You work as an IT professional in an international company which is named Contoso. Your major job is to translate business goals into technology decisions and plan mid-range to long-term strategies. And you are experienced in network infrastructure, security policy and business continuity. In your company, you are responsible for infrastructure design and global configuration changes.
Your company has one head office named H1 and one branch office named B1. A single wide area network (WAN) link connects the offices.
One Active Directory domain is contained in the network. Servers that run Windows Server 2008 are contained in this domain.
The table below shows the configuration of the relevant servers:
Server name
Installed services
Location
Server1
Active Directory Domain Services (AD DS)
File Services
Distributed File System (DFS)
H1
Server2
Active Directory Domain Services (AD DS)
File Services
Distributed File System (DFS)
B1
An organizational unit (OU) named Main1-computers is created by you. This OU contains all computer accounts in Main1.
An OU named Branch1-computers is created by you. This OU contains all computer accounts in B1.
A Group Policy object (GPO) named GPO1 is linked to the domain.
You plan to use GPO1 to install applications on computers in both offices.
The D:Software folder on Server1 is shared as Server1Software.
The D:Software folder on Server2 is shared as Server2Software.
DFS Replication is configured to replicate the contents of Server1Software to Server2Software.
Now you receive an order from the company CIO.
Since you are the technical support, you are asked to prepare the environment to enable computers in both offices to allow the installation of applications if a WAN link fails.
What action should you perform?

Your network consists of one Active Directory forest that contains two domains named domain1 and domain2.
The functional level of the forest is Windows Server 2003.
All domain controllers run Windows Server 2003.
The relevant portion of the network is configured as shown in the exhibit.
All domain controllers for domain1 are in the hub sites.
All domain controllers for domain2 are in the spoke sites.
The Bridge all site links option is disabled.
You plan to deploy a read-only domain controller (RODC) in SiteH for domain2.
You need to prepare the environment for the installation of the RODC.
What should you do?
Exhibit:

Your network consists of one Active Directory domain that contains two servers named Server1 and Server2 that run Windows Server 2008.
Server1 runs Active Directory Certificate Services (AD CS) and is configured as an enterprise root certification authority (CA).
Server1 is only accessible from the internal network.
Server1 issues certificates to both internal and external client computers that run Windows Vista.
Server2 is configured as a Web server. Server2 is located in the perimeter network and is only accessible through HTTP.
The network is configured as shown in the following diagram:
You need to recommend an e-mail security solution for all Windows Vista client computers that meets the following requirements:
– Users must only request status information for individual certificates.
– Users must be notified when they attempt to send a secure e-mail message to a user that has an expired certificate.
What should you recommend?

Your network consists of one Active Directory domain that contains two servers that run Windows Server 2008 named Server1 and Server2.
Server1 runs Active Directory Certificate Services (AD CS) and is configured as a certification authority (CA).
Server2 runs Internet Information Services (IIS) and hosts a secure Web service.
External users must subscribe in order to access the Web service.
The Web service accepts subscriptions only from client computers that run Windows XP Service Pack 2 or Windows Vista.
The relevant portion of the network is configured as shown in the following diagram:
You need to ensure that subscribers can successfully connect to the Web service on Server2 through HTTPS.
Users must not receive any certificate-related errors.
What should you do on Server2?

You network contains one Active Directory domain.
All domain controllers run Windows Server 2008.
The network has 100 servers and 5,000 client computers. Client computers run either Windows XP Service Pack 2 (SP2) or Windows Vista Service Pack 1 (SP1).
You need to plan the deployment of Certificate Services on the network to support the following requirements:
– Automatic certificate enrollment
– Supported certificates for all client computers
What should you include in your plan?

Your network consists of one Active Directory domain and one IP subnet. All servers run Windows Server 2008. All client computers run Windows Vista.
The servers are configured as shown in the following table:
All network switches used for client connections are unmanaged. Some users connect to the local area network (LAN) from client computers that are joined to a workgroup. Some client computers do not have the latest Microsoft updates installed.
You need to recommend a Network Access Protection (NAP) solution to protect the network.
The solution must meet the following requirements:
– Only computers that are joined to the domain must be able to connect to servers in the domain.
– Only computers that have the latest Microsoft updates installed must be able to connect to servers in the domain.
exhibit Which NAP enforcement method should you use?

Your company has two main offices in Denver and Chicago and four branch offices in New York, Miami, Seattle, and San Francisco.
Each office is configured as an Active Directory site. Site links are configured as shown in the exhibit.
The network consists of one Active Directory forest.
All domain controllers run Windows Server 2003.
Each main office has four domain controllers. Each branch office has one domain controller. The Bridge all site links option is disabled.
You need to prepare the environment to install a read-only domain controller (RODC) in each branch office. The solution must be achieved by upgrading the minimum number of domain controllers.
What should you do?
Exhibit:

Your network consists of two Active Directory forests. The Active Directory forests are configured as shown in the following table:
The servers in both forests run Windows Server 2008.
A forest trust exists between the fabrikam.com forest and the contoso.com forest.
Fabrikam.com has a server named server1.fabrikam.com.
Contoso.com has a global group named ContosoSales.
Users in the ContosoSales global group access an application on server1.fabrikam.com.
You discover that users from other groups in the contoso.com domain can log on to servers in the fabrikam.com domain.
You need to implement an authentication solution to meet the following requirements:
– Users in the ContosoSales global group must be able to access server1.fabrikam.com.
– Users in the ContosoSales global group must be denied access to all other servers in the fabrikam.com forest.
– All other users in the contoso.com domain must be able to access only resources in the contoso.com forest.
exhibit What should you do?

Your network consists of two Active Directory forests.
The Active Directory forests are configured as shown in the following table:
You need to prepare the environment to allow users to access resources in all domains from both forests. The solution must require the minimum amount of administrative effort.
exhibit What should you do first?

Your network consists of one Active directory domain.
The functional level of the domain is Windows Server 2008.
The organizational units (OUs) are configured as shown in the exhibit.
The Human Resources OU does not contain user accounts. Help desk technicians respond to all user service requests.
You need to plan the management of all users on the network.
The solution must meet the following requirements:
– Help desk technicians must have only the minimum number of required rights in the domain.
– Help desk technicians must be able to reset all user passwords except IT administrator passwords and manager passwords.
What should you include in your plan?
Exhibit: