What should you recommend?
###BeginCaseStudy###
Case Study: 17
Graphic Design Institute, Case B
General Background
You are the systems administrator for the Graphic Design Institute (GDI). GDI is a private
liberal arts and technical college with campuses in multiple cities.
Technical Background
The campus locations, users, client computers, and servers are described in the following
table.
The campuses are connected by a fully meshed WAN.
The corporate network includes Active Directory Domain Services (AD DS). Domain
controllers are located on each campus.
GDI uses Microsoft Windows Deployment Server (WDS) to distribute images by using
Preboot Execution Environment (PXE). GDI builds images by using the Windows
Automated Installation Kit (WAIK).
GDI uses Microsoft Windows Server Update Services (WSUS) to distribute and manage
Windows security updates and software updates. All private client computers and portable
computers used by faculty and staff are members of the WSUS computer group named Staff.
All shared client computers are members of the WSUS computer group named
LabComputers. All faculty and staff users are members of the global security group named
GDI_Staff. All students are members of the global security group named GDI_Students.
Specific servers are configured as shown in the following table.
The main data center is located on the Boston campus. ADMX and ADML files are centrally
stored on BODC01.
All Charlotte servers reside in the CH_Servers organizational unit (OU). CHDATA01,
CHDATA02, CHDATA03, and CHDATA04 reside in the CH_FileServers OU.
CH_FileServers is a child OU of CH_Servers.
A Group Policy object (GPO) named ServerSettings App1ies Windows Internet Explorer
settings to all servers.
Business Requirements
After successful migrations to Windows Server 2008 R2 in Boston, New Haven, and
Tacoma, GDI plans to migrate its other campuses to Windows Server 2008 R2 in advance of
a full Windows 7 client computer deployment. Server deployment on the Austin campus must
be performed on weekends by using scheduled deployments. The post-migration environment
must meet the following business requirements:
• Maximize security
• Maximize data protection
• Maximize existing resources
• Minimize downtime
Technical Requirements
The post-migration environment must meet the following security requirements:
• All updates must be distributed by using WSUS.
• All critical updates must be installed as soon as possible.
• All drives on the Minneapolis campus servers must have Windows BitLocker Drive
Encryption enabled.
The post-migration environment must meet the following data protection requirements:
• All servers must have automated backup routines.
• All backups must be replicated to the Boston data center at the end of each business
week.
• The post-migration environment must meet the following resource requirements:
• Installations and recovery must be performed remotely.
• All department volumes on file servers must have NTFS quotas.
• Minimize download time for users who open Microsoft Office documents over the
WAN.
• Ensure that users’ files are always opened from the closest file server when available.
• Users’ files must be accessible by the same path from all campuses.
###EndCaseStudy###
You are planning the migration of client computers on the Northridge campus to Windows 7. Due to
compatibility concerns, the Northridge campus servers will not be migrated to Windows Server 2008
R2. The Northridge campus uses customized options in the inters.adm and system.adm
administrative templates to handle key security restrictions. You need to ensure that the security
restrictions will be applied to the migrated client computers. What should you recommend?
What should you recommend?
###BeginCaseStudy###
Case Study: 18
Tailspin Toys
Scenario
General Background
You are the Windows server administrator for Tailspin Toys. Tailspin Toys has a main office
and a manufacturing office. Tailspin Toys recently acquired Wingtip Toys and is in the
beginning stages of merging the IT environments. Wingtip Toys has a main office and a sales
office.
Technical Background
The companies use the network subnets indicated in the following table.
The Tailspin Toys network and the Wingtip Toys network are connected by a point-to-point
dedicated 45 Mbps circuit that terminates in the main offices.
Tailspin toys
The current Tailspin Toys server topology is shown in the following table.
The Tailspin Toys environment has the following characteristics:
• All servers are joined to the tailspintoys.com domain.
• In the Default Domain Policy, the Retain old events Group Policy setting is enabled.
• An Active Directory security group named “Windows system administrators” is
used to control all files and folders on TT-PRINT01.
• A Tailspin Toys administrator named Marc has been delegated rights to multiple
organizational units (OUs) and object in the tailspintoys.com domain.
• Tailspin Toys developers use Hyper-V virtual machines (VMs) for development.
