Vendor: Microsoft Exam Code: 70-297 Exam Name: Designing a Windows Server 2003 Active Directory and Network Infrastructure Version: DEMO
1: Overview Litware, Inc., is a corporate management company that manages the internal operations for its business customers. Internal operations include sales, accounting, and payroll. Physical Locations Litware, Inc., has two main offices in the following locations: • New York • Chicago Each office has approximately 300 users. The New York office has a branch office in Boston. The Boston office has approximately 100 users. Staff in the Boston exclusively office work on projects for customers in the New York office. The Boston office has no customers of its own. Planned Changes As part of its initiative to streamline the IT environment and increase network security, the company has decided to implement a Windows Server 2003 Active Directory environment. The New York office is currently in negotiations to secure Contoso, Ltd., as a new customer. Business Processes Litware, Inc., manages the business operations for eight business customers. For each customer, Litware, Inc. has a dedicated staff that works exclusively with that customer. Users require access only to project data for the customers to which they have been directly assigned. The New York and Chicago offices are responsible for their own customers and maintain them separately. Each individual customer project is listed in the following table. Customers name Managed by Alpine Ski House New York Baldwin Museum of Science Chicago Coho Vineyard New York Fabrikam, Inc. New York Humongous Insurance Chicago Lucerne Publishing New York Wingtip Toys Chicago Woodgrove Bank Chicago The chief information officer is the only person who is authorized to implement any changes that will impact the entire company. Roles and responsibilities in the IT department are shown in the following table.
Directory Services Currently, Litware, Inc., has two Windows NT 4.0 domains configured a shown in the Existing Domain Model exhibit.
The New York domain contains user and computer accounts for both the New York and Boston offices. The Chicago domain contains user and computer accounts for the Chicago office. Litware, Inc., users require access only to project data for the customers to which they have been directly assigned. They also require access to internal company resources, such as a time-building application that is hosted in the New York office. Accounting auditors and executives require access to data from all customer projects to perform quarterly reports, account reviews, and billing verifications. Account auditors and executives are located in both New York and Chicago offices, and frequently travel between offices. Network Infrastructure The existing network infrastructure is shown in the Existing Network Infrastructure exhibit.
All Internet access is provided through a proxy server located in the New York office. The proxy server provides Internet name resolution on behalf of the client computers.
To reduce the burden on IT staff, trusted individuals within the organization should be identified to help reduce the IT administrative burden. Office Worker We want to be able to access the internal network from our home computers. Business Drivers The following business requirements must be considered: The company wants access to the network to remain easy and intuitive. A company policy now states that user logon names and e-mail addresses should be identical. Currently, each user has an e-mail address made up of that user??s first initial and last name, and an additional domain name indicating the region that manages that user??s account. For example, the user Nicole Caron from the New York office has the e-mail address of firstname.lastname@example.org. The user Luis Bonifaz from Chicago has the e-mail address of email@example.com. The domain name litwareinc.com has been registered. To ensure reliability in the event of a single WAN link failure, users should continue to authenticate on the network. Additionally, all domains should be fault tolerant in the event of a single domain controller failure. VPN access will be provided to enable user access to customer data outside of regular business hours. VPN connections will be assigned through the New York office. Organizational Goals The following organizational requirements must be considered: As part of the negotiations between Contoso, Ltd., and the New York office, Litware, Inc., has agreed to ensure that all users who require access to Contoso, Ltd., data must have complex passwords that are a minimum of 10 characters in length. The company has also agreed that management of Contoso, Ltd., data must be completely isolated from all other Litware, Inc., data. This included the ability to manage security of Contoso, Ltd., resources. There will be no exceptions. Planning for other aspects of how Contoso, Ltd., will integrate with the Litware, Inc., environment is premature at this point. However, a quick migration solution for the existing environment must be identified to allow for this anticipated growth. Litware, Inc., account auditors and executives from the New York and Chicago offices will require limited access to Contoso, Ltd., data. Security The following security requirements must be considered: A new Web-based interface will be implemented for the time-billing application running on SQL1. This application will use IIS, and will require the use of IP filtering that uses computer host names for security purposes. Only authorized computers within the internal Litware, Inc., network will be given access to the time-billing application. Active Directory The following Active Directory requirements must be considered: The network administrators in the Chicago and New York offices will retain their current responsibilities, such as the management of user accounts, servers, and domain controllers for their regions. There should be no overlap between their administrative authority. There is a need to allow trusted individuals responsible for each customer project to manage user
account information. Responsibilities will include the ability to reset passwords and define personal user information on user accounts, such as phone numbers and addresses. The trusted individuals will be allowed to manage only user accounts within the customer project to which they have been assigned. Network Infrastructure The following infrastructure requirements must be considered: Users in the Chicago office access Internet-based resources frequently. This Internet-related traffic accounts for most of the bandwidth used between the Chicago and New York offices. Bandwidth utilization between these two offices is currently a cause for concern. Network traffic between the Chicago and New York offices must be minimized whenever possible. Because of the Boston office??s data access requirements, a high level of availability and reduced latency between the New York and Boston offices is required. Bandwidth utilization between the Boston and New York offices is minimal and is not a concern in the foreseeable future. A Windows Server 2003 computer will provide VPN access to the network by using both L2TP and PPTP. Usage statistics will be gathered over time to identify which users establish VPN connections to the network, and the duration of their connections. These usage statistics will help the company track trends and plan for future growth. The network administrator in Chicago has extensive knowledge of DNS, and will manage the implementation of the DNS infrastructure for the Litware. Inc., network. The DNS structure must be secured against any unauthorized modifications, but also must be easy to maintain and manage.
