Which protocol should you use?
All servers in your environment run Windows Server 2003. You plan to require the use of a smart card for remote access. You need to choose an authentication protocol. Which protocol should you use?
What should you do?
You are a network administrator for your company. The network contains a perimeter network. The perimeter network contains four Windows Server 2003, Web Edition computers that are configured as a Network Load Balancing cluster. The cluster hosts an e-commerce Web site that must be available 24 hours per day. The cluster is located in a physically secure data center and uses an Internet-addressable virtual IP address. All servers in the cluster are configured with the Hisecws.inf template.
You need to implement protective measures against the cluster’s most significant security vulnerability.
What should you do?
What should you do?
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. The domain contains a Windows Server 2003 computer named Server1.
You are planning a public key infrastructure (PKI) for the company. You want to deploy an enterprise certification authority (CA) on Server1. You create a new global security group named Cert Approvers. You install an enterprise CA and configure the CA to issue Key Recovery Agent certificates.
The company’s written security policy states that issuance of a Key Recovery Agent certificate requires approval from a member of the Cert Approvers group. All other certificates must be issued automatically.
You need to ensure that members of the Cert Approvers group can approve pending enrollment requests for a Key Recovery Agent certificate.
What should you do?
What should you do?
You are the network administrator for your company. The network consists of a single Active Directory domain. The company has an internal network and a perimeter network. The internal network is protected by a firewall. Application servers on the perimeter network are accessible from the Internet. You are deploying 10 Windows Server 2003 computers in application server roles.
The servers will be located in the perimeter network and will not be members of the domain. The servers will host only publicly available Web pages. The network design requires that custom security settings must be applied to the application servers. These custom security settings must be automatically refreshed every day to ensure compliance with the design. You create a custom security template named Baseline1.inf for the application servers.
You need to comply with the design requirements.
What should you do?
What should you do?
You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains two Windows Server 2003 domain controllers, two Windows 2000 Server domain controllers, and two Windows NT Server 4.0 domain controllers. All file servers for the finance department are located in an organizational unit (OU) named Finance Servers. All file servers for the payroll department are located in an OU named Payroll Servers. The Payroll Servers OU is a child OU of the Finance Servers OU.
The company’s written security policy for the finance department states that departmental servers must have security settings that are enhanced from the default settings. The written security policy for the payroll department states that departmental servers must have enhanced security settings from the default settings, and auditing must be enabled for file or folder deletion.
You need to plan the security policy settings for the finance and payroll departments.
What should you do?
What should you use?
All servers in your environment run Windows Server 2003. You need to view real-time memory utilization information about multiple remote servers at the same time. What should you use?
Which backup strategy should you choose?
All servers in your environment run Windows Server 2003. The servers store thousands of files and hundreds of gigabytes of data. You need to choose a strategy that allows you to back up all server data, including open files, with the least amount of downtime.
Which backup strategy should you choose?
What should you do?
You are a network administrator for your company. You install Windows Server 2003 on two servers. You configure the servers as a two-node server cluster. You install WINS on each node of the cluster. You create a new virtual server to support WINS. You create a new cluster group named WINSgroup. When you attempt to create the Network Name resource, you receive an error message.
You need to make the proper changes to the cluster to complete the installation of WINS.
What should you do?
What should you do?
You are a network administrator for your company. The company has a main office and two branch offices. The branch offices are connected to the main office by T1 lines. The network consists of three Active Directory sites, one for each office. All client computers run either Windows 2000 Professional or Windows XP Professional. Each office has a small data center that contains domain controllers, WINS, DNS, and DHCP servers, all running Windows Server 2003. Users in all offices connect to a file server in the main office to retrieve critical files.
The network team reports that the WAN connections are severely congested during peak business hours. Users report poor file server performance during peak business hours. The design team is concerned that the file server is a single point of failure. The design team requests a plan to alleviate the WAN congestion during business hours and to provide high availability for the file server.
You need to provide a solution that improves file server performance during peak hours and that provides high availability for file services. You need to minimize bandwidth utilization.
What should you do?
What should you do?
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. You administer a three-node Network Load Balancing cluster. Each cluster node runs Windows Server 2003 and has a single network adapter. The cluster has converged successfully.
You notice that the nodes in the cluster run at almost full capacity most of the time. You want to add a fourth node to the cluster. You enable and configure Network Load Balancing on the fourth node. However, the cluster does not converge to a four-node cluster. In the System log on the existing three nodes, you find the exact same TCP/IP error event. The event has the following description. "The system detected an address conflict for IP address 10.50.8.70 with the system having network hardware address 02.BF.0A.32.08.46." In the System log on the new fourth node, you find a similar TCP/error event with the following description. "The system detected an address conflict for IP address 10.50.8.70 with the system having network hardware address 03.BF.0A.32.08.46." Only the hardware address is different in the two descriptions. You verify that IP address 10.50.8.70 is configured as the cluster IP address on all four nodes.
You want to configure a four-node Network Load Balancing cluster.
What should you do?