win310 ebook
1 Page

win310 ebook

Course Number: COMPUTER win310, Fall 2010

College/University: Seneca

Word Count: 12444

Rating:

Document Preview

CHAPTER ANSWERS CHAPTER IMPLEMENTING, MANAGING, AND MAINTAINING A MICROSOFT WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE 2 TEXTBOOK CHAPTER 1 ANSWERS: IMPLEMENTING DHCP CHAPTER 1 IMPLEMENTING DHCP CHAPTER REVIEW QUESTIONS 1. Under what circumstances should network administrators use DHCP? ANSWER Network administrators should use DHCP in situations in which manually configuring each host on a network becomes...

Unformatted Document Excerpt
Coursehero >> Canada >> Seneca >> COMPUTER win310

Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.

Course Hero has millions of student submitted documents similar to the one below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.

ANSWERS CHAPTER CHAPTER IMPLEMENTING, MANAGING, AND MAINTAINING A MICROSOFT WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE 2 TEXTBOOK CHAPTER 1 ANSWERS: IMPLEMENTING DHCP CHAPTER 1 IMPLEMENTING DHCP CHAPTER REVIEW QUESTIONS 1. Under what circumstances should network administrators use DHCP? ANSWER Network administrators should use DHCP in situations in which manually configuring each host on a network becomes inefficient. As the number of hosts on a network grows, and as the number of configuration options for each host also grows, so does the need for and benefit of using DHCP. 2. Place the following DHCP message types in the order in which a successful initial IP address assignment procedure uses them. a. DHCPACK b. DHCPOFFER c. DHCPREQUEST d. DHCPDISCOVER ANSWER d, b, c, a. The client broadcasts a DHCPDISCOVER message to find the DHCP server, the server responds with a DHCPOFFER message, the client accepts the offer with a DHCPREQUEST message, and the server confirms by sending a DHCPACK message. 3. How does a DHCP client respond when its attempt to renew its IP address lease fails and the lease expires? ANSWER The IP address is released and the client begins the process of acquiring a new lease. 4. You have configured a scope with an address range of 192.168.0.11 through 192.168.0.254. However, your DNS server on the same subnet has already been assigned a static address of 192.168.0.200. With the least administrative effort, how can you allow for compatibility between the DNS servers address and DHCP service on the subnet? ANSWER By configuring an exclusion for the address 192.168.0.200, you can most easily allow for compatibility between the DNS server and the currently configured DHCP scope. 5. Within your only subnet, you want 10 specific DHCP clients (out of 150 total on the network) to use a test DNS server that is not assigned to any other computers through DHCP. How can you best achieve this objective? ANSWER The best way to achieve this objective is to create a new user class, configure a 006 DNS Servers option for the class that specifies the IP address of the test DNS server, and then set the class of the 10 DHCP clients by running the Ipconfig /setclassid command. TEXTBOOK CHAPTER 1 ANSWERS: IMPLEMENTING DHCP 3 CHAPTER CASE SCENARIOS Case Scenario 1-1: Obtaining an IP Address Last month, a server was configured for DHCP and was functioning normally. Five days ago, a test server on the same network segment was promoted to be the first domain controller on the network. Today several users on the same subnet as the original DHCP server have complained that they are unable to obtain an IP address using DHCP. What is the most likely reason users are unable to obtain an IP address? a. The users IP address leases have expired. b. A DHCP relay agent is missing or incorrectly configured. c. There are duplicate IP addresses on the network. d. The DHCP server must be authorized and is not. ANSWER d. Because Active Directory was introduced onto the network, the DHCP servers must now be authorized. Expired IP address leases trigger the acquisition of a new address and do not, by themselves, prevent a computer from obtaining a new address. A missing DHCP relay agent would cause clients on remote subnets not to obtain new addresses; however, the clients that have complained about not receiving an address are not using a DHCP relay agent. Although a duplicate IP address would prevent network communication, it does not prevent a computer from obtaining a new IP address from the DHCP server. Case Scenario 1-2: Maximizing Lease Availability You are configuring DHCP scope options for Contoso, Ltd. The company has a limited number of IP addresses available for clients, and it wants to configure DHCP to maximize lease availability. Choose all of the following actions that will accomplish this objective: a. Set long lease durations for IP addresses. b. Set short lease durations for IP addresses. c. Configure a DHCP option to automatically release an IP address when the computer shuts down. d. Create DHCP reservations for all portable computers. ANSWER b, c. A is incorrect because setting long lease durations means that clients that no longer need leases may still hold them. IP addresses not in use will not be reclaimed unless the computer is configured to release the IP address lease at shutdown, manually releases the lease, or the lease period expires. A long lease period will ultimately result in fewer available addresses. B is correct because setting short lease durations enables faster recovery of IP addresses and results in a greater number of available addresses. C is correct because configuring a client to release an address on shutdown results in more available IP addresses. D is incorrect because creating DHCP reservations does not increase the available addresses, but in fact will decrease them. 4 TEXTBOOK CHAPTER 2 ANSWERS: MANAGING AND MONITORING DHCP CHAPTER 2 MANAGING AND MONITORING DHCP CHAPTER REVIEW QUESTIONS 1. You have a Windows NT 4 client for which you want to enable dynamic updates. You want the DHCP server to automatically update both the A record and PTR record. Which action will accomplish this? a. Take no action. Updating of the A record and PTR record happens automatically by default. b. In the DNS tab of the DHCP server properties dialog box, select Dynamically Update DNS A And PTR Records For DHCP Clients That Do Not Request Updates. c. In the DNS tab of the DHCP server properties dialog box, select Always Dynamically Update DNS A And PTR Records. d. Register the client as a dynamic host with the DHCP server. ANSWER b. Because preWindows 2000 clients can neither directly update their records nor request the DHCP server to update their records, you must select Update DNS A And PTR Records For DHCP Clients That Do Not Request Updates. 2. You have not modified the default settings for DNS on the DHCP client or server. Which of the following client record or records will the DHCP server update in DNS? (Assume the clients are running Windows XP.) a. The PTR resource record b. The A resource record c. Both the PTR and A resource records d. Neither the PTR nor the A resource record ANSWER a. By default, the DHCP server updates only the PTR record for DHCP clients running Windows 2000 and later. You can configure the DHCP server to update Windows 2000 and later clients, as well as preWindows 2000 DHCP clients. TEXTBOOK CHAPTER 2 ANSWERS: MANAGING AND MONITORING DHCP 5 3. For a zone in which only secure dynamic updates are allowed, you have configured your DHCP server to perform dynamic updates on behalf of Windows NT 4 clients. Other dynamic DNS settings on the DHCP server have the default settings. After you migrate the clients to Windows XP, you find that their A resource records are no longer being updated. What is the most likely explanation for this problem? ANSWER The DHCP server is not a member of the DnsUpdateProxy security group. 4. True or False: If a DNS zone accepts only secure dynamic updates and the DHCP server is a member of the DnsUpdateProxy security group, the resource records created by the Netlogon service for the domain controller lack security? Explain your answer. ANSWER True. Being a member of the DnsUpdateProxy security group enables servers to update records without taking ownership of records and without requiring credentials for update. Although this enables multiple entities to update the same record, it also poses a security risk. 5. Automatic and manual backups of the DHCP database are successfully performed. You want to restore the following: all of the scopes, reservations, leases, options, and security credentials. What should you do? a. Restore from the automatic backup. b. Restore from the manual backup. c. Restore from an offline backup. d. Restore from the automatic or manual backup, and reconfigure security credentials manually. ANSWER d. Regardless of how you back up and restore a DHCP database, you must reconfigure security credentials manually. 6 TEXTBOOK CHAPTER 2 ANSWERS: MANAGING AND MONITORING DHCP 6. You just completed a restoration of the DHCP database. You start the DHCP console to verify a successful restoration. You notice the scope and options are displayed, but active leases are not. What should you do to repopulate the active leases? a. The restoration failed. Perform the restoration again. b. The restoration failed because the backup was corrupt. Locate a valid backup and use it to restore the DHCP database. c. Using the DHCP console, perform reconciliation. d. Delete the Tmp.mdb file, and restart the DHCP service. ANSWER c. Because the scope and options are displayed, it is unlikely that the restoration failed or that the backup was corrupt. Performing reconciliation will repopulate the active lease information from the registry into the DHCP database. Deleting the Tmp.mdb file has no effect on restoring the active leases. 7. You are monitoring a DHCP server and you want to save the audit log that was created last Tuesday. Today is Monday. What should you do? a. Do nothing; the DHCP server automatically saves the log after writing to it. b. Remove the log file from the directory. c. Change the location of the log files. d. On Wednesday, stop and start the DHCP Server service. ANSWER b. To prevent the log file from being overwritten, remove it from the designated log file directory. Although it is true that the DHCP server saves the file after writing to it, if you do nothing, it will overwrite the file by default. Changing the location of the log files will prevent you from overwriting the file, but changing the location each time you want to prevent a file from being overwritten is not efficient. You can prevent overwriting of the file by starting and stopping the DHCP Server service. 8. You want to determine how many IP addresses are available for lease across all scopes. What tool should you use for this? a. System Event Log b. DHCP scope statistics c. DHCP server statistics d. DHCP audit log ANSWER c. Only the DHCP server statistics window shows you the addresses available across different scopes. TEXTBOOK CHAPTER 2 ANSWERS: MANAGING AND MONITORING DHCP 7 CHAPTER CASE SCENARIOS Case Scenario 2-1: Monitoring DHCP Requests You have been monitoring DHCP server activity by using System Monitor. You have been viewing the Discovers/sec counter. You observe a sudden increase in the number of DHCP requests. Which of the following statements could explain the sudden increase? a. A large number of clients are initializing simultaneously and attempting to locate a DHCP server. b. A large number of clients are shutting down simultaneously and releasing their IP address leases. c. Scope leases are too short, forcing an increase in DHCPNACK messages. d. Two new DHCP servers have been initialized on the network and are querying the directory service for the enterprise root. ANSWER a. Clients send these messages when they log on to the network and obtain a new address lease. When clients shut down, they do not send DHCPDISCOVER messages. If the scope lease is too short, leases expire quickly. In this scenario, clients send DHCPREQUEST messages, not DHCPNACK messages. When a DHCP server queries the directory service, it sends DHCPINFORM messages, not DHCPDISCOVER messages. Case Scenario 2-2: Monitoring DHCP Network Traffic Recently, users have complained that the network is slow at different periods throughout the week. You suspect heavy DHCP traffic is a contributing cause. When DHCP traffic is heavier than normal, you want notification of it. How can you accomplish this? ANSWER To determine what is normal, you must first create a performance baseline for comparison to current conditions. After you have created a performance baseline, determine a threshold for notification (for example, a 50 percent to 100 percent increase in traffic), and then set an alert to notify you. 8 TEXTBOOK CHAPTER 3 ANSWERS: IMPLEMENTING NAME RESOLUTION USING DNS CHAPTER 3 IMPLEMENTING NAME RESOLUTION USING DNS CHAPTER REVIEW QUESTIONS 1. Describe the process by which secondary servers determine whether a zone transfer should be initiated. ANSWER The secondary server conducts an SOA query, in which the serial number value in the primary zones SOA resource record is compared to the serial number value in the secondary servers own version of the zone database. If the secondary server determines that the master zone has a higher serial number, a transfer is initiated. 