Welcome to Certifiable, your exam-prep headquarters. Here you'll find questions about some of the tricky areas that are fair game for the certification exams.

Questions (May 3, 2002)
Answers (May 3, 2002)

This week's questions cover topics for Exam 70-270: Installing, Configuring, and Administering Microsoft Windows XP Professional.

Questions (May 3, 2002)

Question 1
You're collecting information about the various boot configurations on your network's Windows XP Professional Edition workstations. Instead of visiting each individual workstation, you want to perform this audit from the command line on your own XP Pro workstation. You're using a Domain Administrator account, and all the workstations you want to query are members of the domain.

Which of the following commands can you run from the XP command shell to receive information about SYSTEM-ALPHA's boot configuration? (Select all that apply.)

  1. showcfg /query /s \\system-alpha
  2. bootcfg /query /s \\system-alpha
  3. more \\system-alpha\c$\boot.cfg
  4. more \\system-alpha\c$\system.conf
  5. more \\system-alpha\c$\boot.ini

Question 2
Your company's phone directory consists of a several-thousand-line text file in the following format:

Both, Mick       9555 1234
Lardy, Paul      9557 1235
Maslen, Rob      9554 1522

Your company's eight-digit phone numbers start with the digits 9555, 9554, 9556, or 9557. Your phone list file is called phonlist.txt. You want to generate four new files with the following names:

phon9555.txt  
phon9554.txt  
phon9556.txt
phon9557.txt

Each of these files should contain only the names and phone numbers of those people whose phone numbers start with each particular four-digit prefix. Which of the following command-line sequences will achieve this goal? (Choose the best answer.)

  1. find "9557" < phonlist.txt > phon9557.txt
    find "9556" < phonlist.txt > phon9556.txt
    find "9555" < phonlist.txt > phon9555.txt
    find "9554" < phonlist.txt > phon9554.txt
  2. search "9557" < phonlist.txt > phon9557.txt
    search "9556" < phonlist.txt > phon9556.txt
    search "9555" < phonlist.txt > phon9555.txt
    search "9554" < phonlist.txt > phon9554.txt
  3. find "9557" < phon9557.txt > phonlist.txt
    find "9556" < phon9556.txt > phonlist.txt
    find "9555" < phon9555.txt > phonlist.txt
    find "9554" < phon9554.txt > phonlist.txt
  4. search "9557" < phon9557.txt > phonlist.txt
    search "9556" < phon9556.txt > phonlist.txt
    search "9555" < phon9555.txt > phonlist.txt
    search "9554" < phon9554.txt > phonlist.txt
  5. grep "9557" < phonlist.txt > phon9557.txt
    grep "9556" < phonlist.txt > phon9556.txt
    grep "9555" < phonlist.txt > phon9555.txt
    grep "9554" < phonlist.txt > phon9554.txt

Question 3
You suspect that a user from a particular IP, 198.250.213.224, is attempting a dictionary attack on the FTP server that you're running on Windows XP's Microsoft IIS system. You plan to contact the attacker's ISP, and you want to generate a text file that shows all the instances of this user's attacks. You're using 10MB log files. The most recent log file is called extend2.log.

Your FTP service is simply the default FTP site. You performed the default IIS install, and you haven't changed any of the directory locations. Windows XP Professional Edition is installed on the C drive, and you use the D drive only for data.

Which of the following commands will generate a file named attack.txt in the D:\Temp directory, assuming that you're in the root directory of the C drive in the command-prompt environment? (Choose the best answer; the line breaks are unintentional, and all answers represent one line command. "WINNT" represents the system directory—\WINDOWS on some XP installations.)

  1. find "198.250.213.224" >
       c:\IISLOGS\MSFTPSRV\extend2.log | d:\temp\attack.txt
  2. find "198.250.213.224" <
       c:\IISLOGS\MSFTPSRV\extend2.log | d:\temp\attack.txt
  3. find "198.250.213.224" <
       c:\IISLOGS\MSFTPSRV\extend2.log > d:\temp\attack.txt
  4. find "198.250.213.224"
       C:\WINNT\system32\logfiles\MSFTPSVC1\extend2.log |
       d:\temp\attack.txt
  5. find "198.250.213.224" <
       C:\WINNT\system32\logfiles\MSFTPSVC1\extend2.log |
       d:\temp\attack.txt
  6. find "198.250.213.224" <
       C:\WINNT\system32\logfiles\MSFTPSVC1\extend2.log >
       d:\temp\attack.txt

Answers (May 3, 2002)

Answer to Question 1
The correct answers are B— bootcfg /query /s \\system-alpha; and E— more \\system-alpha\c$\boot.ini. The best way to perform the audit is to use the bootcfg command, which provides nicely formatted output, such as Boot Loader Settings:

timeout: 30
default: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
Boot Entries
----------
Boot entry ID:   1
Friendly Name:   "Microsoft Windows XP Professional"
Path:            multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
OS Load Options: /fastdetect /debug /debugport=com1:

However, you can also issue the More command while mounting the C$ hidden share to reveal the unformatted contents of the boot configuration file. You can use this command to determine the exact OS of a remote server (assuming, of course, that the information contained in the boot.ini file is correct).

Answer to Question 2
The correct answer is A— find "9557" < phonlist.txt > phon9557.txt, find "9556" < phonlist.txt > phon9556.txt, find "9555" < phonlist.txt > phon9555.txt, find "9554" < phonlist.txt > phon9554.txt. Although you probably won't ever have to perform such a task, this question helps you become familiar with the Windows command-line's text-processing capabilities, which can be very useful for searching the text log files that Microsoft IIS generates. You can use the Grep command on a UNIX system, although the format would be different. Using Find and piping the results correctly to the new file is important.

Answer to Question 3
The correct answer is F—

find "198.250.213.224" <
C:\WINNT\system32\logfiles\MSFTPSVC1\extend2.log >
d:\temp\attack.txt

The key to answering this question correctly is knowing where the default IIS log files are located on XP systems and how piping and redirects work with the Find command. The answer to the first piece of the puzzle is finding "string" < filename.txt > outputfilename.txt. The second piece is knowing the default location of the IIS FTP log files. C:\WINNT\System32\Logfiles MSFTPSVC1\ is the primary location (C:\windows\system32\logfiles on some XP systems).