Microsoft-Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure Set 4

You are the administrator of a Windows Server 2003 computer named Server1. Server1 is a domain member server that has the DNS service installed. Server1 is configured with two network interfaces named NIC1 and NIC2. Routing is not enabled between the two network interfaces.NIC1 and NIC2 are configured as shown in the following table. Resources on the preproduction network segment use the same fully qualified domain names (FQDNs) as resources in the production network.The TCP/IP properties on client computers in the preproduction environment are controlled by individual testers. You need to ensure that the users in the preproduction environment cannot resolve FQDNs from the production network.You want to accomplish this goal by using the DNS console on Server1. What should you do?

Your network consists of a single Active Directory domain.All servers run Windows Server 2003 Service Pack 2 (SP2). You have two DNS servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com.Server2 hosts a secondary zone for contoso.com. The serial number for the contoso.com zone is currently 985413. You need to verify whether Server2 has the most up-to-date version of the zone. What should you do?

You are the network administrator for your company.The network consists of a single Active Directory domain.The functional level of the domain is Windows Server 2003. All client computers in the domain run Windows XP Professional. An application named Inventory.exe is installed on all computers in the domain to remotely gather software inventory information.The application runs as a service in the security context of the Local System.The startup type of the service is set to Automatic. In the Default Domain Policy Group Policy object (GPO), the security administrator has configured a software restriction policy that is applied to all computers in the domain.The policy contains a hash rule for the Inventory.exe application, and the hash rule is configured with a security level of Unrestricted. The client computers on the network are attacked by a worm that is distributed by e-mail messages received over the Internet.The worm detects the presence of Inventory.exe on a computer, then starts a new instance of the application in the security context of the logged-on user.The worm exploits a bug in the application to cause the computer to fail. You need to ensure that Inventory.exe cannot be started by the worm, while still allowing the application to run as a service. What should you do?

You have a server that runs Windows Server 2003 Service Pack 2 (SP2).The server is configured as a network address translation (NAT) router.The server has two network adapters and provides Internet access for the network. You need to prevent traffic on port 21 from being sent to the Internet.All other outbound traffic must be allowed. What should you do?

Your network consists of a single Active Directory domain.All servers run Windows Server 2003 Service Pack 2 (SP2).All client computers run Windows XP Professional Service Pack 3 (SP3). You install and configure Windows Server Update Services (WSUS) 3.0 on a server named Server1. You need to configure one client computer to check for software updates from Server1 every morning at 02:30. What should you do?

You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).Server1 has Windows Server Update Services (WSUS) 3.0 installed.Server1 has a WSUS client named Computer1. You need to view a list of all critical updates that have not been installed on Computer1. What should you do?

Your network contains a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).Server1 has IPSec enabled. Several users report that they cannot connect to Server1. You need to see how many IPSec connection attempts failed due to authentication failures. What should you do?

Your network consists of a single Active Directory domain named Contoso.com.All servers run Windows Server 2003 Service Pack 2 (SP2).All client computers run Windows XP Professional Service Pack 3 (SP3). You create an organizational unit (OU) that contains a computer account named Computer1. A Group Policy object (GPO) is linked to the OU and contains settings to enforce the use of IPSec. You log on to Computer1 by using a user account named User1. You need to verify that the IPSec settings have been applied. Which command should you run?

Your network consists of a single Active Directory domain.You have a member server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). You need to record all attempts by domain users and local users to log on to Server1. What should you do?

Your network consists of a single Active Directory domain.The domain contains a server named Server1. Server1 runs Windows Server 2003 Service Pack 2 (SP2). You install Windows Support Tools on Server1. You need to view the IPSec settings applied to Server1. What command should you run on Server1?