최신 070-646 무료덤프 - Microsoft Windows Server 2008, Server Administrator
Testlet: School of Fine Art
You need to recommend changes to the existing environment that meet the company's security requirements for the file server on the main campus.
What should you recommend?
Case Study Title (Case Study): COMPANY OVERVIEW
School of Fine Art is an educational institution that has a main campus and two satellite campuses.
The main campus is located in New York. The satellite campuses are located in Los Angeles and Chicago.
The main campus has approximately 4,000 users made up of students, faculty, and employees. Each satellite campus has approximately 1,000 users made up of students, faculty, and employees.
EXISTING ENVIRONMENT
The network contains a single Active Directory domain named fineartschool.net.
All servers run Windows Server 2008 R2. All client computers run either Windows XP or Windows 7.
The network contains Microsoft Application Virtualization (App-V) and Microsoft Enterprise Desktop Virtualization (MED-V).
Existing Network Infrastructure
The main campus has the following servers:
A file server that contains confidential files.
A print server that has several printers installed.
A server that has the Windows Server Update Services (WSUS) server role installed. All client computers are updated by using the WSUS server.
The main campus has a computer lab. The lab has 50 client computers that run Windows 7 Enterprise.
The computer accounts for the lab computers are located in an organizational unit (OU) named LabOU. The user accounts and computer accounts for all of the students are located in an OU named StudentsOU. Both OUs are child objects in the fineartschool.net domain.
The relevant Group Policy objects (GPOs) are configured as shown in the following table.
REQUIREMENTS Technical Requirements
The computer lab must meet the following requirements:
Ensure that the user settings in all domain-level GPOs are applied to each student.
Prevent the settings in all domain-level GPOs from being applied to the client computers in the computer
lab. The update management infrastructure must meet the following requirements:
Each campus must control the updates for its respective campus.
Update status reports must be sent weekly to the Enterprise Administrator on the main campus.
Application Requirements
All client computers will be upgraded to Windows 7 Enterprise.
An application named App1 runs on every client computer. App1 is only compatible with Windows XP. App1 must remain available after all of the operating system upgrades are complete.
App1 must meet the following requirements:
App1 must be available from the Start menu.
The management of App1 must be centralized.
Each user must have a unique instance of App1.
Security Requirements
Security for the file server on the main campus must meet the following requirements:
Unauthorized users must be prevented from printing sensitive files stored on the server.
The contents of the server's hard disks must remain secure if the physical security of the server is compromised.
Problem Statements
Users report that they receive a different desktop environment every time they log on to a client computer in the computer lab.
The print server on the main campus has reliability issues. A malfunction on a single printer often causes other printers to malfunction.
You need to recommend changes to the existing environment that meet the company's security requirements for the file server on the main campus.
What should you recommend?
Case Study Title (Case Study): COMPANY OVERVIEW
School of Fine Art is an educational institution that has a main campus and two satellite campuses.
The main campus is located in New York. The satellite campuses are located in Los Angeles and Chicago.
The main campus has approximately 4,000 users made up of students, faculty, and employees. Each satellite campus has approximately 1,000 users made up of students, faculty, and employees.
EXISTING ENVIRONMENT
The network contains a single Active Directory domain named fineartschool.net.
All servers run Windows Server 2008 R2. All client computers run either Windows XP or Windows 7.
The network contains Microsoft Application Virtualization (App-V) and Microsoft Enterprise Desktop Virtualization (MED-V).
Existing Network Infrastructure
The main campus has the following servers:
A file server that contains confidential files.
A print server that has several printers installed.
A server that has the Windows Server Update Services (WSUS) server role installed. All client computers are updated by using the WSUS server.
The main campus has a computer lab. The lab has 50 client computers that run Windows 7 Enterprise.
The computer accounts for the lab computers are located in an organizational unit (OU) named LabOU. The user accounts and computer accounts for all of the students are located in an OU named StudentsOU. Both OUs are child objects in the fineartschool.net domain.
The relevant Group Policy objects (GPOs) are configured as shown in the following table.
REQUIREMENTS Technical Requirements
The computer lab must meet the following requirements:
Ensure that the user settings in all domain-level GPOs are applied to each student.
Prevent the settings in all domain-level GPOs from being applied to the client computers in the computer
lab. The update management infrastructure must meet the following requirements:
Each campus must control the updates for its respective campus.
Update status reports must be sent weekly to the Enterprise Administrator on the main campus.
Application Requirements
All client computers will be upgraded to Windows 7 Enterprise.
An application named App1 runs on every client computer. App1 is only compatible with Windows XP. App1 must remain available after all of the operating system upgrades are complete.
App1 must meet the following requirements:
App1 must be available from the Start menu.
The management of App1 must be centralized.
Each user must have a unique instance of App1.
Security Requirements
Security for the file server on the main campus must meet the following requirements:
Unauthorized users must be prevented from printing sensitive files stored on the server.
The contents of the server's hard disks must remain secure if the physical security of the server is compromised.
Problem Statements
Users report that they receive a different desktop environment every time they log on to a client computer in the computer lab.
The print server on the main campus has reliability issues. A malfunction on a single printer often causes other printers to malfunction.
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
Testlet: Humongous Insurance
http://technet.microsoft.com/en-us/library/ee532079.aspx
You are evaluating whether to use express installation files as an update distribution mechanism.
Which technical requirement is met by using the express installation files?
Testlet: Humongous Insurance (Case Study): COMPANY OVERVIEW
Humongous Insurance has a main office and 20 branch offices. The main office is located in New York. The branch offices are located throughout North America. The main office has 8,000 users. Each branch office has 2 to 250 users.
PLANNED CHANGES
Humongous Insurance plans to implement Windows BitLocker Drive Encryption (BitLocker) on all servers.
EXISTING ENVIRONMENT
The network contains servers that run either Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2. All client computers run either Windows 7 Enterprise or Windows Vista Enterprise.
BUSINESS GOALS
Humongous Insurance wants to minimize costs whenever possible.
EXISTING ACTIVE DIRECTORY/DIRECTORY SERVICES
The network contains a single Active Directory forest named humongousinsurance.com. The forest contains two child domains named north.humongousinsurance.com and south.humongousinsurance.com. The functional level of the forest is Windows Server 2008 R2.
EXISTING NETWORK INFRASTRUCTURE
Each child domain contains a Web server that has Internet Information Services (IIS) installed. The forest root domain contains three Web servers that have IIS installed. The Web servers in the forest root domain are configured in a Network Load Balancing (NLB) cluster. Currently, all of the Web servers use a single domain user account as a service account.
Windows Server Update Services (WSUS) is used for company-wide patch management. The WSUS servers do not store updates locally.
The network contains Remote Desktop servers that run Windows Server 2008 R2. Users in the sales department access a line-of-business Application by using Remote Desktop. Managers in the sales department use the Application to generate reports. Generating the reports is CPU intensive.
The sales managers report that when many users are connected to the servers, the reports take a long time
to process.
Humongous Insurance has the following standard server builds:
Class 1 - Dual x64 CPUs, 4-GB RAM, Windows Web Server 2008 R2
Class 2 - Dual x64 CPUs, 4-GB RAM, Windows Server 2008 R2 Standard
Class 3 - Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Standard
Class 4 - Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Enterprise
CURRENT ADMINISTRATION MODEL
Humongous Insurance currently uses the following technologies to manage the network:
Microsoft Desktop Optimization Pack
Microsoft Forefront EndPoint Protection
Microsoft System Center Operations Manager
Microsoft System Center Configuration Manager
TECHNICAL REQUIREMENTS
Humongous Insurance must meet the following technical requirements:
A certificate must be required to recover BitLocker-protected drives.
Newly implemented technologies must minimize the impact on LAN traffic.
Newly implemented technologies must minimize the storage requirements.
The management of disk volumes and shared folders must be performed remotely whenever possible.
Newly implemented technologies must minimize the amount of bandwidth used on Internet connections.
All patches and updates must be tested in a non-production environment before they are applied to production servers.
Multiple versions of a Group Policy object (GPO) must be maintained in a central archive to facilitate a roll back required.
The management of passwords and service principal names (SPNs) for all service accounts must be automated whenever possible.
http://technet.microsoft.com/en-us/library/ee532079.aspx
You are evaluating whether to use express installation files as an update distribution mechanism.
