Your company has an Active Directory directory service domain. The internal network includes two DNS servers that run Windows Server 2003. All client computers run Windows 7 and use these two DNS servers for name resolution. From the Root Hints tab, you remove all root hints from both DNS servers. You need to ensure that client computers can access Internet sites by using domain names and can continue resolving internal network addresses. What should you do?

Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You need to define a new IPSec policy for the domain. What should you use?

You are the systems engineer for your company. The network consists of three physical networks connected by hardware-based routers. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. Each physical network contains at least one domain controller and at least one DNS server. One physical network contains a Microsoft Internet Security and Acceleration (ISA) Server array that provides Internet access for the entire company. The network also contains a certificate server. Company management wants to ensure that all data is encrypted on the network and that all computers transmitting data on the network are authenticated.
You decide to implement IPSec on all computers on the network. You edit the Default Domain Policy Group Policy object (GPO) to apply the Secure Server (Require Security) IPSec policy.
Users immediately report that they cannot access resources located in remote networks. You investigate and discover that all packets are being dropped by the routers. You also discover that Active Directory replication is not functioning between domain controllers in different networks. You need to revise your design and implementation to allow computers to communicate across the entire network. You also need to ensure that the authentication keys are stored encrypted.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)

You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains a Windows Server 2003 computer named Server1 that is located in an organizational unit (OU) named Servers. Server1 contains confidential data, and all network communications with Server1 must be encrypted by using IPSec. The default Client (Respond Only) IPSec policy is enabled in the Default Domain Policy Group Policy object (GPO).
You create a new GPO and link it to the Servers OU. You configure the new GPO by creating and enabling a custom IPSec policy. You monitor and discover that network communications with Server1 are not being encrypted. You need to view all IPSec policies that are being applied to Server1.
What should you do?

All servers in your environment run Windows Server 2003. You need to modify the IPSec configuration on the servers. Which command-line tool should you use?

All client computers on your companys internal network have dynamically assigned IP addresses. You set up the Routing and Remote Access service (RRAS) with the NAT/Basic Firewall routing protocol on a server that runs Windows Server 2003. The RRAS server has two network adapters. You configure the internal (private) network adapter with a static private IP address. You configure the external (public) network adapter with a static public IP address. You need to ensure that client computers can connect to the Internet.
What should you do?

Your network consists of two subnets named SubnetA and SubnetB. SubnetA contains a server that runs Windows Server 2003 with the WINS Server role installed. It also contains client computers that run Windows XP and use WINS for name resolution. SubnetB contains client computers that run third-party operating systems and use broadcasts for name resolution. Client computers on SubnetB cannot resolve the NetBIOS names of any computers on SubnetA.
You need to provide NetBIOS name resolution for all client computers.
What should you do?

Your company has a primary DNS server that runs Windows Server 2003. You configure forwarders on the DNS server. You need to ensure that the primary DNS server can query other DNS servers. What should you do?

All the servers in your environment run Windows Server 2003. You plan to monitor network traffic that is generated by the servers. You need to capture the network traffic and identify the server processes that are generating the traffic. Which tool should you use?

Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You assign a persistent IPSec policy to a member server by using Group Policy. You need to ensure that inbound communication is permitted only in response to outbound traffic from the member server until Group Policy applies the IPSec policy.
What should you do?