ExamWise For Designing a Microsoft Windows 2000 Directory Services Infrastructure Examination 70-219
Online practice exam provided by BeachFront Quizzer, Inc., Friendswood, Texas www.bfqonline.com
Author Jeffrey R. Shapiro Published by TotalRecall Publications, Inc. 1103 Middlecreek Friendswood, TX 77546 281-992-3131 NOTE: THIS IS BOOK IS GUARANTEED: See details at www.TotalRecallPress.com
TotalRecall Publications, Inc. This Book is sponsored by BeachFront Quizzer, Inc. Copyright
2003 by TotalRecall Publications, Inc. All rights reserved.
Printed in the
United States of America. Except as permitted under the United States Copyright Act of 1976, No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means electronic or mechanical or by photocopying, recording, or otherwise without the prior permission of the publisher. The views expressed in this book are solely those of the author, and do not represent the views of any other party or parties. Printed in United States of America Printed and bound by Data Duplicators of Houston Texas Printed and bound by Lightning Source, Inc. in the USA and UK ISBN: 1-59095-620-6 UPC Number 6-43977-03219-5 The sponsoring editor is Bruce Moran and the production supervisor is Corby R. Tate.
Worldwide eBook distribution by:
This publication is not sponsored by, endorsed by, or affiliated with Microsoft, Inc. The “Windows® 2000, MCSE™, MCSD™, MCSE+I™, MCT™” Microsoft logos are trademarks or registered trademarks of Microsoft, Inc. in the United States and certain other countries. All other trademarks are trademarks of their respective owners. Throughout this book, trademarked names are used. Rather than put a trademark symbol after every occurrence of a trademarked name, we used names in an editorial fashion only and to the benefit of the trademark owner. No intention of infringement on trademarks is intended. Disclaimer Notice: Judgments as to the suitability of the information herein for purchaser’s purposes are necessarily the purchaser’s responsibility. BeachFront Quizzer, Inc. and TotalRecall Publications, Inc. extends no warranties, makes no representations, and assumes no responsibility as to the accuracy or suitability of such information for application to the purchaser’s intended purposes or for consequences of its use.
This book is dedicated to the memory of all those who died in the United Air, American Airlines, World Trade Center and Pentagon terrorist attacks on September 11, 2001.
Jeffrey R. Shapiro
ExamWise™ For Designing a Microsoft® Windows® 2000 Directory Services Infrastructure Examination 70-219 BY Jeffrey R. Shapiro
About the Author Jeffrey Shapiro is a well known IT expert and author. He has written several books, which include the widely acclaimed Computer Telephony Strategies, by Hungry Minds, the Windows 2000 Server Bible by Hungry Minds, Inc. and SQL Server 2000: The Complete Reference, by Osborne/McGraw-Hill. Besides writing, Jeffrey has been involved in IT/IS for nearly 15 years; having worked in architecture, MIS, network administration and most recently as a chief technology officer. He is a regular speaker at technology conferences, such as Software Development, Computer Telephony, and Comment. You can reach him by e-mail at
[email protected].
About the Contributing Author Travis Kelly has worked in computer repair and helpdesk for over 7 years and is currently CIW Certifiable. His computer background is quite varied and he has an intense interest in the current and future state of technology. Travis is working towards his bachelor’s degree in Houston, TX.
About the Book Part of The Question Book Series, this new book fills the gap existing in study material available for candidates preparing to sit the Microsoft Certification Program 70-219, Designing a Microsoft Windows 2000 Directory Services Infrastructure. It covers the information associated with each exam topic in detail and includes information found in no other book. You will learn how to analyze the enterprise IT infrastructure, its management infrastructure, key management entities; present, future and expected technology situations; current network administration, change control and change management situations, etc. It will show you the steps to take to assess the impact of Active Directory on your enterprise and introduce you to Windows 2000 concepts, such as Forests and Trees. It will also provide direction on the collateral services that need to be provided to support the Active Directory infrastructure, such as domain controllers, catalog servers, Dynamic DNS servers, dynamic DHCP and so on. The book also introduces the concept of Organization Units, working with Group Policy Objects and various powerful change-control mechanisms that allow you to map Active Directory infrastructure to management model, administration and control of an enterprises.
About Online Testing www.bfqonline.com practice tests include SelfStudy sessions with instant feed back, simulative and adaptive testing with detailed explanations. Register at www.BFQPress.com or send an email Located in the back of the book is a 30-day voucher for online testing. NOTE: THIS BOOK IS GUARANTEED: See details at www.bfqpress.com
Table of Contents VII
Table of Contents About the Author ...................................................................................................IV About the Contributing Author...............................................................................IV About the Book.......................................................................................................V About Online Testing..............................................................................................V About 70-219 Certification ..................................................................................VIII Skills Being Measured ..........................................................................................IX
Case Study 1 Rocky Mountain School of Music.................................. 1 Case Study 2 W2K Network Consulting Service ............................... 29 Case Study 3 Excel Forwarder Corp................................................... 57 Case Study 4 Joe’s Canoe Company ................................................. 81 Case Study 5 ABC Toys..................................................................... 101 Case Study 6 MediAssociate............................................................. 121 Case Study 7 Kellok Accounting Service......................................... 143 Case Study 8 ProX Auditing Group .................................................. 165 Case Study 9 ExGovern ..................................................................... 187 Case Study 10 ProTax........................................................................ 203 Case Study 11 B2Bexpert .................................................................. 227 Case Study 12 SBP Associates......................................................... 241 Case Study 13 SamuraiPro Trading Company ................................ 255 Case Study 14 LaserPoint ................................................................. 269 Case Study 15 MyTeapots ................................................................. 283 Case Study 16 LoveSherpa ............................................................... 297 Case Study 17 ProSKI ........................................................................ 311 Case Study 18 SupremeX Military Consultant................................. 325 Money Back Book Guarantee............................................................. 339 Free Practice Exam Online ................................................................. 340
VIII About 70-219 Certification
About 70-219 Certification Exam 70-221:Designing a Microsoft Windows 2000 Directory Services Infrastructure http://www.microsoft.com/traincert/exams/70-219.asp Information you will find in their document will include the following.
Credit Toward Certification When you pass the Designing a Microsoft® Windows® 2000 Directory Services Infrastructure exam, you achieve Microsoft Certified Professional status. You also earn credit toward the following certifications: Core or elective credit toward Microsoft Certified Systems Engineer on Microsoft Windows 2000 certification
Audience Profile Candidates for this exam operate in medium to very large computing environments that use the Windows 2000 network operating system. They have a minimum of one year's experience designing network infrastructures in environments that have the following characteristics: • Supported users range from 200-26,000+ • Physical locations range from 5-150+ • Typical network services and applications include file and print, database, messaging, proxy server or firewall, dial-in server, desktop management, and Web hosting. • Connectivity needs include connecting individual offices and users at remote locations to the corporate network and connecting corporate networks to the Internet.
About 70-219 Certification IX
Skills Being Measured This certification exam measures your ability to analyze the business requirements and design a directory service architecture, including: • Unified directory services such as Active Directory™ and Windows NT® domains. • Connectivity between and within systems, system components, and applications. • Data replication such as directory replication and database replication. In addition, the test measures the skills required to analyze the business requirements for desktop management and design a solution for desktop management that meets business requirements. Before taking the exam, you should be proficient in the job skills listed below. A. Analyzing Business Requirements 1.
Analyze the existing and planned business models. • Analyze the company model and the geographical scope. Models include international, national, regional, branch, and subsidiary offices. • Analyze company processes. Processes include information flow, communication flow, service and product life cycles, and decisionmaking.
2.
Analyze the existing and planned organizational structures. Considerations include the management model; company organization; vendor, partner, and customer relationships; and acquisition plans.
3.
Analyze factors that influence company strategies. • Identify company priorities. • Identify the projected growth and growth strategy. • Identify relevant laws and regulations. • Identify the company's tolerance for risk. • Identify the total cost of operations.
4.
Analyze the structure of IT management. Considerations include the type of administration, such as centralized or decentralized; funding model; outsourcing; decision-making process; and change-management process.
X About 70-219 Certification B. Analyzing Technical Requirements 1.
Evaluate the company's existing and planned technical environment. • Analyze company size and the distribution of users and resources. • Assess the available connectivity between the geographic locations of work sites and remote sites. • Assess the net available bandwidth. • Analyze performance requirements. • Analyze data and system access patterns. • Analyze network roles and responsibilities. • Analyze security considerations.
2.
Analyze the impact of Active Directory on the existing and planned technical environment. Considerations include Microsoft Exchange 2000. • Assess existing systems and applications. • Identify existing and planned upgrades and rollouts. • Analyze the technical support structure. • Analyze existing and planned network and systems management.
3.
Analyze the business requirements for client computer management. • Analyze end-user work needs. • Identify technical support needs for end users. • Establish the required client computer environment.
C. Designing a Directory Service Architecture 1.
Define the scope of the Active Directory design.
2.
Design an Active Directory forest and domain structure. • Design a forest and schema structure. • Design a domain structure. • Analyze and optimize trust relationship requirements.
3.
Design an Active Directory naming strategy. • Plan the WINS NetBIOS name resolution strategy. • Design the namespace. • Plan the DNS strategy.
desktop
About 70-219 Certification XI 4.
Design and plan the structure of organizational units. Considerations include administrative control, existing domain structures, administrative policy, and geographic and company structure. • Develop an organizational unit delegation plan. • Plan Group Policy object management. • Develop a change in the configuration management plan for client computers.
5.
Plan for the coexistence of Active Directory and other directory services.
6.
Design a schema modification policy.
7.
Design an Active Directory implementation plan.
D. Designing Service Locations 1.
Design the placement of operations masters. Considerations include performance, fault tolerance, functionality, and manageability.
2.
Design the placement of global catalog servers. Considerations include performance, fault tolerance, functionality, and manageability.
3.
Design the placement of domain controllers. Considerations include performance, fault tolerance, functionality, and manageability.
4.
Design the placement of DNS, WINS, and DHCP servers. Considerations include performance, fault tolerance, functionality, manageability, and interoperability.
5.
Design an Active Directory site topology. • Design a replication strategy. • Define site boundaries.
Rocky Mountain School of Music 1
Case Study 1 Rocky Mountain School of Music You are a Network Consultant with specialized skills in designing Win2000 directory services. You are recently requested by the Rocky Mountain School of Music to design the Active Directory for the entire school.
School Mission The mission of the Rocky Mountain School of Music is to advance the art of music and its related disciplines. It seeks to educate students in the various fields of the profession and to promote an understanding of music. The School endeavors to preserve diverse repertories and cultural traditions while also creating opportunities for artistic, intellectual, and scholarly innovation in the realm of music. The School is dedicated to excellence in research, performance, composition, and teacher education, undertaken in a spirit of collaboration among its own constituents.
School Background The Rocky Mountain School of Music is consistently ranked among the strongest professional music schools in Canada. It attracts outstanding students and faculty in composition-theory, music education, musicology, and performance. The school is large enough to provide a wide variety of experience for students seeking degrees in music. At the same time, the atmosphere of a smaller school prevails with emphasis on individualized instruction in performance, comparatively small classes, and a faculty and staff that cares about its students. As a significant cultural resource, the School of Music serves the musical needs of the community, the region, the state, and the nation, and its influence is felt on an international level as well.
2 Case Study 1 One measure of an university's quality is the success of its graduates. Among the more than 10,000 alumni of the School of Music, five (5) are Pulitzer Prize winners in composition; members of major symphony orchestras, opera companies, jazz ensembles, and professional choral groups; and faculty members at many of the nation's most prestigious colleges and universities. Music education graduates direct some of the finest elementary and secondary music programs throughout Canada as well as in foreign countries. The school is proud of its record in assisting qualified graduates to assume leadership roles in the music profession through career counseling and professional advising.
Programs Offered The Rocky Mountain School of Music has 2-degree programs available: Bachelor of Music Specializations available in: • Applied Music • Composition-Theory • Music History • Open Studies
Bachelor of Music Education Specializations available in: • Choral Music • General Music • Instrumental Music
Rocky Mountain School of Music 3
Divisions The school currently has the following divisions: • Brass • Composition-Theory • Music Education • Musicology • String • Woodwind • Accompanying • Jazz • Organ • Percussion • Piano • Piano Pedagogy • Voice Divisions
Faculties The strength of the school lies in its distinguished and internationally known faculty, who are committed to teaching and at the same time maintain active performance schedules, contribute substantially to research in all areas of music. The school is justifiably proud of the excellent facilities, nationally recognized degree programs, and enjoyable campus life, but these are secondary considerations when compared to the quality education provided by the faculty for the students. The professional relationship between students and faculty is based upon mutual respect and a common interest in the quest for musical knowledge and artistry. There are nearly 100 full-time faculty members in music, which provides a student to faculty ratio of approximately 20 to 1. The wealth of experience the faculties bring to the classroom, studio, concert hall, or research facility, is supported by their continuous commitment to excellence.
4 Case Study 1
Buildings and Facilities Currently the school has the following buildings: • Rocky Band Building • Computer-Assisted Music Lab • Music Project Lab • Experimental Music Lab • Performing Arts Lab • Music Library Building • School of Piano Building • Jeff Memorial Hall
IT Infrastructure There are currently 2 IT staffs in the school. The existing network is purely DOS-based with Netware 3.1 as the network OS. No special feature has been implemented. The registration office currently runs a 386PC with dBase3+ as the school registration system. The staffs generally use the old Geoworks software for designing flyers and other publications. Due to the availability of funding last year, the school managed to install a 100BaseFX network across the campus. In terms of bandwidth, the school has more than enough bandwidth for use.
Levels of Skills in IT According to the IT Supervisor of the school, their students are very positive towards the use of IT in their learning process. Some students already use computers to do the music composition. Others use notebooks to take notes during lectures.
Rocky Mountain School of Music 5
Admin Structure The school has a Board of Directors for supervising the overall operations. The school president reports directly to the board. There are 2 vice presidents sharing the workload of administering the divisions of the school, as demonstrated in Figure 1.1.
Figure 1.1:
Organizational chart of the school and its Board of Directors.
6 Case Study 1
Risk Management In the past, the school was once in difficulties due to a problem in funding. There had been a situation where the salaries of the teachers were not distributed on time, leading to a strike and a delay in the class progresses. Although this situation is not likely to happen again, the management insists on carry out a risk management process. It has been suggested that Microsoft’s Risk Management process is the ideal methodology to use.
Future Vision The school plans to open a branch in Austin, Texas. The management is willing to pay for a high speed 128K dedicated connection between the main campus and the new location. This new location will mainly be used to teach Music History and Music Appreciation. The school will also open up a branch in London. This new location will use dial up modem to connect to the main office. This new location will mainly be a marketing office to promote the school’s “Student Exchange” program.
Questions 7 1. What type of business model does the school have? Describe: A. Hierarchical B. Flat C. Levels of Skills in IT. According to the IT Supervisor of the school, their students are very positive towards the use of IT in their learning process. Some students already uses computer to do the music composition. Others have uses notebooks to take notes during lectures. D. No model
2. As part of your initial work of analyzing the business model, you are looking at how many servers are in the sites of the school as well as what OS and applications are running. What kind of structure are you trying to analyze? A. Organizational B. Demographical C. Geographical D. IT
8 Case Study 1 1. What type of business model does the school have? Describe: *A. Hierarchical B. Flat C. Levels of Skills in IT. According to the IT Supervisor of the school, their students are very positive towards the use of IT in their learning process. Some students already uses computer to do the music composition. Others have uses notebooks to take notes during lectures. D. No model Explanation: This is a pyramidal command structure cascading from the top down to the base. Map to the Objective Analyzing existing Business Models
2. As part of your initial work of analyzing the business model, you are looking at how many servers are in the sites of the school as well as what OS and applications are running. What kind of structure are you trying to analyze? A. Organizational B. Demographical C. Geographical *D. IT Explanation: You are inspecting the IT infrastructure of the school. Map to the Objective Analyzing existing Business Models
Questions 9 3. The staffs in the school frequently have to rotate their duties and work in different divisions. You need to build the AD structure so that the directory can reflect the organization structure of the school and at the same time making administration as easy as possible. Which of the following will you prefer? A. Deploy OUs for the different divisions B. Deploy Active domains for each divisions C. Deploy Win2K for the different divisions D. Deploy Multiple Master domain for the different divisions
4. Which of the following activities are parts of the risk management process's risk identification phrase (Choose all that apply)? A. Identifying the source of risk B. Determining the risk condition C. Identifying the possible consequence D. Analyzing risk impact
10 Case Study 1 3. The staffs in the school frequently have to rotate their duties and work in different divisions. You need to build the AD structure so that the directory can reflect the organization structure of the school and at the same time making administration as easy as possible. Which of the following will you prefer? *A. Deploy OUs for the different divisions B. Deploy Active domains for each divisions C. Deploy Win2K for the different divisions D. Deploy Multiple Master domain for the different divisions Explanation: It is much easier for you to move user objects between OUs then to move user objects between domains. In this case OU is the ideal structure. Map to the Objective Analyzing existing Business Models
4. Which of the following activities are parts of the risk management process's risk identification phrase (Choose all that apply)? *A. Identifying the source of risk *B. Determining the risk condition *C. Identifying the possible consequence D. Analyzing risk impact Explanation: Analyzing risk impact is part of the Risk Analysis phrase. Map to the Objective Identifying Tolerance for Risk
Questions 11 5. Which of the following activities are parts of the risk management process's risk analysis phrase (Choose all that apply)? A. Identifying the source of risk B. Determining the risk condition C. Analyzing risk exposure D. Analyzing risk probability E. Analyzing risk impact
6. You are studying the previous case of the school regarding the incident that the teachers went on strike. You tried to learn from the case to determine that, if, the same thing happen again, what the impact will be towards your project schedule. What type of analysis is this? A. Risk Probability B. Risk Impact C. Risk Exposure D. Risk Projection E. Risk Management
12 Case Study 1 5. Which of the following activities are parts of the risk management process's risk analysis phrase (Choose all that apply)? A. Identifying the source of risk B. Determining the risk condition *C. Analyzing risk exposure *D. Analyzing risk probability *E. Analyzing risk impact Explanation: Identifying the source of risk, Determining the risk condition, and Analyzing risk exposure are parts of the Risk Identification phrase. Map to the Objective Identifying Tolerance for Risk
6. You are studying the previous case of the school regarding the incident that the teachers went on strike. You tried to learn from the case to determine that, if, the same thing happen again, what the impact will be towards your project schedule. What type of analysis is this? A. Risk Probability *B. Risk Impact C. Risk Exposure D. Risk Projection E. Risk Management Explanation: This is an evaluation of a consequence should it become real. Map to the Objective Identifying Tolerance for Risk
Questions 13 7. You are evaluating the risks involved in upgrading the school network to Win2K. You come up with a risk probability of 0%. What does this mean? A. There is no risk at all B. There is a high risk C. There is already an actual problem D. Not enough information to determine the risk level
8. You are to carry out a Risk Action Planning for the school. What are valid key areas to address (Choose all that apply)? A. Research B. Acceptance C. Management D. Avoidance
14 Case Study 1 7. You are evaluating the risks involved in upgrading the school network to Win2K. You come up with a risk probability of 0%. What does this mean? *A. There is no risk at all B. There is a high risk C. There is already an actual problem D. Not enough information to determine the risk level Explanation: When you have 100%, which means this is not even a risk.. the problem is already here. Map to the Objective Identifying Tolerance for Risk
8. You are to carry out a Risk Action Planning for the school. What are valid key areas to address (Choose all that apply)? *A. Research *B. Acceptance *C. Management *D. Avoidance Explanation: These are the 4 areas of Risk Action Planning that must be addressed according to MS. Map to the Objective Identifying Tolerance for Risk
Questions 15 9. You are to carry out a Risk Analysis for the school. How do you determine the school's risk exposure? A. Risk probability X Risk impact B. Risk probability X Risk ratio C. Risk Ratio X Risk impact D. Risk Consequence X Risk impact
10. You need to determine the baseline of upgrading the school network. Which of the following are valid metrics to use? A. Comparison with other schools B. US Accounting standard on the assets cost C. True cost of assets D. Industry appointed index E. Industry average
16 Case Study 1 9. You are to carry out a Risk Analysis for the school. How do you determine the school's risk exposure? *A. Risk probability X Risk impact B. Risk probability X Risk ratio C. Risk Ratio X Risk impact D. Risk Consequence X Risk impact Explanation: Risk exposure basically factors risk impact and risk probability together. Map to the Objective Identifying Tolerance for Risk
10. You need to determine the baseline of upgrading the school network. Which of the following are valid metrics to use? A. Comparison with other schools B. US Accounting standard on the assets cost C. True cost of assets D. Industry appointed index *E. Industry average Explanation: The cost of the school's assets should be compared to the industry average in order to compare the TCO figures. Map to the objective Identifying Cost of operations.
Questions 17 11. You need to determine the unbudgeted cost used for calculating the TCO. Which one is a valid unbudgeted cost? A. Hardware B. Software C. Downtime D. Training E. Management
12. You need to determine the budgeted cost used for calculating the TCO. What are the valid budgeted costs? A. Hardware B. User C. Downtime D. Management
18 Case Study 1 11. You need to determine the unbudgeted cost used for calculating the TCO. Which one is a valid unbudgeted cost? A. Hardware B. Software *C. Downtime D. Training E. Management Explanation: Downtime is an unbudgeted cost of lost productivity and lost revenue. Map to the objective Identifying Cost of operations.
12. You need to determine the budgeted cost used for calculating the TCO. What are the valid budgeted costs? *A. Hardware B. User C. Downtime *D. Management Explanation: Management cost includes management compensation and salary. Map to the objective Identifying Cost of operations.
Questions 19 13. Regarding the school's expansion plan into Texas, what additional element will you include in calculating the TCO related to the IT project of the school? A. Cost of dedicated line B. Cost of routers C. Cost of financing D. Additional cost of management time to supervise the new location
14. You are worrying that the help desk support cost can be sky high once everyone in the school is equipped with the latest software and application. Which of the following can be used to reduce the support cost (Choose all that apply)? A. Use a single OS throughout the school B. Use a single application throughout the school C. Restrict users from changing their desktops D. Disallow resource sharing in the network
20 Case Study 1 13. Regarding the school's expansion plan into Texas, what additional element will you include in calculating the TCO related to the IT project of the school? *A. Cost of dedicated line *B. Cost of routers C. Cost of financing D. Additional cost of management time to supervise the new location Explanation: Cost of financing and Additional cost of management time to supervise the new location have nothing to do with the IT project. They are more suitable to be associated with the overall operating cost of the school. Map to the objective Identifying Cost of operations.
14. You are worrying that the help desk support cost can be sky high once everyone in the school is equipped with the latest software and application. Which of the following can be used to reduce the support cost (Choose all that apply)? *A. Use a single OS throughout the school B. Use a single application throughout the school *C. Restrict users from changing their desktops D. Disallow resource sharing in the network Explanation: Use a single application throughout the school does not make sense, as it is not possible for the entire school to run only a single application. Disallow resource sharing in the network does not make sense as the primary function of a network is resource sharing. Map to the objective Identifying Cost of operations.
Questions 21 15. You need to plan for reducing the cost of software distribution in the school. At the same time you want to give the users flexibility to de-install some software. How should you do this? A. Push the applications B. Share the applications C. Publish the applications D. Mirror the applications
16. The management of the school confirms that the London office will be operational in 3 months time. They will ship a fully configured W2K server to that location, since there will be no IT staff in there at all. What is the legal concern in this case? A. Sales tax B. Transport tariff C. Encryption D. CPU Speed
22 Case Study 1 15. You need to plan for reducing the cost of software distribution in the school. At the same time you want to give the users flexibility to de-install some software. How should you do this? A. Push the applications B. Share the applications *C. Publish the applications D. Mirror the applications Explanation: A published application can be removed by using Control Panel -> Add/Remove Programs. Map to the objective Identifying Cost of operations.
16. The management of the school confirms that the London office will be operational in 3 months time. They will ship a fully configured W2K server to that location, since there will be no IT staff in there at all. What is the legal concern in this case? A. Sales tax B. Transport tariff *C. Encryption D. CPU Speed Explanation: 128 bit strong encryption can only be used in US and Canada. You must ensure that the W2K server being shipped is configured with the default standard encryption. Map to the objective Identifying Relevant Laws and Regulations
Questions 23 17. According to your knowledge, which of the following encryption standards can be used in the London office (Choose all that apply)? A. MPPE Standard B. MPPE Strong C. IPSec Des D. IPSec 3Des
18. According to your knowledge, which of the following encryption standards can be used in the school's US main campus (Choose all that apply)? A. MPPE Standard B. MPPE Strong C. IPSec Des D. IPSec 3Des
24 Case Study 1 17. According to your knowledge, which of the following encryption standards can be used in the London office (Choose all that apply)? *A. MPPE Standard B. MPPE Strong *C. IPSec Des D. IPSec 3Des Explanation: Both MPPE standard and IPSec Des 56bit can be exported. Map to the objective Identifying Relevant Laws and Regulations
18. According to your knowledge, which of the following encryption standards can be used in the school's US main campus (Choose all that apply)? *A. MPPE Standard *B. MPPE Strong *C. IPSec Des *D. IPSec 3Des Explanation: Both MPPE standard and IPSec Des 56bit can be exported. This does not mean that they cannot be used in the US . Map to the objective Identifying Relevant Laws and Regulations
Questions 25 19. You are asked to give advice on which browser to use in the London office. The school's web site will be redesigned to include new features like DHTML, JavaScript and ASP. You want to give them maximum performance, and at the same time to be sure that the browser they use will not consume too much of the computer resources, as the London office will only use Celeron 600mhz PCs together with 128M RAM as clients. Which browser will you suggest? A. IE 2.01 B. IE 3.0 C. IE 5 128bit D. IE 5 Standard
20. According to your knowledge, which of the following encryption standards can be used for maximum protection on the connection between the school's US main campus and it's potential Texas location (Choose all that apply)? A. MPPE Standard B. MPPE Strong C. IPSec Des D. IPSec 3Des
26 Case Study 1 19. You are asked to give advice on which browser to use in the London office. The school's web site will be redesigned to include new features like DHTML, JavaScript and ASP. You want to give them maximum performance, and at the same time to be sure that the browser they use will not consume too much of the computer resources, as the London office will only use Celeron 600mhz PCs together with 128M RAM as clients. Which browser will you suggest? A. IE 2.01 B. IE 3.0 C. IE 5 128bit *D. IE 5 Standard Explanation: To take full advantage of the new web site you need IE 5. However, IE 5 128bit does not mean 128 bit performance... it means 128bit encryption, which should not be used outside of the US and Canada! Map to the objective Identifying Relevant Laws and Regulations
20. According to your knowledge, which of the following encryption standards can be used for maximum protection on the connection between the school's US main campus and it's potential Texas location (Choose all that apply)? A. MPPE Standard *B. MPPE Strong C. IPSec Des *D. IPSec 3Des Explanation: MPPE Strong security uses 128 bit encryption. IPSec 3Des deploys 2 sets of 56 bit keys and is considered to be a very strong encryption standard as well. Map to the objective Identifying Relevant Laws and Regulations
Notes:
W2K Network Consulting Service 29
Case Study 2 W2K Network Consulting Service You are a Network Consultant with specialized skills in designing Windows 2000 directory services. You are recently requested by the Supreme Manufacturing Company to design the Active Directory for the entire enterprise as illustrated by the organization chart illustrated in Figure 2.1.
Organizational chart of Supreme Manufacturing.
30 Case Study 2
Company Background Supreme Manufacturing Company was established in the early 80s, with its root in Korea as a manufacturer of Photo Albums. Due to the strong predicted growth of its business in the coming years, it plans to develop at least 10 new types of albums in the foreseeable future.
Divisions Currently the production of each product category is under the supervision of its own divisional head. The logic behind this arrangement is that the production of each type of albums actually requires totally different types of expertise. The president directly oversees the operations of the different divisions. Since the president himself owns the company, there is no board of directors. However, there is a position called Managing Director which is at the top of the hierarchy. The law of Korea requires this. His wife took the position.
Product offerings Supreme’s main products are photo albums. Products offering include: Covered Ring Type Albums: Self adhesive sheet albums. P.V.C. slip in sheet albums Memo type paper sheet albums. Flip Up Type Albums: • • •
Single size cover albums. Double size cover albums. Library style albums.
W2K Network Consulting Service 31 Slip In Albums: • • •
Soft transparent P.V.C cover albums. Vinyl padded cover albums. Minimax type albums. Post Bound Type Albums:
• •
Self adhesive sheet albums. Slip in P.V.C sheet albums.
• •
Self adhesive sheet albums. Slip in P.V.C. sheet albums.
Binder Type Albums:
Memo Slip In Albums: • •
Glue binding type albums. Needlework binding albums. Book Bound Type Albums:
• •
Wood free paper sheet classic type albums. Self adhesive sheet albums. Wedding Albums:
• •
Hinge style joint albums Bolt screw type albums. (Post bound type).
Due to the strong predicted growth of its business in the coming years, it plans to develop at least 10 new types of albums in the foreseeable future. Supreme is manufacturing not only the finished goods, but also the separated parts of the photo albums, such as • Covers • Sheets • Labels Apart from manufacturing products under their own brand, they also accept special orders in term of O.E.M.
32 Case Study 2
Locations and Staffing Supreme has three locations, one being the head office and the others being the factories. The president is located in the head office, while the divisional heads are completely mobile – they have to travel around the factories. Head office Dokok-Dong, Gangnam-Gu, Seoul, Korea Number Of Staff: 10 Korea Branch - Factory Goori City Kyunggi-Do, Korea Number Of Staff: 600 China Branch - Factory Yangzhong, Jiangsu, China Number Of Staff: 300 US Branch – Sales Office Recently opened in San Francisco of California Number Of Staff: 30
IT Structure Currently only the head office has a LAN running NT 4.0. The domain model is a simple single domain model. They do not YET have dedicated connection to the factories. The factories are using Win95 as dial up clients to connect to the head office server running RAS. In the coming months 256K dedicated connection will be installed. Currently, within all locations there are already 100MBPS LANs running smoothly.
W2K Network Consulting Service 33 The president recognizes the importance of IT, and is planning to spend 30% of its last year revenue on the complete re-design of the IT infrastructure. Because of the growing importance of IT, the head office will house a new IT department. This department is further broken down into 4 smaller departments as illustrated in Figure 2.2:
Dividing up the IT department.
Questions 35 1. What type of business model does the Supreme have? A. Geographical B. Hierarchical C. Flat D. Tree
2. What type of structure does the IT department deploy? A. Geographical B. Hierarchical C. Flat D. Tree
36 Case Study 2 1. What type of business model does the Supreme have? A. Geographical *B. Hierarchical C. Flat D. Tree Explanation: This is a pyramidal command structure cascading from the top down to the base. Map to the Objective Analyzing existing Business Models
2. What type of structure does the IT department deploy? A. Geographical B. Hierarchical *C. Flat D. Tree Explanation: With this structure the smaller departments within IT can enjoy high degree of autonomy. Map to the Objective Analyzing Planned Business Model
Questions 37 3. As part of your initial work of analyzing the business model, you are looking at the physical locality of Supreme's branches. What kind of structure are you trying to analyze? A. Organizational B. Demographical C. Geographical D. IT
4. You need to build the AD structure so that the directory can reflect the organization structure of Supreme and at the same time making it possible for the local branches of Supreme to maintain their own password policies. Which of the following will you prefer? A. Deploy OUs for the different branches B. Deploy multi domains for the different branches C. Deploy Win2K for the different branches D. Deploy Multiple Master domain for the different branches
38 Case Study 2 3. As part of your initial work of analyzing the business model, you are looking at the physical locality of Supreme's branches. What kind of structure are you trying to analyze? A. Organizational B. Demographical *C. Geographical D. IT Explanation: You are inspecting how the company is spread out. Map to the Objective Analyzing existing Business Models
4. You need to build the AD structure so that the directory can reflect the organization structure of Supreme and at the same time making it possible for the local branches of Supreme to maintain their own password policies. Which of the following will you prefer? A. Deploy OUs for the different branches *B. Deploy multi domains for the different branches C. Deploy Win2K for the different branches D. Deploy Multiple Master domain for the different branches Explanation: Password policy is domain wide. If you want to implement different policies in different branches, you must have multiple different domains. Map to the Objective Analyzing existing Business Models
Questions 39 5. You are meeting with the president to discuss about the project. You want to set up a list of priority. Which of the following can be traded off against each other (Choose all that apply)? A. Budgets B. Staffs C. Project feature D. Schedule E. Business model
6. You are to carry out a Risk Analysis for Supreme, due to the political instability in Korea (this can potentially stop the entire business). You are using the following equation: Risk probability X Risk impact What are you trying to figure out? A. Risk exposure B. Risk consequence C. Risk measures D. Risk activities
40 Case Study 2 5. You are meeting with the president to discuss about the project. You want to set up a list of priority. Which of the following can be traded off against each other (Choose all that apply)? *A. Budgets *B. Staffs *C. Project feature *D. Schedule E. Business model Explanation: Although the deployment of AD may affect the business model, you are not supposed to even use the business model as an element for trade off. The business model is the core of your client's business. Map to the Objective Analyzing existing Business Models
6. You are to carry out a Risk Analysis for Supreme, due to the political instability in Korea (this can potentially stop the entire business). You are using the following equation: Risk probability X Risk impact What are you trying to figure out? *A. Risk exposure B. Risk consequence C. Risk measures D. Risk activities Explanation: Risk exposure basically factors risk impact and risk probability together. Map to the Objective Identifying Tolerance for Risk
Questions 41 7. You are evaluating the risks involved in upgrading Supreme's network to Win2K. You come up with a risk probability of 100%. What does this mean? A. There is no risk at all B. There is a high risk C. There is already an actual problem D. Not enough information to determine the risk level
8. You need to calculate the TCO of Supreme's project. You need to determine the cost type for the following: Un-official self support by the users Un-official peer support What is the valid cost type for the above activities? A. Hardware B. End User C. Downtime D. Management
42 Case Study 2 7. You are evaluating the risks involved in upgrading Supreme's network to Win2K. You come up with a risk probability of 100%. What does this mean? A. There is no risk at all B. There is a high risk *C. There is already an actual problem D. Not enough information to determine the risk level Explanation: When you have 100%, that means this is not even a risk.. the problem is already here. If you have 0%, that means it is safe to go ahead with the upgrade. Map to the Objective Identifying Tolerance for Risk
8. You need to calculate the TCO of Supreme's project. You need to determine the cost type for the following: Un-official self support by the users Un-official peer support What is the valid cost type for the above activities? A. Hardware *B. End User C. Downtime D. Management Explanation: End user cost also includes cost come from unnecessary desktop and workstation modification. Map to the objective Identifying Cost of operations.
Questions 43 9. According to your knowledge, which of the following encryption standards can be used in Supreme's head office (Choose all that apply)? A. MPPE Standard B. MPPE Strong C. IPSec Des D. IPSec 3Des
10. You want to install high speed WAN connectivity solutions to connect all the branches of Supreme. However, Supreme currently does not have staff with the needed skills. How would you go with the implementation? A. Train the staffs B. Hire some MCSEs for Supreme C. You do it for them D. Buy some ready made packaged WAN solutions E. Outsource
44 Case Study 2 9. According to your knowledge, which of the following encryption standards can be used in Supreme's head office (Choose all that apply)? *A. MPPE Standard B. MPPE Strong *C. IPSec Des D. IPSec 3Des Explanation: Note that the head office is in Korea. Both MPPE standard and IPSec Des 56bit can be exported. Map to the objective Identifying Relevant Laws and Regulations
10. You want to install high speed WAN connectivity solutions to connect all the branches of Supreme. However, Supreme currently does not have staff with the needed skills. How would you go with the implementation? A. Train the staffs B. Hire some MCSEs for Supreme C. You do it for them D. Buy some ready made packaged WAN solutions *E. Outsource Explanation: When the company does not have in house staff to do the installation, it is best to outsource it. This can keep the project on schedule. Map to the Objective Analyzing existing Business Models
Questions 45 11. You need to determine the placement of domain controllers for Supreme. All the locations of Supreme will be involved in the new network. All of them will be connected via 256K dedicated WAN links. For the best performance and reliability, which of the following placement will you choose? A. Have all the DCs in the headquarter B. Place one DC in the head office and one in China C. Place two DCs in the head office and one in China D. Place one DC in the head office, one in China and one in SF E. Place two DCs in every location
12. You need to determine the placement of domain controllers for Supreme. All the locations of Supreme will be involved in the new network. All of them will be connected via 256K dedicated WAN links. Due to budget limitation, you only have 4 servers to allocate. For the best performance and reliability, which of the following placement will you choose? A. Have all the DCs in the headquarter B. Place three DCs in the head office and one in China C. Place one DC in the head office, two in China and one in SF D. Place two DCs in every Korean location E. Place one DC in each location
46 Case Study 2 11. You need to determine the placement of domain controllers for Supreme. All the locations of Supreme will be involved in the new network. All of them will be connected via 256K dedicated WAN links. For the best performance and reliability, which of the following placement will you choose? A. Have all the DCs in the headquarter B. Place one DC in the head office and one in China C. Place two DCs in the head office and one in China D. Place one DC in the head office, one in China and one in SF *E. Place two DCs in every location Explanation: Each location should have DCs so that logon validation traffic can be localized. For redundancy you should have at least 2 DCs per location. Map to the objective Analyzing the company geographical scope.
12. You need to determine the placement of domain controllers for Supreme. All the locations of Supreme will be involved in the new network. All of them will be connected via 256K dedicated WAN links. Due to budget limitation, you only have 4 servers to allocate. For the best performance and reliability, which of the following placement will you choose? A. Have all the DCs in the headquarter B. Place three DCs in the head office and one in China C. Place one DC in the head office, two in China and one in SF D. Place two DCs in every Korean location *E. Place one DC in each location Explanation: Each location should have DCs so that logon validation traffic can be localized. Ideally, for redundancy you should have at least 2 DCs per location. Redundancy can still be provided via slow WAN links though. Map to the objective Analyzing the company geographical scope.
Questions 47 13. When designing a W2K network with AD for Supreme, which model is the easiest to start with and manage? A. Regional B. National C. International D. Global
14. Since the division heads need to travel around, they want to be able to save their files in their laptops. What technology can you deploy to make sure that information would not be disclosed should the laptops are stolen (Choose all that apply)? A. FAT64 B. FAT 32 C. NTFS D. DFS E. EFS
48 Case Study 2 13. When designing a W2K network with AD for Supreme, which model is the easiest to start with and manage? *A. Regional B. National C. International D. Global Explanation: Regional is the smallest unit, thus is the easiest to manage. Map to the objective Analyzing the company geographical scope.
14. Since the division heads need to travel around, they want to be able to save their files in their laptops. What technology can you deploy to make sure that information would not be disclosed should the laptops are stolen (Choose all that apply)? A. FAT64 B. FAT 32 *C. NTFS D. DFS *E. EFS Explanation: With Encrypted File System, users can secure their files even offline. However, EFS must work with NTFS. Map to the Objective Analyzing Company Processes
Questions 49 15. When designing a W2K network with AD for Supreme, you plan to go with the International model. Which of the following are valid concerns for using this model (Choose all that apply)? A. Different languages B. Different laws C. Different currencies D. Different cultures
16. What will you recommend to the president of Supreme regarding future possible improvement towards the directory, after AD is successfully implemented? A. Implement faster WAN links B. Implement faster LANs C. Implement a more stable Server OS D. Implement a more scalable directory structure
50 Case Study 2 15. When designing a W2K network with AD for Supreme, you plan to go with the International model. Which of the following are valid concerns for using this model (Choose all that apply)? *A. Different languages *B. Different laws *C. Different currencies *D. Different cultures Explanation: With this model you are presented with a lot of challenges .... You will want to use this model for very large multi-national conglomerate. Map to the objective Analyzing the company geographical scope.
16. What will you recommend to the president of Supreme regarding future possible improvement towards the directory, after AD is successfully implemented? *A. Implement faster WAN links B. Implement faster LANs C. Implement a more stable Server OS D. Implement a more scalable directory structure Explanation: Currently all locations already have 100MBPS LAN, which is fast enough. AD is very scalable, and W2K is very stable. As WAN options, 256 K is too slow. You definitely want to improve this. Map to the objective Analyzing the company geographical scope.
Questions 51 17. You want to document the flow of communication in Supreme. What is the use of doing this? A. To show how information is conveyed B. To show the entity relationships C. To show the entity dependency D. To show the departmental structure
18. You want to document the flow of communication in Supreme. What will you do at this stage (Choose all that apply)? A. Diagram how information is distributed B. Document the frequency of distribution C. Specify the entity relationships D. Identify the entity dependency E. Secure the communication entities
52 Case Study 2 17. You want to document the flow of communication in Supreme. What is the use of doing this? *A. To show how information is conveyed B. To show the entity relationships C. To show the entity dependency D. To show the departmental structure Explanation: You want to look into the frequency and flow of information distribution during this stage. Map to the Objective Analyzing Company Processes
18. You want to document the flow of communication in Supreme. What will you do at this stage (Choose all that apply)? *A. Diagram how information is distributed *B. Document the frequency of distribution C. Specify the entity relationships D. Identify the entity dependency E. Secure the communication entities Explanation: In addition, you will want to research into possible electronic communication methods during this stage. Map to the Objective Analyzing Company Processes
Questions 53 19. Since the division heads need to travel around, they want to be able to save and access their files without worrying about the physical locations of the files. What technology can you deploy? A. FAT64 B. NTFS V5 C. DFS D. EFS
54 Case Study 2 19. Since the division heads need to travel around, they want to be able to save and access their files without worrying about the physical locations of the files. What technology can you deploy? A. FAT64 B. NTFS V5 *C. DFS D. EFS Explanation: With Distributed File System, users can deal with a logical view of folders and files without worrying their actual locations. Map to the Objective Analyzing Company Processes
Questions 55
Notes:
Excel Forwarder Corp 57
Case Study 3 Excel Forwarder Corp You are a Network Consultant with specialized skills in designing Win2000 directory services. You are recently requested by the Excel Forwarder Corp to design the Active Directory for the entire company.
Background Excel Forwarder Corp, an international freight forwarder and Customs Broker, has been providing Logistics and Transportation services since 1929. Excel also provides logistics and distribution services as well as purchase order management and ancillary freight services in addition to freight forwarding and Customs Brokerage. With over 65 years in the business, Excel offers fully computerized documentation and tracking in all areas of its operations. Some of the services offered by Excel are: • • • • • • • • • •
Customs Broker Freight Forwarding NVOCC Logistics Management Distribution Consulting Insurance Air Freight Purchase Order Expediting EDI Services
58 Case Study 3
Divisions The company divides its operations into two main categories: Air and Ocean. The management structure is as follow: Air – One director, directly reports to the CEO. Under the director are a group of managers responsible for running the different service departments. Ocean – One director, directly reports to the CEO. Under the director are a group of managers responsible for running the different service departments. The CEO admits that there are overlapping of activities and resources among Air and Ocean. However, he does not plan to modify this structure as of the time being.
Locations There is one headquarter for all of its operation. This headquarter is located in New York. Besides, there are 3 local offices in different region of the states. Excel has the following locations: • NY - Headquarter • Miami Ocean & Air • Los Angeles Air & Ocean • Chicago Air & Ocean Since headquarter does not have enough space, Excel recently rented a small office place which is one street block away from headquarter. The two are connected with ISDN BRI.
Excel Forwarder Corp 59
IT Structure Headquarter is running a NT4 network. The PDC of the single account domain is located in headquarter. There are 5 BDCs for the account domain, and the BDCs are installed in the local offices. In addition, there are resource domains defined. All servers are running with dual 300mhz processors and 256M RAM. Excel uses State of the Art software to insure that all documentation is prepared quickly and correctly. The software runs on NT Workstation that ahs TCP/IP configured. The Excel Trade BBS allows the customers to receive email responses to the leads. This BBS runs on a standalone Linux server. Excel is also in the process of finalizing the installation of new software that will enable its clients to track their shipments on the Internet.
Future Prospect Excel has recently become the partner of XSite, a web site that provides a central search engine for local, state and federal government agencies. This new site is useful in a sense that it eliminates the need to track down all the various agencies to locate available services. This partnership is expected to draw substantial new businesses to Excel. The CEO of Excel is looking into enhancing its existing IT structure in order to cope with the growing demand for its services. The latest forecast from Excel is that in 5 years time the number of employees will be doubled.
Questions 61 1. You are considering a domain model for Excel Forwarder. So far the whole organization does not need to have different password and lockout policies. However, the management of Excel is worrying that the large potential growth of number of employees may be too much for a single domain to handle. Which domain model will you go for? A. Single B. Multiple C. Complete trust D. Multi-Master E. None of the above
2. You are considering deploying multiple domains for Excel Forwarder. Which of the following are valid reasons to deploy multiple domains (Choose all that apply)? A. Scalability B. Performance C. Remote access D. Security E. None of the above
62 Case Study 3 1. You are considering a domain model for Excel Forwarder. So far the whole organization does not need to have different password and lockout policies. However, the management of Excel is worrying that the large potential growth of number of employees may be too much for a single domain to handle. Which domain model will you go for? *A. Single B. Multiple C. Complete trust D. Multi-Master E. None of the above Explanation: In theory a domain's AD can handle 10 million objects, which is far more than what Excel will need. In fact, Microsoft recommends single domain whenever possible. Map to the Objective Identifying Growth Strategy
2. You are considering deploying multiple domains for Excel Forwarder. Which of the following are valid reasons to deploy multiple domains (Choose all that apply)? A. Scalability B. Performance C. Remote access D. Security *E. None of the above Explanation: All of the choices can be achieved with a single domain. In fact, Microsoft recommends single domain whenever possible. Map to the Objective Identifying Growth Strategy
Questions 63 3. As the number of new locations may increase in the coming years, you are considering deploying a more secure and cost effective remote connectivity strategy for Excel Forwarder. Which of the following are valid technologies you should deploy (Choose all that apply)? A. Multiple domains B. VPN C. RRAS D. GPO E. None of the above
4. When Excel Forwarder is growing, which of the following will be affected (Choose all that apply)? A. Groups B. Traffic C. Storage D. Accounts
64 Case Study 3 3. As the number of new locations may increase in the coming years, you are considering deploying a more secure and cost effective remote connectivity strategy for Excel Forwarder. Which of the following are valid technologies you should deploy (Choose all that apply)? A. Multiple domains *B. VPN C. RRAS D. GPO E. None of the above Explanation: VPN provides secure connection between the locations of Excel Forwarder. Since VPN runs on top of Internet connection, it is for sure very cost effective. Map to the Objective Identifying Growth Strategy
4. When Excel Forwarder is growing, which of the following will be affected (Choose all that apply)? *A. Groups *B. Traffic *C. Storage *D. Accounts Explanation: The growth in size of the company will definitely lead to the growth of all these elements. Map to the Objective Identifying Growth Strategy
Questions 65 5. When designing the domain and site structure of Excel Forwarder, you take into account the fact that some offices will provide duplicate services to the other locations. You are also informed that some offices will be working together on some common projects. What domain and site structure will you go for? A. One Domain One site B. One Domain Multiple Sites C. Multi Domains Multiple Sites D. Multi Domains One Site
6. What type of business model does Excel have? A. Geographical B. Hierarchical C. Flat D. Tree
66 Case Study 3 5. When designing the domain and site structure of Excel Forwarder, you take into account the fact that some offices will provide duplicate services to the other locations. You are also informed that some offices will be working together on some common projects. What domain and site structure will you go for? A. One Domain One site *B. One Domain Multiple Sites C. Multi Domains Multiple Sites D. Multi Domains One Site Explanation: With a single domain, administration can be simplified. In fact, Microsoft recommends single domain whenever possible.
