You are working as the administrator at ABC.com. ABC.com has headquarters in London and
branch offices in Berlin, Minsk, and Athens. The Berlin, Minsk and Athens branch offices each
have a Windows Server 2003 domain controller named ABC-DC01, ABC-DC02 and ABC-DC03
respectively. All client computers on the ABC.com network run Windows XP Professional.
One morning users at the Minsk branch office complain that they are experiencing intermittent
problems authenticating to the domain. You believe that a specific client computer is the cause of
this issue and so need to discover the IP address client computer.
How would you capture authentication event details on ABC-DC02 in the Minsk branch office?
A.
By monitoring the logon events using the SysMon utility.
B.
By recording the connections to the NETLOGON share using the SysMon utility.
C.
By recording the authentication events with the NetMon utility.
D.
By monitoring the authentication events using the Performance and Reliability Monitor.
Explanation:
The question states that you need to find out the IP address of the client computer
that is the source of the problem. Using Network Monitor to capture traffic is the only way to do
this.
Reference:
http://support.microsoft.com/default.aspx?scid=kb;en-us;175062
Martin Grasdal, Laura E. Hunter, Michael Cross, Laura Hunter, Debra Littlejohn Shinder, and Dr.
Thomas W. Shinder, Planning and Maintaining a Windows Server 2003 Network Infrastructure:
Exam 70-293 Study Guide & DVD Training System, Syngress Publishing, Inc., Rockland, MA,
Chapter 11, p. 826