What should you recommend?

Testlet: Tailspin Toys
You need to recommend a solution that meets the following requirements:
Log access to all shared folders on TT-FILE02.
Minimize administrative effort.
Ensure that further administrative action is not required when new shared folders are added to TT-FILE02.
What should you recommend?
Case Study Title (Case Study):
General Background
You are the Windows Server Administrator for Tailspin Toys. Tailspin Toys has a main office and a manufacturing office.
Tailspin Toys recently acquired Wingtip Toys and is in the beginning stages of Merging the IT environments. Wingtip Toys has a main office and a sales office.
Technical Background
The companies use the network subnets indicated in the following table:


The Tailspin Toys network and the Wingtip Toys are connected by a point-to-point dedicated 45 Mbps circuit that terminates in the main offices.
The current Tailspin Toys server topology is shown in the following table:


The Tailspin Toys environment has the following characteristics:
. All servers are joined to the tailspintoys.com domain.
. In the Default Domain Policy, the Retain old events Group Policy setting is enabled.
. An Active Directory security group named "Windows System Administrators" is used to control all files and folders on TT-PRINT01.
. A Tailspin Toys administrator named Marx has been delegated rights to multiple Organizational Units (OUs) and object in the tailspintoys.com domain.
. Tailspin Toys developers use Hyper-V Virtual Machines (VM’s) for development. There are 10 development VM’s named TT-DEV01 to TT-DEV20.
The current Wingtip Toys server topology is shown in the following table:


All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
All domain zones must be stored as Active Directory-integrated zones.
Only DNS servers located in the Tailspin Toys main offices may communicate with the DNS servers at Wingtip Toys.
Only DNS servers located in the Wingtip Toys main offices may communicate with the DNS servers at Tailspin Toys
All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
All wingtiptoys.com resources must be resolved from the Tailspin toys offices.
Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met:
Tailspin Toys IT security administrators must be able to create, modify and delete user objects in the wingtip.com domain.
Members of the Domain Admins Group in the tailspintoys.com domain must have full access to the wingtiptoys.com Active Directory environment.
A delegation policy must grant minimum access rights and simplify the process of delegating rights.
Minimum permissions must always be delegated to ensure that the least privilege is granted for a job task.
Members of the TAILSPINTOYSHelpdesk group must be able to update drivers and add printer ports on TT-PRINT01.
Members of the TAILSPINTOYSHelpdesk group must not be able to cancel a print job on TT-PRINT01.
Tailspin Toys developers must be able to start, stop and apply snapshots to their development VM’s.
IT Security
. Server security must be automated to ensure that newly deployed servers automatically have the same security configurations as existing servers.
. Auditing must be configured to ensure that the deletion of users objects and OUs is logged.
. Microsoft Word and Microsoft Excel files must be automatically encrypted when uploaded to the Confidential documents library on the Tailspin Toys Microsoft SharePoint site.
. Multi factor authentication must control access to Tailspin Toys domain controllers.
. All file and folder auditing must capture the reason for access.
. All folder auditing must capture all delete actions for all existing folders and newly created folders.
. New events must be written to the Security event log in the tailspintoys.com domain and retained indefinitely.
. Drive X: on the TT-FILE01 must be encrypted by using Windows BitLocker Drive Encryption and must be automatically unlock.
A. Upgrade TT-FILE02 to Windows Server 2008 Enterprise and use application control policies in Group Policy.
B. Add the Connection Manager Administration Kit feature on TT-FILE02.
C. Upgrade TT-FILE02 to Windows Server 2008 R2 Standard and use Advanced Audit Policy Configuration settings in Group Policy.
D. Add the Network Policy and Access Services role to TT-FILE02.

microsoft-exams

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.