Which three actions should you recommend performing in sequence?
DRAG DROP
###BeginCaseStudy###
Case Study: 4
Northwind Traders
Overview
Northwind Traders is a retail company.
The company has offices in Montreal and San Diego. The office in Montreal has 1,000 client
computers. The office in San Diego has 100 computers. The computers in the San Diego
office are often replaced. The offices connect to each other by using a slow WAN link. Each
office connects directly to the Internet.
Existing Environment
Active Directory Environment
The network contains an Active Directory forest named northwindtraders.com. The forest
contains two domains named northwindtraders.com and west.northwindtraders.com. All
servers run Windows Server 2012 R2.
All client computers run Windows 7.
Each office is configured as an Active Directory site. The site in the Montreal office is named
Site1. The site in the San Diego office is named Site2.
The forest contains four domain controllers. The domain controllers are configured as shown
in the following table.
DC1, DC2, and DC3 are writable domain controllers. R0DC1 is read-only domain controller
(RODC). All DNS zones are Active Directory-integrated. All zones replicate to all of the
domain controllers.
All of the computers in the San Diego office are configured to use RODC1 as their only DNS server.
The northwindtraders.com domain contains a Group Policy object (GPO) named GPO1.
GP01 is applied to all of the users in the Montreal office.
All of the user accounts for the Montreal users are in the northwindtraders.com domain. All
of the user accounts for the San Diego users are in the west.northwindtraders.com domain.
Network Environment
Site1 contains the member servers in the northwindtraders.com domain shown in the
following table.
Server1 connects to SAN storage that supports Offloaded Data Transfer (ODX). All virtual
hard disks (VHDs) are stored on the SAN.
A web application named App1 is installed on Servers.
Server3 has a shared folder that contains sales reports. The sales reports are read frequently
by the users in both offices. The reports are generated automatically once per week by an
enterprise resource planning (ERP) system.
A perimeter network in the Montreal office contains two standalone servers. The servers are
configured as shown in the following table.
The servers in the perimeter network are accessible from the Internet by using a domain name
suffix of public.northwindtraders.com.
Each administrator has a management computer that runs Windows 8.1.
Requirements
Planned Changes
Northwind Traders plans to implement the following changes:
On Server1, create four virtual machines that run Windows Server 2012 R2. The servers will
be configured as shown in the following table.
• Configure IP routing between Site1 and the network services that Northwind Traders
hosts in Windows Azure.
• Place a domain controller for the northwindtraders.com domain in Windows Azure.
• Upgrade all of the computers in the Montreal office to Windows 8.1.
• Purchase a subscription to Microsoft Office 365.
• Configure a web application proxy on Server6.
• Configure integration between VMM and IPAM.
• Apply GPO1 to all of the San Diego users.
• Connect Site1 to Windows Azure.
Technical Requirements
Northwind Traders must meet the following technical requirements:
• All virtual machines must use ODX.
• Users must be able to access App1 from the Internet.
• GPO1 must not be applied to computers that run Windows 8.1.
• All DNS zones must replicate only to DC1, DC2, and DC3.
• All computers must be able to resolve names by using a local DNS server.
• If a WAN link fails, users must be able to access all of the sales reports.
• The credentials for accessing Windows Azure must be permanently stored.
• The on-premises network must be connected to Windows Azure by using Server4.
• The administrators must be able to manage Windows Azure by using Windows
PowerShell.
• The number of servers and services deployed in the San Diego office must be
minimized.
• Active Directory queries for the objects in the forest must not generate WAN traffic,
whenever possible.
Security Requirements
Northwind Traders identifies the following security requirements:
• Ensure that all DNS zone data is encrypted when it is replicated.
• Minimize the number of permissions assigned to users and
administrators, whenever possible. Prevent an Active Directory Domain
Services (AD DS) attribute named SSNumber from replicating to Site2.
• Ensure that users can use their northwindtraders.com user account to
access the resources hosted in Office 365.
• Prevent administrators from being required to re-enter their credentials
when they manage Windows Azure from approved management computers.
