What should you request?

###BeginCaseStudy###
Case Study: 9
Wingtip Toys
Scenario:
You are an enterprise desktop support technician for Wingtip Toys. Wingtip Toys has two
offices.
Active Directory Configuration
The network contains a single Active Directory domain. An Active Directory site exists for
each office. The network contains the organizational units (OUs) that are shown in the
following table.

The network contains an enterprise root certification authority (CA). Certificate
autoenrollement is enabled for all users.
Network Configuration
Each office has a wireless network. You control access to the wireless network in office 1 by
using Network Access Protection (NAP). A Group Policy object (GPO) named GPO1
configures the NAP settings for the computers in office 1.
Resource Access
The Documents folders of all users are encrypted by using Encrypting File System (EFS).
The Documents folders of all users are backed up daily.

A Web server named Web1 hosts an internal Web site named WebSite1. Users connect to
WebSite1 from the Internet by using the URL http://website1.wingtiptoys.com. The domain
name website1.wingtiptoys.com is resolved by using the Hosts file that is located on each
client computer. Users frequently work from home. Home users connect to the internal
network by using SSTP-based VPN connections.
Line of Business Applications
Your company has a line-of-business application named App1. App1 is installed only on
computers that run Windows XP. You test App1 by using the Microsoft Application
Compatibility Toolkit (ACT). ACT reports that App1 can be made compatible to run on
Windows 7.
###EndCaseStudy###

A user’s computer fails. The help desk provides the user with a new computer. The user’s Documents
folder is restored from the backup. The user reports that he can no longer access his encrypted files.
The help desk recovers the files by using a data recovery agent (DRA). You need to ensure that when
users receive new computers, they can access their encrypted files without administrative
intervention. What should you request?

###BeginCaseStudy###
Case Study: 9
Wingtip Toys
Scenario:
You are an enterprise desktop support technician for Wingtip Toys. Wingtip Toys has two
offices.
Active Directory Configuration
The network contains a single Active Directory domain. An Active Directory site exists for
each office. The network contains the organizational units (OUs) that are shown in the
following table.

The network contains an enterprise root certification authority (CA). Certificate
autoenrollement is enabled for all users.
Network Configuration
Each office has a wireless network. You control access to the wireless network in office 1 by
using Network Access Protection (NAP). A Group Policy object (GPO) named GPO1
configures the NAP settings for the computers in office 1.
Resource Access
The Documents folders of all users are encrypted by using Encrypting File System (EFS).
The Documents folders of all users are backed up daily.

A Web server named Web1 hosts an internal Web site named WebSite1. Users connect to
WebSite1 from the Internet by using the URL http://website1.wingtiptoys.com. The domain
name website1.wingtiptoys.com is resolved by using the Hosts file that is located on each
client computer. Users frequently work from home. Home users connect to the internal
network by using SSTP-based VPN connections.
Line of Business Applications
Your company has a line-of-business application named App1. App1 is installed only on
computers that run Windows XP. You test App1 by using the Microsoft Application
Compatibility Toolkit (ACT). ACT reports that App1 can be made compatible to run on
Windows 7.
###EndCaseStudy###

A user’s computer fails. The help desk provides the user with a new computer. The user’s Documents
folder is restored from the backup. The user reports that he can no longer access his encrypted files.
The help desk recovers the files by using a data recovery agent (DRA). You need to ensure that when
users receive new computers, they can access their encrypted files without administrative
intervention. What should you request?

A.
credential roaming be enabled

B.
BitLocker be enabled on all computers

C.
user accounts be trusted for delegation

D.
the CA be configured for key archival and recovery

Explanation:

A)
credential roaming be enabled
Credential roaming allows organizations to store certificates and private keys in Active Directory
Domain
Services (AD DS) separately from application state or configuration information.
Credential roaming uses existing logon and autoenrollment mechanisms to securely download
certificates and keys to a local computer whenever a user logs on and, if desired, remove them when
the user logs off. In addition, the integrity of these credentials is maintained under any conditions,
such as when certificates are updated and when users log on to more than one computer at a time.
B)
BitLocker be enabled on all computers
C)
user accounts be trusted for delegation
This security setting determines which users can set the Trusted for Delegation setting on a user or
computer object.
The user or object that is granted this privilege must have write access to the account control flags
on the user or computer object. A server process running on a computer (or under a user context)
that is trusted for delegation can access resources on another computer using delegated credentials
of a client, as long as the client account does not have the Account cannot be delegated account
control flag set.
D)
the CA be configured for key archival and recovery



Leave a Reply 0

Your email address will not be published. Required fields are marked *