Which three actions should you recommend performing in sequence?

DRAG DROP

###BeginCaseStudy###
Case Study: 4
Northwind Traders
Overview
Northwind Traders is a retail company.
The company has offices in Montreal and San Diego. The office in Montreal has 1,000 client
computers. The office in San Diego has 100 computers. The computers in the San Diego
office are often replaced. The offices connect to each other by using a slow WAN link. Each
office connects directly to the Internet.
Existing Environment
Active Directory Environment

The network contains an Active Directory forest named northwindtraders.com. The forest
contains two domains named northwindtraders.com and west.northwindtraders.com. All
servers run Windows Server 2012 R2.
All client computers run Windows 7.
Each office is configured as an Active Directory site. The site in the Montreal office is named
Site1. The site in the San Diego office is named Site2.
The forest contains four domain controllers. The domain controllers are configured as shown
in the following table.

DC1, DC2, and DC3 are writable domain controllers. R0DC1 is read-only domain controller
(RODC). All DNS zones are Active Directory-integrated. All zones replicate to all of the
domain controllers.
All of the computers in the San Diego office are configured to use RODC1 as their only DNS server.
The northwindtraders.com domain contains a Group Policy object (GPO) named GPO1.
GP01 is applied to all of the users in the Montreal office.
All of the user accounts for the Montreal users are in the northwindtraders.com domain. All
of the user accounts for the San Diego users are in the west.northwindtraders.com domain.
Network Environment
Site1 contains the member servers in the northwindtraders.com domain shown in the
following table.

Server1 connects to SAN storage that supports Offloaded Data Transfer (ODX). All virtual
hard disks (VHDs) are stored on the SAN.
A web application named App1 is installed on Servers.
Server3 has a shared folder that contains sales reports. The sales reports are read frequently
by the users in both offices. The reports are generated automatically once per week by an
enterprise resource planning (ERP) system.

A perimeter network in the Montreal office contains two standalone servers. The servers are
configured as shown in the following table.

The servers in the perimeter network are accessible from the Internet by using a domain name
suffix of public.northwindtraders.com.
Each administrator has a management computer that runs Windows 8.1.
Requirements
Planned Changes
Northwind Traders plans to implement the following changes:
On Server1, create four virtual machines that run Windows Server 2012 R2. The servers will
be configured as shown in the following table.

• Configure IP routing between Site1 and the network services that Northwind Traders
hosts in Windows Azure.
• Place a domain controller for the northwindtraders.com domain in Windows Azure.
• Upgrade all of the computers in the Montreal office to Windows 8.1.
• Purchase a subscription to Microsoft Office 365.
• Configure a web application proxy on Server6.
• Configure integration between VMM and IPAM.
• Apply GPO1 to all of the San Diego users.
• Connect Site1 to Windows Azure.
Technical Requirements
Northwind Traders must meet the following technical requirements:
• All virtual machines must use ODX.
• Users must be able to access App1 from the Internet.
• GPO1 must not be applied to computers that run Windows 8.1.
• All DNS zones must replicate only to DC1, DC2, and DC3.
• All computers must be able to resolve names by using a local DNS server.
• If a WAN link fails, users must be able to access all of the sales reports.
• The credentials for accessing Windows Azure must be permanently stored.
• The on-premises network must be connected to Windows Azure by using Server4.
• The administrators must be able to manage Windows Azure by using Windows
PowerShell.

• The number of servers and services deployed in the San Diego office must be
minimized.
• Active Directory queries for the objects in the forest must not generate WAN traffic,
whenever possible.
Security Requirements
Northwind Traders identifies the following security requirements:
• Ensure that all DNS zone data is encrypted when it is replicated.
• Minimize the number of permissions assigned to users and
administrators, whenever possible. Prevent an Active Directory Domain
Services (AD DS) attribute named SSNumber from replicating to Site2.
• Ensure that users can use their northwindtraders.com user account to
access the resources hosted in Office 365.
• Prevent administrators from being required to re-enter their credentials
when they manage Windows Azure from approved management computers.
###EndCaseStudy###

You need to recommend a solution for managing Windows Azure.
Which three actions should you recommend performing in sequence? To answer, move the
appropriate actions from the list of actions to the answer area and arrange them in the correct order.