6. What type of business model does Excel have? A. Geographical *B. Hierarchical C. Flat D. Tree Explanation: Since there are different layers in the organization structure, this will be a pyramidal command structure cascading from the top down to the base. Map to the Objective Analyzing existing Business Models
Questions 67 7. In order to provide the various departments with a high degree of autonomy, which of the following models will you deploy? A. Geographical B. Hierarchical C. Flat D. Tree
8. When you design your directory structure, you want to make sure that the structure can accommodate: A. Current number of employees B. Projected growth of the number of employees C. Projected economic down turn D. Possible layoff due to crisis in the industry
68 Case Study 3 7. In order to provide the various departments with a high degree of autonomy, which of the following models will you deploy? A. Geographical B. Hierarchical *C. Flat D. Tree Explanation: With this structure the departments can enjoy a high degree of autonomy. Map to the Objective Analyzing Planned Business Model
8. When you design your directory structure, you want to make sure that the structure can accommodate: *A. Current number of employees *B. Projected growth of the number of employees C. Projected economic down turn D. Possible layoff due to crisis in the industry Explanation: Basically you need to consider the current company size as well as the projected size inn the future. Map to the objective Analyzing Directory Technical Requirements
Questions 69 9. The staffs in the small office next to the headquarter complains that the access time to the server in the headquarter is very slow. How can you improve the situation? A. Place a server in the small office B. Install a faster router in the small office C. Use RRAS to connect to the small office D. Increase the cache size in the small office PCs
10. Excel used to have a NT 4 domain controller. You want to upgrade this server to W2K but you do not want it to act as a domain controller. What are valid steps to achieve your goal (Choose all that apply)? A. Upgrade to W2K Pro B. Upgrade to W2K Server C. Run DCPROMO to promote the server D. Run DCPROMO to demote the server
70 Case Study 3 9. The staffs in the small office next to the headquarter complains that the access time to the server in the headquarter is very slow. How can you improve the situation? *A. Place a server in the small office B. Install a faster router in the small office C. Use RRAS to connect to the small office D. Increase the cache size in the small office PCs Explanation: You can place a server in the small office to handle most of the dailyrequired tasks as well as to process logon request. This way you can avoid the need to go through the ISDN link all the time. Map to the objective Analyzing Directory Technical Requirements
10. Excel used to have a NT 4 domain controller. You want to upgrade this server to W2K but you do not want it to act as a domain controller. What are valid steps to achieve your goal (Choose all that apply)? A. Upgrade to W2K Pro *B. Upgrade to W2K Server C. Run DCPROMO to promote the server *D. Run DCPROMO to demote the server Explanation: DCPROMO can be used to promote and demote domain controllers. It has a wizard GUI interface for ease of use.
Questions 71 11. What NT 4 domain model did Excel deploy? A. Single B. Single Master C. Multi-Master D. Complete Trust
12. How do you find out about the trust relationships established in the old NT4 domain (Choose all that apply)? A. Go to the PDC or the BDC B. Go to the PDC only C. Use the User Manager for Domain utility D. Use the Server Manager utility
72 Case Study 3 11. What NT 4 domain model did Excel deploy? A. Single *B. Single Master C. Multi-Master D. Complete Trust Explanation: There is a single account domain plus some resource domains. This is obviously a single master domain model. Map to the objective Analyzing existing Windows NT environment
12. How do you find out about the trust relationships established in the old NT4 domain (Choose all that apply)? *A. Go to the PDC or the BDC B. Go to the PDC only *C. Use the User Manager for Domain utility D. Use the Server Manager utility Explanation: You can go into the User Manager for Domain utility form either the PDC or the BDC and find out the current trust settings. Map to the objective Analyzing existing Windows NT environment
Questions 73 13. According to the established Single Master domain trust model in Excel, what is the default trust relationship between one of the resource domains and the account domain? A. One way, Resource trusts the Account B. One way, Account trusts the Resource C. Two ways, Resource trusts the Account D. Two ways, Account trusts the Resource
74 Case Study 3 13. According to the established Single Master domain trust model in Excel, what is the default trust relationship between one of the resource domains and the account domain? *A. One way, Resource trusts the Account B. One way, Account trusts the Resource C. Two ways, Resource trusts the Account D. Two ways, Account trusts the Resource Explanation: The resource domain has to trust the account domain for the domain model to function. Map to the objective Analyzing existing Windows NT environment
Questions 75 14. You want to diagram the current NT4 trust model of Excel. Which of the following diagrams is correct?
A. Diagram A B. Diagram B C. Diagram C D. Diagram D
76 Case Study 3 14. You want to diagram the current NT4 trust model of Excel. Which of the following diagrams is correct?
*A. Diagram A B. Diagram B C. Diagram C D. Diagram D Explanation: The resource domain has to trust the account domain for the domain model to function. Map to the objective Analyzing existing Windows NT environment
Questions 77 15. You need to upgrade the existing network to W2K with AD. Which of the following components of the NT4 network in Excel have to be upgraded? A. Client computers B. Server processors C. Win98 Client OS D. Server memory E. Server DNS Services
78 Case Study 3 15. You need to upgrade the existing network to W2K with AD. Which of the following components of the NT4 network in Excel have to be upgraded? A. Client computers B. Server processors C. Win98 Client OS D. Server memory *E. Server DNS Services Explanation: Note that all servers already have dual 300mhz CPUs and 256M RAM, which exceed the requirements of W2K already. However, you must upgrade the DNS service to support SRV record for AD to work properly. Map to the objective Analyzing existing Windows NT environment
Notes:
Joe’s Canoe Company 81
Case Study 4 Joe’s Canoe Company You are a Network Consultant with specialized skills in designing Win2000 directory services. You are recently requested by Joe’s Canoe Company to design the Active Directory for the entire company.
Background Joe’s Canoe Company is a company that produces canoes of different kinds. Most of its customers are in the Vancouver area. Since 1950 Joe has been designing and manufacturing Cedar Canvas Canoes. Through the years, as materials advanced, Joe began building Fiberglass, Kevlar and high tech Carbon Fiber Canoes. Joe's Master builders have 5 decades of canoe design and building experience, in all types, from the classic Cedar strip to the family cottage canoe & the most advanced Carbon Fiber high performance canoes. According to the CEO, staffs in the company are on average at the age of 50 and above. Somehow they are a bit resistant to new technologies. Currently they are running on a Win NT network. Per your interview with the marketing manager, there is an increase in the demand for canoes in California. A local canoe manufacturer has approached the company from San Jose about a possible merger between the two companies. Your understanding on this is that, in the next one or two years, these two companies will still market their canoes separately under different brand names. However, the management will definitely want to see some sort of synergy in between. Last month a new representative office was opened in Kansas City, as the company can receive tax deduction from the city government.
82 Case Study 4
Structure So far there is only one office location for Joe’s Canoe. There are 3 different departments: Marketing, Accounting, and Production. Each department has its own management team. The team leaders need to report to the CEO directly. Currently there are about 500 staffs. Of this amount, 60% of them will need to use computers in their daily operations.
Dealer Locations The CEO’s successor, James, has its roots as an IT consultant. He knows the importance of IT deployment. He likes to have all its dealers placing orders online to save processing costs. He recently built a VPN among the company and all its dealers. As of today, there are 6 dealers selling canoes for the company: 1. Algonquin Bound - Madawaska 2. Frontenac Outfitters - Sydenham 3. Gordon Bay Marine - Mactier 4. Muskoka Store - Gravenhurst 5. Adventure Guide - Kitchener-Waterloo 6. Boundary Bay Watersports - Whiterock, BC James is a MCP on NT 4.0. He likes to use Microsoft products. He wants you to implement a network design using Win2000 and active directory. There was a NT4 network implemented for the company. It consists of two domains containing accounts and resources. In addition, there are some other resource only domains that trust these two domains. James is not happy with the fact that trust relationships are so complicated to setup. He also dislikes the fact that scalability is limited with SAM.
Questions 83 1. What domain model does the current NT4 network use? A. Single B. Single Master C. Multi master D. Complete Trust
2. What service does NT4 deploy for communicating on a TCP/IP network using NETBIOS names? A. DNS B. DHCP C. RAS D. WINS
84 Case Study 4 1. What domain model does the current NT4 network use? A. Single B. Single Master *C. Multi master D. Complete Trust Explanation: In a multi-master model, the account domains have to trust each other. In addition, the resource domains have one way trust on the account domains. Map to the objective Analyzing Existing Windows NT Environment
2. What service does NT4 deploy for communicating on a TCP/IP network using NETBIOS names? A. DNS B. DHCP C. RAS *D. WINS Explanation: With WINS Netbios names are mapped to IP addresses. Without WINS you will need to use broadcast for Netbios communication. Map to the objective Analyzing Existing Windows NT Environment
Questions 85 3. What does NT4 deploy for communicating on a TCP/IP network using NETBIOS names when WINS is down? A. DNS B. DHCP C. HOSTS file D. LMHOSTS file
4. What is the tool used to configure the password policy across the NT4 domains? A. User Manager B. User Manager for domains C. Server Manager D. Trust Manager
86 Case Study 4 3. What does NT4 deploy for communicating on a TCP/IP network using NETBIOS names when WINS is down? A. DNS B. DHCP C. HOSTS file *D. LMHOSTS file Explanation: With WINS Netbios names are mapped to IP addresses. Without WINS you can use a simple test file called lmhosts and enter all the entries manually into the file. This file needs to be placed on every client's PC. Map to the objective Analyzing Existing Windows NT Environment
4. What is the tool used to configure the password policy across the NT4 domains? A. User Manager *B. User Manager for domains C. Server Manager D. Trust Manager Explanation: On the NT4 domain controllers you configure the password policy via User Manager for Domains. Map to the objective Analyzing Existing Windows NT Environment
Questions 87 5. In the NT 4 network couple special applications have been installed on the servers that require registry modifications. When you perform the upgrade what should you first need to consider? A. Remove those applications B. Manually modify the registry C. Increase the memory D. Upgrade the CPU
6. Before you upgrade the servers to W2K, what action will you need to take to guarantee a smooth upgrade process? A. Check the HCL B. Inspect the power supply C. Defrag the hard drive D. Format the hard drive
88 Case Study 4 5. In the NT 4 network couple special applications have been installed on the servers that require registry modifications. When you perform the upgrade what should you first need to consider? *A. Remove those applications B. Manually modify the registry C. Increase the memory D. Upgrade the CPU Explanation: Applications that work for NT4 may not work for W2K. For safety reason you may want to remove the applications and check to see if they have updated versions for W2K. Map to the objective Analyzing Existing Windows NT Environment
6. Before you upgrade the servers to W2K, what action will you need to take to guarantee a smooth upgrade process? *A. Check the HCL B. Inspect the power supply C. Defrag the hard drive D. Format the hard drive Explanation: You want to check the Hardware Compatibility List to make sure that the hardware is supported in W2K. Or you may want to obtain all the necessary drivers from the vendors. Map to the objective Analyzing Existing Windows NT Environment
Questions 89 7. What tool can you use to check and find out if the old applications can be run in W2K? A. User Manger for Domain B. W2K HCL Checker C. W2K KCC D. W2K Readiness Analyzer
8. You plan to use the Windows2000 Readiness Analyzer to check for application compatibility problems. How do you start this utility? A. Use the W2K resource kit B. Run Winnt.exe with /Check C. Run Winnt32.exe with /checkup D. Run winnt32.exe with /checkupgradeonly
90 Case Study 4 7. What tool can you use to check and find out if the old applications can be run in W2K? A. User Manger for Domain B. W2K HCL Checker C. W2K KCC *D. W2K Readiness Analyzer Explanation: You may start this application by using the winnt32.exe together with the appropriate option. Map to the objective Analyzing existing applications.
8. You plan to use the Windows2000 Readiness Analyzer to check for application compatibility problems. How do you start this utility? A. Use the W2K resource kit B. Run Winnt.exe with /Check C. Run Winnt32.exe with /checkup *D. Run winnt32.exe with /checkupgradeonly Explanation: You use this utility to check and find out if the old applications can be run in W2K. Map to the objective Analyzing existing applications.
Questions 91 9. You found that there is a very important server side application that handles Joe's Canoe CRM functions. This application does not run in W2K. In fact, the vendor was out of business. What can you do (Choose all that apply)? A. Look for a new application B. Keep a NT4 server to run this application C. Transfer the data to the new application D. Apply service packs to the application
10. You found some old NT3.50 server in Joe's Canoe 's headquarter. These servers have 266mhz processors and plenty of RAM. You want to upgrade them to W2K. What steps are needed for a smooth upgrade (Choose all that apply)? A. Upgrade them to NT 3.51 or 4.0 first B. Check the HCL C. Run memory parity checks D. Scan the hard disk for bad sectors
92 Case Study 4 9. You found that there is a very important server side application that handles Joe's Canoe CRM functions. This application does not run in W2K. In fact, the vendor was out of business. What can you do (Choose all that apply)? *A. Look for a new application B. Keep a NT4 server to run this application *C. Transfer the data to the new application D. Apply service packs to the application Explanation: Since this software will not have any support any longer, you better off replace this with something new. Map to the objective Analyzing existing applications.
10. You found some old NT3.50 server in Joe's Canoe 's headquarter. These servers have 266mhz processors and plenty of RAM. You want to upgrade them to W2K. What steps are needed for a smooth upgrade (Choose all that apply)? *A. Upgrade them to NT 3.51 or 4.0 first *B. Check the HCL C. Run memory parity checks D. Scan the hard disk for bad sectors Explanation: Only NT3.51 or 4.0 can be upgraded to W2K directly. Map to the objective Analyzing Existing and Planned Upgrades and Rollouts
Questions 93 11. You found an important application that needs to be upgraded. According to the documentation the same upgrade is compatible with NT4 and W2K. When should you upgrade this application? A. Before upgrading the server to W2K B. After upgrading the server to W2K C. No need to upgrade at all D. During the server upgrade
12. You want to have a fallback plan in case the upgrade fails. Which step will you take as part of your fallback plan? A. Take a BDC offline B. Run scandisk before the upgrade C. Check HCL before upgrade D. Check all the network cables E. Run Winnt32 with /checkupgradeonly
94 Case Study 4 11. You found an important application that needs to be upgraded. According to the documentation the same upgrade is compatible with NT4 and W2K. When should you upgrade this application? *A. Before upgrading the server to W2K B. After upgrading the server to W2K C. No need to upgrade at all D. During the server upgrade Explanation: Since the same upgrade can work for NT4 and W2K, of course you should upgrade the application first before upgrading the OS. This could prevent some miscellaneous upgrade problems caused by software incompatibility. Map to the objective Analyzing Existing and Planned Upgrades and Rollouts
12. You want to have a fallback plan in case the upgrade fails. Which step will you take as part of your fallback plan? *A. Take a BDC offline B. Run scandisk before the upgrade C. Check HCL before upgrade D. Check all the network cables E. Run Winnt32 with /checkupgradeonly Explanation: You should force a replication across all the NT4 domain controllers, then take a BDC offline. In case the PDC fails the upgrade you can promote this BDC to a PDC and restore the NT4 network. Map to the objective Analyzing Existing and Planned Upgrades and Rollouts
Questions 95 13. You want to find out the capacity of the WAN links between the company and the new location in Kansas City. What is the measure you need to find out? A. Bandwidth B. Speed C. Rate D. Throughput
14. What tool can you deploy to find out the latency between the head office and the new location in Kansas City? A. Ping B. NetDiag C. NetStat D. Tracert
96 Case Study 4 13. You want to find out the capacity of the WAN links between the company and the new location in Kansas City. What is the measure you need to find out? A. Bandwidth B. Speed C. Rate *D. Throughput Explanation: Throughput = network capacity - overhead. Assessing Available Connectivity
Map to the objective
14. What tool can you deploy to find out the latency between the head office and the new location in Kansas City? *A. Ping B. NetDiag C. NetStat D. Tracert Explanation: Latency = how long it takes for a packet to travel from one point to another. Map to the objective Assessing Available Connectivity
Questions 97 15. What tool in W2K combines the functionality of Ping and Tracert? A. Pingrt B. Routeping C. NBTStat D. Netstat E. Pingpath
98 Case Study 4 15. What tool in W2K combines the functionality of Ping and Tracert? A. Pingrt B. Routeping C. NBTStat D. Netstat *E. Pingpath Explanation: With pingpath you can check latency as well as route path information. Map to the objective Assessing Available Connectivity
Notes:
ABC Toys 101
Case Study 5 ABC Toys You are a Network Consultant with specialized skills in designing Win2000 directory services. You are recently requested by ABC Toys Corp to design the Active Directory for the entire company.
Background ABC Toys, formerly Supreme Hobbies and Toys, is owned and operated by people who have over 110 years of combined experience as retailers, hobbyists, and business professionals. The mission of the company is to introduce, support, and nurture the exciting world of model building and collecting. The toys sold by ABC are known as family oriented - they offer product lines that introduce the youth to the excitement of toys. As introductory products, these lines also offer more advanced items for the rest of the family. To make sure that no rain check is ever needed, they keep stock of over 30,000 items in the stores.
Product Offerings The Toy Categories offered by ABC are: • Dolls • Cast Trains • Model Horses • Model Rockets • Electric Trains • Plastic Models • Plush/Stuffed • Wooden Trains
102 Case Study 5 Of the above items, all trains related products are under the management of the Train Department. The rest are under the Toys Department. In theory, there is not much resource that can be shared between the two departments. In fact, there was once ABC wanted to merge the 2 departments. However, the plan has been abolished due to heavy objections from the labor union.
Locations The HQ is located in Hong Kong. The purchasing department is in Taiwan. The rest are run in Vietnam. Currently there are 15 retail outlets throughout the world. Due to the rapid growth of the business, they will establish 5 new retail points of presence in the coming two years. Keep in mid that thee outlets are not owned by ABC. They are simply franchised outlets. However, they can access the network resources of ABC via RAS. SuperToy is the biggest reseller of ABC’s products. ABC sees SuperToy as its most important partner, and thus allows dedicated 256K connections between the two companies’ head offices. Each retail outlet has a store manager who must report directly to the directors. Although centralized administration is important, the company prefers to delegate to the local peers to increase the effectiveness in decision-making.
ABC Toys 103
IT Structure The company has an IT team of 4 as illustrated in Figure 5.1. They have developed the NT 4 network using the multiple domain model. All remote offices can connect to the HQ server via the lease lines.
The IT chart for SuperToy.
Questions 105 1. What is the relationship between Active Directory and the Net available bandwidth for ABC? A. The more net available bandwidth you have the high performance AD will be B. The more net available bandwidth you have the less performance AD will need C. The less net available bandwidth you have the high performance AD will be D. There is no relationship between the two
2. How would you describe the domain model AD is deploying? A. It is essentially a Multi-Master domain model B. It is essentially a Master domain model C. It is essentially a Single domain model
106 Case Study 5 1. What is the relationship between Active Directory and the Net available bandwidth for ABC? *A. The more net available bandwidth you have the high performance AD will be B. The more net available bandwidth you have the less performance AD will need C. The less net available bandwidth you have the high performance AD will be D. There is no relationship between the two Explanation: AD deploys a multi master model --- replication needs bandwidth. Map to the objective Assessing Net Available bandwidth
2. How would you describe the domain model AD is deploying? *A. It is essentially a Multi-Master domain model B. It is essentially a Master domain model C. It is essentially a Single domain model Explanation: It is essentially a Complete Trust domain model Since all DCs are equal in AD, it is essentially a Multi-Master domain model. Map to the objective Assessing Net Available bandwidth
Questions 107 3. What tool can you use to assess the net available bandwidth in ABC's network? A. Ping B. Tracert C. Netstat D. Nbtstat E. Network Monitor
4. What tools can you use to monitor the network performance after upgrading to W2K (Choose all that apply)? A. Performance Monitor B. Network Monitor C. Ping D. Netstat E. PerformStat
108 Case Study 5 3. What tool can you use to assess the net available bandwidth in ABC's network? A. Ping B. Tracert C. Netstat D. Nbtstat *E. Network Monitor Explanation: You can gather information like the number of packets sent and received per second with Network Monitor. Map to the objective Assessing Net Available bandwidth
4. What tools can you use to monitor the network performance after upgrading to W2K (Choose all that apply)? *A. Performance Monitor *B. Network Monitor C. Ping D. Netstat E. PerformStat Explanation: Both of these tools can be used to monitor network performance. Map to the objective Analyzing Performance Requirement
Questions 109 5. Users in Vietnam will need to have full screen video conferencing as well as real time multimedia presentation with users in Hong Kong. Which action should you take to improve the video conferencing performance? A. Place a DC in Vietnam B. Place a Video Streaming server in Vietnam C. Place a Video Streaming server in Hong Kong D. Upgrade the 512K line to T1
6. SuperToy has concern over the network reliability between itself and ABC. What can do you to address this concern? A. Install a redundant connection B. Place DCs on each side C. Place caching only DNS servers on each side D. Deploys VLAN
110 Case Study 5 5. Users in Vietnam will need to have full screen video conferencing as well as real time multimedia presentation with users in Hong Kong. Which action should you take to improve the video conferencing performance? A. Place a DC in Vietnam B. Place a Video Streaming server in Vietnam *C. Place a Video Streaming server in Hong Kong D. Upgrade the 512K line to T1 Explanation: For real time video conferencing and multimedia DCs and Streaming server will not help at all. Map to the objective Analyzing Performance Requirement
6. SuperToy has concern over the network reliability between itself and ABC. What can do you to address this concern? *A. Install a redundant connection B. Place DCs on each side C. Place caching only DNS servers on each side D. Deploys VLAN Explanation: A redundant connection using Dial on demand with ISDN is an ideal choice in this case. Map to the objective Analyzing Performance Requirement
Questions 111 7. Before upgrading to W2K, ABC's network in Vietnam consists of couple subnets that are connected by slow and unreliable links. How should your AD design address this issue (Choose all that apply)? A. Treat each subnet as separate sites B. Treat each subnet as one big site C. Inter-site transport via IP D. Inter-site transport via SMTP
8. Before the W2K upgrade ABC's network mainly relies on WINS for name resolution. After the upgrade what should you do with WINS? A. Remove WINS. Use only DNS B. Use WINS and DNS together C. Use only WINS. D. Use WINS and Hosts file
112 Case Study 5 7. Before upgrading to W2K, ABC's network in Vietnam consists of couple subnets that are connected by slow and unreliable links. How should your AD design address this issue (Choose all that apply)? *A. Treat each subnet as separate sites B. Treat each subnet as one big site C. Inter-site transport via IP *D. Inter-site transport via SMTP Explanation: For unreliable links between subnets you can have them in separate sites so that you can tailor the inter-site transport configuration. Map to the objective Analyzing Data and System Access Patterns
8. Before the W2K upgrade ABC's network mainly relies on WINS for name resolution. After the upgrade what should you do with WINS? *A. Remove WINS. Use only DNS B. Use WINS and DNS together C. Use only WINS. D. Use WINS and Hosts file Explanation: In W2K, WINS is for backward compatibility only. A high performance W2K network with AD should only use DNS as its name resolution method. Maintaining WINS involves separate cost, which may not worth it. Map to the objective Analyzing Network Roles and Responsibilities
Questions 113 9. Before the W2K upgrade there were too many Domain Admins on the network. This issue must be addressed. How would you address this issue (Choose all that apply)? A. Deploy OUs B. Deploy multi-domains C. Delegate admin control D. Assign more users to the OU Administrator built in group
10. You just upgraded the ABC's network to pure W2K. What is now the default authorization protocol? A. Kerberos V3 B. Kerberos V4 C. Kerberos V5 D. NTDS
114 Case Study 5 9. Before the W2K upgrade there were too many Domain Admins on the network. This issue must be addressed. How would you address this issue (Choose all that apply)? *A. Deploy OUs B. Deploy multi-domains *C. Delegate admin control D. Assign more users to the OU Administrator built in group Explanation: OU is always the ideal solution to address the "too many administrators" issue. Map to the objective Analyzing Network Roles and Responsibilities
10. You just upgraded the ABC's network to pure W2K. What is now the default authorization protocol? A. Kerberos V3 B. Kerberos V4 *C. Kerberos V5 D. NTDS Explanation: Kerberos V5 is the default authentication method used in W2K. Map to the objective Analyzing Security Considerations
Questions 115 11. You just upgraded the ABC's network to pure W2K. What service must be running on the W2K servers to support the new default authorization protocol? A. KDC B. KDE C. NTDS D. ADC
12. After the W2K upgrade, ABC's network now consists of couple sites and zones that are AD integrated. How do you improve network performance across the network? A. Lower the replication frequency B. Increase the replication frequency C. Replicate only in non-business hours D. Replicate only in business hours
116 Case Study 5 11. You just upgraded the ABC's network to pure W2K. What service must be running on the W2K servers to support the new default authorization protocol? *A. KDC B. KDE *C. NTDS *D. ADC Explanation: Note that to deploy Smart Card you should also deploy EAP. Map to the objective Analyzing Security Considerations
12. After the W2K upgrade, ABC's network now consists of couple sites and zones that are AD integrated. How do you improve network performance across the network? *A. Lower the replication frequency B. Increase the replication frequency *C. Replicate only in non-business hours D. Replicate only in business hours Explanation: Replication traffic is a major source of bandwidth consumption. You want to make sure that this won't happen too frequently during your office hours. Map to the objective Analyzing Data and System Access Patterns
Questions 117 13. What will you consider regarding the DNS service locations in your AD structure and design? A. All clients must be able to access DNS B. Clients can access WINS instead of DNS C. Use lmhosts file for clients without DNS access D. Use hosts file for clients without DNS access
14. Vietnam's WAN connection with Hong Kong is not reliable. How should you arrange the location of DNS services? A. Place a DNS server in Vietnam. Have all Vietnam clients use the Vietnam DNS server. B. Place a DNS server in Hong Kong for Vietnam. Have all Vietnam clients use this DNS server. C. Place a DNS server in Taiwan. Have all Vietnam clients use the Taiwan DNS server. D. Use hosts file for clients. Have all Vietnam clients use the Hong Kong DNS server.
118 Case Study 5 13. What will you consider regarding the DNS service locations in your AD structure and design? *A. All clients must be able to access DNS B. Clients can access WINS instead of DNS C. Use lmhosts file for clients without DNS access D. Use hosts file for clients without DNS access Explanation: For a pure W2K network the clients must have access to DNS. WINS is for backward compatibility only. Do not rely on WINS. Map to the objective Analyzing Directory Technical Requirements
14. Vietnam's WAN connection with Hong Kong is not reliable. How should you arrange the location of DNS services? *A. Place a DNS server in Vietnam. Have all Vietnam clients use the Vietnam DNS server. B. Place a DNS server in Hong Kong for Vietnam. Have all Vietnam clients use this DNS server. C. Place a DNS server in Taiwan. Have all Vietnam clients use the Taiwan DNS server. D. Use hosts file for clients. Have all Vietnam clients use the Hong Kong DNS server. Explanation: For a pure W2K network the clients must have access to DNS. If the link between Hong Kong and Vietnam is not reliable, you should place a DNS server in Vietnam. Map to the objective Analyzing Directory Technical Requirements
Notes:
MediAssociate 121
Case Study 6 MediAssociate You are a Network Consultant with specialized skills in designing Win2000 directory services. You are recently requested by MediAssociate to design the Active Directory for the entire company.
Background MediAssociate Since 1986, MediAssociate has been conducting research for legal and health care professionals involved in medical malpractice, personal injury, product liability and workers' compensation cases. Target customers are those who are overwhelmed with complicated health care issues and baffling medical jargon. The founders of MediAssociate have been in the medical-legal consultant field for over ten years. They have been providing consulting services for attorneys, physicians and other legal nurse consultants.
Services MediAssociate searches medical literature for articles, standards and guidelines that will enhance customer’s understanding of the case. The search is conducted by RNs experienced in the field, is supplemented with summaries of key articles, and conference sessions to answer the questions. MediAssociate locates qualified expert physicians and nurses whose accurate opinions will bolster customer’s position. Its nationwide network of specialists includes both consulting and testifying experts. MediAssociate can find the ideal expert fast, then help the customer to prepare that expert for deposition or trial. MediAssociate nurses will accompany the customers during their Independent Medical Examinations. These nurses will be prepared to offer testimony during deposition and trial.
122 Case Study 6
IT Structure To offer the services listed above, MediAssociate has a very advanced IT infrastructure. Their network deploys fiber optics to connect their office in down town San Jose. The network is running 25 NT 4 Servers and 300 clients. To speed up research, they use a T3 line to connect to the Internet. In addition, there are 4 Solaris workstations specially designed for a fault tolerant web site configuration.
Organization Structure The company is structured in a way that reflects the services it offers as illustrated in Figure 6.1. There are mainly 3 departments in the company, one for each main service.
Figure 6.1:
Organizational chart for MediAssociate.
MediAssociate 123
Visions The company is expected to expand its network of affiliated professionals. Currently they have more than 25000 professionals in their network nationwide. These professionals are allowed to connect to the head office via dial up access. Due to the fast growth in business, it is estimated that in three years time the number of professionals that work with the company will be doubled. Since to a certain extent these professionals are not in house staffs, the company will want to have a separate community for them. This community should manage their own password and lockout policy on their own. The existing NT4 network was built with scalability in mind. There are 2 account domains together with 5 resource domains. The CIO wants to upgrade the network to W2K. He is impressed by the stability of the new OS. One thing the CIO really wants to implement is some sort of Smartcard devices for the in house staffs to log onto the network. He believes in technologies like Smartcard being the trend of the future.
Questions 125 1. What type of business model does MediAssociate have? A. Geographical B. Hierarchical C. Flat D. Tree
2. What domain model does the current NT4 network of MediAssociate use? A. Single B. Single Master C. Multi master D. Complete Trust
126 Case Study 6 1. What type of business model does MediAssociate have? A. Geographical *B. Hierarchical C. Flat D. Tree Explanation: This is a pyramidal command structure cascading from the top down to the base. Map to the Objective Analyzing existing Business Models
2. What domain model does the current NT4 network of MediAssociate use? A. Single B. Single Master *C. Multi master D. Complete Trust Explanation: In a multi-master model, the account domains have to trust each other. In addition, the resource domains have one way trust on the account domains. Map to the objective Analyzing Existing Windows NT Environment
Questions 127 3. Before the upgrade is started, the CIO requests that you alter the lockout policy of all the domains. What is the tool used to configure this change across the NT4 domains? A. User Manager B. User Manager for domains C. Server Manager D. Trust Manager
4. When the W2K upgrade is finished, where can you specify the alternative authentication method preferred by the CIO? A. Group Policy B. NTFS C. DFS D. EFS
128 Case Study 6 3. Before the upgrade is started, the CIO requests that you alter the lockout policy of all the domains. What is the tool used to configure this change across the NT4 domains? A. User Manager *B. User Manager for domains C. Server Manager D. Trust Manager Explanation: On the NT4 domain controllers you configure the password and lockout policy via User Manager for Domains. Map to the objective Analyzing Existing Windows NT Environment
4. When the W2K upgrade is finished, where can you specify the alternative authentication method preferred by the CIO? *A. Group Policy B. NTFS C. DFS D. EFS Explanation: You change the settings via Group Policy. Note that to deploy Smart Card you should also deploy EAP. Map to the objective Analyzing Security Considerations
Questions 129 5. When the W2K upgrade is finished, what protocol will you deploy to accompany the alternative authentication method preferred by the CIO? A. PAP B. EAP C. CHAP D. MSCHAP
6. To accompany the future growth in the number of affiliated professionals, how many domains will you create for the new AD? A. Single B. At least 2 C. 1 for every service department D. 1 for the company and 1 for the affiliated professionals E. 1 for the company, 1 for each service department, and 1 for the affiliated professionals
130 Case Study 6 5. When the W2K upgrade is finished, what protocol will you deploy to accompany the alternative authentication method preferred by the CIO? A. PAP *B. EAP C. CHAP D. MSCHAP Explanation: EAP is the protocol to go when you want to deploy Smart Card. PAP should never be considered as it uses clear text. Map to the objective Analyzing Security Considerations
6. To accompany the future growth in the number of affiliated professionals, how many domains will you create for the new AD? A. Single B. At least 2 C. 1 for every service department *D. 1 for the company and 1 for the affiliated professionals E. 1 for the company, 1 for each service department, and 1 for the affiliated professionals Explanation: The number of user objects is not a concern as a single domain in AD can hold millions of objects. However, since the company wants the professionals to manage their own domain wide policy, it is better to have a separate domain for the professionals. Map to the objective to the objective Understanding the purpose of Active Directory
Questions 131 7. After the W2K upgrade is finished, you need to assign access control permissions. Which of the following steps will you take (Choose all that apply)? A. Set up global groups to contain users B. Set up local groups to contain global groups C. Assign permissions to local group D. Set up universal groups to contain users E. Set up universal groups to contain global groups
8. The CIO wants the domains in the new AD network to trust each other. What settings would you need to perform to achieve this? A. Nothing B. Uses AD users and computers C. Uses AD domain and trust D. Uses AD computers and services
132 Case Study 6 7. After the W2K upgrade is finished, you need to assign access control permissions. Which of the following steps will you take (Choose all that apply)? *A. Set up global groups to contain users *B. Set up local groups to contain global groups *C. Assign permissions to local group D. Set up universal groups to contain users E. Set up universal groups to contain global groups Explanation: Somehow we should not deploy universal group at all (at least for the purpose of the exam). Map to the objective to the objective Understanding the purpose of Active Directory
8. The CIO wants the domains in the new AD network to trust each other. What settings would you need to perform to achieve this? *A. Nothing B. Uses AD users and computers C. Uses AD domain and trust D. Uses AD computers and services Explanation: The trusts in AD are automatically two ways transitive. No special settings need to be done. Map to the objective to the objective Understanding the purpose of Active Directory
Questions 133 9. Of the NT servers MediAssociate has, 3 of them are running as member servers, while 7 of them are running as BDCs. After all of them are upgraded to W2K, how many of them will not use SAM any more? A. 22 B. 15 C. 12 D. 10
10. In the new AD, you need to design container objects for delegation to occur at the site level. How do you do this? A. Create domain containers B. Create OU containers C. Create site containers D. Create server containers
134 Case Study 6 9. Of the NT servers MediAssociate has, 3 of them are running as member servers, while 7 of them are running as BDCs. After all of them are upgraded to W2K, how many of them will not use SAM any more? *A. 22 B. 15 C. 12 D. 10 Explanation: Of the 25 NT servers, only 3 are member servers. After upgrading to W2K, member servers will still use SAM. All domain controllers will use AD instead of SAM. Map to the objective to the objective Understanding the purpose of Active Directory
10. In the new AD, you need to design container objects for delegation to occur at the site level. How do you do this? A. Create domain containers B. Create OU containers *C. Create site containers D. Create server containers Explanation: Site container is the appropriate level of container for this purpose. Map to the objective Understanding Directory Parts
Questions 135 11. In the new AD, you have designed container objects for delegation to occur at the site level. You need to further organize users and computers within these containers for a particular line of business. How do you do this? A. Create domain containers within the company containers B. Create OU containers within the domain containers C. Create site containers within the OU containers D. Create Line of business containers within the site containers
12. In the new AD, you want to enforce the rule that whenever new user object is created for an affiliated professional the "Medical Professional Qualification" field must be completed. How do you do this (Choose all that apply)? A. Drop and recreate the schema B. Encrypt the schema C. Extend the schema D. Add the new attribute E. Make the attribute a required one
136 Case Study 6 11. In the new AD, you have designed container objects for delegation to occur at the site level. You need to further organize users and computers within these containers for a particular line of business. How do you do this? A. Create domain containers within the company containers B. Create OU containers within the domain containers C. Create site containers within the OU containers *D. Create Line of business containers within the site containers Explanation: Line of Business container within the Site container is the appropriate level of container for this purpose. Map to the objective Understanding Directory Parts
12. In the new AD, you want to enforce the rule that whenever new user object is created for an affiliated professional the "Medical Professional Qualification" field must be completed. How do you do this (Choose all that apply)? A. Drop and recreate the schema B. Encrypt the schema *C. Extend the schema *D. Add the new attribute *E. Make the attribute a required one Explanation: To have new fields in the user objects, you must extend the schema. Map to the objective Understanding Directory Parts
Questions 137 13. The CIO is very interested in using containers to organize objects in AD. He gave you a list of containers he is interested in. Which of these containers are not valid (Choose all that apply)? A. Trusts B. OUs C. Computers D. Users E. Groups
14. The CIO is very interested in learning about the directory schema. He gave you a list of items that are to be included in his schema design. Which of these items are not contained within the schema (Choose all that apply)? A. Attributes B. Classes C. Containers D. User data E. Trusts
138 Case Study 6 13. The CIO is very interested in using containers to organize objects in AD. He gave you a list of containers he is interested in. Which of these containers are not valid (Choose all that apply)? *A. Trusts B. OUs *C. Computers *D. Users *E. Groups Explanation: Computers and users are objects. Trusts are relationships. Groups are for permission settings only. Map to the objective Understanding Directory Parts
14. The CIO is very interested in learning about the directory schema. He gave you a list of items that are to be included in his schema design. Which of these items are not contained within the schema (Choose all that apply)? A. Attributes B. Classes *C. Containers *D. User data *E. Trusts Explanation: Schema maintains rules related to objects in AD. These rules are stored in classes and attributes. Map to the objective Understanding Directory Parts
Questions 139 15. The CIO is very interested in learning about the directory schema. He gave you a list of items that are to be included in his schema design. Which of these items are used for describing the objects that can be created in the schema (Choose all that apply)? A. Attributes B. Classes C. Containers D. User data E. Trusts
140 Case Study 6 15. The CIO is very interested in learning about the directory schema. He gave you a list of items that are to be included in his schema design. Which of these items are used for describing the objects that can be created in the schema (Choose all that apply)? A. Attributes *B. Classes C. Containers D. User data E. Trusts Explanation: Classes are used to describe what can be created in the schema. Attributes hold information relating to the AD objects.
Notes:
Kellok Accounting Service 143
Case Study 7 Kellok Accounting Service You are a Network Consultant with specialized skills in designing Win2000 directory services. You are recently requested by Kellok Accounting Service to design the Active Directory for the entire company.
Background Kellok Accounting Service has been in businesses in the Pacific Northwest for nearly half a century, helping clients to develop effective accounting systems to use as an essential management tool.
Core accounting services Division AR-1 Financial statements for corporations, proprietorships, and partnerships Monthly accounting, including computer-generated journals and ledgers Developing financial accounting and control systems Analysis and implementation of accounting enhancements Training in record keeping Division AR-2 Cash flow management Compliance with lender requirements Financing, including banks, SBA, FHA Consulting and business planning Budgeting and forecasting Division AR-3 Computer technology assistance, including network design Bank reconciliation Accounts receivable and payable Inventory control Depreciation schedules and asset records
144 Case Study 7 Division AR-4 Payroll and other taxes Executive search for controller/financial staff Special purpose reports Locations Headquarter – Palo Alto 50 staffs 2 NT servers 1 Unix server AR – 1 Palo Alto 40 staffs 2 NT servers 1 Unix server AR – 2 Redwood City 40 staffs 1 NT server 1 Unix server AR – 3 Fremont 70 staffs 3 NT servers 1 Unix server AR – 4 Oakland 20 staffs 1 NT server
Kellok Accounting Service 145 All locations are interconnected with 128K ISDN lines. All locations share the same password and lockout policies.
Kellok NT Domain Model
Figure 7.1:
The NT Domain Model for Kellok.
Questions 147 1. What domain model does the current NT4 network of Kellok use? A. Single B. Single Master C. Multi master D. Complete Trust
2. What will be the valid design decisions regarding the AD structure for Kellok (Choose all that apply)? A. One forest B. One tree C. Two Trees D. Five trees E. One domain
148 Case Study 7 1. What domain model does the current NT4 network of Kellok use? A. Single *B. Single Master C. Multi master D. Complete Trust Explanation: In a single-master model, the resource domains have one way trust on the single account domain. Map to the objective Analyzing Existing Windows NT Environment
2. What will be the valid design decisions regarding the AD structure for Kellok (Choose all that apply)? *A. One forest *B. One tree C. Two Trees D. Five trees *E. One domain Explanation: Single domain is always recommended, especially when there is no need for different domain wide policy. Map to the objective Understanding Active Directory Architecture
Questions 149 3. An external consultant suggests that with W2K there are so many protocols that can be used to enhance security, both for authentication and for encryption. Which of the following deploys clear text for login and password and should be avoided? A. PAP B. EAP C. MSCHAP D. MSCHAP V2
4. The IT Officer is an expert in X.500 . He wants to know have a smooth coexistence between AD and X500. Which of the following will work for the communication between DCs in AD using X500 standards? A. Deploy DSP B. Deploy DISP C. Deploy LDAP D. Deploy DSA E. None of the above
150 Case Study 7 3. An external consultant suggests that with W2K there are so many protocols that can be used enhance security, both for authentication and for encryption. Which of the following deploys clear text for login and password and should be avoided? *A. PAP B. EAP C. MSCHAP D. MSCHAP V2 Explanation: EAP is the protocol to go when you want to deploy Smart Card. PAP should never be considered as it uses clear text. Map to the objective Analyzing Security Considerations
4. The IT Officer is an expert in X.500 . He wants to know have a smooth coexistence between AD and X500. Which of the following will work for the communication between DCs in AD using X500 standards? A. Deploy DSP B. Deploy DISP C. Deploy LDAP D. Deploy DSA *E. None of the above Explanation: DCs in AD can communicate only by RPC or SMTP but nothing else. Map to the objective understanding Active Directory versus X.500
Questions 151 5. The IT Officer is an expert in X.500 . He wants to know have a smooth coexistence between AD and X500. Which of the following will work for the communication between the clients and the DCs in AD using X500 standards? A. Deploy DSP B. Deploy DISP C. Deploy LDAP D. Deploy DSA E. None of the above
6. The IT Officer is an expert in X.500 . He wants to know have a smooth coexistence between AD and X500. What is the role of DCs in AD when mapping components to X500 ? A. DSA B. DUA C. DPA D. None of the above
152 Case Study 7 5. The IT Officer is an expert in X.500 . He wants to know have a smooth coexistence between AD and X500. Which of the following will work for the communication between the clients and the DCs in AD using X500 standards? A. Deploy DSP B. Deploy DISP *C. Deploy LDAP D. Deploy DSA E. None of the above Explanation: LDAP can be used for the communication between the clients and the DCs in AD. Map to the objective understanding Active Directory versus X.500
6. The IT Officer is an expert in X.500 . He wants to know have a smooth coexistence between AD and X500. What is the role of DCs in AD when mapping components to X500 ? *A. DSA B. DUA C. DPA D. None of the above Explanation: DCs can act as Directory System Agents in AD. Map to the objective understanding Active Directory versus X.500
Questions 153 7. Regarding the communication between the DCs in AD, what method of communications can be used? A. SMTP B. SNMP C. RPC D. You can use either SMTP or RPC or both together E. Both SMTP and RPC
8. You just upgraded the Kellok's network to pure W2K. What is true regarding the Kerberos protocol (Choose all that apply)? A. V4 is now the default authorization protocol B. V5 is now the default authorization protocol C. Ticket based D. Token based E. Requires NTFS to function
154 Case Study 7 7. Regarding the communication between the DCs in AD, what method of communications can be used? A. SMTP B. SNMP C. RPC *D. You can use either SMTP or RPC or both together E. Both SMTP and RPC Explanation: RPC = Remote procedure calls SMTP = Simple Mail Transfer Protocol. Map to the objective understanding Active Directory versus X.500
8. You just upgraded the Kellok's network to pure W2K. What is true regarding the Kerberos protocol (Choose all that apply)? A. V4 is now the default authorization protocol *B. V5 is now the default authorization protocol *C. Ticket based D. Token based E. Requires NTFS to function Explanation: Kerberos V5 is the default authentication method used in W2K. It has nothing to deal with NTFS. Map to the objective Analyzing Security Considerations
Questions 155 9. What are the ideal ways to manage permissions in the new W2K network (Choose all that apply)? A. Set up domain local groups to contain universal group B. Set up universal groups to contain user groups C. Assign permissions to local group D. Set up global groups to contain users E. Set up local groups to contain global groups
10. The IT officer is worrying that, if a single domain is deployed for the company, somehow logon validation will be very slow. He suggests a multi domain model for the AD. How many domains will you create for the new AD? A. Single B. At least 2 C. 1 for every division D. 1 for the company and 1 for every division
156 Case Study 7 9. What are the ideal ways to manage permissions in the new W2K network (Choose all that apply)? A. Set up domain local groups to contain universal group B. Set up universal groups to contain user groups *C. Assign permissions to local group *D. Set up global groups to contain users *E. Set up local groups to contain global groups Explanation: Remember this sequence: User -> Global Group -> Local Group
10. The IT officer is worrying that, if a single domain is deployed for the company, somehow logon validation will be very slow. He suggests a multi domain model for the AD. How many domains will you create for the new AD? *A. Single B. At least 2 C. 1 for every division D. 1 for the company and 1 for every division Explanation: The number of user objects is not a concern as a single domain in AD can hold millions of objects. Also, the number of domains has nothing to deal with the logon traffic. We can always place DCs in the other locations to speed up logon validation. Map to the objective to the objective Understanding the purpose of Active Directory
Questions 157 11. The IT officer is worrying that, if a single domain is deployed for the company, somehow logon validation will be very slow. How will you address this concern in your AD design? A. Place DCs in all the locations B. Place GCs in all the locations C. Place Caching only servers in all the locations D. Deploy multiple domains
12. After the W2K upgrade, Kellok's network now consists of couple sites and zones that are AD integrated. The IT officer is worrying that replication traffic can potentially produce traffic jams among the WAN links. How do you address this issue? A. Lower the replication frequency B. Increase the replication frequency C. Replicate only in day time D. Replicate only in business hours E. Increase the replication cache
158 Case Study 7 11. The IT officer is worrying that, if a single domain is deployed for the company, somehow logon validation will be very slow. How will you address this concern in your AD design? *A. Place DCs in all the locations B. Place GCs in all the locations C. Place Caching only servers in all the locations D. Deploy multiple domains Explanation: We can always place DCs in the other locations to speed up logon validation. Map to the objective to the objective Understanding the purpose of Active Directory
12. After the W2K upgrade, Kellok's network now consists of couple sites and zones that are AD integrated. The IT officer is worrying that replication traffic can potentially produce traffic jams among the WAN links. How do you address this issue? *A. Lower the replication frequency B. Increase the replication frequency C. Replicate only in day time D. Replicate only in business hours E. Increase the replication cache Explanation: Replication traffic is a major source of bandwidth consumption. You want to make sure that this won't happen too frequently. Map to the objective Analyzing Data and System Access Patterns
Questions 159 13. In Kellok's W2K network, what server role is being used to manage group membership between domains and to keep references to objects in other domains? A. Infrastructure Master B. RID Master C. PDC Emulator D. Domain Naming Master E. Schema Master
14. In Kellok's W2K network, what server role is being used to ensure the uniqueness of SIDs in the domains? A. Infrastructure Master B. RID Master C. PDC Emulator D. Domain Naming Master Schema Master
160 Case Study 7 13. In Kellok's W2K network, what server role is being used to manage group membership between domains and to keep references to objects in other domains? *A. Infrastructure Master B. RID Master C. PDC Emulator D. Domain Naming Master E. Schema Master Explanation: You should be familiar with the different server roles available in AD. Map to the objective Understanding Active Directory Architecture
14. In Kellok's W2K network, what server role is being used to ensure the uniqueness of SIDs in the domains? A. Infrastructure Master *B. RID Master C. PDC Emulator D. Domain Naming Master E. Schema Master Explanation: You should be familiar with the different server roles available in AD. Map to the objective Understanding Active Directory Architecture
Questions 161 15. In Kellok's W2K network, what server role is being used to control changes in the AD namespace? A. Infrastructure Master B. RID Master C. PDC Emulator D. Domain Naming Master E. Schema Master
162 Case Study 7 15. In Kellok's W2K network, what server role is being used to control changes in the AD namespace? A. Infrastructure Master B. RID Master C. PDC Emulator *D. Domain Naming Master E. Schema Master Explanation: You should be familiar with the different server roles available in AD. Map to the objective Understanding Active Directory Architecture
Notes:
ProX Auditing Group 165
Case Study 8 ProX Auditing Group You are a Network Consultant with specialized skills in designing Win2000 directory services. You are recently requested by ProX Auditing Group to design the Active Directory for the entire company.
