Test4pass Microsoft 70-214 exam demo and answer
Exam 70-214:
Implementing and Managing Security in a Windows 2000 Network Infrastructure
Published: January 15, 2003
Language(s): English
Audience(s): IT Professionals
Technology: Microsoft Windows 2000
Type: Proctored Exam
70-214 exam overview:
Audience Profile
Candidates for this exam operate in medium-sized to very large computing environments that use Windows 2000 and Active
Directory. Operating systems on client computers might include Windows NT Workstation 4.0, Windows 2000 Professional, and
Windows XP Professional.
Candidates have a minimum of one year of experience in implementing and administering security and network infrastructures in
environments that have the following characteristics:
Supported users range from 200 to more than 26,000.
Physical locations range from five to more than 150.
Infrastructures include LAN, WAN, and wireless networks.
Typical network services and applications include file and print, database, messaging, proxy server and firewall, public key
infrastructure, remote access, desktop management, and Web hosting.
Connectivity scenarios include connecting individual offices and users at remote locations to the corporate network and
connecting corporate networks to other networks and the Internet.
Credit Toward Certification
When you pass Exam 70-214: Implementing and Managing Security in a Windows 2000 Network Infrastructure, you complete the
requirements for the following certification(s):
Microsoft Certified Professional (MCP)
Exam 70-214: Implementing and Managing Security in a Windows 2000 Network Infrastructure: counts as credit toward the
following certification(s):
Elective credit toward Microsoft Certified Systems Administrator (MCSA) on Microsoft Windows 2000 certification
Elective credit toward Microsoft Certified Systems Engineer (MCSE) on Microsoft Windows 2000 certification
Note This preparation guide is subject to change at any time without prior notice and at the sole discretion of Microsoft.
Microsoft exams might include adaptive testing technology and simulation items. Microsoft does not identify the format in
which exams are presented. Please use this preparation guide to prepare for the exam, regardless of its format.
Microsoft 70-214 exam braindumps for share
1. You are the network administrator for your company. Your network consists of a Windows 2000 Active
Directory domain. The domain contains three domain controllers, one Windows 2000 Server computer
configured as an intranet Web server, and 500 Windows 2000 Professional client computers.
You must install five hotfixes on your intranet Web server. Two of the hotfixes modify some of the same files.
Your manager wants you to minimize the time that the intranet Web server is offline.
What should you do?
A. Apply the hotfixes to your intranet Web server with the switch that prevents a restart. Run the netdiag /v
/fix command on the intranet Web server. Restart the intranet Web server.
B. Apply the hotfixes to your intranet Web server with the switch that prevents a restart. Run the qchain.exe
command on the intranet Web server. Restart the intranet Web server.
C. Run the qchain.exe command on the intranet Web server. Apply the hotfixes to your intranet Web server
with the switch that prevents a restart. Run the netdiag /v /fix command on the intranet Web server. Restart
the intranet Web server.
D. Run the qfecheck.exe command on the intranet Web server. Apply the hotfixes to your intranet Web
server with the switch that prevents a restart. Run the qfecheck.exe command on the intranet Web server.
Restart the intranet Web server.
Answer: B
2. You are the network administrator for your company. The network consists of a Windows 2000 Active
Directory domain. The domain contains two domain controllers and two Windows 2000 Server computers.
One server is configured as a file server named ServerA, and the other server is configured as an intranet
Web server. In addition, the network contains 50 Windows XP Professional client computers.
All but five of the client computers receive scheduled automatic updates. The five client computers that are
not updated automatically are on an isolated LAN segment that is not connected to the Internet. The client
computers on the isolated LAN have access to ServerA and the intranet Web server.
You want to apply three security updates on these client computers. What should you do?
A. From a computer connected to the Internet, download and copy the security updates to a network share
on ServerA. Run Windows Update on the client computers located on the isolated LAN.
B. From a computer connected to the Internet, download and copy the security updates to a network share
on ServerA. Connect each client computer on the isolated LAN to the network share and apply each update
individually.
C. From a computer connected to the Internet, download the XML security database from the Microsoft
Web site. Share this database on the intranet Web server. Connect each client computer on the isolated
LAN to the intranet Web server. Run the qchain.exe command on each client computer on the isolated
LAN.
D. From a computer connected to the Internet, download the XML security database from the Microsoft
Web site. Place the XML security database in the C:\Inetpub folder on the intranet Web server. Connect
each client computer on the isolated LAN to the Default Web site on the intranet Web server. Run the
Windows Update service on the client computers on the isolated LAN.
Answer: B
3. You are the network administrator for your company. Your network consists of a Windows 2000 Active
Directory domain. Your company has three departments: research, sales, and operations. Each department
has a separate organizational unit (OU) in the domain that contains all user and group accounts for that
department.
