Welcome to Certifiable, your exam-prep headquarters. Here you'll find questions about some of the tricky areas that are fair game for the certification exams.

Questions (May 31, 2002)
Answers (May 31, 2002)

This week's questions cover topics for Exam 70-217: This week's questions cover topics for Exam 70-216: Implementing and Administering a Microsoft Windows 2000 Network Infrastructure.

Questions (May 31, 2002)

Question 1
Enrious wants to set up a Certification Authority (CA) on a Windows 2000 Server machine on his company's network, which consists of one Win2K domain. He decides that an Enterprise Root CA would best serve his company's needs. Which of the following conditions must Enrious meet before he can install an Enterprise Root CA?

  1. He must install BIND 8.1.2 or higher on one of the domain controllers (DCs).
  2. He must have Enterprise Administrator privileges.
  3. He must install Active Directory (AD).
  4. He must install a WINS server on a DC in the domain.
  5. He must install Apache 2.0 on a DC in the domain.
  6. He must install Win2K DNS.

Question 2
You work for a company that has a central office and three branch offices. The central office is on Subnet A, and the branch offices are on Subnet B, Subnet C, and Subnet D (i.e., one subnet for each branch office). The subnets have the following addresses:

Subnet A: 128.250.212.0 /24
Subnet B: 128.250.213.0 /24
Subnet C: 128.250.214.0 /24
Subnet D: 128.250.215.0 /24

Subnet A hosts a Microsoft IIS server, which runs the company's intranet. Subnet D has a Host Integration Server that connects to a mainframe at the data center. Each subnet has a file server and print server.

You arrive at work late one morning to find that some users are experiencing connectivity problems. Two users on Subnet C can't ping their local file server or any other servers in the organization, but they can ping each other. On Subnet D, five users can ping each other but can't access to their local file server.

The users experiencing problems on Subnet C have the IP addresses 169.254.0.100 and 169.254.0.101. The users experiencing problems on Subnet D have the IP addresses 169.254.0.160, 169.254.0.161, 169.254.0.162, 169.254.0.163, and 169.254.0.164. How would you resolve these problems?

  1. Make sure that a WINS server is available for all clients on the segment. Windows 2000 clients rely heavily on NetBIOS resolution, and the lack of an available WINS Server could cause connectivity problems.
  2. The machines are likely configured with static IP addresses. Change the machines over to DHCP clients.
  3. Some machines might have received Automatic Private IP Addresses (APIPAs). Determine whether a functioning DHCP server is available for the segments that include those machines.
  4. The switch that the computers are connected to has broken. Replace the switch and reconnect each system to the new switch.

Question 3
You have installed a new primary Windows 2000 DNS server on your company's network. You set up this DNS server, which has the IP address 128.250.203.31, to host the new Internet domain truthaddict.com.au. You have the following 10 hostnames listed in your database:

router.truthaddict.com.au IN A 128.250.203.1
dns.truthaddict.com.au IN A 128.250.203.31
mail.truthaddict.com.au IN A 128.250.203.32
dc1.truthaddict.com.au IN A 128.250.203.33
dc2.truthaddict.com.au IN A 128.250.203.34
dc3.truthaddict.com.au IN A 128.250.203.35
dc4.truthaddict.com.au IN A 128.250.203.36
intranet.truthaddict.com.au IN A 128.250.203.37
wkstn1.truthaddict.com.au IN A 128.250.203.50
wkstn2.truthaddict.com.au IN A 128.250.203.51

You have set wkstn1 to use your company's DNS servers to resolve DNS requests. The network is small enough that a hosts file services it adequately. You don't foresee any significant expansion, but you want to move the company to a full Active Directory (AD) environment. This move, of course, requires Win2K DNS (although later versions of BIND that report SRV records would also work)—hence the new Win2K DNS server.

Before you install a secondary DNS server, you want to make sure that everything works correctly on the existing DNS server. You open a command prompt on wrkstn1, which is a Win2K Professional machine, and type

nslookup - 128.250.203.31
intranet.truthaddict.com.au
128.250.203.51
www.certtutor.net

The queries for intranet.truthaddict.com.au and www.certtutor.net come back with the expected IP addresses. However, when you query the IP address 128.250.203.51, you receive an error. What is the most likely cause of this problem?

  1. Nslookup defaults to one query. When you perform the second and third lookups, you use your ISP's DNS servers, which don't contain the necessary records.
  2. The forward lookup zone isn't correctly configured for the new DNS server.
  3. The reverse lookup zone isn't correctly configured for the new DNS server.
  4. The addresses of the root servers don't include the address of the in-arpa root server for in-arpa.203.250.128. You should include this address in the DNS configuration file, restart the DNS service, and flush the resolver cache.

Answers (May 31, 2002)

Answer to Question 1
The correct answers are B—He must have Enterprise Administrator privileges; C—He must install Active Directory (AD); and F—He must install Win2K DNS. BIND is another implementation of DNS that runs on Win2K and also on UNIX and Linux. WINS is irrelevant to installing an Enterprise Root CA. Apache 2.0 is an open source Web Server that can run on Win2K, but it's not required for an Enterprise Root CA to function.

Answer to Question 2
The correct answer is C—Some machines might have received Automatic Private IP Addresses (APIPAs). Determine whether a functioning DHCP server is available for the segments that include those machines. APIPAs are addresses that Windows sets when no DHCP server is available. For some reason, these machines aren't communicating properly with the DHCP server.

Answer to Question 3
The correct answer is C—The reverse lookup zone isn't correctly configured for the new DNS server. When an IP address doesn't resolve to a Fully Qualified Domain Name (FQDN) on your local DNS server, the reverse lookup zone is most likely not configured correctly. You don't need a reverse lookup zone to be properly configured for Active Directory to function but you will need it configured properly if you would like to resolve IP addresses to FQDNs.