Your network contains two forests named adatum.com and litwareinc.com. The functional level of all the
domains is Windows Server 2003. The functional level of both forests is Windows 2000.
You need to create a forest trust between adatum.com and litwareinc.com.
What should you do first?

Your network contains an Active Directory forest named adatum.com.
All client computers used by the marketing department are in an organizational unit (OU) named Marketing
Computers. All user accounts for the marketing department are in an OU named Marketing Users.
You purchase a new application.
You need to ensure that every user in the domain who logs on to a marketing department computer can use the
application. The application must only be availablefrom the marketing department computers.
What should you do?

Your network contains an Active Directory forest named adatum.com.
You need to create an Active Directory Rights Management Services (AD RMS) licensing-only cluster.
What should you install before you create the AD RMS root cluster?

Your network contains an Active Directory domain named contoso.com. The contoso.com domain contains a
domain controller named DC1.
You create an Active Directory-integrated GlobalNames zone. You add an alias (CNAME) resource record
named Server1 to the zone. The target host of the record is server2.contoso.com.
When you ping Server1, you discover that the name fails to resolve. You are able to successfully ping server2.
contoso.com.
You need to ensure that you can resolve names by using the GlobalNames zone.
Which command should you run?

Your network contains an Active Directory domain named contoso.com.
The network has a branch office site that contains a read-only domain controller (RODC) named RODC1.
RODC1 runs Windows Server 2008 R2.
A user logs on to a computer in the branch office site.
You discover that the user’s password is not storedon RODC1.
You need to ensure that the user’s password is stored on RODC1 when he logs on to a branch office site
computer.
What should you do?

You deploy an Active Directory Federation Services (AD FS) Federation Service Proxy on a server named
Server1.
You need to configure the Windows Firewall on Server1 to allow external users to authenticate by usingAD FS.
Which protocol should you allow on Server1?

Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member
server that runs Windows Server 2008 R2 Standard.
You need to create an enterprise subordinate certification authority (CA) that can issue certificates based on
version 3 certificate templates.
You must achieve this goal by using the minimum amount of administrative effort.
What should you do first?

Your network contains a server named Server1. The Active Directory Rights Management Services (AD RMS)
server role is installed on Server1.
An administrator changes the password of the user account that is used by AD RMS. You need to update AD
RMS to use the new password.
Which console should you use?

Your company, Contoso, Ltd., has a main office and a branch office. The offices are connected by a WANlink.
Contoso has an Active Directory forest that contains a single domain named ad.contoso.com.
The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office.DC1
is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard
primary zone.
You install a new domain controller named DC2 in the branch office. You install DNS on DC2.
You need to ensure that the DNS service can update records and resolve DNS queries in the event that aWAN
link fails.
What should you do?

Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise.
You enable key archival on the CA. The CA is configured to use custom certificate templates for Encrypted File
System (EFS) certificates.
You need to archive the private key for all new EFScertificates.
Which snap-in should you use?