You are a security administrator for your company. The network includes a public key infrastructure (PKI) that supports smart card logon. All client computers have smart card readers.

Managers are issued smart cards. Managers are required to use smart cards when logging on to client computers. You need to ensure that managers are required to use a smart card when logging on to any client computer and that all other users are required to use a smart card when logging on to a client computer assigned to a manager.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

You are a security administrator for your company. The network consists of an Active Directory forest that contains two domains. The domains are named treyresearch.com and litwareinc.com. All Active Directory domains are running at a Windows Server 2000 mixed mode functionality level.

Employees in the help desk department need to modify certain attributes of employee user accounts that reside in the treyresearch.com domain. The help desk department user accounts reside in the litwareinc.com domain.

You need to create a single group named Help Desk that contains all help desk department user accounts and that can be granted access to modify the employee user accounts in the treyresearch.com domain. What should you do?

You are a security administrator for your company. The network consists of two Active Directory domains. These domains each belong to separate Active Directory forests. The domain named graphicdesigninstitute.com is used primarily to support company employees. The domain named fineartschool.net is used to support company customers. The functional level of all domains is Windows Server 2003 interim mode.

A one-way external trust relationship exists in which the graphicdesigninstitute.com domain trusts the fineartschool.net domain. A Windows Server 2003 computer named Server1 is a member of the fineartschool.net domain. Server1 provides customers access to a Microsoft SQL Server 2000 database. The user accounts used by customers reside in the local account database on Server1. All of the customer user accounts belong to a local computer group named Customers. SQL Server is configured to use Windows lntegrated authentication. Your company has additional SQL Server 2000 databases that reside on three Windows Server 2003 computers. These computers are member servers in the graphicdesigninstitute.com domain.

The company’s written security policy states that customer user accounts must reside on computers in the fineartschool.net domain. You need to plan a strategy for providing customers with access to the additional databases.

You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

You are a security administrator for your company. The network consists of two Active Directory domains that are in separate Active Directory forests. No Active Directory trust relationships exist between the domains. All servers run Windows Server 2003. Client computers run either Windows XP Professional or Windows 2000 Professional. All domain controllers run Windows Server 2003.

You discover that users in one domain can obtain a list of account names for users in the other domain. This capability allows unauthorized users to guess passwords and to access confidential data.

You need to ensure that account names can be obtained only by users of the domain in which the accounts reside.

Which two actions should you perform on the domain controllers? (Each correct answer presents part of the solution. Choose two.)