70-270 TextbookAnswers

CHAPTER 1 ANSWERS:
INTRODUCING WINDOWS XP PROFESSIONAL
CHAPTER 1

CHAPTER REVIEW QUESTIONS
1. Which feature of Windows XP Professional allows you to prevent people who gain access to a computers files from reading the contents of the files? (Choose all that apply.) a. Windows Firewall b. Encrypting File System (EFS) c. Group Policy d. Local Security Policy
ANSWER
b. The Encrypting File System encrypts data files, preventing them from being read by anyone except the owner of the file or an administrator. Windows Firewall protects a computer from attacks from the Internet. Group Policy and Local Security Policy are means of controlling the configuration of a Windows XP computer. 2. Which feature of Windows XP Professional allows you to recover from installing the incorrect driver for a device? (Choose all that apply.) a. Driver Signing b. Driver Rollback c. Plug and Play d. Windows Hardware Quality Laboratory (WHQL)
ANSWER
b. Driver Rollback allows the user to roll back the last driver installed for a device to the previous version that was installed. Driver Signing allows the user to verify that the driver being installed has been certified by the Windows Hardware Quality Laboratory (WHQL). Plug and Play is a hardware management technology designed to ease installation of hardware devices.
CHAPTER 1 ANSWERS
3. Which feature in Help and Support allows a user to receive help from another user over a network connection? (Choose all that apply.) a. System Restore b. Microsoft Incident Submission c. Remote Assistance d. Remote Desktop
ANSWER
c. Remote Assistance allows one user to invite another to help her. The user providing assistance can view or control the requesting users session across a network connection. System Restore restores a system to a previous configuration state. Microsoft Incident Submission initiates support calls with Microsofts Product Support Services. Remote Desktop allows remote control of a computer but does not allow the user logged on locally to the computer to see the screens viewed by the remote user. 4. Which of the following statements best describes Windows Firewall? (Choose all that apply.) a. Windows Firewall prevents unauthorized users from accessing system files. b. Windows Firewall protects a computer from high temperatures by shutting it down when it gets too warm. c. Windows Firewall protects a computer from attacks by malicious users or programs on the Internet. d. Windows Firewall encrypts data files on a computers disk drives.
ANSWER
c. Windows Firewall protects a computer from attacks by malicious users or programs on the Internet.
CHAPTER 1 ANSWERS:
5. Which of the following scenarios depict a workgroup network? (Choose all that apply.) a. A small collection of computers that share files with each other. Each computer has a list of authorized users. b. A large corporate network with hundreds of computers and a central accounts database. c. One computer connected to the Internet via modem. d. A laptop on the hood of a car on a construction site.
ANSWER
a. A workgroup is a small network in which all computers maintain their own access control lists in their local accounts database. A large corporate network is most likely a domain. A single computer connected to the Internet or not connected to a network would be a standalone computer.
CASE SCENARIOS
Scenario 1.1: Securing Data
You have been hired by a large pharmaceutical company to support its research department. Many of the users in the department use laptop computers and travel extensively. The company wants to prevent unauthorized access to the contents of the disk on each laptop and is concerned about what will happen to the companys trade secrets if a laptop is stolen. What feature of Windows XP helps you address these two concerns? 1. Encrypting File System (EFS) 2. Remote Assistance 3. User accounts 4. Windows Firewall
ANSWER
1. The EFS encrypts files on disk. This prevents anyone who steals the laptop from gaining access to the contents of the files.
CHAPTER 1 ANSWERS
Scenario 1.2: Assisting Remote Users

Your boss is staying in a hotel while at a conference. He is logged on to your domain over an Internet connection and is having a problem with his e-mail configuration. You have tried to visualize the error message he is describing, but it would be much simpler to troubleshoot the problem if you could just see his screen. How can you get a view of his screen to help him troubleshoot his problem?
ANSWER
By using Remote Assistance from Help and Support, he can send you a request for assistance. You can then view his screen and even take control, if necessary.
CHAPTER 2 ANSWERS:
INSTALLING WINDOWS XP PROFESSIONAL
CHAPTER 2

REVIEW QUESTIONS
1. List the client requirements for using Remote Installation Services (RIS), and explain why they are important.
ANSWER
Answers will vary, but they should include PC98 or NetPC compliance, PXE BIOS compliance, and a supported network adapter or remote boot disk. All these requirements make it possible to boot from a remote system across the network and perform a Windows XP installation using the facilities of a RIS server. 2. Which of the following statements about file systems are correct? (Choose all that apply.) a. File- and folder-level security are available only with NTFS. b. Disk compression is available with FAT, FAT32, and NTFS. c. Dual-booting between Windows 98 and Windows XP Professional is available only with NTFS. d. Encryption is available only with NTFS.
ANSWER
a and d. NTFS is the only file system listed that supports file- and folderlevel security as well as encryption. Compression is also available with NTFS, but not with FAT or FAT32. Dual booting Windows 98 and Windows XP requires use of the FAT or FAT32 file system.
CHAPTER 2 ANSWERS
3. Which of the following statements about joining a workgroup or a domain are correct? (Choose all that apply.) a. You can add your computer to a workgroup or a domain only during installation. b. If you add your computer to a workgroup during installation, you can join the computer to a domain later. c. If you add your computer to a domain during installation, you can join the computer to a workgroup later. d. You cannot add your computer to a workgroup or a domain during installation.
ANSWER
b and c. Regardless of the initial membership, you can change a Windows XP Professional computer from workgroup to domain membership and back after installation. 4. Which of the following configurations can you change after installing Windows XP Professional? (Choose all that apply.) a. Language b. Locale c. Keyboard settings d. All of the above
ANSWER
d. All of the listed settings can be changed at any time. 5. Describe how the /unattend and /UDF command-line switches for Winnt32.exe work together to automate an installation.
ANSWER
The /unattend switch specifies an unattended installation answer file that contains answers to installation dialog boxes and settings for many computers. The /UDF switch specifies a Uniqueness Database File that contains answers to setup questions that are unique to the individual system being installed. The individual systems settings are selected within the file by using an index value that is also part of the /UDF syntax.
CHAPTER 2 ANSWERS:
6. Which of the following operating systems can be upgraded directly to Windows XP Professional? (Choose all that apply.) a. Windows NT Workstation 4 b. Windows NT 3.51 c. Windows 2000 Professional d. Windows NT Server 4
ANSWER
a and c. Windows NT 3.51 must be upgraded to Windows NT Workstation 4 before upgrading to Windows XP Professional. Server operating systems are not eligible to upgrade to Windows XP Professional. 7. Automatic Updates are used to apply which of the following types of updates? a. Optional Hardware Updates b. Optional Software Updates c. High Priority Updates d. Application Updates
ANSWER
c. Automatic Updates apply only High Priority Updates to a configured system. The rest are available via Windows Update. 8. If you encounter an error during setup, which of the following log files should you check, and why? (Choose all that apply.) a. Setuperr.log b. W3svc.log c. Setup.log d. Setupact.log
ANSWER
Answer: a, c, and d. Setuperr.log contains the error messages encountered during setup. Setup.log maintains information to be used by the Recovery console, and Setupact.log tracks the progress of the installation All are useful in troubleshooting setup problems. W3svc is the Windows Web server; its logs would not be helpful for troubleshooting setup issues.
CHAPTER 2 ANSWERS
CASE SCENARIOS
Scenario 2-1: Dual-Booting
1. Which of the following file systems can you use for the system partition of this computer? a. CDFS b. NTFS c. FAT32 d. UFS
ANSWER
You can use b and c to support both systems. CDFS and UFS are CD-ROM and CD-R/DVD formats. 2. Which file system is the best choice for a secure installation? a. CDFS b. NTFS c. FAT32 d. UFS
ANSWER
b. FAT32 and NTFS support booting both operating systems, but only NTFS offers features such as file- and folder-level security, compression, and encryption. CDFS and UFS are optical media formats and are not supported for booting from hard disk drives.
Scenario 2-2: Automatic Updates

You are setting up Automatic Updates for a computer that will run unattended for long periods of time. You are concerned that no users will be around to manually install updates. Which of the available options for applying automatic updates is the best choice for this scenario, and how can you manage the application of service packs to this system?
ANSWER
It is best in this scenario to automatically apply updates to ensure that they happen without requiring user interaction. You can set up this process to install updates at a scheduled time. To install service packs, you would have to have an operator visit the computer with a service pack CD-ROM or download a service pack from the Microsoft Web site. Service pack installation cannot be performed through Automatic Updates.
CHAPTER 3 ANSWERS:
MANAGING DISKS AND FILE SYSTEMS
CHAPTER 3

REVIEW QUESTIONS
1. Which of the following statements are true for a disk that uses dynamic storage? (Choose all correct answers.) a. The system partition for Windows NT is never on a dynamic disk. b. A dynamic disk can be partitioned into four primary partitions or three primary partitions and one extended partition. c. The Convert command allows you to convert a basic disk into a dynamic disk. d. A dynamic disk has a single partition that includes the entire disk.
ANSWER
a and d. Windows NT does not support dynamic disks. Only Windows 2000, Windows XP, and Windows Server 2003 support dynamic disks. A dynamic disk is formatted into a single partition that fills the disk. After that, it might be allocated into volumes. Basic disks are capable of supporting only four primary partitions (or three primary and one extended partition).The Convert command is used to convert FAT to NTFS. 2. Which of the following does Windows XP Professional allow you to compress using NTFS compression? (Choose all correct answers.) a. A FAT volume b. An NTFS volume c. A bitmap stored on a floppy disk d. A folder on an NTFS volume
ANSWER
b and d. NTFS compression can be used to compress files, folders, and volumes that use the NTFS file system. FAT volumes and floppy disks cannot be compressed using NTFS compression. 3. Which of the following types of files or data are good candidates for NTFS compression? (Choose all correct answers.)
10
CHAPTER 3 ANSWERS
a. Encrypted data b. Frequently updated data c. Bitmaps d. Static data

