Which role service should you include in the recommendation?
###BeginCaseStudy###
Case Study: 9
Humongous Insurance
COMPANY OVERVIEW
Humongous Insurance has a main office and 20 branch offices. The main office is located in New
York. The branch offices are located throughout North America. The main office has 8,000 users.
Each branch office has 2 to 250 users.
PLANNED CHANGES
Humongous Insurance plans to implement the following changes:
• Deploy one Read-only Domain Controller (RODC) to Site3 and one RODC to Site4.
• Issue certificates to the users in Contoso. The certificates will be based on custom certificate
templates.
• Deploy a Remote Desktop Services (RDS) infrastructure that will contain 10 Remote Desktop
servers. Users will connect to all Remote Desktop servers from the Internet by using port 443.
EXISTING ENVIRONMENT
The network contains the servers configured as shown in the following table.
Business Goals
All of the strategies for deploying physical servers and virtual servers must meet the Microsoft
guidelines for product support.
Existing Active Directory Environment
The network contains a single Active Directory forest named humongousinsurance.com. The
functional level of the forest is Windows Server 2008 R2.
The Active Directory sites are shown in the exhibit. (Click the Case Study Exhibit button.)
Existing Network Infrastructure
Humongous Insurance issues smart cards to administrators. Smart cards are not required for logon.
Humongous Insurance acquires a company named Contoso, Ltd.
REQUIREMENTS
Technical Requirements
All of the users in Contoso must be able to enroll for certificates by using the Public Key
Infrastructure (PKI) of Humongous Insurance.
Humongous Insurance must meet the following requirements for managing Group Policy objects
(GPOs):
• Minimize administrative effort.
• Support offline editing of the GPOs.
• Retain multiple versions of the GPOs.
Security Requirements
Only administrators who log on by using smart cards must be able to manage objects in Active
Directory.
The corporate security policy states that a forest trust to any other forest must not exist.
CASE STUDY EXHIBIT
Click the case study exhibit button to view the exhibit.
###EndCaseStudy###
You need to recommend an RDS solution that supports the company’s planned changes.
Which role service should you include in the recommendation?
What should you recommend?
###BeginCaseStudy###
Case Study: 10
Litware Inc.
COMPANY OVERVIEW
Litwate Inc. is a manufacturing company that has a main office and four branch offices.
PLANNED CHANGES
Litware plans to deploy Group Policy object (GPOs). The planned deployment must meet the
following requirements:
Deploy a GPO to a client computer based on its respective local office.
Minimize the amount of administrative effort required to manage the GPOs.
Prevent the users m each department from receiving CPOs from other departments.
Deploy a GPO to a user based on his respective department.
Litware plans to change the name of AD.liteware.com to east.ktware.com. The planned change must
meet the following retirements:
Minimize administrative effort.
Minimize the impact on the users m AD.liteware.com.
Litware plans to deploy RemoteApp programs to meet the following requirements:
The RemoteApp programs must be visible from the Start menu on each client computer.
The RemoteApp programs must be published by using the minimum amount of administrative
effort.
Litware plans to deploy several Hyper-V servers that will host multiple virtual machines (VMs). The
deployment must meet the following requirements:
Minimize administrative effort.
Back up the VMs to a tape library.
Store all of the VM files on a Storage Area Network (SAN).
Convert all of the client computers in the finance department to a VM.
Litware plans to deploy a network access solution. The planned deployment must use the minimum
amount of administrative effort.
EXISTING ENVIRONMENT
All servers run Widows Server 2008 R2. All client computers run Windows 7.
Litware has three departments, including a finance department. Each department has users n each
office. The network contains a Microsoft Exchange Server 2010 organization.
Existing Active Directory Environment
The network contains a single Active Directory forest named litware.com. The Forest contains one
child domain named AD.litware.com and two other domains.
The functional level of the forest is Windows Server 2003.
A single Active Directory site exists for all of the offices.
Existing Network Infrastructure
The network contains an internal network and a perimeter network that are separated by a
hardware-based firewall. A hardware-based firewall also separates the perimeter network and the
Internet.
