What should you do?
Your company has an Active Directory domain named contoso.com. The company network has two DNS servers named DNS1 and DNS2.
The DNS servers are configured as shown in the following table:
DNS1
DNS2
_msdcs.contoso.com
contoso.com
.(root)
_msdcs.contoso.com
contoso.com
Domain users, who are configured to use DNS2 as the preferred DNS server, are unable to connect to Internet Web sites.
You need to enable Internet name resolution for all client computers.
What should you do?
What should you do first?
Your network contains an Active Directory domain named contoso.com. The domain contains the servers shown in the following table:
Server name
Operating system
Role
DC1
Windows Server 2008
Domain controller
DC2
Windows Server 2008 R2
Domain controller
DNS1
Windows Server 2008
DNS server
DNS2
Windows Server 2008 R2
DNS server
The functional level of the forest is Windows Server 2003. The functional level of the domain is Windows Server 2003. DNS1 and DNS2 host the contoso.com zone. All client computers run Windows 7 Enterprise.
You need to ensure that all of the names in the contoso.com zone are secured by using DNSSEC.
What should you do first?
What should you do?
Your network contains an Active Directory domain. The domain is configured as shown in the following table:
Active Directory site
Domain controllers
Main
DC1 and DC2
Branch1
DC3
Branch2
None
Users in Branch2 sometimes authenticate to a domain controller in Branch1.
You need to ensure that users in Branch2 only authenticate to the domain controllers in Main.
What should you do?
Which utility should you run?
You create 200 new user accounts. The users are located in six different sites. New users report that they receive the following error message when they try to log on: "The username or password is incorrect." You confirm that the user accounts exist and are enabled. You also confirm that the user name and password information supplied are correct.
You need to identify the cause of the failure. You also need to ensure that the new users are able to log on.
Which utility should you run?
What should you do?
Your company has an Active Directory domain. A user attempts to log on to the domain from a client computer and receives the following message: "This user account has expired. Ask your administrator to reactivate the account."
You need to ensure that the user is able to log on to the domain.
What should you do?
Which two actions should you perform?
Your company has an Active Directory forest that runs at the functional level of Windows Server 2008. You implement Active Directory Rights Management Services (AD RMS). You install Microsoft SQL Server 2005.
When you attempt to open the AD RMS administration Web site, you receive the following error message: "SQL Server does not exist or access denied."
You need to open the AD RMS administration Web site.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
What should you do?
Your company has two Active Directory forests as shown in the following table:
Forest name
Forest functional level
Domain(s)
contoso.com
Windows Server 2008
contoso.com
fabrikam.com
Windows Server 2008
fabrikam.com eng.fabrikam.com
The forests are connected by using a two-way forest trust. Each trust direction is configured with forest-wide authentication. The new security policy of the company prohibits users from the eng.fabrikam.com domain to access resources in the contoso.com domain.
You need to configure the forest trust to meet the new security policy requirement.
What should you do?
What should you do?
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA).
The relevant servers in the domain are configured as shown in the following table:
Server name
Operating system
Server role
Server1
Windows Server 2003
Enterprise root CA
Server2
Windows Server 2008
Enterprise subordinate CA
Server3
Windows Server 2008 R2
Web Server
You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network.
What should you do?
What should you do?
Your network contains an Active Directory domain. The relevant servers in the domain are configured as shown in the following table:
Server name
Operating System
Server role
Server1
Windows 2008
Domain controller
Server2
Windows 2008 R2
Enterprise root certification authority (CA)
Server3
Windows 2008 R2
Network Device Enrollment Service (NDES)
You need to ensure that all device certificate requests use the MD5 hash algorithm.
What should you do?
What should you do?
You perform a security audit of a server named CRM1. You want to build a list of all DNS requests that are initiated by the server. You install the Microsoft Network Monitor 3.0 application on CRM1. You capture all local traffic on CRM1 for 24 hours. You save the capture file as data.cap. You find that the size of the file is more than 1 GB.
You need to create a file named DNSdata.cap from the existing capture file that contains only DNSrelated data.
What should you do?