EXERCISE 12.0E XERCISE 12.03R EQUESTING A C ERTIFICATE FROM A W EB S...

1. - MCSE EXAM 70 293 PLANNING AND MAINTAINING A WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE PHẦN 9 PPT 1. - MCSE EXAM 70 293 PLANNING AND MAINTAINING A WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE PHẦN 9 PPT
MCSE EXAM 70 293 PLANNING AND MAINTAINING A WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE PHẦN 9 PPT
1. You are the administrator of a Windows Server 2003 network. Recently, your companymade a sudden and unexpected announcement that it would be merging with anothercompany called Syngress Industries, a large company that has more than 20,000employees.You learn that, in the short term, communications between the two companieswill need to take place over persistent VPNs using each company’s respective connectionsto the Internet, both of which are operating at about 75 percent capacity.You will need toset up trust relationships between two AD forests. Furthermore, you plan to move signifi-cant amounts of data between the two networks.You learn the Syngress Industries uses achild domain of its Internet domain namespace for its AD forest root.The name of theinternal domain is ad.syngress.com.You want to ensure that your DNS infrastructure canresolve names for internal hosts of Syngress Industries.You also want to ensure that yoursolution is the most effective in terms of resource usage.What should you do to enablename resolution for internal hosts of Syngress Industries?A. Create a secondary zone for ad.syngress.com on you DNS servers.B. Create a stub zone for syngress.com on your DNS servers.C. Create an Active Directory-integrated zone for ad.syngress.comD. Create a conditional forwarding configuration on your DNS servers forad.syngress.comD. Configuring conditional forwarding is the correct answer because it best satisfies thecondition to be the most effective in terms of resource usage, which primarily is band-width in this case. After a time, the forwarding servers would acquire a cache of fre-quently accessed resources in the ad.syngress.com domain.A, B, C. Answer A is incorrect because creating a secondary zone would enable nameresolution, but would cause a significant amount of zone replication traffic over theVPN. Answer B’s solution might work if the syngress.com zone contained NS recordsto delegate authority to the ad.syngress.com domain. However, this would be a badsecurity practice, since syngress.com is used for Internet clients to resolve names of thepublicly available syngress.com servers. Furthermore, the presence of a firewall betweenthe syngress.com DNS servers and the ad.syngress.com servers would mean that the NSand A glue address records would resolve to external IP addresses of the firewall and notIP addresses on the internal network. Answer C is incorrect because your organizationsare in two separate AD forests.