You are the network administrator for your company. You need to provide Internet name resolution services for the company. You set up a Windows Server 2003 computer running the DNS Server service to provide this network service. During testing, you notice the following intermittent problems:

Name resolution queries sometimes take longer than one minute to resolve.

Some valid name resolution queries receive the following error message in the Nslookup command-line tool: “Non-existent domain.”

You suspect that there is a problem with name resolution. You need to review the individual queries that the server handles. You want to configure monitoring on the DNS server to troubleshoot the problem.

What should you do?

You are a network administrator for your company. The network contains Windows Server 2003 computers and Windows XP Professional client computers. All computers are members of the same Active Directory forest. The company uses a public key infrastructure (PKI) enabled application to manage marketing data. Certificates used with this application are managed by the application administrators.

You install Certificate Services to create an offline stand-alone root certification authority (CA) on one Windows Server 2003 computer. You configure a second Windows Server 2003 computer as a stand-alone subordinate CA. You instruct users in the marketing department to enroll for certificates by using the Web enrollment tool on the stand-alone subordinate CA.

Some users report that when they attempt to complete the enrollment process, they receive an error message on their certificate, as shown in the exhibit.

Other users in the marketing department do not report receiving the error. You need to ensure that users in the marketing department do not continue to receive this error message.

You also need to ensure that only users in the marketing department trust certificates issued by this CA. You create a new organizational unit (OU) named Marketing.

What else should you do?

Exhibit:

You are the network administrator for your company. The network contains 20 Windows Server 2003 database servers.

The written security policy for your company requires that the following services must be disabled on all database server computers:

Computer Browser

File Replication

Indexing Service

Remote Registry

Server

Task Scheduler

The written security policy also requires that the database servers must be prohibited from having access to the Internet. You use a Windows XP Professional client computer named Admin1 that has access to the Internet. You need to perform a weekly analysis of the hotfix level of the database servers compared with the latest available updates.

You need to minimize the amount of administrative effort.

What should you do?

You are the network administrator for Contoso, Ltd. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. The network also contains 10 network printers. All servers have manually configured IP addresses.

The client computers and network printers receive their TCP/IP configuration information from a DHCP server. Company IP policy states that each of the network printers will always be configured with the same IP address. You configure a DHCP server and create a DHCP scope as shown in the exhibit.

Users report that they cannot submit print jobs to any of the network printers. You investigate and discover that none of the network printers are receiving their IP addresses from the DHCP server. You need to ensure that the network printers receive their IP addresses from DHCP.

What should you do?

Exhibit:

You are a network administrator for your company. The network consists of a Windows NT 4.0 domain. All servers run Windows NT Server 4.0 and all client computers run Windows NT Workstation 4.0. The company has two offices that are connected by a 56-Kbps WAN connection. All computers are configured to use WINS for name resolution and network browsing capability between the two offices. The company is planning to upgrade the domain controllers to Windows Server 2003 and to deploy Windows Server 2003 and Windows XP Professional computers.

You need to maintain name resolution and network browsing support during and after the upgrade process. You need to allow users of Windows NT Workstation 4.0 and Windows XP Professional computers to browse and connect to both Windows NT Server 4.0 and Windows Server 2003 computers. You need to minimize name resolution traffic across the WAN connection.

What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 10 domain controllers and 50 servers in application server roles. All servers run Windows Server 2003. The application servers are configured with custom security settings that are specific to their roles as application servers.

Application servers are required to audit account logon events, object access events, and system events. Application servers are required to have passwords that meet complexity requirements, to enforce password history, and to enforce password aging. Application servers must also be protected against man- in-the-middle attacks during authentication. You need to deploy and refresh the custom security settings on a routine basis.

You also need to be able to verify the custom security settings during audits.

What should you do?

You are the network administrator for your company. The relevant portion of the network is shown in the exhibit.

All servers run Windows Server 2003. Each subnet of the network contains 100 Windows XP Professional computers. Each subnet also contains a DHCP server, which provides TCP/IP configuration information to all computers on its local subnet.

You create and configure Subnet3 for a new department at your company. Users in Subnet3 report that they cannot connect to resources located on servers in Subnet1 and Subnet2. When they attempt to connect to these resources, they receive the following error message “Server .” The users can successfully connect to resources located on servers in Subnet3.

Users in Subnet1 and Subnet2 report that they cannot connect to resources located on servers in Subnet3. When they attempt to connect to these resources, they receive the following error message “Server did not respond in a timely manner.” The users can successfully connect to resources in both Subnet1 and Subnet2.

You need to ensure that all client computers can connect to server-based resources on all subnets.

What should you do?

Exhibit:

You are a network administrator for your company. The network consists of a single Active Directory domain. All domain controllers and member servers run Windows Server 2003, Enterprise Edition. All client computers run Windows XP Professional. The company has one main office and one branch office.

The two offices are connected by a T1 WAN connection. There is a hardware router at each end of the connection. The main office contains 10,000 client computers, and the branch office contains 5,000 client computers. You need to use DHCP to provide IP addresses to the Windows XP Professional computers in both offices.

You need to minimize network configuration traffic on the WAN connection. Your solution needs to prevent any component involved in the DHCP architecture from becoming a single point of failure.

What should you do?

You are a network administrator for your company. The network consists of a single Windows 2000 Active Directory forest that has four domains. All client computers run Windows XP Professional. The company’s written security policy states that all e-mail messages must be electronically signed when sent to other employees.

You decide to deploy Certificate Services and automatically enroll users for e-mail authentication certificates. You install Windows Server 2003 on two member servers and install Certificate Services. You configure one Windows Server 2003 computer as a root certification authority (CA).

You configure the other Windows Server 2003 server as an enterprise subordinate CA. You open Certificate Templates on the enterprise subordinate CA, but you are unable to configure certificates templates for autoenrollment.

The Certificate Templates administration tool is shown in the exhibit.

You need to configure Active Directory to support autoenrollment of certificates.

What should you do?

Exhibit:

You are a systems engineer for your company. Your company has 20,000 users in a large campus environment located in Los Angeles. Each department in the company is located in its own building. Each department has its own IT staff, which is responsible for all network administration within the building.

The company’s network is divided into several IP subnets that are connected to one another by using dedicated routers. Each building on the company’s main campus contains at least one subnet, and possibly up to five subnets. Each building has at least one router. All routers use RIP version 2 (RIPv2) broadcasts. The company acquires a new business unit located in Denver. The Denver office has 25 users.

The network in the Denver office is connected to the network at the main campus by using a leased frame relay connection. The network administrator at the Denver office installs a Windows Server 2003 computer and configures Routing and Remote Access on this server.

The network administrator at the Denver office configures this server as a router and implements RIPv2 in Routing and Remote Access. Later, the Denver administrator reports that his router is not receiving routing table updates from the routers on the main campus network. He must manually add routing entries to the routing table to enable connectivity between the locations.

You investigate and discover that the RIPv2 broadcasts are not being received at the Denver office. You also discover that no routing table announcements from the Denver office are being received on the main campus network. You need to ensure that the network in the Denver office can communicate with the main campus network and can send and receive automatic routing table updates as network conditions change.

What should you do on the router in the Denver office?