What should you include in the recommendation?

###BeginCaseStudy###
Case Study: 10
Fabrikam Inc
Scenario
COMPANY OVERVIEW
Fabrikam Inc. is a manufacturing company that has a main office and a branch office.
PLANNED CHANGES
You plan to deploy a failover cluster named Cluster1 in the branch office. Cluster1 will be
configured to meet the following requirements:
• The cluster will host eight virtual machines (VMs).
• The cluster will consist of two nodes named Node1 and Node2.
• The quorum mode for the cluster will be set to Node and Disk Majority.
• A user named Admin1 will configure the virtual switch configuration of the VMs.
• The cluster nodes will use shared storage on an iSCSI Storage Area Network (SAN).
You plan to configure a VM named File2 as a file server. Users will store confidential files
on File2. You plan to deploy a Microsoft Forefront Threat Management Gateway (TMG)
server in each site. The Forefront TMG server will be configured as a Web proxy.
EXISTING ENVIRONMENT
The research department is located in the branch office. Research users frequently travel to
the main office.
Existing Active Directory/Directory Services
The network contains a single-domain Active Directory forest named fabrikam.com. The
functional level of the forest is Windows Server 2008. The relevant organizational units
(OUs) for the domain are configured as shown in the following table.

The relevant sites for the network are configured shown in the following table.

The relevant group policy objects (GPOs) are configured as shown in the following table.

Existing Network Infrastructure
All users run windows server 2008 R2. The relevant servers are configured as shown in
following table.

WSUS2 is configured as a downstream replica server. File1 contains a share named
Templates. Users access the Templates share by using the path \\fabrikam.com\dfs\templates
TECHNICAL REQUIREMENTS
File1 has the Distributed File System (DFS) Replication role service and the DFS
Namespaces role service installed.
• Fabrikam must meet the following requirements:
• Minimize the cost of IT purchases.
• Minimize the potential attack surface on the servers.
• Minimize the number of rights assigned to administrators.
• Minimize the number of updates that must be installed on the servers.
• Ensure that Internet Explorer uses the local ForeFront TMG server to connect to the
Internet.
• Ensure that all client computers continue to receive updates from WSUS if a WSUS
server fails.
• Prevent unauthorized users from accessing the data stored on the VMs by making
offline copies of the VM files.
Fabrikam must meet the following requirements for the Templates share:
• Ensure that users access the files in the Templates share from a server in their local
site.
• Ensure that users always use the same UNC path to access the Templates share,
regardless of the site in which the users are located.
###EndCaseStudy###

You need to recommend a strategy for delegating administrative rights to Admin1. The strategy
must support the company’s planned changes. What should you include in the recommendation?

###BeginCaseStudy###
Case Study: 10
Fabrikam Inc
Scenario
COMPANY OVERVIEW
Fabrikam Inc. is a manufacturing company that has a main office and a branch office.
PLANNED CHANGES
You plan to deploy a failover cluster named Cluster1 in the branch office. Cluster1 will be
configured to meet the following requirements:
• The cluster will host eight virtual machines (VMs).
• The cluster will consist of two nodes named Node1 and Node2.
• The quorum mode for the cluster will be set to Node and Disk Majority.
• A user named Admin1 will configure the virtual switch configuration of the VMs.
• The cluster nodes will use shared storage on an iSCSI Storage Area Network (SAN).
You plan to configure a VM named File2 as a file server. Users will store confidential files
on File2. You plan to deploy a Microsoft Forefront Threat Management Gateway (TMG)
server in each site. The Forefront TMG server will be configured as a Web proxy.
EXISTING ENVIRONMENT
The research department is located in the branch office. Research users frequently travel to
the main office.
Existing Active Directory/Directory Services
The network contains a single-domain Active Directory forest named fabrikam.com. The
functional level of the forest is Windows Server 2008. The relevant organizational units
(OUs) for the domain are configured as shown in the following table.

The relevant sites for the network are configured shown in the following table.

The relevant group policy objects (GPOs) are configured as shown in the following table.

Existing Network Infrastructure
All users run windows server 2008 R2. The relevant servers are configured as shown in
following table.

WSUS2 is configured as a downstream replica server. File1 contains a share named
Templates. Users access the Templates share by using the path \\fabrikam.com\dfs\templates
TECHNICAL REQUIREMENTS
File1 has the Distributed File System (DFS) Replication role service and the DFS
Namespaces role service installed.
• Fabrikam must meet the following requirements:
• Minimize the cost of IT purchases.
• Minimize the potential attack surface on the servers.
• Minimize the number of rights assigned to administrators.
• Minimize the number of updates that must be installed on the servers.
• Ensure that Internet Explorer uses the local ForeFront TMG server to connect to the
Internet.
• Ensure that all client computers continue to receive updates from WSUS if a WSUS
server fails.
• Prevent unauthorized users from accessing the data stored on the VMs by making
offline copies of the VM files.
Fabrikam must meet the following requirements for the Templates share:
• Ensure that users access the files in the Templates share from a server in their local
site.
• Ensure that users always use the same UNC path to access the Templates share,
regardless of the site in which the users are located.
###EndCaseStudy###

You need to recommend a strategy for delegating administrative rights to Admin1. The strategy
must support the company’s planned changes. What should you include in the recommendation?

A.
the Authorization Manager snapin on Node1 and Node2

B.
the Authorization Manager snapin on the VMs

C.
the Network Configuration Operators local group on each VM

D.
the Network Configuration Operators local group on Node1 and Node2

Explanation:

http ://technet.microsoft.com/en-us/library/cc731364.aspx
An authorization store can contain authorization policy information for many applications in a single
policy store. All applications in one authorization store can access all of the groups defined at the
store level.
You must be assigned to the Authorization Manager Administrator user role to complete this
procedure. By default, Administrators is the minimum Windows group membership assigned to this
role. Review the details in
“Additional considerations” in this topic



Leave a Reply 0

Your email address will not be published. Required fields are marked *