2009年3月23日星期一

Case Study: TestKing.com

Overview 
TestKing.com is a new Government-funded organization, established to consolidate medical research performed at universities in to a single electronic library. 

The Company has been allocated a large budget to start the project, and more funds will be made available as more universities integrate their research with TestKing.com. 

Physical Location 
The Company has one office located in Dallas. The Office currently has 100 users. 

Planned Changes 
A New Office in Seattle will be opened soon. The Seattle office will have 100 users when it opens. An additional 100 users will be hired in the Dallas office over the next year. The number of users is expected to grow by 60 percent over the next five years. 

An external Network will be established to allow universities to share medical research. At launch, the user population will be minimal. It is expected that the external network will have more that 10,000 active users in the next two years. 

Business Processes 
TestKing.com will reorganize its internal staff to include the following departments: 
  • Accounting 
  • Administration 
  • Information Technology(IT)
  • Knowledge Management  
  • Marketing  
  • Projects 
The Project department will work directly with universities to help them integrate data with 
TestKing.com. 

A separate project team will be dedicated to each university that partners with the Company. This project team is in charge of making external security available, creating user accounts, and establishing security for the university whose resources are made available through the Company's external network. 

The Company has a small internal IT staff that manages internal resources for internal users. The internal IT staff includes a network administrator and technical support team. 

The external network will have its own IT staff. This IT staff will include a network administrator, a technical support team, and a development team. External and internal resources will be managed independently. 

Internal users will require access to data located on both the internal network and the external network. External users and partners from universities will have access only to external resources. Under no circumstances will external users be given access to internal resources. This includes the external IT staff. 

Infrastructure 
Directory Services 
To provide a quick solution to allow for information sharing, an unplanned Windows 2000 network was established when the company was first established. 

A Windows 2000 Active Directory Environment was implemented with the domain name of research.com and the NetBIOS domain name of research. The domain name research.com has been registered by another organization and this name is not available to the company. The domain contains two domain controllers. A single file server exists on the network to store shared data for the internal users. 

Network Infrastructure 
The company has a 10-Mbps Internet connection. The use of the Internet connection is minimal at present, but is expected to grow once external resources are made available to universities. 

Problem Statements 
The Following business problem must be considered: 
  • The Current internal network was not properly planned and need to be completely redesigned.  
  • Information such as user accounts must be migrated from the current environment to a new Windows Server 2003 Active Directory Environment. 
  • A clean separation must exist between external and internal resources. 
Chief Executive Officer 
Funding for TestKing.com has been finalized and it is time to move forward with the design and 
implementation of the internal and external network. A stable environment that has the ability to grow is of at most importance for the external network. 

Chief Information Officer 
The internal and external networks will have very different needs and audiences. For that reason, we have decided to have a separate IT staff to manage each network. Access to internal resources will be made available to internal users only. 

Planned VPN access will allow internal users access to internal data while traveling. A Microsoft 
Exchange server 2003 deployment will be implemented for internal users with a dedicated Exchange Server 2003 computer in each office. 

To avoid confusion, all internal users need to be able to gain access to both internal & external resources by using a single set of credentials. Internal users should not be prompted for alternate credentials when accessing external resources. 

During the migration, internal users must have access to resources in the existing domain. We do not want to manually redefine the security on existing resources. 

Network Administrator 
I will manage server deployment and configuration for all external resources. Technology decisions and implementation done for the internal network should not affect me. 

My technical support team will manage day-to-day server maintenance. The development team will deploy a knowledge management patrol to streamline information sharing with external partners. 

Project teams for the internal network will help in the management of security and will be given strict security areas in which they will be able to manage security for their specific university. The project teams will manage the data security and create user accounts for the university they are managing. 

