How should you modify the Default Domain Policy?
You have a single Active Directory directory service domain. All domain controllers run Windows Server 2003. You need to use Group Policy to audit when domain controllers are restarted. How should you modify the Default Domain Policy?
You need to achieve this goal by using the minimum amount of administrative effort
You are a network administrator for your company. The network consists of two Active Directory domains. You are responsible for administering one domain, which contains users who work in the sales department. User objects for the users in the sales department are stored in an organizational unit (OU) named Sales in your domain.
Users in the sales department use a public key infrastructure (PKI) enabled application that requires users to present client authentication certificates before they are granted access. You install Certificate Services on two member servers running Windows Server 2003. You configure one server as an enterprise subordinate certification authority (CA) and the other server as a stand-alone root CA.
You need to issue certificates that support client authentication to sales users only. You need to achieve this goal by using the minimum amount of administrative effort.
What should you do?
You need to ensure that users are notified when an autoenrollment failure occurs
You have a single Active Directory directory service domain with an enterprise certification authority (CA). You are creating a new Group Policy object (GPO) to perform certificate autoenrollment. You need to ensure that users are notified when an autoenrollment failure occurs. What should you do?
You need to ensure that the users of the Windows 98 computers can connect to shared resources on the Windows S
You are the administrator of a new network at Contoso, Ltd. The network consists of a single Active Directory domain. All servers run Windows Server 2003. Client computers run either Windows XP Professional or Windows 98. All Windows 98 computers have the Active Directory Client Extensions software installed. The network consists of three physical subnets.
Each subnet contains a domain controller and a server that runs DHCP. Each subnet also contains a server that runs both the DNS Server service and the WINS service. All client computers receive their TCP/IP configuration information from the DHCP server that is located on their local subnet. All servers except the domain controllers, the DHCP servers, and the DNS and WINS servers also receive their TCP/IP configuration information from the DHCP server that is located on their local subnet. All of the Windows 98 computers are located on a single subnet. The DHCP scope on this subnet is configured with the options shown in the exhibit.
All DHCP servers are configured with similar options. Users of the Windows 98 computers report that they cannot connect to resources on the Windows Server 2003 computers located on any subnet. When they attempt to connect to a shared resource by using \\servername\sharename in the Run command, they receive the following error messag* “Server .” The users can successfully connect to Web-based resources located on the same servers. When you attempt to connect to the servers by using the ping command on an affected Windows 98 computer, you can connect successfully.
The users of the Windows XP Professional computers do not report the same problems. You need to ensure that the users of the Windows 98 computers can connect to shared resources on the Windows Server 2003 computers.
What should you do?
Exhibit:
You need to prevent DC3 from performing intersite replication, and you must accomplish this goal without disru
Your company has a single Active Directory directory service forest with three domains. A site named Site1 has three domain controllers named DC1, DC2, and DC3. All three domain controllers have the same directory and application partitions. DC3 holds the PDC Emulator Master and RID Master roles. You need to prevent DC3 from performing intersite replication, and you must accomplish this goal without disrupting intrasite replication. What should you do?
You need to request a block of IP addresses from Humongous Insurance that will accommodate all Woodgrove Bank
You are the network administrator for Woodgrove Bank. The company has 20,000 users in 20 physical locations worldwide. The company is expecting to grow by 50 percent in the next five years. The company recently became a subsidiary of Humongous Insurance. Humongous Insurance has five other subsidiaries.
Humongous Insurance has 100,000 users in 100 physical locations worldwide. Humongous Insurance uses the 10.0.0.0/8 network and requires that all subsidiaries integrate into this network. The network design team at Woodgrove Bank provides you with a network design for integrating into the Humongous Insurance network.
The design specifies that Woodgrove Bank will use a single block of IP network numbers to assign IP addresses to its network. You need to plan the IP address space to meet the design specification. You need to request a block of IP addresses from Humongous Insurance that will accommodate all Woodgrove Bank users.
To reduce the difficulty of obtaining the addresses and to conserve the Humongous Insurance address space, you want to request the smallest block of IP addresses that meets the design specification.
What should you do?
You need to recover the deleted object before the change is replicated to DC2
You have a single Active Directory directory service domain with two domain controllers named DC1 and DC2. DC1 and DC2 are located in two Active Directory sites. Both domain controllers run Windows Server 2003 and are configured as global catalog servers. A domain user object is deleted on DC1. Replication has not yet occurred between DC1 and DC2. You need to recover the deleted object before the change is replicated to DC2. What should you do first?
Which two actions should you take? (Each correct answer presents part of the solution
You are the systems engineer for your company. The network consists of three physical networks connected by hardware-based routers. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. Each physical network contains at least one domain controller and at least one DNS server. One physical network contains a Microsoft Internet Security and Acceleration (ISA) Server array that provides Internet access for the entire company. The network also contains a certificate server.
Company management wants to ensure that all data is encrypted on the network and that all computers transmitting data on the network are authenticated. You decide to implement IPSec on all computers on the network. You edit the Default Domain Policy Group Policy object (GPO) to apply the Secure Server (Require Security) IPSec policy.
Users immediately report that they cannot access resources located in remote networks. You investigate and discover that all packets are being dropped by the routers. You also discover that Active Directory replication is not functioning between domain controllers in different networks. You need to revise your design and implementation to allow computers to communicate across the entire network. You also need to ensure that the authentication keys are stored encrypted.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
You need to install a new domain controller named DC2 in the contoso
You are the network administrator for Contoso Pharmaceuticals. The network consists of a single Active Directory domain named contoso.com. The domain contains three Windows Server 2003 domain controllers. A domain controller named DC2.contoso.com fails because of a hardware failure. You decide not to rebuild the domain controller. However, because several applications refer to DC2.contoso.com by its NetBIOS name, you need to provide a new domain controller that has the same name. You install a new Windows Server 2003 computer and name it DC2. You attempt to promote the server to a domain controller in the contoso.com domain. The promotion fails and you receive the following error message. You need to install a new domain controller named DC2 in the contoso.com domain. What should you do?
Which two actions should you take? (Each correct answer presents part of the solution
You are the network administrator for your company. The network consists of a single Active Directory domain. The company’s written security policy requires that computers in a file server role must have a minimum file size for event log settings. In the past, logged events were lost because the size of the event log files was too small. You want to ensure that the event log files are large enough to hold history. You also want the security event log to be cleared manually to ensure that no security information is lost. The application log must clear events as needed.
You create a security template named Fileserver.inf to meet the requirements. You need to test each file server and take the appropriate corrective action if needed. You audit a file server by using Fileserver.inf and receive the results shown in the exhibit.
You want to make only the changes that are required to meet the requirements.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
Exhibit: