You are the network administrator for your company. The network consists of a single Active Directory domain. The company’s written security policy requires that computers in a file server role must have a minimum file size for event log settings. In the past, logged events were lost because the size of the event log files was too small. You want to ensure that the event log files are large enough to hold history. You also want the security event log to be cleared manually to ensure that no security information is lost. The application log must clear events as needed. You create a security template named Fileserver.inf to meet the requirements. You need to test each file server and take the appropriate corrective action if needed.
You audit a file server by using Fileserver.inf and receive the results shown in the exhibit. (Click the Exhibit button.)
You want to make only the changes that are required to meet the requirements.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains two IP subnets connected by a Windows Server 2003 computer running Routing and Remote Access. All servers run Windows Server 2003. All client computers run Windows XP Professional. Each subnet contains a domain controller. Each subnet contains a DHCP server, which provides TCP/IP configuration information to the computers on only its subnet.
The relevant portion of the network is shown in the exhibit. (Click the Exhibit button.)
You recently implemented a Microsoft Internet Security and Acceleration (ISA) Server 2000 array on the network to provide Internet connectivity. The ISA Server array uses Network Load Balancing on the internal adapters. The array’s Network Load Balancing cluster address is 172.30.32.1. You configure the DHCP server on Subnet1 to provide the array’s Network Load Balancing cluster address as the new default gateway. You configure the DHCP server on Subnet2 to provide the IP address 172.30.64.1 as the default gateway for Subnet2. Users on Subnet2 report that they cannot connect to Internet-based resources.
They can successfully connect to resources located on Subnet1. Users on Subnet1 can successfully connect to Internet-based resources. You investigate and discover that no Internet requests from computers on Subnet2 are being received by the ISA Server array. You need to provide Internet connectivity to users on Subnet2.
What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
The network consists of three physical subnets, which correspond to the three buildings on the company’s campus, as shown in the Network Diagram exhibit. (Click the Exhibit button.)
All servers have manually configured IP addresses. All client computers receive their TCP/IP configuration information from a DHCP server located on the Building1 subnet. The DHCP server has one scope configured for each subnet. Users on the Building2 subnet and the Building3 subnet report that they periodically cannot connect to network resources located on any subnet.
You discover that during times of high network usage, client computers in Building2 and Building3 are configured as shown in the Network Connection Details exhibit. (Click the Exhibit button.)
You need to ensure that all client computers receive valid IP addresses for their subnet even during times of high network usage. What should you do?

You are the administrator of a new network at Contoso, Ltd. The network consists of a single Active Directory domain. All servers run Windows Server 2003. Client computers run either Windows XP Professional or Windows 98. All Windows 98 computers have the Active Directory Client Extensions software installed. The network consists of three physical subnets. Each subnet contains a domain controller and a server that runs DHCP. Each subnet also contains a server that runs both the DNS Server service and the WINS service. All client computers receive their TCP/IP configuration information from the DHCP server that is located on their local subnet. All servers except the domain controllers, the DHCP servers, and the DNS and WINS servers also receive their TCP/IP configuration information from the DHCP server that is located on their local subnet.
All of the Windows 98 computers are located on a single subnet. The DHCP scope on this subnet is configured with the options shown in the exhibit. (Click the Exhibit button.)
All DHCP servers are configured with similar options. Users of the Windows 98 computers report that they cannot connect to resources on the Windows Server 2003 computers located on any subnet. When they attempt to connect to a shared resource by using servernamesharename in the Run command, they receive the following error message. "Server not found." The users can successfully connect to Web-based resources located on the same servers. When you attempt to connect to the servers by using the ping command on an affected Windows 98 computer, you can connect successfully. The users of the Windows XP Professional computers do not report the same problems.
You need to ensure that the users of the Windows 98 computers can connect to shared resources on the Windows Server 2003 computers.
What should you do?

