You need to ensure that all client computers receive valid IP addresses for their subnet even during times of
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
The network consists of three physical subnets, which correspond to the three buildings on the company’s campus, as shown in the Network Diagram exhibit.
All servers have manually configured IP addresses. All client computers receive their TCP/IP configuration information from a DHCP server located on the Building1 subnet.
The DHCP server has one scope configured for each subnet. Users on the Building2 subnet and the Building3 subnet report that they periodically cannot connect to network resources located on any subnet.
You discover that during times of high network usage, client computers in Building2 and Building3 are configured as shown in the Network Connection Details exhibit.
You need to ensure that all client computers receive valid IP addresses for their subnet even during times of high network usage.
What should you do?
Exhibit:
Which tool should you use?
Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista.
You are planning a security update infrastructure. You need to perform a security survey of the people, technology, and business processes in your environment.
Which tool should you use?
You need to ensure that all computers receive security updates, and you must reduce bandwidth requirements
Your company# s network is geographically dispersed across regions and is connected by slow WAN network connections. All servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You are planning a security update infrastructure. You will deploy a Windows Server Update Services (WSUS) server to each network location. You need to ensure that all computers receive security updates, and you must reduce bandwidth requirements.
What should you do?
Which ports should you specify?
Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. Client computers run Windows XP. Your network has multiple subnets.
You configure a server to run the Microsoft Baseline Security Analyzer (MBSA). You plan to create a Windows Firewall exception policy to allow remote scanning of security updates on all client computers.
You need to specify the ports that the policy must allow to open.
Which ports should you specify?
Which tool should you specify?
Your company has an Active Directory directory service domain. All servers run Windows Server 2003. You are developing a plan to reduce the number of attack surfaces on various servers.
You have the following requirements:
Deploy changes by using Group Policy. Analyze the roles that are installed on a given server. Be able to automatically roll back any changes.
Disable any functionality that is not needed for the roles that are installed. You need to specify the security management tool that meets these requirements.
Which tool should you specify?
You need to enable the auditing of failed attempts to modify group objects for the developer team
Your company has an Active Directory directory service domain . All servers run Windows Server 2003. Your company has the following Active Directory objects:
An organizational unit (OU) named Dev Users that contains user accounts for all developer team members
An OU named Dev Groups that contains group objects for the developer team
A Group Policy object (GPO) named Secure Dev Users that is linked to the Dev Users OU
A GPO named Secure Dev Groups that is linked to the Dev Groups OU
You need to enable the auditing of failed attempts to modify group objects for the developer team.
What should you do?
You need to support certificate autoenrollment for smart cards
Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You are planning a public key infrastructure (PKI) to issue smart card certificates.
You need to support certificate autoenrollment for smart cards.
What should you do first?
Which CA should you specify for your PKI?
Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You are designing a public key infrastructure (PKI) that uses Certificate Services.
You need to specify a certification authority (CA) that will issue certificates automatically.
Which CA should you specify for your PKI?
Which two actions should you perform? (Each correct answer presents part of the solution
Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You install an Enterprise root certification authority (CA). You create a child domain.
You add the computer account of the CA server to the Certificate Publishers Active Directory security group in the child domain. You need to ensure that all users in the child domain can enroll Computer certificates.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
You need to ensure that all users can get certificates
Your company has a single Active Directory directory service domain. You have a Stand-alone certification authority (CA). The URL for the CA# s certificate revocation list (CRL) Web server becomes invalid.
Users of certificates issued by the CA are unable to access the CRL. You need to ensure that all users can get certificates.
What should you do?