JPR-961 Online Practice Questions and Answers

You are the security administrator for your company. The company's network supports 500 users. All network server computers run Windows Server. All network client computers run Windows XP Professional. All domain account logon

events are audited.

A human resources manager requests that you produce a listing of the times and dates a user named JohnP logged on to the domain. The user was assigned to a client computer named HR09.

You should achieve this objective while reviewing the minimum amount of information. What should you do? (Choose two. Each correct answer presents part of the solution.)

A. Create a filter that will list all events for the JohnP user account.

B. Use the Find option to list only the events for the JohnP user account.

C. Open Event Viewer and access the security log on each domain controller.

D. Use the Find option to list only the events for the HR09 computer account.

E. Create a filter that will list only the events for the HR09 computer account.

F. Log onto HR09 as a local administrator, and open Event Viewer to view the local security log.

You are a network administrator for your company. The company network consists of two Active Directory forests. Verigon.com is the single-domain forest that contains all user accounts and resources for the corporate network, except the

resources that are allocated to the Development department. Dev.corp is the single-domain forest that is used only by the Development department. You configure an external trust between the two domains.

Developers must be able to log on from their computers to the verigon.com domain. In the verigon.com forest, you create a new user principal name (UPN) suffix of dev.corp and configure UPNs for the developers' user accounts in the

verigon.com domain with this suffix. Developers report that they cannot log on to the verigon.com domain from their computers, which belong to the dev.corp domain, by using their UPNs. You must enable developers to log on to the

verigon.com domain from their computers by using UPNs.

What should you do?

A. Replace the external trust with a forest trust.

B. Change the UPN suffix for the developers' user accounts to verigon.com.

C. Configure selective authentication on the trust.

D. Configure domain-wide authentication on the trust.

Mark works as a Network Administrator for ABC.com. The company has a Windows single domain-based Active Directory network. The network has five Windows member servers and 200 Windows XP Professional client computers. The network has a Windows Server that works as a DNS server. The DNS server contains the following types of resource records: Name Server (NS) resource record A resource record PTR resource record SRV resource record MX resource record

Mark updates the A resource record. Which of the following types of resource records can be associated with the A resource record and needs to be updated?

A. The associated PTR resource record needs to be updated.

B. The associated SRV resource record needs to be updated.

C. The associated MX resource record needs to be updated.

D. The associated NS resource record needs to be updated.

Andrew works as a Network Administrator for ABC.com. The company has a Windows domain-based network. The company has two Windows servers and 150 Windows Professional client computers.

The company has a Windows server named NATSERV that has a dial-up connection to the Internet.

NATSERV has two network interfaces named EthernetA and EthernetB .

EthernetA is connected to the LAN and has an IP address of 192.168.1.121. EthernetB is connected to the Internet and has an IP address of 132.103.102.71. The client computers on the LAN connect to the Internet by using NATSERV. NAT

also has Routing and Remote Access installed.

Andrew enables the NAT/Basic Firewall routing protocol on NATSERV. The configuration of the NAT/Basic Firewall routing on NATSERV is shown in the image below:

The client computers on the network are unable to connect to the Internet. When Andrew tries to ping

132.103.102.71 from the client computers on the local network, he receives a message as shown in the image below:

Andrew wants to ensure that the client computers on the local network are able to connect to the Internet.

What will he do to accomplish this?

Each correct answer represents a part of the solution. (Choose two.)

A. For EthernetB, configure Outbound Filters under Static packet filters.

B. For EthernetA, configure Inbound Filters under Static packet filters.

C. For EthernetA, configure NAT/Basic Firewall as 'Private interface connected to private network'.

D. For EthernetB, configure NAT/Basic Firewall as 'Public interface connected to the Internet'.

Mark works as a Network Administrator for ABC.com. The company has a Windows domainbased network. The network contains two domain controllers, four Windows member servers, and 300 Windows XP Professional client computers. One of the member servers named RRASSRV works as a Routing and Remote Access Server. RRAS is configured as a VPN server. A company employee named Rick works from a remote location. Rick daily connects to RRASSRV by using a VPN connection and uploads daily reports on RRASSRV. He is the only person who connects to RRASSRV by using the VPN connection. Mark notices that Rick is able to access the other computers on the network while he is connected to RRASSRV. Mark wants to prevent Rick from accessing the other computers on the network. What will he do to accomplish this?

A. In the Routing and Remote Access management console on RRASSRV, click the IP tab page in the server properties dialog box and deselect the Enable IP routing check box.

B. In the Routing and Remote Access management console on RRASSRV, click the General tab page in the server properties dialog box and deselect the Remote access server check box.

C. In the Routing and Remote Access management console on RRASSRV, click the PPP tab page in the server properties dialog box and deselect the Multilink connections check box.

D. In the Routing and Remote Access management console on RRASSRV, click the IP tab page in the server properties dialog box and disable the IP routing radio button.

