All servers in your environment run Windows Server 2003 R2 Standard Edition. You have 200 file servers and 50 management servers. You plan to monitor the file servers and perform key administrative tasks from the management servers by using the Microsoft Management Console (MMC).
You need to ensure that the management servers automatically receive changes that are made to the monitoring configuration, and you must achieve this goal with the least amount of administrative effort.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

You are a network administrator for your company. The network contains a Windows Server 2003 computer named Server1. You install a custom mission-critical application on Server1 for the shipping department. You install the application on drive D of Server1. You configure the application database on drive D, and you configure the application database log files on drive E of Server1. After running successfully for six days, the custom application fails. You investigate and find out that drive E is almost completely filled with the application’s log files. The application’s backup program is not properly deleting log files. Security requirements do not allow log files to be deleted unless the database on Server1 has been backed up. You can keep the application running by manually backing up the application database and then deleting the log files.
You need an automated process to keep the application running until a long-term solution can be provided. Because of the size of the database, you need to minimize the number of backups performed.
What should you do?

You are a network administrator for your company. You install Windows Server 2003 on two servers named Server1 and Server2. You configure Server1 and Server2 as a two-node cluster. You configure a custom application on the cluster by using the Generic Application resource, and you put all resources in the Application group. You test the cluster and verify that it fails over properly and that you can move the Applications group from one node to the other and back again. The application and the cluster run successfully for several weeks. Users then report that they cannot access the application.
You investigate and discover that Server1 and Server2 are running but the Application group is in a failed state. You restart the Cluster service and attempt to bring the Application group online on Server1. The Application group fails. You discover that Server1 fails, restarts automatically, and fails again soon after restarting. Server1 continues to fail and restart until the Application group reports that it is in a failed state and stops attempting to bring itself back online. You need to configure the Application group to remain on Server2 while you research the problem on Server1.
What should you do?

You are a network adminstrator for your company. You install an intranet application on three Windows Server 2003 computers. You configure the servers as a Network Load Balancing cluster. You configure each server with two network adapters. One network adapter provides client computers access to the servers. The second network adapter is for cluster communications. Cluster communications is on a separate network segment. The network team wants to reduce the cluster’s vulnerability to attack. These servers need to be highly available. The network team decides that the Network Load Balancing cluster needs to filter IP ports. The team wants the cluster to allow only the ports that are required for the intranet application.
You need to implement filtering so that only the intranet application ports are available on the cluster. You need to achieve this goal by using the minimum amount of administrative effort. What should you do?

You are the systems engineer for your company. The network consists of a single Active Directory domain. The company has a main office and two branch offices. All servers run Windows Server 2003. All client computers run either Windows XP Professional or Windows 2000 Professional. Each branch office maintains a dedicated 256-Kbps connection to the main office. Each office also maintains a T1 connection to the Internet. Each office has a Microsoft Internet Security and Acceleration (ISA) Server 2000 computer, which provides firewall and proxy services on the Internet connection. Each branch office contains one domain controller and five servers that are not domain controllers. There is minimal administrative staff at the branch offices. A new company policy states that all servers must now be remotely administered by administrators in the main office. The policy states that all remote administration connections must be authenticated by the domain and that all traffic must be encrypted. The policy also states that the remote administration traffic must never be carried in clear text across the Internet. You choose to implement remote administration by enabling Remote Desktop connections on all servers on the network.
You decide to use the Internet-connected T1 lines for remote administration connectivity between offices. Because administrative tasks might require simultaneous connections to multiple servers across the network, you need to ensure that administrators do not lose connections to servers in one office when they attempt to connect to servers in another office.
What should you do?

Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You are planing to deploy a new wireless network. You plan to use Internet Authentication Service (IAS) for network access authentication. You need to choose an authentication protocol. Which protocol should you choose?

Your company has an Active Directory directory service domain. The internal network includes two DNS servers that run Windows Server 2003. All client computers run Windows 7 and use these two DNS servers for name resolution. From the Root Hints tab, you remove all root hints from both DNS servers. You need to ensure that client computers can access Internet sites by using domain names and can continue resolving internal network addresses. What should you do?

Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You need to define a new IPSec policy for the domain. What should you use?

You are the systems engineer for your company. The network consists of three physical networks connected by hardware-based routers. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. Each physical network contains at least one domain controller and at least one DNS server. One physical network contains a Microsoft Internet Security and Acceleration (ISA) Server array that provides Internet access for the entire company. The network also contains a certificate server. Company management wants to ensure that all data is encrypted on the network and that all computers transmitting data on the network are authenticated.
You decide to implement IPSec on all computers on the network. You edit the Default Domain Policy Group Policy object (GPO) to apply the Secure Server (Require Security) IPSec policy.
Users immediately report that they cannot access resources located in remote networks. You investigate and discover that all packets are being dropped by the routers. You also discover that Active Directory replication is not functioning between domain controllers in different networks. You need to revise your design and implementation to allow computers to communicate across the entire network. You also need to ensure that the authentication keys are stored encrypted.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)

You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains a Windows Server 2003 computer named Server1 that is located in an organizational unit (OU) named Servers. Server1 contains confidential data, and all network communications with Server1 must be encrypted by using IPSec. The default Client (Respond Only) IPSec policy is enabled in the Default Domain Policy Group Policy object (GPO).
You create a new GPO and link it to the Servers OU. You configure the new GPO by creating and enabling a custom IPSec policy. You monitor and discover that network communications with Server1 are not being encrypted. You need to view all IPSec policies that are being applied to Server1.
What should you do?