Your network consists of one Active Directory domain. Your company has a department named
Sales. Some employees in the Sales department work from home and require access to applications
and file servers on the corporate network. The corporate security policy includes the following
requirements:
• Remote computers must only connect to the network by using Secure Socket Layer (SSL).
• Computers that connect to the network must have an up-to-date antivirus application and all
available security updates installed.
You need to plan a remote access solution for the Sales department employees.
What should you include in your plan?

Your network consists of one Active Directory domain. All domain controllers run Windows Server
2008 R2 and are configured as global catalog servers. The relevant portion of the network is
configured as shown in the exhibit. (Click the Exhibit button.)

The Bridge all site links option is enabled. You are designing a failover strategy for domain controller
availability. You need to ensure that client computers in SiteH only authenticate to DC1 or DC2 if DC8
fails. What should you do?

Your network contains servers that run Windows Server 2008 R2 and client computers that run
Windows 7. You deploy a public key infrastructure by using Certificate Services servers that run
Windows Server 2008 R2. You need to plan the implementation of smart card authentication on the
network. The solution must meet the following requirements:
  Help desk users must only be able to enroll user certificates.
  Managers must be able to enroll smartcards for other employees.
  Manager s must be able to use their client computers to manage certificates.
What should you include in your plan?

Your network consists of a single IP subnet. All servers and client computers connect to managed
switches. All servers run Windows Server 2008 R2. All client computers run Windows 7. The servers
on the network are configured as shown in the following table. (Click the Exhibit)

You need to prepare the Network Access Protection (NAP) environment to meet the following
requirements:
• Computers that have the required Microsoft updates installed must be able to access all
computers on the network.
• Network switches must first allow client computers to communicate to only Server1 and Server2
when the computers connect to the network.
Which NAP enforcement method should you use?

Your company has a main office and five branch offices. Each office contains servers that run
Windows Server 2008 R2. You need to prepare the environment for the installation of Active
Directory domain controllers in the branch offices. The solution must meet the following
requirements:
• Ensure that the minimum amount of replication traffic is sent between offices.
• Ensure that users always attempt to authenticate to a domain controller in their local office, unless
it is unavailable.
You install the first domain controller on the network in the main office. What should you do next?

Your company has four offices that are connected by using high speed wide area network (WAN)
links. Each office has a router that supports the Simple Certificate Enrollment Protocol (SCEP). The
network consists of one Active Directory domain. All domain controllers run Windows Server 2008.
You have a Certificate Services infrastructure. The Certificate Services servers run Windows Server
2003 Standard Edition. You plan to enable device authentication for all routers. You need to
recommend changes to the Certificate Services infrastructure to support device authentication.
Which changes should you recommend?

Your network consists of one Active Directory domain. The domain contains servers that run
Windows Server 2008. The relevant servers are configured as shown in the following table. (Click the
Exhibit)

Your company has a department named Sales. All users in the Sales department have desktop
computers that run Windows Vista Enterprise Edition. All users in the Sales department run an
application named Application1 that is compatible only with Windows 95. To run Application1, each
user in the Sales department has a second desktop computer that runs Windows 95. The Windows
95 computers must be removed from the network. You use the Microsoft Application Compatibility
Toolkit (ACT) 5.0 to test Application1. The test confirms that the application runs only on Windows
95 computers and must be redeveloped to be compatible with Windows Vista or Windows Server
2008. You need to recommend a solution that will enable you to remove the Windows 95
computers. Users in the Sales department must be able to continue running Application1. What
should you do?

Your company has one main office and one branch office. The branch office is connected to the main
office by using a wide area network (WAN) link. The network consists of one Active directory
domain. The branch office has two member servers that run Windows Server 2008 R2. One of the
servers is configured as a file server that hosts shared folders. The branch office has a local
administrator. The main office has one standard primary DNS zone that is hosted on a DNS server.
The branch office grows from 100 client computers to 1,000 client computers. You need to
recommend a name resolution solution for the branch office to meet the following requirements:
Users must be able to access file shares on the loca l server if a WAN link fails.
The branch office administrator must be able to modify Active Directory objects while at the
branch office if a WAN link fails.
What should you recommend?

Your company has one main office and 10 branch offices. The network contains servers that run
Windows Server 2008. The servers are configured as file servers and are located in the branch office.
You need to plan a security policy for the branch office. The policy must meet the following
requirements:
Users must be able to access all files on the servers.

The operating system and the files on the servers must be inaccessible if a server is stolen.
What should you include in your plan?

Your network consists of two Active Directory forests. The Active Directory forests are configured as
shown in the following table. (Click the Exhibit)

You need to prepare the environment to allow users to access resources in all domains from both
forests. The solution must require the minimum amount of administrative effort. What should you
do first?