Jennifer, the network administrator at a chain of bakery stores called The Cheesecake Factory, recently upgraded the corporate office of a single segmented network to one that supports four separate virtual networks, or Virtual Local Area Network segments (VLANS). Jennifer is very conscious of production change and thus contacted the systems group in order to make sure all the technical aspects of the project were met. Jennifer wanted to make sure that when all the client workstations were on the new network segments, they were still able to gain IP connectivity to the rest of the network as they had before. The Cheesecake Factory has been running a Windows Server Active Directory domain at the Windows 2000 mixed functional level for over two months. Jennifer created four network segments and labeled them VLAN1, VLAN2, VLAN3, and VLAN4.VLAN1 was the original network and hosts the original DHCP server, called SERVER1. Its network address did not change. The systems team decided to put DHCP Relay Agents on VLAN2 and VLAN3, configured to relay DHCP messages to the original DHCP server on VLAN1. Due to a reluctance to permit more DHCP broadcast traffic than the router could handle, Jennifer suggested to her systems team that VLAN4 should host its own DHCP server. The systems group installed another DHCP server on VLAN4, set up the appropriate DHCP scopes on that server and set up the additional DHCP scopes for VLAN2 and VLAN3 on SERVER1.After the work was completed, all clients on all VLANs seemed to be working fine for about two weeks, until Jennifer got a call from the Help Desk stating that the users in the warehouse cannot boot up from their diskless workstations, where they run monthly accounting statistics, but can connect from all other workstations. Jennifer looks at her network diagram and determines that the warehouse is located on VLAN4. She also checks with users in the accounting department on VLAN1 to see if they can connect using their diskless workstations. They tell Jennifer that they can and have had no problems. What did the systems team most likely forget to do?

A. Install a DHCP Relay Agent on VLAN4.

B. Configure a BOOTP table on the new DHCP server on VLAN4.

C. Replace the router with an RFC 2131 compliant router.

D. Cold boot all the diskless workstations.

You’ve just created a new zone in DNS on a Windows Server -based computer. You check the zone and notice that the only records in it are the SOA and NS RRs. You check the configuration and see that the zone is configured to accept dynamic updates. What should you do next?

A. Manually add all RR for the zone including A, CNAME, PTR, and SRV records.

B. Manually add A RR for all hosts that cannot use dynamic updating.

C. Manually add A RR and PTR RR for all hosts that will be using dynamic updating.

D. Manually initiate a zone transfer to replicate all the needed RR to the new zone.

The ABC.com network consists of a single Active Directory domain named ABC.com. All servers are configured with Windows Server and all client computers with Windows XP Professional.

At present there are 100 servers in an organizational unit named Terminal Servers, configured to run Terminal Services.

The Terminal Servers host in-house applications. Only ABC.com users with Power Users group membership can run these in-house applications.

A new ABC.com security policy states that the Power Users Group must be empty on all servers.

How would you ensure that the in-house applications will be available to users on the servers when the new security requirement is enabled? (Choose two.)

A. Set up a GPO in link it to the Terminal Servers OU.

B. Set up the Compatws.inf security template to allow the Local Users group to run the legacy applications. C. Import the Compatws.inf template into the GPO.

C. Change the legacy application executable file permissions to allow the Local Users group Full Control permission.

D. Place the Domain Users group on the Local Administrators group on the Terminal Servers.

E. Set up the Terminal Servers to run in Application Mode.

F. Set up the Terminal Servers to run in Remote Administration Mode.

You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. The servers at the ABC.com network run Windows Server.

The ABC.com network has a Web server named ABC-SR11. During a routine monitoring you notice an increase in network traffic. Due to this you need to find out the MAC address of the workstation that initiated the transfers and the

command that was used. However, you action must not effect ABC-SR11.

What actions must you take?

A. You must run the ipconfig/registerdns.

B. You must use the Netmon utility.

C. You must capture the IP traffic to ABC-SR11.

D. You must Enable Server Message Block (SMB) signing on all the workstations.

You work as a network administrator for ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. There are currently 120 Web servers running Windows Server and are contained in an Organizational Unit (OU) named ABC_WebServers

ABC.com management took a decision to uABCrade all Web servers to Windows Server. You disable all services on the Web servers that are not required. After running the IIS Lockdown Wizard on a recently deployed web server, you discover that services such as NNTP that are not required are still enabled on the Web server.

How can you ensure that the services that are not required are forever disabled on the Web servers without affecting the other servers on the network? (Choose two.)

A. Set up a GPO that will change the startup type for the services to Automatic.

B. By linking the GPO to the ABC_WebServers OU.

C. Set up a GPO with the Hisecws.inf security template imported into the GPO.

D. By linking the GPO to the domain.

E. Set up a GPO in order to set the startup type of the redundant services to Disabled.

F. By linking the GPO to the Domain Controllers OU.

G. Set up a GPO in order to apply a startup script to stop the redundant services.

You are working as the administrator at ABC.com. Part of you job description includes the deployment of applications on the ABC.com network. To this end you operate by testing new application deployment in a test environment prior to deployment on the production network.

The new application that should be tested requires 2 processors and 3 GB of RAM to run successfully. Further requirements of this application also include shared folders and installation of software on client computers. You install the application on a Windows Server Web Edition computer and install the application on 30 test client computers.

