You need to enable all client computers to use IPSec when communicating with both Server1 and Server2
You are a security administrator for your company. The network consists of two Active Directory domains named tailspintoys.com and wingtiptoys.com. Each domain resides in a separate Active Directory forest and no trust relationships are established.
The Active Directory domains each contain an certification authority (CA) running Windows Server 2003 Certificate Services. These computers are named CA1 and CA2. Each CA belongs to separate and isolated CA hierarchies. Computers trust only the CA in their Active Directory domain. All computers are issued a standard Computer certificate from the CA in their Active Directory domain. Two Windows Server 2003 computers named Server1 and Server2 function as file servers as shown in the exhibit. (Refer to the Exhibit.)
Users from both domains access confidential data on both Server1 and Server2. You decide to implement IPSec to encrypt the file data during transmission. You configure an IPSec policy that uses ertificate-based IPSec authentication on both servers to encrypt file data transmissions. You configure an IPSec policy that uses certificate-based IPSec authentication on the client computers in both Active Directory domains to encrypt file data transmissions to Server1 and Server2. During testing, you notice that client computers use IPSec only when communicating with the file server in the same Active Directory domain.
You need to enable all client computers to use IPSec when communicating with both Server1 and Server2. What should you do?
Which two actions should you perform? (Each correct answer presents part of the solution
Your company has an Active Directory forest. The company has branch offices in three locations. Each location has an organizational unit. You need to ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational units. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
Which two actions should you perform? (Each correct answer presents part of the solution
Your company has a single Active Directory forest that has six domains. All DNS servers in the forest run Windows Server 2008 R2.
You need to ensure that all public DNS queries are channeled through a single-caching-only DNS server.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
You need to configure the WLAN to authenticate employees and external users
You are a security administrator for Contoso, Ltd. The network consists of two Active Directory forests named contoso.com and public.contoso.com. All servers run Windows Server 2003. All client computers run Windows XP Professional.
The network consists of an IEEE 802.11b wireless LAN (WLAN). Employees and external users use the WLAN. User accounts for employees are located in the contoso.com forest. User accounts for external users are located in the public.contoso.com forest. External users, computers do not have computer accounts in the public.contoso.com forest. To increase security, you upgrade the network hardware to support IEEE 802.1x. You configure a public key infrastructure (PKI). You issue Client Authentication certificates to employees, to client computers used by employees, and to external users.
You need to configure the WLAN to authenticate employees and external users. What should you do?
You need to remove the Active Directory Domain Services role from a domain controller named DC1
You need to remove the Active Directory Domain Services role from a domain controller named DC1. What should you do?
Which two actions should you perform? (Each correct answer presents part of the solution
Your company uses Active Directory-integrated DNS. Users require access to the Internet. You run a network capture. You notice the DNS server is sending DNS name resolution queries to a server named f.root-servers.net.
You need to prevent the DNS server from sending queries to f.root-servers.net. The server must be able to resolve names for Internet hosts.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
You need to ensure that users can encrypt files that are stored on Server1
You are a security administrator for your company. The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003. All client computers run Windows XP Professional.
Users store files on a server named Server1. These files are confidential and must be encrypted at all times while on Server1. You configure a new certification authority (CA) and issue certificates that support Encrypting File System (EFS) to all users. Users report that they cannot encrypt files that are stored on Server1. They report that they can encrypt files that are stored locally on their client computers.
You need to ensure that users can encrypt files that are stored on Server1. What should you do?
You need to restore the operating system and all files
Your company has a domain controller server that runs the Windows Server 2008 R2 operating system. The server is a backup server. The server has a single 500-GB hard disk that has three partitions for the operating system, applications, and data. You perform daily backups of the server.
The hard disk fails. You replace the hard disk with a new hard disk of the same capacity. You restart the computer on the installation media. You select the Repair your computer option.
You need to restore the operating system and all files.
What should you do?
You need to configure Server1 to resolve single-label names
Your network contains an Active Directory forest named fabrikam.com. The forest contains a DNS server named Server1. You need to configure Server1 to resolve single-label names. What should you do?
You need to ensure that Kim can log on and change her password
You are a security administrator for Contoso, Ltd. The network consists of a single Active Directory domain named contoso.com. All servers run Windows Server 2003. All client computers run Windows XP Professional. All computers are members of the domain.
The company has a main office and three branch offices. Each office is configured as an Active Directory site. Each site contains domain controllers. A domain user named Kim reports that she forgot her password. She works in one of the branch offices. A des op support technician in the main office resets Kim’s password, enables the User must change password at next logon option on Kim’s user account, and then tells Kim the new password. Kim attempts to log on by using her new password and reports that she cannot change the password at logon. You investigate the problem. Kim’s user account is not locked out, and it is not disabled. Permissions for the user account are shown in the exhibit. (Refer to the Exhibit.)
You need to ensure that Kim can log on and change her password. What should you do?