There are 20 development VMs named TT-DEV01 through TT-DEV20.
Wingtip Toys
The current Wingtip Toys server topology is shown in the following table.
All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
• All domain zones must be stored as Active Directory-integrated zones.
• Only DNS servers located in the Tailspin Toys main office may communicate with
DNS servers at Wingtip Toys.
• Only DNS servers located in the Wingtip Toys main office may communicate with
DNS servers at Tailspin Toys.
• All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
• All wingtiptoys.com resources must be resolved from the Tailspin Toys offices.
• Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys
computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met:
• Tailspin Toys IT security administrators must be able to create, modify, and delete
user objects in the wingtiptoys.com domain.
• Members of the Domain Admins group in the tailspintoys.com domain must have full
access to the wingtiptoys.com Active Directory environment.
• A delegation policy must grant minimum access rights and simplify the process of
delegating rights.
• Minimum permissions must always be delegated to ensure that the least privilege is
granted for a job or task.
• Members of the TAILSPINTOYS\HeIpdesk group must be able to update drivers and
add printer ports on TT-PRINT01.
• Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print
job on TT-PRINT01.
• Tailspin Toys developers must be able to start, stop, and Apply snapshots to their
development VMs.
IT Security
You must ensure that the following IT security requirements are met:
• Server security must be automated to ensure that newly deployed servers
automatically have the same security configuration as existing servers.
• Auditing must be configured to ensure that the deletion of user objects and OUs is
logged.
• Microsoft Word and Microsoft Excel files must be automatically encrypted when
uploaded to the Confidential document library on the Tailspin Toys Microsoft SharePoint
site.
• Multifactor authentication must control access to Tailspin Toys domain controllers.
• All file and folder auditing must capture the reason for access.
• All folder auditing must capture all delete actions for all existing folders and newly
created folders.
• New events must be written to the Security event log in the tailspintoys.com domain
and retained indefinitely.
• Drive X:\ on TT-FILE01 must be encrypted by using Windows BitLocker Drive
Encryption and must automatically unlock.
###EndCaseStudy###
You need to recommend a solution to migrate shared printers from the print server at Wingtip Toys
to the print server at Tailspin Toys. What should you recommend?
What should you recommend?
###BeginCaseStudy###
Case Study: 18
Tailspin Toys
Scenario
General Background
You are the Windows server administrator for Tailspin Toys. Tailspin Toys has a main office
and a manufacturing office. Tailspin Toys recently acquired Wingtip Toys and is in the
beginning stages of merging the IT environments. Wingtip Toys has a main office and a sales
office.
Technical Background
The companies use the network subnets indicated in the following table.
The Tailspin Toys network and the Wingtip Toys network are connected by a point-to-point
dedicated 45 Mbps circuit that terminates in the main offices.
Tailspin toys
The current Tailspin Toys server topology is shown in the following table.
The Tailspin Toys environment has the following characteristics:
• All servers are joined to the tailspintoys.com domain.
• In the Default Domain Policy, the Retain old events Group Policy setting is enabled.
• An Active Directory security group named “Windows system administrators” is
used to control all files and folders on TT-PRINT01.
• A Tailspin Toys administrator named Marc has been delegated rights to multiple
organizational units (OUs) and object in the tailspintoys.com domain.
• Tailspin Toys developers use Hyper-V virtual machines (VMs) for development.
There are 20 development VMs named TT-DEV01 through TT-DEV20.
Wingtip Toys
The current Wingtip Toys server topology is shown in the following table.
All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
• All domain zones must be stored as Active Directory-integrated zones.
• Only DNS servers located in the Tailspin Toys main office may communicate with
DNS servers at Wingtip Toys.
• Only DNS servers located in the Wingtip Toys main office may communicate with
DNS servers at Tailspin Toys.
• All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
• All wingtiptoys.com resources must be resolved from the Tailspin Toys offices.
• Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys
computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met:
• Tailspin Toys IT security administrators must be able to create, modify, and delete
user objects in the wingtiptoys.com domain.
• Members of the Domain Admins group in the tailspintoys.com domain must have full
access to the wingtiptoys.com Active Directory environment.
• A delegation policy must grant minimum access rights and simplify the process of
delegating rights.
