QUESTION 1
You work as the network administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers on the Certkingdom.com network run Windows Server 2008.
Only one Active-Directory integrated zone has been configured in the Certkingdom.com domain. Certkingdom.com
has requested that you configure DNS zone to automatically remove DNS records that are
outdated.
What action should you consider?
A. You should consider running the netsh /Reset DNS command from the Command prompt.
B. You should consider enabling Scavenging in the DNS zone properties page.
C. You should consider reducing the TTL of the SOA record in the DNS zone properties page.
D. You should consider disabling updates in the DNS zone properties page.
Answer: B
Explanation: In the scenario you should enable scavenging through the zone properties because
scavenging removes the outdated DNS records from the DNS zone automatically. You should
additionally note that patience would be required when enabling scavenging as there are some
safety valves built into scavenging which takes long to pop.
Reference: https://www.gilham.org/Blog/Lists/Posts/Post.aspx?List=aab85845-88d2-4091-8088-
a6bbce0a4304&ID=211
QUESTION 2
You work as the network administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers on the Certkingdom.com network run Windows Server 2008.
The Certkingdom.com network has a server named Certkingdom-SR15. You install the Active Directory
Lightweight Directory Services (AD LDS) on Certkingdom-SR15.
Which of the following options can be used for the creation of new Organizational Units (OU’s) in
the application directory partition of the AD LDS?
A. You should run the net start command on Certkingdom-SR15.
B. You should open the ADSI Edit Microsoft Management Console on Certkingdom-SR15.
C. You should run the repadmin /dsaguid command on Certkingdom-SR15.
D. You should open the Active Directory Users and Computers Console on Certkingdom-SR15.
Answer: B
Explanation: You need to use the ADSI Edit snap-in to create new OUs in the AD LDS
application directory partition. You also need to add the snap-in in the Microsoft Management
Console (MMC).
Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com
QUESTION 3
You work as the network administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers on the Certkingdom.com network run Windows Server 2008.
The Certkingdom.com network has two domain controllers Certkingdom-DC01 and Certkingdom-DC02. Certkingdom-DC01 suffers
a catastrophic failure but it is causing problems because it was configured to have Schema Master
Operations role. You log on to the Certkingdom.com domain as a domain administrator but your attempts
to transfer the Schema Master Operations role to Certkingdom-DC02 are unsuccessful.
What action should you take to transfer the Schema Master Operations role to Certkingdom-DC02?
A. Your best option would be to have the dcpromo /adv command executed on Certkingdom-DC02.
B. Your best option would be to have the Schema Master role seized to Certkingdom-DC02.
C. Your best option would be to have Schmmgmt.dll registered on Certkingdom-DC02.
D. Your best option would be to add your user account to the Schema Administrators group.
Answer: B
Explanation: To ensure that Certkingdom-DC02 holds the Schema Master role you need to seize the
Schema Master role on Certkingdom-DC02. Seizing the schema master role is a drastic step that should
be considered only if the current operations master will never be available again. So to transfer the
schema master operations role, you have to seize it on Certkingdom-DC02.
Reference: https://technet2.microsoft.com/windowsserver/en/library/d4301a14-dd18-4b3c-a3ccec9a773f7ffb1033.
mspx?mfr=true
QUESTION 4
You work as the network administrator at Certkingdom.com. The Certkingdom.com network has a single forest.
The forest functional level is set at Windows Server 2008.
The Certkingdom.com network has a Microsoft SQL Server 2005 database server named Certkingdom-DB04 that
hosts the Active Directory Rights Management Service (AD RMS).
You try to access the Active Directory Rights Management Services administration website but
received an error message stating:
“SQL Server does not exist or access is denied.”
How can you access the AD RMS administration website?
A. You need to restart the Internet Information Server (IIS) service and the MSSQLSVC service on
Certkingdom-DB04.
B. You need to install the Active Directory Lightweight Directory Services (AD LDS) on Certkingdom-DB04.
C. You need to reinstall the AD RMS instance on Certkingdom-DB04.
D. You need to reinstall the SQL Server 2005 instance on Certkingdom-DB04.
E. You need to run the DCPRO command on Certkingdom-SR04
Answer: A
Explanation: You need to restart the internet information server (IIS) to correct the problem. The
starting of the MSSQULSVC service will allow you to access the database from AD RMS
administration website.
QUESTION 5
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. The Certkingdom.com network has a Windows Server 2008 computer named Certkingdom-SR03 that
functions as an Enterprise Root certificate authority (CA).
A new Certkingdom.com security policy requires that revoked certificate information should be available for
examination at all times.
What action should you take adhere to the new policy?
A. This can be accomplished by having a list of trusted certificate authorities published to the
Certkingdom.com domain.
B. This can be accomplished by having the Online Certificate Status Protocol (OCSP) responder
implemented.
C. This can be accomplished by having the OCSP Response Signing certificate imported.
D. This can be accomplished by having the Startup Type of the Certificate Propagation service set
to Automatic.
E. This can be accomplished by having the computer account of Certkingdom-SR03 added to the
CkDCertificates group.
Answer: B
Explanation: You should use the network load balancing and publish an OCSP responder. This
will ensure that the revoked certificate information will be available at all times. You do not need to
download the entire CRL to check for revocation of a certificate; the OCSP is an online responder
that can receive a request to check for revocation of a certificate. This will also speed up certificate
revocation checking as well as reducing network bandwidth tremendously.