The following protocols on the default ports are allowed through the firewall that is connected to
the Internet:
HTTP
HTTPS
Point-To-Point Tunneling Protocol (PPTP)
Only the client computers on the perimeter network can connect to the client computers on the
internal network.
The perimeter network contains a VPN server. Users who work remotely use PPTP to establish VPN
connections to the network.
Current Administration Model
Each domain contains a file server that stores confidential documents.
Each domain has dedicated user Accounts for auditing purposes. The user accounts are only used for
auditing the company’s confidential documents.
SECURITY REQUIREMLNTS
The corporate security policy states the following requirements:
• Ensure that the latest windows updates are installed on all client computers.
• Ensure that Windows Firewall is enabled on every client computer that connects remotely.
• Prevent all client computers that do not comply with the security policy from connecting to
the internal servers.
The corporate auditing poky must meet the following requirements:
• Only the dedicated user accounts must be able access servers that contain confidential
documents.
• The dedicated user accounts must be assigned auditing rights as a group, not as individual
users.
• The number of groups that contain the dedicated user accounts must be minimized.
###EndCaseStudy###
You need to recommend an organizational unit (OU) structure that supports the company’s planned
changes.
What should you recommend?
What should you include in the recommendation?
###BeginCaseStudy###
Case Study: 10
Litware Inc.
COMPANY OVERVIEW
Litwate Inc. is a manufacturing company that has a main office and four branch offices.
PLANNED CHANGES
Litware plans to deploy Group Policy object (GPOs). The planned deployment must meet the
following requirements:
Deploy a GPO to a client computer based on its respective local office.
Minimize the amount of administrative effort required to manage the GPOs.
Prevent the users m each department from receiving CPOs from other departments.
Deploy a GPO to a user based on his respective department.
Litware plans to change the name of AD.liteware.com to east.ktware.com. The planned change must
meet the following retirements:
Minimize administrative effort.
Minimize the impact on the users m AD.liteware.com.
Litware plans to deploy RemoteApp programs to meet the following requirements:
The RemoteApp programs must be visible from the Start menu on each client computer.
The RemoteApp programs must be published by using the minimum amount of administrative
effort.
Litware plans to deploy several Hyper-V servers that will host multiple virtual machines (VMs). The
deployment must meet the following requirements:
Minimize administrative effort.
Back up the VMs to a tape library.
Store all of the VM files on a Storage Area Network (SAN).
Convert all of the client computers in the finance department to a VM.
Litware plans to deploy a network access solution. The planned deployment must use the minimum
amount of administrative effort.
EXISTING ENVIRONMENT
All servers run Widows Server 2008 R2. All client computers run Windows 7.
Litware has three departments, including a finance department. Each department has users n each
office. The network contains a Microsoft Exchange Server 2010 organization.
Existing Active Directory Environment
The network contains a single Active Directory forest named litware.com. The Forest contains one
child domain named AD.litware.com and two other domains.
The functional level of the forest is Windows Server 2003.
A single Active Directory site exists for all of the offices.
Existing Network Infrastructure
The network contains an internal network and a perimeter network that are separated by a
hardware-based firewall. A hardware-based firewall also separates the perimeter network and the
Internet.
The following protocols on the default ports are allowed through the firewall that is connected to
the Internet:
HTTP
HTTPS
Point-To-Point Tunneling Protocol (PPTP)
Only the client computers on the perimeter network can connect to the client computers on the
internal network.
The perimeter network contains a VPN server. Users who work remotely use PPTP to establish VPN
connections to the network.
Current Administration Model
Each domain contains a file server that stores confidential documents.
Each domain has dedicated user Accounts for auditing purposes. The user accounts are only used for
auditing the company’s confidential documents.
SECURITY REQUIREMLNTS
The corporate security policy states the following requirements:
• Ensure that the latest windows updates are installed on all client computers.
• Ensure that Windows Firewall is enabled on every client computer that connects remotely.
• Prevent all client computers that do not comply with the security policy from connecting to
the internal servers.
