Your network consists of one Active Directory domain that contains servers that run Windows Server
2008 R2. The relevant servers are configured as shown in the following table. (Click the Exhibit)

All client computers are members of the domain and run Windows 7. All users have accounts in the
domain. You need to recommend a solution that enables all client computers to automatically
request and install computer certificates. What should you recommend?

You work as an IT professional in an international company which is named Contoso. Your major job
is to translate business goals into technology decisions and plan mid-range to long-term strategies.
And you are experienced in network infrastructure, security policy and business continuity. In your
company, you are responsible for infrastructure design and global configuration changes. There is
one Active Directory domain and three Network Information Services (NIS) domains in your network.
Windows Server 2008 is run by all domain controllers. All NIS domain servers run UNIX-based
operating systems. Since you are the technical support, the company CIO assigns a task to you. You
are asked to plan the integration of the Active Directory domain and the NIS domains. Your solution
must meet the following requirements:
 Cut down the costs required to implement the solution to the least.
 Cut down the number of additional Windows servers required.
 Provide centralized administration of Active Directory domain objects and NIS domain objects.
What should be included in your plan?

Your network consists of one Active Directory domain. The domain contains two servers named
Server1 and Server2. All servers run Windows Server 2008 R2. Server1 can be accessed only from the
internal network. Server2 can be accessed from the internal network and from the Internet, Server1
runs Microsoft SQL Server 2008. All client computers are members of the domain and run Windows
7. All client computers run an application that connects to Server1 by using ActiveX Data Objects
(ADO). You need to enable remote users to run the application from the Internet. The solution must
meet the following requirements:
• The SQL Server connection method used by the client application must not be changed.
• Remote users must be able to access the application through an HTTP or HTTPS connection.
What should you do on Server2?

Your company has a main office and 10 branch offices. The network consists of one Active Directory
domain. All domain controllers run Windows Server 2008 R2 and are located in the main office. You
plan to deploy one Windows Server 2008 R2 domain controller in each branch office. You are
concerned that the branch offices will fail to provide adequate security for the new domain
controllers. You need to recommend a security solution to meet the following requirements:
Prevent any unauthorized user from accessing user passwords whe n the server is running.
Prevent any unauthorized user from accessing user passwords either locally or over the network
on each branch office domain controller.
Which configuration should you recommend for each branch office domain controller?

Your network consists of one domain. The domain contains a server that runs Windows Server 2008
R2. The server is configured as a Routing and Remote Access Services (RRAS) server. Your company
has portable computers and desktop computers that run Windows 7. Users use company-issued
portable computers to connect to the network remotely through a virtual private network (VPN)
connection to the RRAS server. The desktop computers are seldom turned on and only connect to
the network locally. You need to plan a security solution for the network to meet the following
requirements:
• Notifications must be sent to desktop computers when new updates are available for download.
• Only computers that have the most up-to-date updates installed must be allowed to connect to
the network remotely.
What should you include in your plan?

You work as an IT professional in an international company which is named Contoso. Your major job
is to translate business goals into technology decisions and plan mid-range to long-term strategies.
And you are experienced in network infrastructure, security policy and business continuity. In your
company, you are responsible for infrastructure design and global configuration changes. One Active
Directory domain is contained by your network. There are Three hundred client computers and
1,000 client computers. Windows XP Service Pack 2 (SP2) is run by the three hundred client
computers and Windows Vista is run by 1,000 client computers. You want to have Terminal Services
deployed on new servers, and Windows Server 2008 will be run by new servers. Since you are the
technical support, you are required to design the deployment of Terminal Services RemoteApp (TS
RemoteApp). Which option should be included in your design?

You work as an IT professional in an international company which is named Contoso. Your major job
is to translate business goals into technology decisions and plan mid-range to long-term strategies.
And you are experienced in network infrastructure, security policy and business continuity. In your
company, you are responsible for infrastructure design and global configuration changes. A server
which runs Windows Server 2008 is installed by you. And it is installed as the first domain controller
in an Active Directory forest. Since you are the technical support, you are required to install another
server as a read-only domain controller (RODC). To achieve the goal, which action should be
performed first?

You work as an IT professional in an international company which is named Contoso. Your major job
is to translate business goals into technology decisions and plan mid-range to long-term strategies.
And you are experienced in network infrastructure, security policy and business continuity. In your
company, you are responsible for infrastructure design and global configuration changes. There is
one Active Directory domain in your network. Servers that run Windows Server 2008 R2 are
contained in this domain. The following table bellow shows the configuration of the relevant servers:
The exhibit shows the relevant portion of the network. (Click the Exhibit button.)

Server3 hosts a secure web site. You want remote users to access the secure Web site by using a
Secure Socket Layer (SSL) connection through the Internet. A server certificate issued by Server2 is

installed on Server3. Since you are the technical support, you are asked to recommend a solution
that will enable the distribution of certificates to the remote users. Your solution must meet the
following requirements:
The certification authority must be automatically trusted.
Remote users connecting to Server3 must use clie nt certificates issued by Server4.
A minimum amount of TCP/IP ports must be opened on the firewall that connects the perimeter
network and the internal network.
Which certification authority should you recommend installing on Server4?

Your company has one main office named Main1 and one branch office named Branch1. The offices
are connected by a single wide area network (WAN) link. The network consists of one Active
Directory domain that contains servers that run Windows Server 2008 R2. The relevant servers are
configured as shown in the following table.

You create an organizational unit (OU) named Main1-computers that contains all computer accounts
in Main1. You create an OU named Branch1-computers that contains all computer accounts in
Branch1. A Group Policy object (GPO) named GPO1 is linked to the domain. You plan to use GPO1 to
install applications on computers in both offices. The D:\Software folder on Server1 contains the
source files for the applications. The folder is shared as \\Server1\Software. The D:\Software folder
on Server2 is shared as \\Server2\Software. DFS Replication is configured to replicate the contents of
\\Server1\Software to \\Server2\Software. You need to prepare the environment to enable
computers in both offices to allow the installation of applications if a WAN link fails. What should
you do?

You want to perform maintenance task on a domain controller but you want the services of DNS and
DHCP available. Servers must have the less down time possible. What should you do?