2. What is the difference between an IXFR query and an AXFR query? ANSWER IXFR queries initiate an incremental zone transfer. In these transfers, only the updated information is transferred across the network. AXFR queries initiate an all-zone transfer. In these transfers, the complete zone database is transferred across the network. 3. You discover that an administrator has adjusted the default TTL value for your companys primary DNS zone to 5 minutes. Which of the following is the most likely effect of this change? a. Primary servers initiate a zone transfer every 5 minutes. b. DNS clients have to query the server more frequently to resolve names for which the server is authoritative. c. Secondary servers initiate a zone transfer every 5 minutes. d. DNS hosts reregister their records more frequently. ANSWER d. Smaller TTL values help ensure that information about the domain is more consistent across the DNS databases, especially in environments in which the data changes frequently, but because records expire more quickly, clients must query the server more frequently. This also increases the load on the name servers that contain the name, and it also increases Internet traffic. Answer a is not correct because the TTL does not dictate the frequency of zone transfers. Answer b is not correct because the TTL does not dictate the frequency of zone transfers. Answer c is not correct because changing the TTL has no impact on how frequently DNS hosts register their records. TEXTBOOK CHAPTER 3 ANSWERS: IMPLEMENTING NAME RESOLUTION USING DNS 9 4. Relative to file-backed zones, storing DNS zones in Active Directory results in which of the following? a. Less frequent transfer of information b. Increased need for administration c. Less saturation of network bandwidth d. Ability to perform secure dynamic updates ANSWER a. Using Active Directoryintegrated zones, or storing zones in Active Directory, means less administration and more efficient replication, which results in lower bandwidth utilization and access control to records resulting in secure dynamic updates. Answer b is not correct because storing zones in Active Directory requires less need for administration. Answer c is not correct because storing zones in Active Directory enables transfers to take advantage of the more efficient replication process provided by Active Directory. Answer d is not correct because Active Directory provides the capability for secure dynamic updates. 5. You want to consolidate DNS traffic between your network and the Internet. How could you use a forwarder to accomplish this? ANSWER One possible answer is to configure the firewall used by your network to allow only one DNS server to communicate with the Internet. Configure the other DNS servers to forward queries they cannot resolve locally to the Internet-facing DNS server. The Internet-facing DNS server acts as a forwarder to the other servers. 6. What are some reasons a source server might respond with an AXFR to an IXFR request? ANSWER The primary server for a zone is not required to perform an incremental zone transfer. It can choose to perform a full zone transfer if the primary DNS server does not support incremental zone transfers, if the primary DNS server does not have all the necessary data for performing an incremental zone transfer, or if an incremental zone transfer would consume more network bandwidth than a full zone transfer. 7. True or False: A primary server always initiates a zone transfer? ANSWER False. A secondary server always initiates a zone transfer. 10 TEXTBOOK CHAPTER 3 ANSWERS: IMPLEMENTING NAME RESOLUTION USING DNS CHAPTER CASE SCENARIOS Case Scenario 3-1: Minimizing DNS Traffic and Administration Contoso, Ltd., has a branch office connected to corporate headquarters with a slow WAN link. The company wants to minimize the amount of traffic generated by the local DNS server on this link and minimize DNS administration in the branch office. How would you configure the DNS server to meet these requirements? a. Disable round-robin and netmask ordering. b. Reduce the refresh interval in the SOA resource record for the primary zone. c. Do not configure any forward or reverse zones, but configure the server to use a forwarder. d. Configure the forward lookup zone with a WINS lookup record, and decrease the cache time-out value. ANSWER c. This will make the server a caching-only server, which will eliminate zone transfer network traffic. Answer a is incorrect because disabling round-robin and netmask ordering changes how addresses are returned to clients, but does nothing to lower administration or use of bandwidth. Answer b is incorrect because reducing the refresh interval will likely consume more, not less, bandwidth. Answer d is incorrect because the DNS server will still create network traffic to use WINS records. Decreasing the cache time-out value increases the number of lookups and consequently the amount of network traffic. TEXTBOOK CHAPTER 3 ANSWERS: IMPLEMENTING NAME RESOLUTION USING DNS 11 Case Scenario 3-2: Troubleshooting Access to External Resources You are the network administrator for Contoso, Ltd. Users are complaining that they cannot access resources external to the local network. You eliminate connectivity issues to the DNS server and narrow the problem to name resolution. Using Ping.exe, you are able to successfully resolve local hosts but cannot resolve names external to the local network. Which of the following is the most likely cause of this issue? Choose the correct Register to View AnswerThe local DNS server is not authoritative for the Internet DNS domains. b. Iterative queries are disabled on the DNS servers. c. Recursive queries are disabled on the DNS servers. d. DNS root hints are missing or incorrectly configured. ANSWER d. Root hints are DNS resource records stored on a DNS server that list the IP addresses for the DNS root servers on the Internet. If the DNS root hints are missing or incorrectly configured, the DNS server will not be able to forward requests for the queried Internet domain. Answer a is incorrect. The local DNS server is authoritative for only the organizations DNS domain. Internet DNS servers are authoritative for all first-level DNS domains. Answer b is incorrect because you cannot disable iterative queries on the DNS server. Answer c is incorrect. If recursive queries are disabled on the DNS server, the DNS server would send DNS referrals back to the client. The client would still be able to connect to Internet resources. 12 TEXTBOOK CHAPTER 4 ANSWERS: MANAGING AND MONITORING DNS CHAPTER 4 MANAGING AND MONITORING DNS CHAPTER REVIEW QUESTIONS 1. What is the function of round robin in DNS? ANSWER Round robin rotates the order of matching resource records in the response list returned to DNS clients. Each successive DNS client that queries for a multihomed name gets a different resource record at the top of the list. 2. Which feature takes priorityround robin or netmask ordering? ANSWER Round robin is secondary to subnet prioritization. When the Enable Netmask Ordering check box is also selected, round robin is used as a secondary means to order returned resource records for multihomed computers. 3. Which of the following are valid reasons to monitor the TTL settings on your DNS servers? Choose all that apply. a. Query traffic increases as DNS clients request information that has expired from their cache. b. DNS clients may be caching outdated records. c. DNS clients may not be able to resolve host names. d. Query traffic decreases as DNS clients request information that has expired from their cache. ANSWER a and b. Answer c is incorrect because TTL has no effect on whether clients are able to resolve host names. Answer d is incorrect because traffic increases, not decreases. 4. What type of test query can be run from the Monitoring tab of the DNS server properties page? a. Recursive query b. Simple query c. Verbose query d. Interval query ANSWER a and b. TEXTBOOK CHAPTER 4 ANSWERS: MANAGING AND MONITORING DNS 13 5. Which of the following approaches provides the best early warning of a DNS service failure? a. Create an alert based on the standard performance counters, and set the threshold to notify you if the counters exceed 95 percent of the recommended threshold. b. Create an alert based on the counters that you decide are appropriate indicators of a failure, and set the threshold to notify you when it is 10 percent below the baseline. c. Create an alert based on the standard counters, and set the threshold to notify you if the counters exceed 75 percent of the recommended threshold. d. Create an alert based on the counters that you decide are appropriate indicators of a failure, and set the threshold to notify you when it is 10 percent above the baseline. ANSWER d. Answers a and c are incorrect because standard counters should be customized for your organizations specific conditions. Answer b is incorrect because when the threshold is at or slightly below the baseline, conditions are normal, not problematic. 6. You are a systems administrator for Contoso, Ltd. Contoso is planning its DNS zones, and you have been asked to recommend the best way to configure the zones on the companys Microsoft Windows Server 2003 computers. You recommend using Active Directoryintegrated zones. Why do you recommend this configuration? Choose all answers that apply. a. DNS data is replicated with Active Directory. b. You can configure secure dynamic updates. c. The DNS load will be shared because the other domain controllers will become secondary DNS servers. d. You can configure a replication scope. ANSWER a, b, and d. However, the additional DNS servers will not become secondary DNS servers but masters that can both read and write DNS data. 14 TEXTBOOK CHAPTER 4 ANSWERS: MANAGING AND MONITORING DNS 7. You are the administrator for Contoso, Ltd., and have updated the IP address for a host by using the DNS console. Assuming it exists, which of the following types of resource records is associated with the host record and must also be updated? a. A resource record b. MX resource record c. NS resource record d. PTR resource record e. SOA resource record f. SRV resource record ANSWER d. A PTR record is associated with an address (A) resource record. It maps an IP address to a host name. If the associated host name changes, so must the PTR record. Answer a is incorrect because it is the record being updated. Answer b is incorrect because a mail exchanger (MX) record specifies a mail server for the domain and it may not be required to change if an A resource record changes. Answer c is incorrect because an NS record specifies the server responsible for the zone. Answer e is incorrect because it specifies the start of authority and is not impacted by a change in a host record. Answer f is incorrect because an SRV record specifies a server providing a specific service and is not necessarily associated with a host record. 8. A client computer on the internal network of Contoso, Ltd., is unable to connect to a file server. You verify the file server is running and are able to connect to it using another client computer on the same subnet. You suspect the client computer that cannot connect has outdated information in its local cache. Which of the following actions would fix the issue? a. At the client computer, run the Ipconfig /flushdns command. b. At the file server, run the Ipconfig /flushdns command. c. At the file server, run Nslookup. d. At the file server, stop and start the DNS Client service. ANSWER a. Running the Ipconfig /flushdns command clears the client cache. Answer b is incorrect because although running Ipconfig /flushdns clears the cache on the file server, it does not solve the problem on the client. Answer c is incorrect because running Nslookup on the server does not remove the outdated information on the client. Answer d is incorrect because stopping and starting the DNS Client service on the server does not remove outdated information on the client. TEXTBOOK CHAPTER 4 ANSWERS: MANAGING AND MONITORING DNS 15 CHAPTER CASE SCENARIOS Case Scenario 4-1: Enabling Network Users to Connect to Internet Host Names You are the network administrator for Contoso, Ltd. The Contoso network consists of a single domain, contoso.com, which is protected from the Internet by a firewall. The firewall runs on a computer named NS1 that is directly connected to the Internet. NS1 also runs the DNS Server service, and its firewall allows DNS traffic to pass between the Internet and the DNS Server service on NS1 but not between the Internet and the internal network. The DNS Server service on NS1 is configured to use round robin. Behind the firewall, two computers are running Windows Server 2003NS2 and NS3, which host a primary and secondary DNS server, respectively, for the contoso.com zone. Users on the company network report that, although they use host names to connect to computers on the local private network, they cannot use host names to connect to Internet destinations, such as www.microsoft.com. Which of the following actions requires the least amount of administrative effort to enable network users to connect to Internet host names? a. Disable recursion on NS2 and NS3. b. Enable netmask ordering on NS1. c. Configure NS2 and NS3 to use NS1 as a forwarder. d. Disable round robin on NS1. ANSWER c. Disabling recursion will force NS2 and NS3 to use iterative queries, but will not enable them to resolve external names. Enabling netmask ordering will provide results in the most efficient order for clients, but does not enable internal clients to resolve external addresses. Configuring NS2 and NS3 to use NS1 as a forwarder will result in successful name resolution for internal clients. Disabling round robin will prevent any possible load balancing, but does not enable internal clients to resolve external host names. 