Q1. HOTSPOT - (Topic 8)
Your network contains an Active Directory domain named contoso.com.
The domain has a certification authority (CA). You create four certificate templates. The templates are configured as shown in the following table:
You install the Remote Access server role in the domain.
You need to configure DirectAccess to use one-time password (OTP) authentication.
What should you do? To answer, select the appropriate options in the answer area,
Answer:
Q2. - (Topic 8)
Your network contains an Active Directory forest named contoso.com.
You plan to deploy 200 Hyper-V hosts by using Microsoft System Center 2012 Virtual Machine Manager (VMM) Service Pack 1 (SP1).
You add a PXE server to the fabric.
You need to identify which objects must be added to the VMM library for the planned deployment.
What should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
A. A host profile
B. A capability profile
C. A hardware profile
D. A generalized image
E. A service template
Answer: A,D
Explanation: Templates and profiles are used to standardize the creation of virtual
machines and services.
These configurations are stored in the VMM database but are not represented by physical
configuration files.
(D)
There are several new types of templates and profiles in VMM, most of which are used for service creation.
(A)
There are also host profiles, used for deploying a Hyper-V host from a bare-metal computer, and capability profiles, used to specify the capabilities of virtual machines on each type of supported hypervisor when virtual machines are deployed to a private cloud.
Note:
* host profile:
A Virtual Machine Manager library resource that contains hardware and operating system
configuration settings to convert a bare-metal computer to a managed Hyper-V host.
*capability profile:
A Virtual Machine Manager library resource that defines which resources (for example,
number of processors or maximum memory) are available to a virtual machine that is
created in a private cloud.
Q3. - (Topic 8)
A company has a single-forest and single Active Directory Domain Services (AD DS) domain named Fabrikam.com that runs Windows 2012 Server. The AD DS forest functional level and the domain functional level are both set to Windows 2008 R2. You use IP Address Management (IPAM) as the IP management solution. You have two DHCP Servers named DHCP1 and DHCP2, and one IPAM server named IPAM1.
The company plans to acquire a company named Contoso, Ltd., which has a single-forest and single-domain AD DS named contoso.com. The forest functional level and domain functional level of Contoso.com is set to Windows 2008. All servers at Contoso run Windows Server 2008. The IP management solution at Contoso is based on a single DHCP server named SERVER3.
The total number of users in both companies will be 5000.
You have the following requirements:
. The solution must be able to allocate up to three IP addresses per user.
. All IP address leases must be renewed every two days. You need to ensure that the corresponding servers will have enough capacity to store six years of IP utilization data and eight months of event catalog data.
What should you recommend?
A. Add at least 20 GB of storage to the IPAM server.
B. Migrate Contoso.com to Fabrikam.com.
C. Establish a forest trust between Contoso.com and Fabrikam.com.
D. Upgrade SERVER3 to Windows Server 2012.
Answer: D
Q4. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8.
The corporate security policy states that all of the client computers must have the latest
security updates installed.
You need to implement a solution to ensure that only the client computers that have all of
the required security updates installed can connect to VLAN 1. The solution must ensure
that all other client computers connect to VLAN 3.
Solution: You implement the VPN enforcement method.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation: VPN Enforcement need to be setup in connection with NAP (Network Access Protection).
Q5. DRAG DROP - (Topic 8)
You manage a Network Policy Server (NPS) infrastructure that contains four servers named NPSPRX01, NPS01, NPS02, and NPS03. All servers run Microsoft Windows Server 2012 R2. NPSPRX01 is configured as an NPS proxy. NPS01, NPS02, and NPS03 are members of a remote RADIUS server group named GR01. GR01 is configured as shown below:
You need to ensure that authentication requests are identified even when a server is unavailable.
If a given server is unavailable, which percentage of authentication requests will another server manage? To answer, drag the appropriate value to the correct scenario. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q6. - (Topic 1)
You are planning the implementation of two new servers that will be configured as RADIUS servers.
