Which port or ports should you identify?

###BeginCaseStudy###
Case Study: 2
Contoso Ltd
Scenario
Contoso, Ltd. is a manufacturing company.
Contoso has a main office and six branch offices. The main office is located in Toronto. The branch
offices are located in New York, Seattle, Miami, Montreal, Los Angeles, and Vancouver.
Existing Environment
Active Directory Environment
The network contains an Active Directory forest named contoso.com. The forest contains a child
domain for each office.
Active Directory currently contains 7,500 user accounts and 15,000 computer accounts.
Network Infrastructure
All servers are located in a data center in Toronto. The data center contains multiple subnets that
are separated by firewalls.
The Toronto data center contains a cluster that runs Microsoft SQL Server 2008 Enterprise Service
Pack 1 (SP1).
Four servers are unused and are being considered as potential Hyper-V hosts. The servers are
configured as shown in the following table.

All of the servers being considered as potential Hyper-V hosts have both locally attached storage and
access to a SAN.

Help Desk Environment
Contoso uses a help desk ticketing system that was developed in-house. Fifty help desk agents have
access to the ticketing system. The ticketing system currently tracks:
• An average of two new incidents per month, per client computer
• An average of 2,000 change requests per month
Disaster Recovery Environment
Contoso uses a third-party backup solution. Backups are scheduled for the servers in the
Seattle office as follows:
• The daily incremental backups total 10 GB.
• The total size of data to back up is 100 GB.
• Backed up data is retained for 10 business days.
Problem Statements
The original developers of the help desk ticketing system are no longer employed by Contoso and
maintenance of the system is becoming an issue.
Requirements
Planned Changes
Contoso plans to move the IT infrastructure to a private cloud. Whenever possible, hardware and
software costs must be minimized.
Contoso plans to open a small office in Beijing. System Center 2012 App Controller will be used to
manage applications. The display names of the applications will be in Simplified Chinese Pinyin IME.
New physical servers will be deployed by using System Center 2012 Configuration
Manager from a server named Servers. Servers will also be a PXE service point.
The current backup solution will be replaced with System Center 2012 Data Protection Manager
(DPM).
A public key infrastructure (PKI) will be deployed to issue and manage certificates. The PKI
deployment must be made as secure as possible.
Hardware load balancers will be deployed for use in the deployment of private cloud services.
Cloud Requirements
Contoso plans to implement a cloud solution that meets the following requirements:
• Stores all virtual machines on the SAN only.
• Uses SAN copy to provision the virtual machines.
• Provides the ability to manage the resolution of incidents.
• Contains managed virtual machines across both private and public clouds.
• Provides the ability to customize the settings of management packs provided by Microsoft.
• Collects security events from all of the servers running in the private cloud and provides
centralized reporting on the events.
App1 Requirements
A new application named App1 will be deployed to the private cloud. App1 is a three-tier application
that contains the following components:
• A front-end tier that runs a web server. The tier must be highly available and capable of
being quickly scaled out if required.
• A middle tier that runs an application server.
• A back-end tier that runs a database.
App2 Requirements
An application named App2 will be deployed to the public cloud. Users will be authenticated by
using the on-premises Active Directory. The users must be able to access App2 without being
prompted for authentication again.
###EndCaseStudy###

You need to identify which UDP port or ports must be opened on any of the firewalls between
Server5 and all of the subnets in the data center. The solution must minimize the number of ports
opened on the firewall. Which port or ports should you identify? (Each correct answer presents part
of the solution. Choose all that apply.)

###BeginCaseStudy###
Case Study: 2
Contoso Ltd
Scenario
Contoso, Ltd. is a manufacturing company.
Contoso has a main office and six branch offices. The main office is located in Toronto. The branch
offices are located in New York, Seattle, Miami, Montreal, Los Angeles, and Vancouver.
Existing Environment
Active Directory Environment
The network contains an Active Directory forest named contoso.com. The forest contains a child
domain for each office.
Active Directory currently contains 7,500 user accounts and 15,000 computer accounts.
Network Infrastructure
All servers are located in a data center in Toronto. The data center contains multiple subnets that
are separated by firewalls.
The Toronto data center contains a cluster that runs Microsoft SQL Server 2008 Enterprise Service
Pack 1 (SP1).
Four servers are unused and are being considered as potential Hyper-V hosts. The servers are
configured as shown in the following table.

All of the servers being considered as potential Hyper-V hosts have both locally attached storage and
access to a SAN.

Help Desk Environment
Contoso uses a help desk ticketing system that was developed in-house. Fifty help desk agents have
access to the ticketing system. The ticketing system currently tracks:
• An average of two new incidents per month, per client computer
• An average of 2,000 change requests per month
Disaster Recovery Environment
Contoso uses a third-party backup solution. Backups are scheduled for the servers in the
Seattle office as follows:
• The daily incremental backups total 10 GB.
• The total size of data to back up is 100 GB.
• Backed up data is retained for 10 business days.
Problem Statements
The original developers of the help desk ticketing system are no longer employed by Contoso and
maintenance of the system is becoming an issue.
Requirements
Planned Changes
Contoso plans to move the IT infrastructure to a private cloud. Whenever possible, hardware and
software costs must be minimized.
Contoso plans to open a small office in Beijing. System Center 2012 App Controller will be used to
manage applications. The display names of the applications will be in Simplified Chinese Pinyin IME.
New physical servers will be deployed by using System Center 2012 Configuration
Manager from a server named Servers. Servers will also be a PXE service point.
The current backup solution will be replaced with System Center 2012 Data Protection Manager
(DPM).
A public key infrastructure (PKI) will be deployed to issue and manage certificates. The PKI
deployment must be made as secure as possible.
Hardware load balancers will be deployed for use in the deployment of private cloud services.
Cloud Requirements
Contoso plans to implement a cloud solution that meets the following requirements:
• Stores all virtual machines on the SAN only.
• Uses SAN copy to provision the virtual machines.
• Provides the ability to manage the resolution of incidents.
• Contains managed virtual machines across both private and public clouds.
• Provides the ability to customize the settings of management packs provided by Microsoft.
• Collects security events from all of the servers running in the private cloud and provides
centralized reporting on the events.
App1 Requirements
A new application named App1 will be deployed to the private cloud. App1 is a three-tier application
that contains the following components:
• A front-end tier that runs a web server. The tier must be highly available and capable of
being quickly scaled out if required.
• A middle tier that runs an application server.
• A back-end tier that runs a database.
App2 Requirements
An application named App2 will be deployed to the public cloud. Users will be authenticated by
using the on-premises Active Directory. The users must be able to access App2 without being
prompted for authentication again.
###EndCaseStudy###

You need to identify which UDP port or ports must be opened on any of the firewalls between
Server5 and all of the subnets in the data center. The solution must minimize the number of ports
opened on the firewall. Which port or ports should you identify? (Each correct answer presents part
of the solution. Choose all that apply.)

A.
67

B.
69

C.
389

D.
3389

E.
4010

F.
4011

Explanation:
* from Scenario:
/ All servers are located in a data center in Toronto. The data center contains multiple subnets that
are separated by firewalls.
The Toronto data center contains a cluster that runs Microsoft SQL Server 2008 Enterprise Service
Pack 1 (SP1).
A: Network Access Protection
For client computers to successfully communicate with the System Health Validator point, allow the
following ports:
Outbound: UDP 67 and UDP 68 for DHCP
C: LDAP
389/TCP389/UDP
Used between DPM and the domain controller for queries.
If the computers you want to protect reside behind a firewall, you must configure the firewall to
allow communication between the DPM server, the computers it protects, and the domain
controllers.
F: Boot Information Negotiation Layer (BINL)
UDP port 4011



Leave a Reply 1

Your email address will not be published. Required fields are marked *