###BeginCaseStudy###
Testlet 1
Overview
Contoso, Ltd. is a manufacturing company.
Contoso has a main office and six branch offices. The main office is located in Toronto. The branch offices are
located in New York, Seattle, Miami, Montreal, Los Angeles, and Vancouver.
Existing Environment
Active Directory Environment
The network contains an Active Directory forest named contoso.com. The forest contains a child domain for
each office.
Active Directory currently contains 7,500 user accounts and 15,000 computer accounts.
Network Infrastructure
All servers are located in a data center in Toronto. The data center contains multiple subnets that are separated
by firewalls.
The Toronto data center contains a cluster that runs Microsoft SQL Server 2008 Enterprise Service Pack 1
(SP1).
Four servers are unused and are being considered as potential Hyper-V hosts. The servers are configured as
shown in the following table.
All of the servers being considered as potential Hyper-V hosts have both locally attached storage and access to
a SAN.
Help Desk Environment
Contoso uses a help desk ticketing system that was developed in-house. Fifty help desk agents have access to
the ticketing system.
The ticketing system currently tracks:
An average of two new incidents per month, per client computer
An average of 2,000 change requests per month
Disaster Recovery Environment
Contoso uses a third-party backup solution. Backups are scheduled for the servers in the Seattle office as
follows:
The daily incremental backups total 10 GB.
The total size of data to back up is 100 GB.
Backed up data is retained for 10 business days.
Problem Statements
The original developers of the help desk ticketing system are no longer employed by Contoso and maintenance
of the system is becoming an issue.
RequirementsPlanned Changes
Contoso plans to move the IT infrastructure to a private cloud.
Whenever possible, hardware and software costs must be minimized.
Contoso plans to open a small office in Beijing. System Center 2012 App Controller will be used to manage
applications. The display names of the applications will be in Simplified Chinese Pinyin IME.
New physical servers will be deployed by using System Center 2012 Configuration Manager from a server
named Server5. Server5 will also be a PXE service point.
The current backup solution will be replaced with System Center 2012 Data Protection Manager (DPM).
A public key infrastructure (PKI) will be deployed to issue and manage certificates. The PKI deployment must
be made as secure as possible.
Hardware load balancers will be deployed for use in the deployment of private cloud services.
Cloud Requirements
Contoso plans to implement a cloud solution that meets the following requirements:
Stores all virtual machines on the SAN only.
Uses SAN copy to provision the virtual machines.
Provides the ability to manage the resolution of incidents.
Contains managed virtual machines across both private and public clouds.
Provides the ability to customize the settings of management packs provided by Microsoft.
Collects security events from all of the servers running in the private cloud and provides centralized
reporting on the events.
App1 Requirements
A new application named App1 will be deployed to the private cloud. App1 is a three-tier application that
contains the following components:
A front-end tier that runs a web server. The tier must be highly available and capable of being quickly scaled
out if required.
A middle tier that runs an application server.
A back-end tier that runs a database.
App2 Requirements
An application named App2 will be deployed to the public cloud. Users will be authenticated by using the onpremises Active Directory. The users must be able to access App2 without being prompted for authentication
again.
###EndCaseStudy###
You need to recommend a deployment topology for the PKI. The deployment topology must meet the cloud
requirements.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A.
An online enterprise root certification authority (CA) only
B.
An online standalone root certification authority (CA) only
C.
An offline root certification authority (CA) and an online enterprise subordinate CA
D.
An offline root certification authority (CA) and an online standalone subordinate CA
Explanation:
https://blogs.technet.microsoft.com/askds/2009/09/01/designing-and-implementing-a-pki-part-i-design-andplanning/