You are a security administrator for your company. The network consists of two Active Directory forests.

The first forest is named tailspintoys.com and contains domain controllers that run either Windows Server 2003 or Windows 2000 Server. The second forest is named wingtiptoys.com and contains domain controllers that run Windows Server 2003. No trust relationships are established.

A certification authority (CA) running Windows Server 2003 Certificate Services is deployed and all computers are issued a Computer certificate. A Windows Server 2003 computer named Server1 is a member of the wingtiptoys.com Active Directory domain. Server1 provides users in both domains access to a payroll application. You decide to implement IPSec to encrypt the payroll application data during transmission. You configure a custom IPSec policy named Payroll App on Server1 using the rules shown in the exhibit. (Refer to the Exhibit.)

You configure an IPSec default Client policy on the client computers in both Active Directory domains. During testing, you notice that client computers in the wingtiptoys.com Active Directory domain use IPSec when communicating with Server1. However, client computers in the tailspintoys.com Active Directory domain cannot communicate with Server1.

You need to enable all client computers to use IPSec when communicating with Server1. What should you do?

You are the security administrator of your network. The network consists of an Active Directory domain. All computers on the network are in the domain. The domain controllers and file servers on the network run Windows Server 2003. The client computers run Windows XP Professional.

The file servers use a custom IPSec policy named Server Traffic. The Server Traffic policy contains rules to encrypt Telnet and SNMP traffic, as shown in the exhibit. (Refer to the Exhibit.) All client computers use the Client (Respond Only) IPSec policy. The default exemptions to IPSec filtering are disabled on the client computer. You want to configure the network so that Telnet, SNMP, and Kerberos traffic is encrypted by IPSec.

You do not want to encrypt other network protocols. What should you do? (Each correct answer presents part of the solution. Choose two.)

You are a security administrator for your company. All servers run Windows Server 2003. All client computers run Windows XP Professional. The network is configured as shown in the Network Diagram exhibit. (Refer to the Exhibit.)

Users in the sales department use portable computers that are not connected to the company network. Each week sales users travel to the company’s main office and connect to the IEEE 802.11b wireless LAN (WLAN). The WLAN is configured as shown in the Wireless Configuration exhibit. (Refer to the Exhibit.) The WLAN hardware does not support IEEE 802.1x. Once a Week, sales users connect to the WLAN to retrieve confidential sales documents from file servers on the network.

You discover that unauthorized users intercepted data in sales documents while the documents were transmitted over the WLAN. You need to protect sales documents from being intercepted by unauthorized users. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The network contains three member servers named Server1, Server2, and Server3.

The three member servers are connected to the Internet. You plan to implement remote access to the company network for users that work from home. You configure and enable Routing and Remote Access on Server1 and Server2. An assistant, who is an administrator on all member servers, configures and enables Routing and Remote Access on Server3. Users from the domain can successfully establish VPN connections from the lnternet to Server1 and Server2. However, users cannot establish a VPN connection to Server3. You discover that Server3 can only authenticate Internet VPN connections from local user accounts.

You need to ensure that users from the domain can successfully establish a VPN connection to Server3. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All client computers run Windows XP Professional. All servers run Windows Server 2003. All computers on the network are members of the domain.

Traffic on the network is encrypted by IPSec. The domain contains a custom IPSec policy named Lan Security that applies to all computers in the domain. The Lan Security policy does not allow unsecured communication with non-lPSec-aware computers. The company’s written security policy states that the configuration of the domain and the configuration of the Lan Security policy must not be changed. The domain contains a multihomed server named Server1. Server1 is connected to the company network, and Server1 is also connected to a test network. Currently, the Lan Security IPSec policy applies to network traffic on both network adapters in Server1.

You need to configure Server1 so that it communicates on the test network without IPSec security. Server1 must still use the Lan Security policy when it communicates on the company network. How should you configure Server1?

You are a security administrator for your company. The company consists of two divisions. One division is named Coho Winery and is located in San Francisco. The other division is named Coho Vineyard and is located in Paris. Each division is connected to the lnternet by a 1. 544 Mbps WAN connection.

Coho Winery consists of a single Active Directory forest named cohowinery.com. All servers run Windows Server 2003. All client computers run Windows XP Professional. Coho Winery has a Microsoft SQL Server 2000 database that contains customer information. The SQL Server 2000 database is hosted on a Windows Server 2003 computer named Server1.

Coho Vineyard consists of a single Active Directory forest named cohovineyard.com. All servers run Windows 2000 Server. All client computers run Windows 2000 Professional or Windows NT Workstation. All computers run the latest service packs.

To enable data replication, you configure a new Windows Server 2003 computer named Server2 in the cohovineyard.com forest. You install SQL Server 2000 on Server2. Your database administrator configures the database on Server1 to replicate to Server2 every night.

Management reports that a competitor acquired confidential customer data. You determine that the competitor intercepted customer data as it replicated from Server1 to Server2. You decide to use IPSec to protect customer data as it replicates.

You need to configure an IPSec policy to protect customer data as it replicates. What should you do?