16 TEXTBOOK CHAPTER 4 ANSWERS: MANAGING AND MONITORING DNS Case Scenario 4-2: Implementing DNS Updates You are the system administrator for Contoso, Ltd. The company has grown rapidly over the past year, and currently Contoso is using only a single DNS zone. Recently, the Marketing department has made several requests for DNS changes that were delayed. Users would like the ability to make their own DNS updates. What should you do to try to address this problem? a. Create a secondary server in the Marketing department so that users can manage their own zone. b. Delegate the marketing domain to a DNS server in the Marketing department. c. Place a domain controller running DNS in the Marketing department so that people in the department can make changes. d. Upgrade the network infrastructure to improve network performance. ANSWER b. The marketing domain would reside on a computer in the Marketing department where marketing personnel could administer the zone themselves and make changes as necessary. TEXTBOOK CHAPTER 5 ANSWERS: NETWORK SECURITY 17 CHAPTER 5 NETWORK SECURITY CHAPTER EXERCISE Exercise 5-5: Using the Security Configuration And Analysis Snap-In Analyzing System Security 7. In the details pane, review the policies that were analyzed. They display the result of a comparison between actual settings and the database setting. QUESTION List some of the configuration settings that are the same in the database and on the computer. ANSWER Any setting that is labeled with a green check mark is the same in the database as it is on the computer. QUESTION List some of the configuration settings that are different in the database than on the computer. ANSWER Any setting that is labeled with a red X or exclamation point. Policies labeled with a red X do not match. Policies labeled with an exclamation point exist in the database, but not on the computer. CHAPTER REVIEW QUESTIONS 1. Which of the following are user rights? a. Allow log on locally b. Access a share with full control c. Open a database file d. Back up files and directories ANSWER a and d. Answers b and c are incorrect because they are permissions. 18 TEXTBOOK CHAPTER 5 ANSWERS: NETWORK SECURITY 2. An administrator temporarily grants a user rights to log on locally to a domain controller by applying a policy to the domain GPO. The administrator does not add the user to other groups. When the user attempts to log on, Windows Server 2003 displays the following error: User does not have the right to log on interactively. What is the most likely cause of the problem? ANSWER The administrator applied the policy to the domain GPO. By default, the policy setting at the domain controllers OU does not allow users to log on locally to the domain controller, and it overrides the domain-level policy settings. 3. You are the system administrator responsible for creating, configuring, and managing GPOs for your organization. The systems engineers present you with a plan, and you must determine whether you can use a default template. Which of the following default Group Policy templates provides the highest default security for clients? a. Rootsec b. Hisecws c. Securews d. Compatws ANSWER b. Hisecws is the template used for the highest level of security. 4. You are responsible for creating, configuring, and managing GPOs for your organization. You must determine which settings on the domain controller do not match the security policies that were applied using a specific template. Which of the following tools can you use to determine this? a. Domain Security Policy b. Security Configuration And Analysis snap-in c. Group Policy Management d. Active Directory Users And Computers ANSWER b. The Security Configuration And Analysis snap-in can evaluate security policy against current settings on a computer. The other tools cannot evaluate security policy against settings; therefore, answers a, c, and d are incorrect. TEXTBOOK CHAPTER 5 ANSWERS: NETWORK SECURITY 19 5. You are the system administrator responsible for creating, configuring, and managing GPOs for your organization. Before you can determine which Group Policy settings you should apply to each GPO, you must determine which types of Group Policy settings you can configure. Which of the following types of Group Policy settings can you configure in an Active Directory environment? Choose all that apply. a. Desktop settings b. Network connections c. Location of computers d. Inventory-installed software e. Who can log on to a computer and when ANSWER a, b, and e. Answers c and d are incorrect because you cannot configure the location of computers and inventory-installed software with Group Policy. CHAPTER CASE SCENARIOS Case Scenario 5-1: Folder Redirection You are the system administrator for Contoso, Ltd., and you want to centrally store users data using folder redirection. Specifically, you want to configure folder redirection of the My Documents folder to each users existing home directory. Users should have exclusive access to their My Documents data. How will you accomplish your objectives? Choose two answers. a. Configure a GPO to set the Folder Redirection policy to redirect to the users home directory setting, and link it to the appropriate OU. b. Configure a GPO to set the Grant The User Exclusive Rights To My Documents setting to Disabled, and link it to the appropriate OU. c. Configure a GPO to set the Folder Redirection policy to redirect special OU units. d. Configure a GPO to set the Grant The User Exclusive Rights To My Documents setting to Enabled, and link it to the appropriate OU. ANSWER c and d. Redirecting special folders to a specific path satisfies the requirements. You must enable the Grant Exclusive Right To My Documents setting to satisfy your requirements. Answer a is incorrect. Here, you redirect the My Documents folder, not the home directory. Answer b is incorrect. You want to providenot disableexclusive access to the My Documents folder. 20 TEXTBOOK CHAPTER 5 ANSWERS: NETWORK SECURITY Case Scenario 5-2: Auditing Someone notifies you that users are having a difficult time accessing shared resources on two of the organizations file servers. You decide to review the audit logs for these servers to determine the cause of the issues. When you review the event logs, you discover that the log contains only data from the previous 12 hours. What might be responsible for the lack of data? Choose all that apply. a. The maximum size of the event log is too small. b. You audited too many events. c. The Overwrite Events Older Than [x] Days setting is set to 1 day. d. Another administrator manually cleared the event logs. e. The relevant events are logged to domain controllers, not member servers. ANSWER a, c, and d. Answer a is correct because when the maximum size of the event log is too small, events that help you determine the problem can be overwritten.Answer c is correct because it allows events to be overwritten every 24 hours, which might not allow enough log activity time. Answer d is correct because the events might have been cleared when another administrator tried to isolate a different issue. Answer b is incorrect because you cannot determine how much log activity the audit objects will produce. It is possible to audit many events that produce little log activity; or, conversely, you can audit only a few objects that produce extremely heavy log activity. Answer e is incorrect because events are logged locally to the servers that are performing the actions. TEXTBOOK CHAPTER 6 ANSWERS: SECURING NETWORK TRAFFIC WITH IPSEC 21 CHAPTER 6 SECURING NETWORK TRAFFIC WITH IPSEC CHAPTER REVIEW QUESTIONS 1. Which of the following most accurately describes the functionality of the Client (Respond Only) default policy rule? a. The client will respond only to requests secured by IPSec. b. The client will respond to unsecured requests, but will respond by using IPSec. c. The client will respond to unsecured requests with an unsecured response, but will respond to secure requests with a secure response. d. The client will respond to a server only if it can perform a reverse lookup on the IP address of the server. ANSWER a. The client responds by using IPSec to secure the response if this is requested. Answers b and c are incorrect because the client will not respond to unsecured requests. Answer d is incorrect because the client does not distinguish between the types of computers making the request and because a reverse lookup is not required. 2. Fabrikam, Inc., recently joined two servers to its Active Directory domain. After joining the servers to the domain, the company no longer is able to communicate on the network. You suspect that applying the IPSec policies caused the problem. Which tool would you use to determine whether your suspicion is correct? a. Network Monitor b. The security log in Event Viewer c. Resultant Set of Policies (RSoP) d. IP Security Monitor ANSWER c. RSoP allows you to examine the Group Policy settings that are applied to the computers. Because the computers have recently joined the domain, it is possible that new Group Policy settings apply to the computers. Answer a is incorrect. Although Network Monitor provides detailed information about network activity, you cannot use it to investigate the application of a Group Policy. Answer b is incorrect. Although the event log provides information about the application of policies, it is not an effective tool with which to determine the active policies for a particular computer. Answer d is incorrect. IP Security Monitor displays current IPSec activity and statistics, but it does not indicate which policies are applied to a particular computer. 22 TEXTBOOK CHAPTER 6 ANSWERS: SECURING NETWORK TRAFFIC WITH IPSEC 3. You wish to determine whether a quick mode association is currently in place. Which of the following tools can you use to make that determination? a. RSoP b. Event Viewer c. Oakley log file d. IP Security Monitor ANSWER d. Use the IP Security Monitor to determine which security associations (SAs) exist. Because IP Security Monitor provides real-time quick mode association statistics, you can determine whether the association has been made. Answer a is incorrect. RSoP enables you to verify policies in effect for a given user or computer, but it does not indicate whether a quick mode association is currently in place. Answer b is incorrect. Although IPSec events can be written to Event Viewer, you cannot determine whether an association is currently in place. Answer c is incorrect. Although the Oakley log file displays SA information, it does not display real-time information about the association. 