2009年3月15日星期日

Case Study: A. Datum Corporation

Overview
A. Datum Corporation is a company that provides technical classes at locations across North America.The company primarily offers instructor-led courses, on a Monday-through-Friday schedule.

Physical Locations
The company’s main office is located in Atlanta. The company has three branch offices in the following locations:
  • Chicago
  • Dallas
  • Seattle
In Addition to the main office in Atlanta, there are also two satellite offices: Atlanta East and Atlanta West. There is no IT staff in the satellite offices.

Planned Changes
The company has evolved into a single business unit from four separate technical schools in each of the cities where the company’s offices are currently located.

The company recognizes that a cohesive administrative structure will better serve its employees and better secure critical resources.

Recently, the company has begun to offer classes from Atlanta that is available online via the Internet.The company wants to begin offering online content from all offices, not just from Atlanta.

Business Process
Currently, the offices of A. Datum Corporation operates as four independent business units: Atlanta,Chicago, Dallas, and Seattle.

The IT staff in each office functions independently. Network resource access is primarily localized to each office with the exception of the student records database and the current online courseware, which are hosted on servers in Atlanta only.


The student records database contains students’ personal data and their transcripts. Currently, the branch offices e-mail the students’ enrollment and transcript information to the Atlanta office for entry into the student records database. The admissions department enters personal student data and the registrar’s department enters grades. The student records database currently cannot be updated from any other location.

The online course content is already developed and in use.


Directory Services
The servers are configured as shown in the Available Servers exhibit.











The Atlanta office currently has a Windows 2000 Active Directory domain.
The Chicago and Dallas branch offices are both running in workgroup configurations.
Each office manages its own users and groups.



Network Infrastructure
The existing network is shown in the Existing Network Infrastructure exhibit.



Wan connections between the Atlanta main office and Atlanta East can be unreliable.

There are DHCP servers in Atlanta and the branch offices.
All servers are Pentium III 550-MHz or greater processors with at least 512 MB of memory.
All of the offices run various client operating systems, which include Windows 98, Windows NT Workstation 4.0, Windows 2000 Professional, Windows XP Professional, and UNIX.
The instructors run either Windows 2000 Professional or Windows XP Professional on their desktop computers at the office. UNIX instructors use a UNIX client computer to access the network when working from home.
Problem Statements
The following business problems must be considered:

  • The company recognizes that its biggest security vulnerability is the methodology that it uses to update the student records database in Atlanta. In the past, there have been problems with students gaining access to and altering their student records.
  • There has been reason to suspect that courseware has been compromised because of weak passwords on instructors’ computers.
Chief Executive Officer
I am pleased with the performance of our staff at A. Datum Corporation. However, I am concerned about protecting our intellectual property. Both our online curriculum and the student records database need protection. Our primary focus must be that no one outside of the organization can view or modify this information.

Chief Information Officer
We need to provide an adequate security structure for our network environment. It is important that we create a centralized network operations team. I am confident in the ability of our IT staff in Atlanta to take a lead administrative role in our envisioned environment.
The practice of sending student information through e-mail must stop. I think our strategy of a single, centralized student records database is valid. We need to make this database directory-aware so that users who have the responsibility for updating the student records will need only a single set of credentials to make the necessary changes.

Additionally, instructors are not receiving updated teaching schedule information on a timely basis. The issue should be addressed by ensuring that our new scheduling program is installed on all instructor computers, including the computers that the instructors use when accessing our network remotely.
Registrar, Atlanta Office
I am concerned about the network changes. The good news is that they will tell me that I will need only one logon name. However, the other news I am hearing is not good. I am told that the password I use cannot be a word. How am I going to remember a password that is not a word? I have a hard time remembering passwords as it is.

My other major concern is that I am being told that the instructors in each location will be able to enter grades. Recording grades should be my job exclusively.
Business Drivers
The following business requirements must be considered:
  • For its Web site, A. Datum Corporation is using the registered domain name adatum.com.
  • The company anticipates more focus on the online course offerings in the future.
Organizational Goals
The following organizational requirements must be considered:
  • The student records database must be available to all offices from Atlanta during the hours of 9:00 A.M. to 8:00 P.M. Eastern Time, Monday through Friday.
  • The online courseware must be available 24 hours a day, seven days a week.
Security
The following security requirements must be considered:

  • The student records database server must be secured to allow only those with the appropriate authorization to modify or add data. These authorized personnel include both instructors and staff in each of the company’s offices.
  • Instructors will require the necessary permissions to modify the content for the online courseware for which they are responsible.
  • Instructors are required to make changes to the online courseware and post grades from the LAN only.
Customer Requirements
The following customer requirements must be considered:

