You are the systems engineer for your company. The company has a main office in Los Angeles and two branch offices, one in Chicago and one in New York. The offices are connected to one another by dedicated T1 lines. Each office has its own local IT department and administrative staff. The company network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. All servers support firmware- based console redirection by means of the serial port. The server hardware does not support any other method of console redirection and cannot be upgraded to do so.
The company is currently being reorganized. The IT departments from each branch office are being relocated to a new central data center in the Los Angeles office. Several servers from each branch office are also being relocated to the Los Angeles data center. Each branch office will retain 10 servers. A new written security policy includes the following requirements:
All servers must be remotely administered for all administrative tasks. All servers must be administered from the Los Angeles office.
All remote administration connections must be authenticated and encrypted. Your current network configuration already adheres to the new written security policy for day-to- day server administration tasks performed on the servers. You need to plan a configuration for out-of-band management tasks for each office that meets the new security requirements.
Which three actions should you take? (Each correct answer presents part of the solution. Choose three.)
A.
Connect a second network adapter to each server. Connect the second network adapter in each server to a separate network switch. Connect the management port on the switch to a WAN port on the office router. Enable IPSec on the router.
B.
Connect each server’s serial port to a terminal concentrator. Connect the terminal concentrator to the network.
C.
Enable Routing and Remote Access on a server in each branch office, and configure it as an L2TP/IPSec VPN server. Configure a remote access policy to allow only authorized administrative staff to make a VPN connection.
D.
On each server, enable the Telnet service with a startup parameter of Automatic. Configure Telnet on each server to use only NTLM authentication. Apply the Server (Request Security) IPSec policy to all servers.
E.
On each server, enable Emergency Management Services console redirection and the Emergency Management Services Special Administration Console (SAC).
Explanation:
The Special Administration Console Helper system service can be used to perform remote management tasks if the Windows Server 2003 family operating system stops functioning due to an Stop error message. Its main functions are to:The SAC is an auxiliary Emergency Management Services command line environment that is hosted by Windows Server 2003 family operating systems. It also accepts input, and sends output through the out of band port. !SAC is a separate entity from both SAC and Windows Server 2003 family command line environments.
After a specific failure point is reached, Emergency Management Services components determine when the shift should be made from SAC to !SAC. !SAC becomes available automatically if SAC fails to load or is not functioning.
If the Special Administration Console Helper service is stopped, SAC services will no longer be available. If this service is disabled, any services that explicitly depend on it will not start.Reference:
Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, 2004, p.
12: 27