Welcome to Certifiable, your exam prep headquarters. Here you'll find questions about some of the tricky areas that are fair game for the certification exams. Following the questions, you'll find the correct answers and explanatory text. We change the questions weekly.

Questions (June 14, 2002)
Answers (June 14, 2002)

This week's questions cover topics for Exam 70-217: Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure.

Questions (June 14, 2002)

Question 1
You recently installed Active Directory (AD) at your company, chilling.com. You created two domains in separate trees. The first, chilling.com, is the root domain of the forest. The second domain is called enrious.com. Both domains are Mixed mode. You want to configure the DNS settings for chilling.com so that local Windows 2000 Server DNS servers dns1.chilling.com and dns2.chilling.com will forward all DNS queries that they can't resolve to two of your ISP's external DNS servers located at 128.250.213.225 and 128.250.212.112.

You log on to dns1.chilling.com and open the DNS console, but you notice that the "Enable Forwarders" checkbox is grayed out. Which of the following explanations is the likely cause of this problem? (Select all that apply.)

  1. You don't have the appropriate permissions on the server. You must be a member of the Enterprise Admins group to enable DNS forwarding.
  2. You configured dns1.chilling.com as a root server. Root servers can't forward DNS queries.
  3. You must convert the Mixed mode domain to Native mode before you can configure DNS query forwarding.
  4. You haven't enabled dynamic updates. Because AD relies heavily on dynamic updates, you must first enable them before you enable DNS forwarding.

Question 2
You administer a small Windows 2000 network that has Active Directory (AD) deployed in a domain called micktech.com. You have set up three domain controllers (DCs), dc1.micktech.com, dc2.micktech.com, and dc3.micktech.com. Using the Windows 2000 Backup utility, what's the best way to ensure that you properly back up dc1, dc2, dc3 and the AD database?

  1. Include the %systemroot%\NTDS folder in any backup of dc1, dc2, and dc3.
  2. Run the Win2K Backup utility, select the "Backup Active Directory database" checkbox, and back up dc1, dc2, and dc3.
  3. Include the System State data in any backup of dc1, dc2, and dc3.
  4. Include the %systemroot%\Sysvol folder in any backup job of dc1, dc2 and dc3.
  5. Make sure that all backups are authoritative backups of dc1, dc2, and dc3.

Question 3
Two protocols, RPC and SMTP, are involved in Active Directory (AD) replication. Both protocols run over IP. Which of the following statements about replication protocols is correct? (Choose the best answer.)

  1. You can use either RPC or SMTP for intrasite replication and RPC for intersite replication.
  2. You can use either RPC or SMTP for intrasite replication and SMTP for intersite replication.
  3. You can use RPC and SMTP for both intrasite and intersite replication.
  4. You can use RPC for intersite replication and SMTP for intrasite replication.
  5. You can use RPC for intrasite replication and either RPC or SMTP for intersite replication.
  6. You can use RPC for intrasite replication and SMTP for intersite replication.
  7. You can use SMTP for intrasite replication and either SMTP or RPC for intersite replication.

Answers (June 14, 2002)

Answer to Question 1
The correct answers are A—You don't have the appropriate permissions on the server. You must be a member of the Enterprise Admins group to enable DNS forwarding; C—You must convert the Mixed mode domain to Native mode before you can configure DNS query forwarding; and D—You haven't enabled dynamic updates. Because AD relies heavily on dynamic updates, you must first enable them before you enable DNS forwarding.

If you installed the DNS server as a root server, it assumes that it has root authority, which means that it assumes that no other DNS servers have greater authority. To add DNS forwarding, you must delete the Root DNS zone and add a forwarding DNS address. To do so, expand the Forward Lookup Zones folder, right-click the "." folder, and click Delete.

Answer to Question 2
The correct answer is C—Include the System State data in any backup of dc1, dc2, and dc3. Win2K Backup refers to certain system components as the System State data. For Win2K Server, the System State data consists of the registry, the COM+ Class Registration database, the system boot files, and, if the server is a certificate server, the Certificate Services database. For DCs, the System State data also includes AD and the SYSVOL directory.

Answer to Question 3
The correct answer is E—You can use RPC for intrasite replication and either RPC or SMTP for intersite replication.

The following rules apply to the replication transports:

  • Replication within a site always uses RPC over IP.
  • Replication between sites can use either RPC over IP or SMTP over IP.
  • Replication between sites over SMTP is supported only for domain controllers (DCs) of different domains. DCs of the same domain must use the RPC over IP transport to replicate. Therefore, replication between sites over SMTP is supported for only schema, configuration, and Global Catalog (GC) replication, which means that domains can span sites only when point-to-point, synchronous RPC is available between sites.