You need to recommend which configuration must be performed on the VPN servers. The solution must meet the technical requirements.
What should you do on each VPN server?
A. Add a RADIUS client.
B. Install the Health Registration Authority role service.
C. Enable DirectAccess.
D. Modify the authentication provider.
Answer: D
Explanation:
* Implement RADIUS authentication for VPN connections.
* The new sales.contoso.com domain will contain a web application that will access data from a Microsoft SQL Server located in the contoso.com domain. The web application must use integrated Windows authentication. Users' credentials must be passed from the web applications to the SQL Server.
Q7. HOTSPOT - (Topic 8)
Your network contains an Active Directory domain named contoso.com. You plan to implement multiple DHCP servers.
An administrator named Admin1 will authorize the DHCP servers. You need to ensure that Admin1 can authorize the planned DHCP servers.
To which container should you assign Admin1 permissions? To answer, select the appropriate node in the answer area.
Answer:
Q8. - (Topic 5)
You need to configure the connection between the new remote branch office and the existing branch offices.
What should you create?
A. SMTP site link
B. Forest trust
C. Certification authority
D. IP subnet
Answer: A
Q9. - (Topic 8)
Your company has a main office and 20 branch offices. All of the offices connect to each other by using a WAN link.
The network contains an Active Directory forest named contoso.com. The forest contains a domain for each office. The forest root domain contains all of the server resources.
Each branch office contains two domain controllers for the branch office domain and one domain controller for the contoso.com domain.
Each branch office has a support technician who is responsible for managing the accounts of their respective office only.
You recently updated all of the WAN links to high-speed WAN links.
You need to recommend changes to the Active Directory infrastructure to meet the following requirements:
. Reduce the administrative overhead of moving user accounts between the offices.
. Ensure that the support technician in each office can manage the user accounts of their respective office.
What should you include in the recommendation? More than one answer choice may achieve the goal. Select the BEST answer.
A. Create a new child domain named corp.contoso.com. Create a shortcut trust between each child domain and corp.contoso.com.
B. Create shortcut trusts between each child domain. In the main office, add a domain controller to each branch office domain.
C. Move all of the user accounts of all the branch offices to the forest root domain. Decommission all of the child domains.
D. Create a new forest root domain named contoso.local. Move all of the user accounts of all the branch offices to the new forest root domain. Decommission all of the child domains.
Answer: C
Explanation: The most basic of all Active Directory structures is the single domain model; this type of domain structure comes with one major advantage over the other models: simplicity. A single security boundary defines the borders of the domain, and all objects are located within that boundary. The establishment of trust relationships between other domains is not necessary, and implementation of technologies such as Group Policies is made easier by the simple structure.
Q10. - (Topic 8)
Your network contains an Active Directory forest. The forest contains two Active Directory domains named contoso.com and child.contoso.com. The forest functional level is Windows Server 2003. The functional level of both domains is Windows Server 2008.
The forest contains three domain controllers. The domain controllers are configured as shown in the following table.
DC1 and DC2 have the DNS Server server role installed and are authoritative for both contoso.com and child.contoso.com.
The child.contoso.com domain contains a server named serverl.child.contoso.com that runs Windows Server 2012.
You plan to deploy server1.child.contoso.com as a read-only domain controller (RODC).
You run the adprep.exe /rodcprep command on DC3 and receive the following error message:
You need to identify what prevents you from successfully running Adprep /rodcprep on DC3.
What should you identify?
A. The domain functional level of child.contoso.com is set to the wrong level.
B. DC3 cannot connect to the infrastructure master on DC2.
C. DC3 cannot connect to the domain naming master on DC1.
D. The forest functional level is set to the wrong level.
Answer: B
Explanation: Adprep could not contact a replica…
This problem occurs when the Adprep /rodcprep command tries to contact the
infrastructure master for each application partition in the forest.
Reference: Error message when you run the "Adprep /rodcprep" command in Windows
Server 2008: "Adprep could not contact a replica for partition
DC=DomainDnsZones,DC=Contoso,DC=com"