2009年3月20日星期五

Case Study: Coho Vineyard

Overview
Coho Vineyard is an importer and distributor of fine wines from around the world.

Physical Locations
The company’s main office is located in Los Angeles. The company has two branch offices in the following locations:
  • Paris
  • Sydney
The company plans to open two additional branch offices within the next year. These offices will be located in Barcelona and Lisbon.

Planned Changes
To reduce costs and streamline business processes, the company wants to implement a Windows Server 2003 Active Directory environment.

Business Processes
Coho Vineyard consists of the following departments:
  • Accounting
  • Distribution
  • Human resources (HR)
  • Information technology (IT)
  • Marketing
  • Purchasing
  • Sales
The IT department maintains all internal servers and resources. Currently, the company outsources its e-mail infrastructure to an ISP in Los Angeles.

A Windows NT Server 4.0 computer named Server1 in the Los Angeles office hosts a mission-critical application. This application is accessed by users from all departments and offices in the company. The application vendor currently does not support running other than Windows NT Server 4.0. this application on any operating system.

Directory Services
The company has three Windows NT 4.0 domains configured in a single master domain model as shown in the Existing Domain Model exhibit.


All user accounts are maintained in the cohovineyard domain. Client computer accounts are managedlocally in each regional domain.IT responsibilities for the company are shown in the following table.

The existing network infrastructure is shown in the Existing Network Infrastructure exhibit.

Currently, all offices connect to the Internet directly through Windows 2000 Server computers that perform network address translation (NAT). These servers also provide a PPTP tunnel between all offices.

The existing server hardware is shown in the following table.


Client Computers and Users
The current user population for each office and department is shown in the following table.


The current operating systems installed on the client computers are shown in the following table.


Problem Statements
The following business problems must be considered:
  • Because of security limitations of Windows NT Server 4.0, all IT staff has been added to the Administrators group of the cohovineyard domain. IT staff should be allowed administrative rights only to their specific areas of responsibility.
  • Lack of control over IT procedures and processes have made the current environment costly to maintain.
Chief Executive Officer
The current IT infrastructure at Coho Vineyard is negatively affecting business operations. IT operations need to be streamlined to accommodate the anticipated growth.

Chief Information Officer
The current IT environment needs to be reorganized. Corporate standards need to be implemented. Users currently install unauthorized and unlicensed software. These installations need to be implemented. Administrative roles have been clearly defined, but now need to be enforced.

The IT budget for the next year has already been allocated. No new server hardware is to be purchased for the existing offices. New server hardware has been budgeted for the new offices.

After the deployment of Active Directory is complete, e-mail services will be implemented by using Microsoft Exchange Server 2003. The Exchange Server 2003 infrastructure will be maintained by the internal IT staff.

Also we want to provide all users VPN access to the network.

Network Administrator
There is a need to provide standardized settings for all users and computers. The current IT
administration practices need to be reevaluated, and new practices that are more effective need to be enforced.

Office Worker
The current environment is difficult to use. Information is scattered on the network, making it difficult to find. There does not seem to be any clear definition as to who is responsible for responding to network and computer problems. Because of this confusion, most users manage their own computers.

Also, we want to be able to connect to the network when working remotely.

Business Drivers
The following business requirements must be considered:
  • The current namespace used for the externally hosted e-mail infrastructure is cohovineyard.com. This namespace will be used when e-mail services are implemented internally.
  • The new environment must provide fault tolerance in the event of a single domain controller failure.
  • The ISP provides extremely reliable service for each location. No plans are being made to provide for redundant links. The current level of network outages caused by WAN link failures is considered to be acceptable.
  • To improve network support, Windows Server 2003 will become the corporate standard for all server computers wherever possible. Client computers will be standardized over the next two years to run Windows XP Professional.
Organizational Goals
The following organizational requirements must be considered:
  • Branch offices in Lisbon and Barcelona will be implemented in the next year. The Lisbon branch office is expected to have 65 users and client computers. The Barcelona branch office will have no more than 10 users and client computers.
  • Because of the small size of the Barcelona branch office, it will have no IT staff and no servers. The Lisbon IT staff will manage users and computers for both the Lisbon and Barcelona branch offices.
  • Two servers have been purchased for the Lisbon branch office. One will be designated as a domain controller. The other server will be a VPN server and will also provide NAT services.
Security
The following security requirements must be considered:
  • Regional network administrators must have only limited control over the Active Directory service. They will be responsible for managing user and computer accounts for their regions. They will also manage local servers.
  • The network administrator in the Los Angeles office will manage all domain controllers, configure sites, and perform other high-level administrative tasks.
  • Users will have limited access to their computers. They will be allowed to modify only certain desktop settings, and they will not be allowed to install unauthorized applications.
  • Some users currently have blank passwords. Password security standards must be implemented.
  • Security auditing must be implemented to track all unauthorized logon attempts to the domain. Auditing must not be enabled on any client computers.
Active Directory
The following Active Directory requirements must be considered:
  • Centralized control over Active Directory must be maintained by the network administrator in the Los Angeles office. Limited access to Active Directory will be given to the help desk staff and the regional network administrators.
  • Although bandwidth is not currently an issue, incremental increase in bandwidth usage is anticipated. To accommodate this projected growth, all designs should minimize WAN traffic.
  • Departments within Coho Vineyard have their own unique needs, which include, but are not limited to, specialized departmental applications.
Network Infrastructure
The following infrastructure requirements must be considered:
  • Remote access security and restrictions for all offices must be implemented and managed centrally by the network administrator in the Los Angeles office. Only one set of remote access policies must exist for the company.
  • A domain-naming strategy must be identified that reduces administrative complexity and is intuitive to the users.
  • One domain controller in each of the current offices will have the DNS service installed. DNS name resolution traffic must be minimized over all WAN links.


Coho Vineyard (13 Questions)


QUESTION NO: 1
As part of your design, you are evaluating whether to upgrade all domains to Windows Server 2003.Based on current configurations, which server or servers prevent you from achieving this goal? (Chooseall that apply)

A. DC2
B. DC3
C. DC4
D. DC5
E. DC6
F. Server1

QUESTION NO: 2
You are designing the Windows Server 2003 Active Directory forest structure to meet the business and technical requirements. Which forest structure should you use?

A. One Active Directory forest with one domain.
B. One Active Directory forest with three domains.
C. One Active Directory forest with four domains.
D. Two Active Directory forests with one domain in each forest.
E. Three Active Directory forests with one domain in each forest.

QUESTION NO: 3
You are designing the top-level organizational unit (OU) structure to meet the business and technical requirements. Your design must accommodate the anticipated growth of the company.
Which top-level OU structure should you use?

A.Paris OU, Sydney OU, Los Angeles OU, Lisbon-Barcelona OU
B.IT Administration OU, All CohoVineyard Departments OU, All CohoVineyard Offices OU
C.Sales OU, Purchasing OU, Marketing OU, Accounting OU, Distribution OU, Human Resources OU
D.CohoVineyard Users OU, CohoVineyard Computers OU, CohoVineyard Servers OU, CohoVineyard Applications OU

QUESTION NO: 4
You are designing a plan for applying the security policy settings to meet the business and technical requirements. Where should you implement the auditing password policy settings?
To answer, drag the appropriate policy setting or settings to the correct location or locations in the work area.



QUESTION NO: 5
As part of your design, you are evaluating whether a second-level organizational unit (OU) structure is required.Which factor necessitates the need for a second-level OU structure?

A. Audit policy settings
B. Software deployment needs
C. Client operating systems in use
D. Delegation of administrative authority

QUESTION NO: 6
You are designing a DNS name resolution strategy to meet the business and technical requirements. Which action or actions should you perform? (Choose all that apply)

A.Create an Active Directory-integrated zone named cohovineyard.com on a domain controller in Los Angeles.
B. Create an Active Directory-integrated zone named paris.cohovineyard.com on a domain controller in Paris.
C. Create an Active Directory-integrated zone named sydney.cohovineyard.com on a domain controller in Sydney.
D. On a domain controller in Los Angeles, delegate paris.cohovineyard.com to a domain controller in Paris.
E. On a domain controller in Los Angeles, delegate sydney.cohovineyard.com to a domain controller in Sydney.

QUESTION NO: 7
You are designing a plan for maintaining the WINS infrastructure on the new Windows Server 2003 Active Directory environment.Which factor or factors necessitate the need to maintain the WINS infrastructure? (Choose all that apply)

A. Client operating systems in use.
B. Server operating systems in use.
C. VPN client access by using PPTP.
D. Installation of Active Directory client software.

QUESTION NO: 8
You are designing a DNS implementation strategy for the Paris office.Which two actions should you perform? (Each correct answer presents part of the solution. Choose two)

A. Create an Active Directory-integrated zone named cohovineyard.com.
B. Create an Active Directory-integrated zone named paris.cohovineyard.com.
C. Create a standard primary zone named paris.cohovineyard.com.
D. Configure all computers in Paris to use DC3 as their DNS server.
E. Configure all computers in Paris to use DC6 as their DNS server.

QUESTION NO: 9
You are designing a strategy for implementing Internet Authentication Service (IAS) to meet the business and technical requirements.What should you do?

A. Install IAS on VPN1, VPN2, and VPN3.
B. Install IAS, on VPN1.Configure VPN2 and VPN3 as RADIUS clients.
C. Install IAS on VPN1. Configure VPN1, VPN2, and VPN3 as RADIUS clients.
D. Install IAS on DC1. Configure VPN2 and VPN3 as RADIUS clients.Create all remote access policies on VPN1.
E. Install IAS on DC2. Configure VPN2 and VPN3 as RADIUS clients. Configure remote access logging on VPN1.

QUESTION NO: 10
You are designing a DNS infrastructure to meet the Internet name resolution requirements.
What should you do?

A. Create a standard primary zone named “.” on all DNS servers.
B. Create an Active Directory-integrated zone named “.” on a DNS server on Los Angeles.
C. Configure all DNS servers to use forwarders. Specify the IP address of the DNS server at the local ISP.
D. Enable default root hints on all DNS servers.
E. Disable recursion on all DNS servers.

QUESTION NO: 11
You are designing the placement of the PDC emulator role to meet the business and technical
requirements. In which location should you place the PDC emulator role? (Choose all that apply)

A. Los Angeles
B. Paris
C. Sydney
D. Lisbon
E. Barcelona

QUESTION NO: 12
You are designing the IP addressing scheme for the new Barcelona office. Which network address or addresses are valid for your design? (Choose all that apply)

A. 10.10.10.0/28
B. 10.10.255.0/24
C. 131.15.0.0/24
D. 151.10.10.0/24
E. 192.168.11.0/25

QUESTION NO: 13
You are designing the migration strategy to meet the business and technical requirements. You need to identify the actions that you should perform to achieve this goal. What should you do?
Move the appropriate actions from the list of actions to the answer area, and arrange them in the
appropriate order.

没有评论:
标签:

2009年3月16日星期一

Case Study: City Power & Light

Overview
City Power & Light is a large provider of electrical services for residential and business customers throughout Europe.

The company purchases electricity from large power-producing companies, as well as from small wind-energy providers, such as local farmers and ranchers.

Physical Locations
The company’s main office is located in Amsterdam. The company has three branch offices in the following locations:
  • Berlin
  • Brussels
  • Paris
Each branch office has two or more satellite offices in the region. The number of satellite offices and the number of users in each office is shown in the following table.


Planned Changes
The company has experienced rapid growth in the past 12 months, and continued growth is anticipated. It is critical to business that the company provides reliable, uninterrupted service 24 hours a day, seven days a week. To meet these demands, the company wants to implement a Windows Server 2003 environment.

Business Processes
The organizational structure of the company is shown in the Organizational Structure exhibit.

The Amsterdam office and each branch office have its own IT staff. The majority of the IT staff is at the Amsterdam office. There is no IT staff at the satellite offices. The IT staff at the branch offices support their respective satellite offices.

Regional customer support is provided by the branch offices and satellite offices.

The company uses a mission-critical application named App1 that monitors the power network and detects any failures. When failures are detected, App1 automatically sends detailed information about the power failure to the nearest available field technicians. All users within the company have access to App1. App1 logs on to the App1 database by using a shared user account. The App1 database handles security within the database.

Directory Services
App1 runs on UNIX servers at the Amsterdam office and the branch offices. Each UNIX server has its own security accounts database.

Each office uses a standard user account and password for all servers in that office. Network administrators in each office know the user account and password combination. Network administrators in each office work independently, but company- wide decisions are made at the Amsterdam office.

Currently, the company does not use Windows domain structure.

Network Infrastructure
Each office uses a switched 100-Mbps Ethernet network. All client computers run Windows XP Professional.

