Get Microsoft MCTS Training in your existing forest
12. At a local hospital, Exchange Server 2007 is almost constantly in use. Because most medi- cal records are secure pieces of information, these records are highly sensitive, but occasion- ally doctors will have to communicate with other physicians via email regarding patients under an extremely restrictive security policy, governed by legal documents. Accordingly, you have been asked to deploy a domain controller solution at most hospital branches that will allow doctors to log on at will in potentially vulnerable environments. Security is a must, and physicians must be able to access email. Which of the following is the best solution?
A. Deploy domain controllers at all branch locations with MCSE 2003 Certification BitLocker enabled. Enable single sign-on (SSO) with AD FS and require certificates to be used for each user.
B. Deploy a read-only domain controller in the areas that may be exposed and ensure that certificates are used to protect sensitive data.
C. Enable Active Directory Rights Management Services (AD RMS), and enable each phy- sician to secure their own files. Additionally, enable Windows BitLocker.
D. Deploy a read-only domain controller, and enable Windows BitLocker.
13. Phil, a new user in your engineering department, has been tasked with creating a new piece of hardware that drills microscopic holes in pieces of fiber. According to Phil, the budget
for this project is in excess of $2 million. Additionally, Phil has asked that he be allowed to administer his own individual Windows NT server so that he can accommodate legacy user demands with the device. As the lead administrator for this 12,000-person company, what design choice would be your best decision?
A. Create a new forest. Inside this forest assign the root domain to Phil, and give Phil administrative privileges.
B. Implement a read-only domain controller. Add Phil as the administrator of this domain controller, and add the backup domain controller feature.
C. Create a new forest. Inside the forest, create a new domain, and make Phil the adminis- trator of this domain.
D. Create a new domain in your existing forest, and enable the primary domain controller emulator. Then, implement the design model for autonomy.
14. In your large enterprise, your administrators have become constantly burdened by the need to keep up with the excessive amount of file permission reassignment that is required for
certain important documents, including Excel spreadsheets and email. Accordingly, you are seeking to implement an elegant solution to this problem. What would you recommend?
A. Enable Active Directory Rights Management Services (AD RMS), and allow users to assign their own file permissions.
B. Create a template for each file situation, and enable delegation of this template to indi- vidual users in your environment.
C. Elevate the authority of your standard user to server operators, allowing them to assign their own policies.
D. Enable Active Directory Domain MCTS Windows 7 Configuration Services with DNS enabled.
15. Within your organization, you have three sites: Tokyo, Madrid, and New York City. From Tokyo to New York, you have a site link running over a T3 line at 45Mbps. From New
York to Madrid, users are connected via a 1.544Mb T1 line. To connect Tokyo to Madrid, what should you recommend to your network administrator?
A. Create a new site link between Tokyo and Madrid.
B. Create a site-link bridge by maintaining a transitive link between the two existing site links.
C. Enable remote logins for your Tokyo users, and extend a two-way transitive trust from your Tokyo to Madrid location.
D. Enable remote logins for your Madrid users, and extend a two-way transitive trust from your Tokyo to Madrid location.
Answers to Review Questions
12. D. In a situation like this, the most important criteria are that the domain controllers be read-only, so that the information cannot be read if compromised, and that the hard drive?s data be secured with BitLocker. This way, even if the hard drive is removed, the contents will not be useful to an intruder.
13. D. C is a very tempting option for this design but ultimately incorrect. The reason for this is that C would be designed using the isolation model, which isn?t necessarily required for this design. Instead, you can use the autonomous model and still maintain control of your enterprise while implementing the required Windows legacy NT support and keeping over- all control of the network.
14. A. Active Directory Rights Management Services is an administrative tool that allows administrators to enable users to assign speci?c rights to their ?les. To enable this feature, you must manually set it up and have access to a database server, such as Microsoft SQL Server 2008.
15. B. The best way to connect two sites that already have existing site links is to use a site-link bridge. By default, when you’re creating sites, the Bridge All Site Links option is enabled. Thus, it’s recommended you keep this enabled so you’ll be able to communicate through preexisting sites.
Processing your request, Please wait....
