219 Cheet Sheet

Cheet Sheets: Designing Windows 2000 Directory Services (70-219)
Copyright Keen Interactive 2001

Last updated 4/12/01
*A note to our customers: This document has two sections. The first poses the question
and the correct answer. The second has the question, multiple choice answers, and an
answer key. It is suggested that you focus your studying on the first section (correct
answer only). These 6 case studies have been known to appear very frequently on actual
exams. Good luck.
-Keen Interactive
Perry Research
Windows 2000 Upgrade Project:
Your company is asked to provide consulting, development and integration services for a company named Perry Research. As a part
of this project you will implement Windows 2000. All client computers that currently run Windows will be upgraded to Windows
2000 Professional. Wherever possible, the Windows NT 4.0 domain controller environment will be fully upgraded to Windows 2000
Server.
Background:
Perry Research is a military research company that operates from several locations in the United States. Most of the companys
business comes from contracts with the United States government and military. Its headquarters and primary IT center is in
Washington, D.C. The company is distributed as follows:
??
??
??
??
??
??
??
??
Research Facilities
Boston, Massachusetts
Denver, Colorado
San Diego, California
San Francisco, California
Seattle, Washington
St. Petersburg, Florida
Washington, D.C.
The Denver, San Diego, San Francisco and Seattle facilities were originally a separate company named Parelli Aerospace. These
facilities became a part of Perry Research when they were purchased in 1997. These facilities still use the Parelli Aerospace name and
Parelli Aerospace still maintains its identity as a separate company. Perry Research is likely to acquire another company in the near
future.
Problem Statement:
Chief Executive Officer (CEO):
Because we are primarily a military research contractor working on a variety of classified projects, our primary concern is security.
We purchased Parelli Aerospace in 1997, but in many respects it still operates as a separate company. We are attempting to eliminate
duplicate work within the two companies as much as possible. We are also in the process of developing common operating practices.
For purposes of shared research, we allow government and military customers to access some of our data. When we bought Parelli
Aerospace we needed to restructure our entire security network structure. We need to be able to support our growth plans without
needing to perform t his type of restructuring again.
Chief Information Officer (CIO):
In some cases, to avoid the need to replace the existing hardware, we will use other operating systems than Windows 2000. Rather
than build more than one directory service, we want an integrated directory service. To work towards accomplishing the goal, we will
be migrating Microsoft Exchange
Server 5.5 to Exchange 2000 Server.
All account administration currently needs to be performed from our IT centers. We want to remove this limitation. We also want a
security infrastructure that will not need to be restructured when the accounts database reaches 40 MB. Our current arrangement of
trust relationships is cumbersome to manage. The current Windows NT 4.0 domain structure requires several domains for delegation
of administration.
We eventually want to have a global IT facility that uses common software, standards, and procedures. The consolidation will begin
during the Windows 2000 upgrade but we do not expect to complete it during the upgrade. We want the IT facilities to be controlled
from one location as necessary. However, we also want to be able to delegate certain tasks without necessarily needing to create
domains for them.
We are concerned that MS Windows 95 and Windows 98 do not offer security at the client computer level. We want to increase our
control and continue to standardize our client computers and applications in all departments.
We want to standardize our security and management environment throughout the company as much as possible.
We must minimize the disruption caused by Windows 2000 upgrades, and the upgrade must not compromise our security.
History:
Perry Research has a diverse server environment. The company uses mainframe, UNIX, Novell, Macintosh, Banyan VINES and
Microsoft servers.
The current Windows NT domain structure was configured in 1997, after the purchase of Parelli Aerospace, in an attempt to integrate
the IT structures of the two companies. The network based on Windows NT was configured as a coexisting server structure, and
migration and interoperability were gradually implemented. Since then, all service packs up to Service Pack 7 have been applied to
Windows NT 4.0. The goal of this migration is to finally remove all of the remaining Banyan VINES and Novell servers.
Existing IT Environment:
General:
The Perry Research uses 25,000 personal computers.
The distribution of users is shown below:
??
??
??
??
??
??
??
Boston 2,900
Denver 4,200
San Diego 1,900
San Francisco 3,600
Seattle 2,400
St. Petersburg 2,600
Washington, D.C. 7,400
There are currently two Windows NT account domains. All user accounts are in these domains. There is one resource domain in each
of the seven geographic locations. There are account domains in Washington, D.C., and San Francisco. BDCs are distributed
throughout the company as needed. At the Washington, D.C., location, there are two domain controllers running custom applications
that will not run on Windows 2000. During the upgrade process, these domain controllers will remain on computers that run Windows
NT Server 4.0. These domain controllers will be migrated at a later date.
Network Infrastructure:
There is a 44.736-Mbps line from San Francisco to the primary IT center in Washington, D.C. This line is used primarily for business
applications. The 44.736-Mbps line has an average available bandwidth of 35 percent. There are 1.544-Mbps lines from Washington,
D.C., to Denver, Boston, St. Petersburg, Seattle and San Diego.
There are also 1.544-Mbps lines from San Francisco to San Diego, Denver and Seattle. The WAN links will be upgraded if more
bandwidth is needed.
Each location has one internal DNS server to manage the current UNIX environment. The current internal implementation of DNS
does not support SRV records, dynamic update, Unicode characters, or incremental zone transfer. The IT staff members who currently
maintain DNS servers manage both the UNIX environment and Windows NT Server environment.
The external DNS systems for both the Perry Research Web site and the Parelli Aerospace Web site are currently hosted on third-party
ISP servers. The DNS modifications required for Windows 2000 will be designed to use the existing internal DNS structure.
IT Structure:
The primary IT center is in Washington, D.C. There is also a major IT center in San Francisco. In many ways, the San Francisco
research facility operates as an independent business unit. Since 1997, the IT department has been creating an increasingly centralized
IT structure. All account management is performed in Washington, D.C., and San Francisco.
All Windows 2000 operations masters will remain in their default locations. The departments that must be supported by the IT
infrastructure include the following:
??
??
??
??
??
??
??
??
??
Administration
Financial
Human resources - managed as a single group by IT
Management
Public relations
Real estate
Information technology (IT)
Sales and marketing
Research
??
??
??
??
??
Aerospace
Biological
Chemical
Electrical
Mechanical
Policies and application specifications are defined at the Washington, D.C., and San Francisco IT centers. These two locations also
provide telephone support for each department. Additionally, there is an IT department at each geographic location. These local IT
departments report directly to the global technical support center. At the local offices, the IT staff is divided by departments and
departmental responsibilities.
Security:
Currently, the two domains have different security policies for password length and complexity and for account lockout. These
policies will not be changed after the Windows 2000 upgrade project is completed. Accounts will be created at the Washington, D.C.
and San Francisco facilities. The rights for resetting passwords and changing attributes will be delegated to local IT administrators. IT
administrators give these users rights by adding global groups to local groups. There will be four levels of administrators for day-today operations:
1.
2.
3.
4.
Enterprise administrators will be a small group contained in a separate top-level domain to manage the entire organization.
Domain administrators will be granted rights to the entire domain.
Branch administrators will be granted rights for operations at the physical locations.
Departmental administrators will have localized rights based on their specific roles.
The departmental and branch administrators of resource domains are not granted administrative rights for the corresponding account
domains.
Group Policy Goals:
Group Policy will be centrally managed from Washington, D.C., as much as possible. Initially, Group Policy will be designed to
redirect folders to minimize logon time, to define logon scripts, to set security, and to allow specific software to be made available for
installation in departments where users have the ability to install software.
Perry Research Questions
1. Which upgrade plan should you use for Perry Research?
A: Create a root domain.
Upgrade the two account domains to Windows 2000, upgrade the resource domains, and then consolidate the resource domains into
the account domains.
2.
You need to design the group policy hierarchy that should be applied to a user in the human resources department for
technical staff at the Boston research facility. In which order should you apply the Group Policy objects (GPOs)?
A: Boston site GPO, domain GPO, Boston OU GPO, human resources GPO.
3. How should you implement the administration of group policy?
A: Enable domain administrators to create Group Policy objects to link GPOs to sites, domains, and organizational units, and to edit
site-level and domain -level GPOs.
Enable departmental administrators at each location to edit GPOs that apply to their departmental OUs.
4.
You must decide how many domains to create for Perry Research. What is the most important factor that you should
consider when deciding whether to create more than one domain?
A: The requirement that different companies have different account lockout policies.
5.
You upgrade the Perry Research client computers and domain controllers to Windows 2000 as planned. You must now
choose the locations for the server services. Move each service to the appropriate location or locations. (Use all the server
services. You might need to reuse server services)
North American Perry Research Locations:

Washington, D.C.
Boston
San Francisco
Server Services
global catalog
DNS
RID master
schema operations master
infrastructure operations
master
PDC emulator
domain naming master
A: Washington, D.C. --RID master, schema operations master, infrastructure operation master, domain naming master, PDC emulator,
global catalog.
Boston--DNS.
San Francisco--global catalog, PDC emulator, RID master, infrastructure operations master.
6.
You need to grant permissions to a set of resources that are managed on three domain controllers the Washington, D.C.,
facility. You need to grant these permissions to users at all facilities. What should you do?
A: Create a domain local group in the local domain, and grant this group access to the resources. Create one global group in the
appropriate domain or domains, and add to this group the users who need access to the resources. Add the global groups to the
domain local group.
7. Which change must you make to DNS to prepare for the implementation of Windows 2000?
A: Provide DNS services that will support SRV records.
8. How should you implement DNS naming strategy for Perry Research?
A: Upgrade the existing DNS infrastructure.
Use three domains named Perryresearch.com, corp.Perryresearch.com, and parelli-aerospace.Perryresearch.com.
9. How should you design the DNS for Perry Research?
A: Upgrade the existing UNIX DNS service.
On this service, configure the zones required for Windows 2000.
Highabove Toys
Background:
Highabove Toys is a medium-sized manufacturer of corporate marketing products. The company designs personalized clothing,
glasses, hats, and many other marketing products.
It specializes in manufacturing unique items for large companies. The company is acquiring one of its clothing suppliers. The supplier
is named Worldwide Importers. The supplier is well known and has an Internet presence on its own domain. This domain is named
worldwideimporters.com. Worldwide Importers will operate independently of Highabove Toys.
Problem Statement:
Highabove Toys reports that there are too many IT administrators in the domain. Mainframe administrators with minimal experience
have administrator rights to the domain.
The company wants to decrease technical support cost by performing all technical support at an IT center in Detroit.
Organization:
Headquarters:
Highabove Toys headquarters is located in Detroit. There are two separate locations in Detroit --one for IT, one for the corporate
offices. The IT center has 100 employees and the corporate offices have 2000 employees.
Manufacturing Facilities:
The company employs 20,000 people in nine manufacturing facilities in the United States and in two facilities in Canada. Of these
20,000 employees, 8,000 use computers. Manufacturing facilities are also being built in Europe and Mexico.
Geography:
The company is divided among the following regions:
EAST 3,000 users:
?? Boston, Massachusetts - regional headquarters
?? New York, New York
?? Pittsburgh, Pennsylvania
MIDWEST 3,000 users:
?? Chicago, Illinois regional headquarters
?? Cincinnati, Ohio
?? Cleveland, Ohio
WEST - 2,000 users:
?? Oklahoma City, Oklahoma - regional headquarters
?? Los Angeles, Nevada
?? San Francisco, California
CANADA 1,000 users:
?? Montreal, Quebec
?? Toronto, Ontario - regional headquarters
The Montreal office will be permanently closed in near future. Many of the users from this office will be transferred to Toronto.
Although the Montreal office is scheduled to close during the Windows 2000 implementation, it might not close until after the
implementation is complete.
Highabove Toys is opening offices in Europe. A sales office was recently opened in Frankfurt, Germany. Manufacturing facilities are
also being built in Mexico. These facilities can be used by all the sales regions. The company is also planning to open manufacturing
facilities in Europe.
WAN:
Pittsburgh and New York connect to Boston by means of a 56-Kbps line.
Boston connects to the IT center by means of a 1.544-Mbps line.
Cincinnati and Cleveland connect to Chicago by means of a 56-Kbps line.
Chicago connects to IT center by means of a 1.544-Mbps line.
San Francisco and Las Vegas connect to Oklahoma City by means of a 56-Kbps line.
Oklahoma City connects to the IT Center by means of a 1.544-Mbps line.
Europe, Mexico, and Toronto connect to IT center by means of a 56-Kbps line.
Detroit headquarters connect to the IT center by means of a 1.544-Mbps line.
Montreal connects to Toronto by means of 56-Kbps line.
Bandwidth usage is minimal.
Client Computers:
All of the desktop client computers run Windows NT Workstation 4.0. The portable computers run either Microsoft Windows 95 or
Windows 98.
Network:
There are three Windows NT 4.0 domains: HANA, HAEU and HAENG. All locations in Canada, Mexico, and the United States are in
HANA, Frankfurt is in HAEU. There is a two -way trust between HANA and HAEU.
All locations use Windows NT Server 4.0 for DHCP, WINS, and DNS. Each location also has a BDC and a separate application
server. However, Frankfurt has a PDC and a BDC for only HAEU domain. There is not a HAEU BDC in North America.
Because of the security concerns, users in the Engineering department have their own domain. This domain is named HAENG. The
Engineering department also provides administration for the domain. They administer all user accounts and resources.
HANA trusts the HAENG domain. On the HANA domain, passwords expire after 45 days. On the HAEU domain, passwords expire
after 30 days. Each manufacturing facility currently uses a mainframe computer to process orders and quotes that must be processed
quickly. The mainframe computer uses only TCP/IP.
Network Roles:
Each of the regional headquarters has a t echnical support staff. The office in Mexico is managed from the IT center in Detroit. The
locations without network administrators have mainframe administrators.
These mainframe administrators also help with domain administration. The mainframe administ rators respond to support calls for
basic issues and add and remove user accounts. However, their knowledge is usually limited to basic account administration.
Envisioned IT Environment:
WAN:
Before the Windows 2000 implementation, the 56-Kbps connection will be replaced with a 1.544-Mbps line. However, there is no
plan to upgrade the 56-Kbps connection to Canada and Mexico. Worldwide Importers will connect to Highabove Toys by means of a
256-Kbps line.
Highabove Toys wants to continue using the existing IT administrative structure and security policies for Europe and North America.
Network Roles:
Highabove Toys will create two new technical support centers: a North American support center and European support center. Each
region will have a small IT staff that will be responsible for basic support such as password resets and account lockout resets. Tasks
that require higher levels of administrative access or more advanced skills will be performed by the European or North American
support centers. Support for Europe that takes place after European business hours will be performed by the North American support
center.
Each support center will also be responsible for granting the staff at each region access to resources as needed. However, the North
American and European and support centers want complete control of their own resources. The engineering department will remove
its domain during the Windows 2000 implementation. The users and resources in this department will be integrated into Active
Directory as normal users and resources.
Software:
A software development company is in the process of creating human resources software for Highabove Toys. This software will be
integrated with Active Directory, and it will enable employee management for all of Highabove Toys. This software will add
additional attributes to user objects.
Worldwide Importers is also developing similar software. Both software solutions will be implemented independently.
Internet:
Highabove Toys has registered highabovetoys.com. Worldwide Importers has registered WideWorldImporters.com.
Client Computers:
Client Computers will be upgraded to Windows 2000 Professional.
Policies:
Each region should be created in Active Directory as a separate entity. Group Policy can vary among regions and locations. Technical
support staff in each region need to have the ability to change policies at each location.
Highabove Toys Questions
1. You must decide how your Active Directory will be affected by factors that influence Highabove Toys business strategies.
Move each business factor to the Active Directory design component that it most influences. (Use all the business factors.
Use business factors only once.)
Active Directory Design Components:
Site design
Domain design
OU design
Forest design
Business Factors:
Manufacturing facilities are being built in Germany.
Highabove Toys acquiring Worldwide importers.
IT support tasks will be performed at American and
European Technical support centers.
The Montreal office will be permanently closed.
The European office will operate independently of the North American office.
A: Site design: The Montreal office will be permanently closed. Manufacturing facilities are being built in Germany.
OU design: IT support tasks will be performed at the North American and European technical support centers.
Forest design: Highabove Toys is acquiring Wide World Importers.
Domain design: The European offices will operate independently of the North American offices.
2.
You must design the site topology for the Highabove To ys. Which factors should have the most influence on your design?
(Choose all that apply.)
A: Number of locations.
Available WAN bandwidth.
3. You must integrate Europe and North America in Active Directory. How?
A: Create one forest for Highabove Toys.
Create one domain for Europe and one domain for North America.
4.
After the Windows 2000 implementation is complete, which domain name or names should you use in the internal DNS
for Highabove Toys? (Choose all that apply.)
A: europe.highabovetoys.com
northamerica.highabovetoys.com
5. Which server roles should you implement for Highabove Toys?
A: One schema operations master, one domain naming master, two RID masters, two PDC emulators, and two infrastructure
operations masters.
6.
Engineering users want to be able to able to continue to administer their own resources after the Windows 2000
implementation. What should you do?
A: Create a separate Organizational Unit for the engineering department.
Locate this OU in the North America domain.
Grant the engineering department complete administrative control of its Organizational Unit.
Move computer and user objects into the OU.
7.
You must decide whether to place Europe in Active Directory as a domain or as an Organizational Unit. Which factors
should most influence your decision?
A: The current and proposed IT administrative structures and security policies in Europe.
8. After the Montreal office is permanently closed, how many sites should you use for the highabovetoys.com domain tree?
A: 14.
9. What should you do to prepare for the transfer of employees from the Montreal office to the Toronto office?
A: Create separate OUs for Montreal and Toronto.
Move the user accounts to the Toronto OU when the Montreal OU is removed.
10. Which factor or factors should you consider when designing the domain naming strategy for Highabove Toys? (Choose
all that apply.)
A: The company wants to implement separate security policies for Europe and North America.
The company wants to have an Internet presence.
11. Which strategy should you use to inte grate Worldwide Importers to Highabove Toys in Active Structure?
A: Create a forest for HiabuvToys.com. Create a second forest for WideWorldImporters.com.
Business Consultants (BC)

Background:
Business Consultants is an international company that specializes in developing equipment for ticketing and access control for ski
resorts. The companys turnstile-gate technology uses smart -card reading units. These units can unobtrusively access information from
smart cards to authenticate users. The units can also add or subtract values from the cards.
For example, the unit can track the number of times a user skies a particular ski run. The units can read the cards from a distance, so
that users can simply pass by the units with the cards. Monetary amounts can also be added to or subtracted from the smart-card
accounts, so that the card can be used to purchase items.
Business Consultants now wants to expand its scope to serve the informational needs of ski facilities and all of its customers that it
serves.
The company recently acquired a large amount of investment money. It will use this money to support an aggressive project to make
itself a premier information service provider to the most prestigious ski resorts in the world.
The purpose of this project is to build the large membership of individuals who have common interests and active lifestyles and
provide them with new and unique services.
Business Consultants will customize its services to meet specific needs of each resort by promoting each independently. However, BC
will also provide a benefit known as the Passport that any member can use at any resort served by the BC infrastructure.
The Passport will provide many services to the members. BC also intends to use its membership list to promote product s.
Problem Statement:
Business Consultants currently has only one type of turnstile smart -card tracking equipment located at ski resorts. The company must
acquire the technical expertise to develop new IT system that will support its new mission. It has concluded that Windows 2000 and
Active Directory will be important components of its success.
Business Consultants plans to implement its goals in three phases:
Phase 1 will occur during the next 12 months. During this phase, the company will build the member Web site. During this phase, the
company will also install at one resort location a resort IT employee that will be integrated with the member Web site.
The company will test this system, and then install the system at five additional resorts. The go al is to have the global member IT
system and six resort IT systems operational within 12 months.
Phase 2 will occur during the following year. During phase 2, BC plans to add 14 more resort locations and achieve a total
membership of more than one millio n.
Phase 3 will occur during the following year. During this phase, the company plans to double the number of resort locations and
members. Business Consultants intends to gain recognition in the market by using the newest technologies.
The company is wi lling to take risks if the ideas are feasible and will provide services that will promote customer loyalty and company
recognition.
Business Goals:
Members will be able to purchase tickets for ski lifts and reserve rental equipment from their home computers or at the resorts.
Individual user details will be stored so that ski sizes, the quality of equipment, and other details will need to be added only once.
When customers arrive at the resort, they will need not to wait. All equipment will be prepared and stored in the locker. Provisions
will also be made for the storage and transport of customer-owned equipment to any resort served by BC.
Business Consultants does not want its customers to have to wait for any services at any ski resorts. Customers will also be able to
purchase tickets for ski lifts online from kiosks. As a part of a membership, BC will issue smart cards attached to the stretchable cords.
At the ski resorts, members will be able to use cards to open their lockers. They will also use the cards to gain access to ski lifts and to
make restaurant reservations.
Members who are staying at resorts will use cards as keys to their rooms and will not need to register with the resort. Points will also
be accumulated for services that are purchased. These points will be used to earn gifts and awards. Members using the smart card to
purchase at the ski lodge or store will enjoy discounts.
Three membership classifications will be available: Premier, Active Skier, and Standard. Higher membership levels will receive
increased discounts.
Members will also have voice mail and e-mail services. Computers for the services will be located in each room and at many locations
in the lodge and on the slopes.
When members pass the ski lift turnstile, it will make a sound if they have any new e-mail or voice mail messages. At the top of the
lift, they can retrieve their messages. This service will provide a convenient way for members to locate other skiers and communicate
with them. Additionally, family and friends at home who know a members account ID will be able to send e-mails/voice mails to that
member.
Reports of the current ski left usage will be broadcast on the Web sites and on displays in the lodges. Resorts will have the option of
instituting a premium classification for access to the lifts. Members in the classification will never need to wait to get on the lifts.
Members who share account IDs will be able to add the IDs to their family lists or friend list. This will make it convenient for
members of a household to make reservations for the entire family, or for the individuals to see which of the friends are skiing on any
given day.
Members will be eligible for the discount packages, and will be able to use their smart cards at any of the resorts served by BC.
Members will also have the ability to add medical information to their cards. All ski patrol teams members will have wireless smartcard readers.
Envisioned IT Environment:
Business Consultants will design and construct the global services to support two interrelated components. One component will be for
members, and the other component will be for resorts.
Members will be able to access the member component from the Internet or any resort. The resort component will be used to support
each resort and its unique internal business and employee needs.
The company headquarters is located in Denver, Colorado. The headquarters employs 56 people. The company has installed a highspeed connection to its IT center San Jose, California. The IT center is connected to the Internet by means of 45-Mbps DS-3 lines.
BC does not intend to create a separate employee domain. The Business Consultants phase one design includes the implementation of
the member systems and the resort employee systems at the follo wing locations:
??
??
??
??
??
??
Austria
California
Canada
Colorado
Switzerland
Vermont
New members will be able to enroll for BC services at each resort. They will also be able to complete application forms on the
Internet. The member will be affiliated with one resort, but will be able to use services from any other.
The LANs at the resort will be upgraded to the highest feasible bandwidth. Each resort will have a connection to the Internet. The
connection speeds will vary depending upon services available. Each resort will have a Virtual Private Network tunnel to the servers
located in San Jose.
During phase 2, Business Consultants will open a European office to manage the resorts in Europe. As the company grows during
phase 3, it is anticipated that BC will have businesses and IT management centers in each country in which participating resorts are
located.
Interviews:
BC Chief Information Officer (CIO):
There are two major components of our plan: members and resorts. These components will be constructed at the same time. The
members component will provide services to the skiers. The resort component will provide services to the resort businesses and
employees.
Active Directory will be crucial to both components of the plan. The schema for the directory serving the members will need to be
modified so that the new functionality will be supported. For development and security, the server hosting the member schema master
will be located at our headquarters in Denver.
Members accessing BC services from any other resort will have the same functionality. To achieve the fastest response time, all logon
requests must avoid using a WAN line. Even if the members travel from one resort to another, their logon processes will be performed
locally and will not require WAN transmission.
Local resort employees will be able to update the member records registered only at their own resort. Requests for changes to records
of the members of other resorts will be sent to BC staff. Consequently, it needs to be easy to move a member user object from one
resort to another.
In case of possible server failure, a fault-tolerance design will be implemented at each resort so that local service will continue to run
even if one server fails. We must avoid performing directory replication during t imes of peak usage.
Servers at the IT center will include one domain controller that has a global catalog and one domain controller that has the
infrastructure operations master. Both the member and resort network must support wired and wireless devices. These devices can be
connected and automatically assigned IP addresses.
For security, other applications must be able to access the devices by means of their DNS names. To help each resort automate its
internal operations, we will provide a turnkey system that integrates Active Directory and advanced Windows 2000 functionality into
each location. The design will ensure that employee information for one resort will not be visible to the other.
Resort Manager:
The design for the BC resort infrastructure wi ll provide some great services to employees at my resort. Our employees will access the
system for services that include e-mail, human resources information, training and safety programs, the purchase of supplies,
equipment inventory and maintenance, and staff scheduling.
Employees will be able to access the system from a variety of client computers and kiosks. The kiosks will be computers that run
Windows 2000 Professional and have touch-screen displays. Both smart -card authentication and password authentication will be used
for employee security authentication. Specific employees will be assigned the responsibility of issuing smart cards and updating
member records.
Our resorts typically employ people in the following positions: ski lift operator, ski patrol member, maintenance worker, kitchen
worker, restaurant worker, front desk attendant, business administration specialist, equipment specialist, instructor, emergency staff
member, marketing specialist, and manager.
Each position will have specific access privileges. We also want to customize desktop settings for each position. The resort is
organized into five departments: hotel, restaurant, operations, maintenance, and business administration.
Because each resort is independently owned and managed, each one will want to be able to add applications that might uniquely
change the directory schema. In addition, the resorts do not want any external companies or any other resort to have the authority to
change user permissions for their employees. Nor do we need to have our internal domain replicated by means of our WAN line.
Our e-mail addresses need to be unique for each resort. Currently each resort has its own Web site. Each resort Web site is registered
under its own domain. The DNS services for our top-level DNS domain will continue to be managed by our external Web presence
provider. We do not want our internal Active Directory to remain on our external DNS server. The home page of our resorts Web site
will include a variety of information related to our resort.
We will provide a link from our Web site for members who want to update their records. This link will take our members to a member
Web site that is hosted by businessconsultants.com.
Business Consultants Questions
1. You must decide how your Active Directory design will be affected by the factors that influence the business strategies of
Business Consultants. Move each business factor to the appropriate component in your active directory design (Use all
business factors. Use each business factor only once.)
Forests
Sites
Number of domains
OU
Security groups membership
Business Factors:
Each resort must have independent control.
Directory replication cannot be scheduled during times of peak usage.
Resort administrative control is divided among five departments.
There are many employee positions at each resort.
It must be easy to move a members user object from one resort to another resort.
All member logon requests must avoid using the WAN line.
A: Forests: Each resort must have independent control.
Sites: Directory replication cannot be scheduled during times of peak us-age.
All member logon requests must avoid using the WAN line.
Number of domains:
OU: Resort administrative control is divided among five departments.
It must be easy to move a members user object from one resort to another resort.
Security groups membership: There are many employee positions at each resort.
2.
You must decide how many Windows 2000 Server computers you need to host the do main controllers and global catalog
servers for phase 1 of the implementation plan. What is the minimum number of servers that you should use?
A: 15.
3. Which BC business needs should you implement by using Group Policy objects? (Choose all that apply.)
A: Configuring the desktop settings for resort employees.
Updating the software on the kiosks.
4. How should you design the domain and forest structure for the members?
A: Use businessconsultants.com for the forest root and single domain.
5. You need to design a DNS, domain, and forest structure that meets the internal needs of the resorts. What should you do?
A: Create a DNS zone named as a subdomain of the resorts existing Internet domain name.
Assign this domain name to the Active Directory forest root.
6.
You must decide how many forests BC should use. Which business factors should influence your decision? (Choose all
that apply.)
A: Each resort will want to be able to add applications that might uniquely change the directory scheme of internal operating domain.
It will not be necessary for the employees of one resort to access information about employees of another resort.
The resorts do not want BC or any other resort to have any authority to change user permissions for their employees.
7.
You need to choose the top-level organizational unit that will support a resorts internal business requirements. Which
top-level OU should you use?
A: Departments.
8.
Resort employees must be able to update member records. Which trust relationship should you configure between the
member domain and each resort domain?
A: A one-way trust, where member trusts resort.
9. You need to configure replication for Business Consultants. Which two steps should you take? (Choose two)
A: Create intersite links on the member domain controllers that are located at each resort and at the San Jose IT center.
Set the interval to 180 minutes. Set the schedule to 1 a.m. to 6 a.m. local time at each resort.
10. You must implement DNS services for one of the resorts. Which sets of steps should you perform? (Choose all that apply.)
A: Install MS DNS Server on two servers.
Configure a subdomain of the resorts Internet domain.
Migrate the resorts top-level domain to DNS Server.
11. How many forests should you create for phase one of BC implementation plan?
A: 7.
12. You are deciding how you should support the requirements of Business Consultants members, resort employees and
resort departments. You need to decide which properties are most appropriate to meet the requirements of each group.
Move each technology to most appropriate groups (Use all technologies. Use each technology only once.)
Groups:
Resort employees
Members
Resort departments
Technology:
unique schema
intrasite replication
intersite replication
delegated administrative rights
A: Resort
employees: intrasite replication.
Members:
Resort Departments:
intersite replication.
unique schema, delegated administrative rights.
Electrik Corporation
Background:
Electrik Corporation manufactures various silicon components that are used in consumer electronics. Design teams are located at six
offices that are dispersed worldwide. These teams collaborate to create, test, and modify new and existing component design. This
collaboration requires creating, accessing, and modifying a variety of documents and document formats that are on the servers located
throughout the company.
Geography:
The headquarters for Electrik Corporation is located in New York. Branch offices are located in San Jose, London, New Delhi,
Bangkok and Sidney. Component designers work in all offices. The San Jose and Bangkok offices are manufacturing facilities. The
New York and Sidney offices have 2,500 employees each.
Each other office has 500 employees. Each of the six offices is located in one of the two regions. The regions are defined as follows:
?? Western Region
?? New York, New York.
?? San Jose, California.
?? London, England.
?? Eastern Region
?? Sydney, Australia
?? Bangkok, Thailand
?? New Delhi, India
The San Jose and New York offices are connected by means of a 256-Kbps fractional T1 line. The New York and the Sydney offices
are connected by means of a 128-Kbps fractional T1 line.
The connections between New York and London, between London and
New Delhi, between New Delhi and Bangkok and between Bangkok and Sydney are 64-Kbps fractional T1 lines.
The connection between the New York and London offices is heavily utilized during New Yorks business hours. The connection
between Sydney and Bangkok is heavily utilized during Sydneys business hours.
All locations have a 155-Mbps ATM backbone. All client computers are connected to their local backbone by means of a switched 10Mbps or 100-Mbps Ethernet.
Business Plan and Requirements:
The global components market is highly competitive. Our employees must be able to collaborate with each other 24 hours per day,
and we can not allow anything to interfere with this capability.
During the next one to two years, we anticipate a series of mergers, partnerships, and acquisitions. We need to be ready to assimilate
these new entities into our organizational and managerial structure, and into our infrastructure.
We must be able to easily restructure our organization, administration, and online data to take advantage of new resources without
interrupting the design and manufacturing processes. We might begin selling parts of business during the next one to two years.
We anticipate many changes to the company organization during the next few years. We will be organizing entire divisions,
assimilating unknown client and network operating systems and infrastructures, and adding large numbers of new users as we acquire
new companies.
To maintain control, we have divided between the New York and Sidney offices the responsibilities of all IT operations and IT
infrastructure management. However, the New York office makes final decisions regarding the infrastructure designs. The New York
office is responsible for the Western Region, and the Sidney office is responsible for the Eastern Region.
This division of control should not hinder the performance or availability of computer based services when users access network
resources. These resources should be presented quickly. We can not afford to have any computer down time. Our mission for the next
year is to have all services available and for those to start as quickly as possible.
Security Officer:
We have seen an increase in attempts to breech the security of our network. We do not know whether these attempts are being made
by individuals who are simply testing their skills or whether they are attempts at organized industrial espionage. But, we are not taking
risks.
Security must be one of the primary considerations in the design of all operating systems and services. We are implementing strict
security policies and procedures at all facilities. The Eastern and Western regions will individually manage policies. Because of an
existing security policy, and to ensure that the users are minimally affected, the Eastern Region will re-quire password resets every 30
days and a minimum password length of four characters.
The Western Region will require password resets every 45 days and minimum password length of six characters.
Network Operation Officer:
We need to delegate authority for password resets and the management of file and printer resources to our eight major departments:
research and development, design, manufacturing, marketing, finance, sales, IT, and human resources. At each branch office, each
departments IT staff should have the ability to manage the resources only within that one branch.
Chief Financial Officer (CFO):
We work hard to associate Electrik Corporations name with a highly recognizable and positive image. Although our e-commerce
business is successful, we might sell that portion of the business. Because it will possible that we will sell the name with a portion of
the business, we need to take actions to ensure that the sale of the name will not affect internal operations.
If we sell the e-commerce business, www.electrik.com will be included as a part of the sale.
All locations have three Windows NT 4.0 domains: one account domain and two resource domains. The Western Region locations use
Windows NT 4.0 DNS Server for name resolution. The Eastern Region currently uses a UNIX-based DNS service that supports the
use of SRV records but does not support dynamic updates. Each facility has several Windows NT 4.0 computers.
Electrik Corporation Questions
1. Which two Electrik Corporation business factors should influence your Active Directory naming strategy?
A: Organizational Unit hierarchy.
Possible sale of Electrik Corporation name.
2. Which Electrik Corporation business factor necessitates a multiple domain Active Directory design?
A: Individual infrastructure management control at the New York and Sydney offices.
3.
You are designing Electrik Corporations OU hierarchy. Which business factors should have the most influence on your
design?
A: Departments.
4.
Electrik Corporation is considering using the domain names listed below in a design that uses only the default Windows
2000 Trusts. Identify the Kerberos referral path that is traversed when a user in newyork.west.electrik.com accesses
resources located in sydney.east.electrik.com. Move the appropriate domain names to the trust path list and arrange
them in correct order. (Use only domain names that apply.)
1. electrik.com
2. west.electrik.com
3. east.electrik.com
4. newyork.west.electrik.com
5. london.west.electrik.com
6. sanjose.west.electrik.com
7. sydney.east.electrik.com
8. bangkok.east.electrik.com
9. newdehli.east.electrik.com
A: 2, 3, 7.
5.
You are considering the following domain hierarchy for Electrik Corporation:
electrik.com
east.electrik.com
west.electrik.com
bangkok.east.electrik.com
newdelhi.east.electrik.com
newyork.west.electrik.com
london.west.electrik.com
sanjose.west.electrik.com
sydney.east.electrik.com
There is a one-to-one relationship between sites and locations. A domain associated with only one location. Additionally,
electrik.com and west.electrik.com will be managed in the New York location. How should you design the server services at the
New York location?
A: One schema operations master, one domain naming master, six domain controllers, two global catalog servers and three PDC
emulators.
6.
Electrik Corporation decides to enter into a joint venture with one of its vendors. This venture will result in the creation
of a third company that will require its own Internet presence. Systems administration duties for the new company will
be shared equally by Electrik Corporation and the vendor. Electrik Corporation and the vender currently have separate
Active Directory forests. Which modifications should you make to Active Directory to support the joint venture
requirements?
A: Create a new tree for the new company.
Create this tree in Electrik Corporations forest.
7. A proposed design for Electrik Corporation is shown below:
San Jose Site
New York Site
sj1 west.electrik.com
ny1 west.electrik.com
The servers are named SJ1, SJ2, SJ3 and NY1, NY2 and NY3. SJ3 and NY3 are bridgehead servers. You want to create a new
user on NY1. You must identify the steps for default replication of that user to every domain controller in the New York and
San Jose sites.
Given this proposed design, arrange the steps in correct order. (Choose only replication steps that apply.)
1. Create the user.
2. NY1 notifies its replication partner or partners.
3. NY1 sends data to SJ3.
4. NY2 and NY3 begin pull replication from NY1.
5. NY3 notifies its replication partner or partners.
6. NY3 sends data to SJ3.
7. SJ1 and SJ2 begin pull replication from SJ3.
8. SJ3 notifies its replication partner or partners.
9. SJ3 begins to pull replication from NY3.
A:1, 2, 4, 5, 8, 9, 7.
Facade, Inc.
Windows 2000 Upgrade Project:
Your company is asked to provide consulting, development and integration services for a company named Facade, Inc. As a part of
this project you will implement Windows 2000. All client computers that currently run Windows 95 will be upgraded to Windows
2000 Professional. The domain controller environment will be fully upgraded to Windows 2000 Server.
Background:
Facade, Inc. manufactures and supplies plastic containers to manufacturers of personal grooming products. The company has three
offices in the southern United States. These offices are located in Dallas, Atlanta and Phoenix. The company headquarters are in
Dallas. The following departments are located in Dallas:
??
??
??
??
??
??
??
??
??
??
??
Accounting
Administration
Graphics
Human resources
IT administration
Maintenance
Manufacturing
Manufacturing designs
Purchasing
Quality control
Sales and marketing
In both Phoenix and Atlanta there are offices for the following departments:
?? IT administration
?? Manufacturing
?? Maintenance
?? Quality control
?? Sales and marketing
The company currently operates two eight-hour shifts for manufacturing and one shift for administrative and clerical functions.
Problem Statement:
The benefits derived from IT administration are not worth the money that we spend on it. Our suppliers and customers want to able to
link to our network for inventory updates, pricing, and billing.
Currently, many of the processes are paper-based. This practice causes all the associated difficulties related to paper handling and data
entry. Another consequence of this practice is that our data is not as current as we want it to be. We want to automate and consolidate
the sites that employees need to access to find employee information and to input information.
Currently, all account administration must be performed in Dallas. With the exception of account administration, there is no
centralized management of client computers. Internet mail is not currently available within the company. The existing Windows NT
4.0 domain structure necessitates several domains for the delegation of administration.
We want to create accounts at headquarters. However, we want departmental IT staff members at the Phoenix and Atlanta locations to
be able to reset passwords and make other modifications to the accounts. We do not want to give Phoenix or Atlanta full
administrative control.
We are concerned that Microsoft Windows 95 does not offer enough security at the client computer level. The amount of traffic on the
existing WAN connections between Atlanta and Dallas and between Phoenix and Dallas averages 75 percent saturation during
business hours. All IT maintenance will be performed during a four hour period during non-business hours. We try to schedule traffic
during the evening hours whenever possible.
I need to justify cost of every improvement we make to the IT infrastructure.
History:
The Windows environment was most recently up graded in early 1997. It was upgraded to Windows NT 4.0 and Microsoft Windows
95 from NetWare 3.12 and Windows 3.1. All service packs were applied to Windows NT 4.0 when they were released. The upgrade in
1997 caused several problems with connectivity, validation, and permissions. Because of these problems, some employees were not
able to work.
These problems were associated with the specific consulting organization that performed the upgrade. Nevertheless, employees still
remember the problems and recall them whenever upgrades are suggested. Consequently, company is sensitive about the duration of
downtime during the upgrades.
General:
Facade Inc employs approximately 10,000 people. The company uses approximately 5,000 computers. Of these computers, 3,750 are
in Dallas, 750 are in Atlanta and 500 are in Phoenix. The existing manufacturing environment is controlled by UNIX-based computers.
There are currently four Windows NT 4.0 domains: a global account domain in Dallas that controls all user accounts, and resource
domains in Dallas, Phoenix and Atlanta.
There are 56-Kbps lines from Dallas to both Phoenix and Atlanta. IT administrators are concerned about the amount of available
bandwidth but can not justify upgrading the links at this time. Because of these concerns, traffic is scheduled for evening hours
whenever possible. SAP is used for inventory management. The SAP server is located in Dallas.
The existing Web site is hosted by a third party. The facade.com domain is registered. It is hosted by third party Web servers, but it
does not host any interactive Web pages. At each location, there is an internal BIND DNS server to mange the UNIX environment.
The UNIX DNS structure is completely self-contained and functions as its own root. The Windows 2000 support staff must easily be
able to gain access to the DNS that supports Windows 2000. The company currently has no connection to the Internet.
Client Computer Environment:
Employees in the manufacturing de sign department use UNIX-based computers for design processes. For e-mail and Web processing,
they use Windows computers. The computers used by the manufacturing department use a terminal emulation program to
communicate with the system that control the manufacturing processes.
Most of the employees use computers that run Windows 95. Most the Windows 95 computers run on Pentium 166-MHz MMX
hardware platforms that have 16 MB of RAM and 2.1-GB hard disks. Facade, Inc., uses Microsoft Office 97 as its standard office
suite.
Department-specific applications are installed locally by on-site administrators. Each of the manufacturing departments computers is
used by more than one employee. The company wants server-stored profiles and documents to be available from local servers to each
manufacturing department user at each of the manufacturing departments' computers.
IT Infrastructure:
The primary IT center is in Dallas. IT management is performed in Dallas whenever possible. The sales and marketing, manufacturing,
human resources, purchasing, administration, quality control and maintenance departments each use unique software. The technical
support staff needs specific expertise to supply support to each of these departments. Consequently, each department has its own
technical support staff. The IT policy for each department is defined and managed in Dallas.
Most of the departmental support staff is located in Dallas, although some of the support staff members at the local offices report
directly to departmental IT managers in Dallas. The departmental support staff at the local offices will need delegated authority to
perform basic administration.
Security:
In the master account domain, grouping of users for resource access is performed by means of global groups. This grouping is
performed by the IT administrators in Dallas. For local resource access, local groups are created on local servers. These groups are
created by the local IT administrators. Administrators grant these user rights by adding global groups to local groups.
Local administrators of resource domains are not granted administrator rights for the Dallas domain.
Group Policy Goals:
Group policy will be managed for Dallas with both the company-wide policies and departmental policies. Initially, Group policy will
be designed to redirect folders, to define logon scripts that will be customized for each department at each location, to minimize the
logon time, to define the desktop settings, and to allow department-specific software to be made available.
Security groups will not filter Group Policy objects, with the exception that most Group Policy will not apply to technical support staff.
Facade, Inc. Questions
1. Which goal is accomplished as a direct result of the upgrade to Windows 2000 Active Directory?
A: Increased control and increased capability to standardize applications and configurations throughout the company.
2. How should you design the sites and site links for Facade, Inc.?
A: Create one site each for Atlanta, Dallas and Phoenix. Create IP site links between Atlanta and Dallas and between Dallas and
Phoenix. Between Atlanta and Dallas and between Dallas and Phoenix, schedule the links to replicate from 2:00 a.m. to 4:00 a.m.,
Dallas local time.
3. Which upgrade paths should you use for Facade, Inc?
A: Upgrade the Dallas account domain.
Use this domain as the root domain.
Separately upgrade the three Windows NT 4.0 domains to Windows 2000.
Consolidate these three domains into one domain.
4. Where should you locate the server services for Windows 2000?
A: In Dallas, locate a schema operations master, a domain naming master, an infrastructure operations master, a RID master, a PDC
emulator and a global catalog. Locate one global catalog in Atlanta and one global catalog in Phoenix.
5. Which Windows 2000 site design should you implement for Facade, Inc?
A: Continue using the existing WAN lines.
Create one site each for Dallas, Atlanta and Phoenix.
6. How should you design DNS to support Windows 2000 for Facade, Inc?
A: Install Microsoft DNS server on Windows 2000 computers, and integrate DNS into Active Directory.
7.
You want to implement Windows 2000 to minimize the impact of replication on WAN traffic for Facade, Inc. What
should you do?
A: Use IP site links for replication.
Optimize the replication schedule.
8.
You need to create a design that will allow you to grant permissions to a set of resources that are on three servers in the
Dallas office. You need to grant these permissions to users throughout the entire company after the upgrade. What
should you do?
A: Create a domain local group in the domain in which the resources exist, and grant this group access to the resources. Create one
global group for the domain or domains, and add the members who need to gain access to the resources. Add the global groups to the
domain local group.
9.
The database administrator for the human resources department attempts to upgrade the SAP applications that will
integrate with Active Directory and new classes in the installation phase. Her attempts are unsuccessful. What is the most
likely cause of this failure?
A: The administrator trying to install application is not in the Schema Administrators group.
10. How many domains should Facade, Inc., have at the end of the upgrade project?
A: One domain for the entire company.
11. The database administrator for the human resources department attempts to upgrade the SAP application that will
integrate with Active Directory and add new classes. The instruction fails. What is the most likely cause of the failure?
A: The administrator is not in the Schema Administrators group.
Proposal Corporation
Background:
Overview:
Proposal Corporation was founded in 1990 as an employment agency for temporary employees. The company supports media
companies needs for freelance writers, reporters and graphic artists.
In 1998, Proposal Corporation expanded its scope to include a broader range of information workers (IWs) and to support a broader
range of companies. Proposal Corporations new mission is twofold. This mission is to become a leader in supporting the individual
needs of highly qualified freelance IWs and to provide the best service to the corporate customers seeking temporary employees.
Information Workers (IWs) Service:
Proposal Corporation recruits consultants, freelance workers and independent contractors worldwide. The company refers to these
individuals as information workers (IWs). The company provides the IWs with personal and GroupWare tools such as e-mail,
discussion groups, and scheduling resources to help make them more productive.
Next, the company evaluates and markets their skills. Then, finally the company helps them work with the employers that help them
by making it easy to share information with these employers. If an IW is assigned to a position with an employer who has network
connectivity to Proposal
Corporation, special access to shared resources is granted. This special access allows IWs to conveniently share work with employees
of the companies that employ them.
Corporate Customer Services:
Proposal Corporation works with a group of leading technology and services companies that need temporary employees. Proposal
Corporation makes it easy for companies to browse to its online list of workers and find the right worker for the job. In addition,
Proposal Corporation makes it easy for its corporate customers to initiate contract processes and for the employees of the corporate
customers to conveniently share information with temporary employees.
Organization:
Currently, Proposal Corporation has approximately 300 full-time employees. They are evenly distributed among its four offices in
New York, Chicago, Atlanta and Los Angeles. The Chicago office is the company headquarters.
Proposal Corporation has the following departments:
?? Business Administration
?? Human resources
?? Information technology (IT)
?? Marketing
?? Consulting
The consulting department provides management and communication services to the corporate customers. In the consulting
department, experts are assigned to support each IW occupational role. These experts hire the IWs, evaluate their skills, manage their
security certification clearances, and monitor their assignments with corporate customers.
Corporate customers occasionally hire these consultants for temporary assignments. Proposal Corporation organizes its information
into the following groups: employee, recruiting, IW, accounting, corporate customers, and projects.
The company provides services to more than 20,000 IW. Approximately 20 percent of these workers are currently employed in
temporary positions acquired by Proposal Corporation. Proposal Corporation wants to increase the number of its full time employees
to 450 during the next two years. During the next two years, the company also wants to double the number of IWs and increase the
percentage of IWs that are actively employed.
The internal WAN consists of 1.544-Mbps lines that connect New York, Atlanta and Los Angeles to the headquarters in Chicago. The
connection to the network operates at 30 percent utilization. The connection to Atlanta operates at 20 percent utilization, and the
connection to Los Angeles operates at 50 percent utilization. The connection to the Internet is in Chicago.
The companys external Web site is hosted by a third party. The network consists of one master domain and one separate resource
domain at each of the companys four locations. The master domain contains all employee user accounts and is named PW_Master.
PW_Master has its PDC and a BDC in Chicago and BDCs located in New York, Los Angeles and Atlanta. Each location has a
resource domain. The PDCs and BDCs for these resources domains are located at associated offices.
Each location also has a second BDC located at the Chicago office. The resource domains are CH_RES, NY_RES, LA_RES and
AT_RES. The PW_MASTER and LA_RES PDCs also run WINS. Currently, there are no DNS or DHCP services running.
Currently, the information workers (IWs) want to access the internal WAN. The IWs only access resources on the Windows NT and
UNIX Web servers that are host ed by the ISP. E-mail service for IWs is hosted by a UNIX POP3 server.
Proposed Corporate Customer Connectivity:
Currently, 50 percent of Proposal Corporations IWs are working at approximately 20 large companies. Proposal Corporation has at
least one full-time employee permanently located at ten of these companies to manage IW services. Two corporate customers are
willing to configure trust relationships between their own WANs and the Proposal Corporation WAN.
Therefore, approved IWs will be able to place files in the Proposal Corporation servers, and employees of these two corporate
customers will be able to access the files conveniently.
Project Goals:
Information Worker Management:
Proposal Corporation wants corporate customers to be able to directly acquire and manage information workers (IWs). The IT system
will need to feature highly flexible tools for searching, scheduling, estimating costs, and deploying resources.
Establishing Trust:
Many of the services that information workers (IWs) will provide to Proposal Corporations corporate customers will be performed
remotely. Because little or no personal contacts will occur, establishing trust will be difficult. In an attempt to solve this problem,
Proposal Corporation will use video conferencing whenever possible. The company will provide membership access to national video
conference centers.
When bandwidth allows, the company will also provide support for video conferencing from IW home offices. To further increase
trust, IWs enrolled in the Virt ual Office service will be granted a higher level of security clearance.
Information Worker (IW) Virtual Office:
Proposal Corporation currently provides Web-based administrative tools such as timesheet reporting, invoicing, and payroll services.
It also offers these service levels to its information workers:
??
??
STANDARD- This level is free and provides e-mail, 5 MB of file storage, and access to job databases.
DELUXE- IWs pay a monthly for this service level. This level includes all standard services and provides group-rate insurance
plans and stock options.
As a part of this project, Proposal Corporation will offer a premium service level named Virtual Office. IWs will pay an additional
charge for this service level. This level will provide 50 MB of file st orage, project team rooms, personal scheduling tools, contact
management, access to discussion groups and advertisement space on the Proposal Corporation Web site, with links to personal
portfolios.
Proposal Corporation intends to use Public Key Infrastructure (PKI), Microsoft Outlook 2000, and Microsoft Exchange 2000 to
support this functionality.
Each IW is classified as one of the following occupational roles:
?? Business
?? Information technology (IT)
?? Management
?? Media creation
?? Sales
?? Training
To support the corporate customers need for confidentiality, IWs will be classified into one of the several levels of security clearance.
Depending upon work history and credentials, they can attain higher security levels.
Project Requirements:
Proposal Corporation intends to upgrade the client computers of all permanent employees to Windows 2000. The company will hire
external workers to perform the upgrade. The company also wants to consolidate and upgrade the existing Windows NT domains,
implement Active Directory, and upgrade Microsoft Exchange 5.5 to Exchange 2000.
Each Proposal Corporation office currently operates at a small independent business. However, most information sharing is contained
within each department, regardless of the location. The administratio n of user account resources should be restructured to support this
organizational system.
For security management, the company wants the root of its internal forest namespace to be a subdomain of its public domain. This
domain is named proposal.com. For fault tolerance, at least two servers host domain controllers in each domain.
In addition to its internal network, Proposal Corporation intends to use Public Key Infrastructure, Active Directory, and Exchange
2000 to implement the information worker (IW) Virtual Office service. Permission changes made to IW resources should not need to
be replicated to other Proposal Corporation offices, although all employees need to be able to search the complete global catalog
containing employees and IWs.
Initially, all 20,000 IWs will be imported into Active Directory as contacts. When Iws subscribe to the Virtual Office service, they will
be supplied with Microsoft Outlook 2000, migrated to Exchange 2000, and entered into Active Directory as users. IW users will
access Proposal Corporations internal network to the Chicago Internet connection by means of VPN.
To support the anticipated high security levels, IWs subscribing to the Virtual Office service will require stronger password policies
than Proposal Corporation employees. These policies include longer passwords and PKI certificates. The design must support smart
cards and consistent logon procedures regardless of domains.
All users will use username@proposal.com for authentication. Proposal Corporation also wa nts to create extranet connections and
trusts. Initially, Proposal Corporation will configure the extranet connections and trust with two of its corporate customers. IWs with
appropriate credentials will be able to store documents on servers at Proposal Co rporation. Corporate customer employees will be able
to access thesedocuments easily.
The two corporate customers who are configuring trust relations with the Proposal Corporation WAN have already installed Active
Directory domains. Users at these companies will want to be able to view appropriate Proposal Corporation file shares in their own
global catalogs. These two corporate customers do not want IW user accounts to appear on any of the access control lists in their forest.
Chief Information Officer (CIO) Interview:
There are a lots of creative individuals in the IT field. They will install the services just to see how the services work. Because of this
tendency, we often have many more services running than we need.
I want to regain top-level administrative control. I also want to be able to delegate administrative tasks. Because I want to keep our
initial design as simple as possible, I want to use only services absolutely necessary. Because we will use video conferencing, I want
to be able to control the quality of service provided to specific users.
I also want to be able to control domain replication. In addition, because we might lose a WAN link to our remote locations, employee
logon processes should not require the WAN connection. I will control all schema changes, site policies, and additions of new
domains.
I also want to assign selected individuals to administer employee information worker (IW) accounts and resources to have full domain
rights to these objects. The IT support staff at each location will be responsible for all of the normal daily work, including the daily
administration of users, resources, and permissions.
I have better things to do with the resources I have. I want the new design to be structured so that this work is delegated to individuals
in each department.
Proposal Corporation Questions
1. Which task or tasks must you perform to implement the required Windows 2000 design for Proposal Corporation?
(Choose all that apply, 11 options will be presented)
A: Create two explicit one-way trust relationships. Configure these trusts so that the Proposal Corporation IWs domain trusts a
domain in each of the two corporate customer forests.
Request that Proposal Corporation file share objects be added to the corporate
customers global catalogs.
Install domain controllers in New York, Atlanta and Los Angeles.
Configure DNS and global catalog services in New York, Atlanta and Los Angeles.
2. Which requirements should affect your domain migration strategy?
A: Maintaining employee accounts and passwords.
3. How many forests and domains should you create for Proposal Corporation?
A: One forest and three domains.
4. How many sites should you create for Proposal Corporation?
A: 4.
5. Which Proposal Corporation planned upgrade will require you to m odify the schema?
A: Microsoft Exchange Server 5.5 will be upgraded to Exchange Server 2000.
6. Which steps should you take to design DNS infrastructure and Active Directory domains? (Choose all that apply.)
A: Create a forest root named corp.proposal.com.
Create a subzone for any necessary child domains of the corp.proposal.com tree.
7.
You need to migrate Proposal Corporations existing Windows NT domains into Active Directory. Move the tasks needed
to achieve this goal, and arrange them in the correct order. (Use only tasks that apply.)
a.
Move users from the PW_MASTER domain to the resource domain at their location. Upgrade the PW_MASTER PDC to
Windows 2000, and create the Active Directory root domain. Upgrade each resource domains PDC to Windows 2000, creating
a separate child domain for each location.
b.
Upgrade the Windows NT 4.0 resource domain PDCs to Windows 2000, designating each as a child domain of the employee
domain. Create new OUs in the employee domain. Move the computer security groups and other security groups into the new
OUs. Decommission the child domains.
c.
Upgrade all of the BDCs of each Windows NT 4.0 domain to Windows 2000 domain controllers.
d.
Upgrade the PW_MASTER PDC to Windows 2000, creating a Windows 2000 domain containing all employee user accounts.
Attach this domain to the root domain.
e.
Use a clean install to create an Active Directory root domain.
f.
Create a new Windows NT 4.0 domain and add to this domain user accounts for each IW. Migrate the Windows NT domain to
Windows 2000. Create an explicit transitive trust relationship between the employee domain and the corporate customer
domains.
A: D,B,C.
8.
You must decide how your Active Directory will be affected by factors that influence the business strategies of Proposal
Corporation. Match each business factor to the Active Directory design component that it most influences. (Use all the
business factors. Use business factors only once.)

Site structure
Domain structure
OU structure
Forest structure
Explicit trust relationships
Business Factors:
a. Unique authentication requirements of IWs.
b. Division of Proposal Corporation into departments.
c. Classification of IWs into occupational roles and administration of IWs by Proposal Corporation employees.
d. Existing WAN connectivity and utilization rates.
e. Schema modification policy.
f.
Availability of IW shares from the corporate customer domains.
A: Site structure: Existing WAN connectivity and utilization rates.
Domain structure: Unique authentication requirements of IWs.
OU structure: Division of Proposal Corporation into departments. Classification of IWs into occupational roles and administration
of IWs by Proposal Corporation employees.
Forest structure: Schema modification policy.
Explicit trust: Availability of IW shares from the corporate customer domains.
9. What should you use as the top-level organizational units (OUs) for ProseWare Corporation employees?
A: business administration, human resources, IT, marketing, and consulting.
BEGIN MULTIPLE CHOICE SECTION:

Case Study 1:
BACKGROUND
General Home Products (GHP), a multi-national company, has acquired Southwest Ornamentals, an ornamental furniture
manufacturer. GHP currently has an Internet presence at ghp.com. Southwest Ornamentals has a broad mail-order customer base.
GHP would like to expand Southwest Ornamentals' ordering capability to the Internet, while maintaining Southwest's well-known
product name. GHP has a history of acquiring smaller companies that manufacture various goods.
PROBLEM STATEMENT
As acquisitions have occurred, GHP has allowed the smaller companies to administer their own domain name spaces. GHP
recognizes that this procedure has resulted in too many administrators. Some administrators have more rights and privileges than are
necessary. Management wants to decrease technical support costs by performing and coordinating technical support at the IT center.
ORGANIZATION
GHP's corporate headquarters is located in New York City. The IT center is located in Newark. The corporate office employs 1500
people. The IT center employs 150 people.
Manufacturing facilities for GHPs child companies are located in the United States and Malaysia. The United States is divided into
three regions. The East region contains the Boston and Philadelphia offices. The South region contains the New Orleans and Atlanta
offices. The West region contains the Los Angeles and Phoenix offices.
Southwest Ornamentals has its corporate headquarters in Phoenix with manufacturing facilities in Mexico. GHP plans to consolidate
its Phoenix office into Southwests corporate headquarters building. All GHP Phoenix office users will move into the consolidated
Phoenix office. The GHP Phoenix office is scheduled to close during the migration to Windows 2000.
EXIST ING IT ENVIRONMENT
WAN:
GHP facilities in Newark, Los Angeles, Atlanta, Boston, and New York are connected to the IT center by 1.544-Mbps leased lines.
New Orleans is connected to Atlanta by a 56-Kbps line. Phoenix is connected to Los Angeles by a 56-Kbps line. Philadelphia is
connected to Boston by a 56-Kbps line. Malaysia is connected to the IT center by a 56-Kbps line.
Southwest Ornamentals Mexico facility is connected to its Phoenix office via a 56-Kbps line. The Phoenix office will be connected
to GHPs IT center during the Windows 2000 implementation.
Clients:
All desktop computers use Windows NT Workstation 4.0. All portable computers use Windows 95 or Windows 98.
Network:
GHP has three Windows NT 4.0 domains: MA, ACQ, and US. The MA domain is located in Malaysia. The PDC for the US domain
is located in Atlanta. The PDC for the ACQ domain is located at the IT center. A two -way trust relationship exists between the US
and the MA domains. All domains use Windows NT Server 4.0 for DHCP, WINS, and DNS. Application servers are located in Los
Angeles, Atlanta, Boston, and Malaysia. BDCs for the US domain reside in all locations. The MA domain contains both a PDC and a
BDC. The ACQ domain is for the Acquisitions department only. The US domain trusts the ACQ domain. The MA domain has the
most restrictive password policy.
Southwest Ornamentals has two Windows NT 4.0 domains: ACCT and RES. The RES domain trusts the ACCT domain. All user
accounts are located in the ACCT domain.
Network Roles:
Atlanta, Los Angeles, and Boston each have their own technical support staff. Specific users at each location can perform basic
account administration and backups. Technical support for Malaysia is coordinated by the IT center.
ENVISIONED IT ENVIRONMENT Chief Information Officer (CIO):
My primary concern is the lack of an administrative hierarchy. We currently have an administrative structure that is difficult to
manage. Too many users are granted administrative rights and privileges. These righ ts and privileges should be more relevant to their
job tasks. Creating an administrative hierarchy will provide more structure and increased security by assigning the appropriate rights
and privileges to users.
I want a three-tier administrative model with the top tier consisting of the IT Center staff. Full privileges should be assigned to key
members of the IT staff. The second tier will consist of the regional support staff. Members of the regional support staff can grant
rights and privileges to resources on the regional level, administer DNS zones, manage DHCP servers, and modify Group Policy
Objects (GPO). The third tier will consist of power users at the local level who are responsible for basic user account information and
local daily backups.
For simplicity and ease of administration, we must maintain a common schema.
Network Administrator:
Our plan for consolidation in the Phoenix area is to combine the two offices by closing GHPs Phoenix office and moving the users to
Southwest Ornamentals' corporate office. The new Phoenix office will then become a regional headquarters and be connected to the
IT Center via a 1.544-Mbps leased line. This will eliminate the 56-Kbps connection between the old Phoenix office and the Los
Angeles office. Mexicos connection to Phoenix will be upgraded to 1.544 Mbps. We are investigating a VPN solution for Malaysia.
The Acquisitions department wants to continue administering their own resources.
Project Leader:
In addition to the three account domains, we also have 50 resource domains. We must take advantage of Active Directorys improved
scalability by consolidating the domains. We will be able to achieve our CIOs goal of creating an administrative hierarchy by
simplifying our domain structure.
We have acquired some companies whose product names we must maintain. We want to build a Windows 2000 domain name
structure that will allow us to maintain separate namespaces for each product.
1.
a.
b.
c.
d.
e.
Which factors should most influence the design of your site topology? (Choose all that apply.)
cost of bandwidth
available bandwidth
number of locations
number of departments
existing DNS structure
2.
a.
How should you prepare for the transfer of employees from the closing Phoenix office to the other office?
Create separate OUs, and move user accounts to another OU.
b.
c.
d.
Create separate forests, and move user accounts to another forest.

Create separate domains, and move user accounts to another domain.
Create separate OUs, and move user accounts to the New York City OU.
3.
Match the following Active Directory Elements with the appropriate Business Elements:
ACTIVE DIRECTORY ELEMENTS

-OU design
-Site design
-Domain design
-Forest design
BUSINESS ELEMENTS
-GHP acquiring Southwest Ornamentals
-Three-tier administrative model
-Phoenix office permanently closed
-IT center-based technical support
4.
a.
b.
c.
d.
Which factors will most influence the design of your Active Directory structure? (Choose two.)
the ability to expand
the removal of the GHP Phoenix site
the need to consolidate existing domains
the need for the Acquisitions department to administer its own resources
5.
a.
b.
c.
d.
Which type of IT organization should be implemented?

outsourced IT
centralized IT
decentralized IT
centralized IT with decentralized management
6.
a.
b.
c.
d.
e.
f.
After the second Phoenix office is closed, how many sites should be used to support ghp.com?
10
11
12
13
14
15
7.
a.
b.
c.
d.
You must integrate the MA and US domains in Active Directory. What should you do?
Create one forest. Create one domain for GHP and one domain for Southwest Ornamentals. Create child domains for MA and
US.
Create one forest. Create two domains for GHP and two domains for Southwest Ornamentals. Create sites for MA and US.
Create one forest. Create three domains for GHP and two domains for Southwest Ornamentals. Create sites for MA and US.
Create one forest for GHP and one forest for Southwest Ornamentals. Create sites for MA and US.
8.
a.
b.
c.
d.
The Acquisitions department wants to administer its own resources. What should you do?
Create a separate OU for the Acquisitions department.
Create a separate domain for the Acquisitions department.
Create a separate forest for the Acquisitions department.
Create a separate domain for the Acquisitions department, and create an OU for the Acquisitions department.
9.
a.
b.
c.
d.
How should you configure replication? (Choose two.)

Configure the site link between Newark and Boston to use SMTP.
Configure the site link between Newark and Phoenix to use SMTP.
Configure the site link between Newark and Boston to use RPC over TCP/IP.
Configure the site link between Newark and Phoenix to use RPC over TCP/IP.
10. 10. Match the following Active Directory Elements with the appropriate Business Elements:
-Newark
-Boston
-Philadelphia
-New York
-Los Angeles
-Malaysia
-Atlanta
-New Orleans
-Mexico
-Phoenix
SERVER ROLES
-PDC emulator
-Schema master
-Infrastructure master
-Relative ID master
-Domain naming master
11. A user account in the ACQ domain is contained in the Sales OU of the Atlanta site. Correctly order the following policies in the
order which they are processed:
a. Sales OU
b. Local Group Policy object
c. ACQ domain
d. Atlanta site
12. You must decide whether to place MA in Active Directory as a domain, child domain, or OU. Which two factors should most
influence your decision? (Choose two.)
a. company plans for expansion
b. proposed IT security policies
c. geographical distance of locations
d. proposed IT administration structure
13.
a.
b.
c.
d.
How should you apply group policy to the domain?

Apply all GPOs at the OU level.
Apply all GPOs at the site level.
Apply all GPOs at the domain level.
Apply some GPOs at the domain level, site level, and OU level.
14. You must make the resources on three domain controllers in the ghp.com domain available to all users in the company. How
should you configure the group membership?
a. Create a global group and assign it permissions to the resources. Add the Everyone group to the global group.
b. Create a universal group and assign it permissions to the resources. Add the Everyone global group to the universal group.
c. Create a domain local group and assign it permissions to the resources. Add the Domain Users global group to the local group.
d. Create three local groups and assign them permissions to the resources. Add the Domain Users global group to the three local
groups.
15.
a.
b.
c.
d.
e.
Which DNS root names should you use for the Windows 2000 Active Directory? (Choose two.)
ghp.com
NA.ghp.com
NYC.ghp.com
southwestornamentals.com
NA.southwestornamentals.com
16.
a.
b.
c.
d.
How should you plan the implementation of the DNS root domain?
Add a child domain.
Add an SRV record.
Create a new root domain.
Use a parallel DNS system.
17.
a.
b.
c.
d.
Which strategy should you use to integrate Southwest Ornamentals with GHP in Active Directory?
In ghp.com, create a child domain for Southwest Ornamentals.
When the acquisition is complete, register one new domain name.
Create a forest for ghp.com, and create a second forest for Southwest Ornamentals.
Create a forest for ghp.com, and integrate Southwest Ornamentals into the existing forest.
18.
a.
b.
c.
d.
Which factors should you consider when designing a domain naming strategy? (Choose two.)
The WAN line to Phoenix will be upgraded.
The company requires an Internet presence.
Local administrators will perform basic account administration.
Separate namespaces will be maintained for well-known product names.
19.
a.
b.
c.
d.
Where should you place global catalog servers?

in all sites
in Newark only
in Newark and Phoenix
in Newark, Phoenix, and Malaysia
20. Which tool can you use to plan the placement of Active Directory servers?
a. Active Directory Sizer
b. Active Directory Schema console
c.
d.
Active Directory Domains and Trusts console

Active Directory Sites and Services console
Case Study 2:
BACKGROUND
The State Department of Education manages all state colleges, including all 4-year, 2-year, and vocational schools. Many students
take core courses at one college and transfer to another. Maintaining student records is difficult due to the diverse computer systems
used at each college.
Our state has two 4-year universities: Northern University and Southern University. There are several 2-year and vocational colleges
throughout the state.
Smart cards have been implemented for all educational employees. They currently use these cards for human resources and
administrative purposes.
BUSINESS GOALS
Our goal is to ease administration and maintenance with a central repository for all student records. One component is for our
employees to be able to view and transfer, if necessary, student records from one college to another. This will include a high level of
security and confidentiality of all student informatio n.
The second component is to provide student access to multiple services at all learning institutions by using smart cards. This will
include:
-
Course scheduling
Course grades
Teacher schedules
Food and supply purchases
Library services
Internet access and e-mail
Dorm security
We have a number of different network infrastructures and operating systems. To the maximum extent feasible, we must lower our
Total Cost of Ownership (TCO) by simplifying the infrastructure and migrating to a common operating system and network protocol.
This may involve a WAN upgrade. Each learning institution should maintain its own domain namespace. We want to maintain a
common directory schema for all learning institutions. The directory schema for the students may need to be modified.
ORGANIZATION
The northern region of the state includes six 2-year colleges, 15 vocational schools, and Northern University. The southern region of
the state includes five 2-year colleges, 10 vocational schools, and Southern University.
EXISTING IT ENVIRONMENT
Infrastructure:
Northern University currently has a Windows NT 4.0 domain structure, Windows NT 4.0 workstations, and Windows 9x computers.
There are some UNIX workstations in the Computer Science department and Macin tosh computers in the Graphic Arts department.
Protocols in use include TCP/IP, NetBIOS, and AppleTalk. Northern University requires that passwords expire every 30 days.
Southern University currently has a Windows NT 4.0 domain structure, Windows NT 4.0 workstations, and Windows 9x computers.
There are some UNIX workstations in the Computer Science department. Protocols in use include TCP/IP and NetBIOS. Southern
University requires that passwords expire every 35 days.
Junior College 1 (JC1) uses a Windows NT 4.0 domain structure, Windows NT 4.0 and 3.51 workstations, and Windows 9x
computers. There are several new standalone Imac computers. JC1 is located in the northern region. JC1 requires that passwords
expire every 40 days.
Junior College 2 (JC2) uses a Windows NT 4.0 domain structure with Windows 9x client computers. There is a large Graphic Arts
department using Macintosh computers exclusively. AppleTalk is being used to network these Macintosh computers. JC2 is located
in the northern region. JC2 requires that passwords expire every 45 days.
Vocational School 1 (VS1) and Vocational School 2 (VS2) use Windows 9x computers in their office areas only. A small LAN exists
that uses NetWare 3.12 and IPX/SPX. VS1 and VS2 are located in the northern region.
All vocational schools have the same IT environment as VS1 and VS2, and all junior colleges have the same IT environment as JC1
and JC2.
A UNIX BIND 8.2.1 server hosts the DNS structure. The current DNS structure should be maintained.
T he State Department of Education hosts a mail server running Microsoft Exchange Server 5.5. This will be upgraded to Microsoft
Exchange Server 2000.
WAN:
Northern University and Southern University have T1 connections to the Internet. JC1 and JC2 have 56-Kbps connections to
Northern University. Remaining colleges and schools have 256-Kbps connections to the Internet. Bandwidth usage is very high
during normal business hours.
INTERVIEWS
IT Coordinator - State Department of Education:
The State Department of Education would like to reduce the TCO for the existing IT infrastructure for all colleges in the state. Our
current environment consists of a variety of platforms and protocols. Consolidating and simplifying the infrastructure will allow us to
implement and manage the new smart card system while providing security. This new infrastructure will support a central repository
that will provide centralized access to student services and records.
We would like to use TCP/IP as our primary protocol, and would like to eliminate as many protocols as possible. We would also like
to standardize our desktop environment.
DNS Administrator - State Department of Education:
The current DNS structure has two DNS namespaces for Northern University and Southern University. They are registered with
InterNIC, and each university administers its own namespace. The top-level domain is state.edu. We have delegated domains,
nu.state.edu and su.state.edu. Each university has a UNIX environment that needs to be maintained. The UNIX departments have a
delegation from each universitys primary DNS zone.
We want to create domains for the remaining state colleges that will incorporate Windows 2000 and give each college its own Internet
presence.
PROPOSED IT ENVIRONMENT
We plan to complete the migration to Windows 2000 Active Directory in three phases. Phase 1 will consist of creating a Windows
2000 Active Directory that will include Northern University, JC1, and JC2. We plan to use TCP/IP exclusively. The platforms will
consist primarily of UNIX servers and Windows 2000 servers with a common desktop environment of Windows 2000 Professional
client computers. However, we will maintain the Macintosh and UNIX environments as they currently exist. Each learning institution
should have a fault tolerant IT system.
Phase 2 will consist of integrating the remainder of the northern half of the state into the new Active Directory structure.
Phase 3 will consist of integrating the southern half of the state into the existing Active Directory structure.
21. How should you plan the upgrade to Windows 2000 for a Macintosh volume on a Windows NT 4.0 server running Services for
Macintosh?
a. Upgrade the server to Windows 2000 Server.
b. Windows 2000 Server does not support Macintosh volumes.
c. Windows 2000 Server does not support the migration of Macintosh volumes from Windows NT 4.0.
d. Upgrade Services for Macintosh, back up all Macintosh files, and upgrade the server to Windows 2000 Server.
22. You must design a schema modification policy to support the requirements of the case study. Place the following procedures in
the order they should be before extending the schema.
a. Create a new subclass
b. Modify an existing class
c. Create a new attribute
d. Examine the existing schema
23.
a.
b.
c.
d.
What is the minimum total number of domain controllers that you should deploy to support the Phase 1 requirements?
3
6
8
12
24.
a.
b.
c.
d.
You want to make a UNIX server respond like a Windows 2000 server to Windows -based clients. What should you do?
Add the NFS add-on to clients.
Add CIFS capabilities to the UNIX server.
Install Services for UNIX on a Windows 2000 server.
Use integrated Telnet and File Transfer Protocol clients.
25.
a.
b.
c.
d.
How should you name the domains for the schools within Active Directory?
school name
school type
state region
state region/school name
26. How should you name the domains for the schools within Active Directory?
a. none
b. two-way transitive trust relationship
c.
d.
e.
two-way nontransitive trust relationship

one-way trust where students trust schools
one-way trust where schools trust students
27. You have determined that a valid need exists for extending the schema by creating new schema class objects. What should you
do before creating new schema class objects? (Choose all that apply.)
a. Add a new syntax.
b. Obtain OIDs for your new class.
c. Choose an appropriate class type.
d. Derive a subclass of the User class.
e. Understand the system checks that occur upon class creation.
f.
Understand the impact that the new class location has on inheritance.
28.
a.
b.
c.
d.
What is the minimum number of domains you should consider implementing during Phase 1?
1
2
3
4
29. You must determine the appropriate group membership for the deployment of Active Directory Services. Certain members of
the State Department of Education need administrative rights throughout the organization and the ability to take ownership of
any object in the forest. To which group should you assign them?
a. Account Operators
b. Enterprise Administrators
c. Schema Administrators
d. Server Operators
30. You must design a schema modification policy to support the requirements of the case study. Which methods can you use to
extend the schema? (Choose all that apply.)
a. Create classes
b. Modify classes
c. Create attributes
d. Modify attributes
e. Delete unused schema components
f.
Deactivate custom schema components
31.
a.
b.
c.
d.
How will the upgrade to Windows 2000 Active Directory affect the UNIX workstations in the Computer Science departments?
There will be no impact.
UNIX systems do not support Kerberos authentication.
The Directory Services client should be installed on UNIX systems.
Administrators should decide whether to install the Directory Services client on UNIX systems.
32.
a.
b.
c.
d.
How should you design the Active Directory structure?

by location
by function
by location then organization
by organization then location
33.
a.
b.
c.
d.
How many forests should you create to support all phases of the migration to Windows 2000 Active Directory?
1
2
3
4
34.
a.
b.
c.
d.
How should you integrate Active Directory with the UNIX BIND 8.2.1 server?
Use Windows 2000 DNS for both external and internal access.
Use BIND for both Internet (external) and intranet (internal) access.
Use BIND for external access and Windows 2000 DNS for internal access.
Use BIND for external access and for internal access for the UNIX environment. Delegate a zone from the BIND server for the
Active Directory namespace to a Windows 2000 DNS server.
35. How should you configure replication for Phase 1?

a. Use RPC to configure a site link between JC1 and NU during the hours of 8:00 a.m. to 6:00 p.m. and from 1:00 a.m. to 3:00 a.m.
Use RPC to configure a site link between JC2 and NU during the hours of 8:00 a.m. to 6:00 p.m. and from 1:00 a.m. to 3:00 a.m.
b. Use RPC to configure a site link between JC1 and NU during the hours of 12:00 p.m. to 1:00 p.m., 5:00 p.m. to 6:00 p.m., and
12:00 midnight to 2:00 a.m. Use RPC to configure a site link between JC2 and NU during the hours of 11:00 a.m. to 12:00 p.m.,
4:00 p.m. to 5:00 p.m., and 3:00 a.m. to 5:00 a.m.
c. Use SMTP to configure a site link between JC1 and NU during the hours of 8:00 a.m. to 6:00 p.m. and 1:00 a.m. to 3:00 a.m.
Use RPC to configure a site link between JC2 and NU during the hours of 8:00 a.m. to 6:00 p.m. and from 1:00 a.m. to 3:00 a.m.
d.
Use SMTP to configure a site link between JC1 and NU during the hours of midnight to 2:00 a.m. Use SMTP to configure a site
link between JC2 and NU during the hours of 3:00 a.m. to 5:00 a.m.
36. Match the following business elements to the appropriate Active Directory design elements:
BUSINESS ELEMENTS
-Maintain Macintosh and UNIX systems
-Smart card access to services
-Security of student informatio n
-Separate domain namespace for each college
-Forest design
-Site design
-OU design
-Domain design
37.
a.
b.
c.
d.
By default, how many installations of Microsoft DNS Server will be running at the completion of Phase 1?
2
4
6
8
38.
a.
b.
c.
d.
Which factor most affects the schema modification plan?

number of users
smart card authentication
different regional security policies
migrating from Exchange 5.5 to Exchange 2000
Case Study 3:
BACKGROUND
You are a consultant for Quota, Inc., an international manufact urer of satellite dishes. Their headquarters is in Atlanta, with branches
in Los Angeles, London, Tokyo, Melbourne, and Singapore. They have an e-commerce Web site at quota.com.
GEOGRAPHY
The six offices are divided into two regions. The Western region consists of the Atlanta, Los Angeles and London offices. The
Eastern region consists of the Tokyo, Melbourne, and Singapore offices. The Atlanta and Tokyo offices have 3000 employees each.
All other offices have 1000 employees each. The Los Angeles and Singapore offices are manufacturing facilities and contain only
three departments: the Manufacturing department, the IT department, and the Design department. All other offices contain the
following departments: Design, Research, Marketing, Accounting, Sales, IT, and HR.
NETWORK INFRASTRUCTURE
A T3 line connects Atlanta and Tokyo. Los Angeles and London are connected to Atlanta by T1 lines. Melbourne and Singapore are
connected to Tokyo by T1 lines. The connections between Atlanta and Tokyo and betwe en Atlanta and Los Angeles are heavily
utilized during Atlantas business hours. The average available bandwidth is at 35% for the two connections. The clients at each
location operate on a 100-MB switched Ethernet LAN.
EXISTING IT ENVIRONMENT
Each office in the Eastern region has two Windows NT 3.51 domains: one account domain and one resource domain. Each offices
resource domain trusts its account domain. The Eastern region uses Windows NT 3.51 DNS for name resolution. Each Eastern
location has several Windows NT Server 3.51 computers. All Eastern region clients run either Windows 95 or Windows 98. Each
office in the Western region has two Windows NT 4.0 domains: one account domain and one resource domain. Each offices resource
domain trusts it s account domain. The Western region also has several UNIX servers. The Western region uses UNIX DNS for name
resolution, which does not support dynamic updates. Each Western location has several Windows NT Server 4.0 computers. All
Western region clients run Windows NT Workstation 4.0.
INTERVIEWS
CEO:
I feel that the most important issue that we have is 24-hour collaboration between the design staff in all offices. In addition, we
anticipate several mergers over the next 18 months. We would like to make a seamless transition when these new companies are
purchased so their existing IT structure can be merged into our Active Directory structure. It is important that any restructuring takes
advantage of the new resources but does not interfere with our design and manufacturing process.
IT Department Head:
I feel that the biggest issue that we have is the difficulty of administration. The different client operating systems, server operating
systems, and network infrastructures make centralized administ ration a near impossibility. I would like to maintain a common
operating system throughout the enterprise.
I would also like to ease administration by maintaining a common schema throughout the organization. The schema should only be
available to Enterprise Administrators at our Atlanta and Tokyo offices.
I want all IT duties to be performed by our Atlanta and Tokyo offices, with Atlanta IT staff making final decisions. I do not want any
division of control hindering performance and availability.
Security Officer:
Recently we have noticed a dramatic increase in attempts by hackers to penetrate our network. We want to implement strict security
policies for each region to manage. The Eastern region should have passwords reset every 30 days, with a minimum character length
of 6 characters. The Western region should have passwords reset every 45 days, with a minimum character length of 7 characters.
Account lockout should occur after three unsuccessful logon attempts for the entire enterprise.
Network Administrator:
I do not want the IT staff in Atlanta and Tokyo to be concerned with each locations account, file, and printer management. Each
department should be able to manage resources only within its location.
We plan to migrate from Microsoft Exchange 5.5 to Microsoft Exchange 2000.
Chief Financial Officer:
We will probably sell the e-commerce business along with one location. We want to ensure that this sale will not affect internal
operations. If we sell the e-commerce business, quota.com will be part of the sale.
Chief Manufacturing Officer:
We have users in the manufacturing plants that have minimal computer skills. Many times the users log on to different workstations
throughout the plant. We would like to provide all manufacturing users with a common desktop environment so those users can
always work efficiently.
39.
a.
b.
c.
d.
Which business factor necessitates a multiple domain Active Directory design?

regional control of security
delegation of resource management
delegation of resource management
individual infrastructure management control at Atlanta and Tokyo
40. Quota, Inc. wants to keep the UNIX DNS server in place for the eastern region. The BIND server should be used for external
resources, and a Windows 2000 DNS server should be used for Active Directory. What should you do?
a. Upgrade the UNIX DNS server to BIND 8.2.1.
b. Delegate the Active Directory zones to the UNIX DNS server.
c. Delegate the Active Directory zones to the Windows 2000 DNS server.
d. Delegate the Active Directory zones to the Windows 2000 DNS server.
41. You must have transitive connections between the three locations in each region.
What should you do?
a. Use automatic site link bridging
b. Establish site links for each region.
c. Establish preferred bridgehead servers at all locations.
d. Use Remote Procedure Call (RPC) over IP as the replication protocol.
e. Use Simple Message Transport Protocol (SMTP) as the replication protocol.
42.
a.
b.
c.
d.
e.
Which two factors most influence the Active Directory domain naming strategy? (Choose two.)
OU hierarchy
WAN topology
Possible sale of quota.com
24 hour global collaboration
number of users at each facility
43. You are concerned about updates being made to the DNS table from rogue DNS servers. You decide to use Windows 2000
Secure Dynamic Update exclusively.
What should you do?
a. Upgrade the UNIX DNS servers to BIND 8.2.1.
b. Eliminate the UNIX DNS servers, and use Windows 2000 DNS only.
c. Delegate the Active Directory zones to the UNIX DNS server.
d. Delegate the Active Directory zones to the Windows 2000 DNS server.
44.
a.
b.
c.
d.
When designing the Active Directory naming strategy, which domain or domains should be the root?
quota.com
quotainc.com
east.quota.com and west.quota.com
east.quotainc.com and west.quotainc.com
45. Near the end of the Active Directory implementation, Quota, Inc. sells its e-commerce business, quota.com, and its London
office. How many sites are left?
a. 1
b. 2
c. 3
d. 4
e. 5
f.
6
46. You have created an Active Directory structure, as shown in the exhibit. (Click on the Exhibit button to view.) Departmental
OUs exist in each city's domain. How would you implement a common desktop environment for the manufacturing users?
a. Create a group policy object (GPO) with the proper settings, and apply it to the quotainc.com domain.
b. Create a GPO with the proper settings, and apply it to the east.quotainc.com and west.quotainc.com domains.
c. Create a GPO with the proper settings, and apply it to the sin.east.quotainc.com and la.west.quotainc.com domains.
d. Create a GPO with the proper settings, and apply it to the Manufacturing organizational unit (OU) in the sin.east.quotainc.com
and la.west.quotainc.com domains.
47. The Atlanta site has three domain controllers, named Atl1, Atl2, and Atl3. The Los Angeles site has three domain controllers,
named La1, La2, and La3. Atl3 and La3 are preferred bridgehead servers.
An enterprise administrator at the Atlanta site logs on to domain controller Atl1 and removes a user account from the
la.west.quotainc.com domain. You are concerned with this change being replicated to the La2 domain controller on the
la.west.quotainc.com domain.
Place the following steps in their proper order:
a. La3 initiates pull replication with Atl3.
b. Atl3 initiates pull replication with Atl1.
c. Atl1 notifies its replication partners that there is a change.
d. Atl3 notifies its replication partners that there is a change.
e. The user is deleted at Atl1.
f.
La2 initiates pull replication with La3.
g. La3 notifies its replication partners that there is a change.
48. A folder, named John's Stuff, exists on a domain controller in Melbourne. This folder contains several important confidential
documents. JohnD, the creator and owner of this folder, no longer works for Quota, Inc.
A Melbourne user wants to be able to take ownership of this folder.
What is the minimum group membership required?
a. Power Users
b. Schema Admins
c. Domain Admins
d. Server Operators
e. Enterprise Admins
49. You want users to be able to authenticate locally. What is the minimum number of global catalog servers you need for Quota,
Inc.?
a. 1
b. 2
c. 3
d. 6
e. 9
50. You decide upon the domain structure exhibited below. How many operations master roles should be implemented?
a.
b.
c.
d.
1 schema operations master, 1 domain naming master, 9 primary domain controller (PDC) emulators, 9 relative identifier (RID)
masters, and 9 Infrastructure masters
1 schema operations master, 1 domain naming master, 6 P DC emulators, 6 RID masters, and 6 Infrastructure masters
2 schema operations masters, 2 domain naming masters, 9 PDC emulators, 9 RID masters, and 9 infrastructure masters
2 schema operations masters, 2 domains naming masters, 6 PDC emulators, 6 RID masters, and 6 Infrastructure masters
51. You have decided to implement the password policies for the Eastern and Western region. All user accounts are located in each
city's domain.
Referring to the domain structure referenced above, where should the account policies be implemented?
a. Two policies should be created. Both policies should be implemented at the quotainc.com domain level.
b. Two policies should be created. Each policy should be implemented at its regional domain, one for the east.quotainc.com
domain and one for the west.quotainc.com domain.
c. Two policies should be created. The appropriate policy should be implemented at the lowest domain level:
atl.west.quotainc.com, la.west.quotainc.com, lon.west.quotainc.com, tok.east.quotainc.com, sin.east.quotainc.com, and
mel.east.quotainc.com.
d. Two policies should be created. Both policies should be implemented at the schema operations master.
52. When designing replication between Atlanta and Tokyo (Atl - Tok) and Atlanta and Los Angeles (Atl - La), how should you
establish the site links?
a. Create Simple Message Transport Protocol (SMTP) site links Atl - Tok and Atl - La. Configure replication for both site links to
occur between midnight and 3 a.m. Atlanta time.
b. Create Remote Procedure Calls (RPC) over IP site links Atl - Tok and Atl - La. Configure replication for both site links to occur
between midnight and 3 a.m. Atlanta time.
c. Create SMTP site links Atl - Tok and Atl - La. Configure Atl - Tok replication to occur between midnight and 2 a.m. Atlanta
time. Configure Atl - La replication to occur between 3 a.m. and 5 a.m. Atlanta time.
d. Create RPC over IP site links Atl - Tok and Atl - La. Configure Atl - Tok replication to occur between midnight and 2 a.m.
Atlanta time. Configure Atl - La replication to occur bet ween 3 a.m. and 5 a.m. Atlanta time.
53.
a.
b.
c.
d.
e.
Which type of server is queried by Microsoft Exchange Server 2000 for mailbox names?
domain naming master
global catalog server
infrastructure master
schema operations master
primary domain controller (PDC) emulator
54.
a.
b.
c.
d.
e.
Which business factor most influences the Active Directory replication schedule?
LAN topology
Growth plans
24 hour global collaboration
number of users at each facility
available bandwidth between sites
55. A user in the sin.east.quotainc.com domain needs to access a resource in the la.west.quotainc.com domain.
Order the following to indicate the correct Kerberos authentication path that will be used. Not all paths listed will be used.
a. quotainc.com
b.
c.
d.
e.
f.
g.
west.quotainc.com
sin.east.quotainc.com
atl.west.quotainc.com
tok.east.quotainc.com
la.west.quotainc.com
east.quotainc.com
56. Quota, Inc. has implemented a group policy object (GPO) to install Microsoft Office 2000. All users need access to the
application. You decide to apply the GPO at the site level to prevent the installation from occurring across WAN links.
Which group membership is required to perform this function?
a. Schema Admins
b. Domain Admins
c. Server Operators
d. Enterprise Admins
57.
a.
b.
c.
d.
e.
How many site links should be established during Active Directory implementation?
1
2
4
5
6
58. A proxy server is used at the London office to connect to the Internet. The proxy server forwards all requests received to an
external DNS server. You must prevent the proxy server from forwarding requests for internal client resources to the external
DNS server.
What should you do?
a. Create an exclusion list for the internal clients on the proxy server.
b. Configure all clients to use Dynamic Host Configuration Protocol (DHCP).
c. Create an exclusion list for the internal clients on the external DNS server.
d. Create a HOSTS file with the proper settings, and place it on the proxy server.
e. Create a HOSTS file with the proper settings, and place it on the external DNS server.
59. You are implementing the account lockout policy for the enterprise. All user accounts reside in the local domain.
What should you do?
a. Edit the Active Directory schema.
b. Apply the account lockout policy to the quotainc.com domain.
c. Apply the account lockout policy to all PDC emulators in the enterprise.
d. Apply the account lockout policy to the east.quotainc.com and the west.quotainc.com domains.
e. Apply the account lockout policy to the schema operations master for the quotainc.com domain.
f.
Apply the account lockout policy to the local domains: atl.west.quotainc.com, la.west.quotainc.com, lon.west.quotainc.com,
tok.east.quotainc.com, mel.east.quotainc.com. and sin.east.quotainc.com.
60. The administrator for the Atlanta office's Human Resources department wants to be able to control access to all Active Directory
objects for which he is responsible.
What should you do?
a. Delegate authority for the atl.west.quotainc.com domain to his user account.
b. Delegate authority for the Human Resources organizational unit (OU) in the atl.west.quotainc.com domain to his user account.
c. Create a group policy object (GPO) with the appropriate settings and apply it to the atl.west.quotainc.com domain.
d. Create a GPO with the appropriate settings and apply it to the Human Resources OU in the atl.west.quotainc.com domain.
Case Study 4:
PROJECT
Your consulting company has been hired by Lonepine Mill Industries (LMI) to implement Microsoft Windows 2000. All Windowsbased computers will be upgraded to Windows 2000 Professional or Windows 2000 Server.
BACKGROUND
LMI is a company that mills wood products to produce doors, cabinets, and windows. LMI began as a cabinet shop in Raleigh, and
later purchased additional mills in Memphis, Jacksonville, and Augusta. The Raleigh facility consists of the following departments:
Sales
Production
Accounting
Human Resources
Purchasing
Distribution
Design
IT
The Memphis, Jacksonville, and Augusta offices consist of the following departments:
Production
Human Resources
Design
IT
The Production departments work two 8-hour shifts daily. The remaining departments work one shift daily.
PROBLEM STATEMENT
CEO:
Our IT costs are too high for the benefits that our company receives. However, we are experiencing a high growth rate that requires
improved efficiency in our processes. Our suppliers and customers need access to our inventory, billing, and pricing data. Current
administrative procedures require excessive paperwork. We want to automate these processes to keep the data current.
CIO:
Our Windows NT 4.0 domain structure does not permit centralized administration of client computers. We want account creation to
be handled from the Raleigh facility. Daily basic client configuration and resource administration must take place locally, without
allowing full administrative control. We may implement Active Directory enabled applications in the future. For this reason, we want
to maintain a common schema throughout the enterprise.
The bandwidth saturation has reached 80% between Raleigh and each facility. Routine IT maintenance must occur during off-peak
business hours. All improvement costs made to the IT infrastructure must be justified.
HISTORY
Three years ago, the company upgraded from NetWare and Windows 3.1 to Windows NT 4.0 and Windows 95. The previous
upgrade caused a lot of down time and loss of productivity. Employees were frustrated and morale was low. LMI is sensitive to down
time for any future upgrade.
EXISTING IT ENVIRONMENT General:
There are 4,000 computers and 8,000 employees. The Raleigh facility houses three-fourths of the company's computers, with the
remaining computers located in the other facilities. The Production department computers are UNIX-based. The company uses five
Windows NT 4.0 domains. The accounts domain is located in Raleigh, and each facility has its own resource domain.
The port cities of Memphis and Jacksonville are connected to Raleigh via 128-Kbps leased lines. Augusta is connected to
Jacksonville and Raleigh via 56-Kbps leased lines. While there is concern about the available bandwidth, there is no funding currently
available to finance an upgrade. The company does not have a connection to the Internet. However, LMI has an Internet presence,
lonepine.com, which is hosted by a third-party Web service provider.
The company's Manufacturing Resource Planning (MRP) application is housed on a Windows NT 4.0 server in Raleigh.
Each facility has its own UNIX server running BIND 4.9.7 that is used to serve UNIX workstations and to host the internal DNS zone.
The existing DNS structure must be modified to support t he Windows 2000 DNS structure without affecting the current UNIX
environment.
Clients:
Most employees use Windows 95 on Pentium II computers, each having 32 MB RAM, a 2-GB hard drive, and a 3C905B network
interface card. All computers use Office 97. Each department has its own applications that are installed by local administrators. The
Production department uses a UNIX terminal emulation program.
The Design department uses UNIX workstations for the design process. Windows -based computers are used for email and word
processing.
Each Production department computer is used by more than one employee. Department supervisors have requested that employee
profiles and documents be stored on a local server.
ENVISIONED IT STRUCTURE
In order to reduce the number of administrators and simplify administration, LMI wants a centralized IT model with decentralized
resource management.
DOMAIN STRUCTURE
Security:
In LMI's current domain structure, users from the master account domain are grouped into global groups. IT administrators in Raleigh
are responsible for management of these groups. Local IT administrators create local groups to control access to local resources.
Administrators grant users privileges to local resources by adding global groups to local groups. The local administrators do not have
the ability to administer accounts in the master account domain.
LMI wants to reduce the number of rights currently assigned to each administrator and implement IPSec for added network security.
Group Policy:
Group policy objects (GPOs) will be managed from Raleigh for both company-wide and departmental policies. GPOs will be
designed to accomplish the following:
Deploy department specific applications to the desktop.
Define the desktop settings for client computers.
Define customized department and user logon scripts.
Implement password, account lockout, and Kerberos security policies.
Minimize the time required to log on.
Desktop policies will not apply to the technical support staff.
Security filtering will not be employed.
61. Which statement most closely defines LMI's stated company priorities supporting the migration to Windows 2000?
a. Produce a decentralized IT model utilizing departmental separation. Reduce current administrator rights. Allow group policy
objects (GPOs) to be locally managed.
b. Produce a centralized IT model supporting distributed administration. Reduce current administrator rights. Allow GPOs to be
centrally managed.
c. Produce a centralized IT model supporting distributed administration. Maintain current rights assigned to administrators. Allow
GPOs to be centrally managed.
d. Produce a centralized IT model supporting distributed administration. Reduce current administrator rights and increase network
security. Increase network security utilizing security filtering.
62. You want to upgrade all of LMI's client computers to Windows 2000 Professional using Remote Installation Services (RIS).
Which upgrade to the client computers should be recommended?
a. Upgrade to 64 MB RAM
b. Upgrade to a 4 GB hard drive
c. Upgrade to a network card that supports a RIS boot disk
d. Upgrade to a Pre-boot eXecution Environment (PXE) remote boot ROM.
63. What would be the most efficient way to ensure that Production department employee profiles and documents are stored on a
local server?
a. Create a local group policy object (GPO) and apply it to the desired computer objects.
b. Create a domain level GPO and block inheritance by all but the Production department.
c. Create an organizational unit (OU) level GPO and apply it to the Production department OU.
d. Convert the existing Windows NT 4.0 system policies to Windows 2000 GPOs by moving them from SYSVOL to the
%systemroot%\system32\grouppolicy directory.
64. You are deploying group policy objects (GPOs) to deploy department specific applications to the desktop. You do not want the
users to be able to remove the software using Add/Remove Programs in the Control Panel.
What should you do?
a. Assign the software deployment to the users.
b. Publish the software deployment to the users.
c. Assign the software deployment to the computers.
d. Publish the software deployment to the computers.
65. The administrator for the Accounting department in Raleigh wants to be able to control access to his department's resources.
What should you do?
a. Add his user account to t he Domain Admins group.
b. Add his user account to the Enterprise Admins group.
c. Give his user account administrative control of the Accounting OU.
d. Give his user account administrative control of the Raleigh OU.
66.
a.
b.
c.
d.
What will the LMI Windows 2000 administration model allow?

DNS administration by the ISP
one or more DNS administrators to manage each DNS subzone
only members of the Enterprise Admins group to manage DNS
one DNS administrator to manage the entire DNS environment from the lonepine.com root domain
67. Match the Active Directory Design Element to the appropriate Business Requirement:
ACTIVE DIRECTORY DESIGN ELEMENT
OU design
Site design
Domain design
Forest design
BUSINESS REQUIREMENT
Centralized IT administration
Maintain current WAN links
Implementation of security policies
Department specific administration
Maintain a common schema
68. Which upgrade path should you implement?
a. Separately upgrade the five Windows NT 4.0 domains to Windows 2000. Upgrade them in place. Use the existing trust
relationship structure.
b. Create a new root domain. Upgrade the four resource Windows NT 4.0 domains to Windows 2000. Upgrade the Windows NT
4.0 account domain to Windows 2000. Consolidate the accounts into the root domain.
c. Upgrade the five Windows NT 4.0 domains. Upgrade them in place. Re-establish the previous two -way explicit trust
relationships.
d. Upgrade the Raleigh account domain. Make the forest root domain. Separately upgrade the four Windows NT 4.0 resource
domains to Windows 2000. Consolidate the resources into the root domain.
69. The site structure of LMI is shown below.
You want to configure site link costs. You want replication to use the faster links first and to use the Augusta-Raleigh link before the
Augusta-Jacksonville link.
How should you configure the site link costs?
a.
Memphis-Raleigh
Cost=500
Jacksonville-Raleigh
Cost=500
Augusta-Raleigh
Cost=1000
Augusta-Jacksonville
Cost=2000
b.
Memphis-Raleigh
Augusta-Raleigh
Cost=2000
Cost=2000
Cost=1000
Cost=500
c.
Memphis-Raleigh
Augusta-Raleigh
Cost=500
Cost=500
Memphis-Raleigh
Augusta-Raleigh
Cost=2000
Cost=2000
Cost=2000
Cost=500
d.
Cost=500
Cost=2000
70. You want to implement Windows 2000 to minimize the impact of replication on WAN traffic. What should you do?
a. Configure a preferred bridgehead server at each site.
b. Use IP site links for replication. Optimize the replication schedule.
c.
d.
Use SMTP site links for replication. Optimize the replication schedule.
Create manual one-way trusts between the parent domain and all child domains.
71. Where should you locate the server services for Windows 2000?
a. In Raleigh, locate one each of schema operations master, domain naming master, infrastructure operations master, relative
identifier (RID) master, primary domain controller (PDC) emulator, and global catalog server. In Memphis, Jacksonville, and
Augusta, locate one global catalog server at each location.
b. In Raleigh, locate one each of schema operations master, domain naming master, infrastructure operations master, RID master,
PDC emulator, and global catalog server. In Memphis, Jacksonville, and Augusta, locate one each of infrastructure operations
master and global catalog server in each location.
c. In Raleigh, locate one each of schema operations master, infrastructure operations master, RID master, PDC emulator, and
global catalog server. In Memphis, Jacksonville, and Augusta, locate one each of RID master, infrastructure operations master,
PDC emulator, and global catalog server at each location.
d. In Raleigh, locate one each of schema operations master, domain naming master, infrastructure operations master, RID master,
PDC emulator, and global cat alog server. In Memphis, Jacksonville, and Augusta, locate one each of RID master, domain
naming master, PDC emulator, and global catalog server at each location.
72.
a.
b.
c.
d.
What will the Windows 2000 domain structure consist of upon project completion?
one domain at each location
one domain for the enterprise
five domains, same as the existing Windows NT 4.0 domains
one domain for Memphis, Jacksonville, and Augusta; one domain for Raleigh
73. During the migration to Windows 2000, LMI purchases another mill in Birmingh am. How should this mill be added to the
Active Directory structure?
a. Add Birmingham as its own forest.
b. Add Birmingham as its own child domain.
c. Add Birmingham as its own parent domain.
d. Add Birmingham as its own organizational unit (OU).
74. The enterprise adm inistrator attempts an upgrade of the Manufacturing Resource Planning (MRP) application that will integrate
with Active Directory and add new classes. The install fails. What is the most likely cause of the failure?
a. The service account for the applicatio n is not in the Enterprise Admins group.
b. The administrator that is trying to install the application is not in the Domain Admins group.
c. The administrator that is trying to install the application is not in the Schema Admins group.
d. The administrator that is trying to install the application is not in the Enterprise Admins group.
e. The administrator that is trying to install the application does not have permissions to create group policy objects (GPOs).
75. Consider LMI's history of growth and expansion. How will future acquisitions be integrated into your proposed Active
Directory domain structure?
a. Create a new domain for the acquired mill. Place all site resources into the domain, and move the user accounts into the master
domain. Create a two -way transitive trust between the resource domain and the master domain.
b. Create an organizational unit (OU) for the new mill. Place all site resources into the OU, and move all user accounts into the
master domain. No trusts are required.
c. Create an organizational unit (OU) for the new mill. Place all site resources and user accounts into the new OU. The OU will
automatically be a part of the domain in which it is created.
d. Create a separate Active Directory site for the new mill. Place all local resources and user accounts into the new site. Connect
the site to the parent domain utilizing a site link bridge.
76. The site structure of LMI is shown in the exhibit. (Click on the Exhibit button to view.) LMI's network administrator does not
want to use the transitive site link feature for the IP transport protocol. You want to model the actual routing behavior of the
network.
What should you do?
a. Assign costs to each communication link.
b. Use Simple Message Transport Protocol (SMTP) for replication.
c. Create site link bridges for Memphis-Raleigh-Augusta and Memphis-Raleigh-Jacksonville.
d. Create site links for Memphis-Raleigh, Jacksonville-Raleigh, Augusta-Raleigh, and Augusta-Jacksonville.
77.
a.
b.
c.
d.
e.
How should you plan the DNS structure?

Use the existing Windows NT 4.0 DNS name servers.
Replace the BIND server with a Windows 2000 server.
Upgrade the BIND version to a Windows 2000 compatible version.
Delegate the zone for lonepine.com from the BIND server to the Windows 2000 DNS servers.
Delegate a.lonepine.com and b.lonepine.com from the Windows 2000 name server in lonepine.com to the name servers in the a
and b domains.
78. You need to design a group structure that will allow you to grant permissions to resources on two servers in Memphis. Users
throughout the entire company will need permissions to these resources during the project, while the domain is still in mixed
mode. You want to accomplish this with the least amount of administrative effort. What should you do?
a.
b.
c.
d.
Create domain local groups on both resource servers in Memphis. Grant each domain local group access to the resources on its
respective server. Create one global group for the domain. Add users who need access to the resources to the global group.
Add the global group to the domain local groups.
Create local groups on both resource servers in Memphis. Grant each local group access to the resources on its respective server.
Create one global group for the domain. Add users who need access to the resources to the global group. Create a universal
group. Add the global group to the universal group. Add the universal group to the local groups.
Create one global group for the domain. Add users who need access to the resources to the global group. Add the global group
to the local groups.
Create one universal group for the domain. Add users who need access to the resources to the universal group. Add the
universal group to the local groups.
79. How should you design the site and site links?
a. Create one site link that contains all four locations.
b. Create one site each for Raleigh, Memphis, Jacksonville, and Augusta. Create IP site links. Configure all site links to replicate
between midnight and 2 a.m. Raleigh time.
c. Create one site each for Raleigh, Memphis, Jacksonville, and Augusta. Create SMTP site links. Configure all site links to
replicate between midnight and 2 a.m. Raleigh time.
d. Create one site each for Raleigh, Memphis, Jacksonville, and Augusta. Create IP site links. Configure the Raleigh - Memphis
site link to replicate between midnight and 2 a.m. Raleigh time. Configure the Raleigh - Jacksonville site link to replicate
between 2 a.m. and 4 a.m. Raleigh time. Configure the Raleigh - Augusta site link to replicate between 4 a.m. and 6 a.m.
Raleigh time.
e. Create one site each for Raleigh, Memphis, Jacksonville, and Augusta. Create SMTP site links. Configure the Raleigh Memphis site link to replicate between midnight and 2 a.m. Raleigh time. Configure the Raleigh - Jacksonville site link to
replicate between 2 a.m. and 4 a.m. Raleigh time. Configure the Raleigh - Augusta site link to replicate between 4 a.m. and 6
a.m. Raleigh time.
80. You want to upgrade all of LMI's client computers to Windows 2000 Professional. You would like to use Remote Installation
Services (RIS) to prevent administrators from havin g to physically install the operating system at each computer.
What should you do?
a. Create a RIS boot disk. Use the RIS boot disk to boot each client computer. The RIS server will automatically install the
operating system.
b. Create a group policy object (GPO) that will upgrade each client computer. Apply the GPO to the Computers container in
Active Directory Users and Computers.
c. Installation using RIS is not possible with the current client configuration. Windows 2000 Professional will have to be
physically installed on each client computer.
d. Allow the Pre-Boot eXecution Environment (PXE) DHCP -based remote boot ROMS to boot the client computers. The RIS
server will automatically install the operating system.
81. How should the Windows 2000 and the UNIX DNS name servers be configured to implement the DNS infrastructure as
envisioned by LMI? (Choose two.)
a. Upgrade to BIND 8.2.1 in order to enable dynamic updates.
b. Upgrade to BIND 8.2.1 in order to enable secure dynamic updates.
c. Delegate subzones to the Windows 2000 and UNIX name servers.
d. Customize the root hints list on all Windows 2000 name servers.
82.
a.
b.
c.
d.
e.
Which goal is accomplished as a direct result of the upgrade to Windows 2000 Active Directory?
automation of paper-based business processes
increased security for existing client computers
online availability of data for vendors and customers
reduced number of rights assigned to each administrator
increased control and increased capability to standardize application and computer configuration throughout the company
83.
a.
b.
c.
d.
e.
Which design decision is most critical to resolve first?

number of sites
locations of operations masters
number of domains to install first
name of first domain to be installed
whether to use existing DNS or upgrade to Microsoft DNS
84. Which two of the follo wing are reasons a company should register its Active Directory root domain name with Internet
Corporation for Assigned Names and Numbers (ICANN)? (Choose two.)
a. Each DNS domain requires an Active Directory domain.
b. Internet Corporation for Assigned Names and Numbers (ICANN) maintains control of domain names only at the corporate level.
c. The Active Directory root domain name identifies internal corporate resources
d. To register the name in case it needs to be exposed to the Internet in the future.
e. Internal DNS servers require a registered DNS domain name.
85. Your organization currently has four DNS domains. What is the minimum number of Active Directory domains you must have
in order to implement Active Directory?
a. 1
b. 3
c. 4
d. 5
86. You are designing an Active Directory st ructure for your organization. The company has no plans for an Internet presence. You
want to convince them to register their name anyway. Which two reasons are justifications for registering a DNS domain name
to be used as the Active Directory root domain name? (Choose two.)
a. Another company might register this corporation's DNS domain name.
b. The organization plans to add additional trees to their Active Directory forest.
c. The Active Directory root domain name must be registered with Internet Corporation for Assigned Names and Numbers
(ICANN).
d. The Active Directory forest will have to be reinstalled if the Active Directory domain name cannot be registered at a later date.
e. The organization plans to acquire other subsidiaries in the future.
87. A large manufacturing company is evaluating an Active Directory administrative design for their separately managed businesses.
The company's headquarters are located in the Midwest in a single location with a well structured and staffed IT (information
technology) department. The company also has five small subsidiaries scattered throughout the country. Each subsidiary has its
own administrative staff for managing its own IT functions.
Which Active Directory administrative design strategy would you recommend?
a. Design the hierarchy by organization and location.
b. Design the hierarchy by location and organization
c. Design the hierarchy by location and function
d. Design the hierarchy by organization
88. You are designing an Active Directory organizational unit hierarchy structure based on organization. What is the most important
factor to keep in mind while you are developing your strategy?
a. Users specific permissions
b. Flexibility of the business model
c. Improved user logon times
d. Accurate delegation of authority
89. Your geographically distributed organization is growing rapidly and has undergone several reorganizations in the past year.
Which organizational unit hierarchy model should you choose to protect the administrative design?
a. Hybrid by organization then location
b. Location-based
c. Hybrid by location then organization
d. Organizational-based
e. Function-based
90. You are the administrator for a large organization with locations around the world. You want to control all modifications made
to the Active Directory schema. You are testing a new directory-enabled application that was developed for internal use. Before
the application can run, you must manually add 10 new classes and 100 new attributes to the Active Directory schema.
What should you do to modify the schema?
a. Restart the domain controller in safe mode and run ntdsutil.
b. Remove the schema master from the network, restart the domain controller in safe mode and then run ADSIEdit.
c. Use the Active Directory Schema Manager.
d. Remove the schema master from the network and write a script that uses the Active Directory Services Interface (ADSI).
91. SportsEngratis provides services for sponsors of the Olympics. One of the major services of SportsEngratis is trips to the
Olympics for the very good customers of the Olympics sponsors. A cross-functional process of this corporation is the travel
provided to the sponsored athletes and their families. The business cycle for SportsEngratis is four years. Locations of the
services provided includes every country participating in the Olympics.
SportsEngratis' headquarters is New York, but the site of the Olympics changes every four years. The IT (information technology)
support required in each participating country is fairly predictable; the location of each Olympics sponsor is unpredictable.
Which analysis for business requirements does this scenario provide?
a. Company model
b. Company processes
c. Companys total cost of operations
d. Companys tolerance for risk
92. SportsEngratis provides services for sponsors of the Olympics. One of the major services of SportsEngratis is trips to the
Olympics for the very good customers of the Olympics sponsors. A cross-functional process of this corporation is the travel
provided to the sponsored athletes and their families. The business cycle for SportsEngratis is four years. Locations of the
services provided includes every country participating in the Olympics.
SportsEngratis' headquarters is New York, but the site of the Olympics changes every four years. The IT (information technology)
support required in each participating country is fairly predictable; the location of each Olympics sponsor is unpredictable.
Based on the information provided, which priority best describes this company's expectations for the Active Directory they are
designing?
a. The company's technical risk inherent in the wide -spread services provided
b. The company's projected growth and growth strategy
c. The company's total cost of operations for IT infrastructure
d. The flexibility and reliability of communications and information flow
93. The users' work requirements for a national consulting company change dynamically depending on the project to which they are
currently assigned. You have been asked to create an Active Directory plan that will reduce the support costs of responding to
the distributed computing environment.
As a designer, how should you fulfill the business need to reduce support costs of the distributed computing environment?
a. with Group Policy
b. with Software Installation and Maintenance
c. with Site topology
d. with hierarchical domains
94.
a.
b.
c.
d.
e.
f.
g.
Which three of the following will impact the design of your Active Directory hierarchy? (Choose three.)
The majority of the printers are local printers. Network printers are in headquarters.
The accounting department has its own information technology (IT) staff.
The users in the research department have unique user account restrictions.
The organization maintains an intranet to distribute information among employees.
Outlying locations are wired with category 3 cabling. Headquarters, in two buildings, uses category 5 cabling.
All business orders are processed with preprinted multi-part forms.
Corporate executives request central management of systems.
95.
a.
b.
c.
d.
Which of the following tasks describes a role that is typically performed by the central planning team?
Deploying the first Active Directory server
Defining business goals
Documenting the physical network structure
Securing financing for the project
96. You are analyzing the company's systems and applications in preparation for Active Directory deployment. Which of the
following situations may require a schema modification?
a. Installing a new Active Directory-integrated application on a server.
b. Adding a new domain to the forest.
c. Creating an external trust in to a Kerberos V5 protocol realm.
d. Configuring a domain controller as a Windows 2000 Domain Name System (DNS) server using Active Directory-integrated
zones.
97. You created an OU for the engineering department. You have granted administrative control of the OU to the administrator of
the engineering department. You want to use Group Policy to specify a registry setting for all of the user accounts in the
Engineering OU. You also want to use Group Policy to specify separate settings for three different teams of engineers.
What can you do to support both the administrative and policy needs of the engineering department?
a. Create a GPO for the Engineering OU.
Create three OUs as children of the Engineering OU.
Create GPOs for the engineering OU, and GPOs for each of the three child OUs.
b. Create a GPO for the Engineering OU.
Create three OUs as children of the Engineering OU.
Create GPOs for each of the three child OUs.
Block Group Policy object inheritance from the Engineering organizational unit.
c. Create a new domain for the engineering users.
Create three OUs in the new domain and specify separate GPOs for each OU.
d. Create three Ous as children of the Engineering OU.
Create a single GPO for the Engineering OU.
Link the Group policy object to each organizational unit, specifying separate permissions for each OU.
98. An administrator wa nts to grant the help desk staff the ability to modify the Group Policy settings that affect software that has
been installed on computers in the Sales department. The help desk staff should not be able to change permissions on the GPO.
The computer accoun ts for the sales department are located in the Sales organizational unit (OU).
How should you provide the help desk staff the right to modify the GPO?
a. Create a GPO for Sales and grant the help desk administrators Full Control access to the Sales OU.
b.
c.
d.
Create a GPO for Sales and grant the help desk administrators Write access to all objects in the domain.
Add the help desk administrators to the Account Operators security group.
Create a GPO for Sales and grant the help desk administrators Write access to the GPO.
99. Administrators from headquarters need to access My Documents when logging in from a branch office over a 128K wide area
network (WAN) link. They require that certain network drives be mapped regardless of where they log in.
Which two Group Policy settings must you enable over the WAN link? (Choose two.)
a. Security Settings
b. Administrative templates
c. Logon/Logoff and Startup/Shutdown Scripts
d. Folder redirection
100.
a.
b.
c.
d.
e.
Which two designs will accommodate unique password requirements? (Choose two.)
A forest with a single domain with OUs that separate policy
A forest with multiple domains in a single tree
A forest with multiple domains in multiple trees
A forest with a single domain and three sites
A forest with a single domain and two sites
101. You are the security officer of your corporation. You've been asked to meet with the Central Planning team throughout the
design of the Active Directory structure. It is your job to specify the security settings of each Group Policy object.
Administration in this Active Directory design is going to be central rather than distributed.
Which two containers should you use or create when applying the server Group Policy? (Choose two.)
a. Domain Controllers organizational unit
b. Division OU
c. Servers organizational unit
d. Users organizational unit
e. The Domain level
102. You have four NT 4.0 resource domains. You plan to eliminate the resource domains now that you will have a single Windows
2000 domain. What preparation should you do in the resource domains before the upgrade takes place?
a. Migrate computer accounts from the resource domains to the NT 4.0 account domain.
b. Move applications and services from the domain controllers in the resource domains to member servers.
c. Combine the resource domains while they are still NT 4.0.
d. Run showaccs.exe to create a comma-delimited file of the existing access control lists for the resource domains.
103. Sales managers use the company intranet to obtain their daily sales totals by accessing contoso.com. Customers download
drivers over the Internet by accessing public resources at contoso.com.
How are the employees and the customers both able to access resources using the same domain name?
a. Contoso.com has two separately managed DNS zones.
b. The public DNS server is configured to forward all requests to an internal DNS server.
c. The internal name structure has an alias.
d. A separate internal DNS name is used to represent the Active Directory root domain.
104. Your organization has three divisions. The organization's Active Directory structure is comprised of a domain for each division
and organizational units (OUs) by location.
What are two results of using this Active Directory hierarchy? (Choose two.)
a. The Active Directory hierarchy is functionally restrictive.
b. Administrators from all divisions can take ownership of any object in any division.
c. Different security policies are allowed in each division.
d. The Active Directory hierarchy will easily accommodate a restructure of the organization.
e. The hierarchy may not take advantage of the physical network.
105. You want to verify t he schema changes made by the new directory-enabled application you just installed. Which two
components will you examine? (Choose two.)
a. Class
b. Object
c. Attribute
d. Container
e. Security principal
106. You want to ensure that the Active Directory schema is protected from unauthorized changes. You want to make the schema as
secure as possible without removing servers from the network.
Which three actions should you take? (Choose three.)
a. Limit membership in the Enterprise Admins and the root domain's Domain Admins gr oups.
b.
c.
d.
e.
Create a Group Policy Object (GPO) for the Schema Admins.

Verify that schema modifications on the schema operations master have been disabled.
Limit membership in the Schema Admins group.
Use the Active Directory schema snap-in for all schema modifications.
107. You are developing the business policy for the schema operations master. Which two criteria do you need to include? (Choose
two.)
a. Isolate the schema operations manager from domain controllers with heavy processing tasks.
b. Locate the schema operations manager in a site for efficient replication.
c. Closely guard membership of the Schema Admins group.
d. Disable modification during normal operations.
e. Avoid installing schema operations manager on a global catalog server.
108. Your business policy requires that all Active Directory objects be removed after deactivating a class or class attribute.
What is your strategy for accomplishing this?
a. Active Directory stops all replication automatically.
b. The ADSIEdit tool allows administrators to remove the objects.
c. Searches will find objects of the deactivated class.
d. Objects with deactivated classes and attributes are removed at replication.
109. Your organization is highly managed and requires extensive use of group policy for settings of computer accounts and user
accounts based on departmental needs. Your design goal is to minimize the need to set filtering on Group Policy Objects (GPO).
How should you accomplish highly managed user environments without filtering GPOs?
a. Create a separate organizational unit (OU) for every required GPO specification and apply the GPO to each OU.
b. Create one GPO for the domain and allow Group Policy to flow down by inheritance.
c. Create a GPO at the highest OU level and let inheritance flow down. Use security groups to further define settings.
d. Create a GPO containing common settings for the domain. Create GPOs for nested OUs for departmental settings.
110. Your single-domain organization currently has two organizational units (OUs) for the Research and Business divisions for
delegation of administ ration. Each division has multiple departments. You have developed a Group Policy for every job category
within the organization.
How can you structure your OU hierarchy for Active Directory to support delegation and group policy needs?
a. Within each division, create an OU for each job category. On the divisional OU, create a GPO for each job category.
b. Within each division, create an OU for each job category. Create a GPO for each job category-based OU.
c. At the domain level, create an OU for each department. Within each department, create an OU for each job category. Create a
GPO for each category-based OU.
d. At the domain level, create an OU for each job category. Create a GPO for each category-based OU.
111.
a.
b.
c.
d.
Which strategy for delegating administration and assignment of Group Policies should you use?
Specify permissions at the OU level and specify Group Policy at the domain level.
Specify permissions and Group Policy at the OU level and block inheritance.
Specify permissions and Group Policy at the domain level and allow them to flow down the hierarchy by inheritance.
Specify permissions and Group Policy at the highest OU possible and allow them to flow down the hierarchy by inheritance.
112.
a.
b.
c.
d.
Which one of the following factors would require you to create an additional domain?
The number of physical locations and the need to replicate across wide area network (WAN) links.
The need to have a distinct security boundary between different information technology (IT) groups.
The size of the Active Directory database.
The need to have departmental resources managed by departmental employees.
113. Your Active Directory forest consists of three domains in native mode. There are user accounts for executives and managers in
each domain. You anticipate a need for thirty shares throughout the domain where both executives and managers must have
similar access. There are also shares in the forest where only executives or only managers will need access.
Which strategy should you use to group the executives and managers?
a. Create a global group called management in each domain, and make all executives and managers members.
Create a global group in each domain called executives, and make all executives members.
Create a global group in each domain called managers, and make all managers members.
Create a universal group called enterprise management, with the management domain global group from each domain as
members.
Create universal groups called enterprise managers and enterprise executives, and make the appropriate domain global group
members.
b. Create a global group called management in each domain with all executives and managers as members.
Create a universal group called enterprise management with the management global group from each domain as members.
c. Create a global group in each domain called managers with all managers as members.
Create a global group in each domain called executives with all executives as members.
Create a universal group called enterprise management with the managers and executives global groups as members.
d.
Create a global group in each domain called managers with all managers as members.
Create a global group in each domain called executives with all executives as members.
Create universal groups called enterprise managers and enterprise executives and make the appropriate global groups members.
Create a universal group called enterprise management with the enterprise managers and enterprise executives as members.
114. Contoso Ltd. has a single-domain Active Directory structure. Each branch office has its own group of administrators. Users in
each branch office require different software applications.
Software needs are based on job roles. Additionally, all users who travel with laptops require a public key policy.
How can you structure the organizational un its (OUs) to support these administrative and Group Policy needs? (Choose two.)
a. For each branch office create an OU. Apply a GPO for public key policy settings to each branch office OU.
b. Create an OU for each job role, and apply a GPO for software deployment to the job role OUs. Apply another GPO for public
key policy settings to the job role OU.
c. Create an OU for each job role. Within the job role OU, create an OU for each branch office. Apply a Group Policy Object (GPO)
for software deployment to the branch office OU.
d. Create an OU for each branch office. Create an OU for each job role within each branch office OU. Apply a GPO for software
deployment to each job role OU.
e. Create an OU for laptops and create a GPO for public key policy settings.
115. You are designing the organizational unit (OU) structure for your single domain organization. You determine that the
administrative model for the organization will be a central IT group for infrastructure, domain policies and global groups, server
maintenance, and troubleshooting. Local administrators at each branch will handle all other administrative functions under the
direction of the central IT group. Within each branch, security and software policies will be determined based on each user's
department.
How should you structure the OU design?
a. Create an OU for each branch office.
b. Create an OU for each department. Within each department, create an OU for each branch office.
c. Create an OU for each department.
d. Create an OU for each branch office. Within each branch office, create an OU for each department.
116. You are designing the Active Directory structure for a publishing corporation that has three subsidiary magazines. Each
subsidiary has its own information technology (IT) group and proprietary information that must be kept secure from the other
subsidiaries. Administrators from corporate should not be able to administer subsidiaries. Administrators from the subsidiaries
should not be able to administer corporate or other subsidiaries. The corporate office administers an Active Directory-aware
payroll application for all three subsidiaries.
How should you design your domain structure?
a. Create a separate forest for corporate and each subsidiary.
b. Create an empty root domain with child domains for corporate and each subsidiary.
c. Create corporate as the root domain and create child domains for each subsidiary.
d. Create a single domain and create OUs for corporate and each subsidiary.
117. Your Active Directory contains two trees. A group of users in a child domain in one tree requires frequent lookups in a database
in a child domain in the other tree. The users report that the network is slow when accessing this database.
What can you do to optimize the user's initial access to the database?
a. Create a shortcut trust between the two domains.
b. Issue session tickets from the Key Distribution Center (KDC) for this user.
c. Add an additional domain controller to the domain where the database is located.
d. Create a one-way external trust between the two domains.
118. You plan to create two trees in an Active Directory forest. You want to create a transitive trust relationship between the two trees.
What should you do?
a. Create two one-way explicit trusts between the trees.
b. When creating the second tree, indicate that it will be a new domain tree in an existing forest.
c. Configure the Key Distribution Center (KDC) in each root domain to trust a foreign Kerberos V5 realm.
d. Create a Kerberos V5 trust relationship between the two trees.
119. Your centrally administered organization requires that user accounts in the Research division have passwords that are longer and
expire more frequently than user accounts in all other divisions.
How should you plan the Active Directory forest structure?
a. Create two forests, one for the Research division and one for the rest of the organization.
b. Create one domain with two organizational units (OUs), one for the Research division and one for the rest of the organization.
c. Create an empty root domain with a single child domain and two OUs, one for the Research division and one for the rest of the
organization.
d. Create two domains, one for the Research division and one for the rest of the organization.
120. Your Active Directory consists of two domains named contoso.com and usa.contoso.com. You add a new domain tree to your
forest named fabrikam.com and create a shortcut trust between usa.contoso.com and fabrikam.com. A user at a Windows 2000
Professional computer in the usa.contoso.com domain needs to log on by using an account from the fabrikam.com domain.
Which Active Directory servers should you make available so the user can log on successfully without using cached credentials?
(Choose all that apply.)
a. Domain controller from fabrikam.com
b. Domain controller from usa.contoso.com
c. Domain controller from contoso.com
d. Primary domain controller (PDC) emulator
e. Global Catalog server
121. Contoso Ltd. has formed a partnership with Northwind Traders. Each organization maintains a separate Active Directory forest.
Users in the west.contoso.com domain require access to sales data located in the east.nwtraders.msft domain.
As the administrator for Contoso Ltd. how can you allow your users access to the sales data?
a. Coordinate with the administrator at Northwind Traders to establish a one-way explicit trust where east.nwtraders.com trusts
west.contoso.com.
b. Coordinate with the administrator at Northwind Traders to create an external trust between nwtraders.com and contoso.com.
c. Coordinate with the administrator at Northwind Traders to create a shortcut trust between east.nwtraders.com and
west.contoso.com.
d. Coordinate with the administrator at Northwind Traders to create a transitive trust relationship between west.contoso.com and
east.nwtraders.com.
122. Your company has a corporate office and two branch offices. The Active Directory structure in the organization consists of a
single domain. The three offices are connected by a WAN link through the main office. You create three sites named Corp,
Branch1, and Branch2 and then place a domain controller in each office. You want to ensure that all three domain controllers
will participate in Active Directory replication.
What should you do?
a. Create a site link between Corp and Branch1.
b. Create a site topology between Corp and Branch2 at a cost=50.
c. Verify that Ignore schedules is enabled.
d. Create a site link between Corp and Branch2.
e. Verify that the default setting Bridge all site links is enabled.
123. You are on the Active Directory design team at your organization's headquarters in Stockholm. You have been assigned to
connect the branch office in Johannesburg to the Active Directory domain in Stockholm. You plan to create a site for
Johannesburg. Because the network connection is unreliable, you have chosen to use asynchronous replication technology.
What must you do to ensure replication between Johannesburg and Stockholm?
a. Configure multiple preferred bridgehead servers in Johannesburg.
b. Designate a domain controller in Johannesburg to be the inter-site topology generator (ISTG).
c. Create a domain for Johannesburg.
d. Manually configure a bridgehead server for Johannesburg.
124. You plan to migrate your Windows NT 4.0 domain to Active Directory. You want to use mailbox attributes defined in Microsoft
Exchange 5.5 to populate attributes for Active Directory user accounts.
What three tasks must you perform? (Choose three.)
a. Install the Active Directory Connector (ADC) on the Exchange 5.5 server.
b. Install the Active Directory Connector (ADC) on a Windows 2000 server.
c. Configure a connection agreement between an Active Directory organizational unit (OU) and a recipients container in Exchange
to share directory information.
d. Configure the Active Directory Migration Tool to populate the security identifier (SID) history of the cloned user accounts.
e. Map the Exchange mailbox attributes to Active Directory attributes.
f.
Upgrade the Exchange 5.5 server to Windows 2000.
125. An organization has an Active Directory root domain name of publications.com. It is a well-known Internet name. The child
domains in the domain tree are books.publications.com. and magazines.publications.com. The organizat ion acquires a radio
news company whose Internet presence name is firstnews.com. They are still running NT 4.0 on all their servers. The
organization wants to keep both DNS domain names and upgrade the new radio news company to Active Directory without a
restructure.
Which forest design should you use to accommodate their DNS strategy?
a. A second forest for the news radio company
b. An empty root above publications.com and firstnews.com
c. A child domain of publications.com for the news radio company
d. A second domain tree for the news radio company
126. The company has one branch office using dial-on-demand to connect their RRAS server to the company's RRAS server. What
replication strategy should you use for this branch office in your Active Directory design?
a. Make t he office a site and use SMTP as the transport method
b. Remove the dial-on-demand RRAS server from the office
c. Place a global catalog server in the office and remove the dial-on-demand RRAS server
d. Make the office a site along with the nearest LAN location
127. SportsEngratis uses resources all over the world during the Olympics to communicate their travel services details. Their one
Active Directory domain will be in use the first time for this Olympics event. You know it is going to cause delayed query
responses that are placed worldwide. How should you resolve this problem in your design?
a. Create domains in each country so that query and logon services will be confined to the area.
b. Create sites and place a global catalog server in each site.
c. Create organizational units (OUs) for each type of work group and place the resources each group needs in their OUs.
d. Create sites and fault-tolerant site links.
128. You are preparing an Active Directory deployment plan as you move through all the phases of the Active Directory design plan.
Which technique of the deployment plan best helps to prevent loss due to risks that materialize?
a. Create a deployment backup plan
b. Keep end-users informed
c. Schedule deployment activities for non-business hours
d. Phase the deployment efforts
129. You are designing the upgrade to Windows 2000 for Contoso Ltd. You decide to keep the existing BIND DNS servers which are
currently using version 4.9.7 on UNIX computers. The Active Directory root domain is called ad.contoso.com. The BIND DNS
domain is contoso.com. All Active Directory hosts and clients will use the Active Directory-integrated DNS servers.
How should you configure the BIND servers in order to ensure the BIND DNS clients can resolve the Active Directory host names?
a. Delegate the Active Directory subdomain to the Active Directory integrated DNS server.
b. Delegate the following subdomains to the Active Directory integrated DNS servers: _msdcs.contoso.com, _sites.contoso.com,
_tcp.contoso.com, _udp.contoso.com.
c. Upgrade BIND to 8.2.1.
d. Add the subdomain to the BIND DNS servers. Create a secondary zone on the Active Directory integrated DNS servers.
130. Your Active Directory structure consists of five domains running in native mode in a single forest with 40,000 users. One of the
five domains is the Sales domain. Your organization has opened a branch office with 100 employees who are members of the
Sales domain. The branch office is connected to the corporate office by a high -speed wide area network (WAN) link. The link is
reliable and you expect the utilization rate of the link to be low.
What should you do to minimize Active Directory-related authentication traffic on the WAN link? (Choose two.)
a. Add a DC from all five domains to the branch office and configure one DC as a global catalog server.
b. Define the branch office as a site.
c. Add a DC for the Sales domain at the branch office.
d. Add the subnet of the branch office to the corporate site.
e. Add a domain controller (DC) from the Sales domain to the branch office and configure it as a global catalog server.
131. You plan to have two domains for Paris and London. Since users from each domain will travel between the offices, you plan to
have a domain controller (DC) from each domain in each office. You monitor the WAN link and determine that it has 50%
utilization. You use the Active Directory Sizer tool and determine that replication traffic will saturate the WAN link.
What should you do? (Choose two.)
a. Configure SMTP as the inter-site transport between London and Paris.
b. Configure a global catalog server in each location.
c. Define a site for each of the two locations.
d. Create a site link bridge between London and Paris.
e. Add an additional domain controller in each location.
132. You want the DDNS zone data for your network stored on every domain controller. How should you do this for replication
efficiency?
a. Make one domain controller on each IP subnet a DDNS secondary server and make all other domain controllers in the IP subnet
cache-only DDNS servers.
b. Make each forward lookup zone and each reverse lookup zone directory-integrated.
c. Make each domain controller a caching-only DDNS server if it is not the primary DDNS server.
d. Make each domain controller a secondary DDNS server if it is not the primary DDNS server.
133. Your Windows 2000 domain is in mixed mode. You have multiple sit es for this single domain. How should you place the
operations master roles to satisfy the environment of this scenario?
a. Place a global catalog server on the infrastructure master.
b. Place both the PDC emulator and the Standby operations master domain controller in the same site.
c.
d.
Perform a backup of the operations master roles on each domain controller that hosts one of the roles when you do the system
state data backup.
Place a domain naming master in a second site.
134. A company is deciding about DNS options for their new Active Directory design. They have decided to stay with standard zone
replication. They want client response time to be optimal and the DNS reliability to be solid. Where should you, the designer,
specify placement of the DDNS servers? (Choose all that apply.)
a. One secondary DDNS server in each Active Directory site
b. One primary DDNS server for each DNS zone per Active Directory
c. One secondary DDNS server in each DNS domain
d. One caching-only DDNS server on the far end of a slow WAN link
e. One secondary DDNS server for each DNS zone for each IP subnet
Case Study 5:
BACKGROUND
BCD TRAIN
COMPANY OVERVIEW
BCD Train operates training centers in 20 North American cities. Four of the cities have 3 training centers each. One of the training
centers in each city houses a business office for a total of 20 business offices.
Training centers in 4 other cities were recently closed because they were less profitable than other centers. BCD Train plans to open
new training centers in 7 other cities over the next 3 years.
At each training center, technical classes are taught on Microsoft, Novell, and Oracle products. The classrooms must be set up for
each class according to the specifications of the setup guides provided by the vendor for the course being taught.
INFORMATION TECHNOLOGY OVERVIEW
The headquarters office for BCD Train is in Cedar Rapids, Iowa. It has no training center. There is an IT staff at the headquarters
office. The IT staff members at the headquarters office are responsible for establishing and managing corporate-wide policies. They
are also responsible for the company-wide email system.
There is an IT staff in each city whose members are responsible for the computer hardware and software for employees and for all the
training centers in the city. IT staff members in each city set up the computers for each training class. IT staff members in each city
are also responsible for daily backups of the email server in their office.
The IT manager at the headquarters office works with hardware and software vendors to establish corporate-wide purchasing and
leasing agreements. The corporate IT manager also makes all agreements for WAN connectivity between each office and the
headquarters office. An IT manager in each city purchases or leases hardware, software, and networking components directly from
each vendor under the conditions of the agreements.
LOCAL AND CORPORATE RESPONSIBILITIES
All class scheduling is managed locally by each office. There is a server at each office on which the scheduling database is hosted.
The scheduling manager sets the dates and the room for each class. Customer Service Representatives (CSRs) register customers for
the classes.
Finances are managed by finance team members in each city. Customers are billed directly by the training center staff in each city.
However, customers whose employees attend classes in more than one city are billed by the corporate finance department, and the
revenue is then disbursed to the appropriate offices. The finance department in each city manages payroll for its employees as well as
local expenses and purchases.
Marketing materials for all offices are generated by members of the corporate marketing department. Members of this department
also maintain a web site, www.bcdtrain.com, with information and schedules for all of the training centers.
Sales of training classes are handles by sales staff members in each city. Each sales representative specializes in classes for one of the
vendors, but may sell classes for other vendors to satisfy customer requirements. Often, a customer has employees in more than one
city and the employees need to attend classes in cities near their offices. In these cases the sales staff members at the training
company's office near the customer's headquarters office work with sales staff members in the other cities to manage the relationship
with both the key contact for each customer and the local contacts for the customer in each city.
Classes are taught by trainers who are employees of BCD T rain. Each trainer usually teaches at the office at which he or she is
employed, but may travel to other offices on occasion. Each trainer is assigned a laptop computer to use to prepare for teaching new
classes.
COMPANY MANAGEMENT STRUCTURE
Corporate management consists of a CEO, a CFO, a sales and marketing manager, and an IT manager.
In each city where a business office and one or more training centers are located, members of the management team include a general
manager, a sales manager, a training manager, and an operations manager. The operations manager oversees employees in the finance,
IT, and customer service departments.
CURRENT COMPUTING ENVIRONMENT
Employees:
Most employees use computers running Windows 98. Members of the IT staff use NT 4.0 Workstation. There are three servers
running Novell NetWare 4.11 and three servers running Windows NT 4.0 Server. Home directories for all employees are on one of
the NetWare servers. Accounts for all employees at an office are defined in a Novell Directory Services (NDS) tree at that office.
Each city with one or more training centers has between fifty and one-hundred employees. There are thirty employees at the
headquarters office.
Each sales representative and department manager uses a laptop computer running Windows 98.
Each trainer is assigned a computer that can be used for study. The trainer is responsible for installing software on the computer.
Trainers and IT staff members are the only employees who work with the computers in the classrooms.
Classrooms:
Each classroom can be used for any Microsoft, Novell, or Oracle class. Computers for each class are set up by using automated
scripts or by using pre-stored images. Images are stored on a computer running Windows NT 4.0 Server at each training center.
The locations that house the business office in each city are connected to the corporate office with a T1 line They are also connected
to the Internet with a T1 line to a local Internet Service Provider (ISP). T he other two locations in the cities with three training centers
are connected to the business office with 56 Kbps lines.
The computers for all employees are on one subnet at each office. The NetWare and Windows NT servers are also on this subnet.
All classrooms at each training center are on a subnet that is separate from the business office subnet. The server on which images for
the classes are stored is also on this subnet. The computers in each classroom are connected to a switch. Each switch is connected to
the backbone.
There is one router at each office. The router connects to the local subnets and to the Internet. For those cities with three training
centers, the remote training centers are connected to the router at the office location via a router at each remote training center.
PLANNEED COMPUTING ENVIRONMENT
Employees:
The computers used by employees will be replaced by new computers running Windows 2000 Professional. New computers will be
purchased that will run Windows 2000 Advanced Server and will be configured as domain controllers in a Windows 2000 domain.
All employees will be given Windows 2000 domain user accounts.
Classrooms:
No changes will be made to classroom hardware. The server on which images are stored for the classes will be upgraded to Windows
2000 Advanced Server.
No changes will be made to the network infrastructure.
135. You have been hired as a consultant to assist BCD Train in designing an Active Directory architecture. One of your first tasks is
to define the company's computing administration model. How should you characterize the manner in which Information
Technology (IT) is managed at BCD Train?
a. Outsourced IT
b. Decentralized IT
c. Centralized IT with Decentralized Management
d. Centralized IT
136. You have been hired as a consultant to assist BCD Train in designing an Active Directory architecture. What is the key factor
you should consider when designing an Organizational Unit (OU) hierarchy?
a. The company management structure
b. The information flow bet ween employees in each city, especially the flow between employees in different departments
c. The responsibilities of members of the Information Technology (IT) departments
d. The information flow between employees in the corporate headquarters office and the employees in each city that has a training
center
137. You have been hired as a consultant to assist BCD Train in designing an Active Directory architecture. Which Organizational
Units (OUs) should you recommend be created to implement the company's Information Technology (IT) support model as well
as support future expansion goals?
a. Create three OUs - one each for the Microsoft, Novell, and Oracle courses.
b. Create twenty OUs - one for each city in which there is a business office and one or more training centers.
c. Create twenty-eight OUs - one for each training center.
d.
e.
Create four OUs - one for the corporate location and one each for Sales, Training, and Operations.
Create twenty-one OUs - one for the headquarters office and one for each city in which there is a business office and one or
more training centers.
138. You have been hired as a consultant to assist BCD Train in designing an Active Directory architecture. After analyzing the
current network and the company's plans for integrating Windows 2000 into its netwo rk, you recommend that BCD Train use a
single Windows 2000 domain. You also recommend that an Organizational Unit (OU) be created for each city in which one or
more training centers exist and that responsibility for the OU be delegated to the IT staff members in the appropriate city.
What should you recommend regarding the placement of domain controllers?
a. A domain controller should be installed at each business office and at the headquarters office.
b. A domain controller should be installed at each trainin g center location and at the headquarters office.
c. Domain controllers should only be installed at the headquarters office.
d. Domain controllers should only be installed at each training center location.
current network and the company's plans for integrating Windows 2000 into its network, you recommend that BCD Train use a
single Windows 2000 domain. You also recommend that a domain controller be installed at each business office.
What should you recommend regarding the number of sites that should be created?
a. Twenty-one sites, one for each city in which an office is located and one for the headquarters location
b. Two sites, one for the headquarters location and one for all the other locations
c. A single site
d. Twenty-nine sites, one for each training center location and one for the headquarters location
140. You are a member of the IT staff at the corporate office of BCD Train. You are working with a consultant to determine the best
way to manage the computer desktops of employees both at your office and at the other offices where employees work. After
getting input from the IT staff members at each of the cities in which training centers are located, you determine that you can
create three standard configurations that will satisfy the needs of the training centers and the corporate office. Each training
center will use one of the three standard configurations. These standard configurations include settings for the control panel, the
desktop, and windows components. There are a number of settings that will be the same in all three configurations. Since the
servers and printers that are used in each city differ, settings for folder redirection, printers, scripts, and software installation will
be defined by the IT staff members in each city.
You decide to create a single Windows 2000 domain for BCD Train and configure the common settings in the default domain Group
Policy object (GPO). What other steps should you take to configure and apply the desired settings to employees' computers?
a. Create a GPO for each standard configuration. Link the GPOs to the domain, create a security group for each city that contains
the appropriate computer and user accounts for the city, and use the security groups to filter the GPOs.
b. Create policy templates for each standard configuration. Use Security Configuration and Analysis to apply the appropriate
template to each employee's computer.
c. Create a site for each city. Create a GPO for each standard configuration and link the appropriate GPO to each site.
d. Create an Organizational Unit (OU) for each city. Create a GPO for each standard configuration and link the appropriate GPO to
each OU.
141. You are the corporate IT manager of BCD Train. You determine that there should be three Group Policy objects (GPOs) created
to manage the desktops of users throughout the enterprise. One member of the IT staff at each office location will determine
which of the three should be used for that location. Settings that are common to all three of the configurations are defined in the
default domain GPO. The designated IT staff member at each office location will create GPOs to manage settings for folder
redirection, printers, scripts, and software installation.
You create a single Windows 2000 domain for BCD Train. You create an OU for each city in which the enterprise has an office and
one or more training centers. You also configure a separate site for each city. You add the designated IT staff member from each city
to the security group "Group Policy Creator Owners" to allow these individuals to create GPOs.
How should you configure security to allow the designated IT staff member for each city to define which standard configuration GPO
should be used for users and computers in his or her city but not be able to block inheritance from any domain GPO?
a. Use the Delegation of Control wizard to give the designated IT staff members read and write access to the gPOptions attribute of
the appropriate site.
b. Use the Delegation of Control wizard to give the designated IT staff members read and write access to the gPLink attribute of
the appropriate OU.
c. Use the Delegation of Control wizard to delegate the task "Manage Group Policy links" for the appropriat e OU to each
designated IT staff member.
d. Use the Delegation of Control wizard to delegate the task "Manage Group Policy links" for the appropriate site to each
designated IT staff member.
142. You have been hired as a consultant to assist BCD Train in designin g an Active Directory architecture. After analyzing the
single Windows 2000 domain. You recommend that the Domain Name System (DNS) server service be installed on DNScorp, a
computer running Windows 2000 Server at the corporate office. You also recommend that a standard primary zone with the
same name as the Active Directory domain for BCD Train be created on this server. This name is registered for use on the
Internet.
After getting input from the IT staff members at the corporate office and at each of the cities in which training centers are located, you
determine that employees at each business office primarily use resources on computers in their own city. On occasion, employees
need to access resources at the corporate office. They do not need to access resources in other cities. You also learn that it is important
to limit the amount of traffic across the T1 lines connecting each office to the Internet.
What recommendation should you make regarding the placement of domain controllers and computers running the DNS server service
for BCD Train?
a. Install the DNS server service on a computer running Windows 2000 server at each business office. Configure each of these
computers as a caching-only server. Configure these computers to use DNScorp as a forwarder. Configure a computer at each
office location and at each training center location as a domain controller.
b. Install the DNS server service on a computer running Windows 2000 server at each business office. Create a standard secondary
zone on each of these computers for the existing standard primary zone. Configure each of these computers to use DNScorp as a
master name server. Configur e two computers as domain controllers at the corporate office.
c. Install the DNS server service on a computer running Windows 2000 server at each business office. Create a zone that contains
resource records only for the computers at that location. Delegate control of this zone from the DNS server at the corporate
office to the appropriate local DNS server. Configure four computers as domain controllers at the corporate office.
d. Configure DNScorp as a domain controller. Convert the standard primary zone to an Active Directory-integrated zone.
Configure a computer running Windows 2000 Server at each business office as a domain controller for the Windows 2000
domain. Install the DNS server service on these computers.
143. You have been hired as a consultant to assist BCD Train in designing an Active Directory architecture. You have learned that
management wants to continue to use the Domain Name System (DNS) domain name that is registered to support the current
web site. You also learn that the email system will be expanded to support communication to and from the Internet. DNS support
is currently provided by the ISP being used for each office location. Support for DNS will be assigned to the internal IT staff
members as part of the upgrade to Windows 2000. DNS will be installed on computers running Windows 2000 Server.
What naming strategy should you recommend for the Active Directory root domain as well as internal and external resources?
a. Use the existing DNS domain name for the Active Directory root domain and for resources at the corporate office and a new
DNS domain name for each city in which an office and one or more training centers exist.
b. Use a delegated DNS subdomain name for the Active Directory root domain and internal resources. Use the existing DNS
domain name for external resources.
c. Use the existing DNS domain name for internal and external resources and for the Active Directory root domain.
d. Use a new DNS domain name for the Active Directory root domain and for internal resources and the existing DNS domain
name for external resources.
single Windows 2000 domain. You recommend that an Organizational Unit (OU) be created for each city in which one or more
training centers exist and that responsibility for the OU be delegated to the IT staff members in the appropriat e city. You also
recommend that a site be created for headquarters in Cedar Rapids and for each of the 20 cities. You also suggest that a domain
controller be installed in each site.
What should you recommend regarding the placement of global catalog servers?
a. Global catalog servers should only be installed at each training center location.
b. A global catalog server should be installed at each training center location that houses a business office and at the headquarters
office.
c. A global catalog server should be installed at each training center location and at the headquarters office.
d. Global catalog servers should only be installed at the headquarters office.
145. You have been hired as a consultant to assist BCD Train in designing an Active Directory architect ure. During your analysis of
the current network and the company's plans for integrating Windows 2000 into its network, you learn that the existing NetWare
servers at each office will continue to be used. Each user's home directory will be moved to a computer running Windows 2000
Server. A custom application runs on a NetWare server and cannot be moved to a computer running Windows 2000 Server, so
the existing NetWare accounts will be kept.
What utility should you recommend that BCD Train use in the Windo ws 2000 domain to keep the Novell Directory Services (NDS)
database and Active Directory synchronized?
a. Microsoft Directory Synchronization Services (MSDSS)
b. Gateway (and Client) Services for NetWare (GSNW)
c. Directory Service Manager for NetWare (DSMN)
d. Activ e Directory Connector
146. You have been hired as a consultant to assist BCD Train in designing an Active Directory architecture. During your analysis of
the current network and the company's plans for integrating Windows 2000 into its network, you determine that Group Policy
objects (GPOs) should be defined to manage settings for client computers. You decide to configure settings common to all users
in the default domain policy. You determine that there should be three GPOs created to manage the desktops of users throughout
the enterprise. One of these three GPOs should be linked to each Organizational Unit (OU).
When configuring the GPOs, which settings must you configure in the default domain policy to insure that the settings are enforced
for users defined in Active Directory?
a. Account policies
b. Administrative Templates
c. Restricted Groups
d. Logon/Logoff and Startup/Shutdown Scripts
147. You have been hired as a consultant to assist BCD Train in designing an Active Directory architecture. During your analysis of
the current network and the company's plans for integrating Windows 2000 into its network, you determine that Group Policy
objects should be defined to manage settings for client computers. With the current network topology and traffic, there are times
when links between office locations and the headquarters office have little available bandwidth. When planning your Group
Policy strategy, you must plan for the impact of applying group policy across slow links.
Which two types of group policy settings will always be applied, even across a slow link? (Choose two.)
a. Administrative Templates
b. Internet Explorer Maintenance
c. Logon/Logoff and Startup/Shutdown Scripts
d. Folder Redirection
e. Security Settings
148. You have been hired as a consultant to assist BCD Train in design ing an Active Directory architecture. After analyzing the
single Windows 2000 domain. You also recommend that a site be defined for each business office and that a domain controller
be installed at each business office. Training centers in each city will be included in the site defined for the business office in that
city. You also recommend that a site be created for the headquarters office and that two domain controllers be installed at that
office.
What should you recommend regarding the creation of site links?
a. A site link should be created between the site defined for each business office and the headquarters office.
b. Two site links should be created for each business office site to the two nearest business office sites.
c. A site link should be created between each business office site and every other business office site. A site link should also be
created between each business office site and the headquarters office site.
d. Two site links should be created for each business office site, one to the headquarters office site and one to the nearest business
office site.
149. You have been hired as a consultant to assist BCD Train in designing an Active Directory architecture. You have discovered that
the company plans to implement Exchange 2000 as its messaging system within four months after implementing an Active
Directory domain. You recommend that BCD Train prepare for the Exchange implementation as they deploy Active Directory
by running the Exchange setup utility with the forestprep option.
In addition to being an administrator on the computer on which setup is run, to which group or groups must an administrator belong to
use the forestprep option?
a. Schema Admins and the forest root Domain Admins
b. Enterprise Admins only
c. Enterprise Admins and the Domain Admins group in the forest root domain
d. Enterprise Admins and Schema Admins
e. Schema Admins only
Answer Key:
1. A,B,C
2. A
3. OU/Three-tier; Site design/Phoenix; Domain/IT center; Forest/GHP
4. A,C
5. D
6. A
7. A
8. A
9. C,D
10. Newark (Schema master, Domain naming master, Relative ID master, PDC emulator, Infrastructure master); Boston (nothing);
Philadelphia (nothing); New York (nothing); Los Angeles (nothing); Malaysia (Relative ID master, PDC emulator, Infrastructure
master); Atlanta (Infrastructure master, PDC emulator, Relative ID master); New Orleans (nothing); Mexico (nothing); Phoenix
(Relative ID master, Infrastructure master, PDC emulator).
11. B,D,C,A
12. B,D
13. D
14. C
15. A,D
16. C
17. D
18. B,D
19. D
20. A
21. D
22. D,B,A,C
23. B
24. B
25. A
26. D
27. B,C,E,F
28. C
29. B
30. A,B,C,D,F
31. A
32. A
33. B
34. D
35. B
36. OU design/Macintosh; Site design/Smart card; Domain design/Security; Forest/Namespace
37. C
38. D
39. A
40. C
41. A
42. B,C
43. B
44. B
45. E
46. D
47. E,C,B,D,A,G,F
48. C
49. D
50. A
51. C
52. D
53. B
54. E
55. C,G,A,B,F
56. D
57. D
58. A
59. F
60. B
61. B
62. A
63. C
64. C
65. C
66. B
67.
OU design
-Department specific administration
Site design
-Maintain current WAN links
Domain design
-implementation of security policies
-centralized IT administration
Forest design
-maintain a common schema
68. D
69. A
70. B
71. A
72. B
73. D
74. C
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
C
C
D
C
D
A
A,C
E
D
C,D
A
A,D
D
D
B
D
B
D
A
B,C,G
C
A
A
D
C,D
B,C,
A,C
B
A
C,E
A,C
A,C,D
C,D
C
D
B
D
B
D
D,E
D
B
A
B
D
A,B,E
A
E
C
B,C,E
D
A
B
D
A
B,E
B,C
B
B
B,D,E
C
C
B
A
A
D
B
D
C
B
145.
146.
147.
148.
149.
A
A
A,E
A
D

219 Cheet Sheet

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

219 Cheet Sheet

Uploaded by

Copyright:

Available Formats

Cheet Sheets: Designing Windows 2000 Directory Services (70-219)

Copyright Keen Interactive 2001

North American Perry Research Locations:

Business Consultants (BC)

employees: intrasite replication.

Use a clean install to create an Active Directory root domain.

Active Directory Design Components:

BEGIN MULTIPLE CHOICE SECTION:

Create separate forests, and move user accounts to another forest.

ACTIVE DIRECTORY ELEMENTS

Which type of IT organization should be implemented?

How should you configure replication? (Choose two.)

How should you apply group policy to the domain?

Where should you place global catalog servers?

Active Directory Domains and Trusts console

two-way nontransitive trust relationship

How should you design the Active Directory structure?

35. How should you configure replication for Phase 1?

Which factor most affects the schema modification plan?

Which business factor necessitates a multiple domain Active Directory design?

What will the LMI Windows 2000 administration model allow?

How should you plan the DNS structure?

Which design decision is most critical to resolve first?

Create a Group Policy Object (GPO) for the Schema Admins.

You might also like