Which three actions should you perform? (Each correct answer presents part of the solution
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
Your company hosts an extranet Web site that allows employees from a partner company to access confidential information over the lnternet. You want to require the partner company employees to use certificate-based authentication to access the extranet Web site. You have a public key infrastructure (PKI), which consists of a stand-alone root certification authority (CA) and an enterprise subordinate CA. The partner company does not have a PKI. You decide to issue certificates from your CA hierarchy to the partner company employees. The partner company certificates will require a different certificate policy than the policy currently used for issuing certificates to internal employees. Certificate revocation checking will be used during certificate-based authentication. You need to implement the necessary PKI changes to comply with these requirements.
You want to achieve this goal by using the minimum amount of administrative effort. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
You need to ensure a user is able to modify records in the contoso
Your network consists of an Active Directory forest that contains one domain named contoso.com. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You have two Active Directory-integrated zones: contoso.com and nwtraders.com. You need to ensure a user is able to modify records in the contoso.com zone. You must prevent the user from modifying the SOA record in the nwtraders.com zone. What should you do?
You need to ensure that employees can access only their company’s Web application
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
Your company hosts Web applications for customers. Each customer is a company that has multiple employees who require access to the Web applications. Each customer has one Web application. Each Web application is configured as a virtual directory. You configure a user account for each customer. You assign this account permission to read the virtual directory that contains the customer’s Web application. You need to ensure that employees can access only their company’s Web application.
You must accomplish this task without requiring customers to disclose passwords. What should you do?
Which two actions should you perform? (Each correct answer presents part of the solution
Your company has an Active Directory forest that runs at the functional level of Windows Server 2008.
You implement Active Directory Rights Management Services (AD RMS).
You install Microsoft SQL Server 2005. When you attempt to open the AD RMS administration Web site, you receive the following error message: “SQL Server does not exist or access denied.”
You need to open the AD RMS administration Web site.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
You need to reduce the number of help desk calls related to account lockout
You are a security administrator for your company. The network consists of a single Active Directory domain. Servers run either Windows Server 2003 or Windows 2000 Server. All client computers run Windows XP Professional.
The company’s written security policy states that user accounts must be locked if an unauthorized user attempts to guess the users, passwords. The current account policy locks out a user after two invalid password attempts in five minutes. The user remains locked out until the account is reset by an administrator. Users frequently call the help desk to have their account unlocked. Calls related to account lockout constitute 25 percent of help desk calls.
You need to reduce the number of help desk calls related to account lockout. What should you do?
You need to ensure that DC2 holds the Schema Master role
Your company has an Active Directory domain. The company has two domain controllers named DC1 and DC2. DC1 holds the Schema Master role.
DC1 fails. You log on to Active Directory by using the administrator account. You are not able to transfer the Schema Master operations role.
You need to ensure that DC2 holds the Schema Master role.
What should you do?
Which three types of groups should you choose?(Each correct answer presents part of the solution
You are a security administrator for your company. The network consists of two Active Directory domains named adatum.com and proseware.com. These domains are in the same Active Directory forest. The adatum.com Active Directory domain operates at a Windows 2000 mixed mode domain functional level. The proseware.com Active Directory domain operates at a Windows 2000 native mode domain functional level.
An application runs on four Windows Server 2003 computers. These computers are domain member servers in the adatum.com Active Directory domain. Authorized users in both the adatum.com and the proseware.com domains require access to this application. The network is depicted in the exhibit. (Refer to the Exhibit.)
You need to plan an authorization model to control user access to the application. You will place adatum.com user accounts in a group named Adatum AppUsers. You will place proseware.com user accounts in a group named Proseware AppUsers. You will use a group named AppResources to assign permissions that allow access to the application.
You need to choose the appropriate types of groups to implement your plan. Which three types of groups should you choose?(Each correct answer presents part of the solution. Choose three.)
You need to create new organizational units in the AD LDS application directory partition
Your company has a server that runs an instance of Active Directory Lightweight Directory Service (AD LDS). You need to create new organizational units in the AD LDS application directory partition. What should you do?
You need to ensure that Server1 authenticates users based on possession of their certificate
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows 2000 Professional.
You manage a Windows Server 2003 computer named Server1 that is a domain member server. You use IIS on Server1 to host an Internet Web site. Approximately 4,000 employees of your company connect over the lnternet to access company confidential data on Server1. You control access to data on Server1 by using NTFS file permissions assigned to groups. Different groups are assigned access to different files. Employees must have access only to files that they are assigned access to based on their membership in a group. You enable SSL on Server1 to protect confidential data while it is in transit. You issue each employee an Authenticated Session certificate and store a copy of that certificate with their user account in the Active Directory domain.
You need to ensure that Server1 authenticates users based on possession of their certificate. What should you do?
You need to ensure that the DNS service can update records and resolve DNS queries in the event that a WAN lin
Your company, Contoso Ltd has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named ad.contoso.com.
The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primary zone.
You install a new domain controller named DC2 in the branch office. You install DNS on DC2.
You need to ensure that the DNS service can update records and resolve DNS queries in the event that a WAN link fails.
What should you do?