Which technical requirement is met by using the express installation files?
Testlet: Humongous Insurance (Case Study): COMPANY OVERVIEW
Humongous Insurance has a main office and 20 branch offices. The main office is located in New York. The branch offices are located throughout North America. The main office has 8,000 users. Each branch office has 2 to 250 users.
PLANNED CHANGES
Humongous Insurance plans to implement Windows BitLocker Drive Encryption (BitLocker) on all servers.
EXISTING ENVIRONMENT
The network contains servers that run either Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2. All client computers run either Windows 7 Enterprise or Windows Vista Enterprise.
BUSINESS GOALS
Humongous Insurance wants to minimize costs whenever possible.
EXISTING ACTIVE DIRECTORY/DIRECTORY SERVICES
The network contains a single Active Directory forest named humongousinsurance.com. The forest contains two child domains named north.humongousinsurance.com and south.humongousinsurance.com. The functional level of the forest is Windows Server 2008 R2.
EXISTING NETWORK INFRASTRUCTURE
Each child domain contains a Web server that has Internet Information Services (IIS) installed. The forest root domain contains three Web servers that have IIS installed. The Web servers in the forest root domain are configured in a Network Load Balancing (NLB) cluster. Currently, all of the Web servers use a single domain user account as a service account.
Windows Server Update Services (WSUS) is used for company-wide patch management. The WSUS servers do not store updates locally.
The network contains Remote Desktop servers that run Windows Server 2008 R2. Users in the sales department access a line-of-business Application by using Remote Desktop. Managers in the sales department use the Application to generate reports. Generating the reports is CPU intensive.
The sales managers report that when many users are connected to the servers, the reports take a long time
to process.
Humongous Insurance has the following standard server builds:
Class 1 - Dual x64 CPUs, 4-GB RAM, Windows Web Server 2008 R2
Class 2 - Dual x64 CPUs, 4-GB RAM, Windows Server 2008 R2 Standard
Class 3 - Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Standard
Class 4 - Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Enterprise
CURRENT ADMINISTRATION MODEL
Humongous Insurance currently uses the following technologies to manage the network:
Microsoft Desktop Optimization Pack
Microsoft Forefront EndPoint Protection
Microsoft System Center Operations Manager
Microsoft System Center Configuration Manager
TECHNICAL REQUIREMENTS
Humongous Insurance must meet the following technical requirements:
A certificate must be required to recover BitLocker-protected drives.
Newly implemented technologies must minimize the impact on LAN traffic.
Newly implemented technologies must minimize the storage requirements.
The management of disk volumes and shared folders must be performed remotely whenever possible.
Newly implemented technologies must minimize the amount of bandwidth used on Internet connections.
All patches and updates must be tested in a non-production environment before they are applied to production servers.
Multiple versions of a Group Policy object (GPO) must be maintained in a central archive to facilitate a roll back required.
The management of passwords and service principal names (SPNs) for all service accounts must be automated whenever possible.
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
Testlet: Fabrikam Inc
You need to configure Internet Explorer to meet the company's technical requirements.
Which GPO or GPOs should you modify?
Case Study Title (Case Study): COMPANY OVERVIEW
Fabrikam Inc. is a manufacturing company that has a main office and a branch office.
PLANNED CHANGES
You plan to deploy a failover cluster named Cluster1 in the branch office. Cluster1 will be configured to meet the following requirements:
The cluster will host eight virtual machines (VMs).
The cluster will consist of two nodes named Node1 and Node2.
The quorum mode for the cluster will be set to Node and Disk Majority.
A user named Admin1 will configure the virtual switch configuration of the VMs.
The cluster nodes will use shared storage on an iSCSI Storage Area Network (SAN).
You plan to configure a VM named File2 as a file server. Users will store confidential files on File2.
You plan to deploy a Microsoft Forefront Threat Management Gateway (TMG) server in each site. The Forefront TMG server will be configured as a Web proxy.
EXISTING ENVIRONMENT
The research department is located in the branch office. Research users frequently travel to the main office.
Existing Active Directory/Directory Services
The network contains a single-domain Active Directory forest named fabrikam.com. The functional level of the forest is Windows Server 2008.
The relevant organizational units (OUs) for the domain are configured as shown in the following table.
The relevant sites for the network are configured shown in the following table.
The relevant group policy objects (GPOs) are configured as shown in the following table.
Existing Network Infrastructure
All users run windows server 2008 R2. The relevant servers are configured as shown in following table.
WSUS2 is configured as a downstream replica server.
File1 contains a share named Templates. Users access the Templates share by using the path \ \fabrikam.com\dfs\templates.
File1 has the Distributed File System (DFS) Replication role service and the DFS Namespaces role service installed.
TECHNICAL REQUIREMENTS
Fabrikam must meet the following requirements:
Minimize the cost of IT purchases.
Minimize the potential attack surface on the servers.
Minimize the number of rights assigned to administrators.
Minimize the number of updates that must be installed on the servers.
Ensure that Internet Explorer uses the local ForeFront TMG server to connect to the Internet.
Ensure that all client computers continue to receive updates from WSUS if a WSUS server fails.
Prevent unauthorized users from accessing the data stored on the VMs by making offline copies of the
VM files. Fabrikam must meet the following requirements for the Templates share:
Ensure that users access the files in the Templates share from a server in their local site.
Ensure that users always use the same UNC path to access the Templates share, regardless of the site in which the users are located.
You need to configure Internet Explorer to meet the company's technical requirements.
Which GPO or GPOs should you modify?
Case Study Title (Case Study): COMPANY OVERVIEW
Fabrikam Inc. is a manufacturing company that has a main office and a branch office.
PLANNED CHANGES
You plan to deploy a failover cluster named Cluster1 in the branch office. Cluster1 will be configured to meet the following requirements:
The cluster will host eight virtual machines (VMs).
The cluster will consist of two nodes named Node1 and Node2.
The quorum mode for the cluster will be set to Node and Disk Majority.
A user named Admin1 will configure the virtual switch configuration of the VMs.
The cluster nodes will use shared storage on an iSCSI Storage Area Network (SAN).
You plan to configure a VM named File2 as a file server. Users will store confidential files on File2.
You plan to deploy a Microsoft Forefront Threat Management Gateway (TMG) server in each site. The Forefront TMG server will be configured as a Web proxy.
EXISTING ENVIRONMENT
The research department is located in the branch office. Research users frequently travel to the main office.
Existing Active Directory/Directory Services
The network contains a single-domain Active Directory forest named fabrikam.com. The functional level of the forest is Windows Server 2008.
The relevant organizational units (OUs) for the domain are configured as shown in the following table.
The relevant sites for the network are configured shown in the following table.
The relevant group policy objects (GPOs) are configured as shown in the following table.
Existing Network Infrastructure
All users run windows server 2008 R2. The relevant servers are configured as shown in following table.
WSUS2 is configured as a downstream replica server.
File1 contains a share named Templates. Users access the Templates share by using the path \ \fabrikam.com\dfs\templates.
File1 has the Distributed File System (DFS) Replication role service and the DFS Namespaces role service installed.
TECHNICAL REQUIREMENTS
Fabrikam must meet the following requirements:
Minimize the cost of IT purchases.
Minimize the potential attack surface on the servers.
Minimize the number of rights assigned to administrators.
Minimize the number of updates that must be installed on the servers.
Ensure that Internet Explorer uses the local ForeFront TMG server to connect to the Internet.
Ensure that all client computers continue to receive updates from WSUS if a WSUS server fails.
Prevent unauthorized users from accessing the data stored on the VMs by making offline copies of the
VM files. Fabrikam must meet the following requirements for the Templates share:
Ensure that users access the files in the Templates share from a server in their local site.
Ensure that users always use the same UNC path to access the Templates share, regardless of the site in which the users are located.
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
Testlet: Tailspin Toys
Explanation Explanation/Reference:
New security events are not being written to the current Security event log in the tailspintoys.com domain.
However, old security events are still being maintained in the log.
You need to meet the security event log requirements for the tailspintoys.com domain.
Which Group Policy setting or settings should you select?
CASE SCENARIO General Background
You are the Windows Server Administrator for Tailspin Toys. Tailspin Toys has a main office and a manufacturing office.
Tailspin Toys recently acquired Wingtip Toys and is in the beginning stages of Merging the IT environments. Wingtip Toys has a main office and a sales office.
Technical Background
The companies use the network subnets indicated in the following table:
The Tailspin Toys network and the Wingtip Toys are connected by a point-to-point dedicated 45 Mbps circuit that terminates in the main offices.
The current Tailspin Toys server topology is shown in the following table:
The Tailspin Toys environment has the following characteristics:
All servers are joined to the tailspintoys.com domain.
In the Default Domain Policy, the Retain old events Group Policy setting is enabled.
An Active Directory security group named "Windows System Administrators" is used to control all files and folders on TT-PRINT01.
A Tailspin Toys administrator named Marx has been delegated rights to multiple Organizational Units (OUs) and object in the tailspintoys.com domain.
Tailspin Toys developers use Hyper-V Virtual Machines (VM's) for development. There are 10
development VM's named TT-DEV01 to TT-DEV20.
The current Wingtip Toys server topology is shown in the following table: All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
All domain zones must be stored as Active Directory-integrated zones.
Only DNS servers located in the Tailspin Toys main offices may communicate with the DNS servers at Wingtip Toys.
Only DNS servers located in the Wingtip Toys main offices may communicate with the DNS servers at Tailspin Toys
All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
All wingtiptoys.com resources must be resolved from the Tailspin toys offices.
Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met: Tailspin Toys IT security administrators must be able to create, modify and delete user objects in the wingtip.com domain.
Members of the Domain Admins Group in the tailspintoys.com domain must have full access to the wingtiptoys.com Active Directory environment.
A delegation policy must grant minimum access rights and simplify the process of delegating rights.
Minimum permissions must always be delegated to ensure that the least privilege is granted for a job task.
Members of the TAILSPINTOYS\Helpdesk group must be able to update drivers and add printer ports on TT-PRINT01.
Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print job on TT-PRINT01.
Tailspin Toys developers must be able to start, stop and apply snapshots to their development VM's.
IT Security
Server security must be automated to ensure that newly deployed servers automatically have the same security configurations as existing servers.
Auditing must be configured to ensure that the deletion of users objects and OUs is logged.
Microsoft Word and Microsoft Excel files must be automatically encrypted when uploaded to the
Confidential documents library on the Tailspin Toys Microsoft SharePoint site.
Multi factor authentication must control access to Tailspin Toys domain controllers.
All file and folder auditing must capture the reason for access.
All folder auditing must capture all delete actions for all existing folders and newly created folders.
New events must be written to the Security event log in the tailspintoys.com domain and retained
indefinitely.
Drive X:\ on the TT-FILE01 must be encrypted by using Windows BitLocker Drive Encryption and must be automatically unlock.
Hot Area:
Explanation Explanation/Reference:
New security events are not being written to the current Security event log in the tailspintoys.com domain.
However, old security events are still being maintained in the log.
You need to meet the security event log requirements for the tailspintoys.com domain.
Which Group Policy setting or settings should you select?
CASE SCENARIO General Background
You are the Windows Server Administrator for Tailspin Toys. Tailspin Toys has a main office and a manufacturing office.
Tailspin Toys recently acquired Wingtip Toys and is in the beginning stages of Merging the IT environments. Wingtip Toys has a main office and a sales office.
Technical Background
The companies use the network subnets indicated in the following table:
The Tailspin Toys network and the Wingtip Toys are connected by a point-to-point dedicated 45 Mbps circuit that terminates in the main offices.
The current Tailspin Toys server topology is shown in the following table:
The Tailspin Toys environment has the following characteristics:
All servers are joined to the tailspintoys.com domain.
In the Default Domain Policy, the Retain old events Group Policy setting is enabled.
An Active Directory security group named "Windows System Administrators" is used to control all files and folders on TT-PRINT01.
A Tailspin Toys administrator named Marx has been delegated rights to multiple Organizational Units (OUs) and object in the tailspintoys.com domain.
Tailspin Toys developers use Hyper-V Virtual Machines (VM's) for development. There are 10
development VM's named TT-DEV01 to TT-DEV20.
The current Wingtip Toys server topology is shown in the following table: All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
All domain zones must be stored as Active Directory-integrated zones.
Only DNS servers located in the Tailspin Toys main offices may communicate with the DNS servers at Wingtip Toys.
Only DNS servers located in the Wingtip Toys main offices may communicate with the DNS servers at Tailspin Toys
All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
All wingtiptoys.com resources must be resolved from the Tailspin toys offices.
Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met: Tailspin Toys IT security administrators must be able to create, modify and delete user objects in the wingtip.com domain.
Members of the Domain Admins Group in the tailspintoys.com domain must have full access to the wingtiptoys.com Active Directory environment.
A delegation policy must grant minimum access rights and simplify the process of delegating rights.
Minimum permissions must always be delegated to ensure that the least privilege is granted for a job task.
Members of the TAILSPINTOYS\Helpdesk group must be able to update drivers and add printer ports on TT-PRINT01.
Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print job on TT-PRINT01.
Tailspin Toys developers must be able to start, stop and apply snapshots to their development VM's.
IT Security
Server security must be automated to ensure that newly deployed servers automatically have the same security configurations as existing servers.
Auditing must be configured to ensure that the deletion of users objects and OUs is logged.
Microsoft Word and Microsoft Excel files must be automatically encrypted when uploaded to the
Confidential documents library on the Tailspin Toys Microsoft SharePoint site.
Multi factor authentication must control access to Tailspin Toys domain controllers.
All file and folder auditing must capture the reason for access.
All folder auditing must capture all delete actions for all existing folders and newly created folders.
New events must be written to the Security event log in the tailspintoys.com domain and retained
indefinitely.
Drive X:\ on the TT-FILE01 must be encrypted by using Windows BitLocker Drive Encryption and must be automatically unlock.
Hot Area:
정답:
Explanation/Reference:
Your network consists of a single Active Directory domain. Users access and share documents by using a DFS namespace. You need to recommend a solution to manage user access to documents.
The solution must meet the following requirements:
Allow for document versioning.
Allow for online collaboration.
What should you recommend?
The solution must meet the following requirements:
Allow for document versioning.
Allow for online collaboration.
What should you recommend?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
Testlet: Tailspin Toys
Explanation
Explanation/Reference:
You need to recommend a solution that meets the following requirements:
Log access to all shared folders on TT-FILE02.
Minimize administrative effort.
Ensure that further administrative action is not required when new shared folders are added to TTFILE02.
Which actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. (Use only actions that apply.)
CASE SCENARIO General Background
You are the Windows Server Administrator for Tailspin Toys. Tailspin Toys has a main office and a manufacturing office.
Tailspin Toys recently acquired Wingtip Toys and is in the beginning stages of Merging the IT environments. Wingtip Toys has a main office and a sales office.
Technical Background
The companies use the network subnets indicated in the following table:
The Tailspin Toys network and the Wingtip Toys are connected by a point-to-point dedicated 45 Mbps circuit that terminates in the main offices.
The current Tailspin Toys server topology is shown in the following table:
The Tailspin Toys environment has the following characteristics:
All servers are joined to the tailspintoys.com domain.
In the Default Domain Policy, the Retain old events Group Policy setting is enabled.
An Active Directory security group named "Windows System Administrators" is used to control all files and folders on TT-PRINT01.
A Tailspin Toys administrator named Marx has been delegated rights to multiple Organizational Units (OUs) and object in the tailspintoys.com domain.
Tailspin Toys developers use Hyper-V Virtual Machines (VM's) for development. There are 10
development VM's named TT-DEV01 to TT-DEV20.
The current Wingtip Toys server topology is shown in the following table: All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
All domain zones must be stored as Active Directory-integrated zones.
Only DNS servers located in the Tailspin Toys main offices may communicate with the DNS servers at Wingtip Toys.
Only DNS servers located in the Wingtip Toys main offices may communicate with the DNS servers at Tailspin Toys
All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
All wingtiptoys.com resources must be resolved from the Tailspin toys offices.
Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met: Tailspin Toys IT security administrators must be able to create, modify and delete user objects in the wingtip.com domain.
Members of the Domain Admins Group in the tailspintoys.com domain must have full access to the wingtiptoys.com Active Directory environment.
A delegation policy must grant minimum access rights and simplify the process of delegating rights.
Minimum permissions must always be delegated to ensure that the least privilege is granted for a job task.
Members of the TAILSPINTOYS\Helpdesk group must be able to update drivers and add printer ports on TT-PRINT01.
Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print job on TT-PRINT01.
Tailspin Toys developers must be able to start, stop and apply snapshots to their development VM's.
IT Security
Server security must be automated to ensure that newly deployed servers automatically have the same security configurations as existing servers.
Auditing must be configured to ensure that the deletion of users objects and OUs is logged.
Microsoft Word and Microsoft Excel files must be automatically encrypted when uploaded to the
Confidential documents library on the Tailspin Toys Microsoft SharePoint site.
Multi factor authentication must control access to Tailspin Toys domain controllers.
All file and folder auditing must capture the reason for access.
All folder auditing must capture all delete actions for all existing folders and newly created folders.
New events must be written to the Security event log in the tailspintoys.com domain and retained
indefinitely.
Drive X:\ on the TT-FILE01 must be encrypted by using Windows BitLocker Drive Encryption and must be automatically unlock.
Select and Place:
Explanation
Explanation/Reference:
You need to recommend a solution that meets the following requirements:
Log access to all shared folders on TT-FILE02.
Minimize administrative effort.
Ensure that further administrative action is not required when new shared folders are added to TTFILE02.
Which actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. (Use only actions that apply.)
CASE SCENARIO General Background
You are the Windows Server Administrator for Tailspin Toys. Tailspin Toys has a main office and a manufacturing office.
Tailspin Toys recently acquired Wingtip Toys and is in the beginning stages of Merging the IT environments. Wingtip Toys has a main office and a sales office.
Technical Background
The companies use the network subnets indicated in the following table:
The Tailspin Toys network and the Wingtip Toys are connected by a point-to-point dedicated 45 Mbps circuit that terminates in the main offices.
The current Tailspin Toys server topology is shown in the following table:
The Tailspin Toys environment has the following characteristics:
All servers are joined to the tailspintoys.com domain.
In the Default Domain Policy, the Retain old events Group Policy setting is enabled.
An Active Directory security group named "Windows System Administrators" is used to control all files and folders on TT-PRINT01.
A Tailspin Toys administrator named Marx has been delegated rights to multiple Organizational Units (OUs) and object in the tailspintoys.com domain.
Tailspin Toys developers use Hyper-V Virtual Machines (VM's) for development. There are 10
development VM's named TT-DEV01 to TT-DEV20.
The current Wingtip Toys server topology is shown in the following table: All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
All domain zones must be stored as Active Directory-integrated zones.
Only DNS servers located in the Tailspin Toys main offices may communicate with the DNS servers at Wingtip Toys.
Only DNS servers located in the Wingtip Toys main offices may communicate with the DNS servers at Tailspin Toys
All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
All wingtiptoys.com resources must be resolved from the Tailspin toys offices.
Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met: Tailspin Toys IT security administrators must be able to create, modify and delete user objects in the wingtip.com domain.
Members of the Domain Admins Group in the tailspintoys.com domain must have full access to the wingtiptoys.com Active Directory environment.
A delegation policy must grant minimum access rights and simplify the process of delegating rights.
Minimum permissions must always be delegated to ensure that the least privilege is granted for a job task.
Members of the TAILSPINTOYS\Helpdesk group must be able to update drivers and add printer ports on TT-PRINT01.
Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print job on TT-PRINT01.
Tailspin Toys developers must be able to start, stop and apply snapshots to their development VM's.
IT Security
Server security must be automated to ensure that newly deployed servers automatically have the same security configurations as existing servers.
Auditing must be configured to ensure that the deletion of users objects and OUs is logged.
Microsoft Word and Microsoft Excel files must be automatically encrypted when uploaded to the
Confidential documents library on the Tailspin Toys Microsoft SharePoint site.
Multi factor authentication must control access to Tailspin Toys domain controllers.
All file and folder auditing must capture the reason for access.
All folder auditing must capture all delete actions for all existing folders and newly created folders.
New events must be written to the Security event log in the tailspintoys.com domain and retained
indefinitely.
Drive X:\ on the TT-FILE01 must be encrypted by using Windows BitLocker Drive Encryption and must be automatically unlock.
Select and Place:
정답:
Testlet: Lucerne Publishing
You are planning to upgrade the operating systems of the client computers in the finance department. You need to recommend a solution for App1 that meets the company's technical requirements.
What should you include in the recommendation?
Case Study Title (Case Study): COMPANY OVERVIEW Overview
Lucerne Publishing is a large publishing company that produces both traditional books and e- books.
Physical Location
The company has a main office and a branch office. The main office is located in New York. The branch office is located in San Francisco. The main office has a satellite office located in Boston. The company has 7,500 users.
EXISTING ENVIRONMENT Active Directory Environment
The network contains an Active Directory forest. The forest contains a single domain named lucernepublishing.com.
Network Infrastructure
Client computers in the New York office and the San Francisco office run either Windows Vista or Windows XP. All client computers in the Boston office run Windows 7.
The company has a finance department. All of the client computers in the finance department run Windows XP. The finance department uses an application named App1. App1 only runs on Windows XP.
The relevant servers in the New York office are configured as shown in the following table.
The servers have the following configurations:
Remote Desktop is enabled on all servers.
The passwords for all service accounts are set to never expire.
Server1 stores roaming user profiles for users in the Boston office.
SQL1 and SQL2 are deployed in a two-node failover cluster named Cluster1.
All servers have Pre-Boot Execution Environment (PXE)-compliant network adapters.
The servers in the San Francisco office contain neither a recovery partition nor optical media drives.
DFS1 and DFS2 are members of the same DFS Replication group. The DFS namespace is configured
to use Windows 2000 Server mode. The Boston office has no servers. The Boston office connects to the New York office by using a dedicated hardware VPN device.
The finance department publishes monthly forecast reports that are stored in DFS.
REQUIREMENTS Business Goals
Lucerne Publishing must minimize administrative costs, hardware costs, software costs, and development costs, whenever possible.
Planned Changes
All client computers will be upgraded to Windows 7.
A VPN server will be deployed in the main office. All VPN clients must have the latest Windows updates before they can access the internal network.
You plan to deploy a server that has the Remote Desktop Gateway (RD Gateway) role service installed.
Technical Requirements
Lucerne Publishing must meet the following technical requirements:
Upgrade all client computers to Windows 7.
Minimize Group Policy-related replication traffic.
Ensure that App1 can be used from client computers that run Windows 7.
Ensure that users can use App1 when they are disconnected from the network.
Ensure that you can perform a bare metal recovery of the servers in the San Francisco office.
Minimize the amount of time it takes users in the Boston office to log on to their client computers.
Ensure that domain administrators can connect remotely to all computers in the domain through RD Gateway.
Ensure that file server administrators can access DFS servers and file servers through the RD Gateway.
Prevent file server administrators from accessing other servers through the RD Gateway.
Security Requirements
Lucerne Publishing must meet the following security requirements:
USB storage devices must not be used on any servers.
The passwords for all user accounts must be changed every 60 days.
Users must only be able to modify the financial forecast reports on DFS1. DFS2 must contain a read-only copy of the financial forecast reports.
All operating system drives on client computers that run Windows 7 must be encrypted.
Only approved USB storage devices must be used on client computers that run Windows 7.
You are planning to upgrade the operating systems of the client computers in the finance department. You need to recommend a solution for App1 that meets the company's technical requirements.
What should you include in the recommendation?
Case Study Title (Case Study): COMPANY OVERVIEW Overview
Lucerne Publishing is a large publishing company that produces both traditional books and e- books.
Physical Location
The company has a main office and a branch office. The main office is located in New York. The branch office is located in San Francisco. The main office has a satellite office located in Boston. The company has 7,500 users.
EXISTING ENVIRONMENT Active Directory Environment
The network contains an Active Directory forest. The forest contains a single domain named lucernepublishing.com.
Network Infrastructure
Client computers in the New York office and the San Francisco office run either Windows Vista or Windows XP. All client computers in the Boston office run Windows 7.
The company has a finance department. All of the client computers in the finance department run Windows XP. The finance department uses an application named App1. App1 only runs on Windows XP.
The relevant servers in the New York office are configured as shown in the following table.
The servers have the following configurations:
Remote Desktop is enabled on all servers.
The passwords for all service accounts are set to never expire.
Server1 stores roaming user profiles for users in the Boston office.
SQL1 and SQL2 are deployed in a two-node failover cluster named Cluster1.
All servers have Pre-Boot Execution Environment (PXE)-compliant network adapters.
The servers in the San Francisco office contain neither a recovery partition nor optical media drives.
DFS1 and DFS2 are members of the same DFS Replication group. The DFS namespace is configured
to use Windows 2000 Server mode. The Boston office has no servers. The Boston office connects to the New York office by using a dedicated hardware VPN device.
The finance department publishes monthly forecast reports that are stored in DFS.
REQUIREMENTS Business Goals
Lucerne Publishing must minimize administrative costs, hardware costs, software costs, and development costs, whenever possible.
Planned Changes
All client computers will be upgraded to Windows 7.
A VPN server will be deployed in the main office. All VPN clients must have the latest Windows updates before they can access the internal network.
You plan to deploy a server that has the Remote Desktop Gateway (RD Gateway) role service installed.
Technical Requirements
Lucerne Publishing must meet the following technical requirements:
Upgrade all client computers to Windows 7.
Minimize Group Policy-related replication traffic.
Ensure that App1 can be used from client computers that run Windows 7.
Ensure that users can use App1 when they are disconnected from the network.
Ensure that you can perform a bare metal recovery of the servers in the San Francisco office.
Minimize the amount of time it takes users in the Boston office to log on to their client computers.
Ensure that domain administrators can connect remotely to all computers in the domain through RD Gateway.
Ensure that file server administrators can access DFS servers and file servers through the RD Gateway.
Prevent file server administrators from accessing other servers through the RD Gateway.
Security Requirements
Lucerne Publishing must meet the following security requirements:
USB storage devices must not be used on any servers.
The passwords for all user accounts must be changed every 60 days.
Users must only be able to modify the financial forecast reports on DFS1. DFS2 must contain a read-only copy of the financial forecast reports.
All operating system drives on client computers that run Windows 7 must be encrypted.
Only approved USB storage devices must be used on client computers that run Windows 7.
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
Testlet: Northwind Traders
You need to recommend a backup strategy for Hyper-V.
What should you recommend?
Case Study Title (Case Study): COMPANY OVERVIEW
Northwind Traders is an import/export company that has a main office and two branch offices. The main office is located in Toronto. The branch offices are located in Vancouver and Seattle. The main office has 2,000 users. Each branch office has 500 users.
EXISTING ENVIRONMENT
All client computers run Windows 7 Enterprise. All servers run Windows Server 2008 R2. All new servers are deployed by using Windows Deployment Services (WDS).
Northwind Traders has multiple Hyper-V servers. The Hyper-V servers are managed by using Microsoft System Center Virtual Machine Manager (VMM).
The perimeter network contains a standalone server. The server has the Active Directory Lightweight Directory Service (AD LDS) service role installed. AD LDS is administered on the server by using the Active Directory module for Windows PowerShell.
All virtual machines (VMs) access iSCSI-based storage by using a Microsoft iSCSI Initiator installed on the VM.
Existing Active Directory/Directory Services
The network contains a single Active Directory forest named northwindtraders.com.
The forest contains five Remote Desktop servers. All Remote Desktop servers are in an organizational unit (OU) named RD Servers.
TECHNICAL REQUIREMENTS
Northwind Traders must meet the following technical requirements:
Minimize server downtime.
Ensure that you can recover all of the data hosted on the VMs.
Ensure that you can perform bare metal restores of the Hyper-V servers.
Minimize the number of times a server restarts when it is deployed.
Monitor the CPU utilization, memory utilization, and disk utilization of all the servers to analyze
performance trends.
Ensure that a specific set of Group Policy settings are applied to users who use Remote Desktop to connect to the Remote Desktop servers. The settings must differ from those applied when the users log on locally to their own computers.
Copy a custom Microsoft Office Word dictionary to the computers in the legal department. Update the custom dictionary on a regular basis. Copy the updated version of the dictionary as soon as possible to the legal department computers.
You need to recommend a backup strategy for Hyper-V.
What should you recommend?
Case Study Title (Case Study): COMPANY OVERVIEW
Northwind Traders is an import/export company that has a main office and two branch offices. The main office is located in Toronto. The branch offices are located in Vancouver and Seattle. The main office has 2,000 users. Each branch office has 500 users.
EXISTING ENVIRONMENT
All client computers run Windows 7 Enterprise. All servers run Windows Server 2008 R2. All new servers are deployed by using Windows Deployment Services (WDS).
Northwind Traders has multiple Hyper-V servers. The Hyper-V servers are managed by using Microsoft System Center Virtual Machine Manager (VMM).
The perimeter network contains a standalone server. The server has the Active Directory Lightweight Directory Service (AD LDS) service role installed. AD LDS is administered on the server by using the Active Directory module for Windows PowerShell.
All virtual machines (VMs) access iSCSI-based storage by using a Microsoft iSCSI Initiator installed on the VM.
Existing Active Directory/Directory Services
The network contains a single Active Directory forest named northwindtraders.com.
The forest contains five Remote Desktop servers. All Remote Desktop servers are in an organizational unit (OU) named RD Servers.
TECHNICAL REQUIREMENTS
Northwind Traders must meet the following technical requirements:
Minimize server downtime.
Ensure that you can recover all of the data hosted on the VMs.
Ensure that you can perform bare metal restores of the Hyper-V servers.
Minimize the number of times a server restarts when it is deployed.
Monitor the CPU utilization, memory utilization, and disk utilization of all the servers to analyze
performance trends.
Ensure that a specific set of Group Policy settings are applied to users who use Remote Desktop to connect to the Remote Desktop servers. The settings must differ from those applied when the users log on locally to their own computers.
Copy a custom Microsoft Office Word dictionary to the computers in the legal department. Update the custom dictionary on a regular basis. Copy the updated version of the dictionary as soon as possible to the legal department computers.
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
Testlet: A, Datum
You need to recommend an availability solution for Site1 that meets the company's application requirements and business goals.
What should you include in the recommendation?
Case Study Title (Case Study): COMPANY OVERVIEW
A, Datum Corporation is a manufacturing company that has a main office and two branch offices. The main office is located in Denver. The branch offices are located in New York and Montreal. The main office has 10,000 users. Each branch office has approximately 200 users.
PLANNED CHANGES
A, Datum plans to deploy a new intranet site named Site1 in the main office. Two servers that run a Server Core installation of Windows Server 2008 R2 are requisitioned for the deployment of Site1.
You plan to deploy a domain controller in each office.
You have a new server named Backup1. All servers will be backed up remotely by using Windows Server
Backup on Backup1.
BUSINESS GOALS
A Datum has the following business goals:
Changes to the environment must minimize costs.
Changes to the environment must optimize the use of new hardware.
The costs to manage the network infrastructure and the servers must be minimized.
EXISTING ENVIRONMENT
All servers run Windows Server 2008 R2. All client computers run Windows 7 Enterprise.
The network contains a Web server named Web1. Web1 is located in the perimeter network and is accessible from the internal network and the Internet. Web1 runs a Server Core installation of Windows Server 2008 R2 Standard.
Existing Active Directory/Directory Services
The network contains a single Active Directory domain named adatum.com.
The main office has two domain controllers.
Existing Network Infrastructure
Each office has a file server.
The main office connects to each branch office by using a WAN link. Users in the branch offices frequently access the file server in the main office.
Current Administration Model
All domain administrators work in the main office and remotely manage the servers by using their Windows 7 computers.
A group named BranchAdmins has the rights to manage all of the client computers in the branch offices.
You have several ADMX files that contain custom application settings.
REQUIREMENTS Security Requirements
The BranchAdmins group members must be able to install updates and drivers on the domain
controllers in the branch offices.
Passwords must not be stored by using reversible encryption.
All authentication traffic on the network must be encrypted.
Application Requirements
A new application named WebApp2 must be deployed on Web1. The WebApp2 deployment must meet the following requirements:
Users must be authenticated to access WebApp2.
WebApp2 must support Web browsers from various vendors.
WebApp2 must be accessible to internal users and Internet users.
A failure of WebApp2 must not cause other Web applications to fail.
Internet users must be required to configure the minimum number of changes on their client computers
to access WebApp2. Site1 must be configured to meet the following requirements:
Site1 must support the most user connections possible.
Site1 must be backed up every day by a remote server,
If a single Web server fails, users must be able to access Site1.
If a single Web server fails, users must not receive an error message when they access Site1.
Technical Requirements
You must ensure that domain administrators can access the ADMX files from any client computer that they use to manage Group Policies.
You must ensure that the domain administrators are notified by e-mail each time a user copies video files to the file servers.
You need to recommend an availability solution for Site1 that meets the company's application requirements and business goals.
What should you include in the recommendation?
Case Study Title (Case Study): COMPANY OVERVIEW
A, Datum Corporation is a manufacturing company that has a main office and two branch offices. The main office is located in Denver. The branch offices are located in New York and Montreal. The main office has 10,000 users. Each branch office has approximately 200 users.
PLANNED CHANGES
A, Datum plans to deploy a new intranet site named Site1 in the main office. Two servers that run a Server Core installation of Windows Server 2008 R2 are requisitioned for the deployment of Site1.
You plan to deploy a domain controller in each office.
You have a new server named Backup1. All servers will be backed up remotely by using Windows Server
Backup on Backup1.
BUSINESS GOALS
A Datum has the following business goals:
Changes to the environment must minimize costs.
Changes to the environment must optimize the use of new hardware.
The costs to manage the network infrastructure and the servers must be minimized.
EXISTING ENVIRONMENT
All servers run Windows Server 2008 R2. All client computers run Windows 7 Enterprise.
The network contains a Web server named Web1. Web1 is located in the perimeter network and is accessible from the internal network and the Internet. Web1 runs a Server Core installation of Windows Server 2008 R2 Standard.
Existing Active Directory/Directory Services
The network contains a single Active Directory domain named adatum.com.
The main office has two domain controllers.
Existing Network Infrastructure
Each office has a file server.
The main office connects to each branch office by using a WAN link. Users in the branch offices frequently access the file server in the main office.
Current Administration Model
All domain administrators work in the main office and remotely manage the servers by using their Windows 7 computers.
A group named BranchAdmins has the rights to manage all of the client computers in the branch offices.
You have several ADMX files that contain custom application settings.
REQUIREMENTS Security Requirements
The BranchAdmins group members must be able to install updates and drivers on the domain
controllers in the branch offices.
Passwords must not be stored by using reversible encryption.
All authentication traffic on the network must be encrypted.
Application Requirements
A new application named WebApp2 must be deployed on Web1. The WebApp2 deployment must meet the following requirements:
Users must be authenticated to access WebApp2.
WebApp2 must support Web browsers from various vendors.
WebApp2 must be accessible to internal users and Internet users.
A failure of WebApp2 must not cause other Web applications to fail.
Internet users must be required to configure the minimum number of changes on their client computers
to access WebApp2. Site1 must be configured to meet the following requirements:
Site1 must support the most user connections possible.
Site1 must be backed up every day by a remote server,
If a single Web server fails, users must be able to access Site1.
If a single Web server fails, users must not receive an error message when they access Site1.
Technical Requirements
You must ensure that domain administrators can access the ADMX files from any client computer that they use to manage Group Policies.
You must ensure that the domain administrators are notified by e-mail each time a user copies video files to the file servers.
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
Testlet: Blue Yonder Airlines
You need to recommend a strategy for recovering objects deleted from Active Directory that supports the planned changes.
What should you include in the recommendation? (Each correct answer presents part of the solution. Choose two.)
Case Study Title (Case Study): COMPANY OVERVIEW
Blue Yonder Airlines has a main office and four branch offices. Each branch office has six satellite offices. The main office is located in Sydney. The branch offices are located in London, New York, Bangkok, and Istanbul. The main office has 1,000 users. Each branch office has 500 users. Each satellite office has 50 to 100 users.
PLANNED CHANGES
Each satellite office will have a single server deployed. The servers will have the following server roles installed:
File server
Print server
Read-only Domain Controller (RODC) Each satellite office will have a local support technician who performs the following tasks:
Manages printers.
Manages server backups.
Manages updates on the server.
Each support technician will only be permitted to manage the server located in his office.
You plan to implement a backup and recovery solution to restore deleted Active Directory objects. The solution must ensure that the attributes of the deleted objects are restored to the same state they were in before they were deleted.
You plan to deploy a custom sales application named App2 to the portable computers of all company sales consultants. The setup program of App2 requires local administrative privileges. App2 will be updated monthly.
BUSINESS GOALS
Blue Yonder Airlines has the following business goals:
Minimize server downtime.
Minimize administrative effort.
Minimize interruptions to users caused by WAN link failures.
EXISTING ENVIRONMENT
The network contains servers that run either Windows Server 2008 R2 or Windows Server 2008. All client computers were recently replaced with new computers that run Windows 7 Enterprise.
Users do not have local administrator rights on the client computers.
Existing Active Directory/Directory Services
The network contains a single Active Directory domain named blueyonderairlines.com. The functional level of the domain is Windows Server 2008. All domain controllers run Windows Server 2008.
Existing Network Infrastructure
All offices have wired and wireless networks.
The main office has a file server that stores large graphics files. The files are used by all of the users in all of the offices.
A Group Policy is used to assign an application named App1 to all of the users in the domain.
The branch offices contain public computers on which temporary employees can browse the Internet and view electronic brochures. When the employees log on to the public computers, they must all receive the same user settings.
App1 must not be installed on the public computers. The computer accounts for all of the public computers are in an organizational unit (OU) name Public.
REQUIREMENTS Security Requirements
All computers in the domain must have a domain-level security Group Policy object (GPO) applied.
You plan to implement Network Access Protection (NAP) by using switches and wireless access points (WAPs) as NAP enforcement points.
The public computers must meet the following security requirements:
Only authorized applications must be run.
Automatic updates must be enabled and applied automatically.
Users must be denied access to the local hard disk drives and the network shares from the public computers.
Technical Requirements
The file server in each branch office is configured as shown in the following table.
Each user is allocated 1 GB of storage on the Users share in their local office.
Each user must be prevented from storing files larger than 500 MB on the Data share in their local office.
Blue Yonder Airlines must meet the following requirements for managing App2:
Sales consultants must use the latest version of the application.
When a new version of App2 is installed, the previous version must be uninstalled. Sales consultants must be able to run App2 when they are disconnected from the network.
You need to recommend a strategy for recovering objects deleted from Active Directory that supports the planned changes.
What should you include in the recommendation? (Each correct answer presents part of the solution. Choose two.)
Case Study Title (Case Study): COMPANY OVERVIEW
Blue Yonder Airlines has a main office and four branch offices. Each branch office has six satellite offices. The main office is located in Sydney. The branch offices are located in London, New York, Bangkok, and Istanbul. The main office has 1,000 users. Each branch office has 500 users. Each satellite office has 50 to 100 users.
PLANNED CHANGES
Each satellite office will have a single server deployed. The servers will have the following server roles installed:
File server
Print server
Read-only Domain Controller (RODC) Each satellite office will have a local support technician who performs the following tasks:
Manages printers.
Manages server backups.
Manages updates on the server.
Each support technician will only be permitted to manage the server located in his office.
You plan to implement a backup and recovery solution to restore deleted Active Directory objects. The solution must ensure that the attributes of the deleted objects are restored to the same state they were in before they were deleted.
You plan to deploy a custom sales application named App2 to the portable computers of all company sales consultants. The setup program of App2 requires local administrative privileges. App2 will be updated monthly.
BUSINESS GOALS
Blue Yonder Airlines has the following business goals:
Minimize server downtime.
Minimize administrative effort.
Minimize interruptions to users caused by WAN link failures.
EXISTING ENVIRONMENT
The network contains servers that run either Windows Server 2008 R2 or Windows Server 2008. All client computers were recently replaced with new computers that run Windows 7 Enterprise.
Users do not have local administrator rights on the client computers.
Existing Active Directory/Directory Services
The network contains a single Active Directory domain named blueyonderairlines.com. The functional level of the domain is Windows Server 2008. All domain controllers run Windows Server 2008.
Existing Network Infrastructure
All offices have wired and wireless networks.
The main office has a file server that stores large graphics files. The files are used by all of the users in all of the offices.
A Group Policy is used to assign an application named App1 to all of the users in the domain.
The branch offices contain public computers on which temporary employees can browse the Internet and view electronic brochures. When the employees log on to the public computers, they must all receive the same user settings.
