Welcome to Certifiable, your exam prep headquarters. Here you'll find questions about some of the tricky areas that are fair game for the certification exams. Following the questions, you'll find the correct answers and explanatory text. We change the questions weekly.

Questions (July 6, 2001)
Answers (July 6, 2001)

Questions (July 6, 2001)

Question 1
When you install software on a computer, unsigned or incompatible versions of system files can overwrite existing system files, which can cause system instability. One Windows 2000 Professional feature that can help prevent this problem is File System Verification. If you want to set file signature verification options to prevent all users of a computer from installing unsigned drivers in the future, which of the following tasks should you perform? (Choose all that apply.)

  1. In the Control Panel System Properties applet, select the Hardware tab, click Driver Signing, and select Warn.
  2. In the Control Panel System Properties applet, select the Hardware tab, click Driver Signing, and select Ignore.
  3. In the Control Panel System Properties applet, select the Hardware tab, click Driver Signing, and select Block.
  4. Log on as a member of the Administrators group, and run sfc.exe with the /scanonce switch.
  5. Log on as a member of the Administrators group, access Driver Signing, and click "Apply setting as system default."

Question 2
One of your network administrators accidentally deleted an organizational unit (OU) named Marketing. You want to recover this OU. You check the documentation and verify that the System State Data was backed up on all domain controllers (DCs) last night. To recover the OU, you restore the System State Data on a randomly selected DC. Although the OU briefly appears in Active Directory Users and Computers, it soon disappears. Why did this happen, and what should you do to permanently recover the OU?

  1. You didn't restore the System State Data from the DC holding the Operations Master role of PDC Emulator. Perform a System State Data restore on the PDC Emulator.
  2. You weren't logged on as a member of the Enterprise Administrators group when you tried to restore the System State Data. Log on as a member of the Enterprise Administrators group and perform the restore.
  3. You didn't do an authoritative restore. Restore the System State Data, and specify an authoritative restore using the ntdsutil.exe.
  4. You tried to do a restore within a time period that was less than the Tombstone Interval of the deleted objects. Manually change the length of the Tombstone Interval from the default of 60 days to 1 day and repeat the System State Data restore.

Question 3
You want all of the users in the Finance department to have Microsoft Excel on their computers. All members of the Finance department reside in an organizational unit (OU) named Finance, and all use Windows 2000 Professional as their client OS.

You decide to use Group Policies to publish Excel to the Finance OU. When the system prompts you, you enter \\server1\excel as the path to an .msi file that will install and configure Excel on the users' desktops. The next morning, the users log on to their computers but Excel doesn't appear in their Programs menu. What is the best explanation for this behavior?

  1. You attempted to push the application to an OU rather than to a group. In Win2K, you can apply Group Policies only to users, groups, and computers.
  2. You published the application rather than assigning the application. By design, published applications don't appear in the Programs menu but rather can be installed through the Control Panel or through document invocation.
  3. You specified a network location as the location of the .msi file for Excel. For Group Policies to function properly, you must specify a location on the local hard disk of the server that contains the .msi file.
  4. You haven't given the Finance users the necessary permissions to install applications on their computers. When you use an .msi file to install an application, the application installs in the security context of the currently logged on user. If a user doesn't have permissions to install an application, the application won't appear in his or her Programs menu.

Answers (July 6, 2001)

Answer to Question 1
The correct answers are C—In the Control Panel System Properties applet, select the Hardware tab, click Driver Signing, and select Block; and E—Log on as a member of the Administrators group, access Driver Signing, and click "Apply setting as system default."

To prevent the future installation of unsigned drivers, perform the following steps:

  1. Open the Control Panel System applet.
  2. Select the Hardware tab, then click Driver Signing.
  3. Under File signature verification, select "Block" to prevent an installation program from installing device drivers without a digital signature.

If you log on as an administrator or as a member of the Administrators group, you can click "Apply setting as system default" to apply the selected setting as the default for all users who log on to the computer.

System File Checker (sfc.exe) is a command-line utility that scans and verifies the versions of all protected system files after you restart your computer.

Answer to Question 2
The correct answer is C—You didn't do an authoritative restore. Restore the System State Data, and specify an authoritative restore using the ntdsutil.exe.

In a backup, distributed services such as the Active Directory (AD) directory service are contained in a collection known as the System State Data. When you back up the System State Data on a domain controller (DC), you back up all AD data that exists on that server (along with other system components such as the SYSVOL directory and the registry). To restore these distributed services to that server, you must restore the System State Data.

However, if you have more than one DC in your organization and your AD replicates to any of these other servers, you need to perform what is called an "authoritative restore" to ensure that your restored data replicates to all of your servers.

To authoritatively restore AD data, you need to run the command-line utility ntdsutil.exe after you restore the System State Data but before you restart the server. ntdsutil.exe lets you mark AD objects for authoritative restore. When you mark an object for authoritative restore, the system changes the object's update sequence number so that it's higher than any other update sequence number in the AD replication system, thus ensuring that any replicated or distributed data that you restore properly replicates or distributes throughout your organization.

Answer to Question 3
The correct answer is B—You published the application rather than assigning the application. By design, published applications don't appear in the Programs menu but rather can be installed through the Control Panel or through document invocation.

With Windows 2000's new Software Installation and Maintenance capability, you can either assign or publish an application to a user. If you assign an application to a user, the application is advertised on the user's computer in the Programs menu. The application isn't actually installed on the computer until the user attempts to run the application.

If you publish an application, the application won't be advertised on the user's desktop. You invoke the installation of a published application with the Control Panel Add/Remove Programs applet or by clicking on a file whose file extension is associated with the application.