Microsoft KB Archive/917984

= MCSA/MCSE Self-Paced Training Kit (Exam 70-290): Managing and Maintaining a Microsoft Windows Server 2003 Environment, Second Edition comments and corrections =

Article ID: 917984

Article Last Modified on 10/4/2007

-

APPLIES TO


 * MCSA/MCSE Self-Paced Training Kit (Exam 70-290): Managing and Maintaining a Microsoft Windows Server 2003 Environment, Second Edition, ISBN 0-7356-2289-2

-



SUMMARY
This article contains comments, corrections, and information about known errors relating to the Microsoft Press book MCSA/MCSE Self-Paced Training Kit (Exam 70-290): Managing and Maintaining a Microsoft Windows Server 2003 Environment, Second Edition, 0-7356-2289-2.

The following topics are covered:


 * CDROM: Incorrect event source indicated in Readiness Review question
 * CDROM: Correct answer marked incorrect in Readiness Review
 * CDROM: &quot;Account logon&quot; and &quot;Logon&quot; events are reversed in a Readiness Review question
 * CDROM: Demo on CD is not functioning
 * Page 5-16: &quot;Exercised 1&quot; used in place of &quot;Exercise 2&quot;
 * Pages 5-23 and 5-25: Page header information is incorrect
 * Page 13-12: Command line uses incorrect spacing
 * Page 14-39: Incorrect spacing used in Answer B
 * Page 15-14: Incorrect command parameters in Answer D
 * Page 15-22: Correct answer marked incorrect
 * Page 15-41: The multiple choice answers for Question 4 are incorrect
 * Pages 15-43 & 15-44: Answer to Question 4 is incorrect
 * Page 17-8: &quot;538&quot; should be &quot;528&quot;
 * Page 17-11: &quot;538&quot; should be &quot;528&quot;



CDROM: Incorrect event source indicated in Readiness Review question
In the Readiness Review Assessment, one of the questions reads:

&quot;You have configured an event log filter as shown in the exhibit. If the filter is applied, which of the following statements about the event log display will be true?”

The question is followed by an image of a dialog with &quot;eventlog&quot; selected as the &quot;Event Source&quot;.

The image should indicate &quot;(All)&quot; as being selected for the &quot;Event Source&quot;.

CDROM: Correct answer marked incorrect in Readiness Review
In the Readiness Review Assessment, one of the questions reads:

&quot;You are the systems administrator for several small businesses. One of the small businesses you work for has reported that the performance of its server appears to be degrading. The server is configured as follows:

Volume     Type        File System Fault Tolerance Fragmentation Drive C    Dynamic NTFS        Mirrored        9% Drive D    Basic       NTFS        None        13% Drive E    Dynamic NTFS        Striped     23% Drive F    Dynamic NTFS        RAID-5      32% Drive G    Dynamic NTFS        RAID-5      41% On which of the Windows Server 2003 system volumes will Windows recommend that you run the defragmenter? (Select all that apply.)&quot;

When the question is scored, it indicates that drives D, E, and F are correct answers.

Drive G should also be marked as correct.

CDROM: &quot;Account logon&quot; and &quot;Logon&quot; events are reversed in a Readiness Review question
In the Readiness Review Assessment, one of the questions reads:

&quot;In a recent network break-in, the intruder logged on as a user with permission to read a set of confidential files. You suspect that the intruder used a brute force approach to discover the user's password.

You have implemented a string password policy and required all users to change their passwords. Now you want to institute an audit policy that will let watch for a pattern indicating a brute force attack on domain accounts.

Which event category will you audit on the domain controller to gather the necessary information?&quot;

The answer that is marked correct reads:

&quot;Audit failed logon events.&quot;

The answer that should be marked correct reads:

&quot;Audit failed account logon events.&quot;

The explanation reads:

&quot;A brute force attack is one in which the intruder attempts to &quot;guess&quot; the user's password by systematically trying combinations of letters, numbers, and symbols. To watch for a pattern that indicates a brute force attack, you will want to watch for failed logons at the domain controller. The Logon event occurs when authentication is attempted by a domain controller. Account logon events occur on the local system where the user is logging on, not on the domain controller. Therefore, auditing failed account logon events on the domain controller will not give you the information you need. Account logon events occur on the local system where the user is logging on, not on the domain controller. Therefore, auditing successful account logon events on the domain controller will not give you the information you need. Auditing successful logon events will not give you information about attempts to crack a password. It will also fill the event log very quickly.&quot;

The explanation should read:

&quot;A brute force attack is one in which the intruder attempts to &quot;guess&quot; the user's password by systematically trying combinations of letters, numbers, and symbols. To watch for a pattern that indicates a brute force attack, you will want to watch for failed logons at the domain controller. The account logon event occurs when authentication is attempted by a domain controller. Logon events occur on the local system where the user is logging on, not on the domain controller. Therefore, auditing failed logon events on the domain controller will not give you the information you need. Logon events occur on the local system where the user is logging on, not on the domain controller. Therefore, auditing successful logon events on the domain controller will not give you the information you need. Auditing successful account logon events will not give you information about attempts to crack a password. It will also fill the event log very quickly.&quot;

CDROM: Demo on CD is not functioning
On the main menu of the Companion CD, the Demo exercise does not function. Use the application at http://www.microsoft.com/learning/mcpexams/simulations/AssessmentDemo/T_AssessmentDemo.htm in its place.

Page 5-16: &quot;Exercise 1&quot; used in place of &quot;Exercise 2&quot;
On page 5-16, the first step of Exercise 3 reads:

&quot;From the result set returned in Exercise 1, open Server01's properties dialog box.&quot;

It should read:

&quot;From the result set returned in Exercise 2, open Server01's properties dialog box.&quot;

Pages 5-23 and 5-25: Page header information is incorrect
On pages 5-23 and 5-25, the header information at the top of the page reads:

&quot;Lesson 2 Managing Computer Accounts&quot;

It should read:

&quot;Lesson 3 Troubleshooting Computer Accounts&quot;

Page 13-12: Command line uses incorrect spacing
On page 13-12, the command line under the first sentence in Step 2 of Exercise 3 reads:

D:\i386\winnt32.exe/ cmdcons

It should read:

D:\i386\winnt32.exe /cmdcons

Page 14-39: Incorrect spacing used in Answer B
On page 14-39, the first sentence of answer B for question 4 reads:

&quot;The ListsvcRecovery Console command will list all drivers and services.&quot;

It should read:

&quot;The Listsvc Recovery Console command will list all drivers and services.&quot;

Page 15-14: Incorrect command parameters in Answer D
On page 15-14, Answer D to Question 1 reads:

&quot;D. dsmod computer CN=pserver01,CN=PSERVERS,DC=contoso,DC=com -reset&quot;

It should read:

&quot;D. dsmod computer CN=pserver01,OU=PSERVERS,DC=contoso,DC=com -reset&quot;

Page 15-22: Correct answer marked incorrect
On page 15-22, the answers to question 3 reads:

&quot;3. Correct Answers: B, D, and G

A. Incorrect: Domain local groups cannot be converted to global groups regardless of domain functional level.

B. Correct: Global groups without other global groups as members can be converted to universal groups.

C. Incorrect: The conversion of groups of this type could create a circular reference and is not permitted.

D. Correct: There is no restriction on this type of conversion, at this functional level, regardless of universal group memberships.&quot;

They should read:

&quot;3. Correct Answers: B, C, D, and G

A. Incorrect: Domain local groups cannot be converted to global groups regardless of domain functional level.

B. Correct: Global groups without other global groups as members can be converted to universal groups.

C. Correct.

D. Correct: There is no restriction on this type of conversion, at this functional level, regardless of universal group memberships.&quot;

Page 15-41: The multiple choice answers for Question 4 are incorrect
On page 15-41, the multiple choice answers for Question 4 read:

&quot;A. Disable the CFO’s account.

B. Reset the CFO’s password.

C. Because the CFO’s password is printed on a scrap of paper in his wallet, you should ensure that he has a new one.

Revoke the Enterprise CA’s signing certificate.

D. Revoke the CFO’s smart card certificate and update the certificate revocation list (CRL).

E. Issue the CFO a new smart card and certificate.&quot;

They should read:

&quot;A. Disable the CFO’s account.

B. Reset the CFO’s password.

C. Revoke the Enterprise CA’s signing certificate.

D. Revoke the CFO’s smart card certificate and update the certificate revocation list (CRL).

E. Issue the CFO a new smart card and certificate.&quot;

Pages 15-43 & 15-44: Answer to Question 4 is incorrect
On pages 15-43 and 15-44, the Answer to Question 4 reads:

&quot;4. Correct Answers: B, C, and D

A. Incorrect: If you disable the executive’s account, he will be unable to access his private files located on the file server this afternoon.

B. Correct: This would invalidate all certificates issued by the Enterprise CA, which would cause problems for everyone trying to log on.

C. Correct: Revoking the CFO’s smart card certificate makes the lost smart card essentially useless.

D. Correct: The final step is to issue the CFO&quot;

It should read:

&quot;4. Correct Answers: B, D, and E

A. Incorrect: If you disable the executive’s account, he will be unable to access his private files located on the file server this afternoon.

B. Correct: Because the CFO’s password is printed on a scrap of paper in his wallet, you should ensure that he has a new one.

C. Incorrect: This would invalidate all certificates issued by the Enterprise CA, which would cause problems for everyone trying to log on.

D. Correct: Revoking the CFO’s smart card certificate makes the lost smart card essentially useless.

E. Correct: The final step is to issue the CFO&quot;

Page 17-8: &quot;538&quot; should be &quot;528&quot;
On page 17-8, Answers C, D, E and F to Question 3 all contain an incorrect Logon Event.

Change:

&quot;Set the Event ID to 538.&quot;

To:

&quot;Set the Event ID to 528.&quot;

Page 17-11: &quot;538&quot; should be &quot;528&quot;
On page 17-11, the second sentence in Answer F to Question 3 contains an incorrect Logon Event ID.

Change:

&quot;Although all Event IDs listed in this question are 538, 538 is the logon event ID.&quot;

To:

&quot;Although all Event IDs listed in this question are 528, 528 is the logon event ID.&quot;

Microsoft Press is committed to providing informative and accurate books. All comments and corrections listed above are ready for inclusion in future printings of this book. If you have a later printing of this book, it may already contain most or all of the above corrections.

The print number of the book is located on the copyright page in the form of a string of numbers. For example: &quot;2 3 4 5 6 7 8 0 QWT 9 8 76 5 4&quot;. The first number in the string is the the print number. In this example, the print number is 2.

Additional query words: 0-7356-2289-2 978-0-7356-2289-0

Keywords: KB917984

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.