Background ProX Auditing Group (Figure 3-3) uses a logical sequence of steps to perform audits in the most efficient, effective, and timely manner possible. Its audits comply with the highest professional standards and lend credibility to Client Company's financial statements. Its experts can assist the clients in improving internal controls and operating efficiency, as well as recommend enhancements to make Client Company more profitable. ProX offers the following audit services: ProX Austin • General financial audits • Review of agreed-upon procedures • Analysis of internal and operating controls • Review of computer systems for proper operation and control procedures ProX Kansas • Due diligence audits for mergers and acquisitions • Federal single audit compliance • Compliance with GAO "Yellow Book" requirements • Compliance with grant requirements • Compliance with loan covenants/regulatory requirements
166 Case Study 8
Client Sectors: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16.
Agriculture Auto Dealers and Auto Repair Beverages Construction and Logging Financial Institutions and Trusts Governmental Health Care Professionals Lodging and Food Service Insurance Services Manufacturing Non-Profit Organizations Professional Service Firms Real Estate Retail and Wholesale Businesses Timber Trucks and Transportation
ProX Auditing Group 167
Organization Structure
Figure 8.1:
Organizational of ProX Auditing Group
The SF office is the head office. All the offices share the same set of rules and standards. The three ProX offices are interconnected with high-speed T1 lines. Currently they are running on Netware 4.X. However, for file sharing, some NT servers are deployed as well. These NT servers are working together with the Netware 4.X servers on the same network. Clients are mainly Win98 based.
Questions 169 1. The CEO is very nervous about the upgrade. He wants to be sure that the upgrade will be conducted smoothly. He also wants you to determine if there is any problem with the upgrade. What will you do to address this issue? A. Run a test lab network B. Run simulation software C. Check the HCL D. Run Winnt32 with /checkupgradeonly
2. How many forests will you deploy for ProX? A. 1 B. 2 C. 3 D. 4
170 Case Study 8 1. The CEO is very nervous about the upgrade. He wants to be sure that the upgrade will be conducted smoothly. He also wants you to determine if there is any problem with the upgrade. What will you do to address this issue? *A. Run a test lab network B. Run simulation software C. Check the HCL D. Run Winnt32 with /checkupgradeonly Explanation: This test lab network should closely resemble the real network. Map to the objective to the objective Analyzing the Impact on the Existing Technical Environment
2. How many forests will you deploy for ProX? *A. 1 B. 2 C. 3 D. 4 Explanation: Single domain is always recommended, especially when there is no need for different domain wide policy. Single domain -> single tree -> single forest. Map to the objective Understanding Active Directory Architecture
Questions 171 3. How many trees will you deploy for ProX? A. 1 B. 2 C. 3 D. 4
4. How many schema master will you deploy for ProX? A. 1 B. 2 C. 3 D. 4
172 Case Study 8 3. How many trees will you deploy for ProX? *A. 1 B. 2 C. 3 D. 4 Explanation: Single domain is always recommended, especially when there is no need for different domain wide policy. Single domain -> single tree -> single forest. Map to the objective Understanding Active Directory Architecture
4. How many schema master will you deploy for ProX? *A. 1 B. 2 C. 3 D. 4 Explanation: We can only have one schema master per forest. Map to the objective Understanding Active Directory Architecture
Questions 173 5. How many infrastructure master will you deploy for ProX? A. 1 B. 2 C. 3 D. 4
6. What option do you have when creating sites for ProX? A. You can have multi - domains for the same sites B. You can have multi- domains for multi - sites C. You can have one domain spread over multi - sites D. You can have one domain for each site in each office
174 Case Study 8 5. How many infrastructure master will you deploy for ProX? *A. 1 B. 2 C. 3 D. 4 Explanation: We can only have one infrastructure master per domain. Map to the objective Understanding Active Directory Architecture
6. What option do you have when creating sites for ProX? A. You can have multi - domains for the same sites B. You can have multi- domains for multi - sites *C. You can have one domain spread over multi - sites D. You can have one domain for each site in each office Explanation: Since we will only use one domain for ProX, this will be the only valid option. All choices are technically possible if multi- domains can be deployed. Map to the objective Understanding Active Directory Architecture
Questions 175 7. What protocol does the servers of ProX's current network use? A. NWLink B. TCP/IP C. NetBEUI D. Appletalk
8. What will be the valid design decisions regarding the AD name space for ProX, if the 3 offices will be of totally different domains (Choose all that apply)? A. Uses sanfrancisco.prox.com for the head office B. Uses Austin.prox.com for Austin C. Uses Kansas.prox.com for Kansas D. Uses www.prox.com for all the offices
176 Case Study 8 7. What protocol does the servers of ProX's current network use? *A. NWLink B. TCP/IP C. NetBEUI D. Appletalk Explanation: It has to be NWLink because this is the only protocol that allows NT4 to talk to the Netware servers. Map to the objective Analyzing Existing Windows NT Environment
8. What will be the valid design decisions regarding the AD name space for ProX, if the 3 offices will be of totally different domains (Choose all that apply)? *A. Uses sanfrancisco.prox.com for the head office *B. Uses Austin.prox.com for Austin *C. Uses Kansas.prox.com for Kansas D. Uses www.prox.com for all the offices Explanation: This is only recommended when multi-domain model is to be used. Map to the objective Understanding Naming Conventions
Questions 177 9. After the upgrade, you want to configure and analyze the security of the new network. What software interface can you use to do this? A. MMC B. SecureMan C. Admintools D. Netstat E. NBStat
10. After the upgrade, you want to configure and analyze the security of the new network. You also want to deploy security template to configure the settings for each system. What software can you use to do this? A. Security Configuration and Analysis snap in B. Security Configuration snap in C. Security Analysis snap in D. Security Template snap in E. None of the above
178 Case Study 8 9. After the upgrade, you want to configure and analyze the security of the new network. What software interface can you use to do this? *A. MMC B. SecureMan C. Admintools D. Netstat E. NBStat Explanation: The corresponding snap-in must be used together with MMC to perform particular functions. Map to the objective to the objective Analyzing the Impact on the Existing Technical Environment
10. After the upgrade, you want to configure and analyze the security of the new network. You also want to deploy security template to configure the settings for each system. What software can you use to do this? *A. Security Configuration and Analysis snap in B. Security Configuration snap in C. Security Analysis snap in D. Security Template snap in E. None of the above Explanation: You have to use this snap-in together with MMC. Map to the objective to the objective Analyzing the Impact on the Existing Technical Environment
Questions 179 11. All the NT computers have been upgraded to W2K. You modified some of their local GPOs, and then found out that some of the modifications are not effective. What is the likely cause? A. Some local GPOs are affected by policies that are not local B. Some local GPOs are not compiled C. Some local GPOs are not saved with the new settings D. Some local GPOs are not associated with the systems properly
12. What tool can you use to modify group policy per the request of the CEO (Choose all that apply)? A. MMC B. Group Policy snap in C. Template snap in D. AD Computers and Services snap in E. AD Domain and Trust snap in
180 Case Study 8 11. All the NT computers have been upgraded to W2K. You modified some of their local GPOs, and then found out that some of the modifications are not effective. What is the likely cause? *A. Some local GPOs are affected by policies that are not local B. Some local GPOs are not compiled C. Some local GPOs are not saved with the new settings D. Some local GPOs are not associated with the systems properly Explanation: Non local policies may come from nonlocal GPOs in AD. These include linked computers, sites, domains and OUs. Map to the objective to the objective Analyzing the Impact on the Planned Technical Environment
12. What tool can you use to modify group policy per the request of the CEO (Choose all that apply)? *A. MMC *B. Group Policy snap in C. Template snap in D. AD Computers and Services snap in E. AD Domain and Trust snap in Explanation: To configure group policy, you need to load the Group Policy snap in from within MMC. Map to the objective to the objective Analyzing the Technical Support Structure
Questions 181 13. You want to be able to remotely access the ProX server so that traveling cost can be avoided. What components will you need to make this work (Choose all that apply)? A. Terminal Service running on a W2K Server B. Terminal Service and Terminal Service Client running on a W2K Server C. Terminal Service running on your computer D. Terminal Service Client running on your computer
14. In the new ProX network, you want to analyze packets that are destined for all the computers on the network segments. You do not want to involve a high cost in doing this. What tool can you use? A. Network Monitor that comes with W2K B. Packet Sniffer that comes with W2K C. Proxy Server 2.0 D. Full version of SMS
182 Case Study 8 13. You want to be able to remotely access the ProX server so that traveling cost can be avoided. What components will you need to make this work (Choose all that apply)? *A. Terminal Service running on a W2K Server B. Terminal Service and Terminal Service Client running on a W2K Server C. Terminal Service running on your computer *D. Terminal Service Client running on your computer Explanation: This combination allows for terminal emulation in W2K. Both the server and the client must be configured properly for this to work. Map to the objective to the objective Analyzing the Technical Support Structure
14. In the new ProX network, you want to analyze packets that are destined for all the computers on the network segments. You do not want to involve a high cost in doing this. What tool can you use? A. Network Monitor that comes with W2K B. Packet Sniffer that comes with W2K C. Proxy Server 2.0 *D. Full version of SMS Explanation: To be able to conduct network analysis from one computer, you must use the full version of System Management Server. The Network Monitor that comes with W2K is a very limited version. Map to the objective Analyzing Existing Network and System Management
Questions 183 15. In the new ProX network, you want to analyze packets by putting your NICs into "promiscuous mode". You do not want to involve a high cost in doing this. What tool can you use? A. Network Monitor that comes with W2K B. Packet Sniffer that comes with W2K C. Proxy Server 2.0 D. Full version of SMS
184 Case Study 8 15. In the new ProX network, you want to analyze packets by putting your NICs into "promiscuous mode". You do not want to involve a high cost in doing this. What tool can you use? A. Network Monitor that comes with W2K B. Packet Sniffer that comes with W2K C. Proxy Server 2.0 *D. Full version of SMS Explanation: To be able to conduct network analysis from one computer, you must use the full version of System Management Server. The Network Monitor that comes with W2K is a very limited version. Map to the objective Analyzing Existing Network and System Management
Notes:
ExGovern 187
Case Study 9 ExGovern You are a Network Consultant with specialized skills in designing Win2000 directory services. You are recently requested by The ExGovern Group to design the Active Directory for the entire company.
Background ExGovern is an agency specialized in working with government and non-profit organizations since 1979. Its governmental experience includes working with: • Cities • Counties • State Agencies • Federal Agencies • School Districts • Highway Districts • Port Authorities • Utility Districts
Services For governmental and non-profit entities, ExGovern has prepared, compiled, reviewed, and audited financial statements, performed limited scope audits using specific criteria, and, where appropriate, prepared tax returns. ExGovern frequently provides recommendations regarding internal accounting controls, organizational and operational structure, the flow of information to management, and other aspects of administration where weaknesses have been observed. ExGovern has a team of 100 audit managers who are respected specialists in governmental auditing and accounting procedures. They understand and take into account the limited funds available to government and non-profit organizations. The government-required audits are in accordance with:
188 Case Study 9 • Generally accepted accounting standards prescribed by the American Institute of Certified Public Accountants. • Government Auditing Standards issued by the Comptroller General, from the U.S. General Accounting Office. • Single Audit Act • OBM Circulars A-128 and A-133.
Future Vision ExGovern is about to acquire its competitor GovernSpec. These two entities will remain independent after the acquisition. Both of them have their web presence, and they will do business using their own brand names. However, the staffs from ExGovern can have the rights to access certain resources of GovernSpec. For ExGovern itself, a major reorganization will occur as well. The new organization will be service oriented, with the following service departments available: Service Dept 1 ============== Cities Counties State Agencies Service Dept 2 ============== Federal Agencies School Districts Highway Districts Service Dept 3 ============ Port Authorities Utility Districts
ExGovern 189 The new organization chart for these departments is illustrated in Figure 9.1.
Figure 9.1:
Organizational chart ExGovern.
IT Structure Currently their network is running Windows NT 4 and 3.51. For clients, they have NT 4 Workstation, Win95/98 and also Macintosh. The IT Manager of the company only wants to upgrade the Server and some of the NT Workstation to W2K, and nothing else. There will be 4 sites in the network due to the physical locations of ExGovern’s different offices. These sites will be linked with 256K dedicated lines.
Questions 191 1. What type of structure do the Service departments deploy? A. Geographical B. Hierarchical C. Flat D. Tree
2. After the upgrade, you want Application A and Application B to be available for all computers on the network. The problem is, these two applications are designed for W2K only. How do you do this? A. Deploy Terminal service B. Deploy RRAS C. Deploy Virtual Machine D. Convert the applications to Java based E. Apply the latest service packs
192 Case Study 9 1. What type of structure do the Service departments deploy? A. Geographical B. Hierarchical *C. Flat D. Tree Explanation: With this structure the smaller departments can enjoy high degree of autonomy. Map to the Objective Analyzing Planned Business Model
2. After the upgrade, you want Application A and Application B to be available for all computers on the network. The problem is, these two applications are designed for W2K only. How do you do this? *A. Deploy Terminal service B. Deploy RRAS C. Deploy Virtual Machine D. Convert the applications to Java based E. Apply the latest service packs Explanation: By using Terminal service, clients can use the browser as the interface to run these applications on the server side. Map to the objective Analyzing Business Requirement for Client Computers Desktop Management
Questions 193 3. After the upgrade, you want to automatically distribute Application C to all the computers running W2K Pro. You decided to publish Application C. What will happen (Choose all that apply)? A. You will not see the shortcuts on the desktop. B. You will not see the shortcuts on the start menu. C. User can install or remove the application. D. User can modify the logo bitmap of the application.
4. Some users will be moving around frequently. You want them to be able to have the same desktop settings regardless of the computers they use, and at the same time prevent them from making any modification to the settings permanently. How do you do this (Choose all that apply)? A. Deploy roaming profile B. Make the profile mandatory C. Mark the desktop folders as read only D. Set the file system to NTFS E. Set the proper NTFS permission
194 Case Study 9 3. After the upgrade, you want to automatically distribute Application C to all the computers running W2K Pro. You decided to publish Application C. What will happen (Choose all that apply)? *A. You will not see the shortcuts on the desktop. *B. You will not see the shortcuts on the start menu. *C. User can install or remove the application. D. User can modify the logo bitmap of the application. Explanation: By publishing the application, the application will not appear as installed. Map to the objective Analyzing Business Requirement for Client Computers Desktop Management
4. Some users will be moving around frequently. You want them to be able to have the same desktop settings regardless of the computers they use, and at the same time prevent them from making any modification to the settings permanently. How do you do this (Choose all that apply)? *A. Deploy roaming profile *B. Make the profile mandatory C. Mark the desktop folders as read only D. Set the file system to NTFS E. Set the proper NTFS permission Explanation: You can create the profiles with AD Computers and Users. Map to the objective Analyzing End User Work Needs
Questions 195 5. How do you manage mapped drives of the W2K Pro on the network? A. Deploy WMI enabled utility B. Deploy PnP enabled utility C. Deploy ACPI enabled utility D. Deploy AMI enabled utility
6. To increase object query performance in the new W2K network, you plan to deploy GCs on every site of ExGovern. What is the minimum requirement for this to work? A. One DC per site B. One domain per site C. Two DCs per site D. One Infrastructure Master per site
196 Case Study 9 5. How do you manage mapped drives of the W2K Pro on the network? *A. Deploy WMI enabled utility B. Deploy PnP enabled utility C. Deploy ACPI enabled utility D. Deploy AMI enabled utility Explanation: You can use Logical Drives, which is a WMI tool, to change drive labels and view / change drive properties. Map to the objective Analyzing End User Work Needs
6. To increase object query performance in the new W2K network, you plan to deploy GCs on every site of ExGovern. What is the minimum requirement for this to work? *A. One DC per site B. One domain per site C. Two DCs per site D. One Infrastructure Master per site Explanation: You should have at least one DC per site for optimal performance on the network. Map to the objective Designing a Directory Architecture
Questions 197 7. To increase object query performance in the new W2K network, you have deployed GCs on every site of ExGovern. Users report that query can still be slow. How do you address the issue (Choose all that apply)? A. Add additional DCs to the domain B. Designated the additional DCs as GCs C. Increase the RAM for the GCs D. Use dual processors for the GCs
8. The IT Manager wants to deploy a multi-domain model for the company. He wants himself to be the "super administrator" that can manage everything in every domain. How do you help him achieve this? A. Add him to the Enterprise Admin group. B. Add him to the Domain Admin group. C. Add him to the Domain Global Admin group. D. Add him to the Universal Admin group.
198 Case Study 9 7. To increase object query performance in the new W2K network, you have deployed GCs on every site of ExGovern. Users report that query can still be slow. How do you address the issue (Choose all that apply)? *A. Add additional DCs to the domain *B. Designated the additional DCs as GCs C. Increase the RAM for the GCs D. Use dual processors for the GCs Explanation: By assigning additional DCs as GCs you can also reduce replication traffic. Map to the objective Designing a Directory Architecture
8. The IT Manager wants to deploy a multi-domain model for the company. He wants himself to be the "super administrator" that can manage everything in every domain. How do you help him achieve this? *A. Add him to the Enterprise Admin group. B. Add him to the Domain Admin group. C. Add him to the Domain Global Admin group. D. Add him to the Universal Admin group. Explanation: The Enterprise Admin group has admin scope covering the entire forest. Map to the objective Designing a Directory Architecture
Questions 199 9. GovernSpec will have its own forest. To be able for it to share resources with staffs from ExGovern, what type of trust is needed? A. One Way Explicit trust B. Two Ways Explicit trust C. One Way Implicit trust D. Two Ways Implicit trust
200 Case Study 9 9. GovernSpec will have its own forest. To be able for it to share resources with staffs from ExGovern, what type of trust is needed? *A. One Way Explicit trust B. Two Ways Explicit trust C. One Way Implicit trust D. Two Ways Implicit trust Explanation: There is no two way implicit trusts between domains of different forests. You must manually set up the trust, one way every time. Map to the objective Analyzing Trust Relationships
Notes:
ProTax 203
Case Study 10 ProTax You are a Network Consultant with specialized skills in designing Win2000 directory services. You are recently requested by The ProTax Group to design the Active Directory for the entire company.
Background Since 1980, ProTax has established a formal tax service to serve the clients needs. Headed by CPAs with many years of experience in a wide array of industries, ProTax staff works year-round to stay abreast of developments in the ever-changing state and federal tax laws.
Protax Professionals Offer A Full Line Of Tax Services ProTax (Redwood City) Preparation of tax returns for the following entities: Individuals, Corporations, Partnerships, Non-profits, Pension plans, Gift and estates, and, Fiduciaries. In addition to tax return preparation, ProTax also offer services for: ProTax (San Mateo) Business and individual tax planning, projections, and valuations Special reports/projections for tax planning Representation before taxing authorities Support for business acquisition, reorganizations, mergers, and incorporations Sale or purchase of business properties Executive compensation and benefit programs Deferred compensation plans
204 Case Study 10 Pension and profit-sharing plans Employee benefit programs ProTax (San Bruno) Assistance with accurate and thorough record-keeping Sales tax audit prevention Payroll, sales, and use tax Especially for individuals: Estate and gift tax services Retirement planning Investment planning Higher education planning ProTax is a very special organization. Basically different Individuals separately own every office. They do share resources with each other and to enjoy some synergy. They also share the same brand name when promoting their services.
Expected IT Structure ProTax (Redwood City) Domain 1 100 Staffs ProTax (San Mateo) Domain 2 120 Staffs ProTax (San Bruno) Domain 3 65 Staffs ProTax has plans to add additional Domains in the near future:
Questions 205 1. You need to manually configure the 3 domains to trust each other after the W2K upgrade is completed. What kind of trust can you create, given the fact that Domain 3 is running in Mixed mode while all the other domains are running in Native mode (Choose all that apply)? A. Domain 1 and Domain 2 - 2 way transitive B. Domain 1 and Domain 3 - 1 way non-transitive C. Domain 2 and Domain 3 - 1 way non-transitive D. Domain 1 and Domain 2 - 1 way non-transitive
206 Case Study 10 1. You need to manually configure the 3 domains to trust each other after the W2K upgrade is completed. What kind of trust can you create, given the fact that Domain 3 is running in Mixed mode while all the other domains are running in Native mode (Choose all that apply)? *A. Domain 1 and Domain 2 - 2 way transitive *B. Domain 1 and Domain 3 - 1 way non-transitive *C. Domain 2 and Domain 3 - 1 way non-transitive D. Domain 1 and Domain 2 - 1 way non-transitive
Explanation: For mixed mode domain to connect to native mode domains, only one way non-transitive trust is possible. Map to the objective Analyzing Trust Relationship
Questions 207 2. You have configured a new forest for the AD of ProTax. You then created the 3 domains for the 3 offices of ProTax. What additional effort would be needed for the domains to communicate with each other? A. Manually set the one way trust B. Manually set the two ways trust C. Manually configure the trust replication D. Manually configure the trust path sequence E. Manually configure the ACLs
208 Case Study 10 2. You have configured a new forest for the AD of ProTax. You then created the 3 domains for the 3 offices of ProTax. What additional effort would be needed for the domains to communicate with each other? A. Manually set the one way trust B. Manually set the two ways trust C. Manually configure the trust replication D. Manually configure the trust path sequence *E. Manually configure the ACLs
Explanation: When you create a forest and the domains, 2 ways transitive trusts are configured automatically configured for you. All you need to do now is to configure the ACL for the resources shared. Map to the objective Analyzing Trust Relationship
Questions 209 3. Assuming you have the following domain structure for TaxPro: You plan to add a new domain beneath Domain 3. How do you configure the trust relationship so that the new domain 4 can communicate with domain 2? A. Manually set the one way trust B. Manually set the two ways trust C. Manually configure the trust replication D. Manually configure the trust path sequence E. Do nothing
210 Case Study 10 3. Assuming you have the following domain structure for TaxPro: You plan to add a new domain beneath Domain 3. How do you configure the trust relationship so that the new domain 4 can communicate with domain 2? A. Manually set the one way trust B. Manually set the two ways trust C. Manually configure the trust replication D. Manually configure the trust path sequence *E. Do nothing
Explanation: Every domain in a forest has 2 way transitive trusts configured automatically. Map to the objective Analyzing Trust Relationship
Questions 211 4. Assuming you have the following domain structure for TaxPro: You want to speed up resource access between domain 2 and domain 4. How would you do this? A. Define a short cut trust between Domain 2 and 4 B. Deploy a separate network segment between Domain 2 and 4 C. Deploy more GCs in Domain 2 and 4 D. Use Index Server for Domain 2 and 4
212 Case Study 10 4. Assuming you have the following domain structure for TaxPro: You want to speed up resource access between domain 2 and domain 4. How would you do this? *A. Define a short cut trust between Domain 2 and 4 B. Deploy a separate network segment between Domain 2 and 4 C. Deploy more GCs in Domain 2 and 4 D. Use Index Server for Domain 2 and 4
Explanation: You use AD Domains and Trusts to accomplish this. Map to the objective Optimizing Trust Relationship
Questions 213 5. Assuming you have the following domain structure for TaxPro: To speed up resource access between Domain 4 and Domain 2, you decided to deploy explicit trust between them. What is true regarding this explicit trust (Choose all that apply)? A. Also known as Cross Link trust B. Often being referred to as Short Cut trust C. Can reduce network traffic along the otherwise trust path D. Can by pass the ACL between the domains
214 Case Study 10 5. Assuming you have the following domain structure for TaxPro: To speed up resource access between Domain 4 and Domain 2, you decided to deploy explicit trust between them. What is true regarding this explicit trust (Choose all that apply)? *A. Also known as Cross Link trust *B. Often being referred to as Short Cut trust *C. Can reduce network traffic along the otherwise trust path D. Can by pass the ACL between the domains Explanation: You cannot bypass ACLs in W2K. Map to the objective Optimizing Trust Relationship
Questions 215 6. Assuming you have the following domain structure for TaxPro: What is the trust path from Domain 4 to Domain 2? A. 4-3-1-2 B. 4-2-1-3 C. 4-3-2-1 D. 4-2-3-1
216 Case Study 10 6. Assuming you have the following domain structure for TaxPro: What is the trust path from Domain 4 to Domain 2? *A. 4-3-1-2 B. 4-2-1-3 C. 4-3-2-1 D. 4-2-3-1
Explanation: A trust path is the path a request traverse from one domain to another. Map to the objective Optimizing Trust Relationship Assuming you have the following domain structure for TaxPro:
Questions 217 7. How do you remove the trust between Domain 1 and 2? A. Run DCPROMO B. Use AD Domains and Trusts C. Use AD Computers and Users D. You cannot do this
218 Case Study 10 7. How do you remove the trust between Domain 1 and 2? A. Run DCPROMO B. Use AD Domains and Trusts C. Use AD Computers and Users *D. You cannot do this Explanation: The 2 Way Transitive Trust created implicitly cannot be removed. Map to the objective Optimizing Trust Relationship
Questions 219 8. The administrator of Domain 1 may occasionally need to manage domain 2. How do you allow this to happen? A. Add him to the Enterprise Admin group B. Add him to the proper ACL in domain 2 C. Add him to the local group of domain 2 D. Add him to the universal group of domain 2
220 Case Study 10 8. The administrator of Domain 1 may occasionally need to manage domain 2. How do you allow this to happen? *A. Add him to the Enterprise Admin group B. Add him to the proper ACL in domain 2 C. Add him to the local group of domain 2 D. Add him to the universal group of domain 2
Explanation: The only way is to add him to the Enterprise Admin group. Map to the objective Designing a Directory Architecture
Questions 221 9. ProTax has signed a partnership deal with another Tax company called MaryTax. MaryTax has its own forest and Ad structure. How do you enable mutual communication between the two forests? A. Create a one way trust between them B. Create a two way trust between them C. Create two one way trusts between them D. Create a N way trust between them
222 Case Study 10 9. ProTax has signed a partnership deal with another Tax company called MaryTax. MaryTax has its own forest and Ad structure. How do you enable mutual communication between the two forests? A. Create a one way trust between them B. Create a two way trust between them *C. Create two one way trusts between them D. Create a N way trust between them
Explanation: This kind of explicit trust can only be created one way each time. So you need to create 2 one way trusts in order to allow mutual resource sharing. Map to the objective Optimizing Trust Relationship
Questions 223 10. In the ProTax forest, you will eventually add domain 5 and domain 6. How do you create the trust relationships for them to reduce network traffic (Choose all that apply)? A. Manually set the two ways trust B. Manually configure the trust replication C. Manually configure the trust path sequence D. Do nothing for the initial trusts E. Set up cross link trusts when appropriate
224 Case Study 10 10. In the ProTax forest, you will eventually add domain 5 and domain 6. How do you create the trust relationships for them to reduce network traffic (Choose all that apply)? A. Manually set the two ways trust B. Manually configure the trust replication C. Manually configure the trust path sequence *D. Do nothing for the initial trusts *E. Set up cross link trusts when appropriate
Explanation: Every domain in a forest has 2 way transitive trusts configured automatically. You may, however, add cross link trusts to speed up resource access. Map to the objective Analyzing Trust Relationship
Notes:
B2Bexpert 227
Case Study 11 B2Bexpert You are a Network Consultant with specialized skills in designing Win2000 directory services. You are recently requested by B2BExpert to design the Active Directory for the entire company.
Background B2Bexpert is an open, business-to-business electronic marketplace for building materials that enhances the customer-supplier relationship. The B2BExpert marketplace enables buyers and sellers of building materials to benefit from timely and relevant market information, broader customer reach, highly efficient transactional capabilities, and more automated logistical and back-office processes allowing greater control over the relationship side of business. The B2BExpert marketplace will initially focus on structural lumber, but quickly move into other building materials, starting with structural panels. Ultimately, B2BExpert's marketplace will support the buying and selling of all building materials used in residential home and light commercial construction, such as engineered wood products, millwork, siding, roofing, gypsum wallboard, insulation, and other major building materials. B2BExpert's customers are buyers and sellers of truckload and railcar quantities of building materials including producers, wholesalers, and retailers.
B2BExpert Services B2BExpert has partnered with a number of partners, allowing members to choose from a variety of value-added services to fulfill transactions in the B2BExpert Marketplace. B2BExpert works with individual members to design specific service packages. Members will always control the extent to which the services are used. Shipment management - Experienced transportation managers will take care of facilitating client’s shipments
228 Case Study 11 Shipment tracking - Improve inventory forecasting through online tracking of rail shipments. ETA's for B2BExpert shipments are continuously monitored, updated, and displayed online. Delivered price automatically calculated for buyers - Delivered prices displayed from all mills enable quicker, more accurate purchasing decisions Customized pricing for multiple ship-to locations FOB mill pricing for sellers - Mills need only enter FOB mill or region prices, all freight costs are automatically calculated for delivered prices to customer locations. Guaranteed payments to sellers - Secure payment transaction through 3rd party escrow service
B2B IT Infrastructure All servers are running NT4.0 and are housed in the head office in Boston. B2Bexpert itself forms a single NT4 domain. To work with the partners without disclosing confidential information, the IT department has to pay extreme attention in terms of setting up the trusts necessary for the domains to communicate. Currently Exchange Server 5.5 is deployed as their email solution. B2Bexpert is using the same domain name for internal and external network. Administrator needs to add host to the DNS manually. Also, users have difficulty logging onto the internal network and access the resource they need.
Questions 229 1. How does W2K enable the communication between Exchange Server 5.5 Directory Service and the AD? A. Via ADC B. Via ODBC C. Via ADS D. Via EDS
2. This morning one of the staff deleted a file from the W2K network. 5 hours later he was told that the file must be kept. What happen to the file? A. The file is deleted. You can only restore it from tape if any. B. The file is not deleted. You can undelete it. C. The file can be rescued by un-formatting the disk D. The file is moved to the DELETED.SAV directory.
230 Case Study 11 1. How does W2K enable the communication between Exchange Server 5.5 Directory Service and the AD? *A. Via ADC B. Via ODBC C. Via ADS D. Via EDS Explanation: Active Directory Connector allows the synchronization of AD and Exchange Server 5.5 directory service. Of course, Exchange Server 2000 will have even tighter integration with AD. Map to the objective Establishing the Scope of Active Directory
2. This morning one of the staff deleted a file from the W2K network. 5 hours later he was told that the file must be kept. What happen to the file? *A. The file is deleted. You can only restore it from tape if any. B. The file is not deleted. You can undelete it. C. The file can be rescued by un-formatting the disk D. The file is moved to the DELETED.SAV directory. Explanation: If you delete a file from the network, it is gone. If you delete an object from AD, you have 12 hours to rescue it. Map to the objective Establishing the Scope of Active Directory
Questions 231 3. This morning one of the administrator deleted an object from the W2K AD. 5 hours later he was told that the object must be kept. What happen to the object? A. The object is deleted. You can only restore it from tape if any. B. The object is marked for as tombstone. It will get deleted after 12 hours. C. The object can be rescued by un-formatting the disk D. The object is moved to the DELETED.SAV directory.
4. What are valid physical objects that are kept in AD metadirectory (Choose all that apply)? A. Workstation B. User C. Computer D. Department
232 Case Study 11 3. This morning one of the administrator deleted an object from the W2K AD. 5 hours later he was told that the object must be kept. What happen to the object? A. The object is deleted. You can only restore it from tape if any. *B. The object is marked for as tombstone. It will get deleted after 12 hours. C. The object can be rescued by un-formatting the disk D. The object is moved to the DELETED.SAV directory. Explanation: If you delete a file from the network, it is gone. If you delete an object from AD, you have 12 hours to rescue it. Map to the objective Establishing the Scope of Active Directory
4. What are valid physical objects that are kept in AD metadirectory (Choose all that apply)? *A. Workstation *B. User *C. Computer D. Department Explanation: Department is considered a conceptual object. Map to the objective Establishing the Scope of Active Directory
Questions 233 5. What are valid conceptual objects that are kept in AD metadirectory (Choose all that apply)? A. Workstation B. Organization C. Group D. Department
6. What are valid types of objects that are kept in AD meta-directory (Choose all that apply)? A. Physical B. Conceptual C. Digital D. Geographic
234 Case Study 11 5. What are valid conceptual objects that are kept in AD metadirectory (Choose all that apply)? A. Workstation *B. Organization *C. Group *D. Department Explanation: Workstation is considered a physical object. Map to the objective Establishing the Scope of Active Directory
6. What are valid types of objects that are kept in AD meta-directory (Choose all that apply)? *A. Physical *B. Conceptual *C. Digital *D. Geographic Explanation: Remember these four types. Map to the objective Establishing the Scope of Active Directory
Questions 235 7. B2Bexpert.com plans to have a subdomain in its AD namespace. Which of the following are valid choices of name? A. Win_Money.B2Bexpert.com B. Win-Money.B2Bexpert.com C. WinMoney_yes.B2Bexpert.com D. -WinMoney.B2Bexpert.com
8. You named one of the W2K server XXX.B2Bexpert.com. For clients that will access this server via computer name, what is the computer name for this server? A. XXX B. XXX.B2BExpert C. XXX.B2Bexpert.com D. XXX.com
236 Case Study 11 7. B2Bexpert.com plans to have a subdomain in its AD namespace. Which of the following are valid choices of name? A. Win_Money.B2Bexpert.com *B. Win-Money.B2Bexpert.com C. WinMoney_yes.B2Bexpert.com D. -WinMoney.B2Bexpert.com Explanation: Per RFC 1123, only the letters A to Z, number 0 to 9, and hyphen can be used in the name. Also, you don't start the name with a hyphen. Map to the objective Designing the Namespace
8. You named one of the W2K server XXX.B2Bexpert.com. For clients that will access this server via computer name, what is the computer name for this server? *A. XXX B. XXX.B2BExpert C. XXX.B2Bexpert.com D. XXX.com Explanation: XXX is the Netbios name, and B2Bexpert.com is the DNS suffix. Map to the objective Designing the Namespace
Questions 237 9. What AD domain structure will you recommend for B2Bexpert? A. Multiple forests B. Single forest single tree C. Single forest multiple trees D. Single forest multiple domains
10. How do you address the issue that users have difficulty logging on and access resources? A. Place a second DNS on the external network B. Place a second DNS on the internal network C. Place a second DNS next to the users D. Deploy caching only server
238 Case Study 11 9. What AD domain structure will you recommend for B2Bexpert? *A. Multiple forests B. Single forest single tree C. Single forest multiple trees D. Single forest multiple domains Explanation: The reason to deploy multiple trees is that the partners only want to selectively communicate with each other. They do not want to disclose too many stuff to each other. Manually configured trust will be better in this case. Map to the objective Designing a Directory Architecture
10. How do you address the issue that users have difficulty logging on and access resources? *A. Place a second DNS on the external network B. Place a second DNS on the internal network C. Place a second DNS next to the users D. Deploy caching only server Explanation: You can place a second DNS server on the external network to handle all internal requests to the external domain. Map to the objective Planning the DNS Strategy
Notes:
SBP Associates 241
Case Study 12 SBP Associates You are a Network Consultant with specialized skills in designing Win2000 directory services. You are recently requested by SBP Associates to design the Active Directory for the entire company.
Background SBP Associates has been in the consulting business in the San Francisco Bay Area for 10 years. Its business is characterized by long-standing partner relationships with clients. It takes an entrepreneurial approach to servicing clients. Its service units work closely together, share resources, experiences and strategies.
Services The core of its business is to provide "Full Service" Association Management. At SBP, Full Service Association Management includes the following functions: • Executive Management • Administrative Services • Information Services • Accounting • Organization Structure The CEO of the company reports directly to the board of directors. Under the CEO there are two divisions. The internal division handles all the internal affairs, while the Service Division provides service to the customers.
242 Case Study 12
Under the Service Division, there are 4 departments: Department of Executive Management 100 people, head office, SF EM.Service.SBP.com Department of Administrative Services 100 people, Oakland office AS.Service.SBP.com Department of Information Services 36 people, San Jose office IS.Service.SBP.com Department of Accounting 55 people, Milpitas office AT.Service.SBP.com
Questions 243 1. What are the valid components of the AD metadirectory that form the namespace in AD (Choose all that apply)? A. Metaverse B. Connector space C. DNS Suffix D. X.500 address E. DNS Prefix
2. If you are using NON W2K DNS server for the upgraded network, what function must this DNS server provide in order to work with AD? A. To hold records that can locate services on the network with DNS B. To hold records that can locate services on the network with WINS C. To hold records that can replicate D. To hold records that can support redundancy
244 Case Study 12 1. What are the valid components of the AD metadirectory that form the namespace in AD (Choose all that apply)? *A. Metaverse *B. Connector space C. DNS Suffix D. X.500 address E. DNS Prefix Explanation: Metaverse represents all joined objects, while the connector space provide locations for the initial import of directories. Map to the objective Establishing the Scope of Active Directory
2. If you are using NON W2K DNS server for the upgraded network, what function must this DNS server provide in order to work with AD? *A. To hold records that can locate services on the network with DNS B. To hold records that can locate services on the network with WINS C. To hold records that can replicate D. To hold records that can support redundancy Explanation: This is exactly what SRV RR record is for. Map to the objective Planning the DNS Strategy
Questions 245 3. You want the DNS server in your W2K AD network to perform dynamic updates of hosts. What are required for this to happen (Choose all that apply)? A. DNS must have authenticated the update in AD B. DNS must have authenticated the update in WINS C. DNS server must have proper permissions to read WINS database D. DNS server must have proper permissions to perform dynamic updates
4. There will be a new department in the company. The FQDN name for the domain will have about 70 characters in length. The name will include letters, numbers and hyphen. Which aspect of this new name deserves further attention? A. The length B. The character used C. The meaning D. The wording
246 Case Study 12 3. You want the DNS server in your W2K AD network to perform dynamic updates of hosts. What are required for this to happen (Choose all that apply)? *A. DNS must have authenticated the update in AD B. DNS must have authenticated the update in WINS C. DNS server must have proper permissions to read WINS database *D. DNS server must have proper permissions to perform dynamic updates Explanation: These are enforced for security purposes. DNS dynamic updates and WINS are totally different things that are not related at all. Map to the objective Planning the DNS Strategy
4. There will be a new department in the company. The FQDN name for the domain will have about 70 characters in length. The name will include letters, numbers and hyphen. Which aspect of this new name deserves further attention? *A. The length B. The character used C. The meaning D. The wording Explanation: In fact, a domain name cannot be longer than 63 characters. Any way, a name like this long is hard to use. Map to the objective Understanding Naming Convention
Questions 247 5. Users in the different locations need to log on to different domains to access resources frequently. During peak hours this can be very slow. How do you improve the situation? A. Place servers at each location B. Increase the RAM of the servers C. Increase the cache size of the servers D. Install DDR for the locations
6. What is the maximum recommended number of child domains you should create for SBP? A. 1 B. 2 C. 3 D. 4 E. 5
248 Case Study 12 5. Users in the different locations need to log on to different domains to access resources frequently. During peak hours this can be very slow. How do you improve the situation? *A. Place servers at each location B. Increase the RAM of the servers C. Increase the cache size of the servers D. Install DDR for the locations Explanation: Placing servers at different location can avoid log on and validation over the WAN links. This is the model answer for improving performance. Map to the objective Designing the Directory Architecture
6. What is the maximum recommended number of child domains you should create for SBP? A. 1 B. 2 C. 3 D. 4 *E. 5 Explanation: Microsoft suggests that you don't have more than 4 levels down in the hierarchy of the DNS host entries. Map to the objective Understanding Naming Convention
Questions 249 7. What is the major problem for SBP to use the same domain name internally and externally? A. User trying to access its public web site might unpredictably get to the internal site instead B. Very confused naming C. Slow down the DNS server D. Slow down client access
8. If you are to deploy the same domain name for SBR 's internally and externally, how many DNS servers would you need to configure? A. 1 B. 2 C. 3 D. 4 E. 5
250 Case Study 12 7. What is the major problem for SBP to use the same domain name internally and externally? *A. User trying to access its public web site might unpredictably get to the internal site instead B. Very confused naming C. Slow down the DNS server D. Slow down client access Explanation: Name resolution problem can occur when duplicated names are deployed. Map to the objective Planning the DNS Strategy
8. If you are to deploy the same domain name for SBR 's internally and externally, how many DNS servers would you need to configure? A. 1 *B. 2 C. 3 D. 4 E. 5 Explanation: You need one for internal and one for external use. Map to the objective Planning the DNS Strategy
Questions 251 9. On SBP's network there are tow types of DNS servers: NT4 and W2K. For them to work together smoothly in AD, what is the requirement? A. Make the W2K DNS server the primary server with authorities over all DNS names B. Make the W2K DNS server the secondary server C. Make the W2K DNS server the primary server with authorities over all Netbios names D. Retire the NT4 DNS Servers
10. The IT Manager of SBP suggests the following domain names for the two new departments that will start their operations in late June this year: New Dept 1 - ND.Service.SBP.com New Dept 2 - nd.Service.SBP.com What is the problem with the proposed names? A. They are basically the same name B. They are basically two different names C. They do not contain hyphen D. They do not contain number
252 Case Study 12 9. On SBP's network there are tow types of DNS servers: NT4 and W2K. For them to work together smoothly in AD, what is the requirement? *A. Make the W2K DNS server the primary server with authorities over all DNS names B. Make the W2K DNS server the secondary server C. Make the W2K DNS server the primary server with authorities over all Netbios names D. Retire the NT4 DNS Servers Explanation: You must have a DNS server that supports SRV to be the primary server. You do not need to retire the NT4 server. Map to the objective Planning the DNS Strategy
10. The IT Manager of SBP suggests the following domain names for the two new departments that will start their operations in late June this year: New Dept 1 - ND.Service.SBP.com New Dept 2 - nd.Service.SBP.com What is the problem with the proposed names? *A. They are basically the same name B. They are basically two different names C. They do not contain hyphen D. They do not contain number Explanation: The names are duplicated. Note that domain names in AD are not case sensitive. Map to the objective Understanding Naming Convention
Notes:
SamuraiPro Trading Company 255
Case Study 13 SamuraiPro Trading Company You are a Network Consultant with specialized skills in designing Win2000 directory services. You are recently requested by SamuraiPro Trading Company to design the Active Directory for the entire company.
Background SamuraiPro Trading Company is the leading provider of top quality Samurai related martial arts goods in the Orange County. It is continually searching for and testing new items to put in its catalog. However, new items must pass its personal in house use test. The catalog resides on the SQL Server 7 machine together with the IIS service. The network has both NT3.5 and NT 4.0 servers. The firewall resides on a Linux machine. At SamuraiPro, a significant amount of time and energy is spent using and testing the swords that it sells. To promote its products, SamuraiPro frequently participated at the Blade Show in Orange County. At the trade show its staff will take records of its visitors and give them access to its web site. The URL of the web site is www.Spro.com
Structure In SamuraiPro’s business environment, there are 3 important entities: SamuraiPro itself, its supplier in Japan, and the trade show company. They have agreed to share their resources with each other on a limited extent. According to the CEO, sales are expected to growth by 150% next year. Instead of opening new locations, SamuraiPro will form partnership with other companies. The partnership will be under separate control.
256 Case Study 13 Currently, the sales departments of SamuraiPro are organized as follow: SALES | |----------------Æ Sword | |-----Æ Short sword |-----Æ Long sword |----------------Æ Mat |----------------Æ Shirts
Questions 257 1. What model of OU design will mostly fit the current structure of the sales department? A. Business function B. Geographical C. Global D. Mixed
2. Staffs in the short sword department and the long sword department always fail the first couple log on attempts during peak hours. Why would this happen? A. Too many levels of OUs B. Too many OUs C. Too many departments D. Too many domains
258 Case Study 13 1. What model of OU design will mostly fit the current structure of the sales department? *A. Business function B. Geographical C. Global D. Mixed Explanation: It is obvious that you do not see any geographical element in the structure of the sales department. Map to the objective Developing an OU Design Strategy
2. Staffs in the short sword department and the long sword department always fail the first couple log on attempts during peak hours. Why would this happen? *A. Too many levels of OUs B. Too many OUs C. Too many departments D. Too many domains Explanation: If OUs are nested too deeply, latency in authentication will result. Map to the objective Developing an OU Design Strategy
Questions 259 3. Staffs in the short sword department and the long sword department always fail the first couple log on attempts during peak hours. You suspect that the nesting of OUs is the cause of the problem. What is the maximum level of nesting W2K can support? A. unlimited B. limited by resources C. 60 D. 61 E. 62
4. In the OU structure, how do you enable the newly created child object to inherit permission from the parent object? A. Check "Allow Inheritable Permissions From Parent to Propagate to This Object" B. Disable "Allow Inheritable Permissions From Parent to Propagate to This Object" C. Check "Enable Delegation" D. Disable "Stop Inheritable Permissions From Parent to Propagate to This Object" E. You cannot do this
260 Case Study 13 3. Staffs in the short sword department and the long sword department always fail the first couple log on attempts during peak hours. You suspect that the nesting of OUs is the cause of the problem. What is the maximum level of nesting W2K can support? A. unlimited B. limited by resources C. 60 D. 61 *E. 62 Explanation: If OUs are nested too deeply, latency in authentication will result. Map to the objective Developing an OU Design Strategy
4. In the OU structure, how do you enable the newly created child object to inherit permission from the parent object? *A. Check "Allow Inheritable Permissions From Parent to Propagate to This Object" B. Disable "Allow Inheritable Permissions From Parent to Propagate to This Object" C. Check "Enable Delegation" D. Disable "Stop Inheritable Permissions From Parent to Propagate to This Object" E. You cannot do this Explanation: All existing objects will inherit the settings as well. Map to the objective Understanding Security in the OU process
Questions 261 5. In the OU structure, how do you enable an existing child object to inherit permission from the parent object, when the permissions in the parent object are changed? A. Check "Allow Inheritable Permissions From Parent to Propagate to This Object" B. Disable "Allow Inheritable Permissions From Parent to Propagate to This Object" C. Check "Enable Delegation" D. Disable "Stop Inheritable Permissions From Parent to Propagate to This Object" E. You cannot do this
6. User John has access to the Printer container. However, his group SALESREP's access to the container is denied. Can John access the container? A. No B. No when he logs on as SALESREP C. Yes D. Yes when he logs on only as John
262 Case Study 13 5. In the OU structure, how do you enable an existing child object to inherit permission from the parent object, when the permissions in the parent object are changed? *A. Check "Allow Inheritable Permissions From Parent to Propagate to This Object" B. Disable "Allow Inheritable Permissions From Parent to Propagate to This Object" C. Check "Enable Delegation" D. Disable "Stop Inheritable Permissions From Parent to Propagate to This Object" E. You cannot do this Explanation: All child objects will inherit the modified settings automatically. Map to the objective Understanding Security in the OU process
6. User John has access to the Printer container. However, his group SALESREP's access to the container is denied. Can John access the container? *A. No B. No when he logs on as SALESREP C. Yes D. Yes when he logs on only as John Explanation: Denial takes precedence. You can either remove John from the denied group, or remove the denial from the group. Map to the objective Understanding Security in the OU process
Questions 263 7. You need to allow Peter to view the ownership of an object in SamuraiPro's AD. What right will you need to grant him without giving him any extra right? A. Read B. Write C. Change D. Modify
8. How would you delegate the rights of creating and deleting printers to Peter (Choose all that apply)? A. Run the Delegation of Control Wizard B. Choose Create a Custom Task to Delegate C. Select the appropriate object type D. Define the scope E. Assign the permissions
264 Case Study 13 7. You need to allow Peter to view the ownership of an object in SamuraiPro's AD. What right will you need to grant him without giving him any extra right? *A. Read B. Write C. Change D. Modify Explanation: You can view an object's attribute with the READ right. Map to the objective Understanding Security in the OU process
8. How would you delegate the rights of creating and deleting printers to Peter (Choose all that apply)? *A. Run the Delegation of Control Wizard *B. Choose Create a Custom Task to Delegate *C. Select the appropriate object type *D. Define the scope *E. Assign the permissions Explanation: All the steps are required. Map to the objective Delegating Control
Questions 265 9. You found that Jay is causing troubles in the network. How would you deny read permission to Jay (Choose all that apply)? A. Run the Delegation of Control Wizard B. Run the Create a Custom Task to Delegate Wizard C. Inspect the object properties D. Manually deny the permission E. Manually block the inheritance of the permission
10. You want to assign your Assistance June full control rights over the user objects in the SALES OU of SumuraiPro. How would you do this? A. Assign her the common task of Create, Delete, and Manage User Accounts B. Assign her the common task of Reset passwords on User Accounts C. Assign her the common task of Read all User Information D. Assign her the common task of Manage Group Policy Links
266 Case Study 13 9. You found that Jay is causing troubles in the network. How would you deny read permission to Jay (Choose all that apply)? A. Run the Delegation of Control Wizard B. Run the Create a Custom Task to Delegate Wizard *C. Inspect the object properties *D. Manually deny the permission E. Manually block the inheritance of the permission Explanation: You cannot use the wizard to deny permissions. Map to the objective Delegating Control
10. You want to assign your Assistance June full control rights over the user objects in the SALES OU of SumuraiPro. How would you do this? *A. Assign her the common task of Create, Delete, and Manage User Accounts B. Assign her the common task of Reset passwords on User Accounts C. Assign her the common task of Read all User Information D. Assign her the common task of Manage Group Policy Links Explanation: The common task of Create, Delete, and Manage User Accounts = full control on the user objects of the OU. Map to the objective Delegating Control
Notes:
LaserPoint 269
Case Study 14 LaserPoint You are a Network Consultant with specialized skills in designing Win2000 directory services. You are recently requested by LaserPoint to design the Active Directory for the entire company.
Background LaserPoint has been importing laser pointers by the thousands since 1994. Its business model is quite unique: it operates from the garages of the partners to reduce overhead to almost zero, which allows them to provide low prices for the customers. Fortunately, all of garages have cable modems connectivity, which allows them to connect with each other via VPN. So far there are 5 garages in this business. Each garage has its own NT4 domain.
Products Products sold by LaserPoint include: Sales Team 1 ============ Green Laser Pointers Keychain Pointers Pattern Pointers Full Size Pointers Ballpoint Pen Pointers Sales Team 2 ============ Laser Yoyo Laser Glove Laser Aimer Gunsight Diode Modules Spectacle Binoculars
270 Case Study 14
Organization Each sales team has about 3 members. They are all working in the downtown garage location. The owner of the company prefers to organize the sales teams into the OUs. There are special considerations regarding these products. For example: Green laser pointers, Only UPS or courier should ship Green laser pointers, because of their high value. Foreign buyers are responsible for customs duty charges. Buyer is responsible for shipping charges and if buyer refuses to accept the merchandise ordered, buyer is also responsible for the charges to return the shipment to the company. All orders are mailed the day received up to 3PM Central Time. When paying by credit card, orders can be shipped only to the credit card billing address. For orders of 50 units or more, special shipping rates apply. Each garage hires 2 part time staffs as the shipment handlers. Shipping and handling is an important part of the company. LaserPoint has a web server dedicated to providing shipping schedule to the customers. In addition, they have arrangements to connect to the shipping companies extranet.
Questions 271 1. When a sales person of the Sales Team 1 OU, a script runs and the desktop background is modified. You inspect the GPO of this OU, and nothing wrong is found. What is the cause of the problem? A. May be there are GPOs associated above or below this OU that have been applied B. May be there are GPOs associated above this OU that have been applied C. May be there are GPOs associated below this OU that have been applied D. May be there are no GPOs associated above or below this OU that have been applied
2. How do you modify the log on and log off operations of all the users in the Down Town Garage domain (Choose all that apply)? A. Modify the System container of the Administrative template B. Modify the Log On container of the Administrative template C. Modify the Log Off container of the Administrative template D. Apply the GPO in the forest level E. Apply the GPO in the domain level
272 Case Study 14 1. When a sales person of the Sales Team 1 OU, a script runs and the desktop background is modified. You inspect the GPO of this OU, and nothing wrong is found. What is the cause of the problem? *A. May be there are GPOs associated above or below this OU that have been applied B. May be there are GPOs associated above this OU that have been applied C. May be there are GPOs associated below this OU that have been applied D. May be there are no GPOs associated above or below this OU that have been applied Explanation: You need to know that GPOs are cumulative.... You should check GPOs of the other levels and find out the problems. Map to the objective Planning Groups
2. How do you modify the log on and log off operations of all the users in the Down Town Garage domain (Choose all that apply)? *A. Modify the System container of the Administrative template B. Modify the Log On container of the Administrative template C. Modify the Log Off container of the Administrative template D. Apply the GPO in the forest level *E. Apply the GPO in the domain level Explanation: Because you apply the GPO at the domain level, every user in this domain will be affected. Map to the objective Planning Groups
Questions 273 3. You want to design a script that presents the users of the Down Town Garage domain a MOTD message when the users log on. Where will you place the script? A. System script B. Start up script C. Log on script D. Log off script
4. You want to design a script that presents the users of the Down Town Garage domain a MOTD message when the users log on. You placed the script in the appropriate location. A user logs on, and the script starts to run. Before the complete message is displayed, it stops. What is likely the problem? A. The script is not in the correct location B. The script has bugs C. The script is not compatible with the system D. Wait time - time out
274 Case Study 14 3. You want to design a script that presents the users of the Down Town Garage domain a MOTD message when the users log on. Where will you place the script? A. System script B. Start up script *C. Log on script D. Log off script Explanation: This script will run when a user logs onto the system. Map to the objective Planning Groups
4. You want to design a script that presents the users of the Down Town Garage domain a MOTD message when the users log on. You placed the script in the appropriate location. A user logs on, and the script starts to run. Before the complete message is displayed, it stops. What is likely the problem? A. The script is not in the correct location B. The script has bugs C. The script is not compatible with the system *D. Wait time - time out Explanation: You should increase the wait time value. The max value is 32000, in seconds. Map to the objective Planning Groups
Questions 275 5. You are designing the GPOs for the company's network. Which of the following is true concerning the GPO application (Choose all that apply)? A. Local GPOs are always processed first B. Non local GPOs are always processed first C. For a computer that is a member of a workgroup, only the local GPO will be processed D. For a computer that is a member of a workgroup, only the non-local GPO will be processed
6. You are designing the GPOs for the company's network. You want to include all user config settings in one group policy only. What type of GPO will you need to deploy? A. Dedicated Policy type B. Standalone Policy type C. Network Policy type D. Config Policy type
276 Case Study 14 5. You are designing the GPOs for the company's network. Which of the following is true concerning the GPO application (Choose all that apply)? *A. Local GPOs are always processed first B. Non local GPOs are always processed first *C. For a computer that is a member of a workgroup, only the local GPO will be processed D. For a computer that is a member of a workgroup, only the non-local GPO will be processed Explanation: For a computer that is not part of a network, or a computer that is a member of a workgroup, no non-local GPO will be processed. Map to the objective Planning Group Policy Object Management
6. You are designing the GPOs for the company's network. You want to include all user config settings in one group policy only. What type of GPO will you need to deploy? *A. Dedicated Policy type B. Standalone Policy type C. Network Policy type D. Config Policy type Explanation: All computer config settings will be in a separate policy. Map to the objective Planning Group Policy Object Management
Questions 277 7. You are designing the GPOs for the company's network. You deploy the Dedicated Policy type. What is the effect of this deployment? A. Include all user config settings in one group policy. All computer config settings will be in a separate policy. B. Include all user config and computer config settings in one group policy. C. Exclude all user config in the group policy file. D. Exclude all computer config in the group policy file.
8. You are designing the policy of the company's AD. You need to grant access to the different resources on AD. What will you deploy? A. Security group B. Distribution group C. Permission group D. ACL group
278 Case Study 14 7. You are designing the GPOs for the company's network. You deploy the Dedicated Policy type. What is the effect of this deployment? *A. Include all user config settings in one group policy. All computer config settings will be in a separate policy. B. Include all user config and computer config settings in one group policy. C. Exclude all user config in the group policy file. D. Exclude all computer config in the group policy file. Explanation: All computer config settings will be in a separate policy then the user config. Map to the objective Planning Group Policy Object Management
8. You are designing the policy of the company's AD. You need to grant access to the different resources on AD. What will you deploy? *A. Security group B. Distribution group C. Permission group D. ACL group Explanation: Security group is for granting resource access. You will frequently be using it when planning for the security aspect of AD. Map to the objective Planning Group Policy Object Management
Questions 279 9. You attempt to block policy inheritance in the SALES TEAM 2 OU of the company's AD. However, for some reasons, the policies from the level above can still be inherited into this OU. How should you fix the problem? A. Enable "No override" B. Disable "No override" C. Enable "Override" D. Disable "Override"
10. How do you set the detailed audit policies for the company's network? A. Deploy Computer Configuration settings B. Deploy Network Configuration settings C. Deploy Group Configuration settings D. Modify the logon script
280 Case Study 14 9. You attempt to block policy inheritance in the SALES TEAM 2 OU of the company's AD. However, for some reasons, the policies from the level above can still be inherited into this OU. How should you fix the problem? A. Enable "No override" *B. Disable "No override" C. Enable "Override" D. Disable "Override" Explanation: The "No override" setting will prevent other GPOs from overriding its settings. You should disable it. Map to the objective Planning Group Policy Object Management
10. How do you set the detailed audit policies for the company's network? *A. Deploy Computer Configuration settings B. Deploy Network Configuration settings C. Deploy Group Configuration settings D. Modify the logon script Explanation: Computer Configuration settings are applied when the OS starts. You can also use it to activate the specific Kerberos policy. Map to the objective Planning Group Policy Object Management
Notes:
MyTeapots 283
Case Study 15 MyTeapots You are a Network Consultant with specialized skills in designing Win2000 directory services. You are recently requested by MyTeapots to design the Active Directory for the entire company.
Background Since 1970 MyTeapots has been offering products of slate, natural rock, and exquisite crystal water fountains. As a mail order house located in Texas, MyTeapots has its warehouse located in San Jose to serve the customers in the Bay Area. Another office will be opened in New York shortly.
Products The major product lines available: Yixing Teapots Chinese Jade Teapots Taiwanese Teapots Japanese Tetsubin Tea Accessories In addition, MyTeapots offers fresh handpicked, full leaf teas. The line of unblended and blended full-leaf varieties include: China Green Teas Japan Green Teas Indian Green Teas Vietnamese Green Teas White Teas Jasmine Teas Oolong Teas Black Teas
284 Case Study 15
Departmental Structure There are 5 departments in the company. The TEA department handles the sales of Tealeaf. The TEAPOT department handles the sales of teapots. The ACCESSORIES department handles the sales of Tea accessories. The WAREHOUSE department handles the inventory. The ADMIN department handles the in house administration. The management of the company has decided to upgrade to W2K and deploys a single domain model for the AD. There will be 2 sites in the AD, one in Texas and the other one in San Jose. The 2 sites will be connected with a 64KBPS links.
Questions 285 1. You need to configure the RUN command settings for all users in MyTeapots's network. What do you use for this type of configuration? A. Deploy Computer Configuration settings B. Deploy Network Configuration settings C. Deploy Group Configuration settings D. Modify the logon script
2. You need to configure the Start menu and taskbar settings for all users in MyTeapots's network. What do you use for this type of configuration? A. Deploy Administrative template B. Deploy Network Configuration settings C. Deploy Metadata template D. Modify the logon script
286 Case Study 15 1. You need to configure the RUN command settings for all users in MyTeapots's network. What do you use for this type of configuration? *A. Deploy Computer Configuration settings B. Deploy Network Configuration settings C. Deploy Group Configuration settings D. Modify the logon script Explanation: Computer Configuration settings are applied when the OS starts. You can also use it to activate the specific Kerberos policy. Map to the objective Understanding Computer Policies
2. You need to configure the Start menu and taskbar settings for all users in MyTeapots's network. What do you use for this type of configuration? *A. Deploy Administrative template B. Deploy Network Configuration settings C. Deploy Metadata template D. Modify the logon script Explanation: Administrative template can be used to configure registry based settings. Map to the objective Planning Policy Management for Users
Questions 287 3. You need to configure an application for all users in MyTeapots's network so that the application will be available next time the users log on. What do you use for this type of configuration? A. Assign the application B. Publish the application C. Pinpoint the application D. Modify the logon script
4. What problem will you foresee in MyTeapots's site design? A. Connection between the sites may be too slow B. Connection between the sites may be too fast C. Connection between the sites is ok D. The link is too expensive
288 Case Study 15 3. You need to configure an application for all users in MyTeapots's network so that the application will be available next time the users log on. What do you use for this type of configuration? *A. Assign the application B. Publish the application C. Pinpoint the application D. Modify the logon script Explanation: This will make the applications readily available for the users. Map to the objective Planning Policy Management for Users
4. What problem will you foresee in MyTeapots's site design? *A. Connection between the sites may be too slow B. Connection between the sites may be too fast C. Connection between the sites is ok D. The link is too expensive Explanation: 128KBPS of available bandwidth commended by MS. Map to the objective Defining Site Boundaries
Questions 289 5. The president of MyTeapots has a new desktop computer in his office. He wants to associate his computer with multiple sites. Is this possible? A. Yes B. Yes, if he has multiple NICs C. No
6. \\*Case Study 15;219CS15.pdf\\* You have configured couple site links for MyTeapots's head office in Texas. One link has a cost of 50, while another one has a cost of 100. Which link will be preferred for making connections? A. The link with a cost of 50 B. The link with a cost of 100 C. Either one D. Decided randomly E. Deployed on a round robin fashion
290 Case Study 15 5. The president of MyTeapots has a new desktop computer in his office. He wants to associate his computer with multiple sites. Is this possible? A. Yes B. Yes, if he has multiple NICs *C. No Explanation: A computer can belong to one site only. However, the multiple NICs can interact with multiple sites. Map to the objective Defining Site Boundaries
6. You have configured couple site links for MyTeapots's head office in Texas. One link has a cost of 50, while another one has a cost of 100. Which link will be preferred for making connections? *A. The link with a cost of 50 B. The link with a cost of 100 C. Either one D. Decided randomly E. Deployed on a round robin fashion Explanation: The one with the lowest cost always takes precedence. Map to the objective Designing a Replication Strategy
Questions 291 7. What protocol will you deploy for replication across site links in MyTeapots's AD, given the fact that the WAN connection is not too reliable? A. IP B. SMTP C. SNMP D. Both IP and SMTP E. Both IP and SNMP
8. You need to install an application into MyTeapots's AD. This application will need to add object classes and attributes into the directory schema. What role do you need to have in order to carry out the installation? A. You must be a member of the Schema Admin group B. You must be a member of the Object Admin group C. You must be a member of the Schema Manager group D. You must be a member of the Schema Creator group
292 Case Study 15 7. What protocol will you deploy for replication across site links in MyTeapots's AD, given the fact that the WAN connection is not too reliable? A. IP *B. SMTP C. SNMP D. Both IP and SMTP E. Both IP and SNMP Explanation: IP is recommended only if the WAN link is reliable. Otherwise, use SMTP. Map to the objective Designing a Replication Strategy
8. You need to install an application into MyTeapots's AD. This application will need to add object classes and attributes into the directory schema. What role do you need to have in order to carry out the installation? *A. You must be a member of the Schema Admin group B. You must be a member of the Object Admin group C. You must be a member of the Schema Manager group D. You must be a member of the Schema Creator group Explanation: Also, the application must be AD aware. Map to the objective Defining a Schema Modification Policy
Questions 293 9. You want to modify MyTeapot's AD schema programmatically. What do you need for this purpose? A. ADSI B. ADSL C. ADO D. XDO
10. You will be running only W2K servers on MyTeapots's AD. Which of the following is recommended regarding the implementation of the AD? A. You should have W2K running in Active mode B. You should have W2K running in Native mode C. You should have W2K running in Mixed mode D. You should have W2K running in Combined mode
294 Case Study 15 9. You want to modify MyTeapot's AD schema programmatically. What do you need for this purpose? *A. ADSI B. ADSL C. ADO D. XDO Explanation: ADSI stands for Active Directory Services Interface. Map to the objective Defining a Schema Modification Policy
10. You will be running only W2K servers on MyTeapots's AD. Which of the following is recommended regarding the implementation of the AD? A. You should have W2K running in Active mode *B. You should have W2K running in Native mode C. You should have W2K running in Mixed mode D. You should have W2K running in Combined mode Explanation: If you do not have any NT4 servers in the network, by all means switch to native mode to maximize the benefits that can be produced by AD. Map to the objective Designing an Active Directory Implementation Plan
Notes:
LoveSherpa 297
Case Study 16 LoveSherpa You are a Network Consultant with specialized skills in designing Win2000 directory services. You are recently requested by LoveSherpa Inc to design the Active Directory for the entire company.
Background LoveSherpa is a company producing and selling the LoveSherpa series of bag - soft-sided pet carrier approved for in-cabin use by major airlines. The LoveSherpa bags are recognized as the premiere soft-sided pet carrier that can provide a safe comfortable trip for the pets by plane, train or automobile.
Locations Established in New York, it has two branches in East Asia and one branch in London. Due to the expanding demand for this kind of products, instead of manufacturing everything on its own, it is outsourcing many of the production works.
Products LoveSherpa’s contractors in China produce the following products: • LoveSherpa Lite • The Classic LoveSherpa Traveler • The Kartu Bag • LoveSherpa French Sac • The Ultimate LoveSherpa LoveSherpa’s contractor in Korea produces the following products: • LoveSherpa Back Pac the All-in-One Bag • Delta Airlines Deluxe Pet Carrier By LoveSherpa • The LoveSherpa-on-Wheels • The LoveSherpa Roll-Up • Original LoveSherpa Bag
298 Case Study 16
Network Structure Due to the close relationship with the contractors, the company actually shares all its network resources with them. Instead of running its own network, it aims at building a “mega network“ that integrates the domains of the contractors into its envisioned directory structure. The domain name for external use will be lovesherpa.com, while the internal one will be LS.com. Also note that there will be one W2K server and one NT4 server available in the head office. The network will run only TCP/IP and nothing else.