ANSWER
c and d. Bitmaps contain a large amount of redundant data and are excellent candidates for compression, often compressing to 50 percent or less of their original size. Because of its less frequent use, static data is also a good candidate because it does not require as much processing as frequently used data. Encrypted data cannot be compressed with NTFS compression because the two are mutually exclusive. 4. Which of the following statements about disk quotas in Windows XP Professional is correct? a. Disk quotas track and control disk usage on a per-user, per-disk basis. b. Disk quotas track and control disk usage on a per-group, per-volume basis. c. Disk quotas track and control disk usage on a per-user, per-volume basis. d. Disk quotas track and control disk usage on a per-group, per-disk basis.
ANSWER
c. Quotas are tracked by volume, with each user having a disk space usage limit on each volume. 5. Which of the following files and folders does Windows XP Professional allow you to encrypt? (Choose all correct answers.) a. A file on an NTFS volume b. A folder on a FAT volume c. A file stored on a floppy disk d. A folder on an NTFS volume
ANSWER
a and d. Encryption is available only when used with NTFS file systems. Floppy disks can be formatted only as FAT using Windows XP.
CHAPTER 3 ANSWERS:
11
6. Which of the following functions does Chkdsk perform? (Choose all correct answers.) a. Locate fragmented files and folders and arrange them contiguously. b. Locate and attempt to repair file system errors. c. Locate bad sectors and recover readable information from those bad sectors. d. Delete temporary files and offline files.
ANSWER
b and c. Chkdsk locates disk defects and repairs or moves the data. Disk Defragmenter defragments disks, and Disk Cleanup locates and deletes temporary files.
CASE SCENARIOS
Scenario 3-1: Storage Choices
You are configuring a computer that will be used as a graphics workstation. You have specified the fastest processor available, 4 GB of RAM, a top-of-the-line graphics processor, and a very fast network adapter. You are deciding what disk configuration to specify for data storage. Of the following available configurations, which offers the fastest read/write performance with this computer? a. Four disks using dynamic storage, configured as a spanned volume b. Four disks using basic storage, configured as separate volumes c. Four disks using dynamic storage, configured as a striped volume d. Four disks using dynamic storage, configured as separate volumes
ANSWER
c. Striped volumes read and write to all disks at once, effectively multiplying the throughput to the storage volume.
Scenario 3-2: Disk Quotas

You have configured a computer for your accounting department with the following settings:

Two NTFS volumes (one system, one data). Disk quotas on the data volume permit 1GB per user.
12
CHAPTER 3 ANSWERS
Users each have a personal folder for their own files, and all users share a folder for community projects.
A user reports that she cannot save a file to her disk and that she received an insufficient disk space error. She is puzzled by this because she has only 457 MB used in her My Documents folder. After investigating, you learn that she is also responsible for maintaining the community files and that several are owned by her user account. The total files under her ownership, according to the Quota Entries dialog box, is 998.57 MB. What is the best way to allow her to continue saving files on this system? a. Tell her to delete some files to make more space available. b. Increase the disk quota available to her account. c. Take ownership of some files yourself to give her more free quota space. d. Increase the disk quota available to all users of this computer.
ANSWER
b. You can modify the quota setting for an individual without affecting the setting for the other users. Deleting files might not be an option for her, and taking ownership yourself would limit the free space you have available for your files. Increasing the quota for all users might create free space issues on this computer, defeating your reason for using quotas in the first place.
CHAPTER 4 ANSWERS:
MANAGING DEVICES AND PERIPHERALS
13
CHAPTER 4

REVIEW QUESTIONS
1. Which of the following settings does Windows XP configure on Plug and Play peripheral devices? (Choose all correct answers.) (knowledge application) a. IRQ b. I/O address c. voltage d. performance level
ANSWER
a and b. PnP devices can be controlled by the operating system to select IRQs and I/O port addresses. Voltage and performance levels would be configured by the motherboard, or with external configuration utilities. 2. Which of the following settings does Windows XP configure on ACPI peripheral devices? (Choose all correct answers.) a. IRQ b. I/O address c. bus type d. bandwidth
ANSWER
a and b. ACPI can control I/O addresses, and IRQ settings of compatible devices.
14
CHAPTER 4 ANSWERS
3. To make full use of a second CPU, an application must support __________ operation. (knowledge demonstration)
ANSWER
multi-threaded 4. Device drivers that are tested and accepted by the Microsoft Hardware Quality Laboratory (WHQL) are digitally __________. (knowledge demonstration) a. approved b. accepted c. signed d. encrypted
ANSWER
c. WHQL digitally signs drivers that are tested and found to be compatible with Windows XP. 5. Which of the following technologies do you use to block the installation of unsigned device drivers? (knowledge application) a. File Signature Verification b. Driver signing c. System File Checker d. Sigverif
ANSWER
b. The remaining three tools are used to control and verify critical operating system files.
CHAPTER 4 ANSWERS:
15
CASE SCENARIOS
Scenario 4-1: Managing a Hardware Upgrade
You are upgrading a graphics workstation to improve performance. You are adding a second CPU and additional memory. Which of the following choices provides for correct installation of both new components? a. Install a multiprocessor HAL for the processor, and take no action for the memory. b. Take no action for the processor or for the memory. c. Reinstall Windows XP to support the processor, and take no action for the memory. d. Take no action for the processor, and run the Add New Hardware Wizard for the memory.
ANSWER
b. Windows XP automatically detects and installs support for the additional processor. No direct action is required to use additional memory.
Scenario 4-2: Troubleshooting Problems with the HAL

You are troubleshooting a system that will not boot. The user of the system says that he replaced the ACPI HAL with a non-ACPI HAL. How do you solve this problem? a. Run System Restore to replace the original HAL b. Change the HAL back to the original c. Reinstall Windows XP d. Restore the original HAL from a backup
ANSWER
c. You cannot restore the original HAL in this scenario (failure to boot) without reinstalling Windows XP.
16
CHAPTER 5 ANSWERS
CHAPTER 5
CONFIGURING AND MANAGING THE USER EXPERIENCE

REVIEW QUESTIONS
1. A user is familiar with the layout of the Windows 2000 Start menu. How can you configure Windows XP to enable this user to be more at home in Windows XP? (Choose two answers.) a. Enable Windows 95 application compatibility mode b. Enable the Windows Classic desktop theme c. Enable the Windows Classic Start menu setting d. Enable the legacy menu setting in Windows Explorer
ANSWER
b and c. The Windows Classic theme replaces all colors, fonts, and window settings in Windows XP with the settings familiar to a Windows 2000 user. The Windows Classic Start menu emulates the Windows 2000 Start menu. Windows 95 application compatibility mode tricks Windows 95 applications into running on Windows XP. There is no legacy menu setting in Windows Explorer. 2. You are configuring multiple-monitor support on a laptop computer with a docking station. The computer has an internal AGP display adapter and a PCI display adapter in the docking station. When you dock the computer, it does not enable multiple-monitor support. How do you enable multiple monitors for this computer? a. Configure the laptops BIOS to enable the on-board display. b. Click Extend The Desktop Onto This Display on the Settings tab of the Display Properties dialog box. c. Add an additional display adapter to the docking station. d. Switch the laptop to its outboard display port.
ANSWER
c. Laptops typically disable their onboard display when they detect a display adapter in the docking station. To enable multiple monitors, install an additional display in the docking station.
CHAPTER 5 ANSWERS:
17
3. You are attempting to add an icon to the desktop for all users of a computer. How do you do this? a. Add the icon to C:\Documents and Settings\All Users\Start Menu. b. Add the icon to C:\Documents and Settings\<username>\Start Menu for each user. c. Add the icon to C:\Documents and Settings\All Users\Desktop. d. Add the icon to C:\Documents and Settings\<username>\Desktop for each user.
ANSWER
c. The All Users folder contains profile settings that apply to all users of a computer. 4. You have sustained an injury to your right arm, which will be in a sling for a time. How can you perform keystroke combinations such as CTRL+ALT+DEL without the use of your right hand a. Enable FilterKeys b. Enable MouseKeys c. Enable OptionKeys d. Enable StickyKeys
ANSWER
d. Sticky Keys allows you to use keystroke combinations such as CTRL+ALT+DEL by pressing each key in sequence.
18
CHAPTER 5 ANSWERS
5. You are attempting to configure Advanced Power Management settings on your computer, but you cannot locate the Configuration tab. What is the problem? a. You must log on as Administrator. b. APM is not enabled. On the View tab of the Folder Options dialog box (available from the Tools menu in Windows Explorer), select the checkbox next to Enable APM Configuration Settings. c. You are looking in the wrong place. Locate the Advanced Power Management icon in Control Panel. d. Your system may support Advanced Configuration and Power Interface (ACPI). Check to see whether your system supports ACPI.
ANSWER
d. If a system supports ACPI, the option to configure Advanced Power Management is not available. 6. You are configuring a system for a bilingual text newsletter, which is published in English and Punjabi (an Indic language). How do you enable these two languages to be used? (Choose all correct answers.) a. In the Text Services And Input Languages dialog box, add Punjabi. b. In the Regional And Language Options dialog box, select English. c. On the Languages tab of the Regional And Language Options dialog box, select the Install Files For Complex Script And RightTo-Left Languages (Including Thai) check box. d. On the Languages tab of the Regional And Language Options dialog box, select the Install Files For East Asian Languages check box.
ANSWER
a, b, and c. To enable Punjabi, you must first install complex script language support. Then you can select English as the default language and add Punjabi as an alternate language. East Asian support is required only for East Asian languages.
CHAPTER 5 ANSWERS:
19
CASE SCENARIOS
Scenario 5-1: Time for Hibernation
You are configuring a computer to hibernate when it has been idle for an extended period of time. The computer has the following features and statistics:

Supports Advanced Configuration and Power Interface (ACPI) 768 MB of free disk space Windows XP Professional with Service Pack 2 Uninterruptible power supply with capacity to operate computer for 25 minutes 1 GB of physical RAM
Can this computer be configured to hibernate? If not, how can you enable it to hibernate?
ANSWER
This computer cannot be configured to hibernate in its current condition. To enable hibernation, you must free enough disk space to contain the contents of the physical RAM (at least 1 GB).
Scenario 5-2: Power Problems

A user is attempting to connect the signal cable from a new uninterruptible power supply to a computer that was previously connected to a UPS. He reports that the computer immediately initiates a shutdown whenever the cable is connected. What is most likely causing this behavior? How can you configure Windows XP to eliminate this problem?
ANSWER
The problem is most likely occurring because the previous UPS had different signal characteristics. It might have been configured for positive signaling while the new UPS is configured for negative. This would signal to Windows XP that the UPS is experiencing a power failure, which leads Windows XP to initiate a shutdown. To correct this, examine the UPS interface instructions to determine the proper signal characteristics to use in configuring Windows XP.
20
CHAPTER 6 ANSWERS
CHAPTER 6
CONFIGURING AND MANAGING PRINTERS AND FAX DEVICES