4. IPSec can be used to secure communications between two computers. Which of the following would be good reasons to use IPSec? Choose all that apply. a. Examine Kerberos tickets b. Block transfer of specific protocol packets c. Allow transfer of packets with a destination TCP port of 23 from any computer to the host computer d. Permit one user to use Telnet to access the computer, while denying another user ANSWER b and c. IPSec can be configured to block or accept specific protocol packets. Also, IPSec can be configured to block or accept packets based on criteria, such as TCP port number and IP address. Answer a is incorrect. Although IPSec uses Kerberos as one method of authentication, it is not a tool for examining Kerberos tickets. Answer d is incorrect. IPSec is designed for securing communication between computers; it is not used to authorize or deny user access to resources. TEXTBOOK CHAPTER 6 ANSWERS: SECURING NETWORK TRAFFIC WITH IPSEC 23 5. What is a good reason for assigning an IPSec policy using Netsh instead of using Group Policy? a. Using Netsh is the only way to apply a policy that can be used to permit a users computer to be used for a telnet session with another computer while blocking all other telnet communications. b. Using Netsh is more easily implemented than Group Policy when multiple must machines be configured. c. You can apply Netsh even if the computers are not joined in a domain, whereas Group Policy can work only in a domain. d. You can use Netsh to create a persistent policy if Group Policy cannot be used. ANSWER d. You cannot use Group Policy to create a persistent IPSec policy. Answer a is incorrect. IPSec is not designed to authorize or deny user access to resources. Answer b is incorrect. Both Group Policy and Netsh can be used to restrict a computers access to a particular protocol. Answer c is incorrect. Group policies can be applied regardless of whether the computer is joined to the domain. 6. Netsh is used to create and assign an IPSec policy for a stand-alone server running Microsoft Windows Server 2003. One of the commands used is executed from the Netsh IPSec static context. It follows: Add rule name="SMTPBlock" policy="smtp" filterlist="smtp computerlist" filteraction="negotiate smtp" description="this rule negotiates smtp" Why is the policy not working? a. The policy is set with the wrong IP addresses. b. Each policy specifies a different encryption algorithm. c. A stand-alone server does not have a Simple Mail Transfer Protocol (SMTP) service; therefore, the policy is unassigned. d. The policy uses Kerberos for authentication and the computer is not a member of a domain. ANSWER d. By default, Kerberos authentication is used and, for the policy to authenticate using Kerberos, it must be a member of an Active Directory domain. Answer a is incorrect. An IP address was not used for the command. Answer b is incorrect. A difference in algorithms between policies does not prevent them from working. Answer c is incorrect. Stand-alone servers do have an SMTP service; however, the presence of the service has no impact on the policy assignment or effectiveness. 24 TEXTBOOK CHAPTER 6 ANSWERS: SECURING NETWORK TRAFFIC WITH IPSEC 7. You wish to set up a tool for maintenance and monitoring of IP policies on remote hosts in your domain. You add the IP Security Monitor and IP Security Policy Management snap-ins to an MMC. However, when you try to add the host 192.168.0.100 to the IP Security Monitor, you get the error message shown in Figure 6-10. FT06xx10 Figure 6-10 IPSec console error message How can you manage and monitor IPSec on 192.168.0.100? a. You cannot do so. The host 192.168.0.100 is a legacy host that does not support IPSec. b. The host 192.168.0.100 is not part of the domain. You must join the host to your domain if you want to use IP Security Monitor. c. Only IPSec policies that use your authentication can be managed and monitored using IP Security Monitor. You must assign such a policy to 192.168.0.100. d. You should use legacy Ipsecmon. e. You cannot add a computer using its IP address. You must use the computers DNS host name. ANSWER d. This error occurs when you try to add a host running Windows 2000 to the IP Security Monitor. Legacy Ipsecmon is the appropriate tool to use for such hosts. Unfortunately, it is not possible to create a single-seat maintenance tool using this method if some of the client hosts run Microsoft Windows 2000. Answer a is incorrect. Figure 6-10 shows that the IP Security Policy Management snap-in has already been added to the MMC for 192.168.0.100. Therefore, 192.168.0.100 supports IPSec. Answer b is incorrect. Hosts can be managed and monitored using the IP Security Monitor snap-in whether or not they are joined to a domain. Answer c is incorrect. The authentication method has no bearing on whether IP Security Monitor can be used. Answer e is incorrect. You can add computers using an IP address or host name. TEXTBOOK CHAPTER 6 ANSWERS: SECURING NETWORK TRAFFIC WITH IPSEC 25 8. During the testing of the IPSec policies, the workstation you use as a test computer works correctly and the traffic is encrypted; however, when you resume testing after making some changes on one of the servers, the workstation can no longer communicate with that server. The policy that you set on the server requires you to use Kerberos as the authenticating protocol. What is the most likely cause of the communication issue? a. Your workstation lost its connection to a domain controller. b. Your workstation lost its connection to the CA. c. The IPSec Policy Agent lost communication with the domain controller and must be restarted. d. You must reapply the servers IPSec policy. ANSWER c. When you troubleshoot communication issues, first stop the IPSec Policy Agent and verify communication, and then restart the IPSec Policy Agent and use the IP Security Monitor to confirm that a security association is established between the computers. Answer a is incorrect. Once the initial connection is made, the IPSec service does not need to contact a domain controller. Answer b is incorrect. It is not likely that the workstation lost its connection to the CA because the connection uses Kerberos, which means a domain controller could authenticate a new session. In addition, the question implies that this is the same session. Answer d is incorrect. Policies are reapplied every time a new connection is made. Reapplying a policy would have no effect on this issue. CHAPTER CASE SCENARIOS Case Scenario 6-1: Securing Communications You administer a Windows Server 2003 Active Directory domain. All client PCs are in a top-level OU called Clients, and all server PCs (apart from domain controllers) are in a top-level OU called Servers. The domain controllers are in their default OU. The Secure Server (Require Security) default IPSec policy has been assigned to all servers, including domain controllers. The Client (Respond Only) default IPSec policy has been assigned to all clients. All client PCs are Windows 2000 Professional hosts. Management is concerned that the client computers in the Research department do not securely communicate with each other and with other clients. Only four such machines exist. On one of them, you create a custom policy that requires secure communications. You export it to a file and import it into the other three client machines in the Research department. You assign the policy on all four machines. 26 TEXTBOOK CHAPTER 6 ANSWERS: SECURING NETWORK TRAFFIC WITH IPSEC Next, you use the IP Security Monitor console on one of the machines and find that no SAs are set up between the Research department hosts or between these machines and clients in other departments. You capture traffic using Network Monitor and discover that unencrypted traffic is passing between the Research clients. What is the first step you should take to solve the problem? a. Change the authentication method on the custom policy to use a preshared key. b. Change the encryption algorithm from Triple DES (3DES) to Data Encryption Standard (DES). c. Create an OU. d. Move the Research department computer accounts into the Servers OU. ANSWER c. In this scenario, assigning an IPSec policy locally has no effect. This situation happens when the hosts are in a domain and a policy has been assigned through Group Policy. In this case, the Client (Respond Only) policy has been assigned to a GPO that is linked to the Clients OU. You must create an OU called Research, move the four client computer accounts into that OU, create a GPO linked to Research, and then assign the custom IPSec policy to that GPO. Answer a is incorrect. The policy was exported from one client and exported to the others, so the same authentication method is specified in the policy on all four machines. The authentication method is unlikely to be the problem. In addition, the preshared key authentication method is weak authentication and is not appropriate in this scenario. Answer b is incorrect. A system running Windows 2000 that does not have Service Pack 2 or later installed on it does not support 3DES. If 3DES is specified, the rule defaults to DES for communication with that computer. Therefore, the encryption algorithm is not a factor in this scenario. Answer d is incorrect. This approach would ensure that communication among the Research departments computers and between the Research departments computers and other hosts in the domain is encrypted. However, it is not the best solution. Servers are often put into one OU and clients are put into another OU for various reasonsnot merely to assign IPSec policy. As a result, the Research department clients would be configured with other settings that might be inappropriate (such as the Log On Locally rights). Case Scenario 6-2: Troubleshooting IPSec Your company does not use a domain structure; it uses workgroups. The Research workgroup has six clients running Windows XP Professional, four clients running Windows 2000 Professional, and two stand-alone servers running Windows Server 2003. Communication between hosts in this workgroup must be secure. A member of your support staff configures and assigns an IPSec security policy on all hosts in the Research workgroup. All hosts can ping each other by IP address, but the Research department staff cannot access files on the servers from their client PCs. TEXTBOOK CHAPTER 6 ANSWERS: SECURING NETWORK TRAFFIC WITH IPSEC 27 You log on to one of the servers using the local administrator account, you access the Security Settings node within Local Computer Policy, and you enable success and failure auditing for logon events. You open Event Viewer and locate a failure audit event 547 in the security log. The failure reason given is, Failed to obtain Kerberos server credentials for the ISAKMP/ERROR_IPSEC_IKE service. What is the most likely cause of the problem? a. The default response rule is not activated. b. Kerberos has been specified as the initial authentication method. c. The 3DES encryption algorithm has been specified, and it cannot be used on the clients running Windows 2000. d. The incorrect policy has been assigned. ANSWER d. The error detected occurs when Kerberos is specified as the authentication protocol in an environment that cannot support it (such as a workgroup). It is not possible to create a new policy in this environment, which means that one or more of the default policies must have been assigned. The most common mistake in this situation is to assign Secure Server (Require Security) on the servers. Answer a is incorrect. This rule specifies that to communicate securely, the computer must respond to requests for secure communication. Clearing the check box that specifies this rule would make communication less secure, but would not prevent it altogether. Answer b is incorrect. Kerberos cannot be used for authentication in this scenario because the hosts are not in an Active Directory domain. The IP Security Policy wizard would not create a policy if Kerberos were specified. Answer c is incorrect. A system running Windows 2000 that does not have Service Pack 2 or later installed does not support 3DES. If 3DES is specified, however, the rule defaults to DES for communication with that computer. 28 TEXTBOOK CHAPTER 7 ANSWERS: IMPLEMENTING AND MANAGING SOFTWARE UPDATE SERVICES CHAPTER 7 IMPLEMENTING AND MANAGING SOFTWARE UPDATE SERVICES CHAPTER REVIEW QUESTIONS 1. You are the system administrator for Contoso, Ltd., and you have been given the responsibility of managing security patches and other updates to operating systems that already have a SUS-compatible version of Automatic Updates installed. Although you want the ability to approve updates, you do not want to store them all locally. How can you accomplish this? ANSWER Use the SUS Administration Web page to configure the server to use a Windows Update Web server instead of storing them locally. To configure this, load the SUS Administration Web page, click Set Options, and in the Select Where You Want To Store Updates section of the details pane, click Maintain The Updates On A Microsoft Windows Update Server, and then click Apply. 