Business Requirements 
Business Drivers 
The following business requirements must be considered: 
  • TestKing.com has registered the domain name treyresearch.com. Internal and External naming needs to be intuitive and easy to manage. Internal and external naming will be managed independently. 
  • No new domain names will be registered, and naming decisions must not cause conflicts with any Internet hosts. 
  • The naming strategy for the external resources must be as short as possible to make it easy for external partners to access. 
  • The company already has a small web site accessible at www.treyresearch.com 
  • The company will require two domain controllers in each office. A single domain controller failure or WAN link failure between the Dallas and Seattle offices must not affect the operations of the Exchange Server 2003 environment. 
Organizational Goals 
The following Organizational requirements must be considered: 
  • External users will only require access to a server named web1. Web1 will provide a web interface to the external users and retrieve resources from other external servers. External resources for universities will be provided by using HTTPS. 
  • All external users who require access to resources will require a username and password to gain access to the external resources.  
  • Web1 will also host the interface for the public web site. Anonymous access will be provided for the public web site. 
  • Internal users will be granted VPN access by connecting to VPN1
  • Domain based DFS servers will be implemented in the Dallas and Seattle offices. DFS replication must not occur during regular business operation. DFS replication must occur between the hours of 9:00 P.M. and 5:00 A.M Central Time. 
  • Users in each office should automatically be redirected to the DFS server in their current physical location. In the event of a single DFS server failure, users should be automatically redirected to an available DFS server. 
Security 
The following security requirements must be considered: 
  • To maintain the security of both the internal network and the external network, only traffic that is required by the company to meet its goal will be allowed to pass through the perimeter firewall. 
  • All other traffic must be blocked. 
Technical Requirements 
Active Directory 
The following Active Directory requirements must be considered: 
  • External and Internal resources must be managed independently. This includes high-level modifications to the directory service, such as the installation of Exchange Server 2003 or other directory aware applications. 
  • During the first two years, many new users will be added to the network. To provide a consistent environment, the replication of internal domain user accounts must occur within a maximum time delay of one hour between the Dallas and Seattle offices. 
Network Infrastructure 
The following infrastructure requirements must be considered: 

The network infrastructure will be configured as shown in the planned network infrastructure exhibit. 

  • The internal DNS structure must be secured to prevent unauthorized systems from registering their names with DNS. 
  • To reduce the impact that name resolution of Internet based resources might have on WAN links, a solution must be identified that allows name resolution to occur without generating excessive and unnecessary traffic. A single domain controller in each office will be configured as a DNS server. 
  • A single DHCP server will be present at each office. The DHCP server will configure local client computers to have the appropriate IP settings, including the address of a local DNS server. All users accessing the internal network must receive their IP configurations from one of these DHCP servers. 
  • An external DNS server will be required to perform only name resolution for the namespace treyresearch.com. It will not be allowed to resolve any other name for external users, including names of other Internet based hosts. 

TestKing.com (14 Questions) 

QUESTION NO: 1 
You need to identify the features that will be available immediately after the domain migration to the new environment is complete. Which feature or features will be available? (Choose all that apply) 

A. Global group nesting. 
B. Universal group nesting. 
C. Domain local group nesting. 
D. Universal security groups. 
E. Sid history attributes. 

QUESTION NO: 2 
You are designing a NetBIOS naming strategy for the internal domain. What are two possible NetBIOS domain names you can use to achieve your goal? (Each correct answer presents a complete solution.) (Choose two) 

A. ad 
B. dallas 
C. internal 
D. external 
E. Research 

QUESTION NO: 3 
You are designing a strategy for performing the migration of the internal network. You need to identify the actions that you should perform to achieve this goal. What should you do? 

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the appropriate order. (Use only actions that apply.) 


QUESTION NO: 4 
You are designing the site topology for the internal domain. Which action or actions should you perform? (Choose all that apply.) 

A. Create a Single Site. 
B. Create a site for each physical location. 
C. Set the replication interval on the default IP site link to 60 Minutes. 
D. Configure the schedule of the default IP site link to only allow replication between the hours of 9:00 P.M and 5:00 A.M 
E. Configure the schedule of the default IP site link to only allow replication between the hours of 3:00 A.M and 11:00 A.M 

QUESTION NO: 5 
You are designing the DNS name resolution strategy for the internal network. What should you do? 

