Welcome to Certifiable, your exam prep headquarters. Here you'll find questions about some of the tricky areas that are fair game for the certification exams. Following the questions, you'll find the correct answers and explanatory text. We change the questions weekly.

Questions (January 11, 2002)
Answers (January 11, 2002)

This week's questions cover topics for Exam 70-217: Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure.

Questions (January 11, 2001)

Question 1
Your company has two domains, companyabc.com and us.companyabc.com, which are both operating in native mode. In the us.companyabc.com domain, you have two top-level organizational units (OUs) named Sales and Operations. Within the Sales OU, you have two child OUs named Enterprise and Small Business. Below is a list of the various policies that apply to the domains and OUs in your company:

companyabc.com: Domain1 Policy
us.companyabc.com: Domain2 Policy
Sales: Sales Policy
Operations: Ops Policy
Enterprise: Enterprise Reps Policy
Small Business: Small Business Reps Policy

Which of the following represents the correct order that policies will apply to a user in the Small Business OU, from first to last? (Choose the best answer.)

  1. Domain1 Policy, Domain2 Policy, Sales Policy, Ops Policy, Small Business Reps Policy
  2. Domain1 Policy, Domain2 Policy, Sales Policy, Enterprise Reps Policy, Small Business Reps Policy
  3. Domain2 Policy, Domain1 Policy, Sales Policy, Small Business Reps Policy
  4. Domain2 Policy, Sales Policy, Small Business Reps Policy
  5. Small Business Reps Policy, Sales Policy, Domain2 Policy
  6. Small Business Reps Policy, Sales Policy, Domain2 Policy, Domain 1 Policy

Question 2
An Operations Master is a domain controller (DC) that plays one or more special roles in an Active Directory (AD) domain. Operations Masters perform operations that are single-master (i.e., operations that can't occur at different places on the network at the same time). Some Operations Masters are domain-wide and others are forest-wide. Which of the following statements is correct? (Choose the best answer.)

  1. The forest-wide Operations Masters are the PDC emulator and the infrastructure master; the domain-wide Operations Masters are the schema master, the domain-naming master, and the Relative Identifier (RID) master.
  2. The forest-wide Operations Masters are the RID master and the domain-naming master; the domain-wide Operations Masters are the PDC emulator, the infrastructure master, and the schema master.
  3. The forestwide Operations Masters are the schema master and the domain-naming master; the domain-wide Operations Masters are the PDC emulator, the infrastructure master, and the RID master.
  4. The forest-wide Operations Masters are the schema master and the infrastructure master; the domain-wide Operations Masters are the PDC emulator, the domain-naming master, and the RID master.
  5. The forest-wide Operations Masters are the schema master and the PDC emulator; the domain-wide Operations Masters are the domain-naming master, the infrastructure master, and the RID master.

Question 3
You're the administrator for a midsized company that has recently deployed Active Directory (AD). You have seven domain controllers (DCs) for your single-domain network. You're concerned about fault tolerance and want to make sure that you're backing up the DCs properly. In particular, you want to make certain that all the DCs are backing up the AD database. When running the Windows 2000 Backup utility, what's the easiest way to provide fault tolerance for your DCs and ensure that you back up AD properly? (Choose the best answer.)

  1. Check the "Back Up Active Directory database" box.
  2. Make sure that all backups are authoritative backups.
  3. Make sure that all backups include the System State data.
  4. Be sure to include the %systemroot%\NTDS folder in any backup.
  5. Make sure to include the %systemroot%\Sysvol folder in any backup.

Answers (January 11, 2002)

Answer to Question 1
The correct answer is D—Domain2 Policy, Sales Policy, Small Business Reps Policy. The system applies policies in the following order:

  • Local Policy
  • Site Policy
  • Domain Policy—Only policies linked to the domain of which the user or computer is a member apply; policies linked to any parent domains don't apply.
  • OU Policy—OU policies apply in a hierarchical fashion; the policy closest to the object applies last.

For more information, see "Group Policy" at the Microsoft Web site.

Answer to Question 2
The correct answer is C—The forest-wide Operations Masters are the schema master and the domain-naming master; the domain-wide Operations Masters are the PDC emulator, the infrastructure master, and the RID master.

The schema master DC controls all updates and modifications to the schema. To update the forest's schema, you must have access to the schema master. Only one schema master can exist in the forest at any time.

The DC that holds the domain-naming master role controls the addition or removal of domains in the forest. Only one domain-naming master can exist in the forest at any time.

The RID master allocates sequences of relative IDs to each of the various DCs in its domain. Only one DC acting as the RID Master can exist in each domain in the forest at any time.

If the domain contains computers operating without Windows 2000 client software or if it contains Windows NT BDCs, the PDC emulator acts as an NT PDC. The PDC emulator processes password changes from clients and replicates updates to the BDCs. Only one DC acting as the PDC emulator can exist in each domain in the forest at any time.

The infrastructure master is responsible for updating the group-to-user references whenever the members of groups are renamed or changed. Only one DC acting as the infrastructure master can exist in each domain at any time.

Answer to Question 3
The correct answer is C—Make sure that all backups include the System State data. For Win2K Professional, the System State data consists of the registry, the COM+ Class Registration database, and system boot files. For Win2K Server OSs, the System State data consists of the registry, the COM+ Class Registration database, system boot files, and the Certificate Services database (if the server is a Certificate Server). If the server is a DC, AD and the SYSVOL directory are also contained in the System State data.