App1 must not be installed on the public computers. The computer accounts for all of the public computers are in an organizational unit (OU) name Public.
REQUIREMENTS Security Requirements
All computers in the domain must have a domain-level security Group Policy object (GPO) applied.
You plan to implement Network Access Protection (NAP) by using switches and wireless access points (WAPs) as NAP enforcement points.
The public computers must meet the following security requirements:
Only authorized applications must be run.
Automatic updates must be enabled and applied automatically.
Users must be denied access to the local hard disk drives and the network shares from the public computers.
Technical Requirements
The file server in each branch office is configured as shown in the following table.
Each user is allocated 1 GB of storage on the Users share in their local office.
Each user must be prevented from storing files larger than 500 MB on the Data share in their local office.
Blue Yonder Airlines must meet the following requirements for managing App2:
Sales consultants must use the latest version of the application.
When a new version of App2 is installed, the previous version must be uninstalled. Sales consultants must be able to run App2 when they are disconnected from the network.
정답: A,D
설명: (DumpTOP 회원만 볼 수 있음)
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.
There are five Windows Server 2003 SP2 servers that have the Terminal Server component installed. A firewall server runs Microsoft Internet Security and Acceleration (ISA) Server 2006.
You plan to give remote users access to the Remote Desktop Services servers.
You need to create a remote access strategy for the Remote Desktop Services servers that meets the following requirements:
Restricts access to specific Remote Desktop Services servers.
Encrypts all connections to the Remote Desktop Services servers.
Minimizes the number of open ports on the firewall server. What should you do?
There are five Windows Server 2003 SP2 servers that have the Terminal Server component installed. A firewall server runs Microsoft Internet Security and Acceleration (ISA) Server 2006.
You plan to give remote users access to the Remote Desktop Services servers.
You need to create a remote access strategy for the Remote Desktop Services servers that meets the following requirements:
Restricts access to specific Remote Desktop Services servers.
Encrypts all connections to the Remote Desktop Services servers.
Minimizes the number of open ports on the firewall server. What should you do?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
Testlet: Humongous Insurance
You need to recommend a solution for managing GPOs. The solution must meet the company's technical requirements.
What should you include in the recommendation?
Testlet: Humongous Insurance (Case Study): COMPANY OVERVIEW
Humongous Insurance has a main office and 20 branch offices. The main office is located in New York. The branch offices are located throughout North America. The main office has 8,000 users. Each branch office has 2 to 250 users.
PLANNED CHANGES
Humongous Insurance plans to implement Windows BitLocker Drive Encryption (BitLocker) on all servers.
EXISTING ENVIRONMENT
The network contains servers that run either Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2. All client computers run either Windows 7 Enterprise or Windows Vista Enterprise.
BUSINESS GOALS
Humongous Insurance wants to minimize costs whenever possible.
EXISTING ACTIVE DIRECTORY/DIRECTORY SERVICES
The network contains a single Active Directory forest named humongousinsurance.com. The forest contains two child domains named north.humongousinsurance.com and south.humongousinsurance.com. The functional level of the forest is Windows Server 2008 R2.
EXISTING NETWORK INFRASTRUCTURE
Each child domain contains a Web server that has Internet Information Services (IIS) installed. The forest root domain contains three Web servers that have IIS installed. The Web servers in the forest root domain are configured in a Network Load Balancing (NLB) cluster. Currently, all of the Web servers use a single domain user account as a service account.
Windows Server Update Services (WSUS) is used for company-wide patch management. The WSUS servers do not store updates locally.
The network contains Remote Desktop servers that run Windows Server 2008 R2. Users in the sales department access a line-of-business Application by using Remote Desktop. Managers in the sales department use the Application to generate reports. Generating the reports is CPU intensive.
The sales managers report that when many users are connected to the servers, the reports take a long time
to process.
Humongous Insurance has the following standard server builds:
Class 1 - Dual x64 CPUs, 4-GB RAM, Windows Web Server 2008 R2
Class 2 - Dual x64 CPUs, 4-GB RAM, Windows Server 2008 R2 Standard
Class 3 - Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Standard
Class 4 - Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Enterprise
CURRENT ADMINISTRATION MODEL
Humongous Insurance currently uses the following technologies to manage the network:
Microsoft Desktop Optimization Pack
Microsoft Forefront EndPoint Protection
Microsoft System Center Operations Manager
Microsoft System Center Configuration Manager
TECHNICAL REQUIREMENTS
Humongous Insurance must meet the following technical requirements:
A certificate must be required to recover BitLocker-protected drives.
Newly implemented technologies must minimize the impact on LAN traffic.
Newly implemented technologies must minimize the storage requirements.
The management of disk volumes and shared folders must be performed remotely whenever possible.
Newly implemented technologies must minimize the amount of bandwidth used on Internet connections.
All patches and updates must be tested in a non-production environment before they are applied to production servers.
Multiple versions of a Group Policy object (GPO) must be maintained in a central archive to facilitate a roll back required.
The management of passwords and service principal names (SPNs) for all service accounts must be automated whenever possible.
You need to recommend a solution for managing GPOs. The solution must meet the company's technical requirements.
What should you include in the recommendation?
Testlet: Humongous Insurance (Case Study): COMPANY OVERVIEW
Humongous Insurance has a main office and 20 branch offices. The main office is located in New York. The branch offices are located throughout North America. The main office has 8,000 users. Each branch office has 2 to 250 users.
PLANNED CHANGES
Humongous Insurance plans to implement Windows BitLocker Drive Encryption (BitLocker) on all servers.
EXISTING ENVIRONMENT
The network contains servers that run either Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2. All client computers run either Windows 7 Enterprise or Windows Vista Enterprise.
BUSINESS GOALS
Humongous Insurance wants to minimize costs whenever possible.
EXISTING ACTIVE DIRECTORY/DIRECTORY SERVICES
The network contains a single Active Directory forest named humongousinsurance.com. The forest contains two child domains named north.humongousinsurance.com and south.humongousinsurance.com. The functional level of the forest is Windows Server 2008 R2.
EXISTING NETWORK INFRASTRUCTURE
Each child domain contains a Web server that has Internet Information Services (IIS) installed. The forest root domain contains three Web servers that have IIS installed. The Web servers in the forest root domain are configured in a Network Load Balancing (NLB) cluster. Currently, all of the Web servers use a single domain user account as a service account.
Windows Server Update Services (WSUS) is used for company-wide patch management. The WSUS servers do not store updates locally.
The network contains Remote Desktop servers that run Windows Server 2008 R2. Users in the sales department access a line-of-business Application by using Remote Desktop. Managers in the sales department use the Application to generate reports. Generating the reports is CPU intensive.
The sales managers report that when many users are connected to the servers, the reports take a long time
to process.
Humongous Insurance has the following standard server builds:
Class 1 - Dual x64 CPUs, 4-GB RAM, Windows Web Server 2008 R2
Class 2 - Dual x64 CPUs, 4-GB RAM, Windows Server 2008 R2 Standard
Class 3 - Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Standard
Class 4 - Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Enterprise
CURRENT ADMINISTRATION MODEL
Humongous Insurance currently uses the following technologies to manage the network:
Microsoft Desktop Optimization Pack
Microsoft Forefront EndPoint Protection
Microsoft System Center Operations Manager
Microsoft System Center Configuration Manager
TECHNICAL REQUIREMENTS
Humongous Insurance must meet the following technical requirements:
A certificate must be required to recover BitLocker-protected drives.
Newly implemented technologies must minimize the impact on LAN traffic.
Newly implemented technologies must minimize the storage requirements.
The management of disk volumes and shared folders must be performed remotely whenever possible.
Newly implemented technologies must minimize the amount of bandwidth used on Internet connections.
All patches and updates must be tested in a non-production environment before they are applied to production servers.
Multiple versions of a Group Policy object (GPO) must be maintained in a central archive to facilitate a roll back required.
The management of passwords and service principal names (SPNs) for all service accounts must be automated whenever possible.
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
Testlet: Humongous Insurance
You need to recommend a solution to decrease the amount of time it takes for the sales managers to generate reports.
What should you include in the recommendation?
Testlet: Humongous Insurance (Case Study): COMPANY OVERVIEW
Humongous Insurance has a main office and 20 branch offices. The main office is located in New York. The branch offices are located throughout North America. The main office has 8,000 users. Each branch office has 2 to 250 users.