The company uses its own private leased lines to connect the branch offices and most of the satellite offices. Some satellite offices are connected to the nearest branch office by using ISDN lines. The company wants to reduce telephone costs of these satellite offices by minimizing network traffic through the ISDN lines. The company uses VPN connections over the Internet as a backup to connect the different offices.

Problem Statements
The following business problems must be considered:
  • A service-level agreement states that the company must resolve power failures within one day. Currently, the company cannot guarantee this requirement. Last year, there were more than 30 power failures that could not be resolved within one day. The primary cause of the delay in resolution was that the company could not identify where the problem occurred.
  • Another service-level agreement states that the IT department must guarantee an available bandwidth of 28 Kbps to ensure adequate bandwidth for App1. Currently, the available bandwidth decreases every month, and it is uncertain how long the company can continue to guarantee this requirement. The available bandwidth is shown in the Available Bandwidth exhibit.

  • The company is experiencing problems with the confidentiality of customer information. This is occurring because the data is not centrally managed and the security settings are inadequate.
Chief Executive Officer
To ensure that customers of City Power & Light receive the most reliable service possible, we want to invest in upgrading App1 to a new application named NewApp. Power failures are inevitable, but if we quickly detect the problem and identify the source, we can restore power more quickly.

Chief Information Officer
Data from App1 is now saved in different locations. I am concerned about who has access to the data and how to reconstruct the data in the event of a disaster.

Network Administrator
Currently, we perform our own administration at each office. All network administrators will work together to replace App1 with NewApp. Because NewApp will be centralized, we are concerned that a failure at the Amsterdam office will affect the availability of our monitoring infrastructure.

Most important to us is the ability to monitor the state of the power network. When a failure occurs in the power network, we must detect it immediately.

Customer Service Representative
Sometimes customers call in to report a power failure two or three times for the same failure. Each time we have to ask the customer for the same information about the power failure. I want to be able to view what the customer reported the first time, and not have to ask for the same information each time the customer calls in.

Business Drivers
The following business requirements must be considered:
  • As City Power & Light changes its infrastructure, all offices must share a common namespace: cpandl.com.
  • Availability of the monitoring infrastructure and customer support must be improved.
  • The company will replace App1 with a new application named NewApp. NewApp is a multitier application a shown in the NewApp Architecture exhibit.

  • The company wants customers to be able to receive detailed information about power failures by using the telephone. Customer service representatives need to have detailed real-time information about the power failures, so they can inform customers about the duration of power failures.
  • Each branch office must be able to maintain account policies that meet its unique national legal requirements.
Organizational Goals
The following organizational requirements must be considered:
  • Upgrades of bandwidth are discouraged. However, upgrades of bandwidth can be permitted if justified.
  • There are no plans to open more offices in the near future. However, the new environment must allow for future company growth.
  • The company anticipates a 50-percent increase in the number of customers over the next two years.
Security
The following security requirements must be considered:
  • Security of NewApp must be Active Directory integrated.
  • DNS servers will be administered only by network administrators from the Amsterdam office.
  • Network administrators must have Full Control permissions for NewApp.
  • Internal users must be able to access information about customers and power failures. Customers must be allowed to access only public information.
  • A complete power failure in one location must not affect other locations.
  • Network administrators should only be allowed to access NewApp database servers by using smart card authentication. However, network administrators must be able to log on to users’ computers to fix problems without using a smart card.
  • Computers that have smart card readers installed must automatically get the NewApp management tools installed.
Customer Requirements
The following customer requirements must be considered:
  • NewApp must be available 24 hours a day, seven days a week.
  • Client applications that connect directly to NewApp must use the NetBIOS name of NewApp.
  • To minimize WAN traffic, the branch offices need to use their local resources as much as possible.
  • Wind-energy providers must be able to see how much electricity they have delivered. These providers should be able to connect to NewApp by using the Internet.
Active Directory
The following Active Directory requirements must be considered:
  • City Power & Light must achieve better control of resources.
  • The company must ensure that data can be recovered in the event of a disaster.
  • Replication latency between sites must be minimized.
Network Infrastructure
The following infrastructure requirements must be considered:
  • To improve customer service, information from App1 databases in all locations must be consolidated in the NewApp database.
  • The number of services at the satellite offices must be kept to the absolute minimum.
  • Client computers must always obtain a valid IP address, even when a DHCP server is not available for 24 hours.
  • Field technicians must be able to connect directly to the NewApp database from their portable computers by using a remote connection. They will connect to the nearest branch office when they have to make a remote connection.
Users
The following user requirements must be considered:
  • All users must have Microsoft Office and NewApp automatically deployed on their desktop computers. Network administrators at the branch offices must be able to decide which components of Office get installed at their locations.
  • Resetting user passwords will be delegated to each user’s manager. All customer service representatives need to be able to reset the passwords of the wind-energy providers.

