Your network consists of two Active Directory forests. The Active Directory forests are configured as shown in the following table:

The servers in both forests run Windows Server 2008.
A forest trust exists between the fabrikam.com forest and the contoso.com forest.
Fabrikam.com has a server named server1.fabrikam.com.
Contoso.com has a global group named ContosoSales.
Users in the ContosoSales global group access an application on server1.fabrikam.com.
You discover that users from other groups in the contoso.com domain can log on to servers in the fabrikam.com domain.

You need to implement an authentication solution to meet the following requirements:
– Users in the ContosoSales global group must be able to access server1.fabrikam.com.
– Users in the ContosoSales global group must be denied access to all other servers in the fabrikam.com forest.
– All other users in the contoso.com domain must be able to access only resources in the contoso.com forest.

What should you do?

Your network consists of an Active Directory forest that contains only domain controllers that run Windows Server 2003.

You need to prepare the environment for the implementation of a new Windows Server 2008 domain in the forest.

What should you do?

Your company has a main office and 10 branch offices. The network consists of one Active Directory domain.
All domain controllers run Windows Server 2008 and are located in the main office.
You plan to deploy one Windows Server 2008 domain controller in each branch office.
You are concerned that the branch offices will fail to provide adequate ????? / ???? security for the new domain controllers.

You need to recommend a security solution to meet the following requirements:
– Prevent any unauthorized user from accessing user passwords when the server is running.
– Prevent any unauthorized user from accessing user passwords either locally or over the network on each branch office domain controller.

Which configuration should you recommend for each branch office domain controller?

You are the enterprise administrator for a company named Contoso, Ltd.
Contoso acquires a company named Fabrikam, Inc.
Contoso and Fabrikam each have one Active Directory forest that contains two domains.
All domain controllers run Windows Server 2008.

You need to migrate the Fabrikam domain resources to the Contoso forest.

What should you do?

Your network consists of two Active Directory forests.

The Active Directory forests are configured as shown in the following table:

You need to prepare the environment to allow users to access resources in all domains from both forests. The solution must require the minimum amount of administrative effort.

What should you do first?

Your company has one main office and 20 branch offices.
Each office is configured as an Active Directory site.
The network consists of one Active Directory domain.
All servers run Windows Server 2008 and all client computers run Windows Vista.
The main office contains three domain controllers.

You need to deploy one domain controller in each branch office to meet the following requirements:
– Authentication to a main office domain controller must only occur if a local domain controller fails.
– Client computers in the main office must not authenticate to a domain controller in a branch office.
– Client computers in a branch office must not authenticate to a domain controller in another branch office.
– Client computers in each branch office must attempt to authenticate to the domain controller at their local site first.

What should you do first?

Your network contains a six-node Microsoft Clustering Service (MSCS) cluster that has a shared quorum. Each of the six nodes runs Windows Server 2003.

You need to recommend a solution to transition the cluster to Windows Server 2008. The solution must maintain the availability of cluster services during the transition.

What should you recommend?

Your company has one main office and 10 branch offices. You plan to deploy Active Directory.

You need to recommend a solution to recover Active Directory domain objects in the event of data loss. The solution must ensure that you can recover individually deleted user accounts.

What should you recommend?

Your network consists of one Active Directory domain that contains domain controllers that run Windows Server 2008. The intranet site contains confidential documents.

You need to design an identity and access management policy for the documents to meet the following requirements:
– Record each time a document is accessed.
– Protect confidential documents on the intranet site.
– Place a time limit on access to documents, including documents sent outside the organization.

What should you include in your design?

Your company has one main office and one new branch office.
A local administrator manages the branch office.
The network consists of one Active Directory domain. All domain controllers run Windows Server 2008.
You create a new organizational unit (OU) that contains all the computer accounts for the new branch office.
You configure a server in the main office to test and approve all new software updates.
You configure Microsoft Windows Server Update Services (WSUS) 3.0 to deploy all approved updates to the environment.

You need to recommend an update management solution for the new branch office to meet the following requirements:
– Only approved updates can be installed in the branch office.
– The amount of network bandwidth used to download updates from Microsoft Update must be minimized.
– The local administrator must be able to select which approved updates are installed on computers in the branch office.

What should you recommend?