All servers in your environment run Windows Server 2003. You need to modify the IPSec configuration on the servers. Which command-line tool should you use?

All client computers on your companys internal network have dynamically assigned IP addresses. You set up the Routing and Remote Access service (RRAS) with the NAT/Basic Firewall routing protocol on a server that runs Windows Server 2003. The RRAS server has two network adapters. You configure the internal (private) network adapter with a static private IP address. You configure the external (public) network adapter with a static public IP address. You need to ensure that client computers can connect to the Internet.
What should you do?

Your network consists of two subnets named SubnetA and SubnetB. SubnetA contains a server that runs Windows Server 2003 with the WINS Server role installed. It also contains client computers that run Windows XP and use WINS for name resolution. SubnetB contains client computers that run third-party operating systems and use broadcasts for name resolution. Client computers on SubnetB cannot resolve the NetBIOS names of any computers on SubnetA.
You need to provide NetBIOS name resolution for all client computers.
What should you do?

Your company has a primary DNS server that runs Windows Server 2003. You configure forwarders on the DNS server. You need to ensure that the primary DNS server can query other DNS servers. What should you do?

All the servers in your environment run Windows Server 2003. You plan to monitor network traffic that is generated by the servers. You need to capture the network traffic and identify the server processes that are generating the traffic. Which tool should you use?

Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You assign a persistent IPSec policy to a member server by using Group Policy. You need to ensure that inbound communication is permitted only in response to outbound traffic from the member server until Group Policy applies the IPSec policy.
What should you do?

You are the senior systems engineer for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. Client computers in the sales department run Windows NT Workstation 4.0 with the Active Directory Client Extensions software installed. All other client computers run Windows XP Professional. All servers are located in an organizational unit (OU) named Servers. All client computers are located in an OU named Desktops. Four servers contain confidential company information that is used by users in either the finance department or the research department.
Users in the sales department also store files and applications on these servers. The company’s written security policy states that for auditing purposes, all network connections to these resources must require authentication at the protocol level. The written security policy also states that all network connections to these resources must be encrypted. The company budget does not allow for the purchase of any new hardware or software. The applications and data located on these servers may not be moved to any other server in the network.
You define and assign the appropriate permissions to ensure that only authorized users can access the resources on the servers. You now need to ensure that all connections made to these servers by the users in the finance department and in the research department meet the security guidelines stated by the written security policy. You also need to ensure that all users in the sales department can continue to access their resources.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)

Your company has a single Active Directory directory service forest with three domains. All servers in your environment run Windows Server 2003. You are planning a public key infrastructure (PKI). You will require the use of a smart card for domain authentication. You need to specify a certification authority (CA) that will create certificate templates and issue certificates.
Which CA should you specify?

Your company has an Active Directory directory service domain. All servers run Windows Server 2003. You are developing a domain controller logon policy. Domain controllers must be protected from keylogging attacks during logon. You need to specify a security setting that meets this requirement.
Which setting should you specify?

You are a network administrator for your company. The network consists of two Active Directory domains. You are responsible for administering one domain, which contains users who work in the sales department. User objects for the users in the sales department are stored in an organizational unit (OU) named Sales in your domain. Users in the sales department use a public key infrastructure (PKI) enabled application that requires users to present client authentication certificates before they are granted access.
You install Certificate Services on two member servers running Windows Server 2003. You configure one server as an enterprise subordinate certification authority (CA) and the other server as a stand-alone root CA. You need to issue certificates that support client authentication to sales users only. You need to achieve this goal by using the minimum amount of administrative effort.
What should you do?