Chapter 11. Answer Key


For asterisked items, refer to the text in this chapter for the answer or completed diagram, as appropriate.

1.1 b, c

1.2 c

1.3 d

1.4 *

1.5 *

1.6 a

1.7 a, c

1.8 c

2.1 a

2.2 c

2.3 b

2.4 *

2.5 c

2.6 *

2.7 a

2.8 a, d

3.1 d

3.2 b

3.3 c

3.4 *

3.5 *

3.6 a

3.7 c

3.8 a, b, d, e

3.9 b

3.10 a, c

4.1 b

4.2 a

4.3 a

4.4 b, d

4.5 a

4.6 *

4.7 c

4.8 *

5.1 b

5.2 b

5.3 c

5.4 a

5.5 b

5.6 c, d

5.7 a, b

5.8 *

6.1 *

6.2 a, c

6.3 b

6.4 *

6.5 c

6.6 b

6.7 *

6.8 b, c, d

Question 1.1

The correct answers are b and c. From the scenario, the need to delegate administration while retaining tight control over resources was expressed . Answer a is incorrect because it is a technical issue, not a business issue. Answer d is incorrect because the business users never discussed a schema-modification policy.

Question 1.2

The correct answer is c. Domain naming context replication requires RPC over IP, and running RPC reliably over a 56Kbps Frame Relay circuit is impossible . Without an upgrade, each field office would have to be a domain. Answer a is therefore incorrect. Answer b is incorrect because an upgrade of WAN connections to 256Kbps is not sufficient to change site boundaries. Answer d is incorrect because WAN link speeds have no impact on the number of cross-link trusts needed in a domain.

Question 1.3

The correct answer is d. Sites are areas of good network connectivity, and none of the WAN connections is robust enough to consider combining locations into one site. Therefore, answers a, b, and c are incorrect because they require combining one or more locations together into a single site.

Question 1.4

The correct answer is as follows :

Alberta corporate headquarters:

Domain controller

DNS server

Schema Operations Master

PDC Emulator

Global Catalog Server

Johannesburg regional office:

Domain controller

DNS server

Global Catalog Server

Lima regional office:

Domain controller

DNS server

Global Catalog Server

Chile field office:

Domain controller

DNS server

Global Catalog Server

Note that the regional offices and field offices are configured in a similar manner. Because the regional offices have more employees , additional domain controllers might be deployed. Otherwise, the sound design practice of placing a DNS server and a Global Catalog Server at each site is maintained .

Question 1.5

The correct answer is shown in Figure 11.1.

Figure 11.1. System administration tasks delegated.

graphics/11fig01.gif

Note that security tasks and Group Policy design are typically done at the domain level. The remainder of the tasks are assigned based on the scenario text.

Question 1.6

The correct answer is a. Golden Sun Mining has deployed Active Directory with two levels of geographical organizational units (OUs): regional offices and field offices. Therefore, answers b, c, and d cannot be correct.

Question 1.7

The correct answers are a and c. Because the external Web server needs to be accessed from the internal network, a host record needs to be added to the Windows 2000 DNS. Dynamic update should also be enabled, if only to simplify the task of adding more domain controllers.

Answer b is incorrect because nothing in the business requirement calls for Unicode hostnames. It is a better practice to permit only RFC-compliant hostnames.

Answer d is actually correct, but it is the least correct of the correct answers given. Sometimes, Microsoft offers three answers that have varying degrees of correctness but asks for only two correct answers. In this case, you must select the most correct answers. Because Active Directory integration is the least important of the correct answers, it should not be selected.

Question 1.8

The correct answer is c. The Replicate Every variable, set to 180 minutes in the example, determines how often replication occurs. Answers a, b, and d are therefore incorrect.

Question 2.1

The correct answer is a. Madeleine Confectioners is the parent company, and its registered domain name is madeleine.com . Answer b is incorrect because Lone Star Sugars is the subsidiary company. Answers c and d are incorrect because neither is the registered domain name of Madeleine Confectioners.

Question 2.2

The correct answer is c. Lone Star Sugars will maintain its existing Internet identity, so the domain name of lonestarsugar.com will be retained. Answer a is completely incorrect because it would reflect a domain hierarchy in which Lone Star is the parent company. Answer b is incorrect because it implies that Lone Star should be a child domain of the madeleine.com root, and that runs counter to the Active Directory design criteria specified. Answer d is incorrect because it is the domain name of Madeleine Confectioners. This answer would be appropriate only if Lone Star were to become an OU within the Madeleine domain.

Question 2.3

The correct answer is b. The merged companies will share a single forest but maintain their individual DNS domain names , implying a disjoint namespace with two domain trees. Answer a is incorrect because two forests would make integration of the two companies' information more difficult. If Madeleine and Lone Star were to be operated completely independently of one another, two forests might be a better option, but this is not the case.

Answers c and d are incorrect because Madeleine and Lone Star will retain their domain names, thus requiring two trees in the forest.

Question 2.4

The correct answer is as follows:

lonestarsugar.com

PDC Emulator

RID Master

Infrastructure Master

madeleine.com

PDC Emulator

Schema Master

RID Master

Domain Naming Master

Infrastructure Master

Note that the difference between the two domains is that the Madeleine domain is the forest root domain and therefore will be home to the forest-wide Operations Master servers.

Question 2.5

The correct answer is c. Using the rule of one Global Catalog Server per site, with Madeleine's Jacksonville home office, the Lone Star office, and six sales offices, eight sites are necessary. Therefore, answers a, b, and d are incorrect. Note that Madeleine is a small company, so an additional Global Catalog Server isn't likely to be needed anywhere on the network.

Question 2.6

See Figure 11.2 for the answer to Question 2.6.

Figure 11.2. The OU structure for the Orlando sales office.

graphics/11fig02.gif

Note that the top-level OU is called Orlando Sales Office, not Orlando Management. An OU should be structured as a hierarchy of objects to be managed, and within the Orlando sales office, only the sales staff and office staff require special handling.

Question 2.7

The correct answer is a. Printers are Active Directory objects that can be placed in an OU for management purposes.

Question 2.8

The correct answers are a and d. Each site should have a Global Catalog Server and a DNS server. Answers b, c, and e are Domain Operations Masters, and only one will exist within a domain, regardless of the number of sites. Any of these Operations Masters could be moved to a sales office, but there is no reason to do so.

Question 3.1

The correct answer is d. BIND 8.1.2 works fine in a Windows 2000 environment, supporting both SRV records and dynamic update. Answer a is incorrect because there is no requirement for a specific vendor's DNS, just a feature set requirement. Answer b is incorrect because BIND 8.1.2 supports dynamic update, even from Windows 2000 client computers. Answer c is incorrect because, as of this writing, there is no BIND version 10.

Question 3.2

The correct answer is b. Sites are areas of good network connectivity, and the best site plan creates two sites for the home office (one for each building) and one site for each distribution center. Answer a is incorrect because 56Kbps Frame Relay is not adequate connectivity to create one site. Answer c is incorrect for the same reason. Finally, answer d is less correct than answer b. Although you could link the two San Francisco offices into one site, it would be better to split them at the T1 connection between buildings .

Question 3.3

The correct answer is c. Because SMTP is asynchronous, it ignores site link schedules, making answer d incorrect. Answers a and b are incorrect because RPC replication is extremely unreliable over 56Kbps connections.

Question 3.4

The correct answer is as follows:

Create an OU for each retail store.

Move all retail store employees into the appropriate OU.

Create a global group for the managers at each retail store, and add the manager user accounts to these global groups.

Create a domain local group for each store, and delegate approved administrative tasks to the members of the domain local group.

Add the store manager global group to the store administration domain local group membership.

Question 3.5

See Figure 11.3 for the correct answer.

Figure 11.3. Server roles.

graphics/11fig03.gif

The bridgehead server role should always be placed on the server with the most processor and RAM because it is responsible for the compression and decompression of intersite replication traffic. Therefore, it was placed on SFDC3.

A Global Catalog Server cannot reside on the same computer as the Infrastructure Operations Master. A GC Server requires extra processor and RAM, so server SFDC4 was made Global Catalog Server.

The Domain Naming Master has possibly the lightest overhead of all Operations Masters, so the role was transferred to the oldest technology server: SFDC1.

The RID Master should be placed on a reliable server, so SFDC2 was the logical choice.

Question 3.6

The correct answer is a. Intrasite replication occurs within 5 minutes. Although this value can be changed by modifying the Registry, it is not wise to do so. Answer b is incorrect because 180 minutes is the default replication interval for intersite replication. Answers c and d are also incorrect because intrasite replication is not scheduled.

