Errata

Correct answer marked incorrect in Readiness Review
In the Readiness Review Assessment, one of the questions reads:



"You are the systems administrator for several small businesses. One of the small businesses you work for has reported that the performance of its server appears to be degrading. The server is configured as follows:



Volume Type File System Fault Tolerance Fragmentation

Drive C Dynamic NTFS Mirrored 9%

Drive D Basic NTFS None 13%

Drive E Dynamic NTFS Striped 23%

Drive F Dynamic NTFS RAID-5 32%

Drive G Dynamic NTFS RAID-5 41%



On which of the Windows Server 2003 system volumes will Windows recommend that you run the defragmenter? (Select all that apply.)"



When the question is scored, it indicates that drives D, E, and F are correct answers.



Drive G should also be marked as correct.

Demo on CD may not function
On the main menu of the Companion CD, the Demo exercise may not function. Please skip this Demo.

Incorrect answer marked correct in Readiness Review
In the Readiness Review Assessment, one of the questions reads:



"You are an administrator for a Microsoft Windows Server 2003 Active Directory domain. You are training users to whom you plan to delegate departmental administrative tasks. You are creating a written procedure for changing the logon hours for all user accounts in an OU. All users in each OU are also members of a group located in the same OU and named with the same name as the OU. You want the users you are training to complete the procedure in as few steps as possible.



From the list on the right, select the procedural steps needed to set the logon hours for all users. Place your selections in the list on the left in the order in which they must be performed. Place you selections in the list on the left bt clicking the items in the list on the right, then clicking the arrow button. You can also use the Up and Down buttons to rearrange items in the list on the left. You might not need to use all of the items from the list on the right."



Currently, the test scores the question incorrectly. The second step in the answer is incorrect.



Change:

"Right-click the group to which all users belond and run Properties."



To:

"Right-click and run Properties after selecting all of the user accounts."

Readiness Review answer partially incorrect
In the Readiness Review Assessment, one of the questions begins:



"You are the administrator of six stand-alone Windows Server 2003 systems. You want to install a new Small Computer System Interface (SCSI) hard disk drive on each Windows Server 2003 system. You schedule a time in the middle of the night to shut down the servers and install the new drives."



The answers that are marked as correct read:

"Reconfigure the domain GPO and set the Unsigned Driver Installation Behavior policy to Warn But Allow Installation"

and

"Select the Administrator Option/Make This Action The System Default check box in the Driver Signing Options dialog box, accessible from the System Properties. This will enable to user to switch the option from Block to Ignore."



The correct answers should be:

"Select the Administrator Option/Make This Action The System Default check box in the Driver Signing Options dialog box, accessible from the System Properties. This will enable to user to switch the option from Block to Ignore."

and

"Reconfigure the GPO applied to the OU of which the servers are members and set the Unsigned Driver Installation Behavior policy to Warn But Allow Installation."

Incorrect answer marked correct in Readiness Review
In the Readiness Review assessment, one of the questions begins:

"You are a contractor specializing in small businesses. You provide assistance with planning, implementation, and some ongoing support..."



The wrong answer is marked correct. The answer that should be marked correct is:

"Use Terminal Services Configuration to end a session five minutes after a user disconnects."

Page header information is incorrect
On pages 5-23 and 5-25, the header information at the top of the page reads:



"Lesson 2 Managing Computer Accounts"



It should read:



"Lesson 3 Troubleshooting Computer Accounts"

Incorrect spacing used in Answer B
On page 14-39, the first sentence of answer B for question 4 reads:



"The ListsvcRecovery Console command will list all drivers and services."



It should read:



"The Listsvc Recovery Console command will list all drivers and services."

Correct answer marked incorrect
On page 15-22, the answers to question 3 reads:



"3. Correct Answers: B, D, and G

A. Incorrect: Domain local groups cannot be converted to global groups regardless of domain functional level.

B. Correct: Global groups without other global groups as members can be converted to universal groups.

C. Incorrect: The conversion of groups of this type could create a circular reference and is not permitted.

D. Correct: There is no restriction on this type of conversion, at this functional level, regardless of universal group memberships."



They should read:



"3. Correct Answers: B, C, D, and G

A. Incorrect: Domain local groups cannot be converted to global groups regardless of domain functional level.

B. Correct: Global groups without other global groups as members can be converted to universal groups.

C. Correct.

D. Correct: There is no restriction on this type of conversion, at this functional level, regardless of universal group memberships."

Answer to Question 4 is incorrect
On pages 15-43 and 15-44, the Answer to Question 4 reads:



"4. Correct Answers: B, C, and D



A. Incorrect: If you disable the executive’s account, he will be unable to access his private files located on the file server this afternoon.

B. Correct: This would invalidate all certificates issued by the Enterprise CA, which would cause problems for everyone trying to log on.

C. Correct: Revoking the CFO’s smart card certificate makes the lost smart card essentially useless.

D. Correct: The final step is to issue the CFO"



It should read:



"4. Correct Answers: B, D, and E



A. Incorrect: If you disable the executive’s account, he will be unable to access his private files located on the file server this afternoon.

B. Correct: Because the CFO’s password is printed on a scrap of paper in his wallet, you should ensure that he has a new one.

C. Incorrect: This would invalidate all certificates issued by the Enterprise CA, which would cause problems for everyone trying to log on.

D. Correct: Revoking the CFO’s smart card certificate makes the lost smart card essentially useless.

E. Correct: The final step is to issue the CFO"

"change" should be "modify"
On page 16-11, the first Answer D on the page contains an incorrect permission.



Change:

"D. Correct: This setting will allow for the Managers to have change permission when logged on locally. They will also have the change permission when accessing

the file from the network unless the share permissions are more restrictive."



To:

"D. Correct: This setting will allow for the Managers to have modify permission when logged on locally. They will also have the modify permission when accessing

the file from the network unless the share permissions are more restrictive."

"538" should be "528"
On page 17-11, the second sentence in Answer F to Question 3 contains an incorrect Logon Event ID.



Change:



"Although all Event IDs listed in this question are 538, 538 is the logon event ID."



To:



"Although all Event IDs listed in this question are 528, 528 is the logon event ID."

Microsoft Press is committed to providing informative and accurate

books. All comments and corrections listed above are ready for

inclusion in future printings of this book. If you have a later printing

of this book, it may already contain most or all of the above corrections.The print number of the book is located on the copyright page in the form of a string of numbers. For example: "2 3 4 5 6 7 8 0 QWT 9 8 76 5 4". The first number in the string is the the print number. In this example, the print number is 2.

Incorrect event source indicated in Readiness Review question In the Readiness Review Assessment, one of the questions reads: "You have configured an event log filter as shown in the exhibit. If the filter is applied, which of the following statements about the event log display will be true?” The question is followed by an image of a dialog with "eventlog" selected as the "Event Source". The image should indicate "(All)" as being selected for the "Event Source".

"Account logon" and "Logon" events are reversed in a Readiness Review question In the Readiness Review Assessment, one of the questions reads: "In a recent network break-in, the intruder logged on as a user with permission to read a set of confidential files. You suspect that the intruder used a brute force approach to discover the user's password. You have implemented a string password policy and required all users to change their passwords. Now you want to institute an audit policy that will let watch for a pattern indicating a brute force attack on domain accounts. Which event category will you audit on the domain controller to gather the necessary information?" The answer that is marked correct reads: "Audit failed logon events." The answer that should be marked correct reads: "Audit failed account logon events." The explanation reads: "A brute force attack is one in which the intruder attempts to "guess" the user's password by systematically trying combinations of letters, numbers, and symbols. To watch for a pattern that indicates a brute force attack, you will want to watch for failed logons at the domain controller. The Logon event occurs when authentication is attempted by a domain controller. Account logon events occur on the local system where the user is logging on, not on the domain controller. Therefore, auditing failed account logon events on the domain controller will not give you the information you need. Account logon events occur on the local system where the user is logging on , not on the domain controller. Therefore, auditing successful account logon events on the domain controller will not give you the information you need. Auditing successful logon events will not give you information about attempts to crack a password. It will also fill the event log very quickly." The explanation should read: "A brute force attack is one in which the intruder attempts to "guess" the user's password by systematically trying combinations of letters, numbers, and symbols. To watch for a pattern that indicates a brute force attack, you will want to watch for failed logons at the domain controller. The account logon event occurs when authentication is attempted by a domain controller. Logon events occur on the local system where the user is logging on, not on the domain controller. Therefore, auditing failed logon events on the domain controller will not give you the information you need. Logon events occur on the local system where the user is logging on , not on the domain controller. Therefore, auditing successful logon events on the domain controller will not give you the information you need. Auditing successful account logon events will not give you information about attempts to crack a password. It will also fill the event log very quickly."