DRAG DROP

###BeginCaseStudy###
Case Study: 4
Northwind Traders
Overview
Northwind Traders is a retail company.
The company has offices in Montreal and San Diego. The office in Montreal has 1,000 client
computers. The office in San Diego has 100 computers. The computers in the San Diego
office are often replaced. The offices connect to each other by using a slow WAN link. Each
office connects directly to the Internet.
Existing Environment
Active Directory Environment

The network contains an Active Directory forest named northwindtraders.com. The forest
contains two domains named northwindtraders.com and west.northwindtraders.com. All
servers run Windows Server 2012 R2.
All client computers run Windows 7.
Each office is configured as an Active Directory site. The site in the Montreal office is named
Site1. The site in the San Diego office is named Site2.
The forest contains four domain controllers. The domain controllers are configured as shown
in the following table.

DC1, DC2, and DC3 are writable domain controllers. R0DC1 is read-only domain controller
(RODC). All DNS zones are Active Directory-integrated. All zones replicate to all of the
domain controllers.
All of the computers in the San Diego office are configured to use RODC1 as their only DNS server.
The northwindtraders.com domain contains a Group Policy object (GPO) named GPO1.
GP01 is applied to all of the users in the Montreal office.
All of the user accounts for the Montreal users are in the northwindtraders.com domain. All
of the user accounts for the San Diego users are in the west.northwindtraders.com domain.
Network Environment
Site1 contains the member servers in the northwindtraders.com domain shown in the
following table.

Server1 connects to SAN storage that supports Offloaded Data Transfer (ODX). All virtual
hard disks (VHDs) are stored on the SAN.
A web application named App1 is installed on Servers.
Server3 has a shared folder that contains sales reports. The sales reports are read frequently
by the users in both offices. The reports are generated automatically once per week by an
enterprise resource planning (ERP) system.

A perimeter network in the Montreal office contains two standalone servers. The servers are
configured as shown in the following table.

The servers in the perimeter network are accessible from the Internet by using a domain name
suffix of public.northwindtraders.com.
Each administrator has a management computer that runs Windows 8.1.
Requirements
Planned Changes
Northwind Traders plans to implement the following changes:
On Server1, create four virtual machines that run Windows Server 2012 R2. The servers will
be configured as shown in the following table.

• Configure IP routing between Site1 and the network services that Northwind Traders
hosts in Windows Azure.
• Place a domain controller for the northwindtraders.com domain in Windows Azure.
• Upgrade all of the computers in the Montreal office to Windows 8.1.
• Purchase a subscription to Microsoft Office 365.
• Configure a web application proxy on Server6.
• Configure integration between VMM and IPAM.
• Apply GPO1 to all of the San Diego users.
• Connect Site1 to Windows Azure.
Technical Requirements
Northwind Traders must meet the following technical requirements:
• All virtual machines must use ODX.
• Users must be able to access App1 from the Internet.
• GPO1 must not be applied to computers that run Windows 8.1.
• All DNS zones must replicate only to DC1, DC2, and DC3.
• All computers must be able to resolve names by using a local DNS server.
• If a WAN link fails, users must be able to access all of the sales reports.
• The credentials for accessing Windows Azure must be permanently stored.
• The on-premises network must be connected to Windows Azure by using Server4.
• The administrators must be able to manage Windows Azure by using Windows
PowerShell.

