Your company has multiple Active Directory directory service domains. All servers in your environment run Windows Server 2003. You need to apply a predefined security template to the domain controllers to ensure that network communications cannot be intercepted and decoded.
Which predefined template should you use?

You are a network administrator for your company. You need to test a new application. The application requires two processors and 2 GB of RAM. The application also requires shared folders on the application server and requires the installation of software on the client computers.
You create the test plan. You assemble a server in the test lab. You install Windows Server 2003, Web Edition on the server. You install the application on the server. You install the client software components for the application on 20 client computers in the test lab. You test the application. You discover that only some of the client computers can run the application. You turn off the client computers that ran the application successfully, and you test again. The client computers that failed in the first test now run the application successfully.
You need to identify the cause of the failure and update your test plan.
What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The network contains servers that have Terminal Server enabled. The terminal servers host legacy applications that currently require users to be members of the Power Users group. A new requirement in the company’s written security policy states that the Power Users group must be empty on all resource servers.
You need to maintain the ability to run the legacy applications on the terminal servers when the new security requirement is implemented.
What should you do?

Your company has an Active Directory directory service domain. All servers run Windows Server 2003 SP2. You need to create and test security policies based on multiple server roles. Which tool should you use?

Your company has a single Active Directory directory service domain. You create a Group Policy object (GPO) named Baseline and link it to an organizational unit (OU) named Member Computers. You need to ensure that any computer that is added to the domain by any user receives settings specified by the Baseline GPO.
What should you?

Your company has an Active Directory directory service domain. File servers run Windows Server 2003 and are joined to the domain. Client computers run Windows XP Professional. You need to encrypt data communications between file servers and client computers by using IPSec.
Which IPSec transport mode and IPSec authentication method should you use?

Your company has a single Active Directory domain. All servers in your environment run Windows Server 2003. You plan to remove all Terminal Services access for the domain controllers. You need to ensure that administrators can access domain controller console sessions locally and not remotely.
What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain.You are planning a public key infrastructure (PKI) for the company.
You want to ensure that users who log on to the domain receive a certificate that can be used to authenticate to Web sites.You create a new certificate template named User Authentication. You configure a Group Policy object (GPO) that applies to all users. The GPO specifies that user certificates must be enrolled when the policy is applied.
You install an enterprise certification authority (CA) on a computer that runs Windows Server 2003. Users report that when they log on, they do not have certificates to authenticate to Web sites that require certificate authentication.
You want to ensure that users receive certificates that can be used to authenticate to Web sites.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)

Your company has an Active Directory directory service domain. All servers in your environment run Windows Server 2003 and are members of the domain. You apply an IPSec policy to a Group Policy container that contains all servers. One server does not appear to have the policy applied. You need to identify which IPSec policies are being applied to the server.
Which tool should you use?