REVIEW QUESTIONS
1. To have a print server on your network, do you have to have a computer running one of the Windows Server products? Why?
ANSWER
You do not have to have a Windows Server product to operate a print server. Windows XP Professional supports up to 10 concurrent printing sessions when acting in the role of print server. 2. Windows XP Professional printing supports which of the following types of computers? (Choose all correct answers.) a. Macintosh computers b. UNIX computers c. NetWare clients d. Windows 98 computers
ANSWER
b and d. Windows 98 computers can print to Windows XP print servers natively. UNIX and Linux clients can connect using LPR if Print Services for UNIX is installed on the print server. 3. Which of the following operating systems running on a client computer allow you to connect to a network printer by using Active Directory search capabilities? (Choose all correct answers.)) a. Windows Server 2003 b. Windows Me c. Windows NT 4 d. Windows XP Professional
ANSWER
a and d. Windows 2000 and later operating systems include the ability to search Active Directory for printers.
CHAPTER 6 ANSWERS:
CONFIGURING AND MANAGING PRINTERS AND FAX DEVICES
21
4. Which of the following tabs do you use to assign printer permissions to users and groups? a. Security tab of the Properties dialog box for the printer b. Security tab of the Properties dialog box for the user or group c. Permissions tab of the Properties dialog box for the printer d. Permissions tab of the Properties dialog box for the user or group
ANSWER
a. The Security tab of the printers Properties dialog box manages the permission settings for the printer. 5. If a printer has multiple trays that regularly hold different paper sizes, how do you assign a form to a paper tray?
ANSWER
On the Device Settings tab, you can select paper sizes for each paper tray on the printer. 6. Briefly describe how to enable Internet printing on a print server.
ANSWER
You can install Internet Information Services (IIS) on a Windows Server 2003 or Windows XP Professional print server to enable Internet printing on the print server. Windows 2000 Server installs IIS and Internet Printing by default.
22
CHAPTER 6 ANSWERS
CASE SCENARIOS
Scenario 6-1: Printing in a Small Office
You are the system administrator in a small architectural drafting office that uses four UNIX and six Windows XP Professional workstations. You are asked to establish printing to two wide-format plotters from all systems. The plotters do not have any network connectivity, but you have print drivers for both Windows XP and UNIX. What is the best way to establish printing in this scenario?
ANSWER
Install the plotters on one or two of the Windows XP Professional workstations. Install Print Services for UNIX on the print servers. Configure the LPR clients of the UNIX systems to use the Windows XP print servers, and install the UNIX drivers on each UNIX workstation. On each Windows XP Professional workstation, use the Add Printers Wizard to add the plotters to the Printers And Faxes folder.
Scenario 6-2: Printer Wars

You are the network analyst for a trading office. The office has only one printer. Users are complaining to you about printing conflicts. The traders need their print jobs printed immediately, but these jobs often wait behind large reports being printed by the accountants. The office staff and accountants also need to print e-mails and spreadsheets, but these are not urgent jobs. Using a combination of printing schedules, printer priorities, and permissions, how can you make everyone happy?
ANSWER
Install one printer on the print server, and set the priority to 99 for the traders. Set the printers permissions so only the traders have permission to print to this printer. Install another printer for the accountants for report printing. Set a schedule on this printer to print the accountants reports after office hours. You can leave permissions open on this printer because this printer does not affect normal operations. Install one last printer for general office use. Leave permissions open so everyone can use it, but set the priority to 1 to allow the traders jobs to print first.
CHAPTER 7 ANSWERS:
CONFIGURING AND MANAGING NTFS SECURITY
23
CHAPTER 7

REVIEW QUESTIONS
1. Which of the following statements correctly describe NTFS file and folder permissions? (Choose all correct answers.) a. NTFS security is effective only when a user gains access to the file or folder over the network. b. NTFS security is effective when a user gains access to the file or folder on the local computer. c. NTFS permissions specify which users and groups can gain access to files and folders and what they can do with the contents of the file or folder. d. NTFS permissions can be used on all file systems available with Windows XP Professional.
ANSWER
b and c. NTFS security is effective at all times for data stored on an NTFS volume. It controls which users can access objects and what operations they can perform on the objects. 2. Which of the following NTFS folder permissions allows you to delete the folder? a. Read b. Read & Execute c. Modify d. Change
ANSWER
c. Only the Modify and Full Control permissions include the Delete special permission. 3. Which of the following users can assign permissions to user accounts and groups? (Choose all correct answers.) a. Administrators b. Power Users c. Users with the Full Control permission d. Owners of files and folders
24
CHAPTER 7 ANSWERS
ANSWER
a, c, and d. Members of the Power Users security group have permission to install programs and do other administrative tasks, but they cannot assign permissions unless they have been given the Full Control standard permission or the Change Permissions special permission. 4. What is an access control list (ACL) and what is the difference between an ACL and an access control entry (ACE)?
ANSWER
An access control list is the part of an objects security descriptor that grants or denies specific users and groups permission to access the object. The access control entry is the entry in the ACL that grants or denies permission to the user or group. 5. What are a users effective permissions for a resource?
ANSWER
A users effective permissions are the most lenient of all the permissions the user has, based on membership in groups that have been granted permission unless one of the groups has been denied permission, which would override all other permissions that have been granted. 6. By default, what inherits the permissions that you assign to the parent folder?
ANSWER
All files, folders, and subfolders within the parent folder. 7. Which of the following tabs of the Properties dialog box for the file or folder do you use to assign or modify NTFS permissions for a file or a folder? a. Advanced b. Permissions c. Security d. General
ANSWER
c. The Security tab is used to manage standard NTFS permissions for users and groups.
CHAPTER 7 ANSWERS:
25
8. Which of the following statements about copying a file or folder are correct? (Choose all correct answers.) a. When you copy a file from one folder to another folder on the same volume, the permissions on the file do not change. b. When you copy a file from a folder on an NTFS volume to a folder on a FAT volume, the permissions on the file do not change. c. When you copy a file from a folder on an NTFS volume to a folder on another NTFS volume, the permissions on the file match those of the destination folder. d. When you copy a file from a folder on an NTFS volume to a folder on a FAT volume, the permissions are lost.
ANSWER
c and d. A copy operation always results in the files being assigned the permissions of the destination, even when the destination does not support permission assignment (FAT). 9. Which of the following statements about moving a file or folder are correct? (Choose all correct answers.) a. When you move a file from one folder to another folder on the same volume, the permissions on the file do not change. b. When you move a file from a folder on an NTFS volume to a folder on a FAT volume, the permissions on the file do not change. c. When you move a file from a folder on an NTFS volume to a folder on another NTFS volume, the permissions on the file match those of the destination folder. d. When you move a file from a folder on an NTFS volume to a folder on the same volume, the permissions on the file match those of the destination folder.
ANSWER
a and c. A move within a volume is the only operation that retains the original permissions. A file or folder that is moved to another volume adopts the destinations permissions, and a move to FAT results in permissions being lost.
26
CHAPTER 7 ANSWERS
10. You are attempting to copy a large number of files from one NTFS volume to another and want to avoid having to re-create all the original permissions once the copy operation is completed. How can you accomplish this with minimal effort?
ANSWER
It is possible to record the permissions and reassign them with CACLS or to modify the registry to force ACLs to be copied, but the simplest way to copy the permissions is by using Xcopy.exe with the /O or the /X switch to copy the files. This copies the files ACLs as well.
CASE SCENARIOS
Scenario 7-1: Permission Soup
You are designing NTFS security for a system that will store public data and applications for users to share. Users will access all files locally from the system you are configuring. You have been presented with the following requirements:
Create a place for all users to place public files. They should be able to add files and maintain their own files, but they should not be able to do more than read any other users files. Set up a place for users from the HR department to place personnel policies. Only HR personnel should be able to modify these files, but all users should be able to read them. Provide a place for executable application files for users from the Accounting department. Only users from Accounting should be able to see these files. Create a folder for personnel reviews. Only managers should be able to access this folder, and each manager should be able to create and modify her own files only. Besides the manager who creates each file, only HR personnel should be able to read these files, and administrators should not have access to any of these files. In addition, provide a way for managers to know if an administrator has accessed any file in this folder.
Answer the following questions about this scenario: 1. What user groups should be defined to support this scenario?
ANSWER
Answers can vary, but you will need at least a group for all users (Everyone or Users will do) and groups for HR, Accounting, and Managers.
CHAPTER 7 ANSWERS:
27
2. What folders should you create to support this scenario?

ANSWER
A folder for public files, one for policies, an application folder, and one for reviews. 3. Which NTFS standard permissions should you give to the Users group for the Public folder? How can you ensure that the creators of files can modify and delete them?
ANSWER
You should give to the Users group Read and Write permissions for the Public folder. If you give the CREATOR OWNER group Full Control, the creators of the files will have control of them. 4. What permissions should the HR users have for the personnel policy files? Where should this permission be assigned?
ANSWER
HR can be given Modify permission to the policy files, not Full Control (remember the principle of least privilege?). This permission should be placed on the policy folder itself. 5. How do you ensure that only Accounting has permission to access the accounting applications?
ANSWER
Grant Read and Execute permissions to the Accounting group on the application files folder. 6. Detail the steps to take to secure the personnel review folders. How will you report on access to any of these files by administrators?
ANSWER
Remove all inherited permissions, assign Managers the Write permission, assign CREATOR OWNER Full Control, and assign HR Read permission. Enable auditing on the folder, and monitor the system security log for permission changes, take ownership actions, and successful and failed access by administrators.
Scenario 7-2: Effective Permissions

You are newly employed by a small distillery. One of your first tasks is to straighten out permission issues that have left some users unable to access files containing mash recipes. The previous administrator attempted to restrict some
28
CHAPTER 7 ANSWERS
users from accessing these recipes but ended up locking out the blending crew (group name Blenders). Answer the following questions about this scenario: 1. How can you determine what the blending crews effective permissions are? a. Use the Effective Permissions tab of the Sharing Permissions dialog box for the Mash Recipes folder. Display effective permissions for the Blenders group. b. Use the Effective Permissions tab of the Advanced Security Settings dialog box for the Mash Recipes folder. Display effective permissions for the Blenders group. c. Use the CACLS command-line program with the /E:Blenders switch to display permissions for the Mash Recipes folder. d. Use the CACLS command-line program without any switches to view all permissions for the folder. Determine the Blender groups permissions by combining the permissions for all groups they belong to.
ANSWER
b and d. The Effective Permissions tab is the simplest way to determine what the Blender groups effective permissions are, but CACLS might uncover a stray Deny permission that isnt shown on the Effective Permissions tab, which can show only allowed permissions. There is no Effective Permissions tab in the Permissions dialog box for a file share. The /E switch in CACLS does not support any parameters. 2. Which of the following CACLS command lines can you use to grant the Blenders group access to read these files? a. CACLS Mash Recipes /G Blenders:R b. CACLS Mash Recipes /E /G Blenders:R c. CACLS Mash Recipes /D Blenders d. CACLS Mash Recipes /R Blenders
ANSWER
b. By using the /E switch, you leave all other ACEs alone while granting access to Blenders. The first answer fails to preserve existing permissions, and the /D option and /R option would Deny and Revoke access to Blenders.
CHAPTER 8 ANSWERS:
CONFIGURING AND MANAGING SHARED FOLDER SECURITY
29
CHAPTER 8

