Welcome to Certifiable, your exam-prep headquarters. Here you'll find questions about some of the tricky areas that are fair game for the certification exams.
Questions (May 3, 2002)
Answers (May 3, 2002)
This week's questions cover topics for Exam 70-270: Installing, Configuring, and Administering Microsoft Windows XP Professional.
Question 1
You're collecting information about the various boot configurations on your network's Windows XP Professional Edition workstations. Instead of visiting each individual workstation, you want to perform this audit from the command line on your own XP Pro workstation. You're using a Domain Administrator account, and all the workstations you want to query are members of the domain.
Which of the following commands can you run from the XP command shell to receive information about SYSTEM-ALPHA's boot configuration? (Select all that apply.)
- showcfg /query /s \\system-alpha
- bootcfg /query /s \\system-alpha
- more \\system-alpha\c$\boot.cfg
- more \\system-alpha\c$\system.conf
- more \\system-alpha\c$\boot.ini
Question 2
Your company's phone directory consists of a several-thousand-line text file in the following format:
Both, Mick 9555 1234 Lardy, Paul 9557 1235 Maslen, Rob 9554 1522
Your company's eight-digit phone numbers start with the digits 9555, 9554, 9556, or 9557. Your phone list file is called phonlist.txt. You want to generate four new files with the following names:
phon9555.txt phon9554.txt phon9556.txt phon9557.txt
Each of these files should contain only the names and phone numbers of those people whose phone numbers start with each particular four-digit prefix. Which of the following command-line sequences will achieve this goal? (Choose the best answer.)
-
find "9557" < phonlist.txt > phon9557.txt find "9556" < phonlist.txt > phon9556.txt find "9555" < phonlist.txt > phon9555.txt find "9554" < phonlist.txt > phon9554.txt
-
search "9557" < phonlist.txt > phon9557.txt search "9556" < phonlist.txt > phon9556.txt search "9555" < phonlist.txt > phon9555.txt search "9554" < phonlist.txt > phon9554.txt
-
find "9557" < phon9557.txt > phonlist.txt find "9556" < phon9556.txt > phonlist.txt find "9555" < phon9555.txt > phonlist.txt find "9554" < phon9554.txt > phonlist.txt
-
search "9557" < phon9557.txt > phonlist.txt search "9556" < phon9556.txt > phonlist.txt search "9555" < phon9555.txt > phonlist.txt search "9554" < phon9554.txt > phonlist.txt
-
grep "9557" < phonlist.txt > phon9557.txt grep "9556" < phonlist.txt > phon9556.txt grep "9555" < phonlist.txt > phon9555.txt grep "9554" < phonlist.txt > phon9554.txt
Question 3
You suspect that a user from a particular IP, 198.250.213.224, is attempting a dictionary attack on the FTP server that you're running on Windows XP's Microsoft IIS system. You plan to contact the attacker's ISP, and you want to generate a text file that shows all the instances of this user's attacks. You're using 10MB log files. The most recent log file is called extend2.log.
Your FTP service is simply the default FTP site. You performed the default IIS install, and you haven't changed any of the directory locations. Windows XP Professional Edition is installed on the C drive, and you use the D drive only for data.
Which of the following commands will generate a file named attack.txt in the D:\Temp directory, assuming that you're in the root directory of the C drive in the command-prompt environment? (Choose the best answer; the line breaks are unintentional, and all answers represent one line command. "WINNT" represents the system directory—\WINDOWS on some XP installations.)
-
find "198.250.213.224" > c:\IISLOGS\MSFTPSRV\extend2.log | d:\temp\attack.txt
-
find "198.250.213.224" < c:\IISLOGS\MSFTPSRV\extend2.log | d:\temp\attack.txt
-
find "198.250.213.224" < c:\IISLOGS\MSFTPSRV\extend2.log > d:\temp\attack.txt
-
find "198.250.213.224" C:\WINNT\system32\logfiles\MSFTPSVC1\extend2.log | d:\temp\attack.txt
-
find "198.250.213.224" < C:\WINNT\system32\logfiles\MSFTPSVC1\extend2.log | d:\temp\attack.txt
-
find "198.250.213.224" < C:\WINNT\system32\logfiles\MSFTPSVC1\extend2.log > d:\temp\attack.txt
Answer to Question 1
The correct answers are B— bootcfg /query /s \\system-alpha; and E— more \\system-alpha\c$\boot.ini. The best way to perform the audit is to use the bootcfg command, which provides nicely formatted output, such as Boot Loader Settings:
timeout: 30 default: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS Boot Entries ---------- Boot entry ID: 1 Friendly Name: "Microsoft Windows XP Professional" Path: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS OS Load Options: /fastdetect /debug /debugport=com1:
However, you can also issue the More command while mounting the C$ hidden share to reveal the unformatted contents of the boot configuration file. You can use this command to determine the exact OS of a remote server (assuming, of course, that the information contained in the boot.ini file is correct).
Answer to Question 2
The correct answer is A— find "9557" < phonlist.txt > phon9557.txt, find "9556" < phonlist.txt > phon9556.txt, find "9555" < phonlist.txt > phon9555.txt, find "9554" < phonlist.txt > phon9554.txt. Although you probably won't ever have to perform such a task, this question helps you become familiar with the Windows command-line's text-processing capabilities, which can be very useful for searching the text log files that Microsoft IIS generates. You can use the Grep command on a UNIX system, although the format would be different. Using Find and piping the results correctly to the new file is important.
Answer to Question 3
The correct answer is F—
find "198.250.213.224" < C:\WINNT\system32\logfiles\MSFTPSVC1\extend2.log > d:\temp\attack.txt
The key to answering this question correctly is knowing where the default IIS log files are located on XP systems and how piping and redirects work with the Find command. The answer to the first piece of the puzzle is finding "string" < filename.txt > outputfilename.txt. The second piece is knowing the default location of the IIS FTP log files. C:\WINNT\System32\Logfiles MSFTPSVC1\ is the primary location (C:\windows\system32\logfiles on some XP systems).
