Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You are designing a public key infrastructure (PKI) that uses Certificate Services. You have the following requirements. The root certification authority (CA) must be offline unless maintenance is required. You must use certificate templates. You need to specify the CA types to use in your PKI.

Which two types should you specify? (Each correct answer presents part of the solution. Choose two.)

Your company has an Active Directory directory service domain. A server that runs Windows Server 2003 as an Enterprise certification authority (CA) has role separation enabled. You create a new Active Directory security group named CA Database Admins, and you assign the CA Administrator role to the security group. You disable role separation on the Enterprise CA. Members of the CA Database Admins security group are unable to delete more than one row at a time from the CA database.

You need to ensure that members of the CA Database Admins security group can delete multiple rows at a time from the CA database.

Which two actions should you perform? (Each correct answer presents part of the solution. (Choose two.)

All servers in your company run Windows Server 2003. You are planning the installation of a database server. The server requires 64 GB of RAM. You need to choose the minimum edition of Windows Server 2003 that you can use for this installation. Which edition should you choose?

Your company has multiple Active Directory directory service domains. All servers in your environment run Windows Server 2003. You need to apply a predefined security template to the domain controllers to ensure that network communications cannot be intercepted and decoded.

Which predefined template should you use?

Your company has an Active Directory directory service domain. All servers run Windows Server 2003 SP2. You need to create and test security policies based on multiple server roles. Which tool should you use?

Your company has a single Active Directory directory service domain. You create a Group Policy object (GPO) named Baseline and link it to an organizational unit (OU) named Member Computers. You need to ensure that any computer that is added to the domain by any user receives settings specified by the Baseline GPO.

What should you?

Your company has an Active Directory directory service domain. File servers run Windows Server 2003 and are joined to the domain. Client computers run Windows XP Professional. You need to encrypt data communications between file servers and client computers by using IPSec.

Which IPSec transport mode and IPSec authentication method should you use?

Your company has a single Active Directory domain. All servers in your environment run Windows Server 2003. You plan to remove all Terminal Services access for the domain controllers. You need to ensure that administrators can access domain controller console sessions locally and not remotely.

What should you do?

Your company has a single Active Directory directory service domain. Member servers run Windows Server 2003. You need to ensure that server message block (SMB)signing is enabled for incoming SMB sessions.

Which Group Policy setting should you enable?

Your company has an Active Directory directory service domain. All servers in your environment run Windows Server 2003 and are members of the domain. You apply an IPSec policy to a Group Policy container that contains all servers. One server does not appear to have the policy applied. You need to identify which IPSec policies are being applied to the server.

Which tool should you use?