Melanie's company, Wingtip Toys, has just acquired Tailspin Toys. The board of directors decided that since the computer network was going to be changing because of the acquisition, it would be a good time to upgrade the current network to Microsoft Windows 2000. Melanie is the lead infrastructure planner on the Active Directory services infrastructure design team. The business and technical environment analysis documents have been compiled and copies have been distributed to everyone on the team. Melanie and the other infrastructure planners are now in the process of designing a forest model for the organization. Initially the board of directors for Wingtip Toys wants to keep the two companies completely separate. In six months to a year, they want to easily be able to combine the two companies. The required result for Melanie and her team of infrastructure designers is to determine a forest structure that will allow the two companies to be completely separate. The first ideal outcome of the plan is to allow the members of the board of directors and the accounting department, whose accounts are in the Wingtip Toys forest, to have access to resources in the Tailspin Toys forest. The second ideal outcome of Melanie's plan is for her to determine how to move the domains from the Tailspin Toys forest into the Wingtip Toys forest.
To prepare for the installation, Melanie proposes creating two separate forests, one for Wingtip Toys and one for Tailspin Toys. By creating two separate forests, the two business units can be completely separate. Melanie also proposes setting up a one-way nontransitive trust to provide interforest access for the members of the board of directors. Specifically, Melanie proposes having domain 1, located in the Wingtip Toys forest and containing the accounts for the members of the board of directors and the accounting department, trust domain A, which is in the Tailspin Toys forest. The trust will allow the members of the board of directors and the accounting department to access resources in domain A. When the transition period is over, Melanie proposes that network administrators clone the security principals. Then they can migrate any objects using the LDAP Data Interchange Format command-line tool. Next they can decommission the domain controllers and add each to the new forest domain. Does Melanie's proposal satisfy the required result and the two ideal outcomes?

Which of the following statements regarding smart card logon and multiple forests is correct?

In Active Directory, which of the following statements about the schema are correct? (Choose all answers that are correct.)
a. The schema is a naming context that is replicated to every domain controller in the forest.
b. A partial replica of the schema is replicated to every domain controller in the forest.
c. The Enterprise Admins predefined universal group has full control of the schema.
d. The Schema Admins predefined global group has full control of the schema.

In Active Directory, which of the following statements about the global catalog are correct? (Choose all answers that are correct.)
a. The global catalog stores a full replica of all object attributes in the directory.
b. The global catalog stores a full replica of all object attributes in the directory for its host domain.
c. The global catalog allows users to log on by using an abstracted user principal name.
d. The global catalog requires users to log on by specifying the default user principal name.

In Active Directory, which of the following statements about when you can have multiple forests in your organization is correct?

In Microsoft Windows 2000 Server, an abstract class can be used to extend the definition of a class that inherits from it, but it cannot be used to form a class by itself.

Modifying the schema can cause which of the following to occur? (Choose all answers that are correct.)
a. The schema cache could be updated.
b. Network performance can increase significantly.
c. An existing object instance could become invalid.
d. An existing object instance could become deactivated.

To view the base schema classes, which of the following should you do? (Choose all answers that are correct.)
a. Start WordPad, and open the read-only file BaseDIT.
b. Install all the Windows 2000 administration tools.
c. Add the Active Directory Schema snap-in to Microsoft Management Console (MMC).
d. Start the LDAP Data Interchange Format (LDIFDE.EXE) command-line tool.

Which of the following actions allows you to view the parent class for a schema class object?

Which of the following statements about the Active Directory schema are true? (Choose all answers that are correct.)
a. A base schema, often called the base directory information tree (DIT), ships with Microsoft Windows 2000 Professional.
b. A base schema, often called the base directory information tree (DIT), ships with Windows 2000 Server.
c. There are more than 900 schema class objects and nearly 200 schema attribute objects included with Windows 2000 Server by default.
d. There are nearly 200 schema class objects and more than 900 schema attribute objects included with Windows 2000 Server by default.

Rico's company, Coho Vineyard, is upgrading its network from Microsoft Windows NT 4 to Microsoft Windows 2000. There are currently two Windows NT 4 domains. The first domain is primarily set up for the three winemakers and their nine assistants. When the winemakers log on to the network, they have access to all recipes and methodology for producing their award-winning wines. This information must be protected at all cost. The warehouse manager and his three assistant managers are also in this domain. The second domain is for the store and the executive and marketing staff. The store has about 35 employees. The store is open six days a week. The store has a number of kiosks set up so that customers can browse the wines in stock, the qualities of each type of wine, the usage for each wine, and the price per bottle or case of wine. The store also has three point-of-sale computers so that customers can purchase wines while in the store. The executive and marketing staff is housed on the third floor of the store and adds about nine users to the store domain. The business and technical environment analysis documentation has already been compiled, and copies have been distributed to everyone on the team.
Rico is a planner on the infrastructure design team. The required result assigned to Rico and his team is to define domains that will work for his company. When defining the domains, Rico's first ideal outcome is to provide the necessary security for the winemakers. Currently the Windows NT 4 network at Coho Vineyard has strict password and account lockout policies in place for the winemakers. Rico must also allow for the kiosks in the store. The second ideal outcome of the plan is to ensure that replication traffic will not be competing with data traffic, causing the network to be slow and forcing customers to wait for information about wines they want to purchase.
Rico and the infrastructure design team propose creating only one domain to keep administration as simple as possible. There are only 60 employees and about 30 computers. Rico and the design team don't think it's necessary to set up two domains—one for the winemakers and one for the rest of the organization—with separate security requirements. They decide that organizational units (OUs) can provide sufficient security for the winemakers' recipes and methodology. However, Rico and the design team also propose securing the area where these computers are stored by using a badge entry system. The password policy and account policy can still be used without interfering with the kiosks. For example, to force users to have a password, Coho Vineyard could use something like guest100–guest103 as the kiosk user logons and have the passwords be guest100–guest103. Rico and the design team propose having a domain controller in the executive offices and a domain controller in the winemakers building. The amount of network traffic is minimal, so the replication should not interfere with store or office operations or force customers to wait for information. Does the proposal made by Rico and the design team satisfy the required result and the two ideal outcomes?