REVIEW QUESTIONS
1. If you are using NTFS permissions to specify which users and groups can access files and folders and what these permissions allow users to do with the contents of the file or folder, why would you need to share a folder or use shared folder permissions?
ANSWER
Shared folders allow users to access files across a network. Shared folder permissions also offer additional control over access. Shared folders can offer different levels of access than would be available to users if they were to log on locally, or they can provide access controls where none exist locally (FAT file systems). 2. Which of the following are valid shared folder permissions? (Choose all correct answers.) a. Read b. Write c. Modify d. Full Control
ANSWER
a and d. Read, Change, and Full Control are shared folder permissions. Write and Modify are NTFS permissions. 3. _______________ (Denied/Allowed) permissions take precedence over ____________ (denied/allowed) permissions on a shared folder.
ANSWER
Denied permissions take precedence over allowed permissions on a shared folder.
30
CHAPTER 8 ANSWERS
4. When you copy a shared folder, the original folder is _______________ (no longer shared/still shared) and the copy is ____________________ (not shared/shared).
ANSWER
When you copy a shared folder, the original folder is still shared and the copy is not shared. 5. When you move a shared folder, the folder is _____________________ (no longer shared/still shared).
ANSWER
When you move a shared folder, the folder is no longer shared. 6. When you rename a shared folder, the folder is ___________________ (no longer shared/still shared).
ANSWER
When you rename a shared folder, the folder is no longer shared. 7. The system root folder, which is C:\Windows by default, is shared as ____________.
ANSWER
Admin$ 8. To assign permissions to user accounts and groups for a shared folder, which of the following tabs do you use? a. The Permissions tab of the Properties dialog box for the shared folder b. The Sharing tab of the Properties dialog box for the shared folder c. The General tab of the Properties dialog box for the shared folder d. The Security tab of the Properties dialog box for the shared folder
ANSWER
b. You use the Sharing tab to control the sharing and shared folder permissions for a shared folder.
CHAPTER 8 ANSWERS:
31
9. By default, how much of the available disk space is allocated for the cache for making shared folders available offline? a. 20 percent b. 15 percent c. 10 percent d. 5 percent
ANSWER
c. The default cache size is 10 percent of the available disk space. 10. Which of the following statements about combining shared folder permissions and NTFS permissions are true? (Choose all correct answers.) a. You can use shared folder permissions on all shared folders. b. The Change shared folder permission is more restrictive than the Read NTFS permission. c. You can use NTFS permissions on all shared folders. d. The Read NTFS permission is more restrictive than the Change shared folder permission.
ANSWER
a and d. NTFS Read is more restrictive than the shared folder Change permission. NTFS permissions are not always used because some shared folders are on FAT volumes. 11. Which of the following statements about shared folder permissions and NTFS permissions are true? (Choose all correct answers.) a. NTFS permissions apply only when the resource is accessed over the network. b. NTFS permissions apply whether the resource is accessed locally or over the network. c. Shared folder permissions apply only when the resource is accessed over the network. d. Shared folder permissions apply whether the resource is accessed locally or over the network.
ANSWER
b and c. NTFS permissions always apply; shared folder permissions apply only when you access the folder across a network connection.
32
CHAPTER 8 ANSWERS
12. How do you determine which users have a connection to open files on a computer and which files they have a connection to?
ANSWER
By using the Open Files folder under the Shared Folders snap-in in Computer Management. 13. How can you disconnect a specific user from a file?
ANSWER
Right-click the open file under Open Files in the Shared Folders snap-in in Computer Management, and select Close Open File. 14. Which of the following statements are true about Web folders? (Choose all correct answers.) a. Web folders are designed to allow Internet file sharing. b. Web folders work with all browsers. c. Web folders use the FTP protocol to transfer files. d. Web folders use WebDAV to transfer files.
ANSWER
a and d. Web folders do not yet work with all browsers. They do not use FTP to transfer files.
CASE SCENARIOS
Scenario 8-1: Shared Folder Tree
You are designing security for a small office workgroup network. You have decided to create a tree for data folders for all the departments in the office. The departments (and the folders you will create) are: Accounting, Operations, Manufacturing, and Facilities. Answer the following questions about the configuration of these folders: 1. To allow each department to have access only to its own folder but to promote ease of administration for you, how should you arrange these folders?
ANSWER
The best arrangement for these folders is to place them in another folder, possibly named Data. By giving yourself permissions to Data, you can access all folders. Assign each department permission only to its own folder.
CHAPTER 8 ANSWERS:
33
2. The operations department wants to allow all others to read their files but not modify them. How can you assign permissions to the Accounting folder to enable this?
ANSWER
You can assign Read permission to the Authenticated Users group or the Users group for the Accounting folder. You can then assign Change or Full Control to the accounting department to enable them to maintain their documents. Their effective permission will be the more lenient of the two. 3. If you have Full Control permission to the folder containing all the department folders, what is your permission to the Accounting folder?
ANSWER
If you access the Accounting folder directly, you have only Read permission. If you access it via the parent folder, you have Full Control.
Scenario 8-2: Command-Line Nirvana

You are the administrator of a large network in a law office. Your office has just joined with a larger law group, and you need to set up access to allow attorneys from the other group to access your firms files. Your boss doesnt want to give them full access to all files just yet and has asked you to give them only the ability to read files for now. You are creating a group of folders for users, and you want to automate folder creation by using the NET SHARE command. Answer the following questions about this scenario: 1. You are sharing the Pending Briefs folder, which is located at D:\PendingBriefs. What NET SHARE command should you use? a. NET SHARE Briefs=D:\Data\PendingBriefs /REMARK: Pending Briefs b. NET SHARE Briefs /DELETE c. NET SHARE D:\Data\PendingBriefs=Briefs /REMARK: Pending Briefs d. NET SHARE Briefs=\\Server\PendingBriefs /REMARK: Pending Briefs
ANSWER
a. The other options either delete a share called Briefs or use improper syntax to share the folder.
34
CHAPTER 8 ANSWERS
2. After you share the Pending Briefs folder, what is the permission for attorneys from the larger office?
ANSWER
The default shared folder permission is Everyone:Read, so the attorneys (and others) in the larger office have Read permission to the files. Consider changing permissions to Users:Read or Authenticated Users:Read and removing the Everyone group for better access control. 3. After some time, you boss decides that the other attorneys can be trusted and should have greater access to the files in the Pending Briefs folder. He wants them to be able to modify documents there but not delete them. How can you implement this?
ANSWER
With shared folder permissions alone, you cannot grant the other attorneys permission to change documents while restricting their ability to delete them. You must also use NTFS permissions to accomplish this. Set the shared folder permission to Change, and set NTFS permission on the folder to Modify. Then, using NTFS special permissions, deny the larger office group the Delete NTFS special permission.
CHAPTER 9 ANSWERS:
SUPPORTING APPLICATIONS IN WINDOWS XP PROFESSIONAL
35
CHAPTER 9

REVIEW QUESTIONS
1. You are installing an application that should be available to specific users wherever they use a computer. The application should be installed when they execute it for the first time or open an associated application. You are planning to implement a software installation policy, and you have placed the users into an organizational unit. What method of software policy implementation should you use to ensure that only the users in this OU receive the application? a. Assign the software to the users in the OU b. Publish the software to the users in the OU c. Assign the software to the computers in the OU d. Publish the software to the computers in the OU
ANSWER
a. If you assign the application to the users, they will receive an icon to execute the application and it will be installed at the first use. It can also be installed when they open an associated application. Publishing the application to the users would advertise it in Add/Remove Programs but it would not be readily apparent to the users. Assigning the application to computers would make it available to all users of that system. Applications cannot be published to computers. 2. You are distributing an application to all computers in your organization. You want to install it with different settings for one department in your home office. How can you configure software installation Group Policy settings to accomplish this? a. Create an OU for users requiring the special settings. Create a transform for the special settings. Assign the Windows Installer package to the users in the domain. Assign the package, along with the transform for the special settings, to users in the special settings OU. b. Create an OU for users requiring the special settings. Create two Windows Installer packages to support the different settings. Assign the default package to the domain users, and assign the other to the users in the special settings OU.
36
CHAPTER 9 ANSWERS
c. Create an OU for users requiring the special settings. Assign the applications Windows Installer package to the computers in the domain. Create a transform for the special settings, and assign it to the users in the special settings OU. d. Create a transform for the special settings. Assign the Windows Installer package to the computers in the domain. Instruct the users who require special settings in how to reinstall the application with the special settings transform.
ANSWER
a. By assigning the package to users, you ensure that they will receive only the package you have assigned. Users in the special settings OU will be specifically associated with the special settings policy. Two packages are not necessary. A transform cannot be assigned without being attached to a Windows Installer package. Manually reinstalling the application would be too labor intensive. 3. Which of the following Msiexec.exe commands would uninstall the program.msi package? a. msiexec /r program.msi b. msiexec /x program.msi c. msiexec /i program.msi d. msiexec /f program.msi
ANSWER
b. The /x switch uninstalls the specified package. 4. You are purchasing a new accounting application for your small business. You want to make sure the application is compatible with Windows XP. Which of the following compatibility logos would you look for? a. Designed for Windows 98 b. Designed for Windows XP c. Compatible with Windows XP d. Designed for Windows Server 2003
ANSWER
b. Designed for Windows XP is the most compatible logo on the list. Designed for Windows 98 might have legacy compatibility issues. Compatible with Windows XP will function but might not be completely compatible. Designed for Windows Server 2003 might take advantages of technologies not available in Windows XP.
CHAPTER 9 ANSWERS:
37
5. You are configuring a legacy business application to run on Windows XP. It presents several errors on startup, and you have tried several compatibility modes in your attempt to find a solution. Windows 95 mode works best but still has a few issues. The manufacturer has gone out of business, and you cannot find any other information about compatibility upgrades. Which of the following tools might help you? a. Compatibility Analyzer b. Program Compatibility Wizard c. Compatibility Administrator d. Msiexec.exe
ANSWER
c. The Compatibility Administrator tool can apply the end-user compatibility modes and add other compatibility fixes. Users can then test the resulting mode using the tool. The Compatibility Analyzer looks for known application compatibility issues but does not fix any applications. The Program Compatibility Wizard can apply only the end-user compatibility modes. Msiexec is the Windows Installer executable and does not manage application compatibility.
CASE SCENARIOS
Scenario 9-1: Windows Installer
You are planning the implementation of a complex business application to systems in a mid-size company. The application supports Microsoft Installer technology and is packaged into a single .msi file. All users of the application will use the applications default settings, but some will make use of features that other users will not need. The business owner has asked you to install the application so that users have only the features of the application they require. The users have been grouped into three groups based on the functionality they require. The groups are Finance, Sales, and Production. You know you can perform a custom installation from CD-ROM, but you want to automate the installations in the interest of time and consistency. You discover a list of available installer transforms for different configurations. You select three that seem like a good fit for users in the organization: Accounting.mst, Salesforce.mst, and Manufacturing.mst.
38
CHAPTER 9 ANSWERS
Answer the following questions about this scenario: 1. If the users are maintained in an Active Directory domain environment, how do you automate the installation of the application to the three groups of users?
ANSWER
Group the users into three organizational units (OUs) based on their role. Using Group Policy, create a software installation policy for each OU to assign the application to users and to apply the appropriate transform during installation. 2. If Active Directory isnt available, how do you automate this installation?
ANSWER
At each workstation, install the application using Msiexec with the appropriate transform (such as Msiexec /I Application.msi SalesForce.mst). 3. Which of the following Msiexec command lines installs the application for the Finance group? a. Msiexec /I Application.msi Finance.mst b. Msiexec /a Application.msi Accounting.mst c. Msiexec /x Application.msi d. Msiexec /I Application.msi Accounting.mst
ANSWER
d. The /I switch causes Msiexec to install the application. Specifying the correct transform name (Accounting.mst) instructs Msiexec to apply the customizations specified for the Finance users.
Scenario 9-2: Irreconcilable Differences?