Correct answer marked incorrect in Readiness Review In the Readiness Review Assessment, one of the questions reads: "Rooslan is the systems administrator of a Windows Server 2003 system that runs SQL Server 2000. The server has six SCSI hard drives attached. The first two form a mirrored pair and host the volume that contains the operating system and program files. The other four SCSI disks are configured in RAID-5 and host a single volume that contains all of the database data. Currently, 40 percent of the volume is used. One of the four disks in the RAID-5 volume fails. Which of the following statements about this situation is true?" Currently, the test marks an incorrect answer as correct. The only correct answer for this question is: "The server will continue operating and no data has been lost."

Readiness Review question needs clarification In the Readiness Review Assessment, one of the questions begins: "You are the only administrator for a small Active Directory domain. Your supervisor is the only other person who can log on to the domain as an administrator and cover for you when you are not available. FileServ is a file and print server running Microsoft Windows Server 2003." The 5th sentence in the second paragraph contains an statement that makes the correct answer incorrect. Change: "The local NTFS permissions are at default." To: "The local NTFS permissions has the Everyone group set to Modify."

Incorrect answer marked correct in Readiness Review In the Readiness Review assessment, one of the questions begins:"You are an administrator for a Microsoft Windows Server 2003 Active Directory domain. You are training users to whom you plan to delegate departmental administrative tasks..." The second choice in the correct answer is not correct. Change: "Right-click the group to which all users belong and run Properties." To: "Right-click and run Properties after selecting all of the user accounts."

Command line uses incorrect spacing On page 13-12, the command line under the first sentence in Step 2 of Exercise 3 reads: D:i386winnt32.exe/ cmdconsIt should read: D:i386winnt32.exe /cmdcons

Incorrect command parameters in Answer D On page 15-14, Answer D to Question 1 reads: "D. dsmod computer CN=pserver01,CN=PSERVERS,DC=contoso,DC=com -reset" It should read: "D. dsmod computer CN=pserver01,OU=PSERVERS,DC=contoso,DC=com -reset"

The multiple choice answers for Question 4 are incorrect On page 15-41, the multiple choice answers for Question 4 read: "A. Disable the CFO’s account. B. Reset the CFO’s password. C. Because the CFO’s password is printed on a scrap of paper in his wallet, you should ensure that he has a new one. Revoke the Enterprise CA’s signing certificate. D. Revoke the CFO’s smart card certificate and update the certificate revocation list (CRL). E. Issue the CFO a new smart card and certificate." They should read: "A. Disable the CFO’s account. B. Reset the CFO’s password. C. Revoke the Enterprise CA’s signing certificate. D. Revoke the CFO’s smart card certificate and update the certificate revocation list (CRL). E. Issue the CFO a new smart card and certificate."

"Exercise 1" used in place of "Exercise 2" On page 5-16, the first step of Exercise 3 reads: "From the result set returned in Exercise 1, open Server01's properties dialog box." It should read: "From the result set returned in Exercise 2, open Server01's properties dialog box."

"change" should be "modify" On page 16-6, Answer D to Question 3 contains an invalid permission. Change: "D. NTFS–Managers–Change" To: "D. NTFS–Managers–Modify"

"538" should be "528" On page 17-8, Answers C, D, E and F to Question 3 all contain an incorrect Logon Event. Change: "Set the Event ID to 538." To: "Set the Event ID to 528."