Final scenario assessment
The capstone. Twelve to fifteen scored scenarios that bundle multiple decisions per ticket, the way real work does.
The earlier knowledge checks confirm you’ve read the lessons. The final assessment confirms you can decide.
The scenarios bundle two or three decisions into one ticket, the way real work does. The pass mark is calibrated so that mistakes in the highest-blast-radius categories (transfers, DNSSEC) carry more weight than mistakes in lower-stakes categories.
What the assessment looks like
The LMS draws 12-15 scenarios from a larger pool. The pool spans every course in the track:
- Foundation: four-layer model, contacts, lifecycle, ccTLD pattern, record fundamentals (A, MX, TXT, TTL, propagation).
- Records and mail authentication: SRV, CAA, NS delegation, PTR, lookup tools, SPF / DKIM / DMARC.
- Transfers and judgement: the three transfers, registrar transfer mechanics, DNS host transfer dual-provisioning, DNSSEC safe-disable, cardinal sins, two-question test, escalation calibration.
Each scenario has multiple decision points; each decision is scored individually. The scoring weighs irreversible-action mistakes heavier than recoverable ones. Failures in DNSSEC or transfer scenarios are flagged separately so the senior reviewing knows which categories need extra attention.
How to approach it
Treat each scenario the way you’d treat a real ticket:
- Read fully before clicking anything.
- Run the mental 30-second health check if the scenario gives you a domain.
- Apply the two-question test to any proposed action.
- Check against the cardinal sins before clicking.
- Make the decision the scenario asks for.
The LMS reorders questions per attempt, so order isn’t memorisable. Each attempt presents different scenarios from the pool. Memorising specific answers doesn’t help; understanding the framework does.
Pass mark and what it means
What this is NOT
- “Memorise the answers; the pool stays the same.” The pool changes, and the LMS reorders attempts. Memorisation doesn’t transfer.
- “Choose the maximally-cautious answer always.” Escalate is the right answer for some scenarios and the wrong one for others. A tech who escalates everything is no more useful than a tech who escalates nothing. Calibration is the skill.
- “If I score below the pass mark, I’ve failed.” Treat it as feedback. Revisit the lessons in the categories where you struggled and retake. Re-takes draw different scenarios, so memorising the first attempt doesn’t help — the second rewards genuine learning.
A representative scenario
Try this against the frameworks before clicking through to the LMS attempt.
A new client (signed last week) emails: we want to consolidate everything at Cloudflare. Move our domain registration to Cloudflare Registrar, point DNS to Cloudflare DNS, and migrate the website to Cloudflare Pages. The current setup is GoDaddy for registrar and DNS, our own VPS for the website, and Microsoft 365 for mail. Everything should be done by the end of the month — two weeks.
A reasonable plan applies multiple lessons:
- Four-layer assessment — current vs proposed (M365 mail unchanged throughout).
- Check DNSSEC first (
dig DS example.com). If on, safe-disable sequence is mandatory and the timeline tightens. - Registrar transfer pre-flight — admin contact live, outside 60-day post-registration lock.
- Sequence the operations — DNS host transfer first (dual-provisioned), then web migration, then registrar transfer. DNSSEC handling, if applicable, gates the DNS host step.
- Keep mail at M365 throughout — MX, SPF, DKIM, DMARC stay; the new DNS host gets these records identically.
- TTL discipline before each step; verify after each cutover.
- Confirm the plan with the client and senior before starting.
The right answer in the LMS scenario isn’t a single click; it’s a sequence of correct calls across multiple decisions in the same scenario.
What’s next
After the LMS attempt, your MSP’s own shadow-and-sign-off process is the next step. From there, live tickets — applying the frameworks this track built.
Future learning that pairs with this track: a dedicated email authentication design concept course (SPF flattening, DMARC ramp, third-party senders, alignment debugging) for techs ready to go beyond identify-and-apply; a dedicated certificates and PKI concept course for techs whose work touches CAA more deeply.