070-646 無料問題集「Microsoft Windows Server 2008, Server Administrator」

Your network contains a Web-based application that runs on Windows Server 2003. You plan to migrate the Web-based application to Windows Server 2008 R2. You need to recommend a server configuration to support the Web-based application.
The server configuration must meet the following requirements:
Ensure that the application is available to all users if a single server fails.
Support the installation of .NET applications.
Minimize software costs. What should you recommend?

Testlet: Tailspin Toys
You need to recommend a solution to meet the certificate distribution requirements.
What should you recommend?
Case Study Title (Case Study): General Background
You are the Windows Server Administrator for Tailspin Toys. Tailspin Toys has a main office and a manufacturing office.
Tailspin Toys recently acquired Wingtip Toys and is in the beginning stages of Merging the IT environments. Wingtip Toys has a main office and a sales office.
Technical Background
The companies use the network subnets indicated in the following table: The Tailspin Toys network and the Wingtip Toys are connected by a point-to-point dedicated 45 Mbps circuit that terminates in the main offices.

The current Tailspin Toys server topology is shown in the following table:

The Tailspin Toys environment has the following characteristics: All servers are joined to the tailspintoys.com domain. In the Default Domain Policy, the Retain old events Group Policy setting is enabled. An Active Directory security group named "Windows System Administrators" is used to control all files and folders on TT-PRINT01. A Tailspin Toys administrator named Marx has been delegated rights to multiple Organizational Units (OUs) and object in the tailspintoys.com domain. Tailspin Toys developers use Hyper-V Virtual Machines (VM's) for development. There are 10 development VM's named TT-DEV01 to TT-DEV20.
The current Wingtip Toys server topology is shown in the following table: All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.

Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
All domain zones must be stored as Active Directory-integrated zones.
Only DNS servers located in the Tailspin Toys main offices may communicate with the DNS servers at Wingtip Toys.
Only DNS servers located in the Wingtip Toys main offices may communicate with the DNS servers at Tailspin Toys
All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
All wingtiptoys.com resources must be resolved from the Tailspin toys offices.
Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met: Tailspin Toys IT security administrators must be able to create, modify and delete user objects in the wingtip.com domain.
Members of the Domain Admins Group in the tailspintoys.com domain must have full access to the wingtiptoys.com Active Directory environment.
A delegation policy must grant minimum access rights and simplify the process of delegating rights.
Minimum permissions must always be delegated to ensure that the least privilege is granted for a job task.
Members of the TAILSPINTOYS\Helpdesk group must be able to update drivers and add printer ports on TT-PRINT01.
Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print job on TT-PRINT01.
Tailspin Toys developers must be able to start, stop and apply snapshots to their development VM's.
IT Security
Server security must be automated to ensure that newly deployed servers automatically have the same security configurations as existing servers.
Auditing must be configured to ensure that the deletion of users objects and OUs is logged.
Microsoft Word and Microsoft Excel files must be automatically encrypted when uploaded to the
Confidential documents library on the Tailspin Toys Microsoft SharePoint site.
Multi factor authentication must control access to Tailspin Toys domain controllers.
All file and folder auditing must capture the reason for access.
All folder auditing must capture all delete actions for all existing folders and newly created folders.
New events must be written to the Security event log in the tailspintoys.com domain and retained
indefinitely.
Drive X:\ on the TT-FILE01 must be encrypted by using Windows BitLocker Drive Encryption and must be automatically unlock.

Testlet: Humongous Insurance
DFS Management manages DFS Namespaces and DFS Replication
File Server Resource Manager (FSRM) controls and manages quantity (size) and quality (type) of data that is stored on their servers
Storage Explorer views and manages the Fibre Channel and iSCSI fabrics that are available in your storage area network (SAN).
http://technet.microsoft.com/en-us/library/cc733004.aspx
You need to recommend a server build for the Web servers.
Which server build should you recommend?
Testlet: Humongous Insurance (Case Study): COMPANY OVERVIEW
Humongous Insurance has a main office and 20 branch offices. The main office is located in New York. The branch offices are located throughout North America. The main office has 8,000 users. Each branch office has 2 to 250 users.
PLANNED CHANGES
Humongous Insurance plans to implement Windows BitLocker Drive Encryption (BitLocker) on all servers.
EXISTING ENVIRONMENT
The network contains servers that run either Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2. All client computers run either Windows 7 Enterprise or Windows Vista Enterprise.
BUSINESS GOALS
Humongous Insurance wants to minimize costs whenever possible.
EXISTING ACTIVE DIRECTORY/DIRECTORY SERVICES
The network contains a single Active Directory forest named humongousinsurance.com. The forest contains two child domains named north.humongousinsurance.com and south.humongousinsurance.com. The functional level of the forest is Windows Server 2008 R2.
EXISTING NETWORK INFRASTRUCTURE
Each child domain contains a Web server that has Internet Information Services (IIS) installed. The forest root domain contains three Web servers that have IIS installed. The Web servers in the forest root domain are configured in a Network Load Balancing (NLB) cluster. Currently, all of the Web servers use a single domain user account as a service account.
Windows Server Update Services (WSUS) is used for company-wide patch management. The WSUS servers do not store updates locally.
The network contains Remote Desktop servers that run Windows Server 2008 R2. Users in the sales department access a line-of-business Application by using Remote Desktop. Managers in the sales department use the Application to generate reports. Generating the reports is CPU intensive.
The sales managers report that when many users are connected to the servers, the reports take a long time
to process.
Humongous Insurance has the following standard server builds:
Class 1 - Dual x64 CPUs, 4-GB RAM, Windows Web Server 2008 R2
Class 2 - Dual x64 CPUs, 4-GB RAM, Windows Server 2008 R2 Standard
Class 3 - Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Standard
Class 4 - Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Enterprise
CURRENT ADMINISTRATION MODEL
Humongous Insurance currently uses the following technologies to manage the network:
Microsoft Desktop Optimization Pack
Microsoft Forefront EndPoint Protection
Microsoft System Center Operations Manager
Microsoft System Center Configuration Manager
TECHNICAL REQUIREMENTS
Humongous Insurance must meet the following technical requirements:
A certificate must be required to recover BitLocker-protected drives.
Newly implemented technologies must minimize the impact on LAN traffic.
Newly implemented technologies must minimize the storage requirements.
The management of disk volumes and shared folders must be performed remotely whenever possible.
Newly implemented technologies must minimize the amount of bandwidth used on Internet connections.
All patches and updates must be tested in a non-production environment before they are applied to production servers.
Multiple versions of a Group Policy object (GPO) must be maintained in a central archive to facilitate a roll back required.
The management of passwords and service principal names (SPNs) for all service accounts must be automated whenever possible.

Testlet: Graphic Design Institute, Case A
http://www.iis.net/learn/manage/managing-your-configuration-settings/shared-configuration_264
You need to ensure that Web1, Web2, and Web3 download updates from WSUS1.
What should you do?
Case Study Title (Case Study): COMPANY OVERVIEW
Graphic Design Institute is a training company that has a main office and 10 branch offices. The main office is located in Bangalore.
PLANNED CHANGES
Graphic Design Institute plans to implement the following changes:
Deploy a new two-node failover cluster that runs the Hyper-V server role on each node. Ensure that intra-cluster network traffic is isolated from all other network traffic.
Implement Network Access Protection (NAP) for all of the client computers on the internal network and for all of the client computers that connect remotely.
EXISTING ENVIRONMENT
The relevant servers in the main office are configured as shown in the following table.

NPAS1 contains a static IP address pool.
Web1, Web2, and Web3 host a copy of the corporate Web site.
Web1, Web2, and Web3 are located in the perimeter network and belong to a workgroup.
All client computers run Windows XP Professional, Windows Vista Enterprise, or Windows 7 Enterprise, All
client computers are members of the domain.
Some users work remotely. To access the company's internal resources, the remote users use a VPN connection to NPAS1.
Existing Active Directors/Directory Services
The network contains a single-domain Active Directory forest named graphicdesigninstitute.com.
The Active Directory Recycle Bin is enabled.
Existing Network Infrastructure
Graphic Design Institute has an internal network and a perimeter network.
The network contains network switches and wireless access points (WAPs) from multiple vendors. Some of the network devices are more than 10 years old and do not support port-based authentication.
TECHNICAL REQUIREMENTS
All of the accounts used for administration must be assigned the minimum amount of permissions.
Web1, Web2, and Web3 must have the identical configurations for the corporate Web site.
The Web servers must contain a local copy of all the Web pages in the Web site. When a Web page is modified on any of the Web servers, the modifications must be copied automatically to all of the Web servers.
A user named Admin1 must be responsible for performing the following tasks:
Restarting all of the Web servers.
Backing up and restoring the files on all of the Web servers.
A user named Admin2 must be responsible for performing the following tasks;
Backing up the Active Directory database.
Recovering deleted objects from the Active Directory Recycle Bin.

Testlet: Fabrikam Inc
You need to configure Internet Explorer to meet the company's technical requirements.
Which GPO or GPOs should you modify?
Case Study Title (Case Study): COMPANY OVERVIEW
Fabrikam Inc. is a manufacturing company that has a main office and a branch office.
PLANNED CHANGES
You plan to deploy a failover cluster named Cluster1 in the branch office. Cluster1 will be configured to meet the following requirements:
The cluster will host eight virtual machines (VMs).
The cluster will consist of two nodes named Node1 and Node2.
The quorum mode for the cluster will be set to Node and Disk Majority.
A user named Admin1 will configure the virtual switch configuration of the VMs.
The cluster nodes will use shared storage on an iSCSI Storage Area Network (SAN).
You plan to configure a VM named File2 as a file server. Users will store confidential files on File2.
You plan to deploy a Microsoft Forefront Threat Management Gateway (TMG) server in each site. The Forefront TMG server will be configured as a Web proxy.
EXISTING ENVIRONMENT
The research department is located in the branch office. Research users frequently travel to the main office.
Existing Active Directory/Directory Services
The network contains a single-domain Active Directory forest named fabrikam.com. The functional level of the forest is Windows Server 2008.
The relevant organizational units (OUs) for the domain are configured as shown in the following table.

The relevant sites for the network are configured shown in the following table.

The relevant group policy objects (GPOs) are configured as shown in the following table.

Existing Network Infrastructure
All users run windows server 2008 R2. The relevant servers are configured as shown in following table.

WSUS2 is configured as a downstream replica server.
File1 contains a share named Templates. Users access the Templates share by using the path \ \fabrikam.com\dfs\templates.
File1 has the Distributed File System (DFS) Replication role service and the DFS Namespaces role service installed.
TECHNICAL REQUIREMENTS
Fabrikam must meet the following requirements:
Minimize the cost of IT purchases.
Minimize the potential attack surface on the servers.
Minimize the number of rights assigned to administrators.
Minimize the number of updates that must be installed on the servers.
Ensure that Internet Explorer uses the local ForeFront TMG server to connect to the Internet.
Ensure that all client computers continue to receive updates from WSUS if a WSUS server fails.
Prevent unauthorized users from accessing the data stored on the VMs by making offline copies of the
VM files. Fabrikam must meet the following requirements for the Templates share:
Ensure that users access the files in the Templates share from a server in their local site.
Ensure that users always use the same UNC path to access the Templates share, regardless of the site in which the users are located.

Testlet: Blue Yonder Airlines
** Software can be deployed to USER by Published/ Assigned/ Advanced methods, while it can be deployed to COMPUTER by Assigned/ Advanced methods.
You need to recommend a NAP enforcement method that meets the company's security requirements.
Which method should you recommend?
Case Study Title (Case Study): COMPANY OVERVIEW
Blue Yonder Airlines has a main office and four branch offices. Each branch office has six satellite offices. The main office is located in Sydney. The branch offices are located in London, New York, Bangkok, and Istanbul. The main office has 1,000 users. Each branch office has 500 users. Each satellite office has 50 to 100 users.
PLANNED CHANGES
Each satellite office will have a single server deployed. The servers will have the following server roles installed:
File server
Print server
Read-only Domain Controller (RODC)
Each satellite office will have a local support technician who performs the following tasks:
Manages printers.
Manages server backups.
Manages updates on the server.
Each support technician will only be permitted to manage the server located in his office.
You plan to implement a backup and recovery solution to restore deleted Active Directory objects. The solution must ensure that the attributes of the deleted objects are restored to the same state they were in before they were deleted.
You plan to deploy a custom sales application named App2 to the portable computers of all company sales consultants. The setup program of App2 requires local administrative privileges. App2 will be updated monthly.
BUSINESS GOALS
Blue Yonder Airlines has the following business goals:
Minimize server downtime.
Minimize administrative effort.
Minimize interruptions to users caused by WAN link failures.
EXISTING ENVIRONMENT
The network contains servers that run either Windows Server 2008 R2 or Windows Server 2008. All client computers were recently replaced with new computers that run Windows 7 Enterprise.
Users do not have local administrator rights on the client computers.
Existing Active Directory/Directory Services
The network contains a single Active Directory domain named blueyonderairlines.com. The functional level of the domain is Windows Server 2008. All domain controllers run Windows Server 2008.
Existing Network Infrastructure
All offices have wired and wireless networks.
The main office has a file server that stores large graphics files. The files are used by all of the users in all of the offices.
A Group Policy is used to assign an application named App1 to all of the users in the domain.
The branch offices contain public computers on which temporary employees can browse the Internet and view electronic brochures. When the employees log on to the public computers, they must all receive the same user settings.
App1 must not be installed on the public computers. The computer accounts for all of the public computers are in an organizational unit (OU) name Public.
REQUIREMENTS Security Requirements
All computers in the domain must have a domain-level security Group Policy object (GPO) applied.
You plan to implement Network Access Protection (NAP) by using switches and wireless access points (WAPs) as NAP enforcement points.
The public computers must meet the following security requirements:
Only authorized applications must be run.
Automatic updates must be enabled and applied automatically.
Users must be denied access to the local hard disk drives and the network shares from the public computers.
Technical Requirements
The file server in each branch office is configured as shown in the following table.

Each user is allocated 1 GB of storage on the Users share in their local office.
Each user must be prevented from storing files larger than 500 MB on the Data share in their local office.
Blue Yonder Airlines must meet the following requirements for managing App2:
Sales consultants must use the latest version of the application.
When a new version of App2 is installed, the previous version must be uninstalled. Sales consultants must be able to run App2 when they are disconnected from the network.

Testlet: Fabrikam Inc
You need to protect the confidential data files on File2 against unauthorized offline access.
What should you use?
Case Study Title (Case Study): COMPANY OVERVIEW
Fabrikam Inc. is a manufacturing company that has a main office and a branch office.
PLANNED CHANGES
You plan to deploy a failover cluster named Cluster1 in the branch office. Cluster1 will be configured to meet the following requirements:
The cluster will host eight virtual machines (VMs).
The cluster will consist of two nodes named Node1 and Node2.
The quorum mode for the cluster will be set to Node and Disk Majority.
A user named Admin1 will configure the virtual switch configuration of the VMs.
The cluster nodes will use shared storage on an iSCSI Storage Area Network (SAN).
You plan to configure a VM named File2 as a file server. Users will store confidential files on File2.
You plan to deploy a Microsoft Forefront Threat Management Gateway (TMG) server in each site. The Forefront TMG server will be configured as a Web proxy.
EXISTING ENVIRONMENT
The research department is located in the branch office. Research users frequently travel to the main office.
Existing Active Directory/Directory Services
The network contains a single-domain Active Directory forest named fabrikam.com. The functional level of the forest is Windows Server 2008.
The relevant organizational units (OUs) for the domain are configured as shown in the following table.

The relevant sites for the network are configured shown in the following table. The relevant group policy objects (GPOs) are configured as shown in the following table.


Existing Network Infrastructure
All users run windows server 2008 R2. The relevant servers are configured as shown in following table.

WSUS2 is configured as a downstream replica server.
File1 contains a share named Templates. Users access the Templates share by using the path \ \fabrikam.com\dfs\templates.
File1 has the Distributed File System (DFS) Replication role service and the DFS Namespaces role service installed.
TECHNICAL REQUIREMENTS
Fabrikam must meet the following requirements:
Minimize the cost of IT purchases.
Minimize the potential attack surface on the servers.
Minimize the number of rights assigned to administrators.
Minimize the number of updates that must be installed on the servers.
Ensure that Internet Explorer uses the local ForeFront TMG server to connect to the Internet.
Ensure that all client computers continue to receive updates from WSUS if a WSUS server fails.
Prevent unauthorized users from accessing the data stored on the VMs by making offline copies of the
VM files. Fabrikam must meet the following requirements for the Templates share:
Ensure that users access the files in the Templates share from a server in their local site.
Ensure that users always use the same UNC path to access the Templates share, regardless of the site in which the users are located.

Testlet: Lucerne Publishing
What should you include in the recommendation?
Case Study Title (Case Study): COMPANY OVERVIEW Overview
Lucerne Publishing is a large publishing company that produces both traditional books and e- books.
Physical Location
The company has a main office and a branch office. The main office is located in New York. The branch office is located in San Francisco. The main office has a satellite office located in Boston. The company has 7,500 users.
EXISTING ENVIRONMENT Active Directory Environment
The network contains an Active Directory forest. The forest contains a single domain named lucernepublishing.com.
Network Infrastructure
Client computers in the New York office and the San Francisco office run either Windows Vista or Windows XP. All client computers in the Boston office run Windows 7.
The company has a finance department. All of the client computers in the finance department run Windows XP. The finance department uses an application named App1. App1 only runs on Windows XP.
The relevant servers in the New York office are configured as shown in the following table.

The servers have the following configurations:
Remote Desktop is enabled on all servers.
The passwords for all service accounts are set to never expire.
Server1 stores roaming user profiles for users in the Boston office.
SQL1 and SQL2 are deployed in a two-node failover cluster named Cluster1.
All servers have Pre-Boot Execution Environment (PXE)-compliant network adapters.
The servers in the San Francisco office contain neither a recovery partition nor optical media drives.
DFS1 and DFS2 are members of the same DFS Replication group. The DFS namespace is configured
to use Windows 2000 Server mode. The Boston office has no servers. The Boston office connects to the New York office by using a dedicated hardware VPN device.
The finance department publishes monthly forecast reports that are stored in DFS.
REQUIREMENTS Business Goals
Lucerne Publishing must minimize administrative costs, hardware costs, software costs, and development costs, whenever possible.
Planned Changes
All client computers will be upgraded to Windows 7.
A VPN server will be deployed in the main office. All VPN clients must have the latest Windows updates before they can access the internal network.
You plan to deploy a server that has the Remote Desktop Gateway (RD Gateway) role service installed.
Technical Requirements
Lucerne Publishing must meet the following technical requirements:
Upgrade all client computers to Windows 7.
Minimize Group Policy-related replication traffic.
Ensure that App1 can be used from client computers that run Windows 7.
Ensure that users can use App1 when they are disconnected from the network.
Ensure that you can perform a bare metal recovery of the servers in the San Francisco office.
Minimize the amount of time it takes users in the Boston office to log on to their client computers.
Ensure that domain administrators can connect remotely to all computers in the domain through RD Gateway.
Ensure that file server administrators can access DFS servers and file servers through the RD Gateway.
Prevent file server administrators from accessing other servers through the RD Gateway.
Security Requirements
Lucerne Publishing must meet the following security requirements:
USB storage devices must not be used on any servers.
The passwords for all user accounts must be changed every 60 days.
Users must only be able to modify the financial forecast reports on DFS1. DFS2 must contain a read-only copy of the financial forecast reports.
All operating system drives on client computers that run Windows 7 must be encrypted.
Only approved USB storage devices must be used on client computers that run Windows 7.

Your network consists of a single Active Directory domain. Your main office has an Internet connection.
Your company plans to open a branch office. The branch office will connect to the main office by using a WAN link. The WAN link will have limited bandwidth. The branch office will not have access to the Internet. The branch office will contain 30 Windows Server 2008 R2 servers.
You need to plan the deployment of the servers in the branch office.
The deployment must meet the following requirements:
Installations must be automated.
Computers must be automatically activated.
Network traffic between the offices must be minimized. What should you include in your plan?

A company has 10,000 client computers that run Windows 7. The company has a single domain Active Directory Domain Services (AD DS) forest with domain controllers that run Windows Server 2008 R2. Users have local administrative rights on client computers.
You need to design a Group Policy solution that deploys a printer and enforces printer settings.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)

Testlet: City Power & Light
You need to recommend a backup solution for the file servers that supports the company's planned changes.
What should you include in the recommendation?
Case Study Title (Case Study): COMPANY OVERVIEW Overview
City Power & Light is an international utilities company. The company has a sales department, a finance department, and a production department.
Physical Location
The company has a main office and a branch office.
EXISTING ENVIRONMENT Network Infrastructure
The network contains the following servers:
A server named Server1 that runs Windows Server 2008 R2 Enterprise and has the Hyper-V role installed. Server1 hosts three virtual machines (VMs) that run Windows Server 2008 R2 Enterprise. The VMs always run.
A Windows Server Update Services (WSUS) server in the main office. The WSUS server manages updates for the client computers in the main office only.
Several file servers that store data on an iSCSI Storage Area Network (SAN). The file servers have multiple network cards.
An enterprise root certification authority (CA) named CA1 that runs Windows Server 2008 R2.
The branch office connects to the main office by using a WAN link. The WAN link is highly saturated. All
client computers on the network connect to the Internet by using a single Internet connection at the main
office.
Problem Statements
All client computers run Microsoft Office 2003. The client computers for the users in the sales department run a 64-bit version of Windows 7. Sales users must be able to run a 64-bit version of Office 2010 and Office 2003 concurrently when they work offline. Office 2010 must be deployed by using the minimum amount of administrative effort.
REQUIREMENTS Business Goal
City Power & Light has the following business goals:
Software and hardware costs must be minimized, whenever possible.
Due to power restrictions at the data center in the main office, all new servers must be deployed on VMs, whenever possible.
Planned Changes
City Power & Light plans to implement the following changes in their network:
A WSUS server in the branch office.
A robotic-based tape library for the file servers.
A document management system that supports the following requirements: Retains multiple versions of a document; Automatically applies access policies to documents
A solution for managing Group Policy objects (GPOs) that supports the following: Version tracking; Offline modification; Role-based access control
Nine VMs that run Windows Server 2008 R2 Enterprise. Only five VMs will run concurrently.
Two Microsoft SQL Server 2008 Enterprise servers in a failover cluster. The cluster will be attached to a hardware RAID-5 array that has five 2-terabyte drives.
Five additional physical servers for the finance department. The new servers will use native-boot virtual hard disks (VHDs). The VHD images will contain a single partition.
Technical Requirements
City Power & Light must meet the following technical requirements:
The file servers must maintain their connection to the SAN if a network card fails.
The bandwidth utilization between the main office and the branch office must be minimized.
Administrators in the main office must approve or reject updates for all of the client computers in all of the offices.
Security Requirements
City Power & Light must meet the following security requirements:
All help desk technicians must be able to approve certificate requests and revoke certificates. The help desk technicians must be prevented from modifying the properties of the CA.
All telecommunications technicians must be able to manage the virtual networks of Server1. The telecommunications technicians must be prevented from performing all other Hyper-V management task.
All of the documents created by users in the finance department must be shared with all of the managers in the company. After 30 days, only those who created the documents must be able to access the documents.

Your network contains an Active Directory domain named contoso.com. Contoso.com contains a writable domain controller named DC1 and a read-only domain controller (RODC) named DC2. All domain controllers run Windows Server 2008 R2. You need to install a new writable domain controller named DC3 in a remote site. The solution must minimize the amount of replication traffic that occurs during the installation of Active Directory Domain Services (AD DS) on DC3. What should you do first?

Testlet: Trey Research
You are evaluating whether to deploy Hyper-V.
Which technical requirement is NOT met by a Hyper-V deployment?
Case Study Title (Case Study): COMPANY OVERVIEW
Trey Research is a pharmaceutical company that has a main office and two branch offices.
The main office is located in Denver. The branch offices are located in New York and Seattle. The main office has 10,000 users. Each branch office has approximately 200 users.
PLANNED CHANGES
You plan to deploy a new application named App1. App1 is developed in-house. The binary executables and support files for App1 contain sensitive intellectual property.
Users must access App1 through document invocation. The users must be prevented from directly copying or accessing the App1 program files.
EXISTING ENVIRONMENT
The network contains a single Active Directory domain named treyresearch.com.
All servers run Windows Server 2008 R2. All client computers run Windows 7 Enterprise.
The network contains a Web server named Web1 that hosts an intranet site. All users use Web1.
Users report that access to the content on Web1 is slow. You discover that the CPU utilization of Web1 is approximately 90 percent during peak hours.
Microsoft System Center Configuration Manager is used to deploy updates to all of the client computers.
Existing Network Infrastructure
Each office has several file servers. The file servers have a limited amount of storage space. Users access the data on all of the file servers.
Each branch office has a WAN link to the main office. Users in the branch office frequently access the file server in the main office.
Current Administration Model
All servers are currently administered remotely by using Remote Desktop. Help desk users perform the following administrative tasks in the domain:
Manage printers.
Create shared folders.
Manage Active Directory users.
Modify file permissions and share permissions.
All of the help desk users are members of a global group named HelpDesk.
Business Goals
Trey Research has the following business goals:
Minimize the cost of making changes to the environment.
Minimize the cost of managing the network infrastructure and the servers.
REQUIREMENTS
Technical Requirements
Trey Research plans to virtualize all of the servers during the next three years.
Trey Research must meet the following technical requirements for virtualization:
Simplify the management of all hardware.
Allocate CPU resources between virtual machines (VMs).
Ensure that the VMs can connect to multiple virtual local area networks (VLANs).
Minimize the amount of administrative effort required to convert physical servers to VMs.
Trey Research must ensure that users can access content in the shared folders if a single server fails. The
solution must also reduce the amount of bandwidth used to access the shared folders from the branch
offices.
Trey Research must meet the following technical requirements for the intranet site:
Improve response time for users.
Provide redundancy if a single server fails.
Security Requirements
A new corporate security policy states that only Enterprise Administrators are allowed to interactively log on to servers.
User Requirements
Users report that it is difficult to locate files in the shared folders across the network. The users want a single point of access for all of the shared folders in the company.

. You have an existing Active Directory site named Site1. You create a new Active Directory site and name it Site2.
You need to configure Active Directory replication between Site1 and Site2. You install a new domain controller. You create the site link between Site1 and Site2.
What should you do next?

Testlet: Lucerne Publishing
http://technet.microsoft.com/en-us/library/cc732275.aspx
You need to recommend changes to the infrastructure to ensure that DFS meets the company's security requirements.
What should you include in the recommendation?
Case Study Title (Case Study): COMPANY OVERVIEW Overview
Lucerne Publishing is a large publishing company that produces both traditional books and e- books.
Physical Location
The company has a main office and a branch office. The main office is located in New York. The branch office is located in San Francisco. The main office has a satellite office located in Boston. The company has 7,500 users.
EXISTING ENVIRONMENT Active Directory Environment
The network contains an Active Directory forest. The forest contains a single domain named lucernepublishing.com.
Network Infrastructure
Client computers in the New York office and the San Francisco office run either Windows Vista or Windows XP. All client computers in the Boston office run Windows 7.
The company has a finance department. All of the client computers in the finance department run Windows XP. The finance department uses an application named App1. App1 only runs on Windows XP.
The relevant servers in the New York office are configured as shown in the following table.

The servers have the following configurations:
Remote Desktop is enabled on all servers.
The passwords for all service accounts are set to never expire.
Server1 stores roaming user profiles for users in the Boston office.
SQL1 and SQL2 are deployed in a two-node failover cluster named Cluster1.
All servers have Pre-Boot Execution Environment (PXE)-compliant network adapters.
The servers in the San Francisco office contain neither a recovery partition nor optical media drives.
DFS1 and DFS2 are members of the same DFS Replication group. The DFS namespace is configured
to use Windows 2000 Server mode. The Boston office has no servers. The Boston office connects to the New York office by using a dedicated hardware VPN device.
The finance department publishes monthly forecast reports that are stored in DFS.
REQUIREMENTS Business Goals
Lucerne Publishing must minimize administrative costs, hardware costs, software costs, and development costs, whenever possible.
Planned Changes
All client computers will be upgraded to Windows 7.
A VPN server will be deployed in the main office. All VPN clients must have the latest Windows updates before they can access the internal network.
You plan to deploy a server that has the Remote Desktop Gateway (RD Gateway) role service installed.
Technical Requirements
Lucerne Publishing must meet the following technical requirements:
Upgrade all client computers to Windows 7.
Minimize Group Policy-related replication traffic.
Ensure that App1 can be used from client computers that run Windows 7.
Ensure that users can use App1 when they are disconnected from the network.
Ensure that you can perform a bare metal recovery of the servers in the San Francisco office.
Minimize the amount of time it takes users in the Boston office to log on to their client computers.
Ensure that domain administrators can connect remotely to all computers in the domain through RD Gateway.
Ensure that file server administrators can access DFS servers and file servers through the RD Gateway.
Prevent file server administrators from accessing other servers through the RD Gateway.
Security Requirements
Lucerne Publishing must meet the following security requirements:
USB storage devices must not be used on any servers.
The passwords for all user accounts must be changed every 60 days.
Users must only be able to modify the financial forecast reports on DFS1. DFS2 must contain a read-only copy of the financial forecast reports.
All operating system drives on client computers that run Windows 7 must be encrypted.
Only approved USB storage devices must be used on client computers that run Windows 7.