Which two actions should you take? (Each
You are a network administrator for Fabrikam, Inc. The network consists of a single Active Directory domain
named fabrikam.com. All servers run Windows Server 2003. All client computers run Windows XP
Professional. The company restricts all users so that they can use only authorized applications. All domain
users are authorized to use the Microsoft Office suite of applications. Members of a security group named
CRM Users are also authorized to use a customer relationship management (CRM) application. You
configure Group Policy objects (GPOs) as shown in the exhibit.
The Office Applications GPO has only the Microsoft Office applications listed as allowed applications. The CRM
Application GPO has only the CRM application listed as an allowed application. The CRM Application GPO
has security settings so that it applies only to members of the CRM Users security group. Users who are
members of the CRM Users security group report that they cannot run the CRM application. You need to
reconfigure the domain to meet the following requirements: All users must be able to run the Microsoft
Office applications. Members of the CRM Users security group must be able to run the CRM application. All
users must be prevented from running unauthorized software.Which two actions should you take? (Each
correct answer presents part of the solution. Choose two.)
You need to achieve this goal by using the minimum amount of administrative effort
You are a network adminstrator for your company. You install an intranet application on three Windows Server 2003 computers. You configure the servers as a Network Load Balancing cluster. You configure each server with two network adapters. One network adapter provides client computers access to the servers. The second network adapter is for cluster communications. Cluster communications is on a separate network segment. The network team wants to reduce the cluster’s vulnerability to attack. These servers need to be highly available. The network team decides that the Network Load Balancing cluster needs to filter IP ports. The team wants the cluster to allow only the ports that are required for the intranet application. You need to implement filtering so that only the intranet application ports are available on the cluster. You need to achieve this goal by using the minimum amount of administrative effort.
What should you do?
You need to ensure that all security settings for the application servers are standardized…
You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 50 application servers that run Windows Server 2003. The security configuration of the application servers is not uniform. The application servers were deployed by local administrators who configured the settings for each of the application servers differently based on their knowledge and skills. The application servers are configured with different authentication methods, audit settings, and account policy settings. The security team recently completed a new network security design. The design includes a baseline configuration for security settings on all servers. The baseline security settings use the Hisecws.inf predefined security template. The design also requires modified settings for servers in an application role. These settings include system service startup requirements, renaming the administrator account, and more stringent account lockout policies. The security team created a security template named Application.inf that contains the modified settings. You need to plan the deployment of the new security design. You need to ensure that all security settings for the application servers are standardized, and that after the deployment, the security settings on all application servers meet the design requirements.
What should you do?
You need to configure DC1
You are the network administrator for your company. The company consists of two subsidiaries named
Contoso, Ltd., and Fabrikam, Inc. The network consists of a single Active Directory forest that contains
three domains. The domain and site configuration is shown in the exhibit.
A computer named DC1.asia.contoso.com is a domain controller in the asia.contoso.com domain. DC1.asia.
contoso.com is also a global catalog server and the preferred bridgehead server for AsiaSite. The Active
Directory database on on DC1.asia.contoso.com contains 1 GB of data. The Asia departments in the
company are implementing an Active Directory-enabled application. You expect size of the database on
DC1.asia.contoso.com to increase by 200 MB. Active Directory stops responding on DC1.asia.contoso.com.
You discover that the hard disk has less than 5 MB of space remaining. You need to configure DC1.asia.
contoso.com so that Active Directory can restart. You also need to configure the server so that additional
space is available on the hard disk for the additional data that will be added to the Active Directory database.
What should you do?
You need to minimize Active Directory replication traffic across the WAN connections
You are a network administrator for your company. The network consists of a single Active Directory forest that contains three domains. The functional level of the forest and of all three domains is Window Server 2003. The company has a main office and 30 branch offices. Each branch office is connected to the main office by a 56-Kbps WAN connection.
You configure the main office and each branch office as a separate Active Directory site. You deploy a Windows Server 2003 domain controller at the main office and at each branch office. Each domain controller is configured as a DNS server. You can log on to the network from client computers in the branch offices at any time.
However, users in the branch offices report that they cannot log on to the network during peak hours. You need to allow users to log on to the network from branch office computers. You do not want to affect the performance of the branch office domain controllers. You need to minimize Active Directory replication traffic across the WAN connections.
What should you do?
You need to ensure that the Group Policy settings are applied to the client computer
You have a single Active Directory directory service domain. You use a Group Policy object (GPO) to apply security settings to your client computers. You configure the startup type for system services settings in a new GPO, and you link the GPO to an organizational unit (OU). You discover that the startup type for system services on one of the client computers has not been updated. You need to ensure that the Group Policy settings are applied to the client computer. What should you do?
You need to ensure that traffic destined for only the cluster nodes is not sent to all ports of the switching
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. You administer a four-node Network Load Balancing cluster. All nodes run Windows Server 2003. The cluster has converged successfully.
You use Network Load Balancing Manager on the default host to configure all nodes of the cluster. The nodes have a single network adapter and are connected to the same switching hub device. Administrators of non-cluster servers that are connected to the same switching hub device report that their servers receive traffic that is destined for the cluster nodes. Receiving this additional network traffic impairs the network performance of the non-cluster servers.
You need to ensure that traffic destined for only the cluster nodes is not sent to all ports of the switching hub device. You do not want to move the cluster to another switching hub device.
What should you do?
You need to ensure that when the new version is installed, users do not lose any personal settings that they m
Your company uses a third-party application that is packaged as a Windows Installer file (MSI) and deployed through a Group Policy object (GPO). You are deploying an update to all client computers that have the application installed. You place the MSI file in a shared folder on a file server. You need to ensure that when the new version is installed, users do not lose any personal settings that they made in the existing version. What should you do?
You need to plan how to monitor the application server and to have a message generated when broadcast traffic
You are the network administrator for your company. The network contains an application server running Windows Server 2003. Users report that the application server intermittently responds slowly. When the application server is responding slowly, requests that normally take 1 second to complete take more than 30 seconds to complete.
You suspect that the slow server response is because of high broadcast traffic on the network. You need to plan how to monitor the application server and to have a message generated when broadcast traffic is high. You also want to minimize the creation of false alarms when nonbroadcast traffic is high.
What should you do?
Which three courses of action should you take? (Each correct answer presents part of the solution
You are the network administrator for Southridge Video. The network consists of a single Active Directory domain named southridgevideo.com. The domain contains one domain controller. All servers run Windows Server 2003. All client computers run Windows XP Professional. The company uses Group Policy objects (GPOs) to configure user and computer settings. The Active Directory database and the SYSVOL shared folder are stored on separate hard disks. The hard disk containing the SYSVOL folder fails. Some Group Policy settings are still applied, but new users do not receive the Group Policy settings. You replace the failed disk. You discover that there are no valid backups of the SYSVOL folder. You have a list of GUIDs and friendly names for each GPO. On the new disk, you create a new shared folder named SYSVOL in the same location as the previous SYSVOL folder. You need to configure the network so hat the user and computer settings will be applied to all users. Which three courses of action should you take? (Each correct answer presents part of the solution. Choose three.)