Welcome to Certifiable, your exam prep headquarters. Here you'll find questions about some of the tricky areas that are fair game for the certification exams. Following the questions, you'll find the correct answers and explanatory text. We will change the questions biweekly, and you will be able to access previous question sets.
Test Questions (June 16, 2000)
Test Answers (June 16, 2000)
Because Microsoft is now releasing the first of its Windows 2000 MCSE exams, here are two questions that address topics relevant to the Win2K Professional (Exam 70-210) and Win2K 2000 Server (Exam 70-215) exams.
Question 1
You are the administrator of a Win2K domain that uses DNS, and all your client computers use DHCP. One of the Win2K Professional clients on your network can't connect to any host on the network. Using the ipconfig command, you determine that the Win2K Pro client has a TCP/IP address of 169.254.12.20 and a subnet mask of 255.255.0.0. Your network has multiple subnets from the 192.168.0.0/16 range with subnet masks of 255.255.255.0. How can you correct the problem?
- Change the subnet mask to 255.255.255.0 on the failed computer.
- Change the failed computer's IP address to 192.168.1.1.
- Make sure that the DHCP server is working properly and that the failed client can connect to it.
- Make sure that the DNS server is working properly and that the failed client can connect to it.
For the correct answer and an explanation, see the Answers section.
Question 2
You are a Win2K network administrator. Mike, a temporary worker at your company, is having trouble saving a document to the Marketing shared folder. The Marketing shared folder resides on a server named Server01, which has a local path of C:\documents\marketing. C:\documents is shared at Docs. The C drive on Server01 is NTFS formatted.
The following default permissions are set:
| Docs shared folder | |
| Users | Read Allowed |
| Sales | Change Denied |
| Temps | Change Allowed |
| Admins | Full Control Allowed |
| Marketing shared folder | |
| Users | Change Allowed |
| Sales | Read Allowed |
| Temps | No explicit permission set |
| Admins | Full Control Allowed |
| C:\documents | |
| Users | Read Allowed, Write Denied |
| Sales | Modify Allowed |
| Temps | List Folder Contents Allowed, Write denied |
| Admins | Full Control Allowed |
| C:\documents\marketing | |
| Users | No explicit permissions set |
| Sales | Full Control Allowed |
| Temps | Read Allowed |
| Admins | No explicit permission set |
Mike is a member of the Users, Sales, and Temps, groups. How can you resolve the problem?
- Remove Mike from the Users group.
- Remove Mike from the Sales group.
- Remove Mike from the Temps group.
- Add Mike to the Admins group.
- Allow the Sales group Change permission on C:\documents\marketing.
- Remove Change Denied permission from the Temps group on the Docs shared folder.
- Disallow inheritable permissions in C:\documents\marketing.
For the correct answer and an explanation, see the Answers section.
Answer to Question 1
The correct answer is C—Make sure that the DHCP server is working properly and that the failed client can connect to it. This question tests your knowledge of a Win2K feature known as Automatic Private IP Addressing (APIPA). If a client machine can't find a DHCP server, APIPA assigns it an address from the 169.254.0.0/16 range. The client periodically re-polls the DHCP server, so you can solve the problem by ensuring that the DHCP server is available. (Instead of waiting for the client to re-poll the server, you can use the command ipconfig /renew from the command prompt to speed the process.)
The thinking behind APIPA is that if you accept the default settings in a non-domain environment, your Win2K computers can automatically communicate via TCP/IP. However, in domain environments (and on exams), this approach can cause confusion, and many people turn APIPA off. For more information, search the Win2K online Help for "disable automatic address configuration" or see Microsoft article Q244268 (http://support.microsoft.com/support/kb/articles/q244/2/68.asp).
In the question, your client is configured for DHCP, so Answer A won't solve the problem because you can't change the IP address or subnet mask without manually entering the value you want to remain the same. Even if you do enter the value manually, changing the subnet mask alone won't solve the problem of having an IP address that the rest of your network can't contact, and changing the IP address alone (Answer B) causes routing problems because the client is configured with a different subnet mask than the rest of the network. The problem isn't a DNS issue—it is an IP addressing one, so the client can't even communicate with the DNS server. Answer D, therefore, is wrong.
As a final note, this question uses common shorthand for IP networks. The /16, which refers to the network's subnet mask, means that your subnet mask has the first 16 bits set to one (and, implicitly, the rest zero). For example, 192.168.0.0/16 is equivalent to 192.168.0.0 with a subnet mask of 255.255.0.0; /24 is equivalent to 255.255.255.0; /28 is equivalent to 255.255.255.240.
Answer to Question 2
The correct answer is G—Disallow inheritable permissions in C:\documents\marketing. This question tests your knowledge of the NTFS permissions, share permissions, and their relationship. To calculate effective permissions on a shared folder,
- Calculate the effective NTFS permissions alone.
- Calculate the effective share permissions alone.
- Apply the most restrictive.
A new Win2K feature that's essential in answering this question is NTFS permission inheritance. On NTFS file systems, subfolders, by default, inherit the permissions you apply to a folder, and as a result, you see grayed out checkboxes in the Permissions dialog box. You can, of course, modify inheritance, but if the question doesn't specify, you should assume the default behavior for inheritance.
The permissions information about the Docs shared folder is meant to throw you off. Inheritance doesn't apply when calculating share permissions—only NTFS permissions apply. In this case, Mike's share permissions are the more permissive of Change and Read, which means Change. His NTFS permissions, which he inherits from C:\documents, are Read, Modify, and List Folder Contents Allowed and Write Denied, which remain unchanged when they combine with the Read permissions on the directory itself. This means that the problems are the Users and Temps group memberships, which result in the Write Denied.
Although Answer A—Removing Mike from Users—looks attractive initially because it removes a Write Denied on C:\documents, it doesn't change the effective NTFS permission because of the Write Denied from the Temps group. Worse, it reduces the effective share permission to Read, so it won't cure the write failure.
Answer B—Removing Mike from Sales—won't cure any of the permission problems. You might be tempted to choose this answer if you think that the Marketing share somehow inherits the share permission on Docs.
Answers C, D, E, and F won't cure the Write Denied that C:\documents\marketing inherits because of the Temps membership. Remember that denying permissions takes precedence over permitting them, so even membership in the Admins group won't help in this case.
Answer G, however, removes the inherited NTFS Write Denied permissions from C:\documents\marketing.
NTFS permissions inheritance is new in Win2K. If you encountered the same permissions set on an NT 4.0 server, Mike would already have Write access to the marketing share, and no modifications would be necessary. For more information about NTFS permission inheritance, see "How inheritance affects file and folder permissions" in the Win2K online Help.
