You need to be able to create the new child domain
You are the network administrator for Contoso, Ltd. The network consists of a single Active Directory forest that contains a single domain named contoso.com. You have a user account named CONTOSO\admin that is a member of the Domain Admins global group. You need to create a new child domain named NA.contoso.com in the forest. You install a stand-alone Windows Server 2003 computer named DC3. You use the Active Directory Installation Wizard to promote DC3 to a domain controller in the new domain. You choose to create a domain controller for a new child domain in an existing domain tree.
You enter the user name and password for CONTOSO\admin. You choose contoso.com as the parent domain, and you type NA as the name of the child domain. You receive the error message shown in the exhibit.
You need to be able to create the new child domain. What should you do?
You need to delegate the tasks to issue, approve, and revoke certificates to members of the Cert Administrator
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain.
The domain contains a Windows Server 2003 computer named Server1. You are planning a public key infrastructure (PKI) for the company.
You want to deploy a certification authority (CA) on Server1. You create a new global security group named Cert Administrators. You need to delegate the tasks to issue, approve, and revoke certificates to members of the Cert Administrators group.
What should you do?
You need to ascertain the effect that the move will have on the applications that are assigned to the computer
You have a single Active Directory directory service domain. You use Group Policy to assign applications. A computer named Desktop1 must be moved to a different organizational unit (OU). You need to ascertain the effect that the move will have on the applications that are assigned to the computer account. What should you do?
You need to comply with the design requirements
You are the network administrator for your company. The network consists of a single Active Directory domain. The company has an internal network and a perimeter network. The internal network is protected by a firewall. Application servers on the perimeter network are accessible from the Internet.
You are deploying 10 Windows Server 2003 computers in application server roles. The servers will be located in the perimeter network and will not be members of the domain. The servers will host only publicly available Web pages. The network design requires that custom security settings must be applied to the application servers.
These custom security settings must be automatically refreshed every day to ensure compliance with the design. You create a custom security template named Baseline1.inf for the application servers. You need to comply with the design requirements.
What should you do?
You need to ensure that the Windows Server 2003 Administration Tools Pack is removed from a users computer whe
You have a single Active Directory directory service domain. All users in the IT department are placed into an organizational unit (OU) named IT Users. A Group Policy object (GPO) is linked to the IT Users OU. The GPO assigns a software installation package to install the Windows Server 2003 Administration Tools Pack. You select the Install this application at logon option in the software installation package. A user has been removed from the IT Users OU, but she still has the Windows Server Administration Tools Pack on her computer. You need to ensure that the Windows Server 2003 Administration Tools Pack is removed from a users computer when the user is moved from the IT Users OU. What should you do?
Which two actions should you take? (Each correct answer presents part of the solution
You are the network administrator for your company. The network contains Windows Server 2003 computers and Windows XP Professional computers. The company deploys two DNS servers. Both DNS servers run Windows Server 2003. One DNS server is inside of the corporate firewall, and the other DNS server is outside of the firewall.
The external DNS server provides name resolution for the external Internet name of the company on the Internet, and it is configured with root hints.
The internal DNS server hosts the DNS zones related to the internal network configuration, and it is not configured with root hints.You want to limit the exposure of the client computers to DNS-related attacks from the Internet, without limiting their access to Internet-based sites.
Which two actions should you take? (Each correct answer presents part of the solution. (Choose two.)
You need to find out the effect of all GPOs on the user
Your company has a single Active Directory directory service domain that includes a main office and two branch offices. Each branch office has its own Active Directory site. All user accounts are placed into organizational units (OUs) based on department. Multiple Group Policy objects (GPOs) are linked at the domain, the site, and the OU levels. A user in Atlanta transfers to a different branch office and joins a different department. You move her user account into the corresponding OU. After logging on to her new client computer, the user notices that the desktop settings are different from the settings she had in her previous location. You need to find out the effect of all GPOs on the user. What should you do?
What else should you do?
You are a network administrator for your company. The company has one main office and 30 branch offices. The network consists of a single Active Directory domain.
All servers run Windows Server 2003. The company needs to connect the main office network and all branch office networks by using Routing and Remote Access servers at each office. The networks will be connected by VPN connections over the Internet. You install three Routing and Remote Access servers at the main office.
You are configuring security for the Routing and Remote Access servers. You need to provide centralized authentication for the branch office Routing and Remote Access servers.
You need to centrally configure the remote access policies for the main office Routing and Remote Access servers. You need to centrally maintain remote access authentication and connection logs for the main office Routing and Remote Access servers. You install Internet Authentication Service (IAS) on a server in the main office and register it in Active Directory.
What else should you do?
What are two possible commands that you can run to achieve this goal? (Each correct answer presents a complete
You have a single Active Directory directory service forest named contoso.com. You create baseline security settings for a group of computers, and you store the settings in a database. You deploy the baseline security settings. You need to confirm that the security settings on one of the computers are applied correctly. What are two possible commands that you can run to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal net
You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers, 300 Windows 2000 Professional computers, and 150 Windows XP Professional computers.
According to the network design specification, the Kerberos version 5 authentication protocol must be used for all client computers on the internal network.
You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network.
What should you do?