Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com




QUESTION 1
You work as the desktop support technician at Certkingdom.com. The Certkingdom.com network consists of a
single Active Directory domain named Certkingdom.com. The Certkingdom.com network has a Windows Server
2008 application server named ABC-SR01.
Certkingdom.com has entered into partnership with Weyland Industries. Weyland Industries has recently
developed an application for their network users, which will be run from ABC-SR01.
During the course of the day you receive complaints from the Weyland Industries network users
that the application as result of heap corruption. After a brief analysis, you instruct the Weyland
Industries network users to enable the full page heap dump when creating a user dump file for
troubleshooting.
You would like to verify whether the Weyland Industries network users had indeed enabled the full
page heap dump when they created the user dump.
Which of the following actions should you take?

A. You should consider making use of the WinDbg !Locks command.
B. You should consider making use of the WinDbg !runaway command.
C. You should consider making use of the WinDbg !gflag command.
D. You should consider making use of the Debub: D (dump file) command.

Answer: C

Explanation:


QUESTION 2
You work as the desktop support technician at Certkingdom.com. The Certkingdom.com network consists of a
single Active Directory domain named Certkingdom.com. The Certkingdom.com network has a Windows Server
2008 application server named ABC-SR01. Certkingdom.com has recently developed an application that
uses a service for their network users which will be run from ABC-SR01.
While performing daily system maintenance on ABC-SR01 you notice that the CPU is operating at
maximum capacity. You have been tasked with determining which service results in the CPU
utilization being heavy by performing a process dump of the service.
Which of the following actions should you take?

A. You should consider making use of the System Monitor utility after running the dump.
B. You should consider making use of the Adplus.vbs utility after running the dump.
C. You should consider making use of a Process Viewer utility after running the dump.
D. You should consider making use of the Task Manager utility after running the dump.

Answer: B

Explanation:


QUESTION 3
You work as the desktop support technician at Certkingdom.com. The Certkingdom.com network consists of a
single Active Directory domain named Certkingdom.com. All servers on the Certkingdom.com network run
Windows Server 2008. The Certkingdom.com network contains an application server named ABC-SR01.
Certkingdom.com has recently developed an application that makes use of an I/O dispatch routine, which
supports buffered I/O. The CIO from Certkingdom.com has asked you to modify the application to make
use of a 5-KB I/O request packet (IRP). The CIO from Weyland Industries has also asked you to
obtain the kernel address of the 5-KB buffer.
Which of the following statements are true with regard to the kernel address of the 5-KB buffer?

A. The Irp->Overlay.Driver[1] field of the IRP would contain the kernel address of the 5-KB buffer.
B. The Irp->UserBufferContext field of the IRP would contain the kernel address of the 5-KB
buffer.
C. The Irp->AssociatedIrp.SystemBuffer field of the IRP would contain the kernel address of the 5-
KB buffer.
D. The Irp->Overlay.Context field of the IRP would contain the kernel address of the 5-KB buffer.

Answer: C

Explanation:


QUESTION 4
You work as the desktop support technician at Certkingdom.com. The Certkingdom.com network consists of a
single Active Directory domain named Certkingdom.com. All servers on the Certkingdom.com network run
Windows Server 2008. The Certkingdom.com network contains an application server named ABC-SR01.
Certkingdom.com has recently developed a multithreaded application for their network users, which will be
run from ABC-SR01. A current Certkingdom.com written security policy states that all applications should
be tested for heap leaks.
You have been given the task of enforcing this policy.
Which of the following actions should you take?

A. You should consider making use of the Process\Handle Count counter of Performance Monitor.
B. You should consider making use of the Process %Privilege Time counter of Performance
Monitor.
C. You should consider making use of the Process\Private Byte counter of Performance Monitor.
D. You should consider making use of the Process %Elapsed Time counter of Performance
Monitor.

Answer: C

Explanation:


QUESTION 5
You work as the desktop support technician at Certkingdom.com. The Certkingdom.com network consists of a
single Active Directory domain named Certkingdom.com. All servers on the Certkingdom.com network run
Windows Server 2008. The Certkingdom.com network contains an application server named ABC-SR01.
Certkingdom.com has recently developed a driver for newly developed hardware. A current Certkingdom.com
written security policy states that verification on the process interrupts and processor time is used
by new drivers.
You have been instructed to enforce this security policy.
Which of the following actions should you take?

A. You should consider making use of the Windows Event Viewer utility.
B. You should consider making use of the Performance Monitor utility.
C. You should consider making use of the System MonitorTaskmgr.exe utility.
D. You should consider making use of a Process Viewer utility.

Answer: B

Explanation:

 

 

 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com