When defining domains, it is recommended that you do which of the following?

If a link is connected by SMTP-only links, it must have its own domain.

Which of the following statements is a goal for defining domains?

Because group policy is applied at the __________ level, if your organization uses group policy across the enterprise, the group policy must be applied separately to each _____________.

Once you have created your forest root domain, which of the following statements are true? (Choose all answers that are correct.)
a. You cannot create a new forest root domain.
b. You can create a new parent for a forest root domain.
c. You cannot rename the forest root domain.
d. You can delete the parent of a forest root domain.

The predefined groups that reside only in the forest root domain are __________ and ___________.

When choosing a forest root domain, you cannot designate an existing domain as the forest root domain.

Which of the following are advantages of designating a dedicated domain to serve as the forest root domain? (Choose all answers that are correct.)
a. Defining a dedicated domain allows you to have multiple domains, which is the only way to have fault tolerance.
b. A dedicated forest root domain is small and can be easily replicated across the enterprise.
c. A dedicated forest root domain is small, so if the organization changes and the forest root domain becomes obsolete, there are few user accounts or other objects that must be moved to another domain in the forest before you delete it.
d. Domain administrators in the forest root domain can regulate membership in the Enterprise Admins predefined group.

Which of the following statements about parent-child trusts are true? (Choose all answers that are correct.)
a. They are created automatically.
b. They are one-way nontransitive trusts.
c. They are two-way transitive trusts.
d. They must be created explicitly.

Which of the following statements about parent-child trusts are true? (Choose all answers that are correct.)
a. They cannot be created between peer domains.
b. Administrators in a parent domain have rights in the child domain only if you explicitly set them up.
c. Interdomain authentication must follow established parent-child trust paths.
d. Group policies in a parent domain automatically propagate to child domains.

Which of the following statements about parent-child trusts are true? (Choose all answers that are correct.)
a. Administrators in a parent domain automatically have rights in the child domain.
b. Group policies in a parent domain do not automatically propagate to child domains.
c. Administrators in a child domain do not automatically have rights in the parent domain.
d. Domains that function as peers cannot have parent-child trust relationships.

Which of the following statements about cross-link trusts are true? (Choose all answers that are correct.)
a. Cross-link trusts are explicitly created to improve query response performance.
b. Cross-link trusts are implicit two-way transitive trusts.
c. Cross-link trusts are also known as shortcut trusts.
d. Cross-link trusts can be created between Microsoft Windows 2000 domains in different forests.

Which of the following statements about trees in a forest are true? (Choose all answers that are correct.)
a. A forest is a grouping of two or more trees.
b. Each tree in a forest requires a separate Domain Name System (DNS) name.
c. A tree root domain can also be the forest root domain.
d. The recommended number of trees in a forest is two.

Which of the following statements about domain names are true? (Choose all answers that are correct.)
a. Microsoft Windows 2000 domain names are also Domain Name System (DNS) names.
b. The name of the parent domain is designated by the name of the child domain preceded by a label.
c. It is very important for you to carefully choose your domain names, but all domain names can be changed.
d. You should register all second-level domain names with InterNIC or some other authorized naming authority.

Dividing your namespace into zones distributes traffic loads among multiple servers and improves DNS name resolution.

Which of the following statements about standard zone replication are true? (Choose all answers that are correct.)
a. A secondary zone is the master copy of a zone stored in a standard text file on a primary Domain Name System (DNS) server.
b. One can administer and maintain a primary zone on any DNS server in the zone.
c. It provides fault tolerance among DNS servers in the zone.
d. It can reduce wide area network (WAN) traffic by allowing DNS servers to be added in remote locations.

Which of the following statements about zone replication are true? (Choose all answers that are correct.)
a. It is the synchronization of Domain Name System (DNS) data between DNS servers within a forest.
b. It provides load balancing among domain controllers.
c. It provides fault tolerance among DNS servers in the zone.
d. It can reduce wide area network (WAN) traffic by allowing DNS servers to be added in remote locations.

When a zone is created, the Domain Name System (DNS) automatically adds two resource records of the following types: _________ and __________.

Which of the following statements about Active Directory zone replication are true? (Choose all answers that are correct.)
a. Each Primary Domain Controller (PDC) functions as a primary Domain Name System (DNS) server.
b. DNS resource records are part of Active Directory and are replicated to each domain controller.
c. Updates to zones are allowed only at the PDC.
d. Active Directory zone replication is processed at the property level.