A server named CA1 has the Active Directory Certificate Services server role installed and is configured as an enterprise root certification authority (CA) named ProsewareC

###BeginCaseStudy###
Case Study: 2
Proseware Inc
General Overview
Proseware Inc., is a manufacturing company that has 4,000 employees.
Proseware works with a trading partner named Fabrikam, Inc.
Physical Locations
Proseware has a main office and two branch offices. The main office is located in London.
The branch offices are located in Madrid and Berlin. Proseware has a sales department based
in the London office and a research department based in the Berlin office.
The offices connect to each other by using a WAN link. Each office connects directly to the
Internet.
Proseware rents space at a hosting company. All offices have a dedicated WAN link to the
hosting company. Web servers that are accessible from the Internet are located at the hosting
company.
Active Directory
The Proseware network contains an Active Directory forest named proseware.com. The
forest contains a single domain. The forest functional level is Windows Server 2012.
Each office contains three domain controllers. An Active Directory site is configured for each
office.
System state backups are performed every day on the domain controllers by using System
Center 2012 R2 Data Protection Manager (DPM).
Virtualization

Proseware has Hyper-V hosts that run Windows Server 2012 R2. Each Hyper-V host
manages eight to ten virtual machines. The Hyper-V hosts are configured as shown in the
following table.

All of the Hyper-V hosts store virtual machines on direct-attached storage (DAS).
Servers
All servers run Windows Server 2012 R2. All of the servers are virtualized, except for the
Hyper-V hosts.
VDI1 and VDI2 use locally attached storage to host virtual hard disk (VHD) files. The VHDs
use the .vhd format.
A line-of-business application named SalesApp is used by the sales department and runs on a
server named APP1. APP1 is hosted on HyperV2.
A server named CA1 has the Active Directory Certificate Services server role installed and is
configured as an enterprise root certification authority (CA) named ProsewareCA.
Ten load-balanced web servers hosted on HyperV7 and HyperV8 run the Internet-facing web
site that takes orders from Internet customers.
System Center 2012 R2 Operations Manager is used to monitor the health of the servers on
the network.
All of the servers are members of the proseware.com domain, except for the servers located
in the perimeter network.
Client Computers
All client computers run either Windows 8.1 or Windows 7. Some of the users in the London
office connect to pooled virtual desktops hosted on VDI1 and VDI2.
Problem Statements
Proseware identifies the following issues on the network:
Virtualization administrators report that the load on the Hyper-V hosts is inconsistent. The
virtualization administrators also report that administrators fail to account for host utilization
when creating new virtual machines.
Users in the sales department report that they experience issues when they attempt to access
SalesApp from any other network than the one in the London office.
Sometimes, configuration changes are not duplicated properly across the web servers,
resulting in customer ordering issues. Web servers are regularly changed.
Demand for virtual desktops is increasing. Administrators report that storage space is
becoming an issue as they want to add more virtual machines.

In the past, some personally identifiable information (PII) was exposed when paper shredding
procedures were not followed.
Requirements
Planned Changes
Proseware plans to implement the following changes on the network:
• Implement a backup solution for Active Directory.
• Relocate the sales department to the Madrid office.
• Implement System Center 2012 R2 components, as required.
• Protect email attachments sent to Fabrikam that contain PII data so that the
attachments cannot be printed.
• Implement System Center 2012 R2 Virtual Machine Manager (VMM) to manage the
virtual machine infrastructure. Proseware does not plan to use private clouds in the
near future.
• Deploy a new Hyper-V host named RESEARCH1 to the Berlin office. RESEARCH1
will be financed by the research department. All of the virtual machines deployed to
RESEARCH1 will use VMM templates.
Technical Requirements
Proseware identifies the following virtualization requirements:
• The increased demand for virtual desktops must be met.
• Once System Center is deployed, all of the Hyper-V hosts must be managed by using
VMM.
• If any of the Hyper-V hosts exceeds a set number of virtual machines, an
administrator must be notified by email.
• Network administrators in each location must be responsible for managing the HyperV hosts in their respective location. The management of the hosts must be performed
by using VMM.
• The network technicians in each office must be able to create virtual machines in their
respective office. The network technicians must be prevented from modifying the host
server settings.
• New virtual machines must be deployed to RESEARCH1 only if the virtual machine
template used to create the machine has a value specified for a custom property
named CostCenter’ that matches Research’.
The web site configurations must be identical on all web servers.
Security Requirements
Proseware identifies the following security requirements:
• All email messages sent to and from Fabrikam must be encrypted by using digital
certificates issued to users by the respective CA of their company. No other
certificates must be trusted between the organizations.
• Microsoft Word documents attached to email messages sent from Proseware to
Fabrikam must be protected.
• Privileges must be minimized, whenever possible.
###EndCaseStudy###

You need to implement a solution for the email attachments.
Both organizations exchange root CA certificates and install the certificates in the relevant stores.
You duplicate the Enrollment Agent certificate template and generate a certificate based on the new
template.
Which additional two actions should you perform? Each correct answer presents part of the
solution.

###BeginCaseStudy###
Case Study: 2
Proseware Inc
General Overview
Proseware Inc., is a manufacturing company that has 4,000 employees.
Proseware works with a trading partner named Fabrikam, Inc.
Physical Locations
Proseware has a main office and two branch offices. The main office is located in London.
The branch offices are located in Madrid and Berlin. Proseware has a sales department based
in the London office and a research department based in the Berlin office.
The offices connect to each other by using a WAN link. Each office connects directly to the
Internet.
Proseware rents space at a hosting company. All offices have a dedicated WAN link to the
hosting company. Web servers that are accessible from the Internet are located at the hosting
company.
Active Directory
The Proseware network contains an Active Directory forest named proseware.com. The
forest contains a single domain. The forest functional level is Windows Server 2012.
Each office contains three domain controllers. An Active Directory site is configured for each
office.
System state backups are performed every day on the domain controllers by using System
Center 2012 R2 Data Protection Manager (DPM).
Virtualization

Proseware has Hyper-V hosts that run Windows Server 2012 R2. Each Hyper-V host
manages eight to ten virtual machines. The Hyper-V hosts are configured as shown in the
following table.

All of the Hyper-V hosts store virtual machines on direct-attached storage (DAS).
Servers
All servers run Windows Server 2012 R2. All of the servers are virtualized, except for the
Hyper-V hosts.
VDI1 and VDI2 use locally attached storage to host virtual hard disk (VHD) files. The VHDs
use the .vhd format.
A line-of-business application named SalesApp is used by the sales department and runs on a
server named APP1. APP1 is hosted on HyperV2.
A server named CA1 has the Active Directory Certificate Services server role installed and is
configured as an enterprise root certification authority (CA) named ProsewareCA.
Ten load-balanced web servers hosted on HyperV7 and HyperV8 run the Internet-facing web
site that takes orders from Internet customers.
System Center 2012 R2 Operations Manager is used to monitor the health of the servers on
the network.
All of the servers are members of the proseware.com domain, except for the servers located
in the perimeter network.
Client Computers
All client computers run either Windows 8.1 or Windows 7. Some of the users in the London
office connect to pooled virtual desktops hosted on VDI1 and VDI2.
Problem Statements
Proseware identifies the following issues on the network:
Virtualization administrators report that the load on the Hyper-V hosts is inconsistent. The
virtualization administrators also report that administrators fail to account for host utilization
when creating new virtual machines.
Users in the sales department report that they experience issues when they attempt to access
SalesApp from any other network than the one in the London office.
Sometimes, configuration changes are not duplicated properly across the web servers,
resulting in customer ordering issues. Web servers are regularly changed.
Demand for virtual desktops is increasing. Administrators report that storage space is
becoming an issue as they want to add more virtual machines.

In the past, some personally identifiable information (PII) was exposed when paper shredding
procedures were not followed.
Requirements
Planned Changes
Proseware plans to implement the following changes on the network:
• Implement a backup solution for Active Directory.
• Relocate the sales department to the Madrid office.
• Implement System Center 2012 R2 components, as required.
• Protect email attachments sent to Fabrikam that contain PII data so that the
attachments cannot be printed.
• Implement System Center 2012 R2 Virtual Machine Manager (VMM) to manage the
virtual machine infrastructure. Proseware does not plan to use private clouds in the
near future.
• Deploy a new Hyper-V host named RESEARCH1 to the Berlin office. RESEARCH1
will be financed by the research department. All of the virtual machines deployed to
RESEARCH1 will use VMM templates.
Technical Requirements
Proseware identifies the following virtualization requirements:
• The increased demand for virtual desktops must be met.
• Once System Center is deployed, all of the Hyper-V hosts must be managed by using
VMM.
• If any of the Hyper-V hosts exceeds a set number of virtual machines, an
administrator must be notified by email.
• Network administrators in each location must be responsible for managing the HyperV hosts in their respective location. The management of the hosts must be performed
by using VMM.
• The network technicians in each office must be able to create virtual machines in their
respective office. The network technicians must be prevented from modifying the host
server settings.
• New virtual machines must be deployed to RESEARCH1 only if the virtual machine
template used to create the machine has a value specified for a custom property
named CostCenter’ that matches Research’.
The web site configurations must be identical on all web servers.
Security Requirements
Proseware identifies the following security requirements:
• All email messages sent to and from Fabrikam must be encrypted by using digital
certificates issued to users by the respective CA of their company. No other
certificates must be trusted between the organizations.
• Microsoft Word documents attached to email messages sent from Proseware to
Fabrikam must be protected.
• Privileges must be minimized, whenever possible.
###EndCaseStudy###

You need to implement a solution for the email attachments.
Both organizations exchange root CA certificates and install the certificates in the relevant stores.
You duplicate the Enrollment Agent certificate template and generate a certificate based on the new
template.
Which additional two actions should you perform? Each correct answer presents part of the
solution.

A.
Request cross-certification authority certificates.

B.
Create Capolicy.inf files.

C.
Request subordinate CA certificates.

D.
Create Policy.inf files.



Leave a Reply 0

Your email address will not be published. Required fields are marked *