• Minimum permissions must always be delegated to ensure that the least privilege is
granted for a job or task.
• Members of the TAILSPINTOYS\HeIpdesk group must be able to update drivers and
add printer ports on TT-PRINT01.
• Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print
job on TT-PRINT01.
• Tailspin Toys developers must be able to start, stop, and Apply snapshots to their
development VMs.
IT Security
You must ensure that the following IT security requirements are met:
• Server security must be automated to ensure that newly deployed servers
automatically have the same security configuration as existing servers.
• Auditing must be configured to ensure that the deletion of user objects and OUs is
logged.
• Microsoft Word and Microsoft Excel files must be automatically encrypted when
uploaded to the Confidential document library on the Tailspin Toys Microsoft SharePoint
site.
• Multifactor authentication must control access to Tailspin Toys domain controllers.
• All file and folder auditing must capture the reason for access.
• All folder auditing must capture all delete actions for all existing folders and newly
created folders.
• New events must be written to the Security event log in the tailspintoys.com domain
and retained indefinitely.
• Drive X:\ on TT-FILE01 must be encrypted by using Windows BitLocker Drive
Encryption and must automatically unlock.
###EndCaseStudy###
You are planning for the IT integration of Tailspin Toys and Wingtip Toys. The company has decided
on the following name resolution requirements:
• Name resolution for Internet-based resources must continue to operate by using the same
DNS servers as prior to the merger.
• The existing connectivity between Tailspin Toys and Wingtip Toys must be used for all
network communication.
• The documented name resolution goals must be met.
You need to provide a name resolution solution that meets the requirements. What should you
recommend? (Choose all that Apply.)
What should you recommend?
###BeginCaseStudy###
Case Study: 18
Tailspin Toys
Scenario
General Background
You are the Windows server administrator for Tailspin Toys. Tailspin Toys has a main office
and a manufacturing office. Tailspin Toys recently acquired Wingtip Toys and is in the
beginning stages of merging the IT environments. Wingtip Toys has a main office and a sales
office.
Technical Background
The companies use the network subnets indicated in the following table.
The Tailspin Toys network and the Wingtip Toys network are connected by a point-to-point
dedicated 45 Mbps circuit that terminates in the main offices.
Tailspin toys
The current Tailspin Toys server topology is shown in the following table.
The Tailspin Toys environment has the following characteristics:
• All servers are joined to the tailspintoys.com domain.
• In the Default Domain Policy, the Retain old events Group Policy setting is enabled.
• An Active Directory security group named “Windows system administrators” is
used to control all files and folders on TT-PRINT01.
• A Tailspin Toys administrator named Marc has been delegated rights to multiple
organizational units (OUs) and object in the tailspintoys.com domain.
• Tailspin Toys developers use Hyper-V virtual machines (VMs) for development.
There are 20 development VMs named TT-DEV01 through TT-DEV20.
Wingtip Toys
The current Wingtip Toys server topology is shown in the following table.
All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
• All domain zones must be stored as Active Directory-integrated zones.
• Only DNS servers located in the Tailspin Toys main office may communicate with
DNS servers at Wingtip Toys.
• Only DNS servers located in the Wingtip Toys main office may communicate with
DNS servers at Tailspin Toys.
• All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
• All wingtiptoys.com resources must be resolved from the Tailspin Toys offices.
• Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys
computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met:
• Tailspin Toys IT security administrators must be able to create, modify, and delete
user objects in the wingtiptoys.com domain.
• Members of the Domain Admins group in the tailspintoys.com domain must have full
access to the wingtiptoys.com Active Directory environment.
• A delegation policy must grant minimum access rights and simplify the process of
delegating rights.
• Minimum permissions must always be delegated to ensure that the least privilege is
granted for a job or task.
• Members of the TAILSPINTOYS\HeIpdesk group must be able to update drivers and
add printer ports on TT-PRINT01.
• Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print
job on TT-PRINT01.
• Tailspin Toys developers must be able to start, stop, and Apply snapshots to their
development VMs.
IT Security
You must ensure that the following IT security requirements are met:
• Server security must be automated to ensure that newly deployed servers
automatically have the same security configuration as existing servers.
• Auditing must be configured to ensure that the deletion of user objects and OUs is
logged.