A. Configure all internal DNS servers to use the default root hints. 
B. Disable recursion on the DNS server in Seattle. Configure the Seattle DNS to use Dallas DNS server as a forwarder. 
C. Create a root zone on the DNS server in Dallas. Configure the Seattle DNS server to use the Dallas DNS server as a forwarder. 
D. Create a root zone on the DNS server in both Dallas and Seattle. 

QUESTION NO: 6 
You are designing a strategy to allow users to gain VPN access to the internal network. What should you do? 

A. Allow all inbound VPN traffic to pass through the internal firewall and the perimeter firewall. 
B. Allow all inbound VPN traffic to pass through the perimeter firewall only. 
C. Allow all VPN traffic from the source IP address of 131.107.1.14 to pass through the internal firewall. 
D. Allow all VPN traffic from the source IP address of 191.168.1.0/24 to pass through the perimeter firewall. 

QUESTION NO: 7 
You are designing a strategy to allow internal users in Dallas to resolve domain names. What are three possible ways to achieve the goal? (Each correct answer presents a complete solution. Choose three) 

A. Configure the internal DNS server to have a root zone. 
B. Configure the Dallas DNS server to use the default root hints. 
C. Configure the Dallas DNS server to forward all request for the external namespace to the external DNS server. 
D. Create a caching-only DNS server on the perimeter network. 
E. Create a stub zone for the external namespace on the Dallas DNS server. 

QUESTION NO: 8 
You are designing the IP address assignment strategy for the VPN users. Which two actions should you perform.(Each correct answer presents part of the solution. (Choose two) 

A. Configure VPN1 as a DHCP Relay Agent. 
B. Configure VPN1 to assign IP Address by using DHCP server. 
C. Configure VPN1 to have a static pool of IP Address from the network address of 131.107.1.0/24. 
D. Configure VPN1 to have a static pool of IP Address from the network address of 192.168.1.0/24. 
E. Configure the perimeter firewall to allow inbound DHCP traffic to be passed to VPN1. 
F. Configure the interval firewall to allow DHCP broadcasts to be forwarded from the external network to the internal network. 

QUESTION NO: 9 
You are designing the configuration of the external DNS server to meet the business and technical requirements. What should you do? 

A. Configure a root zone on the external DNS server. 
B. Configure a stub zone for.com on the external dns server. 
C. Configure the external DNS server to use the default root hints. 
D. Configure the External DNS server to use the ISP'S DNS server as a forwarder. 

QUESTION NO: 10 

You need to identify the types of inbound traffic that should pass through the perimeter firewall while maintaining the security of the network. Which inbound traffic should be allowed? (Choose all that apply?) 

A. VPN Traffic 
B. DNS Traffic 
C. LDAP Traffic 
D. HTTP Traffic 
E. HTTPS Traffic 
F. Traffic from the network address of 192.168.10/24 

QUESTION NO: 11 
You are designing a strategy to ensure that VPN users are able to access all internal resources. What should you do? 

A. Specify a static routing table entry on VPN1 for the Dallas network. 
B. Specify a static routing table entry on VPN1 for the Seattle network. 
C. Implement Internet Authentication Service (IAS) on VPN1. 
D. Define a User Class option for Routing & Remote Access Clients on the DHCP Server. 

QUESTION NO: 12 
You are designing a strategy to migrate user accounts. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. Change the functional level. 
B. Create an external trust relationship. 
C. Run adprep to prepare the research.com forest. 
D. Run adprep to prepare the research.com domain. 

QUESTION NO: 13 
You are designing a naming strategy for the new internal and external domains. You need to identify the appropriate domain name for each domain. What should you do? 

To answer, drag the appropriate domain name or names to the correct location or locations in the work area. 


QUESTION NO: 14 
You are designing the top-level OU structure for the external domain. On which factor/s should you base the top-level OU structure? 

A. Physical locations 
B. External partners and universities 
C. The company’s internal departments 
D. The company’s software deployment needs 

标签:

没有评论:

发表评论

订阅: 博文评论 (Atom)