You are the network administrator for your company. The network consists of a single Active Directory domain. The company has remote users in the sales department who work from home. The remote users’ client computers run Windows XP Professional, and they are not members of the domain. The remote users’ client computers have local Internet access through an ISP. The company is deploying a Windows Server 2003 computer named Server1 that has Routing and Remote Access installed. Server1 will function as a VPN server, and the remote users will use it to connect to the company network.
Confidential research data will be transmitted from the remote users’ client computers. Security is critical to the company and Server1 must protect the remote users’ data transmissions to the main office. The remote client computers will use L2TP/IPSec to connect to the VPN server. You need to choose a secure authentication method.
What should you do?

Your company has an Active Directory directory service domain. All client computers run Windows XP Professional. You are upgrading your servers from Windows 2000 Server to Windows Server 2003. You need to ensure that all network traffic between all computers uses server message block (SMB) signing, while maintaining client computer connectivity.
Which two Security Options policy settings should you enable? (Each correct answer presents part of the solution. Choose two.)

You are the network administrator for your company. The network consists of a single Active Directory domain. The company has a main office in San Francisco and branch offices in Paris and Bogota. Each branch office contains a Windows Server 2003 domain controller. All client computers run Windows XP Professional. Users in the Bogota office report intermittent problems authenticating to the domain.
You suspect that a specific client computer is causing the problem. You need to capture the authentication event details on the domain controller in the Bogota office so that you can find out the IP address of the client computer that is the source of the problem. What should you do?

Your company has an Active Directory directory service domain with a single site. All servers run Windows Server 2003. All Web servers run IIS 6.0. Web servers on the internal network are member servers. Web servers in the perimeter network (also known as DMZ) are stand-alone servers. All Web servers on the internal network are located in a single organizational unit (OU). You create a security template for Web servers. You need to apply the security template to all Web servers in the perimeter network.
What should you do?

All servers in your environment run Windows Server 2003. Your network is divided into several IP subnets that are connected by dedicated routers. You plan to install new Routing and Remote Access service (RRAS) servers to replace the existing routers. You need to enable a routing protocol on the RRAS servers that uses link state in route decision making and supports variable-length subnet masks.
Which protocol should you use?

A server that runs Windows Server 2003 acts as a stand-alone certification authority (CA). You create a local group named Key Recovery Team, and you add user accounts to the local group. You need to ensure that members of the Key Recovery Team group can recover archived private keys for users.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

All servers in your environment run Windows Server 2003. You need to configure a server to automatically send a network message when its Average Disk Queue Length setting exceeds a specific value. Which type of tool should you use?