What should you include in the recommendation?

###BeginCaseStudy###
Case Study: 6
Lucerne Publishing
Scenario:
COMPANY OVERVIEW
Overview
Lucerne Publishing is a large publishing company that produces both traditional books and ebooks.
Physical Location
The company has a main office and a branch office. The main office is located in New York.
The branch office is located in San Francisco. The main office has a satellite office located in
Boston. The company has 7,500 users.
EXISTING ENVIRONMENT
Active Directory Environment
The network contains an Active Directory forest. The forest contains a single domain named
lucernepublishing.com.
Network Infrastructure
Client computers in the New York office and the San Francisco office run either Windows
Vista or Windows XP. All client computers in the Boston office run Windows 7.

The company has a finance department. All of the client computers in the finance department
run Windows XP. The finance department uses an Application named App1. App1 only runs
on Windows XP.
The relevant servers in the New York office are configured as shown in the following table.

The servers have the following configurations:
• Remote Desktop is enabled on all servers.
• The passwords for all service accounts are set to never expire.
• Server1 stores roaming user profiles for users in the Boston office.
• SQL1 and SQL2 are deployed in a two-node failover cluster named Clusterl.
• All servers have Pre-Boot Execution Environment (PXE)-compliant network
adapters.
• The servers in the San Francisco office contain neither a recovery partition nor optical
media drives. DFSl and DFS2 are members of the same DFS Replication group. The DFS
namespace is configured to use Windows 2000 Server mode.
The Boston office has no servers. The Boston office connects to the New York office by
using a dedicated hardware VPN device.
The finance department publishes monthly forecast reports that are stored in DFS.
REQUIREMENTS
Business Goals
Lucerne Publishing must minimize administrative costs, hardware costs, software costs, and
development costs, whenever possible.
Planned Changes
All client computers will be upgraded to Windows 7.
A VPN server will be deployed in the main office. All VPN clients must have the latest
Windows updates before they can access the internal network.
You plan to deploy a server that has the Remote Desktop Gateway (RD Gateway) role
service installed.
Technical Requirements

Lucerne Publishing must meet the following technical requirements:
• Upgrade all client computers to Windows 7.
• Minimize Group Policy-related replication traffic.
• Ensure that App1 can be used from client computers that run Windows 7.
• Ensure that users can use App1 when they are disconnected from the network.
• Ensure that you can perform a bare metal recovery of the servers in the San Francisco
office.
• Minimize the amount of time it takes users in the Boston office to log on to their
client computers.
• Ensure that domain administrators can connect remotely to all computers in the
domain through RD Gateway.
• Ensure that file server administrators can access DFS servers and file servers through
the RD Gateway.
• Prevent file server administrators from accessing other servers through the RD
Gateway
Security Requirements
Lucerne Publishing must meet the following security requirements:
• USB storage devices must not be used on any servers.
• The passwords for all user accounts must be changed every 60 days.
• Users must only be able to modify the financial forecast reports on DFSl. DFS2 must
contain a read-only copy of the financial forecast reports.
• All operating system drives on client computers that run Windows 7 must be
encrypted.
• Only approved USB storaqe devices must be used on client computers that run
Windows 7.
###EndCaseStudy###

You need to recommend a solution for the USB storage devices on the client computers. The
solution must meet the company’s security requirements. What should you include in the
recommendation?

###BeginCaseStudy###
Case Study: 6
Lucerne Publishing
Scenario:
COMPANY OVERVIEW
Overview
Lucerne Publishing is a large publishing company that produces both traditional books and ebooks.
Physical Location
The company has a main office and a branch office. The main office is located in New York.
The branch office is located in San Francisco. The main office has a satellite office located in
Boston. The company has 7,500 users.
EXISTING ENVIRONMENT
Active Directory Environment
The network contains an Active Directory forest. The forest contains a single domain named
lucernepublishing.com.
Network Infrastructure
Client computers in the New York office and the San Francisco office run either Windows
Vista or Windows XP. All client computers in the Boston office run Windows 7.

The company has a finance department. All of the client computers in the finance department
run Windows XP. The finance department uses an Application named App1. App1 only runs
on Windows XP.
The relevant servers in the New York office are configured as shown in the following table.

The servers have the following configurations:
• Remote Desktop is enabled on all servers.
• The passwords for all service accounts are set to never expire.
• Server1 stores roaming user profiles for users in the Boston office.
• SQL1 and SQL2 are deployed in a two-node failover cluster named Clusterl.
• All servers have Pre-Boot Execution Environment (PXE)-compliant network
adapters.
• The servers in the San Francisco office contain neither a recovery partition nor optical
media drives. DFSl and DFS2 are members of the same DFS Replication group. The DFS
namespace is configured to use Windows 2000 Server mode.
The Boston office has no servers. The Boston office connects to the New York office by
using a dedicated hardware VPN device.
The finance department publishes monthly forecast reports that are stored in DFS.
REQUIREMENTS
Business Goals
Lucerne Publishing must minimize administrative costs, hardware costs, software costs, and
development costs, whenever possible.
Planned Changes
All client computers will be upgraded to Windows 7.
A VPN server will be deployed in the main office. All VPN clients must have the latest
Windows updates before they can access the internal network.
You plan to deploy a server that has the Remote Desktop Gateway (RD Gateway) role
service installed.
Technical Requirements

Lucerne Publishing must meet the following technical requirements:
• Upgrade all client computers to Windows 7.
• Minimize Group Policy-related replication traffic.
• Ensure that App1 can be used from client computers that run Windows 7.
• Ensure that users can use App1 when they are disconnected from the network.
• Ensure that you can perform a bare metal recovery of the servers in the San Francisco
office.
• Minimize the amount of time it takes users in the Boston office to log on to their
client computers.
• Ensure that domain administrators can connect remotely to all computers in the
domain through RD Gateway.
• Ensure that file server administrators can access DFS servers and file servers through
the RD Gateway.
• Prevent file server administrators from accessing other servers through the RD
Gateway
Security Requirements
Lucerne Publishing must meet the following security requirements:
• USB storage devices must not be used on any servers.
• The passwords for all user accounts must be changed every 60 days.
• Users must only be able to modify the financial forecast reports on DFSl. DFS2 must
contain a read-only copy of the financial forecast reports.
• All operating system drives on client computers that run Windows 7 must be
encrypted.
• Only approved USB storaqe devices must be used on client computers that run
Windows 7.
###EndCaseStudy###

You need to recommend a solution for the USB storage devices on the client computers. The
solution must meet the company’s security requirements. What should you include in the
recommendation?

A.
Encrypted File System (EFS)

B.
the App1ocker Group Policy settings

C.
the Enhanced Storage Access settings

D.
Windows BitLocker Drive Encryption (BitLocker)

Explanation:

What is Enhanced Storage?
http ://windows.microsoft.com/en-us/windows7/What-is-Enhanced-Storage
There are different types of storage devices, such as USB flash drives or external hard drives. Some
have no particular security enhancements, while others have built-in safety features. Enhanced
Storage devices have built-in safety features that let you control who can access the data on the
device by using a password or a certificate (if the device is being used in a workplace). Once
someone has access to the device, they have access to the data because the data on the device is
not encrypted. Some device manufacturers might offer encryption on Enhanced Storage devices.
Check the device packaging or documentation to see if the device includes encryption.
An Enhanced Storage device can be an external USB hard drive or a USB flash drive. When you
purchase a USB hard drive or flash drive, the packaging might indicate that it’s an Enhanced Storage
device.
The first time that you plug the device into your computer, you’ll be prompted to create a password
or use a certificate with the device. Once the password is entered or the certificate is retrieved, the
data on the device is accessible. It’s important to use a strong password to help keep your data
secure.
n addition to the device access password, you can set a recovery password, which you can use to
reset the device access password. You can create the recovery password when you create the device
access password or by right-clicking the device in the Computer folder, and then selecting Set
password.
You can also use the recovery password as an administrator password. Administrators can choose to
set a device password for the user of the device, and then use the recovery password as an
administrator password.
This way, the administrator can unlock the storage device if the person using it forgets their
password.
Enhanced Storage Access settings
http ://technet.microsoft.com/en-us/library/dd560657%28WS.10%29.aspx
Enhanced Storage devices are devices that support the IEEE 1667 protocol to provide functions such
as authentication at the hardware level of the storage device. These devices can be very small, such
as USB flash drives, to provide a convenient way to store and carry data. At the same time, the small
size makes it very easy for the device to be lost, stolen, or misplaced.



Leave a Reply 0

Your email address will not be published. Required fields are marked *