You are a network administrator for Alpine Ski House. The network consists of a single Active Directory domain. The network contains 50 Windows Server 2003 computers and 200 Windows XP Professional computers. Alpine Ski House does not use wireless networking.
The network at Alpine Ski House is shown in the exhibit. (Click the Exhibit button.)
Alpine Ski House enters into a strategic partnership with Adventure Works. Under the strategic partnership, Adventure Works will regularly send employees to Alpine Ski House.
Your design team interviews Adventure Works administrators and discovers the following. Adventure Works employees require access to the Internet to retrieve e-mail messages and to browse the Internet. Adventure Works employees do not need access to the internal network at Alpine Ski House. Adventure Works employees all have portable computers that run Windows XP Professional, and they use a wireless network in their home office.
The wireless network client computers of Adventure Works employees must be protected from Internet-based attacks.Adventure Works sends you a wireless access point that its employees will use to access the Internet through your network.
You are not allowed to change the configuration of the wireless access point because any change will require changes to all of the wireless client computers.
You need to develop a plan that will meet the requirements of Adventure Works employees and the security requirements of Alpine Ski House.
Your solution must be secure and must minimize administrative effort. What should you do?

You are a network administrator for your company. The network consists of multiple physical segments. The network contains two Windows Server 2003 computers named Server1 and Server2, and several Windows 2000 Server computers. Server1 is configured with a single DHCP scope for the 10.250.100.0/24 network with an IP address range of 10.250.100.10 to 10.250.100.100.
Several users on the network report that they cannot connect to file and print servers, but they can connect to each other’s client computers. All other users on the network are able to connect to all network resources. You run the ipconfig.exe /all command on one of the affected client computers and observe the information in the following table.
You need to configure all affected client computers so that they can communicate with all other hosts on the network.
exhibit Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)

You are the network administrator for Contoso, Ltd. The network consists of a single Active Directory domain named contoso.com. The functional level of the domain is Windows Server 2003. The domain contains Windows Server 2003 computers and Windows XP Professional computers.
The domain consists of the containers shown in the exhibit. (Click the Exhibit button.)
All production server computer accounts are located in an organizational unit (OU) named Servers. All production client computer accounts are located in an OU named Desktops. There are Group Policy objects (GPOs) linked to the domain, to the Servers OU, and to the Desktops OU. The company recently added new requirements to its written security policy. Some of the new requirements apply to all of the computers in the domain, some requirements apply to only servers, and some requirements apply to only client computers.
You intend to implement the new requirements by making modifications to the existing GPOs. You configure 10 new Windows XP Professional computers and 5 new Windows Server 2003 computers in order to test the deployment of settings that comply with the new security requirements by using GPOs. You use the Group Policy Management Console (GPMC) to duplicate the existing GPOs for use in testing.
You need to decide where to place the test computer accounts in the domain. You want to minimize the amount of administrative effort required to conduct the test while minimizing the impact of the test on production computers. You also want to avoid linking GPOs to multiple containers.
What should you do?

You are a network administrator for your company. The network contains Windows Server 2003 computers and Windows XP Professional client computers. All computers are members of the same Active Directory forest. The company uses a public key infrastructure (PKI) enabled application to manage marketing data. Certificates used with this application are managed by the application administrators.
You install Certificate Services to create an offline stand-alone root certification authority (CA) on one Windows Server 2003 computer. You configure a second Windows Server 2003 computer as a stand-alone subordinate CA.
You instruct users in the marketing department to enroll for certificates by using the Web enrollment tool on the stand-alone subordinate CA. Some users report that when they attempt to complete the enrollment process, they receive an error message on their certificate, as shown in the exhibit. (Click the Exhibit button.) Other users in the marketing department do not report receiving the error.
You need to ensure that users in the marketing department do not continue to receive this error message. You also need to ensure that only users in the marketing department trust certificates issued by this CA. You create a new organizational unit (OU) named Marketing.
What else should you do?

Your companys DNS server runs Windows Server 2003. Client computers on a network segment that is protected by an internal firewall cannot resolve any host names. You need to ensure that DNS clients can resolve host names. Which port should you open on the firewall?

Your company has a single Active Directory directory service domain. You are planning a security model for an application. You will use role-based security. You install a server that runs Windows Server 2003. You promote the server to be the first domain controller for a new child domain. You need to configure Authorization Manager to use an Active Directory store type to support role-based security.
What should you do first?