Does this meet the goal?

###BeginCaseStudy###

Topic 6, Contoso Ltd, Case B
Background
Overview
Contoso, Ltd., is a software development company. Contoso has a main office in London and two branch offices, one in Madrid and the other in Dublin. The
company is in the process of adopting Microsoft Azure to host business critical resources and applications.
Contoso has an Active Directory Domain Services (AD DS) domain named contoso.com. All devices in the three offices are members of the domain. Each office
has a dedicated organizational unit (OU) in the root of the domain named London. Madrid, and Dublin, respectively. Each office OU has three child OUs named
Computers, Users, and Groups.
The local Administrator account is disabled on all client devices in the domain by using a Group Policy object (GPO) named SecurityConflguration that is linked to
the root of the domain. Contoso’s security department also has a GPO named WSUSConfiguration. WSUSConfiguration defines the configuration of Windows
Update Services on the Windows Server Update Services (WSUS) server named WSUS1.
You have a GPO named RemoteSales that uses a WMI filter. The GPO prevents users from launching applications that are not approved.
DNS Services
Contoso uses a DNS service that is installed on two domain controllers in the main office. The domain controllers are named DO and DC2. Both DO and DC2 run
Windows Server 2008 R2. Both domain controllers host Active Directory integrated zones named contoso.com and lab.contoso.com. The zones are configured to
allow only secure updates.
Research
Contoso creates a new research department to develop integration between Contoso’s software and public cloud services.
Finance Department
Users in the finance department use a client-server application named App1. App1 uses custom Active Directory attributes to store encryption keys. App1 is a
business critical application that must be migrated to Windows Azure.
A server named SERVER2 hosts Appl. SERVER2 runs Windows Server 2008 R2. The disk configuration for SERVER2 is shown in the following table:

A server named SERVER1 hosts a database that is used by Appl. SERVER1 runs Windows Server 2008 R2 and SQL Server 2008 R2. The disk configuration for
SERVER1 is shown in the following table:

The Contoso management team plans to increase the use of Appl. To accommodate these plans, the size of the datable must be increased
Sales Department
Users in the sales department use laptop computers when they travel. Salespeople use a legacy application named ContosoSales on their laptop computers.
Salespeople can use a pool of shared desktop computers in each office.
The ContosoSales app is dependent on a specific registry key that is frequently overwritten by third-party applications. This causes the ContosoSales app to stop
working.
Business Requirements
All DNS servers must be placed in a physically secure location.
Software development department
All software developers must migrate their servers and workstations to the DNS domain lab.contoso.com to ensure that frequent changes to DNS do not interfere
with the production environment.
Finance department
All servers that host App1 must be migrated to Windows Azure. A new Azure virtual machine (VM) named CL0UD2 must be deployed to Windows Azure.
Sales department
Users in the sales department should not be able to run applications on their laptop computers that are not approved by the security department. Users in the sales
department should have no such restrictions while they work on the desktop computers in the office.
Technical Requirements
App1 requirements
You have the following requirements:

The size of the database for App1 must be increased to 8 TB.
The encryption keys for App1 should not be replicated to the offices where physical server security is not guaranteed.
The amount of disk space that is used by Windows Azure must be minimized.
Infrastructure requirements
You have the following requirements:
The lab.contoso.com DNS domain zone must not be replicated or transferred to DNS servers outside of the London office.
A new DNS domain zone named research.contoso.com must be deployed for users in the research department.
The research.contoso.com DNS domain zone must be protected by using DNS Security Extensions {DNSSEC).
All computers in the London and Madrid offices must install Windows Updates from the server WSUS1.
A new domain controller for the contoso.com domain must be deployed in the Madrid office.
Replication traffic must be minimized when the new domain controllers are deployed.
New WMI filters must not conflict with existing WMI filters.

###EndCaseStudy###

You need To configure the Group Policy for salespeople.
Solution: You create a Group Policy Object (GPO) with an AppLocker policy. You link the GPO to the Computers OU for each location.
Does this meet the goal?

###BeginCaseStudy###

Topic 6, Contoso Ltd, Case B
Background
Overview
Contoso, Ltd., is a software development company. Contoso has a main office in London and two branch offices, one in Madrid and the other in Dublin. The
company is in the process of adopting Microsoft Azure to host business critical resources and applications.
Contoso has an Active Directory Domain Services (AD DS) domain named contoso.com. All devices in the three offices are members of the domain. Each office
has a dedicated organizational unit (OU) in the root of the domain named London. Madrid, and Dublin, respectively. Each office OU has three child OUs named
Computers, Users, and Groups.
The local Administrator account is disabled on all client devices in the domain by using a Group Policy object (GPO) named SecurityConflguration that is linked to
the root of the domain. Contoso’s security department also has a GPO named WSUSConfiguration. WSUSConfiguration defines the configuration of Windows
Update Services on the Windows Server Update Services (WSUS) server named WSUS1.
You have a GPO named RemoteSales that uses a WMI filter. The GPO prevents users from launching applications that are not approved.
DNS Services
Contoso uses a DNS service that is installed on two domain controllers in the main office. The domain controllers are named DO and DC2. Both DO and DC2 run
Windows Server 2008 R2. Both domain controllers host Active Directory integrated zones named contoso.com and lab.contoso.com. The zones are configured to
allow only secure updates.
Research
Contoso creates a new research department to develop integration between Contoso’s software and public cloud services.
Finance Department
Users in the finance department use a client-server application named App1. App1 uses custom Active Directory attributes to store encryption keys. App1 is a
business critical application that must be migrated to Windows Azure.
A server named SERVER2 hosts Appl. SERVER2 runs Windows Server 2008 R2. The disk configuration for SERVER2 is shown in the following table:

A server named SERVER1 hosts a database that is used by Appl. SERVER1 runs Windows Server 2008 R2 and SQL Server 2008 R2. The disk configuration for
SERVER1 is shown in the following table:

The Contoso management team plans to increase the use of Appl. To accommodate these plans, the size of the datable must be increased
Sales Department
Users in the sales department use laptop computers when they travel. Salespeople use a legacy application named ContosoSales on their laptop computers.
Salespeople can use a pool of shared desktop computers in each office.
The ContosoSales app is dependent on a specific registry key that is frequently overwritten by third-party applications. This causes the ContosoSales app to stop
working.
Business Requirements
All DNS servers must be placed in a physically secure location.
Software development department
All software developers must migrate their servers and workstations to the DNS domain lab.contoso.com to ensure that frequent changes to DNS do not interfere
with the production environment.
Finance department
All servers that host App1 must be migrated to Windows Azure. A new Azure virtual machine (VM) named CL0UD2 must be deployed to Windows Azure.
Sales department
Users in the sales department should not be able to run applications on their laptop computers that are not approved by the security department. Users in the sales
department should have no such restrictions while they work on the desktop computers in the office.
Technical Requirements
App1 requirements
You have the following requirements:

The size of the database for App1 must be increased to 8 TB.
The encryption keys for App1 should not be replicated to the offices where physical server security is not guaranteed.
The amount of disk space that is used by Windows Azure must be minimized.
Infrastructure requirements
You have the following requirements:
The lab.contoso.com DNS domain zone must not be replicated or transferred to DNS servers outside of the London office.
A new DNS domain zone named research.contoso.com must be deployed for users in the research department.
The research.contoso.com DNS domain zone must be protected by using DNS Security Extensions {DNSSEC).
All computers in the London and Madrid offices must install Windows Updates from the server WSUS1.
A new domain controller for the contoso.com domain must be deployed in the Madrid office.
Replication traffic must be minimized when the new domain controllers are deployed.
New WMI filters must not conflict with existing WMI filters.

###EndCaseStudy###

You need To configure the Group Policy for salespeople.
Solution: You create a Group Policy Object (GPO) with an AppLocker policy. You link the GPO to the Computers OU for each location.
Does this meet the goal?

A.
Yes

B.
No



Leave a Reply 0

Your email address will not be published. Required fields are marked *