2. You want to obtain critical updates and security fixes for your PC that runs Windows XP Professional. You access the Windows Update site. However, you cannot find the Windows Update Catalog under See Also in the left pane. What is the problem? a. You have not installed and configured SUS. b. You have not installed and configured Automatic Updates. c. Transmission Control Protocol (TCP) port 80 is blocked for incoming traffic on the firewall at your Internet service provider (ISP). d. You must configure the Windows Update site. ANSWER d. You should select Personalize Windows Update and select the Display The Link To The Windows Update Catalog Under See Also check box. Answer a is incorrect because SUS is a server application and is not necessary in this situation. Answer b is incorrect because Automatic Updates is installed by default on computers running Windows XP Professional. Answer c is incorrect because you could not have accessed the Microsoft Windows Update site if port 80 were blocked. TEXTBOOK CHAPTER 7 ANSWERS: IMPLEMENTING AND MANAGING SOFTWARE UPDATE SERVICES 29 3. You administer your companys Windows Server 2003 Active Directory domain. All client PCs run Windows XP Professional. Company policy states that employees cannot download software or software updates from the Internet. Software must be installed or upgraded on client machines automatically through Group Policy. As the domain administrator, you have been exempted from this policy so that you can download operating system upgrades, security fixes, virus definitions, and Microsoft utilities from the Windows Update site. You then want these upgrades, fixes, and so forth to be installed automatically on other users PCs when these users log on to the domain. What should you do after you have downloaded the software? a. Install and configure SUS on your PC. b. Install Automatic Updates on the client computers. c. Create a Windows installer package. d. Configure Remote Installation Services (RIS) to distribute the software. ANSWER c. After you download the software you should create a Windows installer package to be used with Group Policy to distribute the software to users on your network. Answer a is incorrect because you would need SUS if users were permitted to access an internal Web server as if they were accessing the Internet to download and install the relevant programs. However, they cannot perform this task; so software must be installed automatically through Group Policy. Answer b is incorrect. Automatic Updates is installed by default on computers that run Windows XP Professional. The Windows Update site can be configured to send updates automatically to a client. However, in this scenario, clients do not receive updates or fixes by this method; instead, they receive them through Group Policy. Answer d is incorrect because RIS is typically used to automatically install operating systems and application software. It is not the appropriate tool for this scenario. 4. You are the system administrator for Contoso, Ltd., and you have deployed SUS. You open the SUS Administration Web page and perform a synchronization that downloads several new updates. On the Approve Updates page, you notice that the updates are already approved even though you have not yet approved them. What is the most likely reason the updates are already approved? ANSWER The SUS server has been configured to automatically approve all updates after synchronization. 30 TEXTBOOK CHAPTER 7 ANSWERS: IMPLEMENTING AND MANAGING SOFTWARE UPDATE SERVICES 5. You have just finished installing SUS and realize that there is not enough disk space to store all the updates locally. How can you configure SUS to solve this problem? Select the best Register to View AnswerCompress the drive. b. Configure the SUS server to store the updates on the client computers. c. Configure the SUS server to download only 80 percent of the available disk free space. d. Configure the SUS server to use the Microsoft update site rather than to store updates locally. ANSWER d. SUS can be configured to maintain the updates on a Microsoft Windows Update server rather than downloading them locally. Answer a is incorrect. Although compressing the drive can provide a temporary solution, it is unlikely to solve the long-term disk space issue. Answer b is incorrect. You cannot configure clients to store updates for SUS. Answer c is incorrect. SUS cannot be configured to download updates based only on percentage of free space. 6. You have deployed a SUS server; however, several clients running Windows XP (no service pack) and Windows 2000 Service Pack 2 are unable to use the SUS server. What is the most likely reason for this problem? ANSWER Clients running Windows XP (with no service pack) and Windows 2000 Service Pack 2 and earlier must obtain a newer version of Automatic Updates to utilize SUS. 7. You have set up a second SUS server. You want to configure this server to download only approved updates from another server. How can you configure the second SUS server to only download approved items from a local server? ANSWER To configure the SUS server to only synchronize approved items from a local server, click Set Options, and in the Select Which Server To Synchronize Content From, click Synchronize From A Local Software Update Services Server, type the name of the server, and then click Synchronize List Of Approved Items Updated From This Location (Replace Mode). 8. You are troubleshooting SUS client issues and want to check event log messages. Which log should you examine to find SUS client messages? a. Application log b. Security log c. System log d. Directory Service log ANSWER c. SUS client logs are written to the System log. TEXTBOOK CHAPTER 7 ANSWERS: IMPLEMENTING AND MANAGING SOFTWARE UPDATE SERVICES 31 CHAPTER CASE SCENARIOS Case Scenario 7-1: Need for SUS You are the systems administrator for Contoso, Ltd., and you are seeking a way to keep all workstations and servers updated with the latest security patches, driver updates, and recommended updates from Microsoft. You are considering deploying SUS. A colleague asked you why, since everyone in the company already has an operating system with Automatic Updates enabled, is a SUS server still necessary? Which of the following answers are valid responses to your colleagues question? a. Although Automatic Updates keeps systems updated, you cannot rely on users to consistently accept and install updates. b. Relying on individual users to individually download and install updates from the Internet causes increased external network traffic relative to downloading updates from an internal SUS server. c. It is a recommended practice to test updates before deploying them. Allowing individuals to deploy their own updates without first testing the updates could be problematic. d. A SUS server will automatically update clients running Microsoft Windows 95, a practice that Automatic Updates does not support. ANSWER a, b, and c. Answer a is correct because, without a method of enforcing updates, you cannot be certain they will be installed. Answer b is correct because requiring each user to download updates from the Internet increases the amount of external network traffic relative to downloading updates and storing them centrally on an internal server. Answer c is correct because it is important to test any system configuration change before deploying it across your organization. Answer d is incorrect because SUS does not support clients running Windows 95. 32 TEXTBOOK CHAPTER 7 ANSWERS: IMPLEMENTING AND MANAGING SOFTWARE UPDATE SERVICES Case Scenario 7-2: Stage and Test Updates You are deploying SUS in your organization. Several workstations in your organization run a non-Microsoft application that was negatively impacted in the past after downloading certain updates. As a result, many of the users of that application have disabled the update feature and are reluctant to participate in the SUS server deployment. How should you design your deployment plan so that you can stage and test updates before distributing them to the rest of the organization? ANSWER Include two SUS servers in your plan that share a parent-child relationship. Download all updates to the parent SUS server, test the updates, and approve only updates that pass the test. When the parent has approved updates, the child SUS server downloads them and makes them available to users. TEXTBOOK CHAPTER 8 ANSWERS: CONFIGURING ROUTING BY USING ROUTING AND REMOTE ACCESS 33 CHAPTER 8 CONFIGURING ROUTING BY USING ROUTING AND REMOTE ACCESS CHAPTER EXERCISE Exercise 8-1: Viewing the IP Routing Table 2. At the command prompt, type route print, and then press ENTER. QUESTION What is the Netmask for the 10.1.0.0 Network Destination? ANSWER The Netmask is 255.255.0.0. CHAPTER REVIEW QUESTIONS 1. You are the network administrator for Fabrikam, Inc. Fabrikams network consists of several subnets. Current network users require access to only the company intranet and other internal company resources such as file shares and printers. Fabrikam, Inc., recently hired a team of developers who will be joining your network and whose connectivity requirement you must support. Which of the following options would require you to implement a routing solution for the new developer team? Choose all that apply. a. The developer team needs corporate connectivity, but its test applications must be isolated from the rest of the network. b. The developer team uses Internet access to connect to the corporate network. c. The developer team does not require Internet access, and its test applications do not require corporate connectivity. d. Source code repositories must be encrypted when stored and accessed across the network. ANSWER a and b. Answer a is correct. This solution requires a separate subnet to isolate the traffic to the test applications and requires a routing solution to connect the two networks. Answer b is correct. This solution requires a routing solution to connect the two networks, the Internet, and the corporate network. Answer c is incorrect. Because there is no requirement for separate networks/subnets, no routing solution is required. Answer d is incorrect. Encryption by itself does not require a routing solution. 34 TEXTBOOK CHAPTER 8 ANSWERS: CONFIGURING ROUTING BY USING ROUTING AND REMOTE ACCESS 2. You are the network administrator for Fabrikam, Inc. Fabrikams network consists of several subnets. Current network users require access to only the company intranet and other internal company resources such as file shares and printers. Fabrikam, Inc., recently hired a team of developers who will be joining your network and whose connectivity requirements you must support. Which of the following options would require you to determine a packet-filtering solution for the new developer team? Choose all that apply. a. The developer team needs full corporate connectivity, but its test applications must be isolated to only specific test computers. b. The developer team needs corporate connectivity, but its test applications must be completely isolated from users on the rest of the network. c. The developer team does not require Internet access and its test applications do not require corporate connectivity. d. The developer team uses a predetermined unique protocol to test its applications. ANSWER a and d. Answer a is correct. Because you must isolate specific computers, you can configure packet filtering to filter for the individual IP addresses of the test computers. Answer d is correct. Because the developer team uses a predetermined unique protocol, you can configure packet filtering to filter for the specific protocol. Answer b is incorrect. You cannot filter for an individual account. Answer c is incorrect. A packet-filtering solution has no impact on this scenario. 3. Over the past several weeks, users have intermittently complained that they were unable to connect to the VPN server. You examine the network logs and determine that each of the complaints occurred when network usage was peaking. You have ruled out addressing as the cause. What is the most likely reason for the intermittent access problems? ANSWER At peak usage, the number of VPN users attempting to connect exceeds the number of available VPN ports. 4. You have configured your remote access server to distribute addresses to remote access clients through a DHCP server. However, you find that your remote access clients assign themselves with only APIPA addresses. Name two possible causes of this scenario. ANSWER 1. A DHCP server is not available on the network segment, and a DHCP relay agent has not been configured. 2. The DHCP server did not have 10 free addresses in its scope when the Routing and Remote Access server started up. TEXTBOOK CHAPTER 8 ANSWERS: CONFIGURING ROUTING BY USING ROUTING AND REMOTE ACCESS 35 5. Fabrikam, Inc., recently deployed smart cards to employees who require remote access to the corporate network. Which authentication protocol must you use to support the use of smart cards? ANSWER EAP-TLS. 6. Fabrikam, Inc., management wants to ensure that data transferred during remote access are encrypted. Which authentication protocols provide data encryption? ANSWER EAP-TLS, MS-CHAP v2, and MS-CHAP v1. 