• Microsoft Word and Microsoft Excel files must be automatically encrypted when
uploaded to the Confidential document library on the Tailspin Toys Microsoft SharePoint
site.
• Multifactor authentication must control access to Tailspin Toys domain controllers.
• All file and folder auditing must capture the reason for access.
• All folder auditing must capture all delete actions for all existing folders and newly
created folders.
• New events must be written to the Security event log in the tailspintoys.com domain
and retained indefinitely.
• Drive X:\ on TT-FILE01 must be encrypted by using Windows BitLocker Drive
Encryption and must automatically unlock.
###EndCaseStudy###
You need to recommend a solution to meet the IT security requirements and data encryption
requirements for TT-FILE01 with the minimum administrative effort. What should you recommend?
(Choose all that Apply.)
What should you recommend?
###BeginCaseStudy###
Case Study: 18
Tailspin Toys
Scenario
General Background
You are the Windows server administrator for Tailspin Toys. Tailspin Toys has a main office
and a manufacturing office. Tailspin Toys recently acquired Wingtip Toys and is in the
beginning stages of merging the IT environments. Wingtip Toys has a main office and a sales
office.
Technical Background
The companies use the network subnets indicated in the following table.
The Tailspin Toys network and the Wingtip Toys network are connected by a point-to-point
dedicated 45 Mbps circuit that terminates in the main offices.
Tailspin toys
The current Tailspin Toys server topology is shown in the following table.
The Tailspin Toys environment has the following characteristics:
• All servers are joined to the tailspintoys.com domain.
• In the Default Domain Policy, the Retain old events Group Policy setting is enabled.
• An Active Directory security group named “Windows system administrators” is
used to control all files and folders on TT-PRINT01.
• A Tailspin Toys administrator named Marc has been delegated rights to multiple
organizational units (OUs) and object in the tailspintoys.com domain.
• Tailspin Toys developers use Hyper-V virtual machines (VMs) for development.
There are 20 development VMs named TT-DEV01 through TT-DEV20.
Wingtip Toys
The current Wingtip Toys server topology is shown in the following table.
All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
• All domain zones must be stored as Active Directory-integrated zones.
• Only DNS servers located in the Tailspin Toys main office may communicate with
DNS servers at Wingtip Toys.
• Only DNS servers located in the Wingtip Toys main office may communicate with
DNS servers at Tailspin Toys.
• All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
• All wingtiptoys.com resources must be resolved from the Tailspin Toys offices.
• Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys
computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met:
• Tailspin Toys IT security administrators must be able to create, modify, and delete
user objects in the wingtiptoys.com domain.
• Members of the Domain Admins group in the tailspintoys.com domain must have full
access to the wingtiptoys.com Active Directory environment.
• A delegation policy must grant minimum access rights and simplify the process of
delegating rights.
• Minimum permissions must always be delegated to ensure that the least privilege is
granted for a job or task.
• Members of the TAILSPINTOYS\HeIpdesk group must be able to update drivers and
add printer ports on TT-PRINT01.
• Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print
job on TT-PRINT01.
• Tailspin Toys developers must be able to start, stop, and Apply snapshots to their
development VMs.
IT Security
You must ensure that the following IT security requirements are met:
• Server security must be automated to ensure that newly deployed servers
automatically have the same security configuration as existing servers.
• Auditing must be configured to ensure that the deletion of user objects and OUs is
logged.
• Microsoft Word and Microsoft Excel files must be automatically encrypted when
uploaded to the Confidential document library on the Tailspin Toys Microsoft SharePoint
site.
• Multifactor authentication must control access to Tailspin Toys domain controllers.
• All file and folder auditing must capture the reason for access.
• All folder auditing must capture all delete actions for all existing folders and newly
created folders.
• New events must be written to the Security event log in the tailspintoys.com domain
and retained indefinitely.
• Drive X:\ on TT-FILE01 must be encrypted by using Windows BitLocker Drive
Encryption and must automatically unlock.
###EndCaseStudy###
You need to recommend a solution that meets the following requirements:
• Log access to all shared folders on TT-FILE02.
• Minimize administrative effort.
• Ensure that further administrative action is not required when new shared folders are added
to TT-FILE02.
What should you recommend?