The network includes two Windows 2000 Server computers configured as domain controllers. One
Windows 2000 Server computer, named ServerC, is running Remote Installation Services (RIS) and the
DHCP service. The network also contains 1,500 Windows 2000 Professional client computers, which were
installed from CD-based RIS images stored on ServerC.
Your company receives 25 new computers of the same type that you are using for your network client
computers. You prepare to install 25 new Windows 2000 Professional client computers. You must place the
computer accounts for these client computers in the Research OU. All these client computers require a
custom set of applications and the latest service pack.
You install Windows 2000 Professional on a client computer and name the computer Client1. You install
and configure all the custom applications and the latest service pack on Client1.
You want to install the required applications and the service pack on the rest of the new client computers
with the least amount of administrative effort. What should you do?
A. Create new Group Policy objects (GPOs) and link them to the Research OU. Configure a GPO with an
installation package for each required application and the service pack.
B. Create an unattended answer file based on the configuration of Client1. Save that answer file as
Risetup.sif and associate it with the CD-based RIS image on ServerC. Use the CD-based RIS image to
install the software on each new client computer.
C. Copy the contents of the Windows 2000 Professional CD-ROM to a folder on ServerC. Slipstream the
latest service pack to that folder. Create a new RIS image from that folder. Run the riprep command on
Client1 to create a new image on ServerC. Use the riprep image to install the new client computers.
D. Install the new client computers by using the existing CD-based RIS image on the RIS server. Install
each required application on each client manually. Create a new Group Policy object (GPO) and link it to
the domain. Configure the GPO with a software installation package for the latest service pack.
Answer: C
4. You are the network administrator for your company. The network consists of a Windows 2000 Active
Directory domain. The domain contains 100 Windows 2000 Server computers, 5,000 Windows 2000
Professional computers, and 1,000 Windows XP Professional computers.
The computer accounts for all servers are located in an organizational unit (OU) named Servers. The
computer accounts for all client computers are located in an OU named Desktops. All user accounts are
located in an OU named CorpUsers.
You download a new Windows 2000 service pack from the Microsoft Web site. The service pack is
distributed as a Microsoft Windows Installer package.
You need to ensure that all Windows 2000 Professional computers receive the service pack. The service
pack must not be deployed to any Windows XP Professional computers.
Which three actions should you take? (Each correct answer presents part of the solution. Choose three.)
A. Create a child OU named WinXP under the Desktops OU. Move all Windows XP Professional computer
accounts to the WinXP OU.
B. Create a child OU named Win2000 under the Desktops OU. Move all Windows 2000 Professional
computer accounts to the Win2000 OU.
C. Create a Group Policy object (GPO) named W2KSP. In the user configuration section of W2KSP, publish
the service pack installer file.
D. Create a Group Policy object (GPO) named W2KSP. In the computer configuration section of W2KSP,
assign the service pack installer file.
E. Link W2KSP to the Desktops OU.
F. Link W2KSP to the CorpUsers OU.
G. Link W2KSP to the Win2000 OU.
Answer: BDG
5. You are the network administrator for your company. The network consists of a Windows 2000 Active
Directory domain. The domain contains Windows 2000 Server computers and Windows 2000 Professional
client computers.
From a Windows 2000 Professional client computer in the domain, you want to use the Microsoft Baseline
Security Analyzer (MBSA) to verify the status of hotfixes and security-related settings of computers in the
domain. You have installed a copy of MBSA on the Windows 2000 Professional computer.
The Windows 2000 Professional computer does not have access to the Internet. However, you want to
ensure that you can verify the latest hotfixes.
What should you do?
A. Copy the latest available version of Mssecure.cab to the %ProgramFiles%\Microsoft Baseline Security
Analyzer folder, then run MBSA.
B. Copy the latest available version of Hfnetchk.exe to the %ProgramFiles%\Microsoft Baseline Security
Analyzer folder, then run MBSA.
C. From another computer, download the latest available version of the MBSA tool. Install the tool on the
Windows 2000 Professional computer, then run MBSA.
D. From another computer, download the latest available version of the Microsoft XML parser (MSXML).
Install the parser on the Windows 2000 Professional computer, then run MBSA.
Answer: A
6. You are the administrator of a regional office LAN on your company network. The network consists of a
Windows 2000 Active Directory domain. All computers on your company’s network are using either
Windows 2000 Professional or Windows 2000 Server.
Your company has one main office and several regional offices. Each regional office is represented by an
organizational unit (OU). The main office has two domain controllers. Each regional office has a domain
controller. All the computers at your regional office have an IP address in the same subnet. Your user
account has full administrative control over every computer at your office.
