| All the review questions for this chapter are based on the following scenario: Case Study: Neptune Watercraft Neptune Watercraft is a boat builder based in Boston. Over the past 10 years , Neptune has acquired a number of boat and nautical gear manufacturers and today has five subsidiary companies: Trident Power Boats, Seven Seas Yachts, Competition Sailcraft, Neptune Outboards, and Long Lake Boats. The subsidiaries are run as independent businesses, with very limited control from Neptune upper management. Most of the subsidiaries are based in the Boston area, except for Trident Power Boats, which is located in Toms River, New Jersey, and Long Lake Boats, which is headquartered in Glens Falls, New York. Recently, Neptune entered into a joint venture with Allegro Fashions ”a New York apparel manufacturer ”to create a line of boating - related clothing. The resulting company, NA Boatwear, is run independently of both Neptune and Allegro but is located in the Neptune office complex in Boston. Current LAN/Network Structure Neptune has a mix of Unix, Windows NT, and Novell NetWare servers in its home office and subsidiaries. Although most of the network infrastructure is sound ”consisting of 10Mbps and 100Mbps switched Ethernet ”the mix of network operating systems has caused interoperability problems in the past. The NA Boatwear network is currently being set up, and the Neptune IT staff is using the joint venture as a pilot for an eventual corporate rollout of Windows 2000. Proposed LAN/Network Structure All companies are scheduled to be upgraded to Windows 2000 in the next 2 years. Current WAN Connectivity T1 circuits connect the Boston offices of Neptune and the Boston-based subsidiaries. These circuits are used for both voice and data traffic, with 512Kbps devoted to data, and are more than adequate for current and forecasted traffic. Long Lake Boats has a 56Kbps Frame Relay connection to Neptune's headquarters. This circuit is adequate today for the limited data traffic requirements. Trident Power Boats uses a T1 configured for 384Kbps data. Directory Design Commentary Vice President, Neptune IT : We are having trouble maintaining our diverse computing environment. Hopefully, Windows 2000 will help us become a bit more homogeneous and thus save us some money. We will need to retain our Unix DNS and Web servers for some time, however, because we do not have the resources to migrate these to another platform right now. General Manager, NA Boatwear : We are an independent company and will be going our own way with only limited input from our two corporate parents. I like our role as a technology innovator and want to be on the leading edge when new advances occur. We don't want to be held back because of issues with the parent companies. HR Manager, Trident Power Boats : We need to have a more uniform human resources system with the other Neptune companies. When job openings come up, we often have no idea whether someone from one of the other companies is interested or would be a good candidate. Current Internet Positioning Neptune has a corporate Web site and a registered DNS domain name of neptuneboats.com . All Neptune headquarters employees have neptuneboats.com email addresses. All the subsidiaries, except Long Lake Boats, also have registered domains. The NA Boatwear joint venture has just registered na-boatwear.com as its domain name. | Question 1 | Based on the information given, how many forests should be created for Neptune Watercraft? | | A1: | The correct answer is b. The business requirements of NA Boatwear suggest that a separate forest would be the most appropriate for the joint venture company. Answer a is incorrect because having the company in the same forest would require the schema-modification policy to be coordinated with the Neptune companies. Answers c and d are incorrect because creating an excessive number of forests will greatly complicate administration. | | Question 2 | Neptune management requires access to financial information from NA Boatwear. How can the managers be granted access to NA Boatwear data without compromising security at Neptune? -
a. Create a two-way Kerberos trust between the Neptune forest and the NA Boatwear forest. -
b. Create a two-way Kerberos trust between the Neptune domain and the NA Boatwear domain. -
c. Create a one-way trust between the Neptune forest and the NA Boatwear forest. -
d. Create a one-way trust between the Neptune domain and the NA Boatwear domain. | | A2: | The correct answer is d. Creating an NT-style, one-way, nontransitive trust between two domains in different forests is the only possibility. Therefore, answers a, b, and c are incorrect. | | Question 3 | Place the domains shown in the second list into the appropriate forest from the first list. Forests: Neptune Watercraft NA Boatwear Domains: neptuneboats.com na-boatwear.com tridentboat.com comp-sail.com sevenseas-yachts.com neptune-ob.com The correct answer is as follows : Neptune Watercraft: neptuneboats.com tridentboat.com comp-sail.com sevenseas-yachts.com neptune-ob.com NA Boatwear: na-boatwear.com | | Question 4 | The CEO at Competition Sailcraft is concerned about security in the Research and Development (R&D) Department. He would like to see more stringent password security applied as well as greater use of IPSec. How can additional security be set up for the R&D unit without affecting the rest of the company? -
a. Create an organizational unit (OU) for R&D and apply a more stringent security policy to the OU. -
b. Create an R&D domain and modify the domain password policy. -
c. Create a universal group for employees in the R&D department and configure a tighter security policy for that universal group . -
