You are a security administrator for your company. The network consists of two Active Directory domains that are in separate Active Directory forests. No Active Directory trust relationships exist between the domains. All servers run Windows Server 2003. Client computers run either Windows XP Professional or Windows 2000 Professional. All domain controllers run Windows Server 2003.
You discover that users in one domain can obtain a list of account names for users in the other domain. This capability allows unauthorized users to guess passwords and to access confidential data.
You need to ensure that account names can be obtained only by users of the domain in which the accounts reside.
Which two actions should you perform on the domain controllers? (Each correct answer presents part of the solution. Choose two.)

A.
Apply a security template that disables the Network access: Allow anonymous SID/Name translation setting.

B.
Apply a security template that enables the Network access: Do not allow anonymous enumeration of SAM accounts setting.

C.
Apply a security template that enables the Network security: Do not store LAN Manager hash value on next password change setting.

D.
Apply a security template that sets the Domain controller: LDAP server signing requirements setting to Require signing.