• The number of servers and services deployed in the San Diego office must be
minimized.
• Active Directory queries for the objects in the forest must not generate WAN traffic,
whenever possible.
Security Requirements
Northwind Traders identifies the following security requirements:
• Ensure that all DNS zone data is encrypted when it is replicated.
• Minimize the number of permissions assigned to users and
administrators, whenever possible. Prevent an Active Directory Domain
Services (AD DS) attribute named SSNumber from replicating to Site2.
• Ensure that users can use their northwindtraders.com user account to
access the resources hosted in Office 365.
• Prevent administrators from being required to re-enter their credentials
when they manage Windows Azure from approved management computers.
###EndCaseStudy###

You need to recommend a solution for managing Windows Azure.
Which three actions should you recommend performing in sequence? To answer, move the
appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer: See the explanation.

Explanation:
Box 1:

Box 2:

Box 3:



Leave a Reply 8

Your email address will not be published. Required fields are marked *


Bill Gates

Bill Gates

In order to run the Azure Powershell Module, you need to install the Microsoft Web Platform Installer…

Technically, the steps are :-

Microsoft Web Platform Installer
Add-AzureAccount
Get-AzurePublishSettingsFile
Import-AzurePublishSettingsFile
etc…

As the question asks “Which three actions should you recommend performing in sequence…” and nothing about what is or is not already installed, I’d start at the beginning… selecting the first three…

Microsoft Web Platform Installer
Add-AzureAccount
Get-AzurePublishSettingsFile

Khalid Garayev

Khalid Garayev

AS we see in the question it asks the 3 actions for managing Azure. And by my opinion it asks the main actions not steps. Then I think main actions will be

-Run the Microsoft Web Platform Installer (WEB PI)
-Get-AzurePublishSettinfsFile
-Import-AzurePublishSettingsFile

You already have Azure account (You registered account is Azure account) and that’s why you don’t need to add-add azure account. It’s an optional, you can add more Accounts.

http://www.serverwatch.com/server-tutorials/managing-windows-azure-resources-using-powershell.html

puck

puck

I would say:

Add-AzureAccount
Get-AzurePublishSettingsFile
Import-AzurePublishSettingsFile

I think we can assume from the fact that we are already “in” the powershell interface, since we are punching in Azure PS commands, that the Azure powershell interface is enabled. Also all the requirements point to us needing to load up our azure account, then fetch the certificate, then import it locally so the admins dont need to keep typing in their credentials.

I’d say, if you get this in the exam, write a comment explaining that the question is poorly worded and it is uncertain which information they require from us. Personally that’s what I would do, then I would explain how to install the PS command interface for azure etc.

puck

puck

Please disregard the above comment.

Answer is:

Microsoft Web Platform Installer
Add-AzureAccount
Get-AzurePublishSettingsFile
Import-AzurePublishSettingsFile
etc…

as the others say.

The administrators must be able to manage Windows Azure by using Windows
PowerShell.

So we need to enable PS for Azure with MS Platform Web Installer.

The steps follow in order, regardless of the requirements they ask you will need to add your azure account and then fetch the PublishSettingsFile.

puck

puck

Okay I was revising my notes. I feel very stupid, please read THIS. This is the correct answer as far as I can tell:

Microsoft Platform Web installer
Get-AzurePublishSettingsFile
Import-AzurePublishSettingsFile

The reason we skip the second step “Add-AzureAccount” is because that command is used to make Azure store the credentials on an Azure Virtual Machine, whereas Get-AzurePublishSettingsFile will download the certificate and then Import-AzurePublishSettingsFile will store it locally.

This makes the most sense, we have three criteria to meet…
1. ensure we can manage azure in powershell. Done with first step.
2. Ensure certificate is stored locally and NOT in Azure. This is done with steps 2 and 3.

IF we needed to store the certificate in azure then step two would be Add-AzureAccount.

Read this CAREFULLY and make note of what Add-AzureAccount does. It will make sense then:

http://blogs.technet.com/b/canitpro/archive/2013/11/06/set-by-step-manage-windows-azure-using-powershell.aspx