###EndCaseStudy###
You need to recommend a solution for managing Windows Azure.
Which three actions should you recommend performing in sequence? To answer, move the
appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Does this meet the goal?
Your network contains 50 servers that run Windows Server 2003 and 50 servers that run
Windows Server 2008.
You plan to implement Windows Server 2012 R2.
You need to create a report that includes the following information:
• The servers that run applications and services that can be moved to Windows Server
2012 R2
• The servers that have hardware that can run Windows Server 2012 R2
• The servers that are suitable to be converted to virtual machines hosted on Hyper-V
hosts that run Windows Server 2012 R2
Solution: You install Windows Server 2012 R2 on a new server, and then you run Microsoft
Deployment Toolkit (MDT) 2012.
Does this meet the goal?
Does this meet the goal?
Your network contains 50 servers that run Windows Server 2003 and 50 servers that run
Windows Server 2008.
You plan to implement Windows Server 2012 R2.
You need to create a report that includes the following information:
• The servers that run applications and services that can be moved to Windows Server
2012 R2
• The servers that have hardware that can run Windows Server 2012 R2
• The servers that are suitable to be converted to virtual machines hosted on Hyper-V
hosts that run Windows Server 2012 R2
Solution: You install Windows Server 2012 R2 on a new server, and then you run the
Windows Server Migration Tools. Does this meet the goal?
Does this meet the goal?
Your network contains an Active Directory domain named contoso.com. The domain
contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate
network from the Internet, all of the traffic destined for the Internet must be routed through
the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the
security policy requirement
Solution: You set the ISATAP State to state disabled.
Does this meet the goal?
Does this meet the goal?
Your network contains an Active Directory domain named contoso.com. The domain
contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate
network from the Internet, all of the traffic destined for the Internet must be routed through
the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the
security policy requirement.
Solution: You enable split tunneling.
Does this meet the goal?
Does this meet the goal?
Your network contains an Active Directory domain named contoso.com. The domain
contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8.
Goal: You need to implement a solution to ensure that only the client computers that have all
of the required security updates installed can connect to VLAN 1. The solution must ensure
that all other client computers connect to VLAN 3.
Solution: You implement the 802.1x Network Access Protection (NAP) enforcement method.
Does this meet the goal?
Does this meet the goal?
Your network contains an Active Directory domain named contoso.com. The domain
contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8.
The corporate security policy states that all of the client computers must have the latest
security updates installed.
You need to implement a solution to ensure that only the client computers that have all of the
required security updates installed can connect to VLAN 1. The solution must ensure that all
other client computers connect to VLAN 3.
Solution: You implement the VPN enforcement method.
Does this meet the goal?
Does this meet the goal?
Your network contains an Active Directory domain named contoso.com. The domain
contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8.
The corporate security policy states that all of the client computers must have the latest
security updates installed.
You need to implement a solution to ensure that only the client computers that have all of the
required security updates installed can connect to VLAN 1. The solution must ensure that all
other client computers connect to VLAN 3.
Solution: You implement the DHCP Network Access Protection (NAP) enforcement method.
Does this meet the goal?
You need to ensure that only compliant client computers can access network resources through the new switch
Your network contains a server named Server1 that runs Windows Server 2012. Server1
has the Network Policy Server server role installed.
You configure Server1 as part of a Network Access Protection (NAP) solution that uses the
802.lx enforcement method,
You add a new switch to the network and you configure the switch to use 802.lx
authentication.
You need to ensure that only compliant client computers can access network resources
through the new switch.
What should you do on Server1?
What solution should you include in the recommendation?
Your network contains an Active Directory domain named contoso.com.
Your company has 100 users in the sales department. Each sales user has a domain-joined
laptop computer that runs either Windows 7 or Windows 8. The sales users rarely travel to
the company’s offices to connect directly to the corporate network.
You need to recommend a solution to ensure that you can manage the sales users’ laptop
computers when the users are working remotely.
What solution should you include in the recommendation?