2: You are designing a forest and domain structure to address the concerns of Contoso, Ltd., and to meet the business and technical requirements. You want to use the minimum number of domains and forests that are required. Which domain structure should you use? A.one forest and two domains B.one forest and three domains C.one forest and four domains D.two forests and three domains E.two forests and four domains Correct Answers: E
3: You are designing the top-level organizational unit (OU) structure to meet the administrative requirements. What should you do? A.Create a top-level OU named New York. Place all user and computer accounts from New York in the New York OU. B.Create a top-level OU named Chicago. Place all user and computer accounts from Chicago in the Chicago OU. C.Create a top-level OU named Coho. Place all user and computer accounts that are assigned to the Coho Vineyard customer project in the Coho OU. D.Create a top-level OU named Sales. Place all user and computer accounts from the sales department in the Sales OU. Correct Answers: C
4: You are designing a security group strategy to meet the business and technical requirements. What should you do? A.Create one global group named G_Executives. Make all executive user accounts members of that group. B.Create two global groups named G_Executives and one universal group named U_Executives. Make the two global groups members of U_Executives. Make the executive user accounts members of the appropriate global group. C.Create three global groups named G_NY_Executives and G_Chi_Executives and G_Executives. Make G_NY_Executives and G_Chi_Executives members of G_Executives. Make the executive user accounts members of the appropriate global group. D.Create one domain local group named DL_Executives. Make all executive user accounts members of that group. Correct Answers: B
5: You are designing an Active Directory implementation strategy to present to executives from your company and from Contoso, Ltd. Which implementation strategy should you use? A.Upgrade the New York domain. Upgrade the Chicago domain. Create a pristine forest for Contoso, Ltd. B.Create a pristine forest. Upgrade the New York domain. Upgrade the Chicago domain. Do nothing further. C.Create a pristine forest. Upgrade the New York domain. Upgrade the Chicago domain. Create a pristine forest for Contoso, Ltd. D.Create a pristine forest. Upgrade the New York domain. Upgrade the Chicago domain. Create a new child domain for Contoso, Ltd. Correct Answers: C
6: You are designing the DNS infrastructure to meet the business and technical requirements. What should you do? A.Create an Active Directory-integrated zone on DC4. Set the replication scope to all DNS servers in the domain. B.Create an Active Directory-integrated zone on DC5. Set the replication scope to all DNS servers in the forest. C.Create an Active Directory-integrated zone on any domain controller in the forest root domain. Set the replication scope to all domain controllers in the domain. D.Create a standard primary zone on DC4. E.Create a standard primary zone on any domain controller in the forest root domain. Correct Answers: B
7: You are designing a DNS implementation strategy for the network. Which two zone types should you use? (Each correct answer presents part of the solution. Choose two.) A.reverse lookup zones B.standard primary zones C.standard secondary zones D.Active Directory-integrated zones
Correct Answers: A D
8: You are designing a strategy to upgrade the DHCP servers after the new Active Directory structure is in place. Who can authorize the DHCP servers? (Choose all that apply.) A.chief information officer B.IT support staff in Boston C.IT support staff in New York D.network administrator in Chicago E.network administrator in New York Correct Answers: A
9: You are designing the placement of the global catalog servers. You want to use the minimum number of global catalog servers that are required. Which design should you use? A.one global catalog server in New York B.two global catalog servers in New York C.one global catalog server in Chicago and one global catalog server in New York D.two global catalog servers in Chicago and two global catalog servers in New York E.one global catalog server in Chicago, one global catalog server in New York, and one global catalog server in Boston Correct Answers: E
10: You are designing an IP addressing strategy for your VPN solution. How many public IP addresses should you use? A.1 B.25 C.50 D.255 Correct Answers: A