Case Study Questions

1.  

When the web servers are moved so that Insane Systems host their own systems, what is the best option for supplying IP addresses to the servers?

1. Use a DHCP server from the internal network to supply the addresses to the web servers.

2. Use a DHCP server within the perimeter network to supply the addresses to the web servers.

3. Use a static address for the web servers.

4. Use APIPA for the web servers.

2.  

When designing how the web servers will be protected, how will you set up the firewall(s) so that you have the highest level of security for your internal network?

1. No firewalls

2. Bastion host

3. Three- homed firewall

4. Back-to-back firewall

3.  

Currently this scenario does not have any remote users, but administrators need to have remote administrative control of the servers at each location. What security measures should you take?

1. Configure a dial-up connection on each of the servers

2. Put each of the servers within the perimeter network

3. Create a request IPSec policy and assign it to the servers

4. Create a client IPSec policy and assign it to the administrator s workstations

4.  

When promoting the domain controllers for the San Jose and New York locations, which of the promotion methods would work the best?

1. Have the new staff at each location promote the domain controllers.

2. Have an administrator from the home office promote the domain controller at each site using remote control utilities.

3. Have the new staff at each location promote the domain controller at each site and have them provide backup media for the initial replication.

4. Have an administrator for the home office both promote the domain controller at each site using remote control utilities and specify the backup media for the initial replication.

5.  

Select the address assignment type and match it to the appropriate system(s).

1.  

C. If you use static addressing, you will not have to open ports on the firewall to allow the requests to pass to the internal DHCP server, nor will you have to place a DHCP server within the perimeter, which could pose a security concern. The web server addresses should also be set static so that the entries within the DNS servers for the Internet will resolve correctly and not have to be updated. APIPA will not work because the APIPA address is not usable on the Internet.

2.  

D. By using a back-to-back firewall option, you will have two firewalls protecting the internal network.

3.  

C, D. To make sure that the administrators are using a secure connection when they are managing the servers, you could create IPSec policies for the servers and workstations that would use IPSec whenever the administrators connect to them.

4.  

D. Because the new staff at each location will have limited knowledge of Windows Server 2003 and Active Directory, the preferred method of promoting the domain controllers is to have a backup of Active Directory sent to each location and have the administrator promote the domain controller remotely. The staff at the location can insert the appropriate media when the system calls for it during promotion.

5.  

When addressing client systems you need to identify which clients need static or dynamic addressing. Intranet web servers should be configured with either a static address or a reservation should be set within the DHCP server. Using a reservation, the web server will always obtain the same IP address, but you can control the configuration options from the DHCP server. Most of the workstations can receive DHCP supplied addresses. DNS and DHCP servers should have static addresses.