Your network contains an Active Directory domain. The domain contains two sites named

Site1 and Site2. Site1 contains four domain controllers. Site2 contains a read-only domain
controller (RODC). You add a user named User1 to the Allowed RODC Password
Replication Group. The WAN link between Site1 and Site2 fails. User1 restarts his computer
and reports that he is unable to log on to the domain. The WAN link is restored and User1
reports that he is able to log on to the domain. You need to prevent the problem from
reoccurring if the WAN link fails. What should you do?

Your company has a main office and 40 branch offices. Each branch office is configured as
a separate Active Directory site that has a dedicated read-only domain controller (RODC).
An RODC server is stolen from one of the branch offices. You need to identify the user
accounts that were cached on the stolen RODC server. Which utility should you use?

Your network contains a single Active Directory domain. The domain contains five read-only
domain controllers (RODCs) and five writable domain controllers. All servers run Windows
Server 2008. You plan to install a new RODC that runs Windows Server 2008 R2. You need
to ensure that you can add the new RODC to the domain. You want to achieve this goal by
using the minimum amount of administrative effort. Which two actions should you perform?
(Each correct answer presents part of the solution. Choose two.)

Your company has a server that runs an instance of Active Directory Lightweight Directory
Services (AD LDS). You need to create new organizational units in the AD LDS application
directory partition. What should you do?

Your network contains a single Active Directory domain. Active Directory Rights
Management Services (AD RMS) is deployed on the network. A user named User1 is a
member of only the AD RMS Enterprise Administrators group. You need to ensure that
User1 can change the service connection point (SCP) for the AD RMS installation. The
solution must minimize the administrative rights of User1. To which group should you add
User1?

Your network contains two Active Directory forests named contoso.com and adatum.com.
Active Directory Rights Management Services (AD RMS) is deployed in contoso.com. An
AD RMS trusted user domain (TUD) exists between contoso.com and adatum.com. From
the AD RMS logs, you discover that some clients that have IP addresses in the adatum.com
forest are authenticating as users from contoso.com. You need to prevent users from
impersonating contoso.com users. What should you do?

Your company has an Active Directory Rights Management Services (AD RMS) server.
Users have Windows Vista computers. An Active Directory domain is configured at the
Windows Server 2003 functional level. You need to configure AD RMS so that users are
able to protect their documents. What should you do?

Your network contains a server named Server1 that runs Windows Server 2008 R2. You
plan to deploy DirectAccess on Server1. You need to configure Windows Firewall on

Server1 to support DirectAccess connections. What should you allow from Windows
Firewall on Server1?

Your network contains a server named Server1.contoso.com. Server1 is located on the
internal network. You have a client computer named Computer1 that runs Windows 7.

Computer1 is located on a public network that is connected to the Internet. Computer1 is
enabled for DirectAccess. You need to verify whether Computer1 can resolve Server1 by
using DirectAccess. Which command should you run on Computer1?

Your network contains a server named Server1 that runs Windows Server 2008 R2. You
have a user named User1. You need to ensure that User1 can schedule Data Collector Sets
(DCSs) on Server1. The solution must minimize the number of rights assigned to User1.
What should you do?