You are the network administrator for Company.com. The network consists of a single Active Directory forest that contains one domain named Company.com. You need to deploy a new domain named NA.Company.com as a child domain of Company.com. You install a new stand-alone Windows Server 2003 computer named ES1. You plan to make ES1 the first domain controller in the NA.Company.com domain.

You configure ES1 with a static IP configuration. You run the Active Directory Installation Wizard on ES1. The wizard prompts you for the network credentials to use to join the NA.Company.com domain to Company.com.

You receive an error message stating that a domain controller in the Company.com domain cannot be located. You need to be able to promote ES1 to a domain controller as the first domain controller of the child domain in the existing forest.

What should you do?

You are a network administrator for Company.com. The network consists of a single Active Directory domain named Company.com. The domain contains three sites named Main Office, EastCoast, and WestCoast. Each site contains four domain controllers and 100 client computers. One server in the EastCoast site is named Compnay1. All DNS servers contain Active Directory- integrated zones. Other administrators report that they cannot connect to Compnay1 when attempting to perform Active Directory administration. They report they can perform these tasks locally at Compnay1.

You verify that Server1 is operational and that file and print resources are accessible by using the host name. You need to ensure that administrators can perform Active Directory administration on Compnay1 without requiring physical access to the server.

What should you do?

You are the network administrator for your company. You need to test a new application.

The application requires 2 processors and 2 GB of RAM. The application also requires shared folders and installation of software on client computers. You install the application on a Windows Server 2003 Web Edition computer and install the application on 20 test client computers. You then discover that only some of the client computers can connect and run the application.

You turn off some computers and discover that the computer that failed to open the application can now run the application. You need to identify the cause of the failure and update your test plan.

What should you do?

You are a network administrator for your company. The network consists of a single Active Directory domain. The domain contains a Windows Server 2003 two-node server cluster. The security team states that the password for the cluster service account must be changed because one of the administrators has left the company.

You fill out the necessary change control paperwork. You need to provide the process for changing the password in the change control form. You need to change the password for the cluster service account by using the minimum amount of administrative effort.

What should you do?

You are a network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. Client computers run Windows 2000 Professional, Windows XP Professional, or Windows NT Workstation 4.0.The company wants to increase the security of the communication on the network by using IPSec as much as possible. The company does not want to upgrade the Windows NT Workstation 4.0 client computers to another operating system. The servers use a custom IPSec policy named Domain Servers. The rules of the Domain Servers IPSec policy are shown in the exhibit.

You create a new Group Policy object (GPO) and link it to the domain. You configure the GPO to assign the predefined IPSec policy named Client (Respond Only).

After these configuration changes, users of the Windows NT Workstation 4.0 computers report that they cannot connect to the servers in the domain.You want to ensure that Windows NT Workstation 4.0 client computers can connect to servers in the domain.

What should you do?

Exhibit:

You are the systems engineer for your company. The company has a main office in Los Angeles and two branch offices, one in Chicago and one in New York. The offices are connected to one another by dedicated T1 lines. Each office has its own local IT department and administrative staff. The company network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. All servers support firmware- based console redirection by means of the serial port. The server hardware does not support any other method of console redirection and cannot be upgraded to do so.

The company is currently being reorganized. The IT departments from each branch office are being relocated to a new central data center in the Los Angeles office. Several servers from each branch office are also being relocated to the Los Angeles data center. Each branch office will retain 10 servers. A new written security policy includes the following requirements:

All servers must be remotely administered for all administrative tasks. All servers must be administered from the Los Angeles office.

All remote administration connections must be authenticated and encrypted. Your current network configuration already adheres to the new written security policy for day-to- day server administration tasks performed on the servers. You need to plan a configuration for out-of-band management tasks for each office that meets the new security requirements.

Which three actions should you take? (Each correct answer presents part of the solution. Choose three.)

You are the senior systems engineer for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. Client computers in the sales department run Windows NT Workstation 4.0 with the Active Directory Client Extensions software installed. All other client computers run Windows XP Professional. All servers are located in an organizational unit (OU) named Servers. All client computers are located in an OU named Desktops. Four servers contain confidential company information that is used by users in either the finance department or the research department. Users in the sales department also store files and applications on these servers. The company’s written security policy states that for auditing purposes, all network connections to these resources must require authentication at the protocol level. The written security policy also states that all network connections to these resources must be encrypted. The company budget does not allow for the purchase of any new hardware or software. The applications and data located on these servers may not be moved to any other server in the network. You define and assign the appropriate permissions to ensure that only authorized users can access the resources on the servers. You now need to ensure that all connections made to these servers by the users in the finance department and in the research department meet the security guidelines stated by the written security policy. You also need to ensure that all users in the sales department can continue to access their resources.

Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 50 application servers that run Windows Server 2003. The security configuration of the application servers is not uniform. The application servers were deployed by local administrators who configured the settings for each of the application servers differently based on their knowledge and skills. The application servers are configured with different authentication methods, audit settings, and account policy settings. The security team recently completed a new network security design. The design includes a baseline configuration for security settings on all servers. The baseline security settings use the Hisecws.inf predefined security template. The design also requires modified settings for servers in an application role. These settings include system service startup requirements, renaming the administrator account, and more stringent account lockout policies. The security team created a security template named Application.inf that contains the modified settings. You need to plan the deployment of the new security design. You need to ensure that all security settings for the application servers are standardized, and that after the deployment, the security settings on all application servers meet the design requirements.

What should you do?

You are a network adminstrator for your company. You install an intranet application on three Windows Server 2003 computers. You configure the servers as a Network Load Balancing cluster. You configure each server with two network adapters. One network adapter provides client computers access to the servers. The second network adapter is for cluster communications. Cluster communications is on a separate network segment. The network team wants to reduce the cluster’s vulnerability to attack. These servers need to be highly available. The network team decides that the Network Load Balancing cluster needs to filter IP ports. The team wants the cluster to allow only the ports that are required for the intranet application. You need to implement filtering so that only the intranet application ports are available on the cluster. You need to achieve this goal by using the minimum amount of administrative effort.

What should you do?

You are a network administrator for your company. The network consists of a single Active Directory forest that contains three domains. The functional level of the forest and of all three domains is Window Server 2003. The company has a main office and 30 branch offices. Each branch office is connected to the main office by a 56-Kbps WAN connection.

You configure the main office and each branch office as a separate Active Directory site. You deploy a Windows Server 2003 domain controller at the main office and at each branch office. Each domain controller is configured as a DNS server. You can log on to the network from client computers in the branch offices at any time.

However, users in the branch offices report that they cannot log on to the network during peak hours. You need to allow users to log on to the network from branch office computers. You do not want to affect the performance of the branch office domain controllers. You need to minimize Active Directory replication traffic across the WAN connections.

What should you do?