or in the site that the user wants to connect to, the domain controller will connect to the site link that has the lowest cost. It is vital that the domain controller identify the group to which the user belongs. Universal group membership in a multi-domain forest is maintained in the global catalog server. The global catalog will thus be used by the domain controller for queries. In order to confirm a logon request the domain controller obtains the logon information from the global catalog server in the Chicago office. Thereafter the information is cached. Every time the user logon his/her logon information is acquired from the local cache in the Dallas office. This will result in the reduction of network traffic as well as improving the logon response. Incorrect Answer: A: A site link is a logical object that symbolizes the physical connectivity between sites. Changing the existing cost of the site link will have no effect on the logon times. B: Whether you increase the site link cost is not going to affect the logon time. Therefore this option is irrelevant in this case. D: There is not need to create an additional link. QUESTION: 19 DRAG DROP You work as the network administrator at Certmagic.com. The Certmagic.com network consists of two Active Directory domains and two sites in a single forest. All servers and domain controllers on the Certmagic.com network run Windows Server 2003 and all client computers run Windows XP Professional. Certmagic.com has its headquarters in Chicago and a branch office in Dallas. Both offices are configured as separate sites on the Certmagic.com forest.The Chicago office has two domain controllers that are configured as global catalog servers. The global catalog servers are named Certmagic -DC01 and Certmagic -DC02 respectively. The Dallas office has two domain controllers that are named Certmagic -DC03 and Certmagic -DC04 respectively.The Certmagic.com helpdesk were inundated with calls reporting sluggish logon performance at the Dallas office. To this end the CIO gave you instruction to address the problem without incurring extra costs to the
27
http://www.certmagic.com
�070-294
company. You therefore need to increase performance of logons at the branch office. You need to accomplish this without generating extra inter-site replication.What should you do? To answer, choose a possible action from the options on the left and drag it to the appropriate place on the right. You may use as many possible actions and targets as required.
Answer:
Explanation: Universal group memberships are stored only in the global catalog in a multi-domain forest environment. To process a user's logon request, a domain controller has to query a global catalog server in order to establish the user's universal group membership. In the absence of
28
http://www.certmagic.com
�070-294
a global catalog in a site, the domain controller will query a global catalog in another site. If the WAN links between sites are slow the logon times can take long. Alternatively, the domain controller that confirms a user's logon request queries a global catalog server and stores the user's universal group memberships in a local cache. The data is stored in the cache indefinitely and is refreshed. It is refreshed by default every eight hours. It is therefore advisable to alleviate the problem for the Miami users by enabling universal group membership caching. Incorrect Answer: PDC emulator - The PDC emulator in an Active Directory domain is the domain controller that appears as the primary controller to legacy client operating systems, e.g. Windows NT. It is a computer in a domain that processes logon and password change requests for legacy clients. This makes a PDC emulator irrelevant to this scenario as co mention is made of legacy operating systems.Replication bridgehead configuration - It is a domain controller that is designated to participate in inter-site replication in an Active Directory environment. They are assigned by default and are therefore not a required option to select in this scenario.Minimize replication interval - Replication interval is the amount of time between two consecutive replication sessions. It is therefore common knowledge that it will have no effect on logon times. QUESTION: 20 You work as the network administrator at Certmagic.com. The Certmagic.com network consists of two Active Directory domains and two sites in a single forest. All servers and domain controllers on the Certmagic.com network run Windows Server 2003 and all client computers run Windows XP Professional. Certmagic.com has its headquarters in Chicago and a branch office in Dallas which are connected via a slow Wide Area Network (WAN) link. Both offices are configured as separate sites on the Certmagic.com forest. The forest functional level is set at Windows Server 2003. 1. The Chicago office has two domain controllers named Certmagic -DC01 and Certmagic DC02.The Chicago office has 500 users. 2. The Dallas office has two domain controllers named Certmagic -DC03 and Certmagic DC04.There are 55 users in the Dallas office.The exhibit below illustrates the Certmagic.com network. Exhibit:
The Certmagic.com new written security policy states that all logons should be
29
http://www.certmagic.com
�070-294
authenticated by domain controllers. The CIO therefore gave you instruction to comply with the company written security policy as well as enable users in the Dallas office to be able log on to the network in the event of the WAN link failing. You now need to comply with the CIO's instruction as well as minimizing the replication traffic over the WAN connection since it is a slow connection.What should you do? A. Your first option would be to implement a Group Policy Object (GPO).Thereafter you need to permit the users in the Dallas office to log on by making use of cached credentials. B. In order to comply with all the requirements universal group membership caching needs to be enabled for the Dallas office. C. To ensure that the users can logon in case of a failure and to minimize the replication traffic over the WAN you needs to modify the network to be single site. D. Your best option would be to configure a domain controller as a global catalog server in the Dallas office. Answer: B Explanation: As soon as a user logs onto the domain the client computer will send a logon request to the closest domain controller for that domain. However, if there is no domain controller in the site or in the site that the user wants to connect to, the domain controller will connect to the site link that has the lowest cost. Universal group membership in amulti-domain forest is maintained in the global catalog server. In the absence of a global catalog you should consider universal group membership caching for the site. In order to verify a logon request the domain controller needs to get the logon data from the global catalog server in the Chicago office. The data is then cached. Every time the user logon his/her logon information is acquired from the local cache in the Dallas office. This will result in the reduction of network traffic as well as improving the logon response Incorrect Answer: A: It is not wise to implement a GPO that permits the users to log on by using cached credential. The written security policy of Certmagic.com states that all logon requests should be authenticated by a domain controller. You would therefore violate the written security policy. C: all the computers will regard each other as local when you merge the two separate sites into one single site. This will result in an increase in the network traffic over the WAN link. D: It is not advisable to place a global catalog in the Dallas office. This will result in an increase of the Active Directory traffic over the WAN link because the domain controller would receive changes from the Chicago office.
30
http://www.certmagic.com
