You are in the process of planning the development of a security template that will be applied to the 35 domain controllers that are used to support your organization’s nationwide domain. All domain controllers run Windows Server 2003, Standard Edition. 70-624 70-236 70-646 70-638 Your company has 15 branch sites, each with two domain controllers for the purpose of redundancy. Your headquarters site hosts five domain controllers to cope with the increased load in addition to roles such as schema master and global catalog server. Out of the 15 branch sites, the largest eight also have one of their domain controllers serving the global catalog server role. Each of the domain controllers is also able to respond to host name lookup requests in addition to processing host name updates.
Which of the following system services can be disabled in the security template to be applied to the organization’s 35 domain controllers? 190-720 310-055 70-621 70-441
-
distributed file system (DFS)
-
Kerberos Key Distribution Center (KDC)
-
Distributed Transaction Coordinator
-
intersite messaging
Correct Answers: D
-
Incorrect The Active Directory System Volume (Sysvol) requires that the DFS service be running.
-
Incorrect The question text indicates that all of the domain controllers are functioning in Active Directory integrated mode. This means that DNS duties are distributed across the domain with any domain controller server being able to respond to requests or process updates.
-
Incorrect The KDC service is required to allow security accounts to log on to the network. A non-functional KDC service means that logon authentication cannot complete.
-
Correct This service is not used by domain controllers. It is used on servers such as database servers for coordinating transactions that are distributed across multiple systems.
-
Incorrect Intersite messaging is used by the Active Directory replication processes and is hence a service that must be active on a domain controller. 640-802 310-035 70-649  70-443
-