During routine monitoring you discover that only a small amount of client computers are able to connect and run the application. You decide to turn off the computers that are able to make a connection and discover that the computers that failed to open the application can now run the application.

How would you ensure that all client computers can connect to the server and run the application?

A. By running a second instance of the application on the server.

B. By increasing the Request Queue Limit on the Default Application Pool.

C. By modifying the test server operating system to Window Server Standard Edition.

D. By increasing the amount of RAM in the server to 4GB.

You are working as the administrator at ABC.com. The network consists of a single Active Directory domain named ABC.com with the domain functional level set at Windows Server. All network servers run Windows Server and all client computers run Windows XP Professional.

The ABC.com domain is divided into organizational units (OU). All the resource servers are contained in an OU named ABC_SERVERS and the workstations are contained in an OU named ABC_CLIENTS. All resource servers operate at near capacity during business hours. All workstations have low resource usage during business hours.

You received instructions to configure baseline security templates for the resource servers and the workstations. To this end you configured two baseline security templates named ABC_SERVERS.inf and ABC_CLIENTS.inf respectively. The ABC_SERVERS.inf template contains many configuration settings. Applying the ABC_SERVERS.inf template would have a performance impact on the servers. The ABC_CLIENTS.inf contains just a few settings so applying this template would not adversely affect the performance of the workstations.

How would you apply the security templates so that the settings will be periodically enforced whilst ensuring that the solution reduces the impact on the resource servers? (Choose three.)

A. By setting up a GPO named SERVER-GPO and link it to the ABC_SERVERS OU.

B. By having the ABC_SERVERS.inf template imported into SERVER-GPO.

C. By having the ABC_SERVERS.inf and the ABC_CLIENTS.inf templates imported into the Default Domain Policy GPO.

D. By scheduling SECEDIT on each resource server to regularly apply the ABC_SERVERS.inf settings during off-peak hours.

E. By having a GPO named CLIENT-GPO created and linked to the ABC_CLIENTS OU.

F. By having the ABC_CLIENTS.inf template imported into CLIENT-GPO.

G. By having SERVER-GPO and CLIENT-GPO linked to the domain.

You are working as an administrator for ABC.com. The network consists of a single Active Directory domain named ABC.com. All server run Windows Server and all client computer run Windows XP Professional.

The ABC.com departments are organized into organizational units (OUs). The Administration OU is named ABC_ADMIN, and the Sales OU is named PABC_SALES. All file servers for all departments are located in their respective OUs. The ABC_SALES OU is a child OU of the ABC_ADMIN OU. A new ABC.com written security policy states that servers in the ABC_ADMIN OU should be highly secure. All communications with ABC-ADMIN servers should be encrypted. The security policy also states that auditing should be enabled for

file and folder deletion on Sales servers. Communications with the Sales servers should not be encrypted. How should you configure Group Policy for the ABC_Admin and ABC_Sales OU? (Choose three.)

A. Configure a GPO to apply the Hisecws.inf security template. Link this GPO to the ABC_ADMIN OU.

B. Configure a GPO to enable the Audit object access audit policy on computer objects. Link this GPO to the ABC_SALES OU.

C. Configure a GPO to apply the Hisecws.inf security template. Link this GPO to the ABC_Sales OU.

D. Configure a GPO to enable the Audit object access audit policy on computer objects. Link this GPO to the ABC_ADMIN OU.

E. Block group policy inheritance on the ABC_ADMIN OU.

F. Block group policy inheritance on the ABC_SALES OU.

The ABC.com network consists of a single Active Directory domain named ABC.com. All computers on the ABC.com network are members of the ABC.com domain.

You install a new server named ABC-CA1 and configure it as a Certification Authority for the ABC.com domain.

How would you enable an Active Directory global group named CA-Admins to issue, revoke and approve certificates without assigning more permissions than necessary?

A. Make the CA-Admins group also members of the Domain Admins group in the domain.

B. Make the CA-Admins group also members of the local Administrators group on ABC-CA1.

C. Grant the CA-Admins group Full Control permission to the Certificated Template container in the Active Directory.

D. Make the CA-Admins group members of the Cert Publishers group in Active Directory.

E. Grant the Certificate Managers role to the CA-Admins group.

The ABC.com network consists of a single Active Directory domain named ABC.com.

You deploy an enterprise certification authority (CA) on a Windows Server computer named ABC-CA1. The primary purpose of the CA is issue company users with digital certificates to enable them to authenticate with the new company Intranet website. You create a new certificate template named Web Authentication. You enable the Web Authentication certificate template on ABC-CA1 and configure the default domain group policy so that users who log on to the domain receive a Web

Authentication certificate.

The following morning users complain that they do not have certificates which can be used to authenticate to the Intranet Web site.

How can you ensure the users are issued with a certificate?

A. By configuring ABC-CA1 to be an Enterprise Subordinate CA of a public CA such as Verisign.

B. By modifying the permissions of the Web Authentication certificate template to give the Domain Users group the Allow