  • Remote access will be required for all instructors when they need to access their business offices from home. Some instructors will use UNIX client computers for remote access.
  • Instructors will need the new scheduling application to be installed both on their office and home computers that are members of the domain, even if using a dial-up connection.
  • Windows 98 is currently the operating system on the sales representatives’ computers. These computers will not be upgraded in the near future. However, the Active Directory client will be installed on these computers. There are sales representatives in all of the company’s offices.
  • Web access to the online curriculum is required by the students enrolled in the online classes, and must be limited to enrolled students only.
Active Directory
The following Active Directory requirements must be considered:

  • The goals of the new Active Directory structure are to provide a centralized method of service administration for supporting the administrative staff and provide secure access to student records.
  • Administration of the Active Directory service will be in Atlanta. Resource administration will occur in Atlanta and the branch offices.
  • Students must not have any permission to any resource other than the online courses.



Network Infrastructure
The following infrastructure requirements must be considered:
  • Because the company has a limited budget, it will need to continue working with the existing physical network.
  • For updating student grades, authorized computers in the registrar’s office will require smart card support.
  • The Atlanta, Chicago, Dallas, and Seattle offices will each host DNS subdomains to support the online courseware.
  • The amount of DNS zone transfer or replication must be minimized.
  • Unauthorized updates of DNS records must be prevented.
  • All computers, including client computers, must have host (A) resource records in DNS.
  • UNIX instructors require support of pointer (PTR) resource records for several applications used from their home computers.
  • Network traffic needs to be minimized across the WAN links.
  • Remote access policies for Atlanta, Chicago, Dallas, and Seattle should be centralized.

QUESTION NO: 1

You are designing the new forest structure and migration strategy to meet the business and technical requirements. What should you do?To answer, move the appropriate actions from the list of actions to the answer area, and arrange them in the appropriate order. (Use only actions that apply)

QUESTION NO: 2

You are designing a DNS strategy to meet the business and technical requirements. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two)

A. Create a dynamic reverse lookup zone for each subnet.
B. Create a dynamic forward lookup for each domain.
C. Install caching-only DNS servers in the branch offices.
D. Enable the BIND secondaries option for each DNS server.

QUESTION NO: 3
You are designing the Group Policy settings to meet the business and technical requirements. You are reviewing a possible logical structure for the company as shown in the diagram in the work area. The Domain Controllers OU and the Seattle OU are created at the domain level. The Instructor OU and Student OU are children of the Seattle OU. The diagram does not cover all organizational requirements. Based on this diagram, how should you design the Group Policy settings? To answer, drag the appropriate Group Policy object (GPO) option or options to the correct location or locations in the work area.


QUESTION NO: 4
You need to ensure that only authorized personnel are able to modify student grades. Which desktop environment or environments should you use? (Choose all that apply)

A. Windows XP Professional
B. Windows 2000 Professional
C. Windows 98 with Active Directory client installed
D. Windows NT Workstation 4.0 with the latest service pack and Active Directory client installed

QUESTION NO: 5
You need to ensure that the sales representatives are provided with adequate NetBIOS name resolution. What should you do?

A. Install WINS on the PDC emulator.
B. Install WINS on servers in Atlanta and Seattle.
C. Enable WINS lookup on the DNS server in Atlanta.
D. Enable WINS on one domain controller in each office.

QUESTION NO: 6
You are designing a strategy to install the new scheduling application. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two)

A. Assign the scheduling application package to the Instructor OU.
B. Publish the scheduling application package to the Instructor OU.
C. Ensure that the scheduling application can install across slow WAN links.
D. Prevent the scheduling application from installing across slow WAN links.

QUESTION NO: 7
You are designing a VPN authentication strategy to meet the business and technical requirements. What should you do?

A. Implement the RADIUS service in Atlanta.
B. Implement the RADIUS service in each branch office.
C. Configure network address translation (NAT) on all VPN servers.
D. Configure the Connection Manager Administration Kit (CMAK) on the PDC.

QUESTION NO: 8
You are designing a DHCP strategy for the new Active Directory environment. Which two groups have the necessary rights to authorize the DHCP servers? (Each correct answer presents part of the solution. Choose two)

A. IT staff in Atlanta
B. IT staff in Seattle
C. DHCP administrators in all offices
D. DHCP administrators in Atlanta only
E. Members of the Enterprise Admins group

QUESTION NO: 9
You are designing the placement of operations master roles in the new environment. In which location or locations should a PDC emulator be designated? (Choose all that apply)

A. Atlanta
B. Chicago
C. Dallas
D. Seattle

QUESTION NO: 10
You are designing a DNS and DHCP implementation strategy to support the new environment.
What should you do?

A. Create a WINS resource record in the Active Directory DNS zone.
B. Create a WINS referral zone in the DNS zone that supports Active Directory.
C. Configure a DNS domain name on the DHCP server.
D. Configure the DHCP server to update DNS for DHCP clients that do not support dynamic updates.

标签: