Your company has two Active Directory forests as shown in the following table:

Forest name
Forest functional level
Domain(s)
contoso.com
Windows Server 2008
contoso.com
fabrikam.com
Windows Server 2008
fabrikam.com eng.fabrikam.com

The forests are connected by using a two-way forest trust. Each trust direction is configured with forest-wide authentication. The new security policy of the company prohibits users from the eng.fabrikam.com domain to access resources in the contoso.com domain.

You need to configure the forest trust to meet the new security policy requirement.

What should you do?

Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA).

The relevant servers in the domain are configured as shown in the following table:

Server name
Operating system
Server role
Server1
Windows Server 2003
Enterprise root CA
Server2
Windows Server 2008
Enterprise subordinate CA
Server3
Windows Server 2008 R2
Web Server

You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network.

What should you do?

Your network contains an Active Directory domain. The relevant servers in the domain are configured as shown in the following table:

Server name
Operating System
Server role
Server1
Windows 2008
Domain controller
Server2
Windows 2008 R2
Enterprise root certification authority (CA)
Server3
Windows 2008 R2
Network Device Enrollment Service (NDES)

You need to ensure that all device certificate requests use the MD5 hash algorithm.

What should you do?

You perform a security audit of a server named CRM1. You want to build a list of all DNS requests that are initiated by the server. You install the Microsoft Network Monitor 3.0 application on CRM1. You capture all local traffic on CRM1 for 24 hours. You save the capture file as data.cap. You find that the size of the file is more than 1 GB.

You need to create a file named DNSdata.cap from the existing capture file that contains only DNSrelated data.

What should you do?

Your company has a single Active Directory forest that has a domain in North America named na.contoso.com and a domain in South America named sa.contoso.com. The client computers run Windows 7.

You need to configure the client computers in the North America office to improve the name resolution response time for resources in the South America office.

What should you do?

Your company has an Active Directory domain named ad.contoso.com. All client computers run Windows 7. The company has recently acquired a company that has an Active Directory domain named ad.fabrikam.com. A two-way forest trust is established between the ad.fabrikam.com domain and the ad.contoso.com domain.

You need to edit the ad.contoso.com domain Group Policy object (GPO) to enable users in the ad.contoso.com domain to access resources in the ad.fabrikam.com domain.

What should you do?

Your company has a single Active Directory domain. The company has a main office and three branch offices. The domain controller in the main office runs Windows Server 2008 R2 and provides DNS for the main office and all of the branch offices. Each branch office contains a file server that runs Windows Server 2008 R2. Users in the branch offices report that it takes a long time to access network resources. You confirm that there are no problems with WAN connectivity or bandwidth.

You need to ensure that users in the branch offices are able to access network resources as quickly as possible.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

Your company has a single Active Directory domain. The company has a main office and a branch office. Both the offices have domain controllers that run Active Directory-integrated DNS zones. All client computers are configured to use the local domain controllers for DNS resolution. The domain controllers at the branch office location are configured as Read-Only Domain Controllers (RODC).

You change the IP address of an existing server named SRV2 in the main office. You need the branch office DNS servers to reflect the change immediately.

What should you do?

Your company has a main office and a branch office. The main office has a domain controller named DC1 that hosts a DNS primary zone. The branch office has a DNS server named SRV1 that hosts a DNS secondary zone. All client computers are configured to use their local server for DNS resolution. You change the IP address of an existing server named SRV2 in the main office.

You need to ensure that SRV1 reflects the change immediately.

What should you do?

Your company has a main office and two branch offices. Domain controllers in the main office host an Active Directory-integrated zone. The DNS servers in the branch offices host a secondary zone for the domain and use the main office DNS servers as their DNS Master servers for the zone. The company adds a new branch office. You add a member server named Branch3 and install the DNS Server server role on the server. You configure a secondary zone for the domain. The zone transfer fails.

You need to configure DNS to provide zone data to the DNS server in the new branch office.

What should you do?