Your network contains two Active Directory forests named contoso.com and nwtraders.com. The functional level of both forests is Windows Server 2003. Contoso.com contains one domain. Nwtraders.com contains two domains. You need to ensure that users in contoso.com can access the resources in all domains. The solution must require the minimum number of trusts.

Which type of trust should you create?

Your company has a single Active Directory forest with a single domain. Consultants in different departments of the company require access to different network resources. The consultants belong to a global group named TempWorkers. Three file servers are placed in a new organizational unit named SecureServers. The file servers contain confidential data in shared folders. You need to prevent the consultants from accessing the confidential data.

What should you do?

Your network contains an Active Directory domain. All DNS servers are domain controllers. You view the properties of the DNS zone as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that only domain members can register DNS records in the zone. What should you do first?

Your network contains an Active Directory domain. The domain contains an enterprise certification authority (CA).

You need to ensure that only members of a group named Admin1 can create certificate templates.

Which tool should you use to assign permissions to Admin1?

Your network contains an Active Directory domain named contoso.com.

Contoso.com contains a server named Server2. You open the System properties on Server2 as shown in the exhibit. (Click the Exhibit button.)

When you attempt to configure Server2 as an enterprise subordinate certification authority (CA),

you discover that the enterprise subordinate CA option is unavailable.

You need to configure Server2 as an enterprise subordinate CA.

What should you do first?

Your network contains an Active Directory domain named contoso.com.

Contoso.com contains two sites named Site1 and Site2. Site1 contains a domain controller named DC1.

In Site1, you install a new domain controller named DC2. You ship DC2 to Site2.

You discover that certain users in Site2 authenticate to DC1.

You need to ensure that the users in Site2 always attempt to authenticate to DC2 first.

What should you do?

Your network contains an Active Directory domain. The domain contains 3,000 client computers.
All of the client computers run Windows 7.

Users log on to their client computers by using standard user accounts.

You plan to deploy a new application named App1.

The vendor of App1 provides a Setup.exe file to install App1. Setup.exe requires administrative rights to run.

You need to deploy App1 to all client computers. The solution must meet the following requirements:

– App1 must automatically detect and replace corrupt application files.
– App1 must be available from the Start menu on each client computer.

What should you do first?

Your network contains an Active Directory domain named contoso.com.

Contoso.com contains a domain controller named DC1 and a read-only domain controller (RODC) named RODC1.

You need to view the most recent user accounts authenticated by RODC1.

What should you do first?

Your network contains an Active Directory domain. The domain contains 10 domain controllers that run Windows Server 2008 R2.

You need to monitor the following information on the domain controllers during the next five days:

* Memory usage
* Processor usage
* The number of LDAP queries

What should you do?

Your network contains a domain controller that runs Windows Server 2008 R2.

You run the following command on the domain controller:

dsamain.exe C dbpath c:\$SNAP_201006170326_VOLUMEC$\Windows\NTDS\ntds.dit C ldapport 389 – allowNonAdminAccess

The command fails. You need to ensure that the command completes successfully.

How should you modify the command?