Szenarien - Fragen und Antworten
| Autor: |
Lars Schlageter |
| Zuletzt gespeichert: |
16.01.2005 |
| Zustand : |
Zu korrigieren |
State University
State University has 39000 students/staff and faculty located on a single
campus. State University contains the following primary colleges:
College of Business
College of Engineering
College of Science
College of Distance Learning
The Campus IT department have hired you to create an active directory design to
improve collaboration and provide single logon for students and faculty. The
lost below shows a breakdown of the 96000 users and contacts to consider in your
design:
Students (users) 28000
Faculty (users) 3000
Staff (users) 8000
Active Alumni (contacts) 45000
Donors (contacts) 12000
Existing Environment:
The Campus IT department provide services to the entire campus. The list below
shows some of those services:
HR Systems
Student Registration
Student Email, WWW and FTP
Card Keys
Email Gateway
Physical LAN
Campus WWW services
Each college has its own IT department that report to the relevant dean. These
IT staff have their own budget and are not part of campus IT. Each department
has implemented its own Network and Desktop environment to suit their own needs.
Currently there is no standardisation of hardware or Operating Systems or Naming
Standards. Because of the transient nature of the students many departments
create generic student accounts eg. Student1, Student2 etc. These accounts have
no password and are designed for students in labs. This stratagy makes it hard
to audit student activities and provide login roaming. Many students take
classes from different colleges and have many different accounts. Personal
logins are created for staff and faculty, however many students are also staff
and as a result get personal logins. This leads to many unknown accounts when
students leave. Several Unix servers provide FTP, WWW and telnet access for
students and are referred to as StudentNET. Each student is allocated 50MB to be
used for FTP storage or a personal WWW site.
Questions
1 - You need to plan for coexistence with an LDAP database. You also need
to create a strategy for deploying the synchronization script to auto populate
Active Directory. Arrange the tasks below to perform your goals. Place the task
you should perform first at the top of the list.
A - Modify the schema on the test lab forest and pilot the synchronization
script
B - Develop the application to sync info from the data sources
C - Instruct the end users to logon to the production forest
D - Create a test lab forest
E- Identify data to collect from HR systems, Student registration database,
Critical data about servers and alumni
F - Decommission LDAP database
2 - You want to ensure maximum performance level of the critical
operations master roles and forest login. You need to select 1 Domain Controller
for which you will lower the priority of the SRV records. Which Domain
Controller should you select.
A - Domain Controller in the StateU child domain located in the campus IT
data centre
B - Domain Controller in the StateU child domain located in the College of
Engineering data centre
C - Domain Controller in the Campus IT forest root domain located in the College
of Engineering data centre
D - Domain Controller in the Campus IT forest root domain located in an
affiliated university data centre
E - Domain Controller in the Campus IT forest root domain located in the IT
data centre
3 - You need to justify your domain design for the internal campus IT
forest. Which 2 factors allow you to justify your domain design.
A - Lack of support from the dean of the college of Science
B - Ease of admin by means of IT department Campus synchronization app for users
C - Lack of support from the IT manger of the college of Business
D - Bandwidth Restrictions
E - Single login from UNIX Kerbos realm
F - Lack of physical security of the Domain Controllers
ANSWER : E,C
4 - Create a test strategy that supports access of students to resources.
Create a diagram showing trusts.
StateU.adm.stateuniversity.edu domain
Existing Kerbos Realm
Distance.Adm.StateUniversity.edu domain
Business.Adm.StateUniversity.edu domain
science.adm.stateuniversity.edu domain
engineering.adm.stateuniversity.edu domain
science.stateuniversity.edu domain
business.stateuniversity.edu domain
distance.stateuniversity.edu domain
Trusts:
Transitive
Kerbos
Explicit one way NTLM
Explicit two way NTLM
Explicit one way
Explicit one way KERBOS
Explicit two way KERBOS
5 - You need to justify your forest design. Which factors justify the
forest design?
A - Lack of physical security for the domain controllers
B - Lack of support from the dean of the college of science
C - Location of the Domain Controller in the secured subnet
D - Lack of support from the IT manager in the college of Business
6 - You need to check DNS design. Which tasks need to be completed on DNS
servers in the secured subnet?
A - Create a primary zone named sateuniversity.edu
- Create a subdomain named External
- Create a delegated domain named Campus
- Configure the DNS with root hits to the Internet
B - Create a primary zone named sateuniversity.edu
- Create a subdomain named External
- Create a delegated subdomain named external
- Create a delegated subdomain named campus
- Create a delegated subdomain named adm
- Configure the DNS with root hits to the Internet
C - Create a primary zone named sateuniversity.edu
- Create a subdomain named External
- Creater a delegated domain named Campus
- Create a delegated subdomain nsamed adm
- Configure the DNS with root hits to the Internet
ANSWER:
7 - Design the place of Global Catalogs and Operations Masters to support
StateU child domains and its forest root. You need to place operations masters
and Global Catalogs on the appropriate Domain Controllers.
??????
8 - You need to create a forest design for StateU. Move the appropriate
elements to the forests.
Forests:
adm.stateu.edu forest
distance.stateu.edu forest
business.stateu.edu forest
science.stateu.edu forest
Elements:
College of Business Computer accounts
College of Engineering Computer accounts
College of Science Computer accounts
College of Distance Learning External Computer accounts
College of Distance Learning Internal Computer accounts
Forest not connected
9 - How do you meet the needs of the Engineering IT manager.
A - Enable User GPO loop back for COE Student GPO
B - Create an OU for Engineering. Locate all college engineering computers in OU
and delegate rights for the computers to have full control of computers, groups
and GPO.
C- Create a GPO named GPO_Students GPO in the OU containing Engineering
computers
D - Create a GPO named GPO_Students GPO in the OU containing Engineering
students
E - Create an OU for Engineering, locate the students in this OU. Delegate the
manage GPO to the college of Engineering IT staff.
F - Grant access to the GPO for students group and CEO_IT group. Deny GPO deny
to the CEO_IT group
G - Grant read access to the GPO for students group and CEO_IT group. Grant GPO
apply to thr CEO_IT Group
|