You need to enable the Kerberos AES encryption option
Your company has two Active Directory forests named contoso.com and fabrikam.com. Both forests run only domain controllers that run Windows Server 2008. The domain functional level of contoso.com is Windows Server 2008. The domain functional level of fabrikam.com is Windows Server 2003 Native mode. You configure an external trust between contoso.com and fabrikam.com. You need to enable the Kerberos AES encryption option. What should you do?
You need to ensure that Server1 only resolves queries issued from client computers in the same subnet as Serve
Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 is configured as a DNS server. You need to ensure that Server1 only resolves queries issued from client computers in the same subnet as Server1. The solution must ensure that Server1 can resolve Internet host names. What should you do on Server1?
You need to apply the Messenger
You are a security administrator for your company. The network consists of a single Active Directory domain. Servers on the network run Windows Server 2003. All servers are in an organizational unit (OU) named Servers, or in OUs contained within the Servers OU.
Based on information in recent security bulletins, you want to apply settings from a security template named Messenger.inf to all servers on which the Messenger service is started. You do not want to apply these settings to servers on which the Messenger service is not started. You also do not want to move servers to other OUs.
You need to apply the Messenger.inf security template to the appropriate servers. What should you do?
You need to decrease the replication latency between the domain controllers
Your company has a main office and three branch offices. The company has an Active Directory forest that has a single domain. Each office has one domain controller. Each office is configured as an Active Directory site. All sites are connected with the DEFAULTIPSITELINK object. You need to decrease the replication latency between the domain controllers. What should you do?
You need to prevent the DHCP server from responding to DHCP client requests on LAN2
You have a DHCP server that runs Windows Server 2008 R2. The DHCP server has two network connections named LAN1 and LAN2.
You need to prevent the DHCP server from responding to DHCP client requests on LAN2. The server must continue to respond to non-DHCP client requests on LAN2.
What should you do?
You need to verify that the servers on the network meet the requirements in the written security policy
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All computers are members of the domain.
The company’s written security policy states that all servers must have the security settings that are specified in a security template named Verify.inf. The Verify.inf security template is copied to the Systemroot\Security\Templates folder on each server.
You need to verify that the servers on the network meet the requirements in the written security policy. What should you do?
Which tool should you use?
Your company has a branch office that is configured as a separate Active Directory site and has an Active Directory domain controller. The Active Directory site requires a local Global Catalog server to support a new application. You need to configure the domain controller as a Global Catalog server. Which tool should you use?
You need to reduce the size of the DHCP database
You have a DHCP server that runs Windows Server 2008 R2. You need to reduce the size of the DHCP database.
What should you do?
You need to ensure that users in the finance department do not receive the message
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows 2000 Professional.
You create two top-level organizational units (OUs). One OU is named Finance. The other OU is named Marketing. You place user and computer accounts for users in the marketing and finance departments in the corresponding OU. You create a Group Policy object (GPO) for each OU and link each GPO to the corresponding OU. The GPO linked to the Marketing OU is shown in the Marketing GPO exhibit, and the GPO linked to the Finance OU is shown in the Finance GPO exhibit. (Refer to the Exhibit.)
A client computer named Client1 is used by users in the marketing department. You reassign Client1 to users in the finance department. You move the computer object from the Marketing OU to the Finance OU. When you attempt to log on to Client1, you receive a message stating that the computer is intended for use by the marketing department only.
You need to ensure that users in the finance department do not receive the message. You want to achieve this goal without affecting users in the Marketing OU. What should you do?
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution
Your company has an organizational unit named Production. The Production organizational unit has a child organizational unit named R&D. You create a GPO named Software Deployment and link it to the Production organizational unit.
You create a shadow group for the R&D organizational unit. You need to deploy an application to users in the Production organizational unit.
You also need to ensure that the application is not deployed to users in the R&D organizational unit.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)