What should you do first?
Your network consists of two Active Directory forests.
The Active Directory forests are configured as shown in the following table:
You need to prepare the environment to allow users to access resources in all domains from both forests. The solution must require the minimum amount of administrative effort.
What should you do first?
What should you do?
Your network consists of two Active Directory forests. The Active Directory forests are configured as shown in the following table:
The servers in both forests run Windows Server 2008.
A forest trust exists between the fabrikam.com forest and the contoso.com forest.
Fabrikam.com has a server named server1.fabrikam.com.
Contoso.com has a global group named ContosoSales.
Users in the ContosoSales global group access an application on server1.fabrikam.com.
You discover that users from other groups in the contoso.com domain can log on to servers in the fabrikam.com domain.
You need to implement an authentication solution to meet the following requirements:
– Users in the ContosoSales global group must be able to access server1.fabrikam.com.
– Users in the ContosoSales global group must be denied access to all other servers in the fabrikam.com forest.
– All other users in the contoso.com domain must be able to access only resources in the contoso.com forest.
What should you do?
What should you recommend?
Your network consists of one Active Directory forest.
You have two servers named Server1 and Server2. Both servers run Windows Server 2008.
All client computers run Windows Vista.
Hardware on the servers is installed as shown in the following table:
Client computers use the Remote Desktop client to connect to Server1 and Server2.
You need to recommend a solution to control the distribution of user requests made to Server1 and Server2. The solution must enable administrators to distribute the traffic based on the server hardware.
What should you recommend?
What should you do?
Your network consists of one Active Directory forest that contains two domains named domain1 and domain2.
The functional level of the forest is Windows Server 2003.
All domain controllers run Windows Server 2003.
The relevant portion of the network is configured as shown in the exhibit.
All domain controllers for domain1 are in the hub sites.
All domain controllers for domain2 are in the spoke sites.
The Bridge all site links option is disabled.
You plan to deploy a read-only domain controller (RODC) in SiteH for domain2.
You need to prepare the environment for the installation of the RODC.
What should you do?
Exhibit:
What should you do?
Your company has two main offices in Denver and Chicago and four branch offices in New York, Miami, Seattle, and San Francisco.
Each office is configured as an Active Directory site. Site links are configured as shown in the exhibit.
The network consists of one Active Directory forest.
All domain controllers run Windows Server 2003.
Each main office has four domain controllers. Each branch office has one domain controller. The Bridge all site links option is disabled.
You need to prepare the environment to install a read-only domain controller (RODC) in each branch office. The solution must be achieved by upgrading the minimum number of domain controllers.
What should you do?
Exhibit:
Which NAP enforcement method should you use?
Your network consists of one Active Directory domain and one IP subnet. All servers run Windows Server 2008. All client computers run Windows Vista.
The servers are configured as shown in the following table:
All network switches used for client connections are unmanaged. Some users connect to the local area network (LAN) from client computers that are joined to a workgroup. Some client computers do not have the latest Microsoft updates installed.
You need to recommend a Network Access Protection (NAP) solution to protect the network.
The solution must meet the following requirements:
– Only computers that are joined to the domain must be able to connect to servers in the domain.
– Only computers that have the latest Microsoft updates installed must be able to connect to servers in the domain.
Which NAP enforcement method should you use?
What should you include in your plan?
Your network consists of one Active Directory domain. The domain contains servers that run Windows Server 2008.
The servers are configured as shown in the following table:
Server2 and Server3 are configured as RADIUS clients.
You need to plan a solution to manage all VPN connections to the network.
The solution must meet the following requirements:
– Specify the allowed VPN connection protocols.
– Specify the allowed VPN client authentication mechanisms.
– Specify VPN client access rights based on group membership.
What should you include in your plan?
What should you do?
Your network consists of one Active Directory domain and one IP subnet.
All servers run Windows Server 2008. All client computers run Windows Vista, Windows XP Professional, and Windows 2000 Professional.
The servers are configured as shown in the following table:
Server2 is configured to support Network Access Protection (NAP) by using IPsec, DHCP, and 802.1x enforcement methods.
Users from a partner company have computers that are not joined to the domain. The computers successfully connect to the network.
You need to ensure that only computers that are joined to the domain can access network resources on the domain.
What should you do?
What should you recommend?
Your network consists of one Active Directory domain. The domain contains servers that run Windows Server 2008.
The relevant servers are configured as shown in the following table:
All client computers run Windows Vista. You plan to deploy two Java-based applications on all client computers.
The two applications each require a different version of the Java Runtime Environment (JRE).
After testing, you notice that the two JREs prevent the applications from running on the same computer.
You need to recommend a solution that enables the two Java-based applications to run on all client computers.
What should you recommend?
What should you do?
Your network consists of one Windows Server 2008 domain.
The network contains portable computers.
You configure a server that runs Windows Server 2008 as a Routing and Remote Access Service (RRAS) server.
Users connect remotely to the network through a virtual private network (VPN) connection to the RRAS server from both company-issued portable computers and non- company-issued computers.
The relevant portion of the network is shown in the following diagram:
You need to prepare the environment to secure remote access to the network.
The solution must meet the following requirements:
– Only computers that have Windows Firewall enabled can connect remotely.
– Only computers that have the most up-to-date antivirus definitions can connect remotely.
– Only computers that run Windows Vista and have the most up-to-date updates can connect remotely.
What should you do?