Question 3.7

The correct answer is c. Currently, there is no way to have separate schemas for two domains in the same forest. Answer a is incorrect because, additionally, no inheritance exists between domains. Answer b is incorrect because adding a domain tree to a forest does not create a separate schema. Answer d is incorrect because only one Schema Operations Master can exist in a forest.

Question 3.8

The correct answers are a, b, d, and e. Answers a, b, and d are standard domain planning practices. Answer e provides a backup in case of WAN link failure. Note that the KCC will use the least-cost route between sites, so a slower link with a higher cost can serve as a backup route.

Answer c is incorrect because only one PDC emulator can exist per domain.

Question 3.9

The correct answer is b. With an analog dial-up line, bandwidth is insufficient for the RPC replication of the domain naming context. Therefore, unless each retail store becomes a domain, which was not specified, placing a domain controller in each store is impossible.

Question 3.10

The correct answers are a and c. For answer a, domain local groups can contain global groups from any domain. Answer c will generate some additional Global Catalog replication traffic but will group store managers together in a single universal group, thus enabling potentially easier administration.

Answer b is incorrect because global groups can contain only members from the same domain. Answer d is incorrect because, although allowing access to the sales data would work, it would generate a tremendous amount of Global Catalog replication traffic, which would be unacceptable over the slow 56Kbps Frame Relay circuits at Gramm.

Question 4.1

The correct answer is b. With Digital's decentralized management and strong regional office authority, regional domains are indicated. Answer a is incorrect because, although it is technically possible to use a single-domain model, this solution is contraindicated by the business model. Answer c is incorrect because Sysvol replication uses RPC, which works fine over a full T1 connection. Finally, answer d is incorrect because it goes counter to the business requirements as well as contains false information about maximum OU level depth.

Question 4.2

The correct answer is a. Although the regional offices are autonomous, the branches are closely controlled. This implies regional domains and branch OUs. Answers b, c, and d are incorrect because they all create one or more separate domains for the branch offices. Because domains are security boundaries, the capability to manage objects in another domain is very limited. Finally, answer e is incorrect because it implies a single-domain model, which has already been rejected due to the autonomy of the regional offices.

Question 4.3

The correct answer is a. Filtering allows you to link multiple Group Policy Objects to a single OU but have only one execute for a given group of users. Answer b is therefore incorrect because you don't need to create additional domains. Answer c is incorrect because, although it would work for Group Policy, it would ruin the administrative design. OUs should be structured for administration first and then for Group Policy. Finally, answer d does not really address the problem and would make managing the clerks' desktops impossible. The Users container cannot have Group Policy applied.

Question 4.4

The correct answers are b and d. Because site links are transitive by default, nothing needs to be done for replication to cross the two site links between Miami and Panama City. However, you can also create a site link bridge to give the KCC stronger hints about the path replication should take.

Answer a is incorrect, not because it would not work, but because replication can occur over multiple site links, even when an intermediate site has no domain controllers for the domain being replicated. Answer c is incorrect because there is currently no such thing as offline replication.

Question 4.5

The correct answer is a. However, the trust relationship will be an old-style NT one-way, nontransitive trust

Question 4.6

The correct answer is as follows:

New York site

North America domain

New York branch OU

Admin OU

HR OU

Use the acronym SDOU (site, domain, organizational unit) to help you remember the order in which Group Policy is applied.

Question 4.7

The correct answer is c. The director can manage the OU in which he was given permissions and any child OUs, namely Principals and Staff. Answer a is incorrect because it does not account for inheritance. Answers b and d are incorrect because they specify OUs that are not children of the Consulting OU.

Question 4.8

The correct answer is as follows:

New Orleans

Schema Master

DNS server

Domain controller

Global Catalog Server

RID Master

PDC Emulator

Domain Naming Master

New York

DNS server

Domain controller

Global Catalog Server

Buenos Aires

DNS server

Domain controller

Global Catalog Server

RID Master

PDC Emulator

Casablanca

DNS server

Domain controller

Global Catalog Server

Question 5.1

The correct answer is b. Because Traviano and the subsidiaries all have distinct registered domain names but need to operate as a single company, the single-forest-with-disjoint-namespace strategy is best. Answer a is incorrect because six forests would be very difficult to manage. Answer c is incorrect because the subsidiary companies would lose their unique DNS domain names if a contiguous namespace were created off the traviano.com root. Answer d is incorrect for much the same reason; plus, it ignores the business requirement of autonomy for the subsidiary publishers.

Question 5.2

The correct answer is b. Multiple domains can share the same site, just as a single domain can be spread over multiple sites.

Question 5.3

The correct answer is c. A separate domain tree will be created for each subsidiary, in addition to the Traviano domain tree. Note that all these domain trees will probably have only one domain, based on the business requirements stated in the scenario. Answers a, b, and d are incorrect for this reason.

Question 5.4

The correct answer is a. All domains in the same forest share a common Global Catalog and schema.

Question 5.5

The correct answer is b. A user must be a member of the Schema Admins group to update the schema. The Schema Admins group is defined only in the forest root domain, which in this case is traviano.com .

Answer a is incorrect because updates can be performed from any computer in the network, as long as the security context is that of a Schema Admins user. Answer c is incorrect because no separate Bard and Company schema exists. Answer d is incorrect because Enterprise Admins membership does not allow an administrator to update the schema. Finally, answer e is incorrect because the schema-replication topology is configured automatically for the forest.

Question 5.6

The correct answers are c and d. A PDC Emulator and RID Master are mandatory Operations Masters for a domain, so they must always be present.

Answers a and e are incorrect because these are forest-wide Operations Master roles, which are typically found in the root domain of the forest. Answer b is incorrect because a DNS server is not required in the domain, even though one would be highly recommended. The artisan.hk domain controllers could be pointed at DNS servers at another location, for example.

Question 5.7

The correct answers are a and b. Either approach will work correctly, although for answer a, make sure that the default setting for site link transitivity is still set.

Answer c is incorrect because, even if the KCC could correctly calculate an intrasite replication topology, it is a very poor idea to create a single site across a 384Kbps WAN link. Answer d is incorrect as well. Although it would work, most companies would not appreciate the additional telecom expense, especially when the original approach works.

Question 5.8

The correct answer is as follows:

traviano.com

Backup Operators

Schema Admins

Server Operators

Domain Admins

Enterprise Admins

piscespress.com

Backup Operators

Server Operators

Domain Admins

bard.co.uk

Backup Operators

Server Operators

Domain Admins

Question 6.1

The correct answer is as follows:

Atlanta

duboiswood.com

duboistools.com

Portland

duboiswood.com

Note that no child domains are required in the DuBois forest.

Question 6.2

The correct answers are a and c. The existing BIND 4.9.7 servers can be used for external resolution only, or they can host the four Active Directory-specific zones but delegate them to Windows 2000 DNS servers (or any other DNS that supports dynamic update).

Answer b is incorrect because of the statement that BIND 4.9.7 supports dynamic update. Answer d is incorrect because the business requirements specifically state that DNS will not be upgraded at this time.

Question 6.3

The correct answer is b. DuBois clearly uses an organizational management structure. Therefore, answers a, c, and d are incorrect.

Question 6.4

The correct answer is shown in Figure 11.4.

Figure 11.4. The Active Directory structure for DuBois Forest Products.

graphics/11fig04.gif

Because the Woodworking Tools division has a strong degree of autonomy, as well as its own registered DNS domain name, it belongs in a separate domain.

Question 6.5

The correct answer is c. Both the duboiswood.com and duboistools.com domains are in the Atlanta site, and the PDC Emulator Operations Master is a domain-wide role. Therefore, answers a, b, and d are incorrect.

Question 6.6

The correct answer is b. The duboiswood.com domain spans the Atlanta and Portland sites. The domain-naming context portion of Active Directory cannot replicate over SMTP. Sysvol replication also cannot be performed over an SMTP site link.

Question 6.7

The correct answer is as follows:

BIND 4.8.3

No features

BIND 4.9.7

SRV record support

BIND 8.1.2

SRV record support

Dynamic update

Incremental zone transfers

Windows 2000 DNS

SRV record support

Dynamic update

Secure dynamic update

Active Directory integration

Unicode hostnames

Incremental zone transfers

Question 6.8

The correct answers are b, c, and d. The schema- and configuration-naming contexts are replicated to all domain controllers in a forest. The Global Catalog is replicated to all Global Catalog Servers in a forest. Answers a and e are incorrect because both the domain-naming context and Sysvol replication occur only between domain controllers in the same domain.



MCSE Active Directory Services Design. Exam Cram 2 (Exam Cram 70-219)
MCSE Windows 2000 Active Directory Services Design Exam Cram 2 (Exam Cram 70-219)
ISBN: 0789728648
EAN: 2147483647
Year: 2003
Pages: 148

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net