You must find out whether the computers in your regional office have the latest hotfixes and service packs
applied. What should you do? (Each correct answer presents a complete solution. Choose two.)
A. Run the netdom verify command for your domain from any domain computer attached to your regional
office network.
B. Run the netdiag /v command for your domain from any domain computer attached to your regional office
network.
C. Run the hfnetchk command for the local subnet of your regional office from any domain computer
attached to your regional office network.
D. Run Microsoft Baseline Security Analyzer (MBSA) for the local subnet of your regional office from any
domain computer attached to your regional office network.
E. Run the msicuu.exe command on all domain computers on the local subnet of your regional office
network.
Answer: CD
7. You are the network administrator for your company. The network consists of a Windows 2000 Active
Directory domain. All client computers are in an organizational unit (OU) named Clients.
The network contains two Windows 2000 Server computers configured as domain controllers. One
Windows 2000 Server computer is configured as a file server. The network also contains 1,500 Windows
2000 Professional client computers.
You use a Group Policy object (GPO) named SPDeploy to deploy a new service pack. SPDeploy is linked
to the Clients OU. All client computers receive the new service pack.
One network user reports problems after the installation of the new service pack. You discover that this
user’s computer has hardware that is incompatible with the new service pack. No other users on the
network are experiencing difficulty.
You must remove the service pack from this user’s computer but ensure that it remains on the other
computers. What should you do?
A. Remove the service pack from the user’s computer by using Add/Remove Programs . Configure the
DACL on SPDeploy to grant the user account Read and Apply Group Policy permissions.
B. Remove the service pack from the user’s computer by using Add/Remove Programs . Configure the
DACL on SPDeploy to deny the user account Read and Apply Group Policy permissions.
C. Create an OU named NoSP subordinate to the domain. Move the problem user’s computer account into
the NoSP OU. Remove the service pack from that user’s computer by using Add/Remove Programs .
D. Create an OU named NoSP subordinate to the Clients OU. Move the problem user’s computer account
into the NoSP OU. Remove the service pack from that user’s computer by using Add/Remove Programs .
Answer: C
8. You are the network administrator for your company. The network consists of a Windows 2000 Active
Directory domain. The domain contains Windows 2000 Server computers and Windows 2000 Professional
client computers.
You regularly check the hotfix status of computers on the network. For a Windows 2000 Server computer
named ServerA, several error messages appear that report checksum differences in third-party device
driver files. However, the versions of the device driver files on ServerA are the same. You suspect that a
malicious administrator has replaced some of the device driver files on ServerA.
You want to find out whether the files described in the error messages are the original Microsoft files. What
should you do?
A. Run the sfc.exe command to check the files.
B. Run the sigverif.exe command to check the files.
C. Use Device Manager to scan for hardware changes.
D. Configure the driver-signing options to prevent installation of unsigned files.
Answer: B
9. You are the network administrator for your company. The network consists of a Windows 2000 Active
Directory domain.
Your company purchases 50 new client computers each month. These computers come installed with
Windows 2000 Professional. You add the computers to the domain as soon as they arrive and place their
computer accounts in an organizational unit (OU) named Desktops.
You want to ensure that all new computers receive the latest service pack as soon as possible. You want to
accomplish this task by using the least amount of administrative effort required to install service packs on
new computers each month.
What should you do?
A. Install Critical Update Notification on each computer.
B. Create a Group Policy object (GPO) and link it to the Desktops OU. Configure the GPO to assign the
latest service pack to computers.
C. For each new service pack, run its update.exe command on each domain controller.
D. For each new service pack, copy its files to a shared folder. On each new computer, connect to the
shared folder and run the update.exe command.
Answer: B
10. You are a network administrator for a branch office of your company. You are responsible for 200
Windows 2000 Professional computers and one Windows 2000 Server computer that functions as a file
server. The systems you administer are configured for a single internal IP subnet.
None of these computers has access to the Internet. Management has mandated that remote networks,
including your branch office, should not be exposed to the Internet.
You must verify that the latest hotfixes and service packs are applied to the computers in your branch office.
What should you do?
A. Run the netdiag /v command on the first domain controller installed on your domain.
B. Install a modem on the Windows 2000 Server. Implement Internet Connection Sharing. Use Windows
Update to perform the updates.
C. Download the latest XML security update database from Microsoft on a computer that has Internet
access. Copy the database to a share on the local network. Use hfnetchk with the XML security database to
check service packs and hotfixes on your local segment.
D. Install a second Ethernet adapter on the Windows 2000 Server computer. Use the second adapter to
connect to a network segment that has an Internet connection. Configure Network Address Translation
(NAT) on the Windows 2000 Server computer. Use Windows Update to keep all the computers updated.
Answer: C