Testlet: Blue Yonder Airlines
You need to recommend a NAP enforcement method thatmeets the company’s security requirements.
Which method should you recommend?\r\n
COMPANY OVERVIEW
Blue Yonder Airlines has a main office and four branch offices. Each branch office has six satellite offices.
The main office is located in Sydney. The branch offices are located in London, New York, Bangkok, and
Istanbul. The main office has 1,000 users. Each branch office has 500 users. Each satellite office has50 to
100 users.
PLANNED CHANGES
Each satellite office will have a single server deployed. The servers will have the following server roles
installed:
File server
Print server
Read-only Domain Controller (RODC)
Each satellite office will have a local support technician who performs the following tasks:
Manages printers.
Manages server backups.
Manages updates on the server.
Each support technician will only be permitted to manage the server located in his office.
You plan to implement a backup and recovery solution to restore deleted Active Directory objects. The
solution must ensure that the attributes of the deleted objects are restored to the same state they were in
before they were deleted.
You plan to deploy a custom sales application namedApp2 to the portable computers of all company sales
consultants. The setup program of App2 requires local administrative privileges. App2 will be updated
monthly.
BUSINESS GOALS
Blue Yonder Airlines has the following business goals:
Minimize server downtime.
Minimize administrative effort.
Minimize interruptions to users caused by WAN link failures.
EXISTING ENVIRONMENT
The network contains servers that run either Windows Server 2008 R2 or Windows Server 2008. All client
computers were recently replaced with new computersthat run Windows 7 Enterprise.
Users do not have local administrator rights on theclient computers.
Existing Active Directory/Directory Services
The network contains a single Active Directory domain named blueyonderairlines.com. The functional level
of the domain is Windows Server 2008. All domain controllers run Windows Server 2008.
Existing Network Infrastructure
All offices have wired and wireless networks.
The main office has a file server that stores largegraphics files. The files are used by all of the users in all
of the offices.
A Group Policy is used to assign an application named App1 to all of the users in the domain.
The branch offices contain public computers on which temporary employees can browse the Internet and
view electronic brochures. When the employees log on to the public computers, they must all receive the
same user settings.
App1 must not be installed on the public computers.The computer accounts for all of the public computers
are in an organizational unit (OU) name Public.
REQUIREMENTS
Security Requirements
All computers in the domain must have a domain-level security Group Policy object (GPO) applied.
You plan to implement Network Access Protection (NAP) by using switches and wireless access points
(WAPs) as NAP enforcement points.
The public computers must meet the following security requirements:
Only authorized applications must be run.
Automatic updates must be enabled and applied automatically.
Users must be denied access to the local hard disk drives and the network shares from the public
computers.
Technical Requirements
The file server in each branch office is configuredas shown in the following table.
Each user is allocated 1 GB of storage on the Usersshare in their local office.
Each user must be prevented from storing files larger than 500 MB on the Data share in their local office.
Blue Yonder Airlines must meet the following requirements for managing App2:
Sales consultants must use the latest version of the application.
When a new version of App2 is installed, the previous version must be uninstalled. Sales consultants
must be able to run App2 when they are disconnectedfrom the network.
A.
802.1X
B.
DHCP
C.
IPSec
D.
VPN