A.Configure and publish a certificate template that is suitable for S/MIME, Deploy a Group Policy object （GPO） so that a certificate that is based on this template is automatically issued to all domain users
B.Specify Group Policy objects （GPOs） and IPSec policies that require all client computers to use Kerberos authentication to connect to mail servers
C.For each mail server， acquire an SSL server certificate from a commercial CA whose root certificate is already trusted
D.Require IPSec encryption on all TCP connections that are used to send or receive e-mail messages

A.Deploy a Windows Server 2003 computer running SUS in the test network. Deploy SUS servers in each child domain to download administrator-approved updates from the test network SUS server
B.Deploy a Windows Server 2003 computer running SUS in the test network Use autoupdate policies in each child domain to download and deploy updates from the test network SUS server
C.Install MBSA on a Windows Server 2003 computer in the network network. Deploy MBSA as a Windows Installer package to all computers in the child domains， and configure MBSA to scan for updates from the server in the test network
D.Install IIS on a Windows Server 2003 computer in the test network. Create a Web site named Updates on this server. Configure an autoupdate policy in each child domain to download and deploy updates from the Updates Web site

A.Deploy an offline enterprise root CA in the corp.woodgrovebank.com domain. Deploy subordinate enterprise root CAs in each child domain. Install Internet Authentication Service （IAS） on one member server in the la.corp.woodgrovebank.com domain and one member server in the den.corp.woodgrovebank.com domain
B.Deploy an enterprise root CA in each domain. Install Internet Authentication Service （IAS） on a member server in the corp.woodgrovebank.com domain. Install the Routing and Remote Access service on a member server in each child domain， and configure these servers as RADIUS clients
C.Enroll and deploy user certificates to all administrators in each domain. Enroll and deploy computer certificates to all portable computers that have wireless network adapters. Configure each portable computer to use Protected EAP （PEAP） for authentication
D.Enroll and deploy computer certificates to all portable computers that have wireless network adapters. Configure each portable computer to use EAP-MS-CHAP v2 for authentication. Configure each portable computer to connect to the Internet Authentication Service （IAS） server

A.Implement an enterprise root CA in the corp.woodgrovebank.com domain.Implement subordinate CAs in each child domain. Take the root CA offline
B.Implement an enterprise root CA in the corp.woodgrovebank.com domain
C.Implement an enterprise root CA in each of the child domains. Take the enterprise CA in each domain offline
D.Implement an enterprise root CA in the corp.woodgrovebank.com domain. Implement a stand-alone root CA in each of the child domains

A.In the Default Domain Policy Group Policy object （GPO） for the corp.woodgrovebank.com domain， add the LA\HRUsers group to the Restricted Groups list. Add only the HR department user accounts to the Allowed Members list
B.In the Default Domain Policy Group Policy object （GPO） for the la.corp.woodgrovebank.com domain， add the LA\HRUsers group to the Restricted Groups list. Add only the HR department user accounts to the Allowed Members list
C.In the Default Domain Policy Group Policy object （GPO） for the corp.woodgrovebank.com domain， add the LA\HRUsers group and the CORP\Backup Operators group to the Restricted Groups list. Add only the HR department user accounts and the administrator user accounts to the Allowed Members list for each group
D.In the Default Domain Policy Group Policy object （GPO） for the la.corp.woodgrovebank.com domain， add the LA\HRUsers group and the CORP\Backup Operators group to the Restricted Groups list. Add only the HR department user accounts to the Allowed Members list for the LA\HRUsers group. Add only the administrator user accounts to the Allowed Members list for the CORP\Backup Operators group

A.Configure the Web site to require SSL connections. Configure the Web site to require client certificates. Enable and configure client certificate mapping on the Web site
B.Configure the Web site to require SSL connections. Disable anonymous access to the Web site.Assign the Allow – Read  permission to the customer user accounts for the folder that contains the Web site files
C.Configure the Web site to use only Microsoft .NET Passport authentication. Specify the den.corp.woodgrovebank.com domain as the default domain for .NET Passport authentication.Configure a custom local IPSec policy on the Web servers to require IPSec communications
D.Configure the Web site to use only Windows Integrated authentication. Configure a custom local IPSec policy on the Web servers to require IPSec communications. Configure the IPSec policy to use certificate-based authentication and encryption

A.Install Internet Authentication Services （IAS） on a server in the den.corp.woodgrovebank.com domain. Configure the VPN servers as RADIUS clients
B.Install Internet Authentication Services （IAS） on a stand-alone server in the Denver extranet. Create local user accounts for the IT personnel on the IAS server. Configure the VPN servers as RADIUS clients
C.Create a remote access policy on each of the VPN servers. Configure the policy to use the den.corp.woodgrovebank.com to authenticate remote access users. Configure the policy to require L2TP to establish a connection
D.Create a remote access policy on each of the VPN servers. Create local user accounts for the IT personnel on the VPN servers. Configure the policy to use the VPN servers’ local accounts database to authenticate users. Configure the policy to require L2TP to establish a connection

A.Create a new child domain named extranet.corp.woodgrovebank.com in the existing forest. Create user accounts for users from partner companies in the new child domain. Create shortcut trusts in which the child domain trusts every domain in the forest
B.Create a new forest and domain named extranet.woodgrovebank.com. Create user accounts for users from partner companies in the new domain. Create a one-way forest trust relationship in which the extranet forest trusts the company forest
C.Create a new forest and domain named extranet.woodgrovebank.com. Create user accounts for users from partner companies in the new domain. Create an external trust relationship in which the extranet domain trusts the den.corp.woodgrovebank.com domain
D.Create a child domain of the den.corp.woodgrovebank.com domain for the extranet. Create user accounts for users from partner companies in the new child domain. Create an external trust relationship in which the forest root domain trusts the extranet domain

A.Deploy an L2TP/IPsec VPN server in each call center. Configure the portable computers as L2TP VPN clients
B.Create IPSec tunnel mode connections between the customer support users home and the company’s Internet-facing routers
C.Create IP packet filters on the company’s Internet-facing routers to allow the Remote Desktop Protocol （RDP）.Create IPSec filters on the terminal servers to allow only connections that use RDP
D.Create IP packet filters on the company’s Internet-facing routers to allow the IPSec protocols. Assign the Secure Server （Require Security） IPSec policy to the terminal servers. Assign the Client （Respond only） IPSec policy to the portable computers

A.Configure all client computers to use Automatic Updates to obtain security patches from the Windows Update Web site. Test and install all patches
B.Configure a batch file to download security patches daily. Distribute the security patches by using a.zap file and the Default Domain Policy Group Policy object （GPO）
C.Deploy a Software Update Services （SUS） server. Test all security patches and then approve them. Configure all client computers to automatically obtain updates from the server
D.Configure a batch file to download security patches daily. Manually install the security patches on all computers

A.Install a Windows Server 2003 enterprise root CA, Configure certificate templates for autoenrollment
B.Install a Windows Server 2003 enterprise subordinate CA, Configure certificate templates for autoenrollment
C.Install a Windows Server 2003 stand-alone subordinate CA, Write a logon script for the client computers in the HR department that contains the Certreq.execommand
D.Install a Windows Server 2003 stand-alone root CA,Write a logon script for the client computers in the HR department that contains the Certreq.execommand