1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

70-294 QOTD for May 18th

Discussion in 'Active Directory Exams' started by tripwire45, May 18, 2004.

  1. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    Cartman is experimenting with a plan to improve profile generation through the corporate firewall of his company using Windows Server 2003 Active Directory domains. He has created a test parent domain called test.local inside the firewall and a child domain called child1.test.local on the other side of the firewall in the demilitarized zone (DMZ). He shows the test network to Phil, the company's sys admin and tells Phil what he has in mind. What sort of answers would Phil give Cartman under these circumstances. Choose all that apply.

    A. Phil tells Cartman that the plan should work out but he has to open port 389 for LDAP and port 445 for RPC to make sure that replication will properly occur between the child domain in the DMZ and the root domain inside.

    B. Phil tells Cartman that his plan will leave the internal domain vulnerable should someone compromise the child domain in the DMZ. Phil suggests that Cartman instead implement Active Directory Application Mode (ADAM) instead of Active Directory. Phil also recommends creating a separate external forest for the DMZ instead of a child domain.

    C. Phil tells Cartman that his plan will leave the internal domain vulnerable should someone compromise the child domain in the DMZ. Phil suggests that Cartman instead implement Microsoft Identity Integration Feature Pack (IIFP) which is specifically designed to integrate identity data between several ADs. Phil also suggests creating a separate external forest for the DMZ instead of a child domain.

    D. Phil tells Cartman that creating a child domain in the DMZ is a security risk and that configuring any replication between a child domain and the root domain across a corporate firewall would leave the internal domain structure exposed. Phil reminds Cartman that Windows Server 2003 already handles replication between domains and forests connected by WAN links and that the additional work he has done would not improve performance.

    Answer tomorrow.
     
    Certifications: A+ and Network+
  2. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    Ok, I admit...I wanted this one to be a bit challenging. Our resident AD experts Ryan and Phil can blow most normal questions away with hardly a sneeze so I thought I'd present a slightly more interesting puzzle. Please feel free to take a crack at it. Heck, you can post here just to tell me that I'm out of my mind, if you'd like. Anyway, still plenty of time left. Take a shot at it.
     
    Certifications: A+ and Network+
  3. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Alright Trip, I'll pick C.
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  4. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    Good lad, nugget! Any other takers?
     
    Certifications: A+ and Network+
  5. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    Answer soon! Dive in! Phil? Ryan? Anyone?
     
    Certifications: A+ and Network+
  6. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    Guess nugget was the only player today. Time's up. Correct answer is B and C. Setting up a child domain in the DMZ is dangerous but if you need to have an AD forest operating on the parameter, you can set up a separate, external forest outside the firewall. ADAM is a free lightweight directory tool that works with Server 2003. Also, IIFP creates a link between an external and internal directory through port 339 but is still safer than opening the port for AD replication since it's not a direct link. IIFP is also safer because users in the external forest are designated as contacts, not security principals which adds more protection for the internal forest.

    Ok, so maybe this one was over the top. I got it from an article by Danielle and Nelson Ruest published in the May 2004 edition of Windows Server System magazine. The Ruests most recently published book is Windows Server 2003 Pocket Administrator so I guess they know what they're talking about (and no, I am not getting any kickbacks for mentioning their book...I don't even know them...honest).

    I'll try to be more reasonable tomorrow and return to the regular textbooks.
     
    Certifications: A+ and Network+
  7. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    Thanks for that one trip, was a real challenge, I didnt make the deadline but I did spend the afternoon reading about ADAM, IIFP and ISA server and such, the question required me to do some research which i enjoyed alot more than just knowing the answer

    thanks for that one mate :)
    *wonders if i will have to know that stuff for the exam* lol
    probably not being that the correct answers involve external products not native to 2003 (the exams dont usually reference other programs, even ones in Resource kits and Deployment kits)
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  8. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    Ok...so I cheated. :D
     
    Certifications: A+ and Network+

Share This Page

Loading...