You need to ensure that when sales department users log on to the public computers…
You have a single Active Directory directory service domain. All user accounts in the sales department are in an organizational unit (OU) named Sales. Your company has five public computers that are members of the domain. You notice a sales tracking application on one of the public computers. You verify that this application is assigned to users in the Sales OU through a Group Policy object (GPO). You need to ensure that when sales department users log on to the public computers, the applications that are assigned to the Sales OU are not made available on the public computers. What should you do?
You need to improve the response time of the application
You are the network administrator for your company. All servers run Windows Server 2003. The network contains two Web servers named Server1 and Server2 and three application servers named Server3, Server4, and Server5. All five servers have similar hardware. The servers are configured as Network Load Balancing clusters, as shown in the exhibit.
A Web services application hosted on Server1 and Server2 communicates to application components hosted on Server3, Server4, and Server5 by using the IP address 10.1.20.11. The application is designed to be stateless. The Network Load Balancing settings for each server are listed in the following table.
Host Filtering mode Host priority Affinity Load Server1 Multiple Single Equal Server2 Multiple Single Equal Server3 Multiple Single Equal
You need to improve the response time of the application.
What should you do?
Exhibit:
You need to allow computers in the Sales OU to run software that is not approved while maintaining other requi
You have a single Active Directory directory service domain. All domain controllers run Windows Server 2003. All client computers run Windows Vista. The computers in the sales department are located in an organizational unit (OU) named Sales. You use a Default Domain Policy to configure company user and computer settings. You configure a software restriction policy for the domain. The policy prevents users from running software that is not approved. You need to allow computers in the Sales OU to run software that is not approved while maintaining other required settings. What should you do?
You need to create a plan to identify the problem computer
You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains an application server running Windows Server 2003.
Users report intermittent slow performance when they access the application server throughout the day. You find out that the network interface on the application server is being heavily used during the periods of slow performance. You suspect that a single computer is causing the problem. You need to create a plan to identify the problem computer.
What should you do?
You need to ensure that the correct logon script is applied to the IT staff users based on group membership an
You are the network administrator for your company. The network consists of a single Active Directory domain with three sites. There is a domain controller at each site. All servers run Windows Server 2003. Each client computer runs either Windows 2000 Professional or Windows XP Professional. The IT staff is organized into four groups. The IT staff works at the three different sites. The computers for the IT staff must be configured by using scripts. The script or scripts must run differently based on which site the IT staff user is logging on to and which of the four groups the IT staff user is a member of. You need to ensure that the correct logon script is applied to the IT staff users based on group membership and site location. What should you do?
Which two actions should you take? (Each correct answer presents part of the solution
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. You are planning a public key infrastructure (PKI) for the company. You want to ensure that users who log on to the domain receive a certificate that can be used to authenticate to Web sites.
You create a new certificate template named User Authentication. You configure a Group Policy object (GPO) that applies to all users. The GPO specifies that user certificates must be enrolled when the policy is applied. You install an enterprise certification authority (CA) on a computer that runs Windows Server 2003.
Users report that when they log on, they do not have certificates to authenticate to Web sites that require certificate authentication. You want to ensure that users receive certificates that can be used to authenticate to Web sites.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution
You have a single Active Directory directory service domain. All users are located in an organizational unit (OU) named ContosoUsers. All client computer accounts are located in an OU named ContosoComputers. You need to deploy a new application to all users. The application shortcut must be available the next time the users log on. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
You need to comply with the written security policy
You are a network administrator for your company. The company has a main office and one branch office. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The company needs to connect the main office network and the branch office network by using Routing and Remote Access servers at each office. The networks will be connected by a VPN connection over the Internet.
The company’s written security policy includes the following requirements for VPN connections over the Internet. All data must be encrypted with end-to-end encryption. VPN connection authentication must be at the computer level. Credential information must not be transmitted over the Internet as part of the authentication process.
You need to configure security for VPN connection between the main office and the branch office. You need to comply with the written security policy.
What should you do?
You need to minimize the number of GPO links
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain includes an organizational unit (OU) named Processing. There are 100 computer accounts in the Processing OU. You create a Group Policy object (GPO) named NetworkSecurity and link it to the domain. You configure NetworkSecurity to enable security settings through the Computer Configuration section of the Group Policy settings. You need to ensure that NetworkSecurity will apply only to the computers in the Processing OU. You need to minimize the number of GPO links. What should you do?
You need to choose a secure authentication method
You are the network administrator for your company. The network consists of a single Active Directory domain. The company has remote users in the sales department who work from home. The remote users’ client computers run Windows XP Professional, and they are not members of the domain.
The remote users’ client computers have local Internet access through an ISP. The company is deploying a Windows Server 2003 computer named Server1 that has Routing and Remote Access installed. Server1 will function as a VPN server, and the remote users will use it to connect to the company network.
Confidential research data will be transmitted from the remote users’ client computers. Security is critical to the company and Server1 must protect the remote users’ data transmissions to the main office. The remote client computers will use L2TP/IPSec to connect to the VPN server. You need to choose a secure authentication method.
What should you do?