From  CertCities.com
PopQuiz

Microsoft Exam #70-244: Supporting and Maintaining a Microsoft Windows NT Server 4.0 Network
7 questions. Answers and detailed explanations can be found at the end of the quiz.

courtesy of   Transcender LLC

Questions

1. You are a domain administrator for a large pharmaceutical company. Tim has a local user account on a Windows NT Workstation 4.0 computer. His computer does not belong to a domain. Tim must be able to access the domain that you administer. You install a network card in Tim's computer and physically attach his computer to the corporate local area network (LAN).

Which two actions can you take next to enable Tim to access the domain that you administer?

a. From a domain controller in your domain, add Tim's user account and computer name to the domain.
Enter the domain name on the Identification tab of the Network program in Control Panel on Tim's computer.
b. Instruct Tim to specify the Guest user account, password and domain name for the domain in the Logon Information dialog box the next time he logs on.
c. From a domain controller in your domain, add Tim's computer name to the domain. From Server Manager on the domain controller, highlight Tim's workstation and select Import from the User menu to add his local user account to the domain. Enter the domain name on the Identification tab of the Network program in Control Panel on Tim's computer.
d. From Tim's computer, enter the domain name and select Create a Computer Account in the Domain on the Identification tab of the Network program in Control Panel. Enter your administrator user name and password, then allow Tim to use his computer.

 

2. Ruth has just changed the Dynamic Host Configuration Protocol (DHCP) configuration on her Windows NT Workstation 4.0 computer, and she wants to see if her computer has registered the change.

Which command should Ruth execute?

a. arp -s
b. ipconfig /all
c. nbtstat -s
d. netstat -e
e. ping -s

 

3. You have created a Web site on an IIS computer that you administer. The Web site provides anonymous Internet users with information that is stored on a remote SQL Server computer.

Which of the following actions should you take to block attacks against the SQL Server computer through the IIS computer?

a. Move the Httpodbc.dll file to the SQL Server computer.
b. Move SQL Server to the IIS computer.
c. Implement IPX as the protocol that is used between the SQL Server computer and the IIS computer.
d. Place the SQL Server computer in a different domain than the IIS computer.

 

4. Suppose the following situation exists:

The Windows NT 4.0 network you administer consists of two domains: Sales and Corp. Corp is the master domain, and Sales trusts Corp in a one-way trust relationship. Each domain has one primary domain controller (PDC), two backup domain controllers (BDCs), five member servers and 100 workstation computers. All servers and domain controllers run Windows NT Server 4.0. All workstation computers run Windows NT Workstation 4.0. You want to create a group named Allbackup that can back up all domain controllers, member servers and workstations on the network.

Required result:
Members of the Allbackup group must be able to back up all domain controllers in both domains.

Optional desired results:
Members of the Allbackup group should be able to back up all member servers in both domains.
Members of the Allbackup group should be able to back up all workstation computers in both domains.

Proposed solution:
Create a global group named Allbackup in the Sales domain. Add this global group to the Backup Operators local group on every domain controller, member server and workstation computer.

Which results does the proposed solution produce?

a. The proposed solution produces the required result and both of the optional desired results.
b. The proposed solution produces the required result and only one of the optional desired results.
c. The proposed solution produces the required result but none of the optional desired results.
d. The proposed solution does not produce the required result.

 

5. The Sales, Marketing and Accounting domains each contain 50 user accounts. All 150 users need access to files on a Windows NT Server 4.0 computer in a domain named Corp.

How should you configure the trust relationships?

a. Configure the Sales, Marketing and Accounting domains to trust the Corp domain.
b. Configure the Sales, Marketing and Accounting domains to be trusted by the Corp domain.
c. Configure the Sales, Marketing, Accounting and Corp domains with complete two-way trust relationships.
d. Do not configure any trust relationships, and install Gateway Service on the file server in the Corp domain.

 

6. Luther administers an FTP site that is hosted on an Internet Information Server (IIS) 4.0 computer. For security reasons, Luther does not want employees at his company logging on to the FTP site with their Windows NT user names and passwords. He is concerned that the user names and passwords may be intercepted.

How should Luther configure the permissions on the properties sheet of the FTP site?

a. Clear Allow Windows NT User Connections.
b. Select Allow Anonymous Connections.
c. Clear Allow Anonymous Connections.
d. Select Allow Only Anonymous Connections.

 

7. You require the ability to administer Web and FTP sites on an IIS computer that is located at a remote branch of your company. The branch's network is protected by a firewall that does not allow you to use Internet Service Manager.

How can you connect to the Administration Web site on the branch's IIS computer?

a. Specify the remote IIS computer's DNS name and the IISAdmin virtual directory's alias.
b. Specify the remote IIS computer's DNS name and TCP port 8827.
c. Specify the remote IIS computer's DNS name and the TCP port that is assigned to the Administration Web site.
d. Specify the host header name that is assigned to the Default Web site on the remote IIS computer and the TCP port that is assigned to the Administration Web site.

Answers:

1) Choices a and d are correct. To allow Tim to access your domain, you can register his computer name in Server Manager and his user name in User Manager for Domains on a domain controller in the domain. You should also instruct Tim to enter the domain name in the Identification tab of the Network program on his workstation.

Alternatively, you could enter your own user name and password along with the domain name in the Identification tab of the Network program on Tim's computer. If you were to perform these actions, then Tim would be using your user account to log on to the domain. Although using this strategy will meet the requirements of the scenario by allowing Tim to access the domain, he will only have such access while he is using your account. Furthermore, allowing Tim to access the domain with your administrative account is not advisable from a security standpoint.

Instructing Tim to specify the Guest user account, password and domain name in the Logon Information dialog box the next time he logs on would not enable him to log on to the domain because he has never specified a domain name in the Identification tab of the Network program.

Reference: NTCP, pp. 28-31.

2) Choice b is correct. The ipconfig /all command lists the local computer's Transmission Control Protocol/Internet Protocol (TCP/IP) configuration, including Domain Name System (DNS), network basic input/output system (NetBIOS), Windows Internet Name System (WINS) and DHCP information. Without the /all switch, ipconfig lists only the IP address, subnet mask, and default gateway. If more than one network adapter card is installed on a computer, ipconfig will list information for each adapter card. No other TCP/IP utility will display DHCP information.

Reference: RKNG, Chapter 12, Identify the TCP/IP Configuration by Using IPConfig, pp. 547-548. RKNG, Appendix A, ipconfig, p. 686. TPWIN2, Chapter 8, Testing the TCP/IP Configuration, p. 238.

3) Choice c is correct. There are several ways to guard against attacks on local network resources that are connected to an IIS computer. One method is protocol isolation. Because Internet traffic uses TCP/IP, you can use another protocol between IIS and network resources to make it difficult for attackers to reach anything behind an IIS computer. This solution is inexpensive and easy to implement. You only need to install a second network adapter on the IIS computer. TCP/IP would be bound to the adapter that is connected to the Internet; another protocol, IPX for example, would be bound to the other adapter, which is connected to the local network. This would allow files to be moved to the IIS computer through the use of IPX, but would prevent attackers from penetrating beyond the IIS computer. Protocol isolation does not provide absolute security. One weakness is that the IIS computer itself is still vulnerable to attack.

Reference: www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/winntas/reskit/inet/security.asp TechNet, Contents, "Windows Product Family," "Windows NT," "Windows NT Server," "Resource Kit," "Internet Guide," "Chapter 3 - Server Security on the Internet."

4) Choice d is correct. Because Sales trusts Corp in a one-way trust relationship, a global group in Sales cannot be assigned any rights or permissions in the Corp domain. Therefore, it is not possible to add the global group to the Backup Operators local group in the Corp domain. Furthermore, because all accounts exist in the Corp domain in this single master domain model, no reason exists to create a global group in a resource domain. Reference: NTCP, pp. 23-24, 37-38.

5) Choice b is correct. A trusting domain makes its file and print resources available to a trusted domain. Therefore, if users from the Sales, Marketing and Accounting domain need access to resources in the Corp domain, the three domains must be trusted by the Corp domain. Generally, you should not set up a two-way trust relationship, as in the complete trust model, unless you want users from both domains to be able to access resources in each other's domain. Reference: NTCP, pp. 37-39.

6) Choices b and d are correct. A primary security concern in relation to File Transfer Protocol (FTP) sites is that user names and passwords are sent unencrypted. Although this does not present a problem for anonymous connections, FTP users logging on with their Windows NT user names and passwords could compromise the security of the entire domain if their logon information were captured. For this reason, it is not a good idea to allow valid Windows NT users and anonymous users to share the same FTP service.

To allow only anonymous access, Luther must select both Allow Anonymous Connections and Allow Only Anonymous Connections on the Security Accounts tab of the properties sheet of the FTP site. Selecting only Allow Anonymous Connections allows both anonymous users and valid Windows NT users to log on. The Allow Only Anonymous Connections option is only available when Allow Anonymous Connections has already been selected. To allow only valid Windows NT accounts to have FTP access, Luther must clear Allow Anonymous Connections.

Reference: IISD, Contents, "Microsoft Internet Information Server," "Server Administration," "Security," "Access Control," "Configuring the Anonymous Access Account."

7) Choice c is correct. To connect to the Administration Web site on the remote IIS computer, you must specify in the Address field of your Web browser the IIS computer's DNS name or IP address and the TCP port that is assigned to the Administration Web site. The TCP port number is automatically assigned during IIS installation, and the number is randomly generated from the range of 2,000 through 9,999. You can change the port number in the Administration Web site's properties. If the Administration Web site has been assigned a host header name, then you must specify the host header name and the port number. By default, no host header names are assigned to any Web sites. Specifying the IIS computer's DNS name followed by the IISAdmin alias will allow you to administer only the default Web site.

Reference: IISD, Contents, "Microsoft Internet Information Server," "Server Administration," "Web and FTP Sites," "About Web and FTP Sites." IISD, Contents, "Microsoft Internet Information Server," "Server Administration," "Web and FTP Sites," "Remote Administration."

These questions and answers are provided by Transcender LLC. Order the full version of this exam simulation online at www.transcender.com, phone 615-726-8779, 8 a.m. - 6 p.m., (CST), M - F, fax 615-726-8884, or mail to or mail to Transcender LLC, 565 Marriott Drive, Suite 300, Nashville, TN 37214.

For more CertCities.com pop quizzes, click here. To access our list of free, non-braindump practice exams from across the Web, click here.


More Pop Quiz:

 

 

top

Copyright 2000-2005, 101communications LLC. See our Privacy Policy.
For more information, e-mail .