7. You have recently created a new domain in a Windows Server 2003 network, and the domain functional level is Windows 2000 mixed. How is the Allow Access setting in the dial-in properties of a user account different in this environment from that in other server environments? ANSWER In Windows 2000 mixed-mode domains, the Allow Access setting does not override the access permission set in the remote access policy. In other server environments, the Allow Access setting does override the access permission configured in the remote access policy. 8. You are troubleshooting a failed remote access connection. You verify that the user accounts dial-in properties are set to Allow Access and that the first matching remote access policy is set to Grant Remote Access Permission. The client still cannot connect. What should you check next? ANSWER You should check the remote access policy profile. Constraints configured in the remote access policy profile, such as allowed dial-up hours, are preventing the connection from being established. 36 TEXTBOOK CHAPTER 8 ANSWERS: CONFIGURING ROUTING BY USING ROUTING AND REMOTE ACCESS CHAPTER CASE SCENARIOS Case Scenario 8-1: Phone Number Authentication Fabrikam, Inc., has 10 vendors that must access the company network. For security reasons, Fabrikam wants these 10 vendors to be authenticated only by their phone numbers when dialing into the network. Because they are going to be authenticated by their phone numbers, Fabrikam does not want them to be required to enter a username or password for authentication. How can you implement this configuration? ANSWER Create a remote access policy using Calling-Station-ID as the attribute on the policy condition. Type the phone number for the first vendor. In the same policy, add a similar condition for each of the nine remaining vendors. Configure the policy to grant access to connections that match the policy conditions. Edit the policy profile to allow unauthenticated access. After the policy is configured, configure the server properties to allow unauthenticated access. Case Scenario 8-2: Single-Credential Entry You are a networking consultant for Fabrikam, Inc., which has already configured a PPTP-type VPN. Although users are not having trouble connecting, they must type their username and password twice. You have been asked to configure the system so users have to type their password only once to connect to the company domain. How can you allow users to avoid typing in their credentials in both the Log On To Windows screen and the VPN connection dialog box? Which authentication protocols can be used over this VPN connection? ANSWER Instruct the employees to modify the properties of the VPN connection so that, in the Security tab, the Automatically Use My Windows Logon Name And Password (And Domain If Any) option is selected. Only MS-CHAP v1 and MS-CHAP v2 can be used. TEXTBOOK CHAPTER 9 ANSWERS: MAINTAINING A NETWORK INFRASTRUCTURE 37 CHAPTER 9 MAINTAINING A NETWORK INFRASTRUCTURE CHAPTER REVIEW QUESTIONS 1. You receive a report that a users computer is responding slowly to user network requests. You want a quick way to see which type of network traffic the server is receiving. You use Network Monitor. You want to see whether any general broadcast traffic is being sent. Which counter should you enable? a. Nonunicasts/Interval b. Unicasts/Interval c. Bytes Sent/Interval d. Bytes Received/Interval ANSWER a. Broadcast traffic, by definition, is nonunicast traffic. Answer b is incorrect because traffic displayed using this counter is again, by definition, not broadcast traffic. Answers c and d are incorrect because they include more than just broadcast traffic and you will not be able to distinguish broadcast traffic from unicast traffic. 2. You set up Performance Logs And Alerts to send a message to ComputerB to notify an operator when the network bandwidth utilization on ComputerA reaches a certain level. However, ComputerB never receives the message sent from ComputerA. What must you do to enable messages to be sent by ComputerA and received by ComputerB? Choose all that apply. a. On ComputerA, start the Messenger service. b. On ComputerA, start the Alerter service. c. On ComputerB, start the Messenger service. d. On ComputerB, start the Alerter service. ANSWER b and c. To successfully send messages, you must start the Alerter service on the sending computer and the Messenger service on the receiving computer. 38 TEXTBOOK CHAPTER 9 ANSWERS: MAINTAINING A NETWORK INFRASTRUCTURE 3. You suspect that a virus has infected your computer, which runs Windows Server 2003. You believe this virus transmits data from your server over the network using a specific port. You want to determine which process is using a specific port. Which command should you run? a. Nbtstat -RR b. Nbtstat -r c. Netstat -a d. Netstat -o ANSWER d. Netstat -o displays the owning PID associated with each connection. Answers a and b are incorrect because Nbtstat is a NetBIOS name resolution utility and does not provide port information. Answer c is incorrect because, although it lists all connections and listening ports, it does not list PIDs. 4. A user in the branch office reports that he cannot use Microsoft Internet Explorer to open a commonly used Web site on the Internet. At your client computer in the main office, you are able to ping the target address. What should you do to troubleshoot this problem? Choose all that apply. a. From the users client computer, ping the destination address. b. From the users client computer, use the Network Repair feature. c. From the DNS server, perform a simple query test. d. From the DNS server, perform a recursive query test. ANSWER a and b. Answer a is correct because pinging the destination address indicates whether the client can communicate with the Web site. Answer b is correct because the Repair feature performs a set of common troubleshooting commands that might solve the problem. Answers c and d are incorrect because there is no reason to suspect the DNS server as the source of the problem. In this scenario, you should investigate client issues before considering the DNS server as the source of the problem. Furthermore, because pinging the IP address was unsuccessful, name resolution was not performed. TEXTBOOK CHAPTER 9 ANSWERS: MAINTAINING A NETWORK INFRASTRUCTURE 39 5. A user in the branch office reports that he cannot use Internet Explorer to view a commonly used Web site on the Internet. At your client computer in the main office, you run Nslookup to verify the target address and receive the correct address. At the users client computer, you also run Nslookup, but the address returned is incorrect. What should you do to troubleshoot this problem? Choose all that apply. a. Verify that the client is using the correct DNS servers. b. Run Ipconfig /flushdns. c. Run Ipconfig /registerdns. d. Run Ipconfig /renew. ANSWER a and b. You should first ensure the client is configured to use the correct DNS servers, and then clear the DNS resolver cache. Answer c is incorrect because registering the clients DNS address will not solve the Web sites connection problem. Answer d is incorrect because renewing the existing lease will not change any configuration options on the client. 6. You install a new application, which reports that it is installing a service on the computer. However, when you attempt to run the application for the first time, it cannot start. You inspect the event log to determine the nature of the problem. You receive an error that states, The service did not start due to a logon failure. Which of the following steps should you take to troubleshoot this problem? a. Verify the service has been configured to start automatically. b. Change the password to the same name as the account. c. Verify the correct password has been supplied on the properties page of the service. d. Verify the account has been granted administrative rights. ANSWER c. The correct password must be specified on the properties page for the service to use the account to log on. Answer a is incorrect. Although you might need to configure the service account to start automatically, the error message indicates a logon problem. Changing the service start behavior will not fix a logon problem. Answer b is incorrect because there is no dependency between the name of the account and the password. Answer d is incorrect because you should grant the least amount of privilege required for a service to perform its functions. 40 TEXTBOOK CHAPTER 9 ANSWERS: MAINTAINING A NETWORK INFRASTRUCTURE 7. You install a new application on a member server. The application reports that it is installing a service on the computer. The installation for the service requests a username and password to run the service. You provide the name DOMAIN1\Service1. However, when you attempt to run the application for the first time, it is unable to start. You suspect that the account has not been given appropriate rights to start the service. What do you do? a. On the member server, grant the Service1 account the Log On As A Service right. b. In the domain, grant the Service1 account the Log On As A Service right. c. On the member server, grant the Service1 account the Log On As A Batch Job right. d. In the domain, grant the Service1 account the Log On As A Batch Job right. ANSWER a. Service accounts must have the Log On As A Service right. 8. A user complains that after she rebooted her computer, she no longer has access to the Internet. You examine her network settings and see that she has an IP address in the wrong network subnet and that her default gateway is actually part of a test network. You suspect a rogue DHCP server. Which tool should you use to locate the DHCP server? a. Ipconfig b. Dhcploc c. Netdiag d. Netstat ANSWER b. Use Dhcploc to locate DHCP servers on your network, including rogue DHCP servers. Answer a is correct because Ipconfig will only indicate whether the client is configured to use DHCP and the address of the DHCP server it last used. Answer c is incorrect because Netdiag does not list all DHCP servers on your network. Answer d is incorrect because Netstat only provides information about existing network connections of a computer running TCP/IP and network activity statistics and does list DHCP servers. TEXTBOOK CHAPTER 9 ANSWERS: MAINTAINING A NETWORK INFRASTRUCTURE 41 CHAPTER CASE SCENARIO Case Scenario 9-1: Using Diagnostic Tools You are the network administrator for Fabrikam, Inc. Users and other administrators report issues on the network. You must decide which diagnostic tool will most appropriately solve the problem. Five different help desk issues are described. For each issue, determine which tool is appropriate. Choose from the following tools. Provide a reason to justify each of your choices. You might not need to use all of the possible answer choices. The troubleshooting tools are as follows: The standard version of Network Monitor The Lite version of Network Monitor Netstat Ping The testing feature in the DNS Monitoring tab The Network Repair button Network bridging Service configurations 1. A user in Arkansas reports that he cannot browse the Internet. You ask him to ping the local gateway, and after doing so, he does not receive a successful reply from the local gateway. Other users on the network do not have the same problem. ANSWER Use the Network Repair button. Because only one user is having difficulty in this scenario, the loss of connectivity is probably an isolated instance and can be fixed using the series of commands provided by the Repair feature. 2. All users in the company report that they cannot browse the Internet, although the users receive replies when they ping the external resources by IP address. Access to company resources is not affected. ANSWER Use the DNS monitoring tests to verify whether the DNS server is receiving proper responses from the server to which it forwards. 3. A network administrator in Delaware wants to know the best way to implement a new segment on the network with a different physical topology. She doesnt want to buy a hardware router. ANSWER Network bridging is the best choice to connect two disparate networks together. 42 TEXTBOOK CHAPTER 9 ANSWERS: MAINTAINING A NETWORK INFRASTRUCTURE 4. A network administrator in Delaware reports that a third-party service on a server refuses to start. He has tried to restart the service several times, but it does not start. ANSWER Check the service configuration. Specifically, check to see whether the service uses a domain account, whether the account has been granted the Log On As A Service right, and whether the correct password is specified in the properties page of the service. 5. An administrator in a remote office thinks her server might have been infected with a virus or a Trojan horse program. A specific port appears to be open. How can the administrator determine which process uses which port? ANSWER Use Netstat -o to show the ports in use and their associated PIDs. Then display Task Manager and match the PID obtained using the Netstat command to the list of processes in Task Manager to identify the process using the port in question.