You have been contracted by a small company to see if there is any way to make their legacy business applications work with Windows XP. They have three applications in particular that are causing trouble. After some research, you discover the following:
Application A has the Designed for Windows 98 logo and runs on Windows XP. Errors occur when you attempt to access data files, however. The manufacturer no longer produces or supports the application.
CHAPTER 9 ANSWERS:
39
Application B was written by a former employee that the business has lost contact with. When the application is executed, it returns the error This application requires Windows 95. It then terminates. Application C does not run at all. The manufacturer is still in business and has a version compatible with Windows XP. When one user attempted to install it, the installation program returned the error Unable to write to program folder.
Answer the following questions about this scenario: 1. Which of the following actions will most likely help Application A operate effectively? a. Operate the application in Windows 98compatibility mode b. Run the application as an administrator c. Remove and reinstall the application d. Change the permissions on the application data files
ANSWER
a. Windows 98compatibility mode will allow the application to run in an environment for which it was designed. This will most likely restore proper operation. 2. What is most likely the cause of Application Bs error? How can you configure Application B to operate?
ANSWER
The application is seeing the wrong operating system version. Operating the application in Windows 95compatibility mode will cause Windows XP to report Windows 95 as its operating system version when interrogated by the application. 3. What is the most likely cause of Application Cs failure during installation? How can you install this application?
ANSWER
Application C might require elevated permissions during installation to enable it to write files to certain system folders. Install the application as administrator or using an account with Administrator privileges.
40
CHAPTER 10 ANSWERS
CHAPTER 10
CONNECTING WINDOWS XP PROFESSIONAL TO A NETWORK

REVIEW QUESTIONS
1. Which of the following statements correctly describe IP? (Choose all correct answers.) a. Guarantees packet arrival and correct packet sequence b. Provides connection-oriented, reliable communication for applications that typically transfer large amounts of data at one time c. Primarily responsible for addressing and routing packets between hosts d. Provides connectionless packet delivery for all other protocols in the suite
ANSWER
c and d. IP does not guarantee communications; rather, it is responsible for addressing and routing packets. 2. The two DARPA transport layer protocols are ____________________ and __________________.
ANSWER
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) 3. Which of the following statements correctly describe TCP? (Choose all correct answers.) a. Provides connectionless communication but does not guarantee that packets will be delivered b. Provides connection-oriented, reliable communication for applications that typically transfer large amounts of data at one time c. Provides services that allow the application to bind to a particular port and IP address on a host d. Provides and assigns a sequence number to each segment of data that is transmitted
CHAPTER 10 ANSWERS:
41
ANSWER
b, c, and d. TCP is connection oriented and can provide sockets for program communication. It sequences packets and can reassemble them into guaranteed data streams. 4. Which of the following statements about IP addresses are true? (Choose all correct answers.) a. IP addresses are logical 64-bit addresses that identify a TCP/IP host. b. Each host on a TCP/IP subnet requires a unique IP address. c. 192.168.0.108 is an example of a class C IP address. d. The host ID in an IP address is always the last two octets in the address.
ANSWER
b and c. IP(v4) addresses are 32-bit binary sequences separated into four octets. Network and host IDs are derived by combining the IP address with a subnet mask, which is variable in length according to network requirements. Each host on an IP subnet must have a unique address. 192.168.1.108 is a class C IP address. 5. You are consulting for a company that wants to set up a wireless network. The company is concerned about security and has not yet purchased the equipment. Which wireless security technology would you suggest to them? a. 802.11g b. WEP c. WPA d. 802.11i
ANSWER
c and d. Because the company has not yet purchased the equipment, it should look for the superior encryption technology of 802.11i (sometimes called WPA). 802.11g does not specify an encryption standard, and WEP has been proven to be vulnerable to certain attacks. 6. Which of the following statements about obtaining an IP address automatically are true? (Choose all correct answers.) a. Windows XP Professional includes the DHCP Service.
42
CHAPTER 10 ANSWERS
b. Windows XP Professional includes an Automatic Private IP Addressing feature, which provides DHCP clients with limited network functionality if a DHCP server is unavailable during startup. c. The Internet Assigned Numbers Authority (IANA) has reserved 169.254.0.0 through 169.254.255.255 for Automatic Private IP Addressing. d. You should always disable Automatic Private IP Addressing in small workgroups.
ANSWER
b and c. Windows XP does support APIPA, and the IANA has set aside the 169.254.0 network for APIPA addresses. Windows XP does not include the DHCP Service, although some might confuse the limited addressing provided with Internet Connection Sharing with DHCP. APIPA is designed especially for small workgroups. 7. Which of the following connection types can you use to connect to a workplace network from home? (Choose all correct answers.) a. Dial-up b. Remote Desktop c. VPN d. Ethernet
ANSWER
a and c. Remote Desktop is not a connection type, and Ethernet is not typically found in workplace-to-home connections. Dial-up and VPN connectivity are most likely to be used for this type of connectivity. 8. When you manually configure a dial-up connection to an ISP, which of the following do you need to configure? (Choose all correct answers.) a. Username b. IP address c. Connection name d. Password
ANSWER
a, c, and d. The IP address is usually dynamically assigned to dial-up connections.
CHAPTER 10 ANSWERS:
43
9. Remote Desktop allows users to do which of the following tasks? (Choose all correct answers.) a. Transfer files b. Print to remote printers c. Power on a computer d. Print to local printers
ANSWER
a, b, and d. Remote Desktop cannot power on a system, but it can transfer files and print locally and remotely. 10. Remote Assistance allows users to do which of the following tasks? (Choose all correct answers.) a. Transfer files b. Print to remote printers c. Open remote documents d. Print to local printers
ANSWER
b and c. Remote assistance can do any task available to the remote system, but it cannot access local resources from the remote session.
CASE SCENARIOS
Scenario 10-1: Small Office Networking
You are hired by a small firm to help with an office network. The firm has nine computers currently on the network. The network consists of a single hub that connects all computers to each other in a single segment. One system on the network has a DSL Internet connection that it shares with the rest of the network. Answer the following questions about this scenario: 1. Does this network require a DHCP server?
ANSWER
No. APIPA is sufficient, but because the office uses ICS, the addresses are assigned by the ICS service on the Internet computer.
44
CHAPTER 10 ANSWERS
2. If you install a Network-Attached Storage (NAS) device, what IP address should you give it so other systems on the network can see it?
ANSWER
ICS is assigning addresses, so the NAS device can receive an address using its own internal DHCP client. If you prefer a fixed IP address, you can assign an address from the ICS range (192.168.0.2 through 192.168.0.254). 3. What type of logical network architecture has been implemented here? a. Workgroup b. Domain c. Wide area network (WAN) d. Local area network (LAN)
ANSWER
a. The physical layout is a LAN, but the description is typical of a workgroup logical network.
Scenario 10-2: Help!

A friend calls you one evening to ask for help with his computer. He has deleted some critical files and can no longer run his favorite video game. Answer the following questions about this scenario: 1. Which remote control technology do you use to let him show you which files he deleted?
ANSWER
Remote Assistance. Remote Assistance allows both of you to view the desktop at the same time. Remote Desktop requires him to log off to enable you to log on. 2. You determine that you need to copy some files to his system from your own. How can you accomplish this?
ANSWER
Remote Desktop can connect your local drives in the remote control session. You can then transfer files from your system to your friends system.
CHAPTER 11 ANSWERS:
CONFIGURING TCP/IP ADDRESSING AND SECURITY
45
CHAPTER 11

REVIEW QUESTIONS
1. Convert the IP address 131.107.125.234 to its binary octet values. Which of the following answers is correct? a. 01111101.11101010.10001001.1101011 b. 10000011.1101011.1111101.11101010 c. 1101011.1111101.10001001.11101010 d. 10000011.01101011.01111101.11101010
ANSWER
d. The value 10000011.01101011.01111101.11101010 is a correct conversion of 131.107.125.234 to binary octets. While b might appear to be correct, the leading zeros were removed (a function of Windows Calculator). The address is not correct without 8 digits in each octet. 2. A host with the IP address 131.107.182.12/16 is trying to communicate with a host with the address 131.107.87.18/16. Does this communication require a router? Why or why not?
ANSWER
The communication does not require a router. Even though the addresses are different in the third octet, the subnet mask defines the network ID as 131.107.0.0 for both. They are on the same network, so no router is required. 3. Which of the following subnets would you use to supernet the networks 192.168.100.0 and 192.168.101.0? a. 255.255.255.224 b. 255.255.248.0 c. 255.255.254.0 d. 255.255.0.0
ANSWER
c. By moving the default Class C subnet mask (255.255.255.0) one binary digit to the left, you can combine networks that share the same first 23 bits into supernets. The subnets 192.168.100.0 and 192.168.101.0 are identical to the 23rd binary digit, so they are now both resident on the same network.
46
CHAPTER 11 ANSWERS
4. Which of the following malware types can scan the Internet for victims? a. Virus b. Worm c. Spyware d. Trojan horse
ANSWER
b. Worms scan the Internet for systems with specific vulnerabilities. Viruses, Trojan horses, and spyware are typically found on a system after a user downloads an application, game, or utility that has been infected with the pathogen. 5. Which of the following are uses for Windows Firewall? (Choose all correct answers.) a. Protecting a system from Internet worms b. Connecting multiple systems to the Internet c. Blocking malicious connection attempts d. Preventing a virus from infecting your system
ANSWER
a and c. Windows Firewall inspects inbound packets and makes sure they are received in response to an outbound communication attempt. It also blocks unsolicited connection attempts, such as scans by Internet worms and attempts to hack a system. 6. A user wants to set up a Web server on a Windows XP Professional computer on your network. You have a Windows XP Professional system connected to the Internet that uses ICS with Windows Firewall enabled to securely share its Internet connection with the rest of the network. Which feature of Windows Firewall do you configure to allow inbound connections to that Web server while still retaining Windows Firewall security for all other communications? a. Exception b. ICMP rule c. Service entry d. Packet filter
CHAPTER 11 ANSWERS:
47
ANSWER
c. A service entry defines an inbound path to the Internet-connected system or another system in its network. When defining a service entry, you select the system on the internal network to which the inbound communications should be routed.
CASE SCENARIOS
Scenario 11-1: A Growing Enterprise
You are consulting for a company that has a growing office in your area. It has a Class C network (192.168.12.0) that is running out of addresses. The company has defined two additional Class C networks and has begun to add hosts to them. Hosts in 192.168.12.0 cannot communicate with hosts in 192.168.10.0. Answer the following questions about this scenario. 1. Why cant hosts in 192.168.12.0 communicate with hosts in 192.168.10.0?
ANSWER
If the company is still using the default Class C subnet masks, these two addresses are on separate networks. 2. Name two ways to allows hosts on 192.168.12.0 to communicate with hosts on 192.168.10.0.
ANSWER
You can install a router between the two networks to forward communications between them, or you can supernet the networks by modifying the subnet mask to combine them into one larger netblock. 3. Which method listed in the answer to question 2 is least expensive?
ANSWER
Supernetting the netblocks is less expensive than buying a router.
48
CHAPTER 11 ANSWERS
Scenario 11-2: Security on a Shoestring