PLANNED CHANGES
Humongous Insurance plans to implement Windows BitLocker Drive Encryption (BitLocker) on all servers.
EXISTING ENVIRONMENT
The network contains servers that run either Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2. All client computers run either Windows 7 Enterprise or Windows Vista Enterprise.
BUSINESS GOALS
Humongous Insurance wants to minimize costs whenever possible.
EXISTING ACTIVE DIRECTORY/DIRECTORY SERVICES
The network contains a single Active Directory forest named humongousinsurance.com. The forest contains two child domains named north.humongousinsurance.com and south.humongousinsurance.com. The functional level of the forest is Windows Server 2008 R2.
EXISTING NETWORK INFRASTRUCTURE
Each child domain contains a Web server that has Internet Information Services (IIS) installed. The forest root domain contains three Web servers that have IIS installed. The Web servers in the forest root domain are configured in a Network Load Balancing (NLB) cluster. Currently, all of the Web servers use a single domain user account as a service account.
Windows Server Update Services (WSUS) is used for company-wide patch management. The WSUS servers do not store updates locally.
The network contains Remote Desktop servers that run Windows Server 2008 R2. Users in the sales department access a line-of-business Application by using Remote Desktop. Managers in the sales department use the Application to generate reports. Generating the reports is CPU intensive.
The sales managers report that when many users are connected to the servers, the reports take a long time
to process.
Humongous Insurance has the following standard server builds:
Class 1 - Dual x64 CPUs, 4-GB RAM, Windows Web Server 2008 R2
Class 2 - Dual x64 CPUs, 4-GB RAM, Windows Server 2008 R2 Standard
Class 3 - Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Standard
Class 4 - Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Enterprise
CURRENT ADMINISTRATION MODEL
Humongous Insurance currently uses the following technologies to manage the network:
Microsoft Desktop Optimization Pack
Microsoft Forefront EndPoint Protection
Microsoft System Center Operations Manager
Microsoft System Center Configuration Manager
TECHNICAL REQUIREMENTS
Humongous Insurance must meet the following technical requirements:
A certificate must be required to recover BitLocker-protected drives.
Newly implemented technologies must minimize the impact on LAN traffic.
Newly implemented technologies must minimize the storage requirements.
The management of disk volumes and shared folders must be performed remotely whenever possible.
Newly implemented technologies must minimize the amount of bandwidth used on Internet connections.
All patches and updates must be tested in a non-production environment before they are applied to production servers.
Multiple versions of a Group Policy object (GPO) must be maintained in a central archive to facilitate a roll back required.
The management of passwords and service principal names (SPNs) for all service accounts must be automated whenever possible.
You need to recommend a solution to decrease the amount of time it takes for the sales managers to generate reports.
What should you include in the recommendation?
Testlet: Humongous Insurance (Case Study): COMPANY OVERVIEW
Humongous Insurance has a main office and 20 branch offices. The main office is located in New York. The branch offices are located throughout North America. The main office has 8,000 users. Each branch office has 2 to 250 users.
PLANNED CHANGES
Humongous Insurance plans to implement Windows BitLocker Drive Encryption (BitLocker) on all servers.
EXISTING ENVIRONMENT
The network contains servers that run either Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2. All client computers run either Windows 7 Enterprise or Windows Vista Enterprise.
BUSINESS GOALS
Humongous Insurance wants to minimize costs whenever possible.
EXISTING ACTIVE DIRECTORY/DIRECTORY SERVICES
The network contains a single Active Directory forest named humongousinsurance.com. The forest contains two child domains named north.humongousinsurance.com and south.humongousinsurance.com. The functional level of the forest is Windows Server 2008 R2.
EXISTING NETWORK INFRASTRUCTURE
Each child domain contains a Web server that has Internet Information Services (IIS) installed. The forest root domain contains three Web servers that have IIS installed. The Web servers in the forest root domain are configured in a Network Load Balancing (NLB) cluster. Currently, all of the Web servers use a single domain user account as a service account.
Windows Server Update Services (WSUS) is used for company-wide patch management. The WSUS servers do not store updates locally.
The network contains Remote Desktop servers that run Windows Server 2008 R2. Users in the sales department access a line-of-business Application by using Remote Desktop. Managers in the sales department use the Application to generate reports. Generating the reports is CPU intensive.
The sales managers report that when many users are connected to the servers, the reports take a long time
to process.
Humongous Insurance has the following standard server builds:
Class 1 - Dual x64 CPUs, 4-GB RAM, Windows Web Server 2008 R2
Class 2 - Dual x64 CPUs, 4-GB RAM, Windows Server 2008 R2 Standard
Class 3 - Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Standard
Class 4 - Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Enterprise
CURRENT ADMINISTRATION MODEL
Humongous Insurance currently uses the following technologies to manage the network:
Microsoft Desktop Optimization Pack
Microsoft Forefront EndPoint Protection
Microsoft System Center Operations Manager
Microsoft System Center Configuration Manager
TECHNICAL REQUIREMENTS
Humongous Insurance must meet the following technical requirements:
A certificate must be required to recover BitLocker-protected drives.
Newly implemented technologies must minimize the impact on LAN traffic.
Newly implemented technologies must minimize the storage requirements.
The management of disk volumes and shared folders must be performed remotely whenever possible.
Newly implemented technologies must minimize the amount of bandwidth used on Internet connections.
All patches and updates must be tested in a non-production environment before they are applied to production servers.
Multiple versions of a Group Policy object (GPO) must be maintained in a central archive to facilitate a roll back required.
The management of passwords and service principal names (SPNs) for all service accounts must be automated whenever possible.
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
Your company has recently implemented Windows Server Update Services (WSUS). All client computers run Windows 7 Enterprise Edition. Only some users have local administrative privileges.
You are designing a Group Policy object (GPO) to configure the client computers. The GPO must apply only the following settings:
Updates must be downloaded from the WSUS server.
Automatically download and install updates every Thursday at 12:00 P.M.
Configure WSUS client-side targeting through Group Policy.
Delay the installation of updates until 20 minutes after a client computer is started, if the client computer
was shut down at the specified installation time. You need to design the GPO to meet the requirements.
Which settings should you configure to meet the requirements?
To answer, select the appropriate settings in the answer area.
Hot Area:
You are designing a Group Policy object (GPO) to configure the client computers. The GPO must apply only the following settings:
Updates must be downloaded from the WSUS server.
Automatically download and install updates every Thursday at 12:00 P.M.
Configure WSUS client-side targeting through Group Policy.
Delay the installation of updates until 20 minutes after a client computer is started, if the client computer
was shut down at the specified installation time. You need to design the GPO to meet the requirements.
Which settings should you configure to meet the requirements?
To answer, select the appropriate settings in the answer area.
Hot Area:
정답:
Explanation/Reference:
WINDOWS UPDATE GROUP POLICY
Group Policy options for WSUS are set in the Windows Update Administrative Template. There are several settings meeting the current situation:
Specify intranet Microsoft Update service location: Specify a server on your network to function as an internal update service. Automatic Updates will search this service for updates that apply to the computers on your network.To use this setting, you must set two server name values: the server from which Automatic Updates detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server.
Configure Automatic Updates: Specify whether Automatic Updates is enabled on the computer. When you enable Automatic Updates, you can configure download and installation options:
Option 2 = Notify before updates are downloaded and notify again before updates are installed.
Option 3 = Default setting. Automatically download updates and notify when they are ready to be
installed.
Option 4 = Automatically download updates and install them on the specified schedule. If you select this option, you must specify a day and a time for Automatic Updates to search for, download, and install updates.
Option 5 = Allow local administrators to select the way in which Automatic Updates notifies and installs
updates. By using this option, the local administrator can schedule the update installation times. Local
administrators cannot disable Automatic Updates. Enable client-side targeting: Enable users of client computers to add themselves to precreated computer groups on a WSUS server. This option is valid only when Automatic Updates is redirected to a WSUS server. If the Specify intranet Microsoft update service location policy is not enabled, this policy has no effect.
Reschedule Automatic Updates scheduled installations: Specify the time that Automatic Updates waits after a system startup before it proceeds with a missed scheduled installation. This policy applies only when Automatic Updates is configured to perform scheduled update installations.
http://technet.microsoft.com/en-us/library/dd939933(v=ws.10).aspx