You need to delegate print administration to meet the company requirements
###BeginCaseStudy###
Case Study: 18
Tailspin Toys
Scenario
General Background
You are the Windows server administrator for Tailspin Toys. Tailspin Toys has a main office
and a manufacturing office. Tailspin Toys recently acquired Wingtip Toys and is in the
beginning stages of merging the IT environments. Wingtip Toys has a main office and a sales
office.
Technical Background
The companies use the network subnets indicated in the following table.
The Tailspin Toys network and the Wingtip Toys network are connected by a point-to-point
dedicated 45 Mbps circuit that terminates in the main offices.
Tailspin toys
The current Tailspin Toys server topology is shown in the following table.
The Tailspin Toys environment has the following characteristics:
• All servers are joined to the tailspintoys.com domain.
• In the Default Domain Policy, the Retain old events Group Policy setting is enabled.
• An Active Directory security group named “Windows system administrators” is
used to control all files and folders on TT-PRINT01.
• A Tailspin Toys administrator named Marc has been delegated rights to multiple
organizational units (OUs) and object in the tailspintoys.com domain.
• Tailspin Toys developers use Hyper-V virtual machines (VMs) for development.
There are 20 development VMs named TT-DEV01 through TT-DEV20.
Wingtip Toys
The current Wingtip Toys server topology is shown in the following table.
All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
• All domain zones must be stored as Active Directory-integrated zones.
• Only DNS servers located in the Tailspin Toys main office may communicate with
DNS servers at Wingtip Toys.
• Only DNS servers located in the Wingtip Toys main office may communicate with
DNS servers at Tailspin Toys.
• All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
• All wingtiptoys.com resources must be resolved from the Tailspin Toys offices.
• Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys
computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met:
• Tailspin Toys IT security administrators must be able to create, modify, and delete
user objects in the wingtiptoys.com domain.
• Members of the Domain Admins group in the tailspintoys.com domain must have full
access to the wingtiptoys.com Active Directory environment.
• A delegation policy must grant minimum access rights and simplify the process of
delegating rights.
• Minimum permissions must always be delegated to ensure that the least privilege is
granted for a job or task.
• Members of the TAILSPINTOYS\HeIpdesk group must be able to update drivers and
add printer ports on TT-PRINT01.
• Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print
job on TT-PRINT01.
• Tailspin Toys developers must be able to start, stop, and Apply snapshots to their
development VMs.
IT Security
You must ensure that the following IT security requirements are met:
• Server security must be automated to ensure that newly deployed servers
automatically have the same security configuration as existing servers.
• Auditing must be configured to ensure that the deletion of user objects and OUs is
logged.
• Microsoft Word and Microsoft Excel files must be automatically encrypted when
uploaded to the Confidential document library on the Tailspin Toys Microsoft SharePoint
site.
• Multifactor authentication must control access to Tailspin Toys domain controllers.
• All file and folder auditing must capture the reason for access.
• All folder auditing must capture all delete actions for all existing folders and newly
created folders.
• New events must be written to the Security event log in the tailspintoys.com domain
and retained indefinitely.
• Drive X:\ on TT-FILE01 must be encrypted by using Windows BitLocker Drive
Encryption and must automatically unlock.
###EndCaseStudy###
HOTSPOT
You need to delegate print administration to meet the company requirements. What should you do?
To answer, select the appropriate check boxes in the dialog box.
What should you recommend?
###BeginCaseStudy###
Case Study: 18
Tailspin Toys
Scenario
General Background
You are the Windows server administrator for Tailspin Toys. Tailspin Toys has a main office
and a manufacturing office. Tailspin Toys recently acquired Wingtip Toys and is in the
beginning stages of merging the IT environments. Wingtip Toys has a main office and a sales
office.
Technical Background
The companies use the network subnets indicated in the following table.
The Tailspin Toys network and the Wingtip Toys network are connected by a point-to-point
dedicated 45 Mbps circuit that terminates in the main offices.
Tailspin toys
The current Tailspin Toys server topology is shown in the following table.
The Tailspin Toys environment has the following characteristics:
• All servers are joined to the tailspintoys.com domain.
• In the Default Domain Policy, the Retain old events Group Policy setting is enabled.
• An Active Directory security group named “Windows system administrators” is
used to control all files and folders on TT-PRINT01.
• A Tailspin Toys administrator named Marc has been delegated rights to multiple
organizational units (OUs) and object in the tailspintoys.com domain.
• Tailspin Toys developers use Hyper-V virtual machines (VMs) for development.
There are 20 development VMs named TT-DEV01 through TT-DEV20.
Wingtip Toys
The current Wingtip Toys server topology is shown in the following table.
All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
• All domain zones must be stored as Active Directory-integrated zones.
• Only DNS servers located in the Tailspin Toys main office may communicate with
DNS servers at Wingtip Toys.
• Only DNS servers located in the Wingtip Toys main office may communicate with
DNS servers at Tailspin Toys.
• All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
• All wingtiptoys.com resources must be resolved from the Tailspin Toys offices.
• Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys
computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met:
• Tailspin Toys IT security administrators must be able to create, modify, and delete
user objects in the wingtiptoys.com domain.
• Members of the Domain Admins group in the tailspintoys.com domain must have full
access to the wingtiptoys.com Active Directory environment.
• A delegation policy must grant minimum access rights and simplify the process of
delegating rights.
• Minimum permissions must always be delegated to ensure that the least privilege is
granted for a job or task.
• Members of the TAILSPINTOYS\HeIpdesk group must be able to update drivers and
add printer ports on TT-PRINT01.
• Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print
job on TT-PRINT01.
• Tailspin Toys developers must be able to start, stop, and Apply snapshots to their
development VMs.
IT Security
You must ensure that the following IT security requirements are met:
• Server security must be automated to ensure that newly deployed servers
automatically have the same security configuration as existing servers.
• Auditing must be configured to ensure that the deletion of user objects and OUs is
logged.
• Microsoft Word and Microsoft Excel files must be automatically encrypted when
uploaded to the Confidential document library on the Tailspin Toys Microsoft SharePoint
site.
• Multifactor authentication must control access to Tailspin Toys domain controllers.
• All file and folder auditing must capture the reason for access.
• All folder auditing must capture all delete actions for all existing folders and newly
created folders.
• New events must be written to the Security event log in the tailspintoys.com domain
and retained indefinitely.
• Drive X:\ on TT-FILE01 must be encrypted by using Windows BitLocker Drive
Encryption and must automatically unlock.
###EndCaseStudy###
You need to recommend a solution to meet the certificate distribution requirements. What should
you recommend?
What would you recommend?
###BeginCaseStudy###
Case Study: 18
Tailspin Toys
Scenario
General Background
You are the Windows server administrator for Tailspin Toys. Tailspin Toys has a main office
and a manufacturing office. Tailspin Toys recently acquired Wingtip Toys and is in the
beginning stages of merging the IT environments. Wingtip Toys has a main office and a sales
office.
Technical Background
The companies use the network subnets indicated in the following table.
The Tailspin Toys network and the Wingtip Toys network are connected by a point-to-point
dedicated 45 Mbps circuit that terminates in the main offices.
Tailspin toys
The current Tailspin Toys server topology is shown in the following table.
The Tailspin Toys environment has the following characteristics:
• All servers are joined to the tailspintoys.com domain.
• In the Default Domain Policy, the Retain old events Group Policy setting is enabled.
• An Active Directory security group named “Windows system administrators” is
used to control all files and folders on TT-PRINT01.
• A Tailspin Toys administrator named Marc has been delegated rights to multiple
organizational units (OUs) and object in the tailspintoys.com domain.
• Tailspin Toys developers use Hyper-V virtual machines (VMs) for development.
There are 20 development VMs named TT-DEV01 through TT-DEV20.
Wingtip Toys
The current Wingtip Toys server topology is shown in the following table.
All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
• All domain zones must be stored as Active Directory-integrated zones.
• Only DNS servers located in the Tailspin Toys main office may communicate with
DNS servers at Wingtip Toys.
• Only DNS servers located in the Wingtip Toys main office may communicate with
DNS servers at Tailspin Toys.
• All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
• All wingtiptoys.com resources must be resolved from the Tailspin Toys offices.
• Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys
computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met:
• Tailspin Toys IT security administrators must be able to create, modify, and delete
user objects in the wingtiptoys.com domain.
• Members of the Domain Admins group in the tailspintoys.com domain must have full
access to the wingtiptoys.com Active Directory environment.
• A delegation policy must grant minimum access rights and simplify the process of
delegating rights.
• Minimum permissions must always be delegated to ensure that the least privilege is
granted for a job or task.
• Members of the TAILSPINTOYS\HeIpdesk group must be able to update drivers and
add printer ports on TT-PRINT01.
• Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print
job on TT-PRINT01.
• Tailspin Toys developers must be able to start, stop, and Apply snapshots to their
development VMs.
IT Security
You must ensure that the following IT security requirements are met:
• Server security must be automated to ensure that newly deployed servers
automatically have the same security configuration as existing servers.
• Auditing must be configured to ensure that the deletion of user objects and OUs is
logged.
• Microsoft Word and Microsoft Excel files must be automatically encrypted when
uploaded to the Confidential document library on the Tailspin Toys Microsoft SharePoint
site.
• Multifactor authentication must control access to Tailspin Toys domain controllers.
• All file and folder auditing must capture the reason for access.
• All folder auditing must capture all delete actions for all existing folders and newly
created folders.
• New events must be written to the Security event log in the tailspintoys.com domain
and retained indefinitely.
• Drive X:\ on TT-FILE01 must be encrypted by using Windows BitLocker Drive
Encryption and must automatically unlock.
###EndCaseStudy###
You need to remove Marc’s delegated rights. What would you recommend?
Which Group Policy setting or settings should you select?
###BeginCaseStudy###
Case Study: 18
Tailspin Toys
Scenario
General Background
You are the Windows server administrator for Tailspin Toys. Tailspin Toys has a main office
and a manufacturing office. Tailspin Toys recently acquired Wingtip Toys and is in the
beginning stages of merging the IT environments. Wingtip Toys has a main office and a sales
office.
Technical Background
The companies use the network subnets indicated in the following table.
The Tailspin Toys network and the Wingtip Toys network are connected by a point-to-point
dedicated 45 Mbps circuit that terminates in the main offices.
Tailspin toys
The current Tailspin Toys server topology is shown in the following table.
The Tailspin Toys environment has the following characteristics:
• All servers are joined to the tailspintoys.com domain.
• In the Default Domain Policy, the Retain old events Group Policy setting is enabled.
• An Active Directory security group named “Windows system administrators” is
used to control all files and folders on TT-PRINT01.
• A Tailspin Toys administrator named Marc has been delegated rights to multiple
organizational units (OUs) and object in the tailspintoys.com domain.
• Tailspin Toys developers use Hyper-V virtual machines (VMs) for development.
There are 20 development VMs named TT-DEV01 through TT-DEV20.
Wingtip Toys
The current Wingtip Toys server topology is shown in the following table.
All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
• All domain zones must be stored as Active Directory-integrated zones.
• Only DNS servers located in the Tailspin Toys main office may communicate with
DNS servers at Wingtip Toys.
• Only DNS servers located in the Wingtip Toys main office may communicate with
DNS servers at Tailspin Toys.
• All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
• All wingtiptoys.com resources must be resolved from the Tailspin Toys offices.
• Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys
computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met:
• Tailspin Toys IT security administrators must be able to create, modify, and delete
user objects in the wingtiptoys.com domain.
• Members of the Domain Admins group in the tailspintoys.com domain must have full
access to the wingtiptoys.com Active Directory environment.
• A delegation policy must grant minimum access rights and simplify the process of
delegating rights.
• Minimum permissions must always be delegated to ensure that the least privilege is
granted for a job or task.
• Members of the TAILSPINTOYS\HeIpdesk group must be able to update drivers and
add printer ports on TT-PRINT01.
• Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print
job on TT-PRINT01.
• Tailspin Toys developers must be able to start, stop, and Apply snapshots to their
development VMs.
IT Security
You must ensure that the following IT security requirements are met:
• Server security must be automated to ensure that newly deployed servers
automatically have the same security configuration as existing servers.
• Auditing must be configured to ensure that the deletion of user objects and OUs is
logged.
• Microsoft Word and Microsoft Excel files must be automatically encrypted when
uploaded to the Confidential document library on the Tailspin Toys Microsoft SharePoint
site.
• Multifactor authentication must control access to Tailspin Toys domain controllers.