Find millions of documents on Course Hero - Study Guides, Lecture Notes, Reference Materials, Practice Exams and more. Course Hero has millions of course specific materials providing students with the best way to expand their education.

Below is a small sample set of documents:

Seneca - COMPUTER - win310
CHAPTER11.APIPAaddressescomefromwhichaddressrange? a. b. c. d. 172.16.0.0through172.31.255.255 169.254.0.0through169.254.255.255 10.0.0.0through10.255.255.255 192.168.0.0through192.168.255.255 24hours 3days 8days 5days2.Whatisthedefaultleaseperiodfora
Seneca - COMPUTER - win310
CHAPTER 3 1. Which two methods of name resolution are available on a Microsoft Windows Server 2003 network? a. b. c. d. 2. WINS TCP/IP DNS DHCPHost name resolution on a Microsoft Windows Server 2003 network uses DNS to map which two items to one another?
Seneca - COMPUTER - win310
CHAPTER 9 MAINTAINING A NETWORK INFRASTRUCTURE1.Which tool could be used to determine which application or applications are utilizing the processor the most? a. Network Monitor b. Task Manager c. Performance console d. System Monitor2.Which tool inclu
U. Houston - ECON - 3332
Econ 3332 Intermediate Microeconomics Professor Scott Imberman Problem Set 41) Bernheim & Whinston, pg. 323, exercise 9.8 If Dan produces, he will choose a quantity that satisfies the quantity rule: P = MC P = 4 + (Q/20) P 4 = Q/20 20P 80 = Q Dan will on
Troy - ACT - ACT3394
Chapter 01 - Introduction to Accounting and Financial Reporting for Governmental and Not-for-Profit EntitiesCHAPTER 1: INTRODUCTION TO ACCOUNTING AND FINANCIAL REPORTING FOR GOVERNMENTAL AND NOT-FORPROFIT ENTITIESAnswers to Questions 1-2 Disagree. As di
Troy - ACT - ACT3394
Chapter 03 - Governmental Operating Statement Accounts; Budgetary AccountingCHAPTER 3:Answers to QuestionsGOVERNMENTAL OPERATING STATEMENT ACCOUNTS; BUDGETARY ACCOUNTING3-1 The governmental fund financial statements report current financial resources
Troy - ACT - ACT3394
Chapter 04 - Accounting for Governmental Operating ActivitiesIllustrative Transactions and Financial StatementsCHAPTER 4:ACCOUNTING FOR GOVERNMENTAL OPERATING ACTIVITIES ILLUSTRATIVE TRANSACTIONS AND FINANCIAL STATEMENTSAnswers to Questions 4-1 Under t
Troy - ACT - ACT3394
Chapter 05 - Accounting for General Capital Assets and Capital ProjectsCHAPTER 5:Answers to QuestionsACCOUNTING FOR GENERAL CAPITAL ASSETS AND CAPITAL PROJECTS5-1 General capital assets are those assets acquired with the resources of governmental fund
Troy - ACT - ACT3394
Chapter 06 - Accounting for General Long-term Liabilities and Debt ServiceCHAPTER 6:Answers to QuestionsACCOUNTING FOR GENERAL LONG-TERM LIABILITIES AND DEBT SERVICE6-1 General long-term liabilities arise from activities of the General Fund or some ot
Troy - ACT - ACT3394
Chapter 08 - Accounting for Fiduciary ActivitiesAgency and Trust Funds89CHAPTER 8:Answers to QuestionsACCOUNTING FOR FIDUCIARY ACTIVITIES AGENCY AND TRUST FUNDS8-1 Although in law there is a clear distinction between an agency relationship and a trust
Troy - ACT - ACT3394
CHAPTER 9:FINANCIAL REPORTING OF STATE AND LOCAL GOVERNMENTSAnswers to Questions 9-1 According to the Bureau of Census a special district is a special purpose government, other than a school district, that is separate from the general purpose government
Troy - ACT - ACT3394
Chapter 10 - Analysis of Governmental Financial PerformanceCHAPTER 10:Answers to QuestionsANALYSIS OF GOVERNMENTAL FINANCIAL PERFORMANCE10-2 Economic condition is the term the GASB uses to represent a composite of a governments financial health and it
Troy - ACT - ACT3394
Chapter 12 - Auditing of Governmental and Not-for-Profit OrganizationsCHAPTER 12:Answers to QuestionsAUDITING OF GOVERNMENTAL AND NOT-FORPROFIT ORGANIZATIONS12-1 The three levels of audit are generally accepted auditing standards (GAAS), generally acc
Troy - ACT - ACT3391
1.HOMEWORK - Fall 2009 Solutions (0.5 point each journal entry) Journalize the following events/transactions for Acme Company. a) Acme Borrowed $5,000,000 from Area Bank. Cash $5,000,000 Notes payable $5,000,000 b) Acme issued 100,000 shares of its commo
Troy - ACT - ACT3391
HOMEWORK - Fall 2009 Solutions 3. (0.5 point each) Prepare the Adjusting Journal Entries (AJEs) that should be made on December 31, 2008, the end of the accounting year, for each of the following independent situations. If no AJE is required, indicate non
Troy - ACT - ACT3391
HOMEWORK - Fall 2009 Solutions 4. (5 points) X Company Note that there are different ways you can document/format your solutions. One possible way follows. Also, note that we will NOT worry about the change in prepaid insurance because we were not asked t
Troy - ACT - ACT3391
HOMEWORK - Fall 2009 Solutions 6. (3 points) O Corporation's capital structure consists of 600,000 shares of common stock. At December 31, 2007 an analysis of the accounts revealed the following information: Accounts receivable, Allowance for doubtful acc
Troy - ACT - ACT3391
HOMEWORK - Fall 2009 Chapters 1 through 7 ALL homework assignments must be completed by using some type of computer software program, e.g., word, excel. YOU WILL NOT RECEIVE FULL CREDIT FOR THE HOMEWORK UNLESS IT IS COMPLETED BY USING A COMPUTER. NO CREDI
Troy - ACT - ACT3391
HOMEWORK - Fall 2009 Chapters 1 through 7 ALL homework assignments must be completed by using some type of computer software program, e.g., word, excel. YOU WILL NOT RECEIVE FULL CREDIT FOR THE HOMEWORK UNLESS IT IS COMPLETED BY USING A COMPUTER. NO CREDI
Troy - ACT - ACT3391
HOMEWORK - Fall 2009 Chapters 1 through 7 ALL homework assignments must be completed by using some type of computer software program, e.g., word, excel. YOU WILL NOT RECEIVE FULL CREDIT FOR THE HOMEWORK UNLESS IT IS COMPLETED BY USING A COMPUTER. NO CREDI
Troy - ACT - ACT3391
HOMEWORK - Fall 2009 Chapters 1 through 7 ALL homework assignments must be completed by using some type of computer software program, e.g., word, excel. YOU WILL NOT RECEIVE FULL CREDIT FOR THE HOMEWORK UNLESS IT IS COMPLETED BY USING A COMPUTER. NO CREDI
Troy - ACT - ACT3391
HOMEWORK - Fall 2009 Chapters 1 through 7 17. (3 points) On December 31, 2008, B Company sold some inventory to D Company in exchange for a $7,000,000, 10% note receivable. The note principal will be collected in full on December 31, 2012. Interest will b
Troy - ACT - ACT3391
HOMEWORK - Fall 2009 Chapters 1 through 7 20. (2 points) Acme Co.s aging schedule as of year-end is given below: Days Account is o/s 0 30 31 60 61 90 91- 120 121-150 over 150 days Amount $6,500,000 4,000,000 3,200,000 1,100,000 500,000 200,000 Prob. Colle
Troy - ACT - ACT3391
HOMEWORK - Fall 2009 24. (2 points) On 12-31-08, you performed a physical count of inventory Big Al maintains in its warehouse. Your count indicates a total cost of $3,300,000. You discover the following items were excluded from the $3,300,000. Merchandis
Troy - ACT - ACT3391
HOMEWORK - Fall 2009 27. (4 points) Presented below is information related to T Company. EI @ recent costs 12-31-01 12-31-02 12-31-03 12-31-04 12-31-05 12-31-06 $3,349,500 $3,460,800 $3,484,000 $3,490,300 $3,582,800 $3,587,000 Index 100.0 103.0 104.0 104.
Troy - ACT - ACT3391
HOMEWORK - Fall 2009 28. (0.5 point each, unless otherwise noted) Answer the following related to ConocoPhillips (C) for the year ended December 31, 2008. Note that you can find Cs financial statements and related footnotes on Cs web page OR on the SECs w
Troy - ACT - ACT3391
HOMEWORK - Fall 2009 29. (2 points) The December 31, 2010 inventory of Gwynn Company. Replacement Estimated Expected Normal Profit Product Original Cost Cost Disposal Cost Selling Price on Sales A $25.00 $22.00 $6.50 $40.00 20% B $42.00 $40.00 $12.00 $48.
