2203 Network Infrastructure Test - 5


The following infrastructure requirements must be considered:
1. Users in the Chicago office access Internet-based resources frequently. This
Internet-related traffic accounts for most of the bandwidth used between the
Chicago and New York offices. Bandwidth utilization between these two offices is
currently a cause for concern. Network traffic between the Chicago and New York
offices must be minimized whenever possible.
2. Because of the Boston office's data access requirements, a high level of
availability and reduced latency between the New York and Boston offices is
required. Bandwidth utilization between the Boston and New York offices is
minimal and is not a concern in the foreseeable future.
3. A Windows Server 2003 computer will provide VPN access to the network by
using both L2TP and PPTP. Usage statistics will be gathered over time to identify
which users establish VPN connections to the network, and the duration of their
connections. These usage statistics will help the company track trends and plan for
future growth.
4. The network administrator in Chicago has extensive knowledge of DNS, and will
manage the implementation of the DNS infrastructure for the Litware. Inc.,
network.
5. The DNS structure must be secured against any unauthorized modifications, but
also must be easy to maintain and manage.


QUESTION NO: 1
You are designing a forest and domain structure to address the concerns of
Contoso, Ltd., and to meet the business and technical requirements. You want to use
the minimum number of domains and forests that are required.
Which domain structure should you use?
A. One forest and two domains.

B. One forest and three domains.
C. One forest and four domains.
D. Two forests and three domains.
E. Two forests and four domains.

Answer: E

Explanation:

This question address a concept Microsoft has recently adopted for Windows 2003:
isolation vs. autonomy. The "Organizational Goals" section of the case states:
The company has also agreed that management of Contoso, Ltd. data must be completely
isolated from all other Litware, Inc. data. This included the ability to manage security of
Contoso, Ltd. resources. There will be no exceptions. The key phrases in the case are "data must be completely isolated" and "included the ability to manage security". If Contoso becomes a sub-domain or OU in the Litware forest, there will always be higher level administrators (non-client related)
who canassign themselves rights to Contoso data. The security boundary for isolation is the
forest, and the answer should reflect that.

Use multiple forests when you need to provide support for multiple distinct companies or
when you need to provide autonomy or isolation to a unit within a company.

Incorrect Options:

A and C: To provide autonomy or isolation to a unit within a company, you need
multiple forests.
B: This option only provides for data autonomy for Contoso, which does not address the
case. D:


QUESTION NO: 2
You are designing the top-level organization unit (OU) structure to meet the
administrative requirements. What should you do?

A. Create a top-level OU named New York.
Place all user and computer accounts from New York in the New York OU.
B. Create a top-level OU named Chicago.
Place all user and computer accounts from Chicago in the Chicago OU.
C. Create a top-level OU named Coho.
Place all user and computer accounts that are assigned to the Coho Vineyard customer
project in the Coho OU.
D. Create a top-level OU named Sales.
Place all user and computer accounts from the sales department in the Sales OU.

Answer: C

Explanation:
The case study states: "To reduce the burden on IT staff, trusted individuals within the
organization should be identified to help reduce the IT administrative burden."
In the Active Directory section of the case study it states: "The trusted individuals will be
allowed to manage only user accounts within the customer project to which they have
been assigned." So we would create OU's for each project and Delegate Authority.
It is for this reason that A, B and D are incorrect.


QUESTION NO: 3
You are designing a security group strategy to meet the business and technical
requirements.
What should you do?

A. Create one global group named G_Executives.
Make all executives user accounts members of that group.
B. Create two global groups named G_Executives and one universal group named
U_Executives.
Make the two global members of U_Executives.
Make the executive user accounts members of the appropriate global group.
C. Create three global groups named G_NY_Executives and G_Chi_Executives and
G_Executives.
Make G_NY_Executives and G_Chi_Executives members of G_Executives.
Make the executive user accounts members of the appropriate global group.
D. Create one domain local group named DL_Executives.
Make all executive user accounts members of that group.

Answer: B

Explanation:
Global groups are used to gather users that have similar permissions requirements. One
of its characteristics is they can be assigned permissions or be added to local groups in
any domain in a forest. We have already established the need for two forests, so we also
need two global groups because each forest can have only one global group.
Universal groups are normally used to assign permissions to related resources in multiple
domains. Universal groups share the following characteristics:
1. Universal groups are available only when the forest functional level is set to Windows
2000 native or Windows Server 2003.
2. Universal groups exist outside the boundaries of any particular domain and are managed by Global Catalog servers.
1. Universal groups are used to assign permissions to related resources in
multipledomains.
2. Universal groups can contain users, global groups, and other universal groups from
any domain in a forest.
3. You can grant permissions for a universal group to any resource in any domain.

Incorrect Options:

A and C: Global groups cannot be applied across forests.
D: Domain local groups exist on domain controllers and are used to control access to
resources located on domain controllers in the local domain.


QUESTION NO: 4
You are designing an Active Directory implementation strategy to present to
executives from your company and from Contoso, Ltd.
Which implementation strategy should you use?

A. Upgrade the New York domain.
Upgrade the Chicago domain.
Create a pristine forest for Contoso, Ltd.
B. Create a pristine forest.
Upgrade the New York domain.
Upgrade the Chicago domain.
Do nothing further.

C. Create pristine forest.
Upgrade the New York domain.
Upgrade the Chicago domain.
Create a pristine forest for Contoso, Ltd.
D. Create a pristine forest.
Upgrade the New York domain.
Upgrade the Chicago domain.
Create a new child domain for Contoso, Ltd.

Answer: C

Explanation:
The case study states:"...the company has decided to implement a Windows Server 2003
Active Directory environment." It also says that "Currently, Litware, Inc. has two
Windows NT 4.0 domains..."

The Active Directory Installation Wizard simplifies upgrading a Windows NT domain to
Windows Server 2003 Active Directory. The Active Directory Installation Wizard
installs and configures domain controllers, which provide network users and computers
access to the Active Directory directory service. Any member server (except those with
restrictive license agreements) can be promoted to domain controllers using the Active
Directory Installation Wizard. During this process you will define one of the following
roles for the new domain controller:
1. New forest (also a new domain)
2. New child domain
3. New domain tree in an existing forest
4. Additional domain controller in an existing domain
By creating two new forests, you are providing isolation and. This satisfies the
organizational requirements.

Incorrect Options:

A and D: To provide autonomy or isolation to a unit within a company, you need
multiple forests.
B: This option only provides for data autonomy for Contoso, which does not address the
case.


QUESTION NO: 5
You are designing the DNS infrastructure to meet the business and technical
requirements.
What should you do?

A. Create an Active Directory-integrated zone on DC4.
Set the replication scope to all DNS servers in the domain.
B. Create an Active Directory-integrated zone on DC5.
Set the replications scope to all DNS servers in the forest.
C. Create an Active Directory-integrated zone on any domain controller in the forest root
domain.
Set the replication scope to all domain controllers in the domain.
D. Create a standard primary zone on DC4
E. Create a standard primary zone on any domain controller in the forest root domain.

Answer: B

Explanation:

The answers refer to a DC4 and DC5 which do not exist in the scenario - a diagram or
chart of some kind is missing. However, answer C does not make any sense. Typically
you will store the root domain DNS info in AD (AD-I zone) and set the replication to
Forest DNS Zones, i.e., to all DCs with DNS in the forest, especially the msdcs
subdomain, found in the root domain. Based on that simple fact, the answer is B,
assuming that DC5 is in the root domain of the forest.

You can control the replication scope of Domain Name System (DNS) zone data stored
in Active Directory so that only specific domain controllers in the forest participate in
DNS zone replication.


QUESTION NO: 6
You are designing a DNS implementation strategy for the network.
Which two zone types should you use? (Each correct answer presents part of the
solution. Choose two)

A. Reverse lookup zones
B. Standard primary zones
C. Standard secondary zones
D. Active Directory-integrated zones

Answer: A, D

Explanation:

Reverse lookup zones provide IP and Hostname restrictions for IIS.
Active Directory-integrated zones are fault tolerant and secure.

Incorrect Options:

C: This zone type is usually implemented when there is UNIX or older DNS systems in
place.
D: Secondary zones can increase fault tolerance and availability, but zone transfer traffic
can consume unacceptable amounts of bandwidth in some circumstances.


QUESTION NO: 7
You are designing a strategy to upgrade the DHCP servers after the new Active
Directory structure is in place.
Who can authorize the DHCP servers? (Choose all that apply)

A. Chief information officer
B. IT support staff in Boston
C. IT support staff in New York
D. Network administrator in Chicago
E. Network administrator in New York

Answer: A

The case study states: "The chief information officer is the only person who is authorized
to implement any changes that will impact the entire company."


QUESTION NO: 8
You are designing the placement of the global catalog servers. You want to use the
minimum number of global catalog servers that are required.
Which design should you use?

A. One global catalog server in New York.
B. Two global catalog servers in New York.
C. One global catalog server in Chicago and one global catalog server in New York.
D. Two global catalog servers in Chicago and two global catalog servers in New York.
E. One global catalog server in Chicago, one global catalog server in New York, and one
global catalog server in Boston.

Answer: E

Explanation:

The "Network Infrastucture" section of the case states that Boston requires high
availability and reduced latency. The only way to achieve these goals is to give them
their own GC which would process logons locally (universal group membership needs to
be checked during logon), instead of contacting a GC in the NY office. An argument
could be made that a DC in the Boston office could have universal group membership
caching enabled, thus removing the requirement for a local GC, but this was not an
option in the answer matrix.

QUESTION NO: 9
You are designing an IP addressing strategy for your VPN solution.
How many public addresses should you use?
A. 1
B. 25
C. 50
D. 255

Answer: A
Explanation:
VPN connections will be assigned through the New York office.

0 comments:

Post a Comment