You need to ensure that all computers receive security updates, and you must reduce bandwidth requirements
Your company# s network is geographically dispersed across regions and is connected by slow WAN network connections. All servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You are planning a security update infrastructure. You will deploy a Windows Server Update Services (WSUS) server to each network location. You need to ensure that all computers receive security updates, and you must reduce bandwidth requirements.
What should you do?
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution
Your company has a single Active Directory directory service domain. You have multiple member servers that run Windows Server 2003 SP2 and are configured as Enterprise certification authorities (CAs).
Your CAs accept auto-enrollment requests but do not issue new certificates. You ascertain that multiple Active Directory security groups are missing from the configuration. You need to create the security groups that are necessary to ensure that all users can auto-enroll.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
You need to create a server cluster
All servers in your environment run Windows Server 2003. You have the following three servers:
one x86-based server
two x64-based servers
Each server is equipped with a single network adapter. You need to create a server cluster.
What should you do first?
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution
All the servers in your company run Windows Server 2003. You configure a server as a stand-alone certification authority (CA) that uses role separation.
Members of the local Administrators group are no longer able to perform role-based administration of the CA. You need to ensure that members of the local Administrators group can perform role-based administration of the CA.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
You need to enforce a maximum session time for all remote connections
Your company has an Active Directory directory service domain. All servers run Windows Server 2003. You control remote access to the internal network by using several custom remote access policies. You need to enforce a maximum session time for all remote connections. In the Routing and Remote Access console, you create a new remote session policy.
What should you do next?
Which two types should you specify? (Each correct answer presents part of the solution
Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You are designing a public key infrastructure (PKI) that uses Certificate Services. You have the following requirements. The root certification authority (CA) must be offline unless maintenance is required. You must use certificate templates. You need to specify the CA types to use in your PKI.
Which two types should you specify? (Each correct answer presents part of the solution. Choose two.)
You need to configure Server1 to log the details of access attempts by VPN users
You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains Windows Server 2003 file servers. The network also contains a Windows Server 2003 computer named Server1 that runs Routing and Remote Access and Internet Authentication Service (IAS).
Server1 provides VPN access to the network for users’ home computers. You suspect that an external unauthorized user is attempting to access the network through Server1. You want to log the details of access attempts by VPN users when they attempt to access the network.
You want to compare the IP addresses of users’ home computers with the IP addresses used in the access attempts to verify that the users are authorized. You need to configure Server1 to log the details of access attempts by VPN users.
What should you do?
You need to ensure that in the future, other services that fail do not result in the same type of failure
You are a network administrator for your company. The network consists of a single Active Directory domain and contains 10 Windows Server 2003 computers. You install a new service on a server named Server1. The new service requires that you restart Server1.
When you attempt to restart Server1, the logon screen does not appear. You turn off and then turn on the power for Server1. The logon screen does not appear. You attempt to recover the failed server by using the Last Known Good Configuration startup option. It is unsuccessful.
You attempt to recover Server1 by using the Safe Mode startup options. All Safe Mode options are unsuccessful. You restore Server1. Server1 restarts successfully. You discover that Server1 failed because the new service is not compatible with a security patch.
You want to configure all servers so that you can recover from this type of failure by using the minimum amount of time and by minimizing data loss. You need to ensure that in the future, other services that fail do not result in the same type of failure.
What should you do?
You need to maintain the ability to run the legacy applications on the terminal servers when the new security
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003.
The network contains servers that have Terminal Server enabled. The terminal servers host legacy applications that currently require users to be members of the Power Users group.
A new requirement in the company’s written security policy states that the Power Users group must be empty on all resource servers.
You need to maintain the ability to run the legacy applications on the terminal servers when the new security requirement is implemented.
What should you do?
You need to ensure that all client computers receive valid IP addresses for their subnet even during times of
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
The network consists of three physical subnets, which correspond to the three buildings on the company’s campus, as shown in the Network Diagram exhibit.
All servers have manually configured IP addresses. All client computers receive their TCP/IP configuration information from a DHCP server located on the Building1 subnet.
The DHCP server has one scope configured for each subnet. Users on the Building2 subnet and the Building3 subnet report that they periodically cannot connect to network resources located on any subnet.
You discover that during times of high network usage, client computers in Building2 and Building3 are configured as shown in the Network Connection Details exhibit.
You need to ensure that all client computers receive valid IP addresses for their subnet even during times of high network usage.
What should you do?
Exhibit: