Your company has a single Active Directory directory service domain. You create a Group Policy object (GPO) named Baseline and link it to an organizational unit (OU) named Member Computers. You need to ensure that any computer that is added to the domain by any user receives settings specified by the Baseline GPO.
What should you?

Your company has an Active Directory directory service domain. File servers run Windows Server 2003 and are joined to the domain. Client computers run Windows XP Professional. You need to encrypt data communications between file servers and client computers by using IPSec.
Which IPSec transport mode and IPSec authentication method should you use?

Your company has a single Active Directory domain. All servers in your environment run Windows Server 2003. You plan to remove all Terminal Services access for the domain controllers. You need to ensure that administrators can access domain controller console sessions locally and not remotely.
What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain.You are planning a public key infrastructure (PKI) for the company.
You want to ensure that users who log on to the domain receive a certificate that can be used to authenticate to Web sites.You create a new certificate template named User Authentication. You configure a Group Policy object (GPO) that applies to all users. The GPO specifies that user certificates must be enrolled when the policy is applied.
You install an enterprise certification authority (CA) on a computer that runs Windows Server 2003. Users report that when they log on, they do not have certificates to authenticate to Web sites that require certificate authentication.
You want to ensure that users receive certificates that can be used to authenticate to Web sites.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)

Your company has an Active Directory directory service domain. All servers in your environment run Windows Server 2003 and are members of the domain. You apply an IPSec policy to a Group Policy container that contains all servers. One server does not appear to have the policy applied. You need to identify which IPSec policies are being applied to the server.
Which tool should you use?

Your company has an Active Directory directory service domain. All servers run Windows Server 2003. All domain controllers are configured to audit specific events. You are developing a security monitoring plan for the domain controllers.
You must back up the following information. Local logon attemptsDomain logon attemptsSecurity update installation attempts You need to specify the appropriate log files to back up.
Which files should you specify?

Your company has 250 client computers connected to the office LAN. The company has a pool of five public IP addresses. All client computers have dynamically assigned IP addresses. You need to provide all client computers with Internet access.
What should you use?

All servers in your environment run Windows Server 2003. Your companys network includes multiple network segments and multiple routers. A member server that has the Routing and Remote Access service (RRAS) installed provides Internet connectivity for all client computers. The RRAS server is located in a perimeter network (also known as DMZ). A client computer named Client1 is unable to connect to the Internet. The RRAS server is able to connect to the Internet.
You need to pinpoint the location of the network issue.
What should you do?

All servers and client computers in your company are configured to use WINS for name resolution. The internal network is separated from a perimeter network (also known as DMZ) by a third-party firewall. Firewall rules do not allow name resolution between the internal network and the perimeter network.
You move a Windows Server 2003 server named Server1 to the perimeter network. You need to ensure that all computers on the internal network can connect to Server1 by name.
What should you do?