Questions 299 1. How many Domain Naming master will you arrange for LoveSherpa? A. 1 B. 2 C. 3 D. 4 E. one per DC
2. How many Schema master will you arrange for LoveSherpa? A. 1 B. 2 C. 3 D. 4 E. one per DC
300 Case Study 16 1. How many Domain Naming master will you arrange for LoveSherpa? *A. 1 B. 2 C. 3 D. 4 E. one per DC Explanation: There can only be one Domain Naming master per forest, as it is a forest wide role. Map to the objective Designing the placement of Operations Master
2. How many Schema master will you arrange for LoveSherpa? *A. 1 B. 2 C. 3 D. 4 E. one per DC Explanation: There can only be one Schema Master per forest, as it is a forest wide role. Map to the objective Designing the placement of Operations Master
Questions 301 3. How many Operations Master will you place in the head office? A. 1 B. 2 C. 3 D. 4
4. How do you create global catalogs in LoveSherpa's domain, assuming that two new W2K server will be set up? A. Active Directory Sites and Services B. Active Directory Computers and Users C. Active Directory Domains and Trusts D. NTDSUTIL E. NETDOM
302 Case Study 16 3. How many Operations Master will you place in the head office? A. 1 B. 2 C. 3 *D. 4 Explanation: Domain Naming Master is responsible for adding or removing domains from a forest. Map to the objective Designing the placement of Operations Master
4. How do you create global catalogs in LoveSherpa's domain, assuming that two new W2K server will be set up? *A. Active Directory Sites and Services B. Active Directory Computers and Users C. Active Directory Domains and Trusts D. NTDSUTIL E. NETDOM Explanation: The first DC in the site will automatically take the role of GC. However, you can manually add additional GC by using the Active Directory Sites and Services. Map to the objective Designing the Placement of Global Catalog Servers
Questions 303 5. Which of the following statement is true regarding the relationship between global catalog and DCs (Choose all that apply)? A. Global Catalog servers are based on domain B. Global Catalog servers are based on site C. Each domain in the same site must have at least one DC even if there are multiple domains there D. By default there is one GC in a site
6. The New York Site and the London Site each has a DC. Users from New York complain that access to resources on London is very slow. Users from London have similar complains. The two sites are connected with a 128KB ISDN line. Which of the following can increase performance with the lowest cost? A. Upgrade the WAN line B. Add additional DCs to each site C. Add GCs to each site D. Add more RAM for the DCs
304 Case Study 16 5. Which of the following statement is true regarding the relationship between global catalog and DCs (Choose all that apply)? A. Global Catalog servers are based on domain *B. Global Catalog servers are based on site C. Each domain in the same site must have at least one DC even if there are multiple domains there *D. By default there is one GC in a site Explanation: Each GC contains attributes of objects from all domains. Map to the objective Designing the Placement of Global Catalog Servers
6. The New York Site and the London Site each has a DC. Users from New York complain that access to resources on London is very slow. Users from London have similar complains. The two sites are connected with a 128KB ISDN line. Which of the following can increase performance with the lowest cost? *A. Upgrade the WAN line B. Add additional DCs to each site C. Add GCs to each site D. Add more RAM for the DCs Explanation: The slower the line you have, the slower it will be for resource access. By adding additional GCs or DCs to the site, you will increase network traffic due to the need for replication. Map to the objective Designing the Placement of Global Catalog Servers
Questions 305 7. The company may split its current network into multiple domains. In the plan there will be 3 domains: LSDA, LSDB and LSDC. What will be the correct placement of DCs (Choose all that apply)? A. One DC for LSDA B. One DC for LSDB C. One DC for LSDC D. One DC for the whole network
8. The DNS server is temporarily down. What will happen to users on the network (Choose all that apply)? A. Users cannot locate the DCs B. Users cannot be authenticated C. Users cannot access network resources D. No problem will ever exist
306 Case Study 16 7. The company may split its current network into multiple domains. In the plan there will be 3 domains: LSDA, LSDB and LSDC. What will be the correct placement of DCs (Choose all that apply)? *A. One DC for LSDA *B. One DC for LSDB *C. One DC for LSDC D. One DC for the whole network Explanation: Each domain must have at least one DC. Map to the objective Designing the Placement of Domain Controllers
8. The DNS server is temporarily down. What will happen to users on the network (Choose all that apply)? *A. Users cannot locate the DCs *B. Users cannot be authenticated *C. Users cannot access network resources D. No problem will ever exist Explanation: Without DNS users will not be able to locate the DCs in a TCP/IP only network. This means users will not be authenticated. Map to the objective Designing the Placement of DNS Servers
Questions 307 9. What are the advantages of deploying AD Integrated DNS Zone (Choose all that apply)? A. DNS information will be stored in AD B. DNS information will be automatically replicated C. DCs can perform name resolution D. DCs can perform WINS resolution
308 Case Study 16 9. What are the advantages of deploying AD Integrated DNS Zone (Choose all that apply)? *A. DNS information will be stored in AD *B. DNS information will be automatically replicated *C. DCs can perform name resolution D. DCs can perform WINS resolution Explanation: When DNS is integrated into AD, there is no need for replication between Primary and Secondary DNS servers any longer. Map to the objective Designing the Placement of DNS Servers
Notes:
ProSKI 311
Case Study 17 ProSKI You are a Network Consultant with specialized skills in designing Win2000 directory services. You are recently requested by ProSKI Inc to design the Active Directory for the entire company.
Background ProSKI is a company that specializes in developing equipment for ticketing and access control for ski resorts. The members of ProSKI will be able to purchase tickets for ski lifts and reserve rental equipment from their home computers or at the resorts. As part of a membership, ProSKI will issue smart cards so that members can use the lockers as well as to gain access to ski lifts and to make restaurant reservations easily. New members can enroll for ProSKI services at each resort. They will also be able to complete application forms on the Internet. The member will be affiliated with one resort, but will be able to use services from any other.
Structure ProSKI will design the global services to support two components. One component will be for members, and the other component will be for resorts. Members will be able to access the member component from the Internet or any resort. The resort component will be used to support each resort and its unique internal business and employee needs. The company has its headquarter in Denver and an IT center in San Mateo. There are 6 different resort locations around the world. Each resort has five departments. Each resort is independently owned and managed. Each one will want to be able to add applications that might uniquely change the directory schema. They do not want any external companies or any other resort to have the authority to change user permissions for their employees.
312 Case Study 17 ProSKI.com hosts the member Web site. Currently each resort has its own Web site, and that each resort Web site is registered under its own domain. The DNS services for the top-level DNS domain will continue to be managed by external Web presence provider. But for sure they do not want the internal-operations to remain on the external DNS server.
Questions 313 1. Which of the following will you consider as the valid business factors for the Forest design? A. Each resort must maintain independent control. B. Each resort must have web presence. C. Member logon requests should be localized. D. Resort administrative control is divided among different departments.
2. Which of the following will you consider as the valid business factors for the Site design? A. Each resort must maintain independent control. B. Each resort must have web presence. C. Member logon requests should be localized. D. Resort administrative control is divided among different departments.
314 Case Study 17 1. Which of the following will you consider as the valid business factors for the Forest design? *A. Each resort must maintain independent control. B. Each resort must have web presence. C. Member logon requests should be localized. D. Resort administrative control is divided among different departments. Explanation: For different forests to communicate, one way explicit trust must be manually set. Map to the objective Analyzing the Planned Business Models
2. Which of the following will you consider as the valid business factors for the Site design? A. Each resort must maintain independent control. B. Each resort must have web presence. *C. Member logon requests should be localized. D. Resort administrative control is divided among different departments. Explanation: Site topology is related to location, WAN link and replication. Map to the objective Analyzing the Planned Business Models
Questions 315 3. Which of the following will you consider as the valid business factors for the OU design (choose 2)? A. Each resort must maintain independent control. B. Each resort must have web presence. C. Resort administrative control is divided among different departments. D. It should be easy to move user objects from one resort to another resort.
4. The fact that there are lots of employee positions at each resort is a valid business factor for? A. Security Group Membership B. OU C. Site D. Domain E. Forest
316 Case Study 17 3. Which of the following will you consider as the valid business factors for the OU design (choose 2)? A. Each resort must maintain independent control. B. Each resort must have web presence. *C. Resort administrative control is divided among different departments. *D. It should be easy to move user objects from one resort to another resort. Explanation: Anything related to Departments means OUs. User objects in OUs are easily movable. Map to the objective Analyzing the Planned Business Models
4. The fact that there are lots of employee positions at each resort is a valid business factor for? *A. Security Group Membership B. OU C. Site D. Domain E. Forest Explanation: Since there are many employees, you want to control the rights and permissions carefully. Map to the objective Analyzing Security Considerations
Questions 317 5. The deployment of Group Policy objects can be helpful towards (choose 2)? A. The configuration of the desktop settings for employees. B. The software updates for the kiosks. C. The configuration of file ACL. D. The configuration of web site upload authentication
6. What will be the ideal design for the domain and forest structure of the members (Choose all that apply)? A. Use ProSKI.com for the forest root B. Use single domain C. Use single site D. Use multiple master domain
318 Case Study 17 5. The deployment of Group Policy objects can be helpful towards (choose 2)? *A. The configuration of the desktop settings for employees. *B. The software updates for the kiosks. C. The configuration of file ACL. D. The configuration of web site upload authentication Explanation: You can use GPO to configure one's desktop as well as the software application. Map to the objective Planning Groups
6. What will be the ideal design for the domain and forest structure of the members (Choose all that apply)? *A. Use ProSKI.com for the forest root *B. Use single domain C. Use single site D. Use multiple master domain Explanation: You should deploy a single domain in the forest of ProSKI.com for the members. Map to the objective Planning the DNS Strategy
Questions 319 7. How do you design the DNS and domain structure to meet the internal needs of the resorts (Choose all that apply)? A. Create a DNS zone as a subdomain of the resort's existing Internet domain name. B. Assign the sub domain to the Active Directory forest root. C. Deploy multiple secondary DNS servers D. Merge the domains into an ALL-In-ONE domain
8. When you determine the number of forest for ProSKI, what factors will influence your decision? (Choose 3) A. Each resort will want to be able to add unique applications B. Employees of one resort will not access information of another resort. C. Each resort does not want any other resort to be able to change user permissions for their employees. D. Each resort will have a T3 WAN link upgrade shortly
320 Case Study 17 7. How do you design the DNS and domain structure to meet the internal needs of the resorts (Choose all that apply)? *A. Create a DNS zone as a subdomain of the resort's existing Internet domain name. *B. Assign the sub domain to the Active Directory forest root. C. Deploy multiple secondary DNS servers D. Merge the domains into an ALL-In-ONE domain Explanation: It is wise to add the active directory as the internal domain in the forest. Map to the objective Planning the DNS Strategy
8. When you determine the number of forest for ProSKI, what factors will influence your decision? (Choose 3) *A. Each resort will want to be able to add unique applications *B. Employees of one resort will not access information of another resort. *C. Each resort does not want any other resort to be able to change user permissions for their employees. D. Each resort will have a T3 WAN link upgrade shortly Explanation: The deployment of multiple forests allow the resorts to selectively establish trusts if inter-forest resource sharing is needed. Map to the objective Understanding Forest Characteristics
Questions 321 9. What is the ideal top-level OU for supporting a resort's internal business requirements? A. Departments B. Divisions C. Resorts D. Web Sites
10. For the resort employees to update member records, what trust relationship between the member domain and each resort domain must exist? A. member trusts resort B. resort trusts member C. trusts of either way D. mutual trusts
322 Case Study 17 9. What is the ideal top-level OU for supporting a resort's internal business requirements? *A. Departments B. Divisions C. Resorts D. Web Sites Explanation: Anything related to Departments means OUs. Map to the objective Developing an OU Design Strategy
10. For the resort employees to update member records, what trust relationship between the member domain and each resort domain must exist? *A. member trusts resort B. resort trusts member C. trusts of either way D. mutual trusts Explanation: The member domain must trust the resort domains so that users of the resort domain can access the resources of the member domain. Map to the objective Analyzing Trust Relationships
Notes:
SupremeX Military Consultant 325
Case Study 18 SupremeX Military Consultant You are a Network Consultant with specialized skills in designing Win2000 directory services. You are recently requested by SupremeX Military Consultant to design the Active Directory for the entire company.
Background SupremeX Military Consultant is a military research company that operates from several locations in the United States. Most of the company’s business comes from the contracts from the United States government and military. Its headquarters and primary IT center is in Washington, D.C. Other offices of the company include Boston, Denver, San Diego, San Francisco, Seattle, St. Petersburg, and Washington, D.C. The Denver, San Diego, San Francisco and Seattle facilities were originally a separate company named LightSpeed Energy. These facilities became a part of SupremeX Military Consultant when they were purchased in 1992. These facilities still use the LightSpeed Energy name and LightSpeed Energy still maintains its identity as a separate company.
IT Structure The existing IT Environment has a diverse server environment, including mainframe, UNIX, Novell, Macintosh, VINES and Microsoft servers. There are two Windows NT account domains and one resource domain in each of the seven geographic locations. The account domains are in Washington, D.C., and San Francisco. There is a 45Mbps line from San Francisco to the primary IT center in Washington, D.C. All other locations are connected with high speed dedicated connections.
326 Case Study 18 The external DNS systems for both the SupremeX Military Consultant Web site and the LightSpeed Energy Web site are hosted on third-party ISP servers. The DNS modifications required for Windows 2000 will need to use the existing internal DNS structure. The primary IT center is in Washington, D.C. There is another major IT center in San Francisco. The San Francisco research facility will operate as an independent business unit, and that account management is performed in Washington, D.C. and San Francisco. All policies and application specifications are defined at the Washington, D.C. and the San Francisco IT centers.
Envisioned Structure The rights for resetting passwords and changing attributes will be delegated to local IT administrators. The departmental and branch administrators of resource domains are not granted administrative rights for the corresponding account domains. All Group Policies will be centrally managed from Washington, D.C.
Questions 327 1. During the course of W2K upgrade, what are valid actions you should take for SupremeX (Choose all that apply)? A. Create a root domain B. Create two forests C. Upgrade the account domains to Windows 2000, then upgrade the resource domains. D. Consolidate the resource domains into the account domains. E. Reserve two NT Servers for fall back
2. You received instructions to design the group policy hierarchy that should be applied to a user in the human resources department at the Boston facility. Which of the following reflects the order of applying the GPO? A. Boston site GPO, domain GPO, Boston OU GPO, human resources GPO B. Boston site GPO, domain GPO, human resources GPO C. Boston site GPO, Boston OU GPO, human resources GPO D. Boston OU GPO, Boston site GPO, human resources GPO E. Boston OU GPO, Boston site GPO, domain GPO
328 Case Study 18 1. During the course of W2K upgrade, what are valid actions you should take for SupremeX (Choose all that apply)? *A. Create a root domain B. Create two forests *C. Upgrade the account domains to Windows 2000, then upgrade the resource domains. *D. Consolidate the resource domains into the account domains. E. Reserve two NT Servers for fall back Explanation: You should have one forest and one tree to hold the new domain. The final goal is domain consolidation. Map to the objective Analyzing the Planned Business Models
2. You received instructions to design the group policy hierarchy that should be applied to a user in the human resources department at the Boston facility. Which of the following reflects the order of applying the GPO? *A. Boston site GPO, domain GPO, Boston OU GPO, human resources GPO B. Boston site GPO, domain GPO, human resources GPO C. Boston site GPO, Boston OU GPO, human resources GPO D. Boston OU GPO, Boston site GPO, human resources GPO E. Boston OU GPO, Boston site GPO, domain GPO Explanation: The correct order should follow this pattern: Site - Domain - OU . Map to the objective Planning Groups
Questions 329 3. How do you carry out the implementation of the administration of group policy (Choose all that apply)? A. Enable domain administrators to create Group Policy objects to link GPOs to sites, domains, and organizational units, and to edit site-level and domain-level GPOs. B. Enable departmental administrators at each location to edit GPOs that apply to their departmental OUs. C. Assign the GPO with the corresponding ACL D. Reset the GPO passwords
4. Why would you ever want to create more than one domain (Choose all that apply)? A. Different companies have different account lockout policies. B. Different companies have different password policies. C. Different companies have different disk quota policies. D. Different companies have different encryption lock policies.
330 Case Study 18 3. How do you carry out the implementation of the administration of group policy (Choose all that apply)? *A. Enable domain administrators to create Group Policy objects to link GPOs to sites, domains, and organizational units, and to edit site-level and domain-level GPOs. *B. Enable departmental administrators at each location to edit GPOs that apply to their departmental OUs. C. Assign the GPO with the corresponding ACL D. Reset the GPO passwords Explanation: At the domain level, the administrator can create the policy. At the departmental level, administrator can customize the policy applied to their departments. Map to the objective Planning Policy Management for Users
4. Why would you ever want to create more than one domain (Choose all that apply)? *A. Different companies have different account lockout policies. *B. Different companies have different password policies. C. Different companies have different disk quota policies. D. Different companies have different encryption lock policies. Explanation: Account related policy is always domain wide. Map to the objective Analyzing the Existing Business Models
Questions 331 5. What will be the optimal locations for the server services of the W2K network of SupremeX (choose 2)? A. Washington, D.C.; RID master, schema operations master, infrastructure operation master, domain naming master, PDC emulator, global catalog. B. San Francisco; global catalog, PDC emulator, RID master, infrastructure operation master. C. Washington, D.C.; global catalog, PDC emulator, RID master, infrastructure operation master. D. San Francisco; DNS and global catalog
6. In order to grant permissions to a set of resources that are managed on the domain controllers in Washington, D.C., the correct steps you should take are (Choose all that apply)? A. Create a domain local group in the local domain B. Grant the domain local group of the local domain access to the resources. C. Create one global group in the appropriate domain or domains, and add to this group the users who need access to the resources. D. Add the global groups to the domain local group in the local domain.
332 Case Study 18 5. What will be the optimal locations for the server services of the W2K network of SupremeX (choose 2)? *A. Washington, D.C.; RID master, schema operations master, infrastructure operation master, domain naming master, PDC emulator, global catalog. *B. San Francisco; global catalog, PDC emulator, RID master, infrastructure operation master. C. Washington, D.C.; global catalog, PDC emulator, RID master, infrastructure operation master. D. San Francisco; DNS and global catalog Explanation: Schema master and domain naming master are forest wide roles - only one per forest. Map to the objective Designing the Placement of Operation Masters
6. In order to grant permissions to a set of resources that are managed on the domain controllers in Washington, D.C., the correct steps you should take are (Choose all that apply)? *A. Create a domain local group in the local domain *B. Grant the domain local group of the local domain access to the resources. *C. Create one global group in the appropriate domain or domains, and add to this group the users who need access to the resources. *D. Add the global groups to the domain local group in the local domain. Explanation: You should only use domain local group and global group in your answers. Never consider any other group type. Map to the objective Understanding Security
Questions 333 7. For the existing DNS to support Windows 2000, what must be supported by the DNS service? A. SRV records B. DHCP C. WINS D. IPSec E. Triggered update
8. What would be the optimal DNS upgrade strategy for SupremeX (Choose all that apply)? A. Upgrade the existing DNS infrastructure B. Use the existing structure as is C.
Use three domains named LightSpeed.SupremeX.com.
SupremeX.com,
corp.SupremeX.com,
D. Use two domains named SupremeX.com and LightSpeed.com.
and
334 Case Study 18 7. For the existing DNS to support Windows 2000, what must be supported by the DNS service? *A. SRV records B. DHCP C. WINS D. IPSec E. Triggered update Explanation: To work with Win2K, DNS must support SRV record for locating resources and services on the network. Map to the objective Planning the DNS Strategy
8. What would be the optimal DNS upgrade strategy for SupremeX (Choose all that apply)? *A. Upgrade the existing DNS infrastructure B. Use the existing structure as is *C. Use three domains named SupremeX.com, corp.SupremeX.com, and LightSpeed.SupremeX.com. D. Use two domains named SupremeX.com and LightSpeed.com. Explanation: You must upgrade the existing DNS structure and enable support for SRV so that W2K can be fully supported. Map to the objective Planning the DNS Strategy
Questions 335 9. There are existing Unix DNS services on the network. How would you integrate them into the new W2K network (Choose all that apply)? A. Upgrade them B. Use them as is C. Configure the zones required for Windows 2000 in the Unix DNS service D. Deploy Unix - W2K Bridging software
10. Why would you choose to deploy OUs for SupremeX? A. Easy delegation B. High speed resource searching C. Effective account lockout policy D. Easy desktop maintenance
336 Case Study 18 9. There are existing Unix DNS services on the network. How would you integrate them into the new W2K network (Choose all that apply)? *A. Upgrade them B. Use them as is *C. Configure the zones required for Windows 2000 in the Unix DNS service D. Deploy Unix - W2K Bridging software Explanation: For DNS to work with W2K, SRV record must be supported. Map to the objective Planning the DNS Strategy
10. Why would you choose to deploy OUs for SupremeX? *A. Easy delegation B. High speed resource searching C. Effective account lockout policy D. Easy desktop maintenance Explanation: The primary advantage of deploying OU is delegation - you can delegate duties to your sub-ordinates easily with the Delegation of Control Wizard. Map to the objective Delegating Administration
Notes:
338 Other Microsoft Books
Other Microsoft Certification books by TotalRecall Publications InsideScoop to MCP / MCSE Certification: Exam 70-219 Designing a Windows 2000 Directory Services Infrastructure ExamInsight For MCP / MCSE Certification: Exam 70-219 Designing a Windows 2000 Directory Services Infrastructure ExamWise For MCP / MCSE Certification: Exam 70-210 Managing Microsoft Windows 2000 Professional ExamWise For MCP / MCSE Certification: Exam 70-215 Installing, Configuring, and Administering Microsoft Windows 2000 Server ExamWise For MCP / MCSE Certification: Exam 70-216 Implementing and Administering a Microsoft Windows 2000 Network Infrastructure ExamWise For MCP / MCSE Certification: Exam 70-217 Managing a Microsoft Directory Services Infrastructure ExamWise For MCP / MCSE Certification: Exam 70-218 Managing a Microsoft Windows 2000 Network Environment ExamWise For MCP / MCSE Certification: Exam 70-220 Designing Security for a Microsoft Windows 2000 Network ExamWise For MCP / MCSE Certification: Exam 70-221 Designing a Microsoft Windows 2000 Network Infrastructure ExamWise For MCP / MCSE Certification: Microsoft Windows XP Professional
Exam 70-270
Money Back Book Guarantee 339
Money Back Book Guarantee This guarantee applies only to books published by BFQ Press! We are so confident in our products, we are prepared to offer the following guarantee to YOU our valued customer: If you do not pass your certification exam after two attempts, we will give money back! Visit www.bfqpress.com Select “Money Back Book Guarantee” for details. Registered book purchasers will receive 1. Receive a 50% cash refund of purchase price 2. Receive a free BFQ Press book of equal value. Note: you must pay for shipping and handling. To qualify for this BFQ Press Guarantee you must meet these requirements and perform the following tasks: 1. Register your purchase at the BFQ Press web site www.bfqpress.com 2. Fail the corresponding exam twice ( No time Limit ) 3. Contact BFQ Press for the RMA # and to claim this guarantee 4. Send email to
[email protected] 5. Subject must contain your Membership # or Registration # Ship the following to claim your refund. • 1. RMA # from returned email • 2. Documents of exam scores for both failed attempts • 3. Return the Book to the following address BFQ Press Attn: Corby Tate 1103 Middlecreek Friendswood, TX 77546 888-992-3131
[email protected] 281-992-3131 http://www.bfquiz.com 281-482-5390 Fax http://www.bfq.com It's a Passing day here at the BeachFront. Thank you for using the BFQ Press Success Program. Bruce Moran President
340 Free Practice Exam Online
Free Practice Exam Online With the purchase of this book you qualify for a Free Beachfront Quizzer, Inc. Online Practice exam. Visit www.TotalRecallPress.com for details. Register your book purchase at www.TotalRecallPress.com Your Registration Code is: = EW-03219-5000 System Requirements: Internet connection:
Call: 281-992-3131
Good Luck with your certification! Your Book Registration Number is EW-03219-5000 You cannot go wrong with this book because it is GUARANTEED: See details at www.TotalRecallPress.com