SA4U Network Infrastructure Test - 3

City Power & Light is a large provider of electrical services for residential and
business customers throughout Europe.

The company purchases electricity from large power-producing companies, as well
as from small wind-energy providers, such as local farmers and ranchers.

Physical Locations
The company's main office is located in Amsterdam. The company has three branch
offices in the following locations:

Network Infrastructure
The following infrastructure requirements must be considered:
1. To improve customer service, information from App1 databases in all locations
must be consolidated in the NewApp database.

2. The number of services at the satellite offices must be kept to the absolute
minimum.

3. Client computers must always obtain a valid IP address, even when a DHCP
server is not available for 24 hours.

4. Field technicians must be able to connect directly to the NewApp database from
their portable computers by using a remote connection. They will connect to the
nearest branch office when they have to make a remote connection.
Users

The following user requirements must be considered:

1. All users must have Microsoft Office and NewApp automatically deployed on
their desktop computers. Network administrators at the branch offices must be able
to decide which components of Office get installed at their locations.

2. Resetting user passwords will be delegated to each user's manager. All customer
service representatives need to be able to reset the passwords of the wind-energy
providers.

QUESTION NO: 1

You need to evaluate whether the currently available network bandwidth is
adequate to run NewApp.
Which three actions should you perform? (Each correct answer presents part of the
solution. Choose three)

A. Use a debug version of NewApp to collect information about NewApp.

B. Use Performance Monitor to collect data about the saturation of each WAN link.

C. Use Network Monitor to analyze the data that is transmitted over the network for
App1.

D. Install SNMP on all computers that are connected to App1 to obtain information about App1.

E. Build a test environment for NewApp to analyze how much bandwidth is required for
NewApp. The future of IT certification, www.real-exams.com

Answer: B, C, E

Explanation:

Performance Monitor, which is replaced by System Monitor in Windows Server 2003,
allows us to obtain stats on total bandwidth used. The System Monitor is designed for
real-time reporting of data to a console interface, and can be reported in graph,
histogram, or numeric form. SNMP allows for the monitoring the status of network components. A test environment would be ideal in this case to prevent disruption of the active network.


QUESTION NO: 2

You need to ensure that there is adequate bandwidth available to meet the
service-level agreement requirements.
Which action or actions should you perform? (Choose all that apply)

A. Upgrade all WAN lines in six months.

B. Upgrade all WAN lines prior to implementing NewApp.

C. Analyze the cause of a peak in network usage in February.

D. Analyze network usage characteristics for NewApp.

Based on these results, create an upgrade plan for the WAN lines.

Answer: C, D

Explanation:

This option allows you to obtain a baseline of the network usage.
The case study stated that they would only upgrade the WAN links if justified. Keeping a running report on the effects of NewApp would allow this.

Incorrect Options:

A and B: These options are invalid, since the case study stated that they would only
upgrade the WAN links if justified.


QUESTION NO: 3

You need to ensure that the network administrators are able to administer the
NewApp database servers.
Which two actions should you perform? (Each correct answer presents part of the
solution. Choose two)

A. Create an organizational unit (OU) for all users who log on to any of the NewApp
servers.

B. Create an organizational unit (OU) named NewApp Users for the NewApp users.

C. Create an organizational unit (OU) named NewApp Servers for the NewApp servers.

D. Create a Group Policy object (GPO) for the NewApp Users OU to enforce the use of
IPSec.

E. Create a global group for all NewApp servers. Add this group to the NewApp Servers
OU.

F. Create a Group Policy object (GPO) for the NewApp Servers OU to enforce the use of
smart cards.

G. Use the account properties to force all users who have to log on to the NewApp
servers to use smart cards.

Answer: C, F

Explanation:

The case study says "Network Administrators should only be allowed to access NewApp
database server by using smart card authentication. However, network administrator must be able to log on to users computers to fix problems without using a smart card".

Answer C and F combined would create the OU for the NewApp servers and then force
anyone logging into the server directly (network administrators) to use smart cards. Since customers and users will be using the web based NewApp they will not be logging on interactively so the GPO won't apply to them
An organizational unit (OU) is an Active Directory container object used within a
domain. An OU is a logical container into which you can place users, groups, computers, and other OUs. It can contain objects only from its parent domain. An OU is the smallest scope to which you can apply a Group Policy or delegate authority.
Smart Card Is Required For Interactive Logon - is an option used to designate that
the user must use a smart card during the authentication process, which is found in Account Properties by clicking the account tab. Smart cards are portable, tamper-resistant hardware devices that store unique identification information for a user. They are inserted into a card reader attached to a computer and provide an additional physical identification component to the authentication process.

Incorrect Options:

G: Turning this setting on would require smart card logon to all computers not just the app servers because it is tied with the user account not the server account.


QUESTION NO: 4

You are designing a strategy for migrating the UNIX user accounts to Active
Directory.
Which three actions should you perform? (Each correct answer presents part of the
solution. Choose three)

A. Import the user accounts as inetOrgPerson objects.

B. Import the user accounts into Active Directory by using the Ldifde command-line
tool.

C. Export all user accounts from the UNIX servers to a text file.

D. Export all user accounts and their passwords from the UNIX servers to a text file.
Encrypt this file to achieve extra security.

