Welcome to Certifiable, your exam prep headquarters. Here you'll find questions about some of the tricky areas that are fair game for the certification exams. Following the questions, you'll find the correct answers and explanatory text. We change the questions biweekly.

Questions (October 27, 2000)
Answers (October 27, 2000)

Questions (October 27, 2000)
In the "old days" (i.e., a couple of years ago), you commonly saw what I call "What is your favorite color?" type questions on Windows NT exams. These questions ask you to recall some fact about a product without regard to the fact's relevance to the real-world skills the exam is supposed to measure. "What two things must you do before installing DNS service on a Windows 2000 server?" fits into this category. Sure, it's useful for you to know the answer, but knowing the answer doesn't help determine whether you understand why.

The main difference between the Win2K and NT exams is how the exams measure your skills. Rather than asking you to memorize random pieces of trivia as if preparing for a game show, Win2K exam questions pose scenarios similar to what you might encounter in your work environment. Usually, answering these questions requires you to adapt what you know about several different parts of the OS. For example, consider this question: "Joe needs to access the CompanyDirectory.xls file on the server.mydomain.com\files share. The Domain Users group has Read permission on that share. Joe tells you that he can't access file, but he can see a list of files in the folder. What are possible reasons for the problem?" This simple version of the scenario question requires you to remember that all domain accounts are in Domain Users, that shared folders on NTFS partitions have additional permissions that you need to check, and that a user's total set of permissions depends on all his group memberships. All three of these pieces of information come into play in determining the correct answer, and you can probably bring in even more information to disqualify the wrong answers.

The difference is that the question doesn't ask you to determine Joe's effective permissions for the file. Instead, it asks you to apply what you know to determine the problem's possible cause, which tests both your problem-solving skills and product knowledge. These exams don't reward rote fact memorization, and I suspect that is why the Win2K exams have a reputation of being more difficult than the NT exams.

As has been the case in previous Certifiable columns, in the following questions, the trick isn't knowing the correct answer but knowing why the wrong answers are wrong. The main goal of this new style of exam question is to determine whether experience has honed your instincts for finding the correct path to a solution; therefore, answering scenario questions correctly depends mostly on your ability to sift out extraneous information. Use the following questions to work on that skill.

Question 1
You are the administrator of a small contracting company. Your ISP hosts your Web site and manages the DNS server with the primary zone for your company. You manage an internal DNS server that holds the secondary zone records for your company. One day you receive an email explaining that your ISP is changing the IP address of its DNS server and that you should reconfigure your servers accordingly. What do you do?

  1. Nothing, all your clients and servers use DHCP and will automatically get the new DNS addresses.
  2. Manually change the TCP/IP configuration to update the DNS server IP address.
  3. Change the records in your secondary zone to reflect the new IP address of the master server.
  4. On the secondary zone's general Properties page, add the new IP address for the master server and remove the old one.

Question 2
You are the administrator of a small branch office of a large corporation. The head office manages the DNS servers. You want to speed up name resolution for your users who access Internet resources. What would be the simplest solution?

  1. Install a local caching-only DNS server; configure your local DHCP server scope options to give out the address of the local DNS server; make the corporate DNS servers forwarding partners.
  2. Install a WINS server.
  3. Install Windows 2000 Professional on all your users' desktops.
  4. Configure a HOSTS file with commonly used server names and IP addresses and copy this file to each workstation's %systemroot%/sysem32/drivers/etc directory.

Question 3
You created a Dfs Root (named XFILES) on your Windows 2000 Server for your network clients. You named your Dfs Root server xdot3.xcorp.com; you named its replica xdot4.xcorp.com. Recently, a client on a Win2K Professional system tried to access a folder named CRYPTO that your Dfs server publishes, but received an access denied message. The user says that she is trying to access the folder via the name \\xcorp\xfiles. You trace a Dfs link to a Windows 95 system named 95Cryptic sharing the folder CRYPTO. You then discover that the Win95 system is down. When you recheck your Dfs configuration, you see that a replica link points to a Windows NT Server. Which of the following are possible explanations for the access denied message? (Choose all that apply.)

  1. The Win95 system is denying access.
  2. The NT Server doesn't recognize the user's account.
  3. The client is using the Dfs replica, which is trying to access the Win95 system only.
  4. The NT Server is specifically denying access to the user.
  5. A Win95 share can't be linked to from a Dfs Root.

Answers (October 27, 2000)

Answer to Question 1
The correct answer is D—On the secondary zone's general Properties page, add the new IP address for the master server and remove the old one.

Changing the TCP/IP configuration on your clients and/or servers, either through DHCP or manually (answers A and B) won't update the master server for a secondary zone. Because the zone you are responsible for is a secondary zone, you can't change the records directly (answer C). They must be updated from the primary zone.

Answer to Question 2
The correct answer is A—Install a local caching-only DNS server; configure your local DHCP server scope options to give out the address of the local DNS server; make the corporate DNS servers forwarding partners. Installing your own local DNS server and configuring all your client machines to use it through DHCP keeps the initial DNS lookups local. Your DNS machine will also cache entries it resolves from the corporate DNS servers and the Internet.

A WINS server (answer B) won't help resolve names from the Internet. Win2K Pro (answer C) won't resolve host names any faster than any other OS. A HOSTS file on each workstation (answer D) is only as useful as it is accurate, complete, and current; managing the HOSTS files would be prohibitively time consuming.

Answer to Question 3
The correct answers are B—The NT Server doesn't recognize the user's account; and D—The NT Server is specifically denying access to the user.

Because the Win95 system is down, it can't be sending the access denied message (answers A and C). However, the NT Server might be sending this message either because it doesn't recognize the user's account name/password or because the user is specifically denied access on the NT Server. Answer E is incorrect because you can link to Win95 shares through Dfs.