Topic 2
2, Weyland Technical Solutions (WTS) Ltd.
Company Background
Weyland Technical Solutions is an IT company who provide hosted or managed services to small
to medium-sized companies in central USA
The company is located in a single site in Weyland,
Kansas.
The company currently has 1500 employees.
Existing Environment
Existing Active Directory Environment
The network consists of a single Windows Server 2008 R2 Active Directory Domain Services (AD
DS) domain named WTSltd.com. The forest functional level is Windows Server 2008.
The network contains four physical domain controllers. All domain controllers are configured as
DNS Servers.
Network Infrastructure
The network is divided into four subnets. All servers are located in a data center located in the
WTS site.
The data center includes the following servers:
Four physical Windows Server 2008 R2 DHCP Servers.
Eight physical Windows Server 2008 R2 file servers.
Six physical Windows Server 2008 R2 print servers.
Four physical Windows Server 2008 R2 domain controllers.
One physical Windows Server 2008 R2 HyperV host server.
All client computers run either Windows 7 or Windows 8.
Business Requirements
Planned Changes
Deploy new Windows Server 2012 Hyper-V host servers.
Implement a VPN solution for external workers.
Implement RADIUS authentication for the VPN connections.
Implement Network Access Protection (NAP).
Implement Active Directory Recycle Bin
Technical Requirements
Weyland Technical Solutions has the following technical requirements:
Migrate all servers to Windows Server 2012.
Virtualize existing physical servers where possible.
Deploy virtual domain controllers using virtual machine cloning.
DHCP IP address leases must be logged centrally.
Centrally manage Network Access Protection (NAP) policies.
************************************************************
You work for a company named Testking.com. Your role of Network Administrator includes the
management of the companys Windows 2012 Active Directory Domain Services (AD DS) domain.
You use IP Address Management (IPAM) on a Windows Server 2012 server named TK-IPAM1 to
manage the DHCP and DNS servers in the network.
You add a Technician named John to the local administrators group on a DHCP server named TK-DHCP1. John logs in locally to TK-DHCP1 and successfully modifies a DHCP scope.
John attempts to modify another DHCP scope on TK-DHCP1 by using IPAM. However, he
receives the following error:
One of more IPAM database errors occurred. Run the IPAM configuration task to synchronize
the database with newly applied settings on managed servers.
You verify that John is a member of the IPAM Users group on TK-IPAM1.
How can you enable John to use IPAM to modify DHCP scopes?
A.
By running the Export-IpamAddress PowerShell cmdlet on TK-IPAM1.
B.
By adding John to the IPAM Audit Administrators group on TK-IPAM1
C.
By adding John to the DHCP Administrators group on TK-DHCP1.
D.
By adding John to the IPAM Administrators group on TK-IPAM1.
Why is this not C?
Isn’t D too much privilege?
John uses IPAM to make the change on the second scope, so the DHCP Administrator permission is not enough.
IPAM MSM Administrators would have been a suitable group as this defines people who can manage DNS and DHCP servers.
Not A as john does not need to export any IP address.
Not B as the IPAM IP audit administrators can only view IP address tracking data
Not C as Local Administrator privileges as it would give john too much permissions on the local server
He’s already member of the local Administrators group of the DHCP server so adding him to the DHCP Administrator won’t gave him more right.
What we don’t see here is that he’s no member of any IPAM group so even if you have Administative right on a DHCP server , the IPAM server will not let you modify or view it.
if he was member of “IPAM Users” then that will work.
D will give him too much access but it’s the only valid answer here.
Hope that help