Which two actions should you take? (Each correct answer presents part of the solution
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003.
When the network was designed, the design team set design specifications. After the network was implemented, the deployment team set baseline specifications. The specifications for broadcast traffic are:
The design specification requires that broadcast traffic must be 5 percent or less of total network traffic.
The baseline specification showed that the broadcast traffic is always 1 percent or less of total network traffic during normal operation.
You need to monitor the network traffic and find out if the level of broadcast traffic is within design and baseline specifications. You decide to use Network Monitor. After monitoring for 1 hour, you observe the results shown in the exhibit.
You need to report the results of your observations to management.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
Exhibit:
You need to ensure that the security settings in the GPO are applied immediately after linking the GPO to the
You have a single Active Directory directory service domain. All client computers run either Windows XP or Windows Vista and are in an organizational unit (OU) named Client Computers. You create a new Group Policy object (GPO) named Secure Desktop to apply security settings. You link the GPO to the Client Computers OU. You examine a users client computer and find that the security settings have not been applied. You need to ensure that the security settings in the GPO are applied immediately after linking the GPO to the OU. What should you do?
You need to view all IPSec policies that are being applied to Server1
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains a Windows Server 2003 computer named Server1 that is located in an organizational unit (OU) named Servers. Server1 contains confidential data, and all network communications with Server1 must be encrypted by using IPSec.
The default Client (Respond Only) IPSec policy is enabled in the Default Domain Policy Group Policy object (GPO). You create a new GPO and link it to the Servers OU. You configure the new GPO by creating and enabling a custom IPSec policy. You monitor and discover that network communications with Server1 are not being encrypted.
You need to view all IPSec policies that are being applied to Server1.
What should you do?
You need to create an organizational unit (OU) structure to support the GPO requirements
You are the network administrator for your company. The network consists of a single Active Directory domain. The following table shows the types and quantities of Windows Server 2003 Web and database servers in the domain. The computer accounts for the Web and database servers are located in the default Computers container. The domain also includes many organizational units (OU) that contain other computer accounts. Your company plans to use Group Policy objects (GPOs) to centrally apply security settings to the Web and database server computers. The settings need to be applied as follows: Some security settings need to apply to all Web and database servers. Some security settings need to apply to the nonproduction servers only. Some security settings need to apply to the production servers only and must not be overridden. Other security settings need to apply to specific server types only. You need to create an organizational unit (OU) structure to support the GPO requirements. You want to create as few GPOs and links as possible while using only the default security permissions for GPO links. You also want to limit the number of GPO links to one link per GPO. What should you do?
You need to provide Internet connectivity to users on Subnet2
You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains two IP subnets connected by a Windows Server 2003 computer running Routing and Remote Access. All servers run Windows Server 2003. All client computers run Windows XP Professional. Each subnet contains a domain controller. Each subnet contains a DHCP server, which provides TCP/IP configuration information to the computers on only its subnet. The relevant portion of the network is shown in the exhibit.
You recently implemented a Microsoft Internet Security and Acceleration (ISA) Server 2000 array on the network to provide Internet connectivity. The ISA Server array uses Network Load Balancing on the internal adapters. The array’s Network Load Balancing cluster address is 172.30.32.1.
You configure the DHCP server on Subnet1 to provide the array’s Network Load Balancing cluster address as the new default gateway. You configure the DHCP server on Subnet2 to provide the IP address 172.30.64.1 as the default gateway for Subnet2. Users on Subnet2 report that they cannot connect to Internet-based resources. They can successfully connect to resources located on Subnet1.
Users on Subnet1 can successfully connect to Internet- based resources. You investigate and discover that no Internet requests from computers on Subnet2 are being received by the ISA Server array. You need to provide Internet connectivity to users on Subnet2.
What should you do?
Exhibit:
You need to ensure that users in the Accounts OU can connect to Share1
You are the network administrator for your company. The network structure is shown in the exhibit.
The functional level of both forests is Windows Server 2003. All three domains are Active Directory domains. Domain3 contains a computer named Server1. A shared folder on Server1 is named Share1. Users in an organizational unit (OU) named Accounts in Domain2 need access to Share1. However, whenever the users in the Accounts OU attempt to connect to Share1, they receive an error message stating that access was denied. You need to ensure that users in the Accounts OU can connect to Share1. What should you do?
You need to ensure that you can change the value of the validity period of the certificate that users request
You are the network administrator for your company. The network contains a single Active Directory domain. All computers on the network are members of the domain. All domain controllers run Windows Server 2003. You are planning a public key infrastructure (PKI). The PKI design documents for your company specify that certificates that users request to encrypt files must have a validity period of two years.
The validity period of a Basic EFS certificate is one year. In the Certificates Templates console, you attempt to change the validity period for the Basic EFS certificate template.
However, the console does not allow you to change the value. You need to ensure that you can change the value of the validity period of the certificate that users request to encrypt files.
What should you do?
Which certificate template should you publish on the CA?
You have a single Active Directory directory service domain. You have a certification authority (CA) that runs on Windows Server 2003. Your company requires users to log on to their portable computers with two-factor authentication. You need to prepare your CA for two-factor authentication. Which certificate template should you publish on the CA?
You need to comply with the network design requirement
You are the network administrator for Tailspin Toys. The company has a main office and two branch offices. The network in the main office contains 10 servers and 100 client computers. Each branch office contains 5 servers and 50 client computers. Each branch office is connected to the main office by a direct T1 line. The network design requires that company IP addresses must be assigned from a single classful private IP address range. The network is assigned a class C private IP address range to allocate IP addresses for servers and client computers. Tailspin Toys acquires a company named Wingtip Toys.
The acquisition will increase the number of servers to 20 and the number of client computers to 200 in the main office. The acquisition is expected to increase the number of servers to 20 and the number of client computers to 200 in the branch offices. The acquisition will also add 10 more branch offices. After the acquisition, all branch offices will be the same size.
Each branch office will be connected to the main office by a direct T1 line. The new company will follow the Tailspin Toys network design requirements. You need to plan the IP addressing for the new company. You need to comply with the network design requirement.
What should you do?
You need to allow users to run only a defined set of executables
You have a single Active Directory directory service domain. All domain controllers run Windows Server 2003. You are configuring a software restriction policy. You need to allow users to run only a defined set of executables. What should you do?