You need to protect the confidential data files on File2 against unauthorized offline access

###BeginCaseStudy###
Case Study: 10
Fabrikam Inc
Scenario
COMPANY OVERVIEW
Fabrikam Inc. is a manufacturing company that has a main office and a branch office.
PLANNED CHANGES
You plan to deploy a failover cluster named Cluster1 in the branch office. Cluster1 will be
configured to meet the following requirements:
• The cluster will host eight virtual machines (VMs).
• The cluster will consist of two nodes named Node1 and Node2.
• The quorum mode for the cluster will be set to Node and Disk Majority.
• A user named Admin1 will configure the virtual switch configuration of the VMs.
• The cluster nodes will use shared storage on an iSCSI Storage Area Network (SAN).
You plan to configure a VM named File2 as a file server. Users will store confidential files
on File2. You plan to deploy a Microsoft Forefront Threat Management Gateway (TMG)
server in each site. The Forefront TMG server will be configured as a Web proxy.
EXISTING ENVIRONMENT
The research department is located in the branch office. Research users frequently travel to
the main office.
Existing Active Directory/Directory Services
The network contains a single-domain Active Directory forest named fabrikam.com. The
functional level of the forest is Windows Server 2008. The relevant organizational units
(OUs) for the domain are configured as shown in the following table.

The relevant sites for the network are configured shown in the following table.

The relevant group policy objects (GPOs) are configured as shown in the following table.

Existing Network Infrastructure
All users run windows server 2008 R2. The relevant servers are configured as shown in
following table.

WSUS2 is configured as a downstream replica server. File1 contains a share named
Templates. Users access the Templates share by using the path \\fabrikam.com\dfs\templates
TECHNICAL REQUIREMENTS
File1 has the Distributed File System (DFS) Replication role service and the DFS
Namespaces role service installed.
• Fabrikam must meet the following requirements:
• Minimize the cost of IT purchases.
• Minimize the potential attack surface on the servers.
• Minimize the number of rights assigned to administrators.
• Minimize the number of updates that must be installed on the servers.
• Ensure that Internet Explorer uses the local ForeFront TMG server to connect to the
Internet.
• Ensure that all client computers continue to receive updates from WSUS if a WSUS
server fails.
• Prevent unauthorized users from accessing the data stored on the VMs by making
offline copies of the VM files.
Fabrikam must meet the following requirements for the Templates share:
• Ensure that users access the files in the Templates share from a server in their local
site.
• Ensure that users always use the same UNC path to access the Templates share,
regardless of the site in which the users are located.
###EndCaseStudy###

You need to protect the confidential data files on File2 against unauthorized offline access. What
should you use?

###BeginCaseStudy###
Case Study: 10
Fabrikam Inc
Scenario
COMPANY OVERVIEW
Fabrikam Inc. is a manufacturing company that has a main office and a branch office.
PLANNED CHANGES
You plan to deploy a failover cluster named Cluster1 in the branch office. Cluster1 will be
configured to meet the following requirements:
• The cluster will host eight virtual machines (VMs).
• The cluster will consist of two nodes named Node1 and Node2.
• The quorum mode for the cluster will be set to Node and Disk Majority.
• A user named Admin1 will configure the virtual switch configuration of the VMs.
• The cluster nodes will use shared storage on an iSCSI Storage Area Network (SAN).
You plan to configure a VM named File2 as a file server. Users will store confidential files
on File2. You plan to deploy a Microsoft Forefront Threat Management Gateway (TMG)
server in each site. The Forefront TMG server will be configured as a Web proxy.
EXISTING ENVIRONMENT
The research department is located in the branch office. Research users frequently travel to
the main office.
Existing Active Directory/Directory Services
The network contains a single-domain Active Directory forest named fabrikam.com. The
functional level of the forest is Windows Server 2008. The relevant organizational units
(OUs) for the domain are configured as shown in the following table.

The relevant sites for the network are configured shown in the following table.

The relevant group policy objects (GPOs) are configured as shown in the following table.

Existing Network Infrastructure
All users run windows server 2008 R2. The relevant servers are configured as shown in
following table.

WSUS2 is configured as a downstream replica server. File1 contains a share named
Templates. Users access the Templates share by using the path \\fabrikam.com\dfs\templates
TECHNICAL REQUIREMENTS
File1 has the Distributed File System (DFS) Replication role service and the DFS
Namespaces role service installed.
• Fabrikam must meet the following requirements:
• Minimize the cost of IT purchases.
• Minimize the potential attack surface on the servers.
• Minimize the number of rights assigned to administrators.
• Minimize the number of updates that must be installed on the servers.
• Ensure that Internet Explorer uses the local ForeFront TMG server to connect to the
Internet.
• Ensure that all client computers continue to receive updates from WSUS if a WSUS
server fails.
• Prevent unauthorized users from accessing the data stored on the VMs by making
offline copies of the VM files.
Fabrikam must meet the following requirements for the Templates share:
• Ensure that users access the files in the Templates share from a server in their local
site.
• Ensure that users always use the same UNC path to access the Templates share,
regardless of the site in which the users are located.
###EndCaseStudy###

You need to protect the confidential data files on File2 against unauthorized offline access. What
should you use?

A.
Encrypting File System (EFS) on File2

B.
file screens on Node1 and Node2

C.
NTFS permissions on File2

D.
Windows BitLocker Drive Encryption (BitLocker) on Node1 and Node2

Explanation:

http ://technet.microsoft.com/en-us/library/cc749610%28WS.10%29.aspx

Per-user encryption of offline files Offline copies of files from remote servers can also be encrypted
by using EFS. When this option is enabled, each file in the offline cache is encrypted with a public key
from the user who cached the file. Thus, only that user has access to the file, and even local
administrators cannot read the file without having access to the user’s private keys.



Leave a Reply 0

Your email address will not be published. Required fields are marked *