Troy - ACT - ACT3391
HOMEWORK - Fall 2009 33. (5 points) On March 1, 2010, Newton Company purchased land for an office site by paying $540,000 cash. Newton began construction on the office building on March 1. The following additional construction-related expenditures were in
Troy - ACT - ACT3391
w ileyplus 1w ileyplus 1w ileyplus 1Copyright 2000-2009 by John Wiley & Sons, Inc. or related companies. All rights reserved.o o o ow ileyplus 1w ileyplus 1Copyright 2000-2009 by John Wiley & Sons, Inc. or related companies. All rights reserved.o
Troy - ACT - ACT3391
Wileyplus4&5Question1 Thebalancesheetisusefulforanalyzingallofthefollowingexcept profitability. solvency. financialflexibility. liquidity. Question2Thestatementofcashflowsprovidesanswerstoallofthefollowingquestionsexcept Whatwasthechangeinthecashbalance
Troy - ACT - ACT3391
Wileyplus9Question1 Forthecompositemethod,thecomposite rateisthetotalannualdepreciationdividedbythetotaldepreciablecost. lifeisthetotalcostdividedbythetotalannualdepreciation. rateisthetotalcostdividedbythetotalannualdepreciation. lifeisthetotaldepreciab
Ohio State - BUS ADM - 453
1. FranklinRoosevelt'sNewDealwasmostnotablefor StudentResponse A. endingtheGreat Depression. B. providingmoderate 100% socialreformwithout radicalrevolutionor reactionaryfascism. C. underminingstate andlocal governments. D. aidingbigcitiesatthe expenseof
Ohio State - BUS ADM - 453
Chapter 281. TeddyRooseveltbelievedthattrusts StudentResponse A. couldbedestroyed withoutdamageto theAmerican economy. B. weregreedyfor powerandwealth. C. weretoopowerfulto beregulated. D. wereheretostaywith100% theirefficientmeans ofproduction. E. shoul
University of Phoenix - BIS - 219
A&P The Early Days. A&P had several attributes to its success in its early history as a company. The company was originally founded in 1859 by George Huntington Hartford and George Gilman who opened a store called Great American Tea Company on Vesey Stree
Bunker Hill - CIT - 110
Mauricio Romero Arango Chapter 4. Check your understanding 1. False 2. Burn-in test 3. At the time a component is purchased and installed 4. False 5. Hard disk drive 6. Configuration Problem 7. Conflict 8. False 9. New Version 10. Workaround 11. False 12.
N.C. State - SOCIOLOGY - 202
Exam 1 Concept ListSociological Imagination: the ability to discern the relationship between large-scale social forces and the actions of individuals. [1] It includes both the capacity to see relationships between individual biographies and historical ch
University of Hawaii, Manoa - ACC - 987987
Kiana Dela Cruz September 1, 2010 ACCT 201 Chapter 1 Homework pp 33 EX 1-7 a. Assets Liabilities = Owners Equity 760,000 240,000 = 52,000 b. 760,000 +120,000 =880,000 880,000-312,000= 568,000 c. 760,000 -160,000 =700,000 700,000 218,000 = 481,600 d. 760,0
RMU - MIS - MIS 510
Assignment #1Use of Information Technology to Improve the Quality of Health Care in the United StatesProfessor Michael Yates Nirali Patel 10/4/2010Article: Use of Information Technology to Improve the Quality of Health Care in the United States Abstrac
RMU - MIS - MIS 510
Compare and contrast two of the eight planning techniques for systems planning discussed in the book starting on page 145. Be sure to cover how they are similar and how they differ. Of the two you choose, tell me which one you like more and why. Strategic
RMU - MIS - MIS 510
Review a current article on the outsourcing of IT in todays business world. Be sure to follow t he outline for an article review in the syllabus. Abstract:T his article focuses on the Medical tourism. The outsourcing of healthcare services specially pati
RMU - MBA - MGT 560
Project Proposal OutlineMIS 510 Group 3Organization * Robert Morris University Formerly known as Robert Morris College First established in Illinois in 1965 at the site of the former Carthage College. Opened the additional campus sites from 1988 to the
RMU - MBA - ACC 510
Accounting for Managerial Decisions 19Nirali Patel ACC 510: Accounting for Managerial Decisions Professor: David KnutsenAccounting for Managerial Decisions 29Table of Contents:Introduction: .3 Corporate Culture: .3 Purpose Statement: .4 Why are health
RMU - MBA - ACC 510
8-2:Death Spiral An insurance company has the following profitability analysis of its services:Revenues Commissions Payments Fixed Costs Profit InstructionsLife Insurance $5,000,000 (1,000,000) (3,000,000) (500,000) $ 500,000Auto Insurance $10,000,000
RMU - MBA - ACC 510
a.Allocated joint cost per stone using the number of stones: Grade I Number of stones per batch Percent of stones Allocated cost to each grade Allocated joint cost per stone Grade II Grade III Totalb.Allocated joint cost per stone (before taxes) using
RMU - MBA - ACC 510
Exercise 12-9 Standard Cost Sheet: Massage Chair Description of Cost Metal Tubing Leather Padding Direct Labor T. Quantity 3,000 1,000 1,500 2,000 Q. per Chair 6 meters @ 2 sq meters @ 3 kilograms @ 4 hours @ DM/DL Cost Cost per Chair $3.00 $18.00 $7.00 $
RMU - MBA - MGT 560
2009-2010 ROBERT MORRIS UNIVERSITY ELECTRONIC PORTFOLIO PROJECT Mgt 560 Operations Management Individual Research ReportTHE ELECTRONIC PORTFOLIO One of the resources you purchased is an electronic portfolio from LiveText. * You MUST comply with the "repo
RMU - MBA - MGT 560
CASE: Wyatt Earp - The Buffalo Hunter F. Robert Jacobs, Indiana University The legend of Wyatt Earp lives on largely based on his exploits as a gunfighter and Marshall of the frontier West in the 1880s. The classic tales of the shootout at the O.K. Corral
RMU - MBA - MGT 560
1Patel Nirali MGT 560 operations and supply management Question 1: Compare Wyatt's buffalo hunting to the approach used by the old timers? In older times, there was standard way of hunting. The buffalo hunter would typically have five four-horse wagons,
RMU - MBA - MGT 505
Nirali Patel Date- Feb 12/2010 Writea3to5pagepaperreflectingontheimportanceofethicsasitrelatestoorganizationalgrowthand developmentinyourpaperarticulateanalyticallyhowtheanalysisofdilemmaparadigmsandtheresolution principlesdiscussedinclasscanassistindevel
RMU - HRM - MGT 530
Chapter5Presentation HumanResourcePlanningNirali Patel John Wenc Jason Shank Mayra OsegueraHumanResourcePlanningHR resource planning is part one of a two step process for strategy.It is the deployment of human capital in the most efficient way.HR str
RMU - HRM - MGT 530
NiraliPatel Chapter11:Compensation MGT530:StrategicHumanResource Management JaniceNewmanCompensation is very important in strategic human resource management. Compensation strategy is designed to attract new talents, retain current employees and ensures
RMU - HRM - MGT 530
Contemporary HR Article Nirali Patel MGT 530: Strategic Human resource Management Professor Janice NewmanCreating a Cultural of Professional EngagementAbstract:This study examines the role of senior management in improving an organization structure tha
RMU - HRM - MGT 530
1N irali Patel Annotative Bibliography MGT 530: Strategic Human Resource Management Janice Newman Tuesday, June 01, 20102Effects on Organizational functions and success: An Annotated B ibliography Strategic Planning1) A Management Consultants Guide to
RMU - HRM - MGT 530
Strategic Human Resource Management atBy: Jason Shank, John Wenc, Nirali Patel, & Mayra Oseguera Establishedin1998 NumberofEmployees20,621(2010) Initialpublicofferingfollowedin2004 Revenuein2009US$23.651billion, GoogleGets1,000,000ApplicationsperYear,
RMU - MBA - PMP 575
Normal Network diagram for problem 9 - page 425 4 C1 10 0 A4 D5 0 0 Start 0 0 3 E4 0 B3 2 5 3 F1 6 7 4 3 5 9 7 7 4 0 4 4 9 9 4 4 9 9 11 11 5 5Suppose A and D are both reduce by one day at cost of 15$/day of reduction3 C1 8 0 A3 0 0 Start 0 0 3 3 E4 3 0
RMU - MBA - PMP 575
Problem no.3 :Time Period Initial Cash Investment A0 = 1 2 3 4 Rate k = 0.20Cashflow -75000 20000 25000 30000 50000$75,501.54 Discounted Cash Flow to Determine NPV (project) = A0 + NPV function Value $501.54Problem no.6:Time Period 0 1 2 3 4 Cashflows
RMU - MBA - PMP 575
Problem # 1 Actual Cost Planned Value Earned Value 540,000 523,000 535,000i) Cost varianceCV = EV-AC (5,000)ii) Schedule Variance = EV - PV SV 12,000 Since the Cost Variance is project is Over budget Schedule Variance is favourable to project.Problem
RMU - MBA - PMP 575
8 D7 10 0 A8 0 0 Start 0 0 8 0 8 C3 8 815rectangle represents activities171111 E6171111170 B10 11011 F7181112198a) The critical path of the project is Start A-C-E-G End 8b) It will take 22 days to complete the entire project 8c) Yes, the
RMU - MBA - PMP 575
SLD Adidas Group Integrated E-commerce SolutionTeam 1: John Wenc Daniel Sosa William Haselberger Nirali PatelAbout Team 1 Consulting, Inc:Team 1 Consulting Inc (henceforth referred as Team 1) is a Premier IBM Business Partner. Team1 specializes in info
RMU - MBA - PMP 575
AutomotiveBuildersInc.;The StanhopeProjectNiraliPatel,JohnWenc,DanSosa,BillHaselbergerQuestionnumber2:WereABIsStanhopesitecostsinTable2derivedbyatop downorbottomupprocess? Why?Organizational Overview:The Farm Equipment Company started just after the
RMU - MBA - PMP 575
Sharon Construction CorporationNirali Patel John Wenc Daniel Sosa William HaselbergerQuestion no.1Analyze the five proposals and make recommendations based on expected cost.About the Company: SharonConstruction Company is awarded the contract of 20,