All the servers in your company run Windows Server 2003. You configure a server as a stand-alone certification authority (CA) that uses role separation.

Members of the local Administrators group are no longer able to perform role-based administration of the CA. You need to ensure that members of the local Administrators group can perform role-based administration of the CA.

What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

Your company has an Active Directory directory service domain. All servers run Windows Server 2003. The company has multiple branch offices. Each branch office has a single domain controller.

You cannot physically secure the branch office domain controllers. A legacy application requires the use of LAN Manager authentication. You need to protect the Active Directory database from cryptographic attack, while maintaining legacy application compatibility and allowing non-administrators to restart servers.

What should you do?

Your company has an Active Directory directory service domain. All servers run Windows Server 2003. You need to create Group Policy objects (GPOs) to apply security settings to existing servers that have specific roles installed.

What should you do?

All servers in your company run Windows Server 2003. You publish Web applications by using IIS 6.0. You plan to publish a new Web application.

The Web application connects to a Microsoft SQL Server 2005 database and accepts unfiltered SQL queries. You need to examine SQL queries for injection threats.

Which tool should you use?

Your company has a single Active Directory directory service domain. You are planning a security model for an application. You will use role-based security. You install a server that runs Windows Server 2003.

You promote the server to be the first domain controller for a new child domain. You need to configure Authorization Manager to use an Active Directory store type to support role- based security.

What should you do first?

Servers in your company run Windows Server 2003 SP1. You plan to create role-based security templates for new deployments of Windows Server 2003 SP2.

You need to compare the services that are configured on an existing server with a security template.

What should you use?

Your company has an Active Directory directory service domain. The network environment includes servers that run Windows Server 2003 and servers that run Windows 2000 Server.

You plan to create a custom security template that configures the NTLM protocol setting that is used by the domain controllers to the most secure setting possible.

You need to ensure that all servers continue to communicate with the domain controllers.

What should you do in the custom security template?

Your company has an Active Directory directory service domain. You have two stand-alone servers that run Windows Server 2003, Standard Edition. You plan to create a server cluster.

You need to create the server cluster with the stand-alone servers as cluster nodes.

Which two actions should you perform on the stand-alone servers? (Each correct answer presents part of the solution. Choose two.)

Your companys DNS server runs Windows Server 2003. Client computers on a network segment that is protected by an internal firewall cannot resolve any host names.

You need to ensure that DNS clients can resolve host names.

Which port should you open on the firewall?

Your company has a single Active Directory directory service domain. The forest functional level is set to Windows Server 2003. A domain controller named DC1 runs Active DirectoryCintegrated DNS.

You configure an external DNS server as a forwarder on DC1. You need to ensure that DC1 passes all DNS queries to the forwarder only.

What should you do on DC1?