Your company has a main office and a branch office that are configured as a single Active
Directory forest. The functional level of the Active Directory forest is Windows Server 2003.
There are four Windows Server 2003 domain controllers in the main office.
You need to ensure that you are able to deploy a read-only domain controller (RODC) at the
branch office.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

Your company has an Active Directory forest that contains Windows Server 2008 R2 domain
controllers and DNS servers. All client computers run Windows XP SP3.
You need to use your client computers to edit domain-based GPOs by using the ADMX files
that are stored in the ADMX central store.
What should you do?

Your company has a domain controller that runs Windows Server 2008. The domain
controller has the backup features installed.
You need to perform a non-authoritative restore of the doman controller using an existing
backup file.
What should you do?

Your company has an Active Directory domain. All servers run Windows Server.
You deploy a Certification Authority (CA) server.
You create a new global security group named CertIssuers.
You need to ensure that members of the CertIssuers group can issue, approve, and revoke
certificates.
What should you do?

Your company has an Active Directory domain. The company has purchased 100 new
computers. You want to deploy the computers as members of the domain.
You need to create the computer accounts in an OU.
What should you do?

Your network consists of a single Active Directory domain. You have a domain controller and
a member server that run Windows Server 2008 R2. Both servers are configured as DNS
servers. Client computers run either Windows XP Service Pack 3 or Windows 7.
You have a standard primary zone on the domain controller. The member server hosts a
secondary copy of the zone.
You need to ensure that only authenticated users are allowed to update host (A) records in
the DNS zone.
What should you do first?

Your company has two domain controllers that are configured as internal DNS servers. All
zones on the DNS servers are Active Directory-integrated zones. The zones allow all
dynamic updates.
You discover that the contoso.com zone has multiple entries for the host names of
computers that do not exist.
You need to configure the contoso.com zone to automatically remove expired records.
What should you do?

You have a Windows Server 2008 R2 Enterprise Root certification authority (CA).
You need to grant members of the Account Operators group the ability to only manage Basic
EFS certificates.
You grant the Account Operators group the Issue and Manage Certificates permission on
the CA.

Which three tasks should you perform next? (Each correct answer presents part of the
solution.
Choose three.)

You have an Active Directory domain that runs Windows Server 2008 R2.
You need to implement a certification authority (CA) server that meets the following
requirements:
Allows the certification authority to automatically issue certificates
Integrates with Active Directory Domain Services
What should you do?

Your company has an Active Directory domain. You have a two-tier PKI infrastructure that
contains an offline root CA and an online issuing C