###BeginCaseStudy###
Case Study: 16
Wingtip Toys Case B
General Background
You are the Enterprise Administrator for Wingtip Toys. The company has a main office and two
branch offices, as described in the following table.
Wingtip Toys is planning the acquisition of Tailspin Toys. The acquisition will add 100 users to the Los
Angeles office, 10 users to the Munich office, and 6,000 users to the Jakarta office. As part of the
acquisition, seven new buildings will be added to the existing Jakarta office complex.
Technical Background
Wingtip Toys has an Active Directory Domain Services (AD DS) domain with a NETBIOS name of CORP
and a DNS name ofwingtiptoys.com. Each office is represented by an Active Directory site. AD
operational tasks such as schema changes, domain additions, and computer and user object creation
are performed in the Los Angeles office.
DHCP servers are centrally located in the Los Angeles office. All DHCP servers run Windows Server
2008 R2 in a failover cluster configuration.
The company uses Windows Server Update Services (WSUS) to distribute updates.
A Remote Desktop Services (RDS) farm located in Los Angeles includes a load-balanced host named
RD.wingtiptoys.com.
The company’s servers include those shown in the following table.
An application named App1 is installed on RD01, RD02, and RD03. Organizational units (OUs) are
created as shown in the following diagram.
The company has reserved the 172.16.0.0/16 network IP range to support a future wireless network
in Jakarta.
A public web server named WEB1 is located on a dedicated subnet in the Los Angeles office. The
dedicated subnet is enabled for Network Address Translation (NAT) with IP address port forwarding
to WEB1. No servers on the dedicated NAT subnet are members of any domain.
Each site deploys wired network segments with class C subnets as necessary.
Business requirements
You have the following business requirements:
Provide the highest possible level of security for all new computing services. All external connections
must be encrypted.
Utilize a single network administration topology.
Centralize Active Directory administration in the Los Angeles office.
Wingtip Toys is planning to set up several retail locations around Jakarta. The retail locations do not
have physically secure areas for servers and networking equipment. You must minimize logon time
for retail location employees and minimize the security impact in the event of a server theft at the
retail location.
Technical Requirements
To support the acquisition, you plan to deploy the following items:
A new AD DS environment.
A dual-stack implementation of IPv6 networking in the Munich office.
A new perimeter network dedicated for public web servers.
The computing environment must meet the following requirements:
Each office must have at least one domain controller per physical location.
There must be one global catalog server for every 1000 users.
Computer policies for the perimeter network must be enforced without exposing internal user
account credentials.
The perimeter networks must not allow connections to computers or accounts on the CORP
network.
All software updates must be distributed from Los Angeles.
All client computers must acquire IP addresses from DHCP.
Users in the Munich office must have full Internet access.
All users must have remote web access to Appl.
Force all new users to change their password on first login.
###EndCaseStudy###
You need to specify the location and configuration for domain controllers in the new AD DS domain.
What should you recommend?
A.
11 servers with the Domain Controller and Global Catalog services in Los Angeles; 2 servers with
the Domain Controller and Global Catalog services in Munich; 9 servers with the Domain Controller
and Global Catalog services in Jakarta.
B.
11 domain controllers and 11 global catalog servers in Los Angeles; 1 domain controller and 1
global catalog server in Munich; 3 domain controllers and 3 global catalog servers in Jakarta.
C.
11 servers with the Domain Controller and Global Catalog services in Los Angeles; 1 server with
the Domain Controller and Global Catalog services in Munich; 3 servers with the Domain Controller
and Global Catalog services in Jakarta.
D.
1 domain controller and 10 global catalog servers in Los Angeles; 1 domain controller and 2 global
catalog servers in Munich; 3 domain controllers and 7 global catalog servers in Jakarta.