d. Move the R&D operation to a separate forest and create a special forest security policy. | | A4: | The correct answer is b. Password policies are set at the domain level, so to enforce more stringent requirements, a separate domain must be created. Otherwise, the tighter policy will apply to all employees. Answer a is incorrect because password security parameters cannot be set at the OU level. Answer c is incorrect because Group Policy cannot be applied to members of a security group. Answer d is incorrect because, again, security policy is set at the domain level. Although you could do this in a separate forest, the administration issues raised by such an approach make it unrealistic . | | Question 5 | Which steps must still be taken before Windows 2000 can be deployed at Neptune Watercraft? [Select two.] -
a. Obtain a registered domain name for Long Lake Boats. -
b. Upgrade the WAN link from headquarters to Trident Power Boats. -
c. Upgrade the WAN link from headquarters to Long Lake Boats. -
d. Determine a DNS strategy regarding the existing Unix-based DNS servers. | | A5: | The correct answers are a and d. Even if Long Lake Boats has no plans for an Internet presence, it is important to register the name, which will be used in Active Directory, just in case Internet connectivity becomes an important issue. Neptune also needs to determine what should be done with the existing DNS infrastructure because there are no plans for migration or upgrade at the present time. Answer b is incorrect because a 384Kbps link is more than adequate for Active Directory. Likewise, answer c is incorrect. Because all Neptune subsidiaries are run fairly independently of the home office, Long Lake Boats will have its own domain. Therefore, SMTP replication can be used over the 56Kbps circuit. | | Question 6 |  | By default, where is the Schema Operations Master located? [Select all that apply.] | -
a. neptune-ob.com -
b. tridentboats.com -
c. na-boatwear.com -
d. neptuneboats.com -
e. na-neptune.com | | A6: | Answers c and d are correct because both are the forest root domains in their respective Active Directory forests. Answers a and b are incorrect because they are not the parent company for Neptune Watercraft and therefore should not be the forest root. Answer e is incorrect because it is not a domain in either forest. | | Question 7 | Because NA Boatwear is physically located in the Neptune Watercraft headquarters, the IT director has asked whether the two domains should be placed in the same site. Can both companies share the same site? | | A7: | The correct answer is b because the domains are in different forests. A forest defines the boundaries of an Active Directory implementation, and sites are defined in a single Active Directory. Therefore, the two domains cannot share a single site. Also, because no replication exists between forests, sites don't need to be used to manage interforest replication. | | Question 8 | Competition Sailcraft and Seven Seas Yachts share offices in a northern suburb of Boston. Because of their proximity, they have been placed in the same Active Directory site. Users at both companies need access to a special sail design application. How can this application be distributed to users at both companies? [Select all that apply.] -
a. Create a Group Policy Object (GPO) to publish the software to users in either domain and link it to the shared site. -
b. Create a GPO in the comp-sail.com domain to publish the software to users and link it to the Sailmaker OU. -
c. Create a GPO in the comp-sail.com domain to publish the software to users and link it to both the comp-sail.com domain and the sevenseas-yachts.com domain. -
d. Create GPOs to publish the software to users in both the comp-sail.com domain and the sevenseas-yachts.com domain. -
e. Create a GPO in the forest root domain, neptuneboats.com , and use universal group filtering to prevent application to anyone outside the comp-sail.com domain and the sevenseas-yachts.com domain. | | A8: | Answers a, c, and d are correct. Answer a takes advantage of the fact that both companies share the same site. The disadvantage to this approach is that the administrators in the domain in which the GPO was not created have no control over the GPO. The same drawback holds true for answer c. Answer d gives the administrators of both domains control over the software distribution process, but there is a possibility of inconsistent deployment because two separate GPOs are created. Answer b is incorrect because the application will not be distributed to Seven Seas Yachts. Answer e is incorrect because domains are security boundaries and creating a GPO in the forest root domain has no effect on the other domains in the forest. | | Question 9 | Which steps must be taken so that users in the tridentboat.com domain can access resources in the neptune-ob.com domain? -
a. A two-way, transitive Kerberos trust must be created between the domains. -
b. Two one-way, NT-style trusts must be created between the domains. -
c. Nothing needs to be done. -
d. A shortcut trust should be created between the two domains. | | A9: | The correct answer is c. Two-way, transitive Kerberos trusts are automatically created between parent and child domains as well as between the root domains in a multiple-tree forest. Answers a and d are incorrect because a trust already exists between the two domains, so there would be no benefit to creating another one. Answer b is also incorrect ”because a two-way, transitive trust is already in place, there is no reason to create an NT-style trust. | | Question 10 | For the Neptune enterprise, drag the appropriate Active Directory object from the second list to the domain in the first list where the object should be found. Not all objects may be used, and some might be used more than once. Domains: neptuneboats.com domain r-d.comp-sail.com domain na-boatwear.com domain Active Directory objects: Schema Admins group Domain Admins group Enterprise Admins group Users container Domain Controllers OU The correct answer is as follows: neptuneboats.com domain: Schema Admins group Domain Admins group Enterprise Admins group Users container Domain Controllers OU r-d.comp-sail.com domain: Domain Admins group Domain Controllers OU Users container na-boatwear.com domain: Schema Admins group Domain Admins group Enterprise Admins group Users container Domain Controllers OU |  |
