Microsoft-Planning and Maintaining a Windows Server 2003 Network Infrastructure Set 1

You are working as the administrator at ABC.com. ABC.com has headquarters in London and branch offices in Berlin, Minsk, and Athens. The Berlin, Minsk and Athens branch offices each have a Windows Server 2003 domain controller named ABC-DC01, ABC-DC02 and ABC-DC03 respectively. All client computers on the ABC.com network run Windows XP Professional. One morning users at the Minsk branch office complain that they are experiencing intermittent problems authenticating to the domain. You believe that a specific client computer is the cause of this issue and so need to discover the IP address client computer. How would you capture authentication event details on ABC-DC02 in the Minsk branch office?

You are working as the administrator at ABC.com. Part of you job description includes the deployment of applications on the ABC.com network. To this end you operate by testing new application deployment in a test environment prior to deployment on the production network. The new application that should be tested requires 2 processors and 3 GB of RAM to run successfully. Further requirements of this application also include shared folders and installation of software on client computers. You install the application on a Windows Server 2003 Web Edition computer and install the application on 30 test client computers. During routine monitoring you discover that only a small amount of client computers are able to connect and run the application. You decide to turn off the computers that are able to make a connection and discover that the computers that failed to open the application can now run the application. How would you ensure that all client computers can connect to the server and run the application?

You are working as the administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. The ABC.com network contains a DMZ that contains a two-node Network Load Balancing cluster, which is located in a data centre that is physically impenetrable to unauthorized persons. The cluster servers run Windows Server 2003 Web Edition and host an e-commerce website. The NLB cluster uses a virtual IP address that can be accessed from the Internet. What can you do to mitigate the cluster's most obvious security vulnerability?

You are working for a administrator for ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All the servers on the network run Windows Server 2003 servers. You have configured four servers in a network load balancing cluster. You need to enable the cluster in unicast mode although each server only has one network card. After your configuration, the NLB cluster has successfully converged. You discover that you can optimize the use of the cluster by moving a specific application to each node of the cluster. However for this application to execute, all the nodes of the cluster must be configured by a Network Load Balancing Port Rule. When you open Network Load Balancing Manager on one of the NLB nodes, you receive a message saying that Network Load Balancing Manager is unable to see the other nodes in the cluster. How can you add a port rule to the cluster nodes?

You are working as an administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com which contains Windows Server 2003 servers Windows XP Professional client computers. You want to improve network security and need to pinpoint all computers that have the known vulnerabilities. What should you do to automate the process of collecting information on existing vulnerabilities for each computer, on a nightly basis?

You work as the network administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. The ABC.com network contains several servers and several hundred client computers. All servers on the ABC.com network run Windows Server 2003. The client computers run a mix of Windows 98, Windows NT Workstation, Windows 2000 Professional and Windows XP Professional. How can you make sure that all client computers use Kerberos authentication when users log in to the domain?

You are working as a network administrator at ABC.com. The ABC.com network consists of asingle Active Directory domain named ABC.com. ABC.com has its headquarters in Chicago and has branch offices all over the country. All servers on the ABC.com network run Windows Server 2003 and all client computers run Windows XP Professional. A new ABC.com directive states that the branch offices should be able to connect to the Chicago headquarters using VPN connections over the internet. The Routing and Remote Access service has been enabled and configured on a Windows 2003Server in each branch office. You are in the process of configuring four Windows 2003 servers in the Chicago office to handle the VPN connections from the branch offices. To enable centralized authentication and remote access policy management, you have installed the Internet Authentication Service on a server named ABC-IAS1. Which three of the following steps should you perform to complete the configuration?

The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server 2003 and all client computers run Windows XP Professional. A domain controller named ABC-DC1 is configured as a DNS server. DC1 hosts the DNS zone for the ABC.com internal LAN. An external DNS server named ABC-DNS1 hosts the DNS zone for the ABC.com external website and is configured with root hints. ABC-DNS1 is outside of the network firewall. You need to protect the client computers by minimizing the risk of DNS-related attacks from the Internet, without impacting on their access to Internet-based sites. How should you configure the DNS servers and client computers?

The ABC.com network consists of a single Active Directory domain named ABC.com. All computers on the ABC.com network are members of the ABC.com domain. You install a new server named ABC-CA1 and configure it as a Certification Authority for the ABC.com domain. How would you enable an Active Directory global group named CA-Admins to issue, revoke and approve certificates without assigning more permissions than necessary?

The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server 2003 and all client computers run Windows XP Professional. The ABC.com network contains an application server named ABC-SR20. You had to reboot ABC-SR20 after you installed a new service on it but the logon screen was not displayed once ABC-SR20 has rebooted. Your attempts to restore the server by using the Last Known Good Configuration and Safe Mode startup options also fail. You restore ABC-SR20 from backup. After later researching the problem, you discover that the service you installed was not compatible with a driver. How could you configure the servers to enable you to recover from this type of failure as quickly as possible if this type of problem happens again?