You are volunteering for a charity by configuring its network and Internet operations. You have used IIS in Windows XP for the Web server and the Simple Mail Transfer Protocol (SMTP) server. You set up a computer to connect to the Internet with a DSL connection. You want to put the Web server and SMTP server on the Internet, as well as allow office users to use the Internet with Internet Explorer. Answer the following questions about this scenario. 1. How can you connect the entire office to the Internet inexpensively?
ANSWER
By using Internet Connection Sharing, you can connect the entire network to the Internet over a single connection. 2. How can you allow inbound access to the Web server and the mail server?
ANSWER
You can configure service entries for HTTP and SMTP to allow inbound connections to the systems on the internal network.
CHAPTER 12 ANSWERS:
MANAGING INTERNET EXPLORER CONNECTIONS AND SECURITY
49
CHAPTER 12

REVIEW QUESTIONS
1. When you type a URL in the Address bar of Internet Explorer, what appears in the browser is not the Web site you have entered but a search site that displays results related to the URL. You suspect that you might have contracted a malicious BHO. How can you know for sure?
ANSWER
Using Add-On Manager, you can view the installed add-ons and browser helper objects on your system. One of these is likely controlling your system. By disabling selected BHOs and add-ons and then testing the results, you can isolate the malicious BHO. 2. You are annoyed by the large number of pop-up ads on the Web sites you visit. What technology in Internet Explorer can you use to reduce or eliminate these on your system? a. Add-On Manager b. Pop-Up Blocker c. Privacy slider d. Web content zones
ANSWER
b. Pop-Up Blocker prevents most pop-up ads from appearing on your screen. 3. You are giving your computer to a relative and want to be sure you leave no obvious personal information on the system. What should you do to be sure Internet Explorer retains no personal data? (Choose all correct answers.) a. Clear browsing history b. Delete Temporary Internet Files c. Clear AutoComplete data d. Clear Recently Used Documents
50
CHAPTER 12 ANSWERS
ANSWER
a, b, and c. The browsing history, Temporary Internet Files, and AutoComplete data might contain private information. Recently Used Documents retains the names of recently used files but not privacy data for Internet Explorer. 4. You want to block all cookies that you have not personally accepted. Which privacy setting should you select to achieve this? a. Block All Cookies b. High c. Medium d. Low
ANSWER
b. High privacy blocks all cookies, both first-party and third-party, that you have not explicitly accepted. 5. You are doing research for a novel that is a computer security thriller. You need to explore some sites that you expect might harm your system. Which Internet Explorer Web content zone should you place these sites in? a. Restricted Sites b. Internet c. Trusted Sites d. Local Intranet
ANSWER
a. Sites you suspect might harm your system should be placed in the restricted Web content zone. 6. You want to access a file named review.html that is located in the Examprep folder on a server located at www.adatum.com. Which URL should you choose to access this document? a. www.adatum.com/review.html b. www.adatum.com/Examprep/review.html c. www.adatum.com/Examprep d. www.adatum.com/review
CHAPTER 12 ANSWERS:
51
ANSWER
b. The correct URL consists of the server name www.adatum.com followed by the folder name Examprep and the document name review.html.
CASE SCENARIOS
Scenario 12-1: Getting Online
You work at a small office with eight other employees, and you are exploring options for connecting the office to the Internet. The office has a local area network, and all systems are connected with static IP addresses. You have discovered a device that will provide Internet access and Web filtering. It acts as a hardware proxy server and a DHCP server, and it proxies DNS queries to an Internet DNS server. It does not support either Web Proxy Auto-Discovery (WPAD) or Service Location Protocol (SLP). Answer the following questions about this scenario. 1. Which option in the New Connection Wizard should you use to set up your Internet connection? a. Connect Using A Dial-Up Modem. b. Connect Using A Broadband Connection That Requires A User And Password. c. Connect Using A Broadband Connection That Is Always On. d. None of the above.
ANSWER
d. In the absence of Web Proxy Auto-Discovery and Service Location Protocol, proxy settings must be set up manually. 2. Which of the following options do you use to manually configure a proxy server connection for a local area network? a. On the Connections tab of the Internet Options dialog box, click LAN Settings and configure a proxy server in the Local Area Network (LAN) Settings dialog box by selecting the Automatically Detect Settings option. b. On the Connection tab of the Internet Options dialog box, select a dial-up connection and click Settings to open the Settings dialog box for the connection. Select the Automatically Detect Settings option to configure a proxy server.
52
CHAPTER 12 ANSWERS
c. On the Connections tab of the Internet Options dialog box, click LAN Settings and configure a proxy server in the Local Area Network (LAN) Settings dialog box by entering the proxy server address and assigned port number. d. On the Connection tab of the Internet Options dialog box, select a dial-up connection and click Settings to open the Settings dialog box for the connection. Configure a proxy server by entering the proxy server address and assigned port number.
ANSWER
c. By manually entering proxy server settings in the Local Area Network (LAN) Settings dialog box, you can configure Internet Explorer to connect to the proxy server in this scenario.
Scenario 12-2: Managing Internet Explorer Security and Privacy

You are representing a company that is beginning to market a new family of pharmaceutical drugs. Many aspects of your companys technology are not yet patented and must be kept out of the wrong hands. You are configuring a laptop computer for a trip to a trade show. You have enabled Encrypting File System (EFS) and have exported the recovery agents key and deleted it from the system. You have also purchased a hardware lock that requires an electronic key for removal. You are concerned that information in your browser could compromise your product line if the system fell into the wrong hands. Answer the following questions about this scenario. 1. Which of the following settings in Internet Explorer can help ensure no private data is accessible to Internet Explorer after you close the browser? (Choose all correct answers.) a. Do Not Save Encrypted Pages To Disk. b. Empty Temporary Internet Files Folder When Browser Is Closed. c. Set The Days To Keep Pages In History Settings To 0. d. Set The Default Home Page To Use Blank.
ANSWER
a, b, and c. Unless using the default home page was somehow a breach of privacy, setting Use Blank would have no material effect on your systems security or privacy.
CHAPTER 12 ANSWERS:
53
2. You are concerned about attackers penetrating your system when you use it on the trade show network. Which of the following strategies can help prevent this? (Choose all correct answers.) a. Download and install all critical updates. b. Enable Windows Firewall with no exceptions enabled. c. Disable your network connection. d. Set the security level for the Internet zone to High.
ANSWER
a and b. By maintaining updates and enabling Windows Firewall, you can increase the systems network security. Setting Internet zone security to High might protect you from hostile Web sites, but systems on the trade show network would most likely be recognized as Local Intranet zone systems. Disabling the network connection would protect you from attacks, but you would not be able to use the Internet.
54
CHAPTER 13 ANSWERS
CHAPTER 13
MANAGING USERS AND GROUPS

REVIEW QUESTIONS
1. You are configuring users and groups on a Windows XP system that is used as a file and print server. Using built-in groups, which group would you place users in to allow them to add users and install applications? a. Administrators b. Power Users c. Users d. Backup Operators
ANSWER
b. The Power Users group has permission to add users and install applications. Administrators also have this permission, but using the principle of least privilege, you should limit membership in this group to those who are responsible for system administration. 2. A user accessing files on your system across the network is a member of which implicit group(s)? (Choose all correct answers.) a. Creator Owner b. Everyone c. Interactive d. Network
ANSWER
b and d. All users accessing resources on your system are members of the Everyone group. Users accessing resources over the network are also members of the Network group. 3. Which of the following command-line commands will change Andy Ruths password? a. NET USER ARuth /Passwordchg:Brahman~234 b. NET USER ARuth Brahman~234 c. NET USER ARuth Brahman~234 /D d. NET USER /U:ARuth /P:Brahman~234
CHAPTER 13 ANSWERS:
55
ANSWER
b. NET USER ARuth Brahman~234 will change Andys password to Brahman~234. 4. Which of the following tools can you use to add, manage, and remove local user accounts in Windows XP? (Choose all correct answers.) a. Computer Management b. User Manager c. NET USER d. Active Directory Users and Computers
ANSWER
a and c. Computer Management and NET USER can add, manage, and remove user accounts in Windows XP. User Manager is a Windows NT user management tool. You use Active Directory Users and Computers to manage Active Directory domain user accounts. 5. Which of the following Net.exe commands adds the users CGarcia, RWalters, and LMather to the Finance Local Group? a. Net Group Finance CGarcia RWalters LMather /Add b. Net Localgroup Finance CGarcia RWalters LMather c. Net Group Finance CGarcia RWalters LMather d. Net Localgroup Finance CGarcia RWalters LMather /Add
ANSWER
d. Net Localgroup is the correct command. Using the /ADD option adds the appropriate users to the group. 6. Which of the following tasks can you perform with the User Accounts tool in Control Panel? (Choose all correct answers.) a. Add users b. Add groups c. Rename users d. Change users passwords
ANSWER
a, c, and d. You can use User Accounts to add and remove users, rename users, change their logon pictures, and change their passwords. You cannot use it to manage groups or group assignments.
56
CHAPTER 13 ANSWERS
7. Which of the following user rights are required to allow a user to log on to a system and back up files and folders to tape? (Choose all correct answers.) a. Access This Computer From A Network b. Log On Locally c. Backup Files And Directories d. Restore Files And Directories
ANSWER
b and c. To log on to a system, the user needs the Log On Locally logon right. To back up files and folders, the user needs the Backup Files And Directories user privilege. 8. A notebook computer user calls you from a hotel room. Her notebook computer was assigned to her for this trip, and she didnt have time to log on and check it before she left. She cannot log on, and she gets an error message that says a domain controller cannot be found. What could be causing her problem? (Choose all correct answers.) a. Her user account was not added in Local Users and Groups. b. Cached credentials are disabled for that computer. c. She never completed a domain logon to cache her logon credentials. d. Her notebook computer is not a domain controller.
ANSWER
b and c. If cached credentials are disabled or the user has never logged on to the computer, she cannot log on using cached credentials while on the road.
CASE SCENARIOS
Scenario 13-1: Designing Accounts for a Field Office
You have been hired to set up user accounts for a small sales office for a heavy equipment manufacturer. The office has four salespeople, a manager, and two part-time receptionists. The system used for file storage has three folders set up for document storage. See Figure 13.30 for an illustration.
CHAPTER 13 ANSWERS:
57
Sales Reports
Sales
Marketing Materials
Receptionists
Management Documents
Manager
Figure 13-30
F13HT30.VSD
Sales office in need of user account management
The receptionists help the sales force with sales reports and are also responsible for maintaining documents in the Marketing Materials folder as they come in from the home office. The salespeople need to be able to work on their own reports and print marketing materials as needed. The office manager needs access to all folders and is also responsible for maintaining documents in the Marketing Materials folder as they come in from the home office. Answer the following questions about this scenario: 1. List the user groups you would set up in this scenario.
ANSWER
Answers will vary, but you should provide for the role of each user group. One likely answer is Sales, Receptionists, and Managers. 2. Which groups should have access to modify the contents of the Marketing Materials folder?
ANSWER
Receptionists and Managers need at least permission to modify marketing materials. Salespeople need access to read files in this folder, and using the principle of least privilege, they should not be given more than that. 3. What level of permission should the receptionists have to each folder? a. Modify permission to all folders b. Modify permission to Sales Reports and Marketing Materials, none to Management Documents
58
CHAPTER 13 ANSWERS
c. Modify permission to Sales Reports and Marketing Materials, Read permission to Management Documents d. Modify permission to Sales Reports, Read permission to Marketing Materials, none to Management Documents
ANSWER
b. The receptionists need to be able to modify documents in the Sales Reports and Marketing Materials folders, but they should not have access to the Management Documents folder.
Scenario 13-2: Protecting Files on a Military System

