You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory domain. All the servers in the domain run Windows Server 2008 and all client computers run Windows Vista.

One of the servers on the corporate network of the company runs Windows Server Update Services (WSUS) that obtains updates online from the Microsoft Update Web site.
To meet the security requirements of the company, you have recently deployed a secure network for the company. After which, the users on the network are unable to access the Internet and the network that contains the online WSUS server.

Which of the following options would you choose to recommend a patch management solution to deploy updates to the computers that are on the secure network? (Select two. Each correct answer will present a part of the solution.)

A.
Deploy a WSUS server on the secure network.

B.
Download the wsusscn2.cab file from the Microsoft Update Web site

C.
Copy the wsusscn2.cab file to a computer on the secure network.

D.
From the online WSUS server, copy the update metadata and the WSUS content to the WSUS server on the secure network.

E.
From the online WSUS server, regularly copy the web.config file and the default Web site home directory to the WSUS server on the secure network.

F.
Scan the entire secure network by running Microsoft Baseline Security Analyzer against the wsusscn2.cab file that you downloaded.

Explanation:

To recommend a patch management solution to deploy updates to the computers that are on the secure network, you need to deploy a WSUS server on the secure network. From the online WSUS server, copy the update metadata and the WSUS content to the WSUS server on the secure network.

If your environment demands a network segment be disconnected from the Internet, or disconnected from the rest of your network altogether, don’t think you need to resort to the “sneaker net” method of patch distribution. Simply build a stand-alone WSUS server and import updates from removable media such as tape or DVD-ROM.

The process of exporting the updates from an Internet-connected server, and then importing them into your disconnected one is well documented in the WSUS Deployment Guide. However, here are the steps at a high level to give you an idea of the process.
1. Build your stand-alone WSUS server and configure its language and express installation options to match that of the Internet-connected WSUS server that will provide updates.
2. Copy the update content directory from the Internet-connected WSUS server to removable media. Remember that this content directory may be quite large (multi-gigabytes) so you may need to resort to tape, dual-layer DVD, or external USB hard drive.
3. Export and copy the update metadata from the Internet-connected WUS server’s database to removable media.
4. Copy the update content from removable media onto the disconnected WSUS server.
5. Import the update metadata from removable media into the disconnected WUS server’s database.

Reference: Advanced Deployment Options / Offline Updates http://www.wsuswiki.com/AdvDeployOptions