Which two actions should you take?
You are the network administrator for your company. The network contains Windows Server 2003 computers and Windows XP Professional computers. The company deploys two DNS servers. Both DNS servers run Windows Server 2003. One DNS server is inside of the corporate firewall, and the other DNS server is outside of the firewall. The external DNS server provides name resolution for the external Internet name of the company on the Internet, and it is configured with root hints. The internal DNS server hosts the DNS zones related to the internal network configuration, and it is not configured with root hints.You want to limit the exposure of the client computers to DNS-related attacks from the Internet, without limiting their access to Internet-based sites.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
Which two actions should you take?
You are a network administrator for Alpine Ski House. The internal network has an Active Directory-integrated zone for the alpineskihouse.org domain. Computers on the internal network use the Active Directory-integrated DNS service for all host name resolution. The Alpine Ski House Web site and DNS server are hosted at a local ISP. The public Web site for Alpine Ski House is accessed at www.alpineskihouse.com. The DNS server at the ISP hosts the alpineskihouse.com domain. To improve support for the Web site, your company wants to move the Web site and DNS service from the ISP to the company’s perimeter network. The DNS server on the perimeter network must contain only the host (A) resource records for computers on the perimeter network. You install a Windows Server 2003 computer on the perimeter network to host the DNS service for the alpineskihouse.com domain.
You need to ensure that the computers on the internal network can properly resolve host names for all internal resources, all perimeter resources, and all Internet resources.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
What should you do?
All servers in your company run Windows Server 2003. All client computers use dynamically assigned IP addresses and DNS for name resolution. A few client computers also use WINS for name resolution. Client computers have difficulty resolving some server names by using a DNS server. You need to ensure that client computers can always resolve server names by using a DNS server. What should you do?
What should you back up?
Your company has an Active Directory directory service domain with three domain controllers that run Windows Server 2003. You plan to apply a security template to the domain controllers. You need to ensure that you can roll back the security settings of the domain controllers after you apply the security template. What should you back up?
Which predefined security template should you use?
Your company has an Active Directory directory service domain. All servers run Windows Server 2003. Your security baseline requires you to control local group membership on all member servers. You need to automatically remove users from the Power Users group on member servers. You must ensure that only the Domain Admins security group and the local Administrator account are members of the local Administrators group. Which predefined security template should you use?
What should you do?
You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 10 domain controllers and 50 servers in application server roles. All servers run Windows Server 2003. The application servers are configured with custom security settings that are specific to their roles as application servers. Application servers are required to audit account logon events, object access events, and system events. Application servers are required to have passwords that meet complexity requirements, to enforce password history, and to enforce password aging. Application servers must also be protected against man-in-the-middle attacks during authentication.
You need to deploy and refresh the custom security settings on a routine basis. You also need to be able to verify the custom security settings during audits. What should you do?
What should you do?
Your company has an Active Directory directory service domain. All servers run Windows Server 2003. Your network consists of an internal network and a perimeter network (also known as DMZ). A stand-alone Web server is located in the perimeter network. All other servers are located on the internal network and are members of the domain. No certification authority (CA) is available. An Active DirectoryCbased IPSec policy blocks all incoming traffic on the internal network. You need to ensure that the Web server can communicate with a database server on the internal network. What should you do?
Which two actions should you perform?
All servers in your company run Windows Server 2003. You have a secure network segment protected by a firewall. You configure a DHCP scope for the secure network segment on a DHCP server that is located outside the secure network segment. Client computers inside the secure network segment do not receive IP addressing information. You need to ensure that client computers inside the secure network segment receive IP addressing information.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
What should you do?
You are the systems engineer for Contoso, Ltd. The internal network consists of a Windows NT 4.0 domain. The company maintains a separate network that contains publicly accessible Web and mail servers. These Web and mail servers are members of a DNS domain named contoso.com. The contoso.com zone is hosted by a UNIX-based DNS server running BIND 4.8.1. Contoso, Ltd., is planning to migrate to a Windows Server 2003 Active Directory domain-based network. The migration plan states that all client computers will be upgraded to Windows XP Professional and that all servers will be replaced with new computers running Windows Server 2003. The migration plan specifies the following requirements for DNS in the new environment. Active Directory data must not be accessible from the Internet. The DNS namespace must be contiguous to minimize confusion for users and administrators.
Users must be able to connect to resources in the contoso.com domain. Users must be able to connect to resources located on the Internet. The existing UNIX-based DNS server will continue to host the contoso.com domain. The existing UNIX-based DNS server cannot be upgraded or replaced.You plan to install a Windows Server 2003 DNS server on the internal network.
You need to configure this Windows-based DNS server to meet the requirements specified in the migration plan. What should you do?
Which tool should you use?
Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You need to verify the DNS infrastructure and automatically generate an HTML report of the results. Which tool should you use?