###BeginCaseStudy###
Topic 7, Contoso, Ltd Case D
Overview
Contoso, Ltd., is a manufacturing company that makes several different components that are used in
automobile production. Contoso has a main office in Detroit, a distribution center in Chicago, and
branch offices in Dallas, Atlanta, and San Diego.
The contoso.com forest and domain functional level are Windows Server 2008 R2. All servers run
Windows Server 2012 R2, and all client workstations run Windows 7 or Windows 8. Contoso uses
System Center 2012 Operations Manager and Audit Collection Services (ACS) to monitor the
environment. There is no certification authority (CA) in the environment.
Current Environment
The contoso.com domain contains the servers as shown in the following table:

Contoso sales staff travel within the United States and connect to a VPN by using mobile devices to
access the corporate network. Sales users authenticate to the VPN by using their Active Directory
usernames and passwords. The VPN solution also supports certification-based authentication.
Contoso uses an inventory system that requires manually counting products and entering that count
into a database. Contoso purchases new inventory software that supports wireless handheld scanners
and several wireless handheld scanners. The wireless handheld scanners run a third party operating
system that supports the Network Device Enrollment Service (NDES).
Business Requirements
Security
The wireless handheld scanners must use certification-based authentication to access the wireless
network.
Sales users who use mobile devices must use certification-based authentication to access the VPN.
When sales users leave the company, Contoso administrators must be able to disable their VPN access
by revoking their certificates.
Monitoring
All servers must be monitored by using System Center 2012 Operating Manager. In addition to
monitoring the Windows operating system, you must collect security logs from the CA servers by using
ACS, and monitor the services that run on the CA and Certificate Revocation List (CRL) servers, such as
certification authority and web services.
Technical Requirements
CA Hierarchy
Contoso requires a two-tier CA hierarchy. The CA hierarchy must include a stand-alone offline root and
two Active Directory-integrated issuing CAs: one for issuing certificates to domain-joined devices, and
one for issuing certificates to non-domain-joined devices by using the NDES. CRLs must be published to
two web servers: one in Detroit and one in Chicago.
Contoso has servers that run Windows Server 2012 R2 to use for the CA hierarchy. The servers are
described in the following table:

The IT security department must have the necessary permissions to manage the CA and CRL servers. A
domain group named Corp-IT Security must be used for this purpose. The IT security department users
are not domain admins.
Fault Tolerance
The servers that host the CRL must be part of a Windows Network Load Balancing (NLB) cluster. The CRL
must be available to users in all locations by using the hostname crl.contoso.com, even if one of the
underlying web servers is offline.

###EndCaseStudy###

Your network contains an Active Directory domain named contoso.com. You currently have an intranet
web site that is hosted by two Web servers named Web1 and Web2. Web1 and Web2 run Windows
Server 2012. Users use the name intranet.contoso.com to request the web site and use DNS round
robin.
You plan to implement the Network Load Balancing (NLB) feature on Web1 and Web2.
You need to recommend changes to the DNS records for the planned implementation.
What should you recommend?

Your network contains two servers named Server1 and Server2 that run Windows Server 2012. Server1
and Server2 have the Hyper-V server role installed and are part of a host group named Group1 in
Microsoft System Center 2012 Virtual Machine Manager (VMM).
Server1 and Server2 have identical hardware, software, and settings.
You configure VMM to migrate virtual machines if the CPU utilization on a host exceeds 65 percent. The
current load on the servers is shown following table.

You start a new virtual machine on Server2 named VM8. VM8 has a CPU utilization of 20 percent.
You discover that none of the virtual machines hosted on Server2 are migrated to Server1.
You need to ensure that the virtual machines hosted on Server2 are migrated to Server1.
What should you modify from the Dynamic Optimization configuration?

Your network contains an Active Directory domain. The domain contains 10 file servers. The file servers
connect to a Fibre Channel SAN. You plan to implement 20 Hyper-V hosts in a failover cluster.
The Hyper-V hosts will not have host bus adapters (HBAs).
You need to recommend a solution for the planned implementation that meets the following
requirements:
 The virtual machines must support live migration.
 The virtual hard disks (VHDs) must be stored on the file servers.
Which two technologies achieve the goal? Each correct answer presents a complete solution.

Your network contains two data centers named DataCenter1 and DataCenter2. The two data centers are
connected by using a low-latency high-speed WAN link.
Each data center contains multiple Hyper-V hosts that run Windows Server 2012. All servers connect to a
Storage Area Network (SAN) in their local data center.
You plan to implement 20 virtual machines that will be hosted on the Hyper-V hosts.
You need to recommend a hosting solution for the virtual machines.
The solution must meet the following requirements:
 Virtual machines must be available automatically on the network if a single Hyper-V host fails.
 Virtual machines must be available automatically on the network if a single data center fails.
What should you recommend?

You have a Hyper-V host named Hyper1 that has Windows Server 2012 installed. Hyper1 hosts 20 virtual
machines.
Hyper1 has one physical network adapter.
You need to implement a networking solution that evenly distributes the available bandwidth on Hyper1
to all of the virtual machines.
What should you modify?A. The settings of the virtual switch

HOTSPOT
You plan to implement a virtualization solution to host 10 virtual machines. All of the virtual machines
will be hosted on servers that run Windows Server 2012.
You need to identify which servers must be deployed for the planned virtualization solution.
The solution must meet the following requirements:
• Minimize the number of servers.
• Ensure that live migration can be used between the hosts.
Which servers should you identify?
To answer, select the appropriate servers in the answer area.

Your network contains a Hyper-V cluster named Cluster1.
You install Microsoft System Center 2012 Virtual Machine Manager (VMM).
You create a user account for another administrator named User1.
You plan to provide User1 with the ability to manage only the virtual machines that User1 creates.
You need to identify what must be created before you delegate the required permissions.
What should you identify?

Your network contains an Active Directory domain named contoso.com. The domain contains a
Microsoft System Center 2012 infrastructure.
You deploy a second System Center 2012 infrastructure in a test environment.
You create a service template named Template1 in both System Center 2012 infrastructures.
For self-service users, you create a service offering for Template1. The users create 20 instances of
Template1.
You modify Template1 in the test environment. You export the service template to a file named
Template1.xml.
You need to ensure that the changes to Template1 can be applied to the existing instances in the
production environment.
What should you do when you import the template?

Your network contains an Active Directory domain named contoso.com. The domain contains four
servers on a test network. The servers are configured as shown in the following table.

Server1 uses the storage shown in the following table.

You perform the following tasks:
 On Server2, you create an advanced SMB share named Share2A and an applications SMB share
named Share2B.
 On Server3, you create an advanced SMB share named Share3.
 On Server4, you create an applications SMB share named Share4.
 You add Server3 and Server4 to a new failover cluster named Clus1.
 On Clus1, you configure the File Server for general use role, you create a quick SMB share
named Share5A, and then you create an applications SMB share named Share5B.
You plan to create a failover cluster of two virtual machines hosted on Server1. The clustered virtual
machines will use shared .vhdx files.
You need to recommend a location to store the shared .vhdx files.
Where should you recommend placing the virtual hard disk (VHD)?

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server
2012 R2. The network contains a System Center 2012 R2 Data Protection Manager (DPM) deployment.
The domain contains six servers. The servers are configured as shown in the following table.

You install System Center 2012 R2 Virtual Machine Manager (VMM) on the nodes in Cluster2.
You configure VMM to use a database in Cluster1. Server5 is the first node in the cluster.
You need to back up the VMM encryption key.
What should you back up?