E. Assign random passwords to each user object, and securely distribute the password to the users.

F. Create the same strong password for each user object, and require users to change their passwords at first logon.

G. Instruct users to use the same name and password as they used on the UNIX servers.

Answer: B, C, F

Explanation:

The LDIFDE tool can be used to import user accounts into AD, so it is correct to export the accounts to a text file and then import them using LDIFDE. However, passwords cannot be added using LDIFDE upon object creation. Passwords can be modified using the following command:

ldifde -i -f chPwd.ldif -t 636 -s dcname -b username domain password
Here's the line in the MS doc that refers to that:
The password attribute used by Active Directory is "unicodePwd." This attribute can be written under restricted conditions, but cannot be read. This attribute can only be modified, not added on object creation or read by a search.
A strong password is a password that provides an effective defense against unauthorized access to a resource.

Incorrect Options:

A: InetOrgPerson is an object-similar to a user object-that is used to migrate users from other Lightweight Directory Access Protocol (LDAP) directory services to Active
Directory, not from one OS to another.
D: Passwords cannot be added using LDIFDE upon object creation.
G: This cannot be done, since the password attribute for UNIX and Active Directory is
different.


QUESTION NO: 5

You are designing a site topology to meet the business and technical requirements.
What should you do?

A. Increase the replication interval between sites,

B. Use SMTP as the transport protocol for replication.

C. Create site links to represent the physical topology.

D. Disable the Knowledge Consistency Checker (KCC) and manually configure site
replication.

Answer: C

Explanation:

A site link is an Active Directory object that represents the physical connectivity between two or more sites. For replication to occur between sites, you must establish a link between the sites. There are two components to this link: the actual physical connection between the sites (usually a WAN link) and a site link object. The site link object determines the protocol used for transferring replication traffic (IP or SMTP) and governs when replication is scheduled to occur.
Incorrect Options:

A: The scenario states: "Replication latency between sites must be minimized." This
option reduces the amount of traffic over the WAN, but also increases replication
latency.
B: SMTP can be used for replication between sites that are not connected with permanent connections (which are required for RPCs).
D: Knowledge Consistency Checker (KCC) is a built-in service that runs on all
domain controllers and automatically establishes replication connections between
domain controllers in the same site and between bridgehead servers in different sites.


QUESTION NO: 6

You are designing a strategy to optimize the DNS name resolution for the satellite
offices that connect to the branch offices by using ISDN lines.
What should you do?

A. Use caching-only DNS servers at these satellite offices.

B. Configure a Hosts file for all client computers at these satellite offices.

C. Configure a DNS server to use WINS forward lookup at these satellite offices.

D. Place a DNS server with secondary zones of all domains at these satellite offices.

Answer: A

Explanation:

A caching-only server, as its name implies, caches the answers to queries and returns the results. This saves time and reduces network traffic because calls to multiple DNS servers are not required.

Incorrect Options:

B: HOSTS files, still in use on some networks, are a predecessor to DNS and are files
with static mappings of hostnames to IP addresses.
C: You use the WINS tab or the WINS-R tab in reverse lookup zones-to configure
Windows Internet Name Service (WINS) servers to aid in name resolution for a given
zone after DNS servers have failed to resolve a queried name.
D: This kind of zone is an authoritative backup zone for the primary zone or for other secondary zones.


QUESTION NO: 7

You are designing the Active Directory infrastructure to meet the business and
technical requirements. You run ADSizer, and find that it provides a solution that
contains only one domain controller for Amsterdam.
What should you do?

A. Place at least two domain controllers in Amsterdam.

B. Configure the domain controller as a bridgehead server.

C. Configure the domain controller as a global catalog server.

D. Distribute the users among sites in ADSizer and recalculate the number of domain
controllers.

Answer: A

Explanation:

This question may be ambiguous, but it does only speak about the Amsterdam office.
Presumably, other offices have also been assigned Domain Controllers.
The problem is not to distribute the users in the Amsterdam office among sites; rather AD Sizer believes that one DC can handle the logon requests. The case study states the need for 24-7 availability, and two domain controllers in a site would allow for this as it increases fault tolerance.

Incorrect Options:

B: A bridgehead server is a server that is responsible for transferring directory replication information between sites.
C: A global catalog server is a domain controller that stores a read-only copy of all
Active Directory objects in a forest, with the exception of objects stored in application directory partitions. Global catalog servers are used to store universal group membership information, authenticate users who log on using a UPN, and facilitate searches for objects across the entire forest.


QUESTION NO: 8


You are designing a DHCP solution to meet the business and technical
requirements.
What should you do?

A. Increase the default lease time on all DHCP servers.

B. Split all address ranges across multiple DHCP servers.

C. Configure duplicate scopes on at least two DHCP servers.

D. Force client computers to obtain an IP address from Automatic Private IP Addressing
(APIPA).

Answer: B

Explanation:

We need the users to receive an IP address from the DHCP server even if it is not
available for 24 hours. Configuring 2 DHCP servers, with split address ranges, would add redundancy.

Incorrect Options:

A: It is a best practice not to set your lease duration too high, because other DHCP
clients on your network may be unable to obtain an IP address lease if all addresses are used up before current leases expire.
C: Scopes provide the essential means for the server to manage distribution and
assignment of IP addresses and of any related configuration parameters to clients on the network. This means that duplicating it would cause conflict in the IP addressing.
D: If you do not have a DHCP server, the new interface will obtain a network address
using Automatic Private IP Addressing (APIPA).

0 comments:

Post a Comment