You are the network administrator for your company. The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003. All client computers run Windows XP Professional. The company has legacy applications that run on UNIX servers.

The legacy applications use the LDAP protocol to query Active Directory for employee information. The domain controllers are currently configured with the default security settings. You need to configure enhanced security for the domain controllers. In particular, you want to configure stronger password settings, audit settings, and lockout settings.

You want to minimize interference with the proper functioning of the legacy applications. You decide to use the predefined security templates.

You need to choose the appropriate predefined security template to apply to the domain controllers.

What should you do?

You are a network administrator for your company. The network consists of multiple physical segments. The network contains two Windows Server 2003 computers named Server1 and Server2, and several Windows 2000 Server computers. Server1 is configured with a single DHCP scope for the 10.250.100.0/24 network with an IP address range of 10.250.100.10 to 10.250.100.100. Several users on the network report that they cannot connect to file and print servers, but they can connect to each other’s client computers. All other users on the network are able to connect to all network resources. You run the ipconfig.exe /all command on one of the affected client computers and observe the information in the following table.

You need to configure all affected client computers so that they can communicate with all other hosts on the network.

Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)

You are a network administrator for your company. The network contains a Windows Server 2003 computer named Server1. You install a custom mission-critical application on Server1 for the shipping department. You install the application on drive D of Server1.

You configure the application database on drive D, and you configure the application database log files on drive E of Server1. After running successfully for six days, the custom application fails. You investigate and find out that drive E is almost completely filled with the application’s log files. The application’s backup program is not properly deleting log files.

Security requirements do not allow log files to be deleted unless the database on Server1 has been backed up. You can keep the application running by manually backing up the application database and then deleting the log files. You need an automated process to keep the application running until a long-term solution can be provided.

Because of the size of the database, you need to minimize the number of backups performed.

What should you do?

You are a network administrator for your company. The design team provides you with the following list of requirements for server disaster recovery:

No more than two sets of tapes can be used to restore to the previous day. A full backup of each server must be stored off-site. A full backup of each server that is no more than one week old must be available on-site.

Backups must never run during business hours. Tapes may be recalled from off-site storage only if the on-site tapes are corrupted or damaged.

A full backup of all servers requires approximately 24 hours. Backing up all files that change during one week requires approximately 4 hours. Business hours for the company are Monday through Friday, from 6:00 A.M. to 10:00 P.M. You need to provide a backup rotation plan that meets the design team’s requirements.

Which two actions should you include in your plan? (Each correct answer presents part of the solution. Choose two.)

You are a network administrator for your company. You install Windows Server 2003, Enterprise Edition on two servers named Server1 and Server2. You configure Server1 and Server2 as a two- node server cluster. Server1 and Server2 are connected to a shared fiber-attached array. You configure the server cluster for file sharing. You configure Server1 as the preferred owner of the file sharing resources. You perform the following backups by using the Backup or Restore Wizard.

Tuesday Wednesday Server1 Normal backup including system state Incremental backup and Automated System Recovery backup Server2 Normal backup including system state Incremental backup and ASR backup

On Thursday morning, Server2 experiences a hard disk failure. The failed disk contains only the operating system for Server2. You evict Server2 from the server cluster. You need to recover Server2 and restore it to the cluster. You need to minimize data loss and recovery time.

What should you do?

You are a network administrator for your company. You install Windows Server 2003 on two servers. You configure the servers as a two-node server cluster. You install WINS on each node of the cluster. You create a new virtual server to support WINS. You create a new cluster group named WINSgroup.

When you attempt to create the Network Name resource, you receive an error message. You need to make the proper changes to the cluster to complete the installation of WINS.

What should you do?

You are a network administrator for your company. The network consists of a single Active Directory domain and contains 10 Windows Server 2003 computers. You install a new service on a server named Server1. The new service requires that you restart Server1.

When you attempt to restart Server1, the logon screen does not appear. You turn off and then turn on the power for Server1. The logon screen does not appear. You attempt to recover the failed server by using the Last Known Good Configuration startup option. It is unsuccessful.

You attempt to recover Server1 by using the Safe Mode startup options. All Safe Mode options are unsuccessful. You restore Server1. Server1 restarts successfully. You discover that Server1 failed because the new service is not compatible with a security patch.

You want to configure all servers so that you can recover from this type of failure by using the minimum amount of time and by minimizing data loss. You need to ensure that in the future, other services that fail do not result in the same type of failure.

What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain.

The domain contains a Windows Server 2003 computer named Server1. You are planning a public key infrastructure (PKI) for the company.

You want to deploy a certification authority (CA) on Server1. You create a new global security group named Cert Administrators. You need to delegate the tasks to issue, approve, and revoke certificates to members of the Cert Administrators group.

What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain. The company has an internal network and a perimeter network. The internal network is protected by a firewall. Application servers on the perimeter network are accessible from the Internet.

You are deploying 10 Windows Server 2003 computers in application server roles. The servers will be located in the perimeter network and will not be members of the domain. The servers will host only publicly available Web pages. The network design requires that custom security settings must be applied to the application servers.

These custom security settings must be automatically refreshed every day to ensure compliance with the design. You create a custom security template named Baseline1.inf for the application servers. You need to comply with the design requirements.

What should you do?

You are the network administrator for your company. The network contains Windows Server 2003 computers and Windows XP Professional computers. The company deploys two DNS servers. Both DNS servers run Windows Server 2003. One DNS server is inside of the corporate firewall, and the other DNS server is outside of the firewall.

The external DNS server provides name resolution for the external Internet name of the company on the Internet, and it is configured with root hints.

The internal DNS server hosts the DNS zones related to the internal network configuration, and it is not configured with root hints.You want to limit the exposure of the client computers to DNS-related attacks from the Internet, without limiting their access to Internet-based sites.

Which two actions should you take? (Each correct answer presents part of the solution. (Choose two.)