You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers, 300 Windows 2000 Professional computers, and 150 Windows XP Professional computers. According to the network design specification, the Kerberos version 5 authentication protocol must be used for all client computers on the internal network.
You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network.
What should you do?

All servers in your company run Windows Server 2003. You need to choose the minimum edition of Windows Server 2003 that you can use to create an eight-node Network Load Balancing (NLB) cluster.
Which edition should you choose?

Your company has a single Active Directory directory service domain with an Enterprise root certification authority (CA). All servers run Windows Server 2003. All portable client computers run Windows XP SP3 and connect to the network through wireless access points. The wireless network uses 802.1x authentication. You are designing a security plan for the wireless network.
You need to ensure that portable client computers can connect to the wireless network. You issue and install computer certificates on each portable client computer.
What should you do next?

You are the systems engineer for your company. The company has a main office in Los Angeles and two branch offices, one in Chicago and one in New York. The offices are connected to one another by dedicated T1 lines. Each office has its own local IT department and administrative staff. The company network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. All servers support firmware-based console redirection by means of the serial port. The server hardware does not support any other method of console redirection and cannot be upgraded to do so. The company is currently being reorganized.
The IT departments from each branch office are being relocated to a new central data center in the Los Angeles office. Several servers from each branch office are also being relocated to the Los Angeles data center. Each branch office will retain 10 servers. A new written security policy includes the following requirements. All servers must be remotely administered for all administrative tasks. All servers must be administered from the Los Angeles office. All remote administration connections must be authenticated and encrypted.Your current network configuration already adheres to the new written security policy for day-to-day server administration tasks performed on the servers.
You need to plan a configuration for out-of-band management tasks for each office that meets the new security requirements.
Which three actions should you take? (Each correct answer presents part of the solution. Choose three.)

You are a network administrator for your company. The network consists of a single Active Directory domain. The domain contains a Windows Server 2003 two-node server cluster. The security team states that the password for the cluster service account must be changed because one of the administrators has left the company. You fill out the necessary change control paperwork.
You need to provide the process for changing the password in the change control form. You need to change the password for the cluster service account by using the minimum amount of administrative effort.
What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains Windows Server 2003 file servers. The network also contains a Windows Server 2003 computer named Server1 that runs Routing and Remote Access and Internet Authentication Service (IAS). Server1 provides VPN access to the network for users’ home computers.
You suspect that an external unauthorized user is attempting to access the network through Server1. You want to log the details of access attempts by VPN users when they attempt to access the network. You want to compare the IP addresses of users’ home computers with the IP addresses used in the access attempts to verify that the users are authorized. You need to configure Server1 to log the details of access attempts by VPN users.
What should you do?

All servers in your environment run Windows Server 2003. You are planning a backup and recovery strategy. You need to ensure that you can back up all data including open files. What should you use?

Your company has an Active Directory directory service domain. You have a four-node failover cluster that is a member of the domain. The quorum log is corrupted. You do not have a backup of the quorum log file. You need to recover from the corrupted quorum log. What should you do first?

Your company has an Active Directory directory service domain. All servers run Windows Server 2003. You have an Enterprise root certification authority (CA). Several critical certificates are compromised. You revoke the compromised certificates. You need to ensure that as soon as possible, client computers do not trust the revoked certificates. What should you do?

Your company has an Active Directory directory service domain. All servers run Windows Server 2003. You are designing a security plan to reduce the risk in the event of a brute force password attack.
You need to modify Group Policy settings to record unauthorized access attempts. Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)