You are a network administrator for your company. The company has one main office and 30 branch offices. The network consists of a single Active Directory domain.

All servers run Windows Server 2003. The company needs to connect the main office network and all branch office networks by using Routing and Remote Access servers at each office. The networks will be connected by VPN connections over the Internet. You install three Routing and Remote Access servers at the main office.

You are configuring security for the Routing and Remote Access servers. You need to provide centralized authentication for the branch office Routing and Remote Access servers.

You need to centrally configure the remote access policies for the main office Routing and Remote Access servers. You need to centrally maintain remote access authentication and connection logs for the main office Routing and Remote Access servers. You install Internet Authentication Service (IAS) on a server in the main office and register it in Active Directory.

What else should you do?

You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers, 300 Windows 2000 Professional computers, and 150 Windows XP Professional computers.

According to the network design specification, the Kerberos version 5 authentication protocol must be used for all client computers on the internal network.

You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network.

What should you do?

You are a network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The company’s main office is in Barcelona, and it has branch offices in Paris and London. The company has no immediate plans to expand or relocate the offices.

The company wants to connect the office networks by using a frame relay WAN connection and Routing and Remote Access servers that are configured with frame relay WAN adapters. Computers in each office will be configured to use the local Routing and Remote Access server as a default gateway.

You are planning the routing configuration for the Routing and Remote Access servers. You need to allow computers in Barcelona, Paris, and London to connect to computers in any office. You want to minimize routing traffic on the WAN connection.

What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. All servers run Windows Server 2003 and all client computers run Windows XP Professional.

You are planning a security update infrastructure. You need to find out which computers are exposed to known vulnerabilities. You need to collect the information on existing vulnerabilities for each computer every night. You want this process to occur automatically.

What should you do?

You are the network administrator for Contoso Pharmaceuticals. The network consists of a single Active Directory forest. The forest contains Windows Server 2003 servers and Windows XP Professional computers. The forest consists of a forest root domain named contoso.com and two child domains named child1.contoso.com and child2.contoso.com. The child1.contoso.com domain contains a member server named Server1. You configure Server1 to be an enterprise certification authority (CA), and you configure a user certificate template. You enable the Publish certificate in Active Directory setting in the certificate template. You instruct users in both the child1.contoso.com and the child2.contoso.com domains to enroll for user certificates.

You discover that the certificates for user accounts in the child1.contoso.com domain are being published to Active Directory, but the certificates for user accounts in the child2.contoso.com domain are not. You want certificates issued by Server1 to child2.contoso.com domain user accounts to be published in Active Directory.

What should you do?

You are a network administrator for Alpine Ski House. The internal network has an Active Directory-integrated zone for the alpineskihouse.org domain. Computers on the internal network use the Active Directory-integrated DNS service for all host name resolution. The Alpine Ski House Web site and DNS server are hosted at a local ISP. The public Web site for Alpine Ski House is accessed at www.alpineskihouse.com. The DNS server at the ISP hosts the alpineskihouse.com domain.

To improve support for the Web site, your company wants to move the Web site and DNS service from the ISP to the company’s perimeter network. The DNS server on the perimeter network must contain only the host (A) resource records for computers on the perimeter network. You install a Windows Server 2003 computer on the perimeter network to host the DNS service for the alpineskihouse.com domain.

You need to ensure that the computers on the internal network can properly resolve host names for all internal resources, all perimeter resources, and all Internet resources. Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains two Windows Server 2003 domain controllers, two Windows 2000 Server domain controllers, and two Windows NT Server 4.0 domain controllers. All file servers for the finance department are located in an organizational unit (OU) named Finance Servers. All file servers for the payroll department are located in an OU named Payroll Servers.

The Payroll Servers OU is a child OU of the Finance Servers OU. The company’s written security policy for the finance department states that departmental servers must have security settings that are enhanced from the default settings. The written security policy for the payroll department states that departmental servers must have enhanced security settings from the default settings, and auditing must be enabled for file or folder deletion. You need to plan the security policy settings for the finance and payroll departments.

What should you do?

You are the systems engineer for Contoso, Ltd. The internal network consists of a Windows NT 4.0 domain. The company maintains a separate network that contains publicly accessible Web and mail servers. These Web and mail servers are members of a DNS domain named contoso.com. The contoso.com zone is hosted by a UNIX-based DNS server running BIND 4.8.1. Contoso, Ltd., is planning to migrate to a Windows Server 2003 Active Directory domain-based network. The migration plan states that all client computers will be upgraded to Windows XP Professional and that all servers will be replaced with new computers running Windows Server 2003.

The migration plan specifies the following requirements for DNS in the new environment:

Active Directory data must not be accessible from the Internet. The DNS namespace must be contiguous to minimize confusion for users and administrators. Users must be able to connect to resources in the contoso.com domain. Users must be able to connect to resources located on the Internet.

The existing UNIX-based DNS server will continue to host the contoso.com domain. The existing UNIX-based DNS server cannot be upgraded or replaced.

You plan to install a Windows Server 2003 DNS server on the internal network. You need to configure this Windows-based DNS server to meet the requirements specified in the migration plan.

What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. You administer a Network Load Balancing cluster that consists of three nodes.

Each node runs Windows Server 2003 and contains a single network adapter. The Network Load Balancing cluster can run only in unicast mode. The Network Load Balancing cluster has converged successfully. To increase the utilization of the cluster, you decide to move a particular application to each node of the cluster.

For this application to run, you must add a Network Load Balancing port rule to the nodes of the cluster. You start Network Load Balancing Manager on the second node of the cluster. However, Network Load Balancing Manager displays a message that it cannot communicate with the other two nodes of the cluster. You want to add the port rule to the nodes of the cluster.

What should you do?

You are a network administrator for your company. The network contains a perimeter network.

The perimeter network contains four Windows Server 2003, Web Edition computers that are configured as a Network Load Balancing cluster. The cluster hosts an e-commerce Web site that must be available 24 hours per day. The cluster is located in a physically secure data center and uses an Internet-addressable virtual IP address.

All servers in the cluster are configured with the Hisecws.inf template. You need to implement protective measures against the cluster’s most significant security vulnerability.

What should you do?