• All file and folder auditing must capture the reason for access.
• All folder auditing must capture all delete actions for all existing folders and newly
created folders.
• New events must be written to the Security event log in the tailspintoys.com domain
and retained indefinitely.
• Drive X:\ on TT-FILE01 must be encrypted by using Windows BitLocker Drive
Encryption and must automatically unlock.
###EndCaseStudy###
HOTSPOT
New security events are not being written to the current Security event log in the tailspintoys.com
domain. However, old security events are still being maintained in the log. You need to meet the
security event log requirements for the tailspintoys.com domain. Which Group Policy setting or
settings should you select?
To answer, select the appropriate setting or settings in the Group Policy Management Editor.
Which actions should you perform in sequence?
###BeginCaseStudy###
Case Study: 18
Tailspin Toys
Scenario
General Background
You are the Windows server administrator for Tailspin Toys. Tailspin Toys has a main office
and a manufacturing office. Tailspin Toys recently acquired Wingtip Toys and is in the
beginning stages of merging the IT environments. Wingtip Toys has a main office and a sales
office.
Technical Background
The companies use the network subnets indicated in the following table.
The Tailspin Toys network and the Wingtip Toys network are connected by a point-to-point
dedicated 45 Mbps circuit that terminates in the main offices.
Tailspin toys
The current Tailspin Toys server topology is shown in the following table.
The Tailspin Toys environment has the following characteristics:
• All servers are joined to the tailspintoys.com domain.
• In the Default Domain Policy, the Retain old events Group Policy setting is enabled.
• An Active Directory security group named “Windows system administrators” is
used to control all files and folders on TT-PRINT01.
• A Tailspin Toys administrator named Marc has been delegated rights to multiple
organizational units (OUs) and object in the tailspintoys.com domain.
• Tailspin Toys developers use Hyper-V virtual machines (VMs) for development.
There are 20 development VMs named TT-DEV01 through TT-DEV20.
Wingtip Toys
The current Wingtip Toys server topology is shown in the following table.
All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
• All domain zones must be stored as Active Directory-integrated zones.
• Only DNS servers located in the Tailspin Toys main office may communicate with
DNS servers at Wingtip Toys.
• Only DNS servers located in the Wingtip Toys main office may communicate with
DNS servers at Tailspin Toys.
• All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
• All wingtiptoys.com resources must be resolved from the Tailspin Toys offices.
• Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys
computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met:
• Tailspin Toys IT security administrators must be able to create, modify, and delete
user objects in the wingtiptoys.com domain.
• Members of the Domain Admins group in the tailspintoys.com domain must have full
access to the wingtiptoys.com Active Directory environment.
• A delegation policy must grant minimum access rights and simplify the process of
delegating rights.
• Minimum permissions must always be delegated to ensure that the least privilege is
granted for a job or task.
• Members of the TAILSPINTOYS\HeIpdesk group must be able to update drivers and
add printer ports on TT-PRINT01.
• Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print
job on TT-PRINT01.
• Tailspin Toys developers must be able to start, stop, and Apply snapshots to their
development VMs.
IT Security
You must ensure that the following IT security requirements are met:
• Server security must be automated to ensure that newly deployed servers
automatically have the same security configuration as existing servers.
• Auditing must be configured to ensure that the deletion of user objects and OUs is
logged.
• Microsoft Word and Microsoft Excel files must be automatically encrypted when
uploaded to the Confidential document library on the Tailspin Toys Microsoft SharePoint
site.
• Multifactor authentication must control access to Tailspin Toys domain controllers.
• All file and folder auditing must capture the reason for access.
• All folder auditing must capture all delete actions for all existing folders and newly
created folders.
• New events must be written to the Security event log in the tailspintoys.com domain
and retained indefinitely.
• Drive X:\ on TT-FILE01 must be encrypted by using Windows BitLocker Drive
Encryption and must automatically unlock.
###EndCaseStudy###
DRAG DROP
You need to recommend a solution that meets the following requirements:
• Log access to all shared folders on TT-FILE02.
• Minimize administrative effort.
• Ensure that further administrative action is not required when new shared folders are added
to TT-FILE02.
Which actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange
them in the correct order. (Use only actions that Apply.)