You are hired as a civilian contractor on a military installation. You are assigned to manage the commanding generals computer. He wants to be sure that documents on the computer are accessible only by him, and not even by administrators. Answer the following questions about this scenario: 1. If all the sensitive files are in a single folder, what permissions should you give to that folder?
ANSWER
Full Control only. Remove all other groups (including Administrators) from the ACL for that folder. 2. Administrators can use their ownership privileges to change permissions even when they do not have access, so how can you assure the general that the files can never be seen by administrators? (Choose the two answers that form the correct response.) a. Remove the Administrators groups privilege to take ownership of files on that computer. b. Remove all users from the Administrators group. c. Have the general take ownership of the folder. d. Assign the Administrators group Deny Take Ownership on the folder.
ANSWER
a and c. If you have the general take ownership, the Administrators group is no longer owner of the folder. This prevents administrators from taking ownership later on and changing permissions. Denying Take Ownership does not prevent administrators from taking ownership because this privilege is granted as a right. Removing all users from the Administrators group does not work because built-in accounts cannot be removed from built-in groups.
CHAPTER 14 ANSWERS:
CONFIGURING AND MANAGING COMPUTER SECURITY
59
CHAPTER 14

REVIEW QUESTIONS
1. Local Security Policy is a subset of __________. a. Security Configuration and Analysis b. Domain Security Policy c. Group Policy d. Audit policy
ANSWER
c. Local Security Policy is a subset of Group Policy for a system. 2. Which of the following audit policies do you enable to record attempts to access resources on your system from the network? a. Logon events b. Account logon events c. Object access events d. System events
ANSWER
b. Account logon events audit any logons that access or attempt to access resources on the local computer. 3. You are configuring a highly secure workstation and need to ensure that no potential attack is missed in the audit logs. What two settings must you configure to accomplish this? a. Set up Security log archiving b. Configure audit policy to shut down the system if the Security log becomes full c. Configure the Security log to not overwrite events d. Store event logs on a secure data storage unit
60
CHAPTER 14 ANSWERS
ANSWER
b and c. By configuring the Security log to not overwrite events and configuring the system to shut down if the log becomes full, you can shut down the system rather than overwrite a security event. 4. Which command-line tool can be used to configure security policy? a. Secpol.msc b. Eventvwr.msc c. Secedit.exe d. Gpedit.msc
ANSWER
c. You can use Secedit.exe to analyze and configure security settings using security templates. 5. Which of the following security templates can you use to restore security configuration settings in the event of a configuration problem? a. Compatws.inf b. Hisecws.inf c. Setup security.inf d. Rootsec.inf
ANSWER
c. Setup security.inf stores all security policy settings that were in place when the system was installed. 6. You are concerned about a data folder that all users of your network have access to. Someone has been deleting files, and you want to find out who it is. Which audit policy and setting will detect this action? a. Logon events (successful) b. Logon events (failed) c. Object access (successful) d. Object access (failed)
ANSWER
c. By auditing successful object access events, you can log the deletion of a file and determine who did it.
CHAPTER 14 ANSWERS:
61
CASE SCENARIOS
Case Scenario 14-1: Designing a Security Policy
You are designing security for a group of workstations configured in a workgroup network environment. All the systems run identical applications and have similar requirements for security. These security requirements include:
Users need to run a legacy application that does not run well unless the users are placed in the Power Users group. You want to find a way to allow the application to run for nonPower Users. You want to implement a logon banner to warn potential hackers that your organization pursues legal action against anyone who attempts to defeat system security. You want to clear the username entered in the Log On To Windows dialog box after each logon.
Answer the following questions about this scenario: 1. Which of the following security options will fulfill the security requirements? (Choose all correct answers.) a. Accounts: Rename Guest Account b. Interactive Logon: Do Not Display Last User Name c. Interactive Logon: Do Not Require CTRL+ALT+DEL d. Interactive Logon: Message Text For Users Attempting To Log On
ANSWER
b and d. These two options would configure the required settings. 2. Which security template should you use as a baseline for this configuration? a. Setup Security.inf b. Compatws.inf c. Securews.inf d. Rootsec.inf
ANSWER
b. Compatws.inf relaxes certain settings to allow legacy applications that normally require Power User privileges to operate in the context of the user group.
62
CHAPTER 14 ANSWERS
3. Which utility can you use to create a security template for this configuration? a. Notepad.exe b. Local Security Policy c. The Security Configuration and Analysis snap-in d. The Security Templates snap-in
ANSWER
d. The Security Templates snap-in manages the creation and configuration of security templates.
Case Scenario 14-2: Security Auditing

You are hired by a small office supply shop to find out who has been stealing money from its computerized cash register system, which runs Windows XP. The manager suspects that the system administrator is colluding with several cashiers to falsify the register journals. She has sent the administrator to a training course for a few days, and she wants you to configure auditing to track his activities. You soon discover that no security auditing is being done and no Local Security Policy has been configured on any of the registers. Answer the following questions about this scenario: 1. The manager tells you she has never seen the administrator actually log on to any register, and that he spends a lot of time on his computer in the back office. You want to leave the administrators system untouched so he does not become suspicious. What audit policy can you configure to see if the administrator is accessing the registers over the stores local area network, and on which systems should you configure it? a. Account logon events on each register b. Account logon events on the administrators computer c. Logon events on the administrators computer d. Logon events on each register
ANSWER
d. Logon events track logons to the local machine. Applying the audit policy on each register allows you to monitor who has logged on (interactively or over the network) to it. The administrators system does not need to be touched.
CHAPTER 14 ANSWERS:
63
2. You want to be sure your activity does not affect the operation of the registers. Which security log settings can you apply to keep the lowest profile? (Choose all correct answers.) a. Configure The Log To Overwrite The Oldest Events First b. Configure The Log To Overwrite Events Over 7 Days Old c. Manually Clear Logs d. Shut Down The System When The Log File Gets Full
ANSWER
a. Overwriting the oldest events first will ensure that logging continues uninterrupted. The other settings have the potential to fill the log and possibly shut down the system.
64
CHAPTER 15 ANSWERS
CHAPTER 15
BACKING UP AND RESTORING SYSTEMS AND DATA

REVIEW QUESTIONS
1. Which feature of Windows XP allows you to back up open files? a. Automated System Recovery (ASR) b. Differential backup c. Incremental backup d. volume shadow copy
ANSWER
d. Volume shadow copy makes a copy of open files that can be backed up without interfering with the files themselves. 2. You are planning a backup strategy. You are required to ensure that any file can be restored to a point within the last 24 hours. You also do not want to have to load more than one backup tape. The time required to perform the backup is not a concern. Which backup strategy makes most sense in this scenario? a. Weekly normal and daily differential backups b. Weekly normal and daily incremental backups c. Daily normal backups d. Weekly normal and daily differential backups with a Wednesday copy backup
ANSWER
c. Because the time required to back up files is not a concern and you want to avoid excessive tape handling, daily normal backups will restore the latest version of any file to within the last 24 hours. 3. Which of the following recovery technologies completely restores a system? a. System Restore b. Safe Mode c. Last Known Good Configuration d. Automated System Recovery (ASR)
CHAPTER 15 ANSWERS:
65
ANSWER
d. ASR can fully restore a system using the Windows installation CD-ROM, an ASR floppy disk, and the backup medium. 4. You want to install an application but are concerned about its effect on system configuration. What can you do to ensure that you can quickly recover your settings? a. Create a restore point with System Restore b. Perform a full system backup c. Back up the system state d. Create an Automated System Recovery (ASR) backup
ANSWER
a. By creating a system restore point, you ensure that you can quickly restore configuration settings to that point. 5. You have installed a new device driver for your sound card, and now your system will not boot. What recovery technology allows your system to boot with the previous set of drivers? a. Recovery Console b. Last Known Good Configuration c. Automated System Recovery (ASR) d. Safe Mode
ANSWER
b. The Last Known Good Configuration allows you to boot with the last driver set known to be good. This prevents the system from loading the new drivers. 6. You have installed a driver that is causing system problems. You did not notice the problems before you logged on to the system. Which of the following technologies can help you fix this problem? (Choose all correct answers.) a. Recovery Console b. Last Known Good Configuration c. System Restore d. Safe Mode
66
CHAPTER 15 ANSWERS
ANSWER
c and d. System Restore can restore a configuration to any restore point in the past (within the limits of storage allocated to System Restore), and Safe Mode allows you to boot the system and install a new device driver if necessary. The Recovery Console cannot manage device drivers, and the Last Known Good Configuration will have been overwritten when you log on.
CASE SCENARIOS
Scenario 15-1: Backup Planning
You are helping a small company with its disaster recovery planning. It has 13 desktop computers in two configurations. Configuration A (12 systems) is a standard Windows XP Professional installation with Microsoft Office 2003 Professional Edition on each system. All documents are stored on a single Windows XP Professional system (Configuration B) that functions as a file and print server. Each of the 12 workstations has a floppy drive, a CD-ROM drive, and a DVD-R drive. The file server system has a floppy drive and a high-capacity tape drive. Answer the following questions about this scenario: 1. What backup and restoration method will provide the ability to quickly and completely recover a workstation? a. Daily normal backups to DVD-R. Restore from DVD-R after reinstalling Windows. b. Automated System Recovery backup set with floppy and DVD-R disk. Use ASR restore to recover system. Refresh ASR set when configuration changes. c. Automated System Recovery backup set with floppy and DVD-R disk. Use ASR restore to recover system. Use System Restore to recover recent changes. d. Single normal backup to DVD-R, daily differential backup to the server. Recover by restoring DVD-R backup after reinstalling Windows, and restore remaining data from server backup file.
ANSWER
b. Having a current ASR backup set is the quickest way to restore the systems to full operation. Normal backups require reinstalling Windows to access the Backup utility, which takes more time. System Restore does not know about recent changes on a newly restored system.
CHAPTER 15 ANSWERS:
67
2. You want to choose a backup schedule for the system that acts as a file and print server. You want to find a way to minimize the nightly backup window while not complicating the restore process. Which of the following backup schedules offers the best balance between backup speed and ease of restoration? a. Daily normal backup b. Weekly normal backup and daily incremental backup c. Weekly normal backup and daily differential backup d. Weekly copy backup and daily normal backup
ANSWER
c. Having a daily differential backup ensures that you will never need more than two tapes to completely recover the system. The nightly backup is also reasonably fast because it backs up only the documents that have changed since the last normal backup.
Scenario 15-2: Power Problems