The corporate auditing poky must meet the following requirements:
• Only the dedicated user accounts must be able access servers that contain confidential
documents.
• The dedicated user accounts must be assigned auditing rights as a group, not as individual
users.
• The number of groups that contain the dedicated user accounts must be minimized.
###EndCaseStudy###
You need to recommend a solution for the client computers in the finance department. The solution
must support the company’s planned changes.
What should you include in the recommendation?
What should you include in the recommendation?
###BeginCaseStudy###
Case Study: 10
Litware Inc.
COMPANY OVERVIEW
Litwate Inc. is a manufacturing company that has a main office and four branch offices.
PLANNED CHANGES
Litware plans to deploy Group Policy object (GPOs). The planned deployment must meet the
following requirements:
Deploy a GPO to a client computer based on its respective local office.
Minimize the amount of administrative effort required to manage the GPOs.
Prevent the users m each department from receiving CPOs from other departments.
Deploy a GPO to a user based on his respective department.
Litware plans to change the name of AD.liteware.com to east.ktware.com. The planned change must
meet the following retirements:
Minimize administrative effort.
Minimize the impact on the users m AD.liteware.com.
Litware plans to deploy RemoteApp programs to meet the following requirements:
The RemoteApp programs must be visible from the Start menu on each client computer.
The RemoteApp programs must be published by using the minimum amount of administrative
effort.
Litware plans to deploy several Hyper-V servers that will host multiple virtual machines (VMs). The
deployment must meet the following requirements:
Minimize administrative effort.
Back up the VMs to a tape library.
Store all of the VM files on a Storage Area Network (SAN).
Convert all of the client computers in the finance department to a VM.
Litware plans to deploy a network access solution. The planned deployment must use the minimum
amount of administrative effort.
EXISTING ENVIRONMENT
All servers run Widows Server 2008 R2. All client computers run Windows 7.
Litware has three departments, including a finance department. Each department has users n each
office. The network contains a Microsoft Exchange Server 2010 organization.
Existing Active Directory Environment
The network contains a single Active Directory forest named litware.com. The Forest contains one
child domain named AD.litware.com and two other domains.
The functional level of the forest is Windows Server 2003.
A single Active Directory site exists for all of the offices.
Existing Network Infrastructure
The network contains an internal network and a perimeter network that are separated by a
hardware-based firewall. A hardware-based firewall also separates the perimeter network and the
Internet.
The following protocols on the default ports are allowed through the firewall that is connected to
the Internet:
HTTP
HTTPS
Point-To-Point Tunneling Protocol (PPTP)
Only the client computers on the perimeter network can connect to the client computers on the
internal network.
The perimeter network contains a VPN server. Users who work remotely use PPTP to establish VPN
connections to the network.
Current Administration Model
Each domain contains a file server that stores confidential documents.
Each domain has dedicated user Accounts for auditing purposes. The user accounts are only used for
auditing the company’s confidential documents.
SECURITY REQUIREMLNTS
The corporate security policy states the following requirements:
• Ensure that the latest windows updates are installed on all client computers.
• Ensure that Windows Firewall is enabled on every client computer that connects remotely.
• Prevent all client computers that do not comply with the security policy from connecting to
the internal servers.
The corporate auditing poky must meet the following requirements:
• Only the dedicated user accounts must be able access servers that contain confidential
documents.
• The dedicated user accounts must be assigned auditing rights as a group, not as individual
users.
• The number of groups that contain the dedicated user accounts must be minimized.
###EndCaseStudy###
You need to recommend a backup strategy for the VMs that supports the company’s planned
changes.
What should you include in the recommendation?
What should you include in the recommendation?
###BeginCaseStudy###
Case Study: 10
Litware Inc.
COMPANY OVERVIEW
Litwate Inc. is a manufacturing company that has a main office and four branch offices.
PLANNED CHANGES
Litware plans to deploy Group Policy object (GPOs). The planned deployment must meet the
following requirements:
Deploy a GPO to a client computer based on its respective local office.
