70-297 Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Practice Exams

Demo Question 2.

Willow Bridge, InC., Scenario Background Willow Bridge, InC. is a company that specializes in the provision of investment and financial services for its clients. Willow Bridge, InC. operates across the United States of AmericA. Physical Locations The Willow Bridge, InC. head quarters are located in New York and its regional offices are located in Los Angeles and Chicago. Each office has in excess of 100 privately-owned agencies. These agencies are contracted by Willow Bridge, InC. to service customers in their respective local areas. Planned Changes 1. As part of its initiative to streamline the IT environment and increase network security, the company has decided to implement a Windows Server 2003 Active Directory environment. 2. The Research and Development Department will create a new Web Based application. The Web-based application will serve to extend the services that Willow Bridge, InC. offers its customers over the Internet. Customers will have the ability to purchase policies on-linE. 3. The Web server that will be designated to host this new application must provide an interface to a background SQL Server databasE. 4. The anticipated growth in customer numbers for the next five years is estimated at 5 million. 5. Custom classes will be used to store customer's personal information in Active Directory. 6. The SQL Server database will only store information about the policies that have been solD. Business Processes Only authorized sales personnel sell the policies to customers. The sale process is as follows: 1. Customers come to the Willow Bridge, InC. offices. 2. Sales staff members use their workstations to register the policies they solD. Alternatively 1. Sales staff members visit the customers and sell policies at customer locations. 2. Sales staff members use laptop workstations to remotely register their transactions. 3. They make use of either dial-up connections or directly from customer locations, or over VPN connections from their homes. All customer information and policy transactions are stored in a database at the New York officE. The database holds approximately 1 million records at present. Existing network: Currently each location is configured as a Windows NT 4.0 domain as illustrated in the Directory Services exhibit below: There is a two-way trust between the New York domain and all the other domains. Every office is equipped with its own Internet access. Each office also has one or more remote dial-in and VPN servers. The large agencies are also equipped with a VPN server, a remote dial-in server and Internet connectivity. There are no third party operating systems on the network. All servers on the Willow Bridge, InC. network run Windows NT Server 4.0. The Willow Bridge, InC. client computers run various Microsoft Windows operating systems. The Sales department users have been issued laptop computers to connect to the Willow Bridge, InC. network by dialing in to their respective offices. These connections are usually effected from either the customer location or from their homes via VPN connection over the Internet. Problem Statements Chief Executive Officer "It has come to my attention that the government legislation that governs all companies dictates that we all comply with the new anti-discriminatory laws. We need to show our commitment and employ a handicapped person in an anti-handicapped joB. I have given some though to this issue and decided that we will not discriminate against people with poor eyesight in our company. We will employ someone who, according to the government qualifies for handicap status and employ that person in one of our departments." Chief Information Officer "We have a Research and Development Department whose responsibility it is to create custom softwarE. This software will be used to conduct our business. The Research and Development Department will create a new Web Based application. The Web-based application will serve to extend the services that Willow Bridge, InC. offers its customers over the Internet. Customers will have the ability to purchase policies on-linE. To this end the Research and Development Department will have to be placed on a separate network. Something akin to a test network as we do not want them to interfere with the production environment. A test network will be the ideal situation where the Research and Development Department users can perform tests. It will after all be up to them to perform and test Active Directory schema modifications. This will be a necessity since we are going to save customer data in Active Directory. New government legislation that governs our line of business also dictates that only the Willow Bridge, InC. personnel that deal directly in servicing the customers, i.E. services and processing customer data, should have access to the customers' personal information." Information Technology Manager "Any Willow Bridge, InC. office, whether it be a corporate office or agency, that has in excess of 60 employees has IT personnel on the staff. To this end we will only place domain controllers and servers in the offices that have IT staff on the premises. For control purposes I want the IT staff to report to me since I am ultimately the responsible person whose duty it is to manage the new network." "My greatest concern is the Research and Development Department. It is their responsibility to create a Web-based application that will serve to extend the services that Willow Bridge, InC. offers its customers over the Internet. They need to test the custom software that they create, but they always want to run their tests on the production servers. This causes many disruptions for all the other Willow Bridge, InC. employees. They need an isolated test environment. We do not want any interference from them on the production network. We will take responsibility for the deployment of the new programs that they have developed after they have tested it in the test environment. We will deploy the new programs on the production servers ourselves." Research and Development manager "We are currently developing a new Web-based application as well as other custom programs that are necessary for the maintenance of business information. We have a problem in that we always end up disrupting existing services since it is of the utmost importance that we test Active Directory Schema, SQL Server databases, access permissions, as well as group policies. All these activities form an integral part of our work. However, this leads to a very unstable, experimental environment. We need a test environment that mimics the production environment to conduct our tests and make it valiD. We agree full-hearted with the Willow Bridge, InC. management who want to isolate the production environment from our tests. We have our own personnel that will maintain our test environment. Our personnel does not form part of the Willow Bridge, InC. IT department. They are Research and Development department members. Therefore we will not interfere with the production network. All we want then is that the Willow Bridge, InC. IT department does not interfere with our work." Sales Department - End User "We want to be able to access the internal network from our home computers." Active Directory Requirements The following Active Directory requirements must be considered: 1. The network administrators in the IT department and Research and Development department will retain their current responsibilities. There should be no overlap or interference between their administrative authority. 2. Each office must continue to use their own Internet access providers. 3. Their ISPs must be separate from the one used by the New York officE. 4. All Willow Bridge, InC. computers are to be registered with DNS. 5. All Willow Bridge, InC. servers are to be configured with static IP addresses. 6. All Willow Bridge, InC. client computers are to be configured to receive their addresses via DHCP Security requirements The following Security requirements must be considered: 1. Group Policy is to be used to configure the Web-server named WB. SR01; and the SQL server named WB. DB01. 2. Security requirements for WB. SR01 differ from the WB. DB01 security requirements. 3. The internal DNS namespace should not be exposed to the Internet. 4. All DNS information regarding the internal network is to be stored in Active Directory. 5. Only authorized users and computers should have the ability to modify DNS resource records. 6. The Sales department members using laptop workstations must log on to Active Directory only by making use of smart cards. They will not be able to establish a remote access dial-in or VPN connection to the Willow Bridge, InC. network if they do not use the smart card authentication. Envisaged Network Infrastructure The New Network Infrastructure exhibit illustrates the relevant portion of the network infrastructure that the Willow Bridge, InC. Management wants implementeD. Topic 2, Willow Bridge, InC. (13 Questions) You are designing a forest and domain structure to address the concerns of the Information Technology manager, and to meet the business and technical requirements. You want to use the minimum number of domains and forests that are requireD. What should you do?

A. Use a one forest structurE.
B. Use a two forest structurE.
C. Use a three forest structurE.
D. Use a four forest main structurE.


Display Answer

Answer: B

Explanation: This question addresses a concept Microsoft has recently adopted for Windows 2003: isolation vs. autonomy: One for the production network and one for the Research and Development department. 1. We need a test environment that mimics the production environment to conduct our tests and make it valiD. We agree full-hearted with the Willow Bridge, InC. management who wants to isolate the production environment from our tests. 2. We have our own personnel that will maintain our test environment. Our personnel does not form part of the Willow Bridge, InC. IT department. They are Research and Development department members. The scope of an Active Directory schema is a forest. To enable the research and development department to modify schema independently of the production network, you should implement a separate forest. By creating the two new forests, you are providing isolation. This satisfies the requirements. Incorrect