QUESTION NO: 1
You need to evaluate whether the currently available network bandwidth is adequate to run NewApp. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three)

A. Use a debug version of NewApp to collect information about NewApp.
B. Use Performance Monitor to collect data about the saturation of each WAN link.
C. Use Network Monitor to analyze the data that is transmitted over the network for App1.
D. Install SNMP on all computers that are connected to App1 to obtain information about App1.
E. Build a test environment for NewApp to analyze how much bandwidth is required for NewApp.

QUESTION NO: 2
You need to ensure that there is adequate bandwidth available to meet the service-level agreement requirements. Which action or actions should you perform? (Choose all that apply)

A. Upgrade all WAN lines in six months.
B. Upgrade all WAN lines prior to implementing NewApp.
C. Analyze the cause of a peak in network usage in February.
D. Analyze network usage characteristics for NewApp. Based on these results, create an upgrade plan for the WAN lines.

QUESTION NO: 3
You need to ensure that the network administrators are able to administer the NewApp database servers. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two)

A. Create an organizational unit (OU) for all users who log on to any of the NewApp servers.
B. Create an organizational unit (OU) named NewApp Users for the NewApp users.
C. Create an organizational unit (OU) named NewApp Servers for the NewApp servers.
D. Create a Group Policy object (GPO) for the NewApp Users OU to enforce the use of IPSec.
E. Create a global group for all NewApp servers. Add this group to the NewApp Servers OU.
F. Create a Group Policy object (GPO) for the NewApp Servers OU to enforce the use of smart cards.
G. Use the account properties to force all users who have to log on to the NewApp servers to use smart cards.

QUESTION NO: 4
You are designing a strategy for migrating the UNIX user accounts to Active Directory.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three)

A. Import the user accounts as inetOrgPerson objects.
B. Import the user accounts into Active Directory by using the Ldifde command-line tool.
C. Export all user accounts from the UNIX servers to a text file.
D. Export all user accounts and their passwords from the UNIX servers to a text file. Encrypt this file to achieve extra security.
E. Assign random passwords to each user object, and securely distribute the password to the users.
F. Create the same strong password for each user object, and require users to change their passwords at first logon.
G. Instruct users to use the same name and password as they used on the UNIX servers.

QUESTION NO: 5
You are designing a site topology to meet the business and technical requirements. What should you do?

A. Increase the replication interval between sites,
B. Use SMTP as the transport protocol for replication.
C. Create site links to represent the physical topology.
D. Disable the Knowledge Consistency Checker (KCC) and manually configure site replication.

QUESTION NO: 6
You are designing a NetBIOS name resolution strategy for all computers in all offices. What should you do? To answer, drag the appropriate name resolution component or components to the correct location or locations in the work area.




QUESTION NO: 7
You are designing a strategy to optimize the DNS name resolution for the satellite offices that connect to the branch offices by using ISDN lines. What should you do?

A. Use caching-only DNS servers at these satellite offices.
B. Configure a Hosts file for all client computers at these satellite offices.
C. Configure a DNS server to use WINS forward lookup at these satellite offices.
D. Place a DNS server with secondary zones of all domains at these satellite offices.

QUESTION NO: 8
You are designing the Active Directory infrastructure to meet the business and technical requirements. You run ADSizer, and find that it provides a solution that contains only one domain controller for Amsterdam. What should you do?

A. Place at least two domain controllers in Amsterdam.
B. Configure the domain controller as a bridgehead server.
C. Configure the domain controller as a global catalog server.
D. Distribute the users among sites in ADSizer and recalculate the number of domain controllers.

QUESTION NO: 9
You are designing a DHCP solution to meet the business and technical requirements. What should you do?

A. Increase the default lease time on all DHCP servers.
B. Split all address ranges across multiple DHCP servers.
C. Configure duplicate scopes on at least two DHCP servers.
D. Force client computers to obtain an IP address from Automatic Private IP Addressing (APIPA).


没有评论:
标签:
订阅: 博文 (Atom)