Minimize the amount of administrative effort required to manage the GPOs.
Prevent the users m each department from receiving CPOs from other departments.
Deploy a GPO to a user based on his respective department.
Litware plans to change the name of AD.liteware.com to east.ktware.com. The planned change must
meet the following retirements:
Minimize administrative effort.
Minimize the impact on the users m AD.liteware.com.
Litware plans to deploy RemoteApp programs to meet the following requirements:
The RemoteApp programs must be visible from the Start menu on each client computer.
The RemoteApp programs must be published by using the minimum amount of administrative
effort.
Litware plans to deploy several Hyper-V servers that will host multiple virtual machines (VMs). The
deployment must meet the following requirements:
Minimize administrative effort.
Back up the VMs to a tape library.
Store all of the VM files on a Storage Area Network (SAN).
Convert all of the client computers in the finance department to a VM.
Litware plans to deploy a network access solution. The planned deployment must use the minimum
amount of administrative effort.
EXISTING ENVIRONMENT
All servers run Widows Server 2008 R2. All client computers run Windows 7.
Litware has three departments, including a finance department. Each department has users n each
office. The network contains a Microsoft Exchange Server 2010 organization.
Existing Active Directory Environment
The network contains a single Active Directory forest named litware.com. The Forest contains one
child domain named AD.litware.com and two other domains.
The functional level of the forest is Windows Server 2003.
A single Active Directory site exists for all of the offices.
Existing Network Infrastructure
The network contains an internal network and a perimeter network that are separated by a
hardware-based firewall. A hardware-based firewall also separates the perimeter network and the
Internet.
The following protocols on the default ports are allowed through the firewall that is connected to
the Internet:
HTTP
HTTPS
Point-To-Point Tunneling Protocol (PPTP)
Only the client computers on the perimeter network can connect to the client computers on the
internal network.
The perimeter network contains a VPN server. Users who work remotely use PPTP to establish VPN
connections to the network.
Current Administration Model
Each domain contains a file server that stores confidential documents.
Each domain has dedicated user Accounts for auditing purposes. The user accounts are only used for
auditing the company’s confidential documents.
SECURITY REQUIREMLNTS
The corporate security policy states the following requirements:
• Ensure that the latest windows updates are installed on all client computers.
• Ensure that Windows Firewall is enabled on every client computer that connects remotely.
• Prevent all client computers that do not comply with the security policy from connecting to
the internal servers.
The corporate auditing poky must meet the following requirements:
• Only the dedicated user accounts must be able access servers that contain confidential
documents.
• The dedicated user accounts must be assigned auditing rights as a group, not as individual
users.
• The number of groups that contain the dedicated user accounts must be minimized.
###EndCaseStudy###
You need to recommend a Remote Desktop Services (RDS) solution for RemoteApp programs that
supports the company’s planned changes.
What should you include in the recommendation?
Which group scope should you recommend?
###BeginCaseStudy###
Case Study: 10
Litware Inc.
COMPANY OVERVIEW
Litwate Inc. is a manufacturing company that has a main office and four branch offices.
PLANNED CHANGES
Litware plans to deploy Group Policy object (GPOs). The planned deployment must meet the
following requirements:
Deploy a GPO to a client computer based on its respective local office.
Minimize the amount of administrative effort required to manage the GPOs.
Prevent the users m each department from receiving CPOs from other departments.
Deploy a GPO to a user based on his respective department.
Litware plans to change the name of AD.liteware.com to east.ktware.com. The planned change must
meet the following retirements:
Minimize administrative effort.
Minimize the impact on the users m AD.liteware.com.
Litware plans to deploy RemoteApp programs to meet the following requirements:
The RemoteApp programs must be visible from the Start menu on each client computer.
The RemoteApp programs must be published by using the minimum amount of administrative
effort.
Litware plans to deploy several Hyper-V servers that will host multiple virtual machines (VMs). The
deployment must meet the following requirements:
Minimize administrative effort.
Back up the VMs to a tape library.
Store all of the VM files on a Storage Area Network (SAN).
