###BeginCaseStudy###
Topic 1: Contoso, Ltd Case A
No. of Questions: 12
Overview
Contoso, Ltd., is a recruiting and staffing company that has offices throughout North America.
The company has a main office and six branch offices.
The main office is located in Miami.
The branch offices are located in New York, Seattle, Los Angeles, Montreal, Toronto, and Vancouver.
Existing Environment
Network Infrastructure:
The network contains one Active Directory domain named contoso.com.
The main office has the following servers:
One file server that maintains multiples shares
Two domain controllers configured as DNS servers
One Windows Server Update Services (WSUS) server
Two DHCP servers that each have a scope for all of the subnets
Two servers that have Failover Clustering configured and are used as virtualization hosts
One server that has Microsoft SQL Server 2012 installed and maintains a customer relationship management (CRM) database
Each branch office has the following servers:
One domain controller configured as a DNS server
One DHCP server that has a single scope for its respective office
Each office has a single subnet.
The network speed of the local area network (LAN) is 1 gigabit per second.
All of the offices have a high-speed connection to the Internet.
The offices connect to each other by using VPN appliances.
Current Issues:
Users report that it can take a long time to download files from network shares in the main office.
A root cause analysis identifies that network traffic peaks when the users experience this issue.
Requirments
Planned Changes:
The company plans to implement the following changes:
Replace all of the domain controllers with new servers that run Windows Server 2012.
Upgrade the CRM application to use a web-based application that connects to the current CRM database.
The web application will store session data in the memory of each web server.
Initially, deploy two front-end web servers to two virtual machines.
Additional virtual web servers will be deployed in the future.
Monitor the availability of the CRM application and create alerts when the overall availability is less than 99 percent.
Implement Microsoft System Center 2012 to manage the new environment.
Business Requirements:
The company identifies the following business requirements:
Minimize hardware costs and software costs whenever possible.
Minimize the amount of network traffic over the VPN whenever possible.
Ensure that the users in the branch offices can access files currently on the main office file server if an Internet link fails.
Technical Requirements:
The company identifies the following technical requirements:
Provide a highly available DHCP solution.
Maintain a central database that contains the security events from all of the servers. The database must be encrypted.
Ensure that an administrator in the main office can manage the approval of Windows updates and updates to third-party applications for all of the users.
Ensure that all of the domain controllers have the ReliableTimeSource registry value in HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services
\\W32Time\\Parameters set to 1, even if an administrator changes that value manually.
Virtualization Requirements:
The company identifies the following virtualization requirements:
Minimize the number of permissions and privileges assigned to users.
Ensure that the members of a group named Group2 can add a WSUS server to the fabric.
Ensure that a diagram view of the virtualization environment can be generated dynamically.
Minimize the amount of administrative effort required to manage the virtualization environment.
Prevent the failure of a front-end web server from affecting the availability of the CRM application.
Ensure that the members of a group named Group1 can create new virtual machines in the Los Angeles office only.
Only create virtual machine templates by using objects that already exist in the System Center 2012 Virtual Machine Manager (VMM) library.
On the failover cluster in the main office, apply limited distribution release (LDR) updates to the virtualization hosts without disrupting the virtual machines hosted
on the virtualization hosts.
###EndCaseStudy###
You need to recommend a solution that manages the security events.
The solution must meet the technical requirements.
Which configuration should you include in the recommendation?
A.
Object access auditing by using a Group Policy object (GPO)
B.
Event rules by using System Center 2012 Operations Manager
C.
Event forwarding by using Event Viewer
D.
Audit Collection Services (ACS) by using System Center 2012
Explanation:
The section Technical Requirements states that it should be implemented and maintained a central database of the entries in the security logs of all servers. The
database must be encrypted. Use the Audit Collection Services (ACS) System Center 2012 – Operations Manager allows you to records that were generated by an
audit policy capture, and store them in a centralized database. If an audit policy is installed on a Windows computer, this computer stores by default and
automatically all generated by the audit policy events in the local Security log. This applies to all Windows workstations and also on all servers. In companies with
stringent security requirements audit policies can generate large amounts of events quickly. Using ACS, organizations can consolidate individual Security logs into a
centrally managed database and filter events with the data analysis and reporting tools provided by Microsoft SQL Server and analyze. With ACS, only a user,
expressly the right to access the ACS database has been granted, run queries and create reports on the collected data.