Which three actions should you perform in sequence?

###BeginCaseStudy###
Case Study: 6
Contoso Ltd Case C
Background
Overview
Contoso, Ltd., is a manufacturing company. The company has offices in Chicago and Seattle.
Each office contains two data centers. All of the data centers and sites for the company have
network connectivity to each other. The company uses a single Active Directory Domain
Services (AD DS) domain.

Contoso is growing rapidly and needs to expand its computer infrastructure.
Current Environment Chicago Office
The Chicago office contains a primary data center and a backup data center. A Hyper-V
cluster named Clusterl.contoso.com resides in the primary data center. The cluster has a
multiple network path configured. The cluster includes two unused SQL Server virtual
machines (VMs) named SQL-SERVER1 and SQL-SERVER2. The cluster also includes a
Hyper-V Host group named Chi-Primary.
Clusterl.contoso.com contains the following servers:
• CHI1-HVNODE1.contoso.com
• CHI1-HVNODE2.contoso.com
• CHI1-HVNODE3.contoso.com
• CHI1-HVNODE4.contoso.com
The backup data center for the Chicago office is located on a Hyper-V cluster named
Cluster2.contoso.com. The cluster has a single network path configured. The cluster includes
a Hyper-V Host group named Chi-Backup.
Cluster2.contoso.com contains the following servers:
• CHI2-HVNODEl.contoso.com
• CHI2-HVNODE2.contoso.com
• CHI2-HVNODE3.contoso.com
• CHI2-HVNODE4.contoso.com
In addition, the Chicago office contains two standalone Hyper-V servers named CHIHVSERVER1.contoso.com and CHI-HVSERVER2.contoso.com.
There are also four newly built servers:
• CHI-SERVERl.contoso.com
• CHI-SERVER2.contoso.com
• CHI-SERVER3.contoso.com
• CHI-SERVER4.contoso.com
All the servers in the Chicago office run Windows Server 2012. Any future servers that are
deployed in the Chicago office must also run Windows Server 2012.
All servers in the Chicaoo office use the subnet 10.20.xx.
Current Environment Seattle Office
The Seattle office contains a primary data center and a backup data center. The primary data
center is located on a Hyper-V cluster named Cluster3.contoso.com. The cluster has a
multiple network path configured. The cluster includes two unused SQL Server virtual
machines named SQL-SERVER3 and SQL-SERVERS The cluster includes a Hyper-V Host
group named Sea-Primary.
Cluster3.contoso.com contains the following servers:
• SEA3-HVNODEl.contoso.com
• SEA3-HVNODE2.contoso.com
• SEA3-HVNODE3.contoso.com
• SEA3-HVNODE4.contoso.com
The backup data center for the Seattle office is located on a Hyper-V cluster named
Cluster4.contoso.com. The cluster has a single network path configured. The cluster includes
a Hyper-V Host group named Sea-Backup.
Cluster4.contoso.com contains the following servers:
• SEA4-HVNODEl.contoso.com

• SEA4-HVNODE2.contoso.com
• SEA4-HVNODE3.contoso.com
• SEA4-HVNODE4.contoso.com
In addition, the Seattle office contains two standalone Hyper-V servers named SEAHVSERVERl.contoso.com and SEA-HVSERVER2.contoso.com.
There are also four newly built servers:
• SEA-SERVERl.contoso.com
• SEA-SERVER2.contoso.com
• SEA-SERVER3.contoso.com
• SEA-SERVER4.contoso.com
All servers in the Seattle office run Windows Server 2012 R2. Any future servers that are
deployed in the Seattle office must also run Windows Server 2012 R2.
All servers in the Seattle office use the subnet 10.10.x.x.
Business Requirements
Apps
Contoso plans to deploy new applications to make its departments more efficient.
App1
Contoso must create a new application named App1 for the human resources (HR)
department. The infrastructure for App1 must reside in a virtual environment and the data
files for App1 must reside on a single shared disk. In addition, the infrastructure for App1
must meet the following requirements:
• maximize data protection
• withstand the loss of a single guest virtual machine
• withstand the loss of a single physical server
To support App1, Contoso must deploy a new cluster named Applcluster.contoso.com. The
cluster has the following requirements:
• It must span multiple sites.
• It must support dynamic quorums.
• It must prevent failures caused by a 50% split.
App2
Contoso must create a new application named App2. To support App2, Contoso must deploy
a new SQL Server cluster. The cluster must not be part of the domain.
The server deployment team that will install the cluster has limited permissions. The server
deployment team does not have the ability to create objects in Active Directory.
Virtualization and Storage
New VMs
Any new VMs that are deployed to the Hyper-V cluster in Cluster3.contoso.com have the
following requirements:
• New SQL Server VMs must be deployed only to odd-numbered
servers in the cluster.
• All other new VM guests must be deployed to any available server in
the cluster.
New VDE
The company needs a highly available file share cluster for a new Virtual Desktop
Environment (VDE). It has the following requirements:
• The file share cluster must withstand the loss of a single server.

• The file share cluster must withstand the loss of a single network path.
• The file share cluster must use the least amount of disk space.
New virtualized SQL Server cluster
Contoso must create a new application for manufacturing. The company needs a new
virtualized SQL Server cluster named VM-SQLclusterl.contoso.com. It has the following
requirements:
• The cluster must use a shared virtual hard disk.
• The cluster must have two nodes named VM-SQLNODE1.contoso.com and VM-SQL-NODE2.contoso.com.
Highly available storage solution
The company is deploying new hardware that will replace the existing Hyper-V clusters. The
new file share cluster must have a highly available storage solution for a Hyper-V
environment. It has the following requirements:
• The new file share cluster must support guest VM clusters.
• The storage cannot reside on any of the physical Hyper-V hosts.
###EndCaseStudy###

DRAG DROP
You need to implement Windows Network Load Balancing (NLB).
Which three actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in correct order.

###BeginCaseStudy###
Case Study: 6
Contoso Ltd Case C
Background
Overview
Contoso, Ltd., is a manufacturing company. The company has offices in Chicago and Seattle.
Each office contains two data centers. All of the data centers and sites for the company have
network connectivity to each other. The company uses a single Active Directory Domain
Services (AD DS) domain.

Contoso is growing rapidly and needs to expand its computer infrastructure.
Current Environment Chicago Office
The Chicago office contains a primary data center and a backup data center. A Hyper-V
cluster named Clusterl.contoso.com resides in the primary data center. The cluster has a
multiple network path configured. The cluster includes two unused SQL Server virtual
machines (VMs) named SQL-SERVER1 and SQL-SERVER2. The cluster also includes a
Hyper-V Host group named Chi-Primary.
Clusterl.contoso.com contains the following servers:
• CHI1-HVNODE1.contoso.com
• CHI1-HVNODE2.contoso.com
• CHI1-HVNODE3.contoso.com
• CHI1-HVNODE4.contoso.com
The backup data center for the Chicago office is located on a Hyper-V cluster named
Cluster2.contoso.com. The cluster has a single network path configured. The cluster includes
a Hyper-V Host group named Chi-Backup.
Cluster2.contoso.com contains the following servers:
• CHI2-HVNODEl.contoso.com
• CHI2-HVNODE2.contoso.com
• CHI2-HVNODE3.contoso.com
• CHI2-HVNODE4.contoso.com
In addition, the Chicago office contains two standalone Hyper-V servers named CHIHVSERVER1.contoso.com and CHI-HVSERVER2.contoso.com.
There are also four newly built servers:
• CHI-SERVERl.contoso.com
• CHI-SERVER2.contoso.com
• CHI-SERVER3.contoso.com
• CHI-SERVER4.contoso.com
All the servers in the Chicago office run Windows Server 2012. Any future servers that are
deployed in the Chicago office must also run Windows Server 2012.
All servers in the Chicaoo office use the subnet 10.20.xx.
Current Environment Seattle Office
The Seattle office contains a primary data center and a backup data center. The primary data
center is located on a Hyper-V cluster named Cluster3.contoso.com. The cluster has a
multiple network path configured. The cluster includes two unused SQL Server virtual
machines named SQL-SERVER3 and SQL-SERVERS The cluster includes a Hyper-V Host
group named Sea-Primary.
Cluster3.contoso.com contains the following servers:
• SEA3-HVNODEl.contoso.com
• SEA3-HVNODE2.contoso.com
• SEA3-HVNODE3.contoso.com
• SEA3-HVNODE4.contoso.com
The backup data center for the Seattle office is located on a Hyper-V cluster named
Cluster4.contoso.com. The cluster has a single network path configured. The cluster includes
a Hyper-V Host group named Sea-Backup.
Cluster4.contoso.com contains the following servers:
• SEA4-HVNODEl.contoso.com

• SEA4-HVNODE2.contoso.com
• SEA4-HVNODE3.contoso.com
• SEA4-HVNODE4.contoso.com
In addition, the Seattle office contains two standalone Hyper-V servers named SEAHVSERVERl.contoso.com and SEA-HVSERVER2.contoso.com.
There are also four newly built servers:
• SEA-SERVERl.contoso.com
• SEA-SERVER2.contoso.com
• SEA-SERVER3.contoso.com
• SEA-SERVER4.contoso.com
All servers in the Seattle office run Windows Server 2012 R2. Any future servers that are
deployed in the Seattle office must also run Windows Server 2012 R2.
All servers in the Seattle office use the subnet 10.10.x.x.
Business Requirements
Apps
Contoso plans to deploy new applications to make its departments more efficient.
App1
Contoso must create a new application named App1 for the human resources (HR)
department. The infrastructure for App1 must reside in a virtual environment and the data
files for App1 must reside on a single shared disk. In addition, the infrastructure for App1
must meet the following requirements:
• maximize data protection
• withstand the loss of a single guest virtual machine
• withstand the loss of a single physical server
To support App1, Contoso must deploy a new cluster named Applcluster.contoso.com. The
cluster has the following requirements:
• It must span multiple sites.
• It must support dynamic quorums.
• It must prevent failures caused by a 50% split.
App2
Contoso must create a new application named App2. To support App2, Contoso must deploy
a new SQL Server cluster. The cluster must not be part of the domain.
The server deployment team that will install the cluster has limited permissions. The server
deployment team does not have the ability to create objects in Active Directory.
Virtualization and Storage
New VMs
Any new VMs that are deployed to the Hyper-V cluster in Cluster3.contoso.com have the
following requirements:
• New SQL Server VMs must be deployed only to odd-numbered
servers in the cluster.
• All other new VM guests must be deployed to any available server in
the cluster.
New VDE
The company needs a highly available file share cluster for a new Virtual Desktop
Environment (VDE). It has the following requirements:
• The file share cluster must withstand the loss of a single server.

• The file share cluster must withstand the loss of a single network path.
• The file share cluster must use the least amount of disk space.
New virtualized SQL Server cluster
Contoso must create a new application for manufacturing. The company needs a new
virtualized SQL Server cluster named VM-SQLclusterl.contoso.com. It has the following
requirements:
• The cluster must use a shared virtual hard disk.
• The cluster must have two nodes named VM-SQLNODE1.contoso.com and VM-SQL-NODE2.contoso.com.
Highly available storage solution
The company is deploying new hardware that will replace the existing Hyper-V clusters. The
new file share cluster must have a highly available storage solution for a Hyper-V
environment. It has the following requirements:
• The new file share cluster must support guest VM clusters.
• The storage cannot reside on any of the physical Hyper-V hosts.
###EndCaseStudy###

DRAG DROP
You need to implement Windows Network Load Balancing (NLB).
Which three actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in correct order.

Answer: See the explanation

Explanation:

Box 1: Creatre an entry in DNS for the NLB cluster using the name detcrl01.contoso.com
Box 2: Start NLB manager on DETCRL01 and create the new NLB cluster.
Box 3: Start NLB manager on CHICRL01 and add CHICRL01 to the NLB cluster.



Leave a Reply 25

Your email address will not be published. Required fields are marked *


Monkeh

Monkeh

Graphic is mising here. The boxes you have to decide to move into order are:

1) Start NLB Manager on DETROOTCA and create the new NLB CLuster
2) Start NLB Manager on CHICRL01 and add CHICRL01 to the NLB Cluster
3) Create an entry in DNS for the NLB Cluster using the name detcrl01.contoso.com
4) Start NLB Manager on DETCRL01 and add the domain crl.contoso.com to the NLB cluster
5) Start NLB Cluster on DETCRL01 and create a new NLB Cluster

Now I have actually seen a different answer to the one given above. The one I have seen is:

Box 1: Create an entry in DNS for the NLB Cluster using the name detcrl01.contoso.com
Box 2: Start NLB Cluster on DETCRL01 and create a new NLB Cluster
Box 3: Start NLB Manager on DETCRL01 and add the domain crl.contoso.com to the NLB cluster

correction

correction

With the six answers presented, I would propose these three actions:

1.) Start NLB Cluster on DETCRL01 and create a new NLB Cluster
2.) Start NLB Manager on DETCRL01 and add the domain crl.contoso.com to the NLB cluster
3.) Start NLB Manager on CHICRL01 and add CHICRL01 to the NLB Cluster

Following this step-by-step instruction, DNS entries have been created automatically:
http://www.1e.com/blogs/2015/01/26/creating-windows-cluster-part-6-creating-network-load-balancing-cluster/

Any better suggestions or explenations?

Bartosz

Bartosz

There is also
6) Create an Entry in DNS for the NLB Cluster using the name crl.contoso.com

” Start NLB Manager on DETCRL01 and add the domain crl.contoso.com to the NLB cluster” is not a correct answer.

The correct answer is
1) Create an Entry in DNS for the NLB Cluster using the name crl.contoso.com
2) Start NLB Cluster on DETCRL01 and create a new NLB Cluster
3) Start NLB Manager on CHICRL01 and add CHICRL01 to the NLB Cluster

Monkeh

Monkeh

I agree with you correction. I actually watched the CBT Nuggets video earlier from the 70-412 on configuring NLB to refresh my memory and the only thing different on that video is that he added the 2nd host from NLB Manager that he had open on the 1st host. That link you provided describes what we are being asked in this question though.

Can you do me a favour? Have a look at Q49 and see what you think about that?

Pro_ST

Pro_ST

i disagree with correction, i just went and check the link and with my 10 yrs exp you will need to create the DNS entries first ,and after carefully reading the post i noticed where it say the NLB dns entries is already created, dnt be fooled the first entries he mentioned is for nodes not NLB hence he says NO DNS ENTRIES IS CREATED FOR NLB

Pro_ST

Pro_ST

i AGREE WITH Monkeh

LB

LB

I can’t find my source anymore (Forgot to save it) but that stated that you should create the DNS record AFTER you setup NLB.

so that would make the answer

1) Start NLB Cluster on DETCRL01 and create a new NLB Cluster
2) Start NLB Manager on CHICRL01 and add CHICRL01 to the NLB Cluster
3) Create an Entry in DNS for the NLB Cluster using the name crl.contoso.com

anyone has much experience with NLB? does it really matter if you create the DNS entry before or after?

LB

LB

Found it:

-Important:
Create an entry in DNS for the cluster only after you have completed the deployment of the entire cluster. Prematurely publishing the applications in DNS might result in overwhelming the cluster hosts before all cluster hosts are installed.

technet.microsoft.com/en-us/library/cc754071(v=ws.10).aspx

fwszech

fwszech

I agree with LB

1) Start NLB Cluster on DETCRL01 and create a new NLB Cluster
2) Start NLB Manager on CHICRL01 and add CHICRL01 to the NLB Cluster
3) Create an Entry in DNS for the NLB Cluster using the name crl.contoso.com

https://blogs.technet.microsoft.com/xdot509/2013/03/15/installing-a-two-tier-pki-hierarchy-in-windows-server-2012-part-ix-configuring-high-availability-for-the-http-aia-and-cdp-repositories/

it is almost the same, second server was added from NLB mange on server 1

jersey

jersey

100% agree, especially after reading that article .

JamesL

JamesL

Lots of interesting comments but the question does not even relate to the case study !!

JamesL

JamesL

Question does not relate to case study !!

Zii

Zii

So what do you think is the answer or the given answer is correct

FSM

FSM

It looks like this question is meant for another case study??!!

mi74

mi74

Agree. Hell knows hat is going on amont the options provided. From what hell do you pisk betwen:

Start NLB Cluster on DETCRL01 and create a new NLB Cluster

and
Start NLB Manager on DETROOTCA and create the new NLB CLuster

if both mahines are taken directly from limbo(?!)

Blank

Blank

Overview
Contoso, Ltd., is a manufacturing company that makes several different components that are used in
automobile production. Contoso has a main office in Detroit, a distribution center in Chicago, and branch
offices in Dallas, Atlanta, and San Diego. The contoso.com forest and domain functional level are Windows
Server 2008 R2. All servers run Windows Server 2012 R2, and all client workstations run Windows 7 or
Windows 8. Contoso uses System Center 2012 Operations Manager and Audit Collection Services (ACS)
to monitor the environment. There is no certification authority (CA) in the environment.

Current Environment
The contoso.com domain contains the servers as shown in the following table:

Contoso sales staff travel within the United States and connect to a VPN by using mobile devices to
access the corporate network. Sales users authenticate to the VPN by using their Active Directory
usernames and passwords. The VPN solution also supports certification-based authentication.

Contoso uses an inventory system that requires manually counting products and entering that count into a
database. Contoso purchases new inventory software that supports wireless handheld scanners and
several wireless handheld scanners. The wireless handheld scanners run a third party operating system
that supports the Network Device Enrollment Service (NDES).

Business Requirements
Security
The wireless handheld scanners must use certification-based authentication to access the wireless
network.
Sales users who use mobile devices must use certification-based authentication to access the VPN. When
sales users leave the company, Contoso administrators must be able to disable their VPN access by
revoking their certificates.

Monitoring
All servers must be monitored by using System Center 2012 Operating Manager. In addition to monitoring
the Windows operating system, you must collect security logs from the CA servers by using ACS, and
monitor the services that run on the CA and Certificate Revocation List (CRL) servers, such as certification
authority and web services.

Technical Requirements
CA Hierarchy
Contoso requires a two-tier CA hierarchy. The CA hierarchy must include a stand-alone offline root and
two Active Directory-integrated issuing CAs: one for issuing certificates to domain-joined devices, and one
for issuing certificates to non-domain-joined devices by using the NDES. CRLs must be published to two
web servers: one in Detroit and one in Chicago.
Contoso has servers that run Windows Server 2012 R2 to use for the CA hierarchy. The servers are
described in the following table:

The IT security department must have the necessary permissions to manage the CA and CRL servers. A
domain group named Corp-IT Security must be used for this purpose.
The IT security department users are not domain admins.

Fault Tolerance
The servers that host the CRL must be part of a Windows Network Load Balancing (NLB) cluster. The CRL
must be available to users in all locations by using the hostname crl.contoso.com, even if one of the
underlying web servers is offline.

Dave

Dave

I’m beginning to think someone had a few drinks before putting these together. The answers for the last few questions have nothing to do with the case study provided.

Wylana

Wylana

Copied from comment in Question 48.

Overview
Contoso, Ltd., is a manufacturing company that makes several different components that are used in
automobile production. Contoso has a main office in Detroit, a distribution center in Chicago, and branch
offices in Dallas, Atlanta, and San Diego. The contoso.com forest and domain functional level are Windows
Server 2008 R2. All servers run Windows Server 2012 R2, and all client workstations run Windows 7 or
Windows 8. Contoso uses System Center 2012 Operations Manager and Audit Collection Services (ACS)
to monitor the environment. There is no certification authority (CA) in the environment.

Current Environment
The contoso.com domain contains the servers as shown in the following table:

Contoso sales staff travel within the United States and connect to a VPN by using mobile devices to
access the corporate network. Sales users authenticate to the VPN by using their Active Directory
usernames and passwords. The VPN solution also supports certification-based authentication.

Contoso uses an inventory system that requires manually counting products and entering that count into a
database. Contoso purchases new inventory software that supports wireless handheld scanners and
several wireless handheld scanners. The wireless handheld scanners run a third party operating system
that supports the Network Device Enrollment Service (NDES).

Business Requirements
Security
The wireless handheld scanners must use certification-based authentication to access the wireless
network.
Sales users who use mobile devices must use certification-based authentication to access the VPN. When
sales users leave the company, Contoso administrators must be able to disable their VPN access by
revoking their certificates.

Monitoring
All servers must be monitored by using System Center 2012 Operating Manager. In addition to monitoring
the Windows operating system, you must collect security logs from the CA servers by using ACS, and
monitor the services that run on the CA and Certificate Revocation List (CRL) servers, such as certification
authority and web services.

Technical Requirements
CA Hierarchy
Contoso requires a two-tier CA hierarchy. The CA hierarchy must include a stand-alone offline root and
two Active Directory-integrated issuing CAs: one for issuing certificates to domain-joined devices, and one
for issuing certificates to non-domain-joined devices by using the NDES. CRLs must be published to two
web servers: one in Detroit and one in Chicago.
Contoso has servers that run Windows Server 2012 R2 to use for the CA hierarchy. The servers are
described in the following table:

The IT security department must have the necessary permissions to manage the CA and CRL servers. A
domain group named Corp-IT Security must be used for this purpose.
The IT security department users are not domain admins.

Fault Tolerance
The servers that host the CRL must be part of a Windows Network Load Balancing (NLB) cluster. The CRL
must be available to users in all locations by using the hostname crl.contoso.com, even if one of the
underlying web servers is offline.

Wylana

Wylana

Based on the info from Microsoft I think the correct answer should be

1) Install and configure Audit Collection Services on DETSCOM01

2) Modify the properties of the Operations Manager Agent on DETCA01 and CHICA01 to enable Audit Collection Services forwarding server

3) In the Operations Manager Console, run the task to enable audit collection on DETCA01 and CHICA01 and verify that the task completes successfully

How To install an ACS Collector and database: https://msdn.microsoft.com/en-gb/library/hh284670(v=sc.12).aspx
How to Enable ACS Serices Forwarders: https://technet.microsoft.com/en-us/library/hh272397(v=sc.12).aspx

fwszech

fwszech

Overview
“Contoso uses System Center 2012 Operations Manager and Audit Collection Services (ACS) to monitor the environment.”

so there is no need to install and configure ACS, you should add new server to monitor

RR

RR

1. install and config ACS on DETSCOM01
2. in the agent health state section…
3. In the Operations Manager Console, run the task to enable audit collection on DETCA01 and CHICA01 and verify that the task completes successfully

I don’t think you need to change the properties to enable a ACS forwarding server

https://blogs.technet.microsoft.com/fesiro/2013/01/08/how-to-deploy-audit-collection-services-acs-in-scom-2012/

https://technet.microsoft.com/library/hh272397.aspx

Aberdeen Angus

Aberdeen Angus

NLB isn’t used where I work but I just created a 2 node cluster on VMs. The New Cluster wizard asks for a “full internet name” but it didn’t create a DNS record. I couldn’t see any obvious problem, the nodes were joined to the domain, I was logged on as a domain admin, no error in the event logs or nlb log, so I think it’s not supposed to do it. I did see some blogs where they manually created the DNS record at the end and this seems sensible, this gives users access and you wouldn’t do that until you’d finished building it.