Convert all of the client computers in the finance department to a VM.
Litware plans to deploy a network access solution. The planned deployment must use the minimum
amount of administrative effort.
EXISTING ENVIRONMENT
All servers run Widows Server 2008 R2. All client computers run Windows 7.
Litware has three departments, including a finance department. Each department has users n each
office. The network contains a Microsoft Exchange Server 2010 organization.
Existing Active Directory Environment
The network contains a single Active Directory forest named litware.com. The Forest contains one
child domain named AD.litware.com and two other domains.
The functional level of the forest is Windows Server 2003.
A single Active Directory site exists for all of the offices.
Existing Network Infrastructure
The network contains an internal network and a perimeter network that are separated by a
hardware-based firewall. A hardware-based firewall also separates the perimeter network and the
Internet.
The following protocols on the default ports are allowed through the firewall that is connected to
the Internet:
HTTP
HTTPS
Point-To-Point Tunneling Protocol (PPTP)
Only the client computers on the perimeter network can connect to the client computers on the
internal network.
The perimeter network contains a VPN server. Users who work remotely use PPTP to establish VPN
connections to the network.
Current Administration Model
Each domain contains a file server that stores confidential documents.
Each domain has dedicated user Accounts for auditing purposes. The user accounts are only used for
auditing the company’s confidential documents.
SECURITY REQUIREMLNTS
The corporate security policy states the following requirements:
• Ensure that the latest windows updates are installed on all client computers.
• Ensure that Windows Firewall is enabled on every client computer that connects remotely.
• Prevent all client computers that do not comply with the security policy from connecting to
the internal servers.
The corporate auditing poky must meet the following requirements:
• Only the dedicated user accounts must be able access servers that contain confidential
documents.
• The dedicated user accounts must be assigned auditing rights as a group, not as individual
users.
• The number of groups that contain the dedicated user accounts must be minimized.
###EndCaseStudy###
You need to recommend a group scope for the dedicated auditing user accounts that meets the
company’s security requirements.
Which group scope should you recommend?
What should you include in the recommendation?
###BeginCaseStudy###
Case Study: 10
Litware Inc.
COMPANY OVERVIEW
Litwate Inc. is a manufacturing company that has a main office and four branch offices.
PLANNED CHANGES
Litware plans to deploy Group Policy object (GPOs). The planned deployment must meet the
following requirements:
Deploy a GPO to a client computer based on its respective local office.
Minimize the amount of administrative effort required to manage the GPOs.
Prevent the users m each department from receiving CPOs from other departments.
Deploy a GPO to a user based on his respective department.
Litware plans to change the name of AD.liteware.com to east.ktware.com. The planned change must
meet the following retirements:
Minimize administrative effort.
Minimize the impact on the users m AD.liteware.com.
Litware plans to deploy RemoteApp programs to meet the following requirements:
The RemoteApp programs must be visible from the Start menu on each client computer.
The RemoteApp programs must be published by using the minimum amount of administrative
effort.
Litware plans to deploy several Hyper-V servers that will host multiple virtual machines (VMs). The
deployment must meet the following requirements:
Minimize administrative effort.
Back up the VMs to a tape library.
Store all of the VM files on a Storage Area Network (SAN).
Convert all of the client computers in the finance department to a VM.
Litware plans to deploy a network access solution. The planned deployment must use the minimum
amount of administrative effort.
EXISTING ENVIRONMENT
All servers run Widows Server 2008 R2. All client computers run Windows 7.
Litware has three departments, including a finance department. Each department has users n each
office. The network contains a Microsoft Exchange Server 2010 organization.
Existing Active Directory Environment
The network contains a single Active Directory forest named litware.com. The Forest contains one
child domain named AD.litware.com and two other domains.
The functional level of the forest is Windows Server 2003.
A single Active Directory site exists for all of the offices.
Existing Network Infrastructure
The network contains an internal network and a perimeter network that are separated by a
hardware-based firewall. A hardware-based firewall also separates the perimeter network and the
Internet.
The following protocols on the default ports are allowed through the firewall that is connected to
the Internet:
HTTP
HTTPS
Point-To-Point Tunneling Protocol (PPTP)
Only the client computers on the perimeter network can connect to the client computers on the
internal network.
The perimeter network contains a VPN server. Users who work remotely use PPTP to establish VPN
connections to the network.
Current Administration Model
Each domain contains a file server that stores confidential documents.
Each domain has dedicated user Accounts for auditing purposes. The user accounts are only used for
auditing the company’s confidential documents.
SECURITY REQUIREMLNTS
The corporate security policy states the following requirements:
• Ensure that the latest windows updates are installed on all client computers.
• Ensure that Windows Firewall is enabled on every client computer that connects remotely.
• Prevent all client computers that do not comply with the security policy from connecting to
the internal servers.
The corporate auditing poky must meet the following requirements:
• Only the dedicated user accounts must be able access servers that contain confidential
documents.
• The dedicated user accounts must be assigned auditing rights as a group, not as individual
users.
• The number of groups that contain the dedicated user accounts must be minimized.
###EndCaseStudy###
You need to recommend a network access solution that meets the company’s security requirements.
What should you include in the recommendation?
Which two actions should you include in the recommendation?
###BeginCaseStudy###
Case Study: 11
Wingtip Toys Case A
COMPANY OVERVIEW
Wingtip Toys has a main office and 10 branch offices.
PLANNED CHANGES
Wingtip Toys plans to implement the following changes:
Assign IPv6 addresses to all client computers.
Deploy domain controllers in the branch offices.
Provide VPN access to all of the users in both forests.
Deploy Network Access Protection (NAP) in the wingtiptoys.com forest.
Ensure that only the users in the tailspintoys.com accounting department can access the resources
in wingtiptoys.com.
EXISTING ENVIRONMENT
The network contains a Microsoft Exchange Server 2010 organization.
Wingtip Toys has many departments; including an accounting department.
Business Goals
New software and hardware solutions must be implemented by using the minimum amount of
administrative effort.
Existing Active Directory Environment
The network contains two Active Directory forests named wingtiptoys.com and tailspintoys.com.
Each forest contains one domain.
All of the domain controllers in wingtiptoys.com run Windows Server 2008 R2. All of the domain
controllers in tailspintoys.com run Windows Server 2003.
The forest and domains are configured as shown in the following table.
Existing Network Infrastructure
Each office is on a separate IPv4 subnet.
All of the domain controllers are located in the main office.
REQUIREMENTS
Technical Requirements
Wingtip Toys must meet the following technical requirements:
All IPv6 addresses must use a private IP address range.
All IPv6 addresses must be routable between offices only.
Security Requirements
Wingtip Toys must meet the following security requirements:
Ensure that client computers do not require certificates.
Prevent certain users from printing confidential documents and forwarding the documents by email.
Prevent administrator passwords from being replicated to the domain controllers in the branch
office.
Control remote access to client computers that use static IP addresses and dynamically-assigned IP
addresses.
Quarantine the local client computers and the remote client computers that do not have the latest
Windows updates installed.
Ensure that the users in tailspintoys.com can only access the shares in wingtiptoys.com to which
they have explicit permissions.
Ensure that all of the users who run Microsoft Office Outlook can perform global address list (GAL)
lookups on a server in their local office.
###EndCaseStudy###
You need to recommend a VPN strategy that meets the company’s business goals Which two actions
should you include in the recommendation? (Each correct answer presents part of the solution.
Choose two.)
What should you include in the recommendation?
###BeginCaseStudy###
Case Study: 11
Wingtip Toys Case A
COMPANY OVERVIEW
Wingtip Toys has a main office and 10 branch offices.
PLANNED CHANGES
Wingtip Toys plans to implement the following changes:
Assign IPv6 addresses to all client computers.
Deploy domain controllers in the branch offices.
Provide VPN access to all of the users in both forests.
Deploy Network Access Protection (NAP) in the wingtiptoys.com forest.
Ensure that only the users in the tailspintoys.com accounting department can access the resources
in wingtiptoys.com.
EXISTING ENVIRONMENT
The network contains a Microsoft Exchange Server 2010 organization.
Wingtip Toys has many departments; including an accounting department.
Business Goals
New software and hardware solutions must be implemented by using the minimum amount of
administrative effort.
Existing Active Directory Environment
The network contains two Active Directory forests named wingtiptoys.com and tailspintoys.com.
Each forest contains one domain.
All of the domain controllers in wingtiptoys.com run Windows Server 2008 R2. All of the domain
controllers in tailspintoys.com run Windows Server 2003.
The forest and domains are configured as shown in the following table.
Existing Network Infrastructure
Each office is on a separate IPv4 subnet.
All of the domain controllers are located in the main office.
REQUIREMENTS
Technical Requirements
Wingtip Toys must meet the following technical requirements:
All IPv6 addresses must use a private IP address range.
All IPv6 addresses must be routable between offices only.
Security Requirements
Wingtip Toys must meet the following security requirements:
Ensure that client computers do not require certificates.
Prevent certain users from printing confidential documents and forwarding the documents by email.
Prevent administrator passwords from being replicated to the domain controllers in the branch
office.
Control remote access to client computers that use static IP addresses and dynamically-assigned IP
addresses.
Quarantine the local client computers and the remote client computers that do not have the latest
Windows updates installed.
Ensure that the users in tailspintoys.com can only access the shares in wingtiptoys.com to which
they have explicit permissions.
Ensure that all of the users who run Microsoft Office Outlook can perform global address list (GAL)
lookups on a server in their local office.
###EndCaseStudy###
You need to recommend a document protection strategy that meets the company’s security
requirements. What should you include in the recommendation?
What should you include in the recommendation?
###BeginCaseStudy###
Case Study: 11
Wingtip Toys Case A
COMPANY OVERVIEW
Wingtip Toys has a main office and 10 branch offices.
PLANNED CHANGES
Wingtip Toys plans to implement the following changes:
Assign IPv6 addresses to all client computers.
Deploy domain controllers in the branch offices.
Provide VPN access to all of the users in both forests.
Deploy Network Access Protection (NAP) in the wingtiptoys.com forest.
Ensure that only the users in the tailspintoys.com accounting department can access the resources
in wingtiptoys.com.
EXISTING ENVIRONMENT
The network contains a Microsoft Exchange Server 2010 organization.
Wingtip Toys has many departments; including an accounting department.
Business Goals
New software and hardware solutions must be implemented by using the minimum amount of
administrative effort.
Existing Active Directory Environment
The network contains two Active Directory forests named wingtiptoys.com and tailspintoys.com.
Each forest contains one domain.
All of the domain controllers in wingtiptoys.com run Windows Server 2008 R2. All of the domain
controllers in tailspintoys.com run Windows Server 2003.
The forest and domains are configured as shown in the following table.
Existing Network Infrastructure
Each office is on a separate IPv4 subnet.
All of the domain controllers are located in the main office.
REQUIREMENTS
Technical Requirements
Wingtip Toys must meet the following technical requirements:
All IPv6 addresses must use a private IP address range.
All IPv6 addresses must be routable between offices only.
Security Requirements
Wingtip Toys must meet the following security requirements:
Ensure that client computers do not require certificates.
Prevent certain users from printing confidential documents and forwarding the documents by email.
Prevent administrator passwords from being replicated to the domain controllers in the branch
office.
Control remote access to client computers that use static IP addresses and dynamically-assigned IP
addresses.
Quarantine the local client computers and the remote client computers that do not have the latest
Windows updates installed.
Ensure that the users in tailspintoys.com can only access the shares in wingtiptoys.com to which
they have explicit permissions.
Ensure that all of the users who run Microsoft Office Outlook can perform global address list (GAL)
lookups on a server in their local office.
###EndCaseStudy###
You are evaluating whether to create a trust relationship between tailspintoys.com and
wingtiptoys.com.
You need to recommend a trust relationship configuration that supports the company’s planned
changes.
What should you include in the recommendation?