Scribd
Upload
106 views8 pages

ITSA2005 Planning and Implementing Server: Final Assessment

Assesment

Uploaded by

yatin gogna
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
106 views8 pages

ITSA2005 Planning and Implementing Server: Final Assessment

Assesment

Uploaded by

yatin gogna
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 8

ITSA2005

Planning and Implementing Server

Final Assessment

June 2021
ITSA2005-Planning and Imlementing Server
Final Assessment – Part B. Total Time: 1 hours 20 minutes)
The final assessment questions ensure that all the learning outcomes of the unit are met.

Instructions

Submit your answers in the word file, with your student ID and name. Ensure you upload your
file in the given time, once the time is over LMS will not accept any submissions.

ENTER YOUR NAME AND ID BELOW

Student ID. 46453 Name YATIN

Copyright © 2015-2020 VIT, All Rights Reserved. 2


ITSA2005-Planning and Imlementing Server

Attempt all questions, each question carries different marks (30 marks)

Question 1 5 Marks

Your company recently acquired a competitor that also has a presence in cities across the
country/region. By coincidence, the Active Directory structure used by this competitor is
remarkably like your own because its domains are determined by the cities in which its
corporate branches are located.

Given this scenario, answer the following questions:


a. Currently, the divisions between the forests are based on organizational or political
divisions within the enterprise. The company consists of distinctly separate business
units because of acquisitions, mergers, or geographical separation. However, IT
department explained the consequences of compromising project data are severe. Head
of IT department has proposed a solution for it. Explain what could he have proposed
and why? You can apply one of the following three forest design models in your Active
Directory environment. (3 Marks)

b. If the automatically inherited GPO in one of the OU which must be overridden by an


administrator, what kind of GPO application is used. Please mention its two features. (2
marks)

Question 2 5 Marks

You have been brought in by a large corporation to assist in implementing branch office
deployments across the country. Answer the following questions regarding how you would
meet corporate requirements for branch office deployments:

a. The corporate IT department is worried about deploying domain controllers in each


branch, specifically because of the lack of physical security and the risk of a
compromised domain controller (which might result in the entire corporate network
being compromised). How can you minimize the risk of deploying a domain controller in
a branch office? (3 marks)

ANSWER

Copyright © 2015-2020 VIT, All Rights Reserved. 3


ITSA2005-Planning and Imlementing Server
Actual Domain Controllers in branches

In areas in which numerous workers live yet are not genuinely gotten to the extent that
datacenter workers are gotten, actual space regulators ought to be designed with TPM
chips and Bit Locker Drive Encryption for all worker volumes. In the event that an area
regulator can't be put away in secured room branch areas, you ought to consider
conveying RODCs in those areas.

Virtual Domain Controllers in branches

At whatever point conceivable, you should run virtual space regulators in branch
workplaces on independent actual hosts than the other virtual machines in the site. In
branch workplaces in which virtual space regulators can't run on isolated actual hosts
from the remainder of the virtual worker populace, you should execute TPM chips and
Bit Locker Drive Encryption on has on which virtual area regulators run at least, and all
hosts if conceivable. Contingent upon the size of the branch office and the security of
the actual hosts, you ought to consider sending RODCs in branch areas

b. The IT department likes the idea of using RODCs in each branch office, but still has
concerns about some specific user categories that should not have passwords saved to
RODCs. What tool is available to prevent passwords from specific sets of users from
being replicated to an RODC? (2 marks)

The Denied RODC Password Replication Group is utilized to determine clients and
gatherings whose passwords can't be stored on RODCs. Naturally, this gathering
contains different profoundly special clients or gatherings, like area heads. Eliminating
these default clients and gatherings can build the openness of executive passwords to
RODCs. This thus overcomes a portion of the goals of executing RODCs, and may
expand the weakness of the whole Active Directory woodland.

Survey the secret word replication strategy for the RODC. The RODC ought to just be
allowed to reserve passwords for clients who should have the option to sign on
locally, regardless of whether the Wide Area Network (WAN) connection to the focal
IT foundation is disconnected. Without a convincing business case for eliminating
default individuals from the Denied RODC Password Replication Group, reestablish all
default individuals to the gathering.

Copyright © 2015-2020 VIT, All Rights Reserved. 4


ITSA2005-Planning and Imlementing Server

Question 3 10 Marks

You are a new administrator for the Contoso Corporation, which is a leading company in
producing smart devices for the home. Contoso company is widely using VPN for the remote
access. After a meeting with your manager and your team, you decided to swap some of the
traditional VPN access with the DirectAccess.

a. What type of VPN connection can be used for connecting the sites each other? Justify
the protocol which can be used in such type of VPN connection. (5 Marks)

b. What advantages does DirectAccess provide over the traditional VPN solutions? (2
Marks)

Advantages of Direct Access over the traditional VPN solutions are:

 Expanded Security. A Direct Access customer should be joined to the corporate


space, as its Active Directory PC account is utilized as a piece of the confirmation
cycle.

 Improved Compliance

 Usability and Reduced Support Costs

 Worked on Provisioning and De-provisioning

c. You have a Microsoft SharePoint server and a Microsoft Exchange server in your main
branch. You have been asked to make these applications available through Web so you
remote clients can use these applications. Explain how you would accomplish this task.
(3 Marks)

Copyright © 2015-2020 VIT, All Rights Reserved. 5


ITSA2005-Planning and Imlementing Server

ANSWER

Microsoft SharePoint Server

In the event that the SharePoint site utilizes claims-based validation, you should utilize
the Add Relying Party Trust Wizard to arrange the depending party trust for the
application.

On the off chance that the SharePoint site utilizes Integrated Windows confirmation,
you should utilize the Add Non-Claims-Based Relying Party Trust Wizard to arrange the
depending party trust for the application. You can utilize IWA with a cases based web
application given that you arrange KDC.

To permit clients to validate utilizing Integrated Windows verification, the Web


Application Proxy worker should be joined to a space.

You should arrange the application to help Kerberos compelled assignment. You can do
this on the space regulator for any application. You can likewise design the application
straightforwardly on the backend worker on the off chance that it is running on
Windows Server 2012 R2 or Windows Server 2012

On the off chance that your SharePoint site is designed utilizing either substitute access
mappings (AAM) or host-named site assortments, you can utilize distinctive outer and
backend worker URLs to distribute your application. Be that as it may, on the off chance
that you don't arrange your SharePoint site utilizing AAM or host-named site
assortments, you should utilize a similar outside and backend worker URLs.

Microsoft Exchange Server

To distribute Outlook Web App utilizing Integrated Windows verification, you should
utilize the Add Non-Claims-Based Relying Party Trust Wizard to design the depending
party trust for the application.

To permit clients to confirm utilizing Kerberos compelled appointment the Web


Application Proxy worker should be joined to a space.

Copyright © 2015-2020 VIT, All Rights Reserved. 6


ITSA2005-Planning and Imlementing Server

You should arrange the application to help Kerberos confirmation. Also you need to
enroll an assistance chief name (SPN) to the record that the web administration is
running under. You can do this on the space regulator or on the backend workers. In a
heap adjusted Exchange climate this would require utilizing the Alternate Service
Account, see Configuring Kerberos verification for load-adjusted Client Access workers

You can likewise arrange the application straightforwardly on the backend worker on
the off chance that it is running on Windows Server 2012 R2 or Windows Server 2012.

Question 4 5 Marks

You are being consulted on updating a large corporation’s DHCP implementation. This
organization has a corporate headquarters with a centralized datacenter and multiple branch
offices. Each branch office has a single server operating as a DHCP server, DNS server, and
domain controller. The corporation’s IT department is located entirely at its headquarters and it
needs to be able to efficiently monitor and manage DHCP services throughout the company.

An additional corporate requirement is to ready its network for IPv6. The IT department wants
to minimize the configuration workload for its IPv6 implementation for the time being. Finally,
your client wants to allow guest devices on the network but needs to be able to distinguish
these guest devices from those that are corporate owned in DNS.

a. DNS client performs a typical name resolution query for the Company’s DNS: it.abc.net.
Please identify 1) Root Domain 2) Top-Level Domain 3) Domains and 4) Sub-domains in
the given DNS – support.airpod.com.au. (3 Marks)

b. The big draw for IPAM is being able to reduce the management workload for
administrators. Explain? (2 marks)

ANSWER

IPAM is another component in Windows Server 2012, endeavors have been made to
facilitate the workload of turning up the IPAM administration. A large part of the cycle
is mechanized, as we've effectively examined, however a few situations don't loan

Copyright © 2015-2020 VIT, All Rights Reserved. 7


ITSA2005-Planning and Imlementing Server

themselves to programmed the executives and design in IPAM. Outsider DHCP


workers or static IP locations may require a bigger number of involved exertion than
address ranges oversaw by Microsoft DHCP workers, yet there are still instruments
accessible to move these addresses into IPAM.

Question 5 5 Marks

You are working as a Network Administrator of a company with 200 computers running
Windows 8 and 8.1. The Operating System of all computers need to be updated to Windows 10
and you have been asked to propose a solution for this task. Discuss your deployment strategy
in which you can efficiently upgrade computers with minimum time and effort.

ANSWER

In the given situation we can utilize the set up update technique to convey windows 10. It's
anything but a proficient methodology to move up to windows 10 from existing windows 8
and 8.1 on the grounds that set up redesign consequently shields the settings, records, and
drivers from the momentum windows rendition. Another benefit of this methodology is the
point at which the up gradation didn't happen effectively it can consequently hamper to the
previous windows form.

To redesign 200 PCs, we can play out a set up overhaul system with a light touch high volume
organization technique with the assistance of Microsoft arrangement toolbox, Microsoft
Desktop Optimization Pack, Windows worker update administrations, setup administrator,
and so on We can without much of a stretch overhaul the windows with least time and
exertion utilizing these strategies and devices.

Copyright © 2015-2020 VIT, All Rights Reserved. 8

You might also like