Certifiable Q&A for November 17, 2000

Welcome to Certifiable, your exam prep headquarters. Here you'll find questions about some of the tricky areas that are fair game for the certification exams. Following the questions, you'll find the correct answers and explanatory text. We change the questions biweekly.

The following questions cover some of the basic topics that you'll find on Exam 70-067: Implementing and Supporting Microsoft Windows NT Server 4.0 and Exam 70-210: Installing, Configuring, and Administering Microsoft Windows 2000 Professional. You might think that critical information is missing from some of these questions, but keep in mind that Microsoft assumes you're coming to the exam with a significant amount of knowledge about a product, including the default settings for various features. Rather than give you all the pertinent information, the Win2K exams ask questions in a way that forces you to draw upon your experience. I've tried to simulate that kind of question here. Good luck!

In the next issue, I'll present questions that anyone hoping to become a network administrator should be able to answer quickly and confidently. I think they'll present a worthy challenge.

Until next time,
Morris Lewis

Questions (November 17, 2000)
Answers (November 17, 2000)

Questions (November 17, 2000)

Question 1
One of your workstations can't access a server using the server's name, but it can when using the IP address 10.56.78.64. Your subnets are connected to each other with a router, and the router interfaces have the IP addresses of 10.56.77.1 and 10.56.78.1. While troubleshooting the system, you run the ipconfig /all command and get the following results:

Windows NT IP Configuration
   Host Name . . . . . . . . . . : workstationa.bfq.com
   DNS Servers . . . . . . . . . : 10.0.0.54
   Node Type . . . . . . . . . . : Hybrid
   NetBIOS Scope ID. . . . . . . : 
   IP Routing Enabled. . . . .   : No
   WINS Proxy Enabled. . . . . . : No
   NetBIOS Resolution Uses DNS . : No
Ethernet adapter NDISGENERIC1:
   Description . . . . . . . . . : NDISGENERIC1
   Physical Address. . . . . . . : AB-CD-EF-01-23-45
   DHCP Enabled. . . . . . . . . : No
   IP Address. . . . . . . . . . : 10.56.78.58
   SubNet Mak  . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . : 10.56.77.1
   Primary WINS Server . . . . . : 10.0.0.56

How would you correct the problem?

  1. Change the IP address.
  2. Change the subnet mask.
  3. Change the default gateway.
  4. Modify the LMHOSTS file to include the server's name and IP address.

Question 2
In the first phase of upgrading your servers to Windows 2000, you perform a new Win2K Server installation on a new computer and make it the first domain controller (DC) of a new domain named XYZ_2K. In the second phase, you move all the client computers from the Windows NT domain named XYZ_NT to the new XYZ_2K domain. Finally, you upgrade the XYZ_NT DCs and make them DCs in the XYZ_2K domain. However, when you finish the upgrade, users have problems logging on to their computers, accessing files on the local hard disks, finding resources on the network, and connecting to shared folders. What's the source of the problem?

  1. You must set one DC as the PDC emulator.
  2. NT and Windows 98 can't use a Win2K domain for authentication.
  3. NT and Windows 98 can't use Active Directory (AD) for finding resources and computers on the network.
  4. The DNS server isn't configured properly.
  5. You converted the DCs in the wrong order.

Question 3
Your company's quarterly earnings report must remain confidential until it's time to release it to the public. Only the president, the vice president, the chief financial officer (CFO), the CFO's personal assistant, and the company's legal counsel may read or modify the document before the release. After the release, the general public can view the report on the company Web site.

You create the Executive Officers domain global group and make each officer a member. The CFO's assistant creates a folder called Q3 Report on his computer, and you share the folder on the network with the name Q3Report$. You grant Read permission for the Executive Officers group for the Q3Report$ share and Modify permission to that group for the Q3 Report folder. You also grant the assistant's account Modify permission to the Q3 Report folder. Finally, you deny Read permission to the Domain Users global group for the Q3Report$ share. In performing these steps, which of the following goals do you meet? (Choose all that apply.)

  1. The executive officers can read the document.
  2. The CFO and her assistant can make changes to the document.
  3. Only those who log on to the assistant's computer can make changes.
  4. No one but the executive officers can read the document.
  5. No one but the CFO and her assistant can read or make changes to the document.
  6. The shared folder is hidden from general view.

Answers (November 17, 2000)

Answer to Question 1
The correct answer is C— change the default gateway. A TCP/IP address consists of two parts, the network ID and the host ID. In a subnet mask of 255.255.255.0, the first three octets are the network ID and the last octet is the host ID. All computers on the same subnet must have the same first three octets, and the last octet for that computer must be unique. The default gateway doesn't have the same network address as the local subnet; therefore, data bound for other subnets won't reach the default gateway. Because the DNS and WINS servers are on a different subnet, the computer is unable to look up the destination's IP address by name.

Answer to Question 2

The correct answer is E— you converted the DCs in the wrong order. The problem here is that each domain assigns universally unique identifiers (UUIDs) for each user and group account. The system uses these SIDs instead of account names to distinguish accounts when authenticating logons or assigning permissions. The algorithm for generating the SID guarantees that no two accounts will ever have the same ID. Therefore, when you create a new domain, the accounts in that domain will have IDs that are different from the accounts in every other domain, even if they have the exact same account name. In this example, you created a new domain instead of upgrading the old domain, so users gain new IDs that are incompatible with the old domain IDs, which the system used to assign permissions.

The proper way to perform an upgrade is to upgrade the NT 4.0 PDC first, then upgrade the BDCs, and finally upgrade any new DCs. If you follow this order, you'll maintain the IDs from the NT domain.

Answer to Question 3
The correct answer is B— the CFO and her assistant can make changes; C— only those who log on to the assistant's computer can make changes; and F— the shared folder is hidden from general view. The relationship between shared folder permissions and NTFS permissions has been a common exam topic since the NT 3.51 exams, so you should spend as much time as it takes to learn how these permissions work. In this question, you need to know that shared folder permissions take effect when a user accesses the folder over the network. Executive officers who log on to the assistant's computer can modify the quarterly report, but they can't read the report if they access it over the network. So, it appears that you have satisfied goals A, B, and C.

You might be thinking that you have also satisfied goals D and E, but you haven't because you, as an administrator, still have access to the assistant's computer over the network and locally. You must take additional steps to eliminate administrative access.

Also, attempts to satisfy goal D will lead to conflict. By denying Read access to the Domain Users global group at the shared folder level, you also exclude any officer who is a member of Domain Users, thereby violating goal A. Because all users are members of Domain Users by default, the proposed solution probably won't work. Finally, if you add "$" to the share name, it won't appear on the list of resources on the network.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish