1. Your company has 25 Windows NT Workstation 4.0, 20 Windows 2000 Professional and two Windows 2000 Servers. As your management want to standardise all the operating systems in your company, you are ask to upgrade all Windows NT Workstation 4.0 computers to Windows 2000 Professional. You upgrade the computer by using across the network installation and successfully started Windows 2000 Professional at all the upgraded computers. However, the next day you come in to the office, users report to you that they are not able to run some of the applications that they were able to run it before the upgrade. You want to allow all the users to run the applications that they can run before the upgrade in the Windows 2000 Professional computer, how can you accomplish this task?

A. By applying the compatws.inf security template to all the upgraded computers using the Secedit.exe
B. By applying the basicwk.inf security template to all the upgraded computers using the Security Configuration and Analysis snap-in.
C. Assign all the users to the power users group at the upgraded computers.
D. All the computers must have not been configured to join the domain, so you must add those computers to the domain controller first and then users will be able to run all applications.

When NTFS computers are upgraded, their securities are not modified, thus may not suitable for some application in Windows 2000 Professional. Hence the compatible configuration (compatws.inf) should be applied to opens the default permissions for the Users group so that legacy applications are more likely to run correctly in Windows 2000 Professional. Note that you should only apply this if you upgrade from Windows NT 4.0 or earlier version but not Windows 95/98 as Windows 95/98 is not considered a NTFS computer. For those that are clean-installed(In the case of Win95/98 upgrade, it is considered a clean install) the security is modified for Windows 2000 environment, hence do not need this security template, however, incremental security templates can be applied to them. Incremental security template will not be described further as it is beyond the scope of this explanation.

A list of he security templates is shown below(from Microsoft Web site):

· Compatws.inf for workstations or servers. If you do not want your users to run as power users, the compatible configuration opens the default permissions for the Users group so that legacy applications are more likely to run correctly. Office 97 should run successfully when you are logged on as a User to a Windows 2000 machine that has had the compatible security template applied over the default settings. Note that this is not considered a secure environment.
· Securews.inf for workstations or servers, and Securedc.inf for domain controllers provide a secure configuration. The secure configuration provides increased security for areas of the operating system not covered by permissions. This includes increased security settings for Account Policy, Auditing, and some well-known security relevant registry keys. Access control lists are not modified by the secure configurations because the secure configurations assume that default Windows 2000 security settings are in effect.
· Hisecws.inf for workstations and servers, and Hisecdc.inf for domain controllers provide a highly secure configuration. The high security configuration is provided for Windows 2000 computers that operate in native Windows 2000 environments only. In this configuration, all network communications must be digitally signed and encrypted at a level that can only be provided by Windows 2000. Thus, communications between a Windows 2000 highly secure computer and a downlevel Windows client cannot be performed.
The Security Configuration and Analysis snap-in is a MMC snap-in that we can use to apply a security template, likewise, the Secedit.exe which is the command line version of The Security Configuration and Analysis can be used for the same purpose.

Answer: A

References:
http://www.microsoft.com/windows2000/en/professional/help/sag_scedefaultpols.htm
http://www.microsoft.com/TechNet/win2000/seconfig.asp

Free MCSE Practice Test question number #23 provided by http://www.itexams.co.uk for 70-210 exam

 

6. You are the network administrator for a company that has 100 Windows Professional and 2 Windows 2000 Server. You configure all users to store their files in the home folder in your Windows 2000 Server and enable the Encrypting Files System (EFS) in that folder. One day, one of the Sales person named Jennifer complain to you that some of her files that she copied from her home folder to a network shared folder has been amended after few days she copied that files. What is the possible reason that let to that incident?

A. When a folder is shared, all the files in that folder will automatically decrypted.
B. Copying encrypted file within the same volume will retain it encryption attributes, but will loose the encryption if the volume is different or in remote location.
C. File encryption only supported in NTFS, hence the shared folder might be located at a FAT16 or FAT32 partition.
D. The file has been copied to a folder that has the encryption attribute disable.

From Microsoft Web site:
The following explains the procedures and limitations for copying encrypted folders or files on the same volume and from one volume to another.
· To copy a file or folder on the same computer from one NTFS partition in a Windows 2000 location to another NTFS partition in a Windows 2000 location. Copy the file or folder as you would an unencrypted file. Use Windows Explorer or the command prompt. The copy is encrypted.
· To copy a file or folder on the same computer from an NTFS partition in a Windows 2000 volume to a FAT partition. Copy the file or folder as you would an unencrypted file. Use Windows Explorer or the command prompt. Because the destination file system does not support encryption, the copy is in clear text.
· To copy a file or folder to a different computer where both use the NTFS partitions in Windows 2000. Copy the file or folder as you would an unencrypted file. Use Windows Explorer or the command prompt. If the remote computer allows you to encrypt files, the copy is encrypted; otherwise it is in clear text. Note that the remote computer must be trusted for delegation; in a domain environment, remote encryption is not enabled by default.
· To copy a file or folder to a different computer from an NTFS partition in a Windows 2000 location to a FAT or NTFS in a Windows NT® 4.0 location. Copy the file or folder as you would an unencrypted file. Use Windows Explorer or the command prompt. Because the destination file system does not support encryption, the copy is in clear text.

Encryption will be retained if you copied a file to an NTFS file system that support EFS, however if the destination is a FAT or NTFS that doesn't support encryption, then the file will be decrypt in the destination. The destination folder does not necessarily need to be encrypted to retain your encryption attribute. Shared folder will not decrypt all files contain in its folder.

Answer: C

References:
http://www.microsoft.com/TechNet/win2000/win2ksrv/technote/nt5efs.asp
http://www.microsoft.com/technet/win2000/efsguide.asp

Free MCSE Practice Test question number #24 provided by http://www.itexams.co.uk for 70-210 exam

Note: The questions and explanations provided above are free to view by anyone, however, If you would like to post the Free MCSE practice Test questions provided by IT Exams Ltd. to a discussion board, forum or whatsoever free public accessible resources, you should post the line "Free MCSE Practice Test question number #xx provided by http://www.itexams.co.uk for 70-210 exam" together with your posting. IT Exams Ltd. is the owner of All material in this page unless otherwise their sources are quoted.