Your organization was struck with a severe brownout followed by a complete power outage lasting a few hours. After power was restored, you discovered that three systems would not boot. Two simply need new power supplies, but the third is reporting Operating system not found when you attempt to start it. Answer the following questions about this scenario: 1. Which of the following Windows XP recovery tools offers the best chance of repairing this system quickly? a. Automated System Recovery (ASR) b. Safe Mode c. Last Known Good Configuration d. Recovery Console
ANSWER
d. The Recovery Console, loaded from the Windows XP CD-ROM, can repair master boot records with the Fixmbr command and repair boot sectors with the Fixboot command. All of the other options require a bootable system.
68
CHAPTER 15 ANSWERS
2. After recovering this system, you discover that some files are still corrupted. Which of the following backups offer the best chance of restoring all corrupt files? a. Normal backup done after the last major configuration change b. Normal backup done three days before c. Copy backup done the day before d. Incremental backup done that morning
ANSWER
c. A copy backup backs up all files and folders. It was done only the day before, so it offers the best chance of successfully recovering all files to the most recent condition. The older backups are not as current, and the Incremental backup would have only a few recently changed files but not an entire set of files for this system.
CHAPTER 16 ANSWERS:
MANAGING PERFORMANCE
69
CHAPTER 16
REVIEW QUESTIONS
1. Adding __________ is usually the easiest way to improve performance. a. CPUs b. Memory c. Disks d. Power
ANSWER
b. Memory is most often the primary cause of performance concerns. Even apparent disk problems can be caused by excessive use of virtual memory. 2. Which of the following performance counters can help you determine whether a system has adequate memory? (Choose all correct answers.) a. Memory: Available Bytes b. Page File: % Usage c. Memory: Pages / sec d. Physical Disk: Average Disk Queue Length
ANSWER
a, b, and c. Memory: Available Bytes indicates how much physical RAM is free, Page File: % Usage indicates whether the system is using excessive virtual memory, and Memory: Pages / sec indicates the rate at which paging to virtual memory is occurring. Average Disk Queue Length can be an indicator of a slow or fragmented hard disk. 3. You are analyzing performance of your Windows XP system. Physical Disk: % Disk Time is well over 50, Page File: % Usage is less than 10, and Memory: Pages / sec is less than 5. Which of the following items is most likely causing the performance issues on your system? a. Memory b. Disk c. CPU d. Network
70
CHAPTER 16 ANSWERS
ANSWER
b. If the memory counters are low, your problem is most likely a slow or fragmented hard disk. 4. From which of the following sources can you copy counters when you configure a performance alert? a. Page file b. Performance log c. Saved System Monitor view d. Performance object
ANSWER
c. You can use saved System Monitor views to obtain counters for both performance logs and alerts. 5. You notice that your mobile computer seems to run more slowly when you are not using the AC adapter. What could be causing this? a. The CPU is designed to run more slowly while on battery power. b. The CPU isnt getting the power it needs to run efficiently. c. The battery is of the wrong type. d. The battery needs charging.
ANSWER
a. Many processors designed for notebook computers use a technology that adjusts CPU speed based on power conditions. 6. Which Windows XP system utility can you use to perform scheduled maintenance tasks on your system? a. System Restore b. Scheduled tasks c. Maintenance Manager d. Disk Defragmenter
ANSWER
b. You can use scheduled tasks to run tasks and utilities on a periodic basis to maintain a system.
CHAPTER 16 ANSWERS:
71
CASE SCENARIOS
Scenario 16-1: A Slow Application
The CFO calls you in because he is running a large spreadsheet on his system and it is running unusually slowly. He wants you to try to get his system moving faster again. Answer the following questions about this scenario: 1. Which Windows XP utility will give you a quick look at the performance of this system?
ANSWER
Task Manager lets you quickly see statistics for memory and CPU. 2. Available memory seems to be fine, but you notice that the systems hard disk thrashes excessively whenever you launch a new application. Which of the following performance counters can you use to check the status of the physical disk? a. Memory: Available Bytes b. Page File: % Usage c. Memory: Pages / sec d. Physical Disk: Average Disk Queue Length
ANSWER
d. Excessive Average Disk Queue Length is an indicator of poor disk performance. 3. You ask the CFO about his use of the system. Nothing has changed in terms of applications or datathe system has just been getting slower. You check Physical Disk: Average Disk Queue Length and find the value excessive. Which of the following factors might be responsible for the poor disk performance? a. The hard disk is failing. b. The system needs faster disks. c. The disk is seeing excessive use of virtual memory. d. The disk is excessively fragmented.
72
CHAPTER 16 ANSWERS
ANSWER
d. If a disk is fragmented, its performance will decline over time. A disk failure happens more suddenly. The systems memory is fine, so virtual memory is probably not affecting the disk. If performance was once good, disk speed is probably not an issue.
Scenario 16-2: Spotting the Cause of Performance Issues

You are analyzing a system with System Monitor and have noted the following statistics: Memory: Available Bytes (768 MB Ram total) Memory: Pages / sec Page File: % Usage Physical Disk: Average Disk Queue Length Answer the following questions about this scenario: 1. Is memory probably an issue on this system?
ANSWER
234 MB 2 24 4
Yes. It is likely that memory is a factor in this systems issues. It appears that the page file utilization is increasing as the system uses up its RAM. However, the number of page faults (Pages / sec) is relatively low. You should keep looking for additional clues to the performance problem. 2. Do you have enough information to know definitively whether disk performance is an issue on this system? If not, what additional counters can you use to monitor disk performance?
ANSWER
You need more information before you can rule out or implicate disk performance. Use Physical Disk: % Disk Time to get an idea of how much actual activity the disk is experiencing. If % Disk Time is also high, you might be able to justify increasing disk performance on this system.

70-270 TextbookAnswers

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

70-270 TextbookAnswers

Uploaded by

Copyright:

Available Formats

CHAPTER 1 ANSWERS:

INTRODUCING WINDOWS XP PROFESSIONAL

INTRODUCING WINDOWS XP PROFESSIONAL

INTRODUCING WINDOWS XP PROFESSIONAL

Scenario 1.2: Assisting Remote Users

INSTALLING WINDOWS XP PROFESSIONAL

INSTALLING WINDOWS XP PROFESSIONAL

INSTALLING WINDOWS XP PROFESSIONAL

Scenario 2-2: Automatic Updates

MANAGING DISKS AND FILE SYSTEMS

MANAGING DISKS AND FILE SYSTEMS

a. Encrypted data b. Frequently updated data c. Bitmaps d. Static data

MANAGING DISKS AND FILE SYSTEMS

Scenario 3-2: Disk Quotas

MANAGING DEVICES AND PERIPHERALS

MANAGING DEVICES AND PERIPHERALS

MANAGING DEVICES AND PERIPHERALS

Scenario 4-2: Troubleshooting Problems with the HAL

CONFIGURING AND MANAGING THE USER EXPERIENCE

CONFIGURING AND MANAGING THE USER EXPERIENCE

CONFIGURING AND MANAGING THE USER EXPERIENCE

Scenario 5-2: Power Problems

CONFIGURING AND MANAGING PRINTERS AND FAX DEVICES

CONFIGURING AND MANAGING PRINTERS AND FAX DEVICES

Scenario 6-2: Printer Wars

CONFIGURING AND MANAGING NTFS SECURITY

CONFIGURING AND MANAGING NTFS SECURITY

CONFIGURING AND MANAGING NTFS SECURITY

CONFIGURING AND MANAGING NTFS SECURITY

2. What folders should you create to support this scenario?

Scenario 7-2: Effective Permissions

CONFIGURING AND MANAGING SHARED FOLDER SECURITY

CONFIGURING AND MANAGING SHARED FOLDER SECURITY

Denied permissions take precedence over allowed permissions on a shared folder.

CONFIGURING AND MANAGING SHARED FOLDER SECURITY

CONFIGURING AND MANAGING SHARED FOLDER SECURITY

Scenario 8-2: Command-Line Nirvana

SUPPORTING APPLICATIONS IN WINDOWS XP PROFESSIONAL

SUPPORTING APPLICATIONS IN WINDOWS XP PROFESSIONAL

SUPPORTING APPLICATIONS IN WINDOWS XP PROFESSIONAL

Scenario 9-2: Irreconcilable Differences?

SUPPORTING APPLICATIONS IN WINDOWS XP PROFESSIONAL

CONNECTING WINDOWS XP PROFESSIONAL TO A NETWORK

CONNECTING WINDOWS XP PROFESSIONAL TO A NETWORK

a, c, and d. The IP address is usually dynamically assigned to dial-up connections.

CONNECTING WINDOWS XP PROFESSIONAL TO A NETWORK

Scenario 10-2: Help!

CONFIGURING TCP/IP ADDRESSING AND SECURITY

CONFIGURING TCP/IP ADDRESSING AND SECURITY

CONFIGURING TCP/IP ADDRESSING AND SECURITY

Supernetting the netblocks is less expensive than buying a router.

Scenario 11-2: Security on a Shoestring

MANAGING INTERNET EXPLORER CONNECTIONS AND SECURITY

MANAGING INTERNET EXPLORER CONNECTIONS AND SECURITY

MANAGING INTERNET EXPLORER CONNECTIONS AND SECURITY

Scenario 12-2: Managing Internet Explorer Security and Privacy

MANAGING INTERNET EXPLORER CONNECTIONS AND SECURITY

MANAGING USERS AND GROUPS

MANAGING USERS AND GROUPS

MANAGING USERS AND GROUPS

Sales office in need of user account management

Scenario 13-2: Protecting Files on a Military System

CONFIGURING AND MANAGING COMPUTER SECURITY