Q1. - (Topic 8)
You have a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role installed.
You need to recommend changes to the DNS infrastructure to protect the cache from cache poisoning attacks.
What should you configure on Server1?
A. DNS cache locking
B. The global query block list
C. DNS Security Extensions (DNSSEC)
D. DNS devolution
Answer: A
Explanation: Ache locking is a new feature available if your DNS server is running Windows Server 2008 R2. When you enable cache locking, the DNS server will not allow cached records to be overwritten for the duration of the time to live (TTL) value. Cache locking provides for enhanced security against cache poisoning attacks.
Q2. - (Topic 8)
You plan to deploy multiple servers in a test environment by using Windows Deployment Services (WDS).
You need to identify which network services must be available in the test environment to deploy the servers.
Which network services should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
A. Active Directory Domain Services (AD DS)
B. DNS
C. DHCP
D. WINS
E. Active Directory Lightweight Directory Services (AD LDS)
F. Network Policy Server (NPS)
Answer: A,B,C
Explanation: Prerequisites for installing Windows Deployment Services
* (A) Active Directory Domain Services (AD DS).
Windows Deployment Services server must be a member of an Active Directory Domain
Services (AD DS) domain or a domain controller for an AD DS domain.
* (B) DNS. You must have a working Domain Name System (DNS) server on the network
before you can run Windows Deployment Services.
* (C): DHCP. You must have a working Dynamic Host Configuration Protocol (DHCP)
server with an active scope on the network because Windows Deployment Services uses
PXE, which relies on DHCP for IP addressing.
* NTFS volume.
Reference: Windows Deployment Services Overview
http://technet.microsoft.com/en-us/library/hh831764.aspx
Q3. - (Topic 8)
Your network contains an Active Directory forest named contoso.com.
You plan to deploy 200 new physical servers during the next 12 months by using Windows
Deployment Services (WDS). You identify four server builds for the 200 servers as shown in the following table.
You need to recommend the minimum number of images that must be created for the planned deployment.
How many images should you recommend?
A. 1
B. 2
C. 3
D. 4
Answer: B
Explanation:
One image for the Full Installation of Windows Server 2012, and one image for Server Core installation of Windows Server 2012.
Q4. HOTSPOT - (Topic 5)
You need to design the acquisition strategy for Margie's Travel.
What should you do? To answer, select the appropriate option for each action in the answer area.
Answer:
Q5. - (Topic 8)
Your network contains an Active Directory domain named contoso.com.
Your company has 100 users in the sales department. Each sales user has a domain-joined laptop computer that runs either Windows 7 or Windows 8. The sales users rarely travel to the company's offices to connect directly to the corporate network.
You need to recommend a solution to ensure that you can manage the sales users' laptop computers when the users are working remotely.
What solution should you include in the recommendation?
A. Deploy the Remote Access server role on a server on the internal network.
B. Deploy the Network Policy and Access Services server role on a server on the internal network.
C. Deploy a Microsoft System Center 2012 Service Manager infrastructure.
D. Deploy a Microsoft System Center 2012 Operations Manager infrastructure.
Answer: D
Explanation:
Incorrect:
Not A: The Remote Access server role just give access to the remote computers, but you
need to MANAGE their computers.
Q6. - (Topic 8)
Your network contains an Active Directory domain named contoso.com.
On several organizational units (OUs), an administrator named Admin1 plans to delegate control of custom tasks. You need to ensure that Admin1 can delegate a custom task named Task1 by using the Delegation of Control Wizard.
What should you do?
A. Add a new class to the Active Directory schema.
B. Configure a custom MMC console.
C. Modify the Delegwiz.inf file.
D. Configure a new authorization store by using Authorization Manager.
Answer: C
Explanation:
To add a task to the Delegation Wizard, you must create a task template by using the
following syntax in the Delegwiz.inf file
;---------------------------------------------------------
[template1]
AppliesToClasses=<comma delimited list of object types to which this
template applies; for example, if "organizationalUnit" is in the list,
this template will be shown when the Delegation Wizard is invoked on
an OU>
Description = "<task description which will appear in the wizard>"
Etc.
Reference: How to customize the task list in the Delegation Wizard http://support.microsoft.com/kb/308404
Q7. DRAG DROP - (Topic 5)
You need to design the file management solution.
What should you do? To answer, drag the appropriate technology to the correct office. Each technology may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q8. - (Topic 8)
Your company, which is named Contoso, Ltd., has a main office and two branch offices. The main office is located in North America. The branch offices are located in Asia and Europe.
You plan to design an Active Directory forest and domain infrastructure.
You need to recommend an Active Directory design to meet the following requirements:
* The contact information of all the users in the Europe office must not be visible to the users in the other offices.
* The administrators in each office must be able to control the user settings and the computer settings of the users in their respective office.
The solution must use the least amount of administrative effort.
What should you include in the recommendation?
A. One forest that contains three domains
B. Three forests that each contain one domain
C. Two forests that each contain one domain
D. One forest that contains one domain
Answer: D
Explanation: * The most basic of all Active Directory structures is the single domain model; this type of domain structure comes with one major advantage over the other models: simplicity. A single security boundary defines the borders of the domain, and all objects are located within that boundary. The establishment of trust relationships between other domains is not necessary, and implementation of technologies such as Group Policies is made easier by the simple structure.
Q9. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8.
The corporate security policy states that all of the client computers must have the latest security updates installed.
You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.
Solution: You implement the DHCP Network Access Protection (NAP) enforcement method.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation: Implementing DHCP NAP to Enforce WSUS Updates
Q10. - (Topic 8)
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The main office contains domain controllers that run Windows Server 2012. The branch office contains a read-only domain controller (RODC) that runs Windows Server 2012.
You need to recommend a solution to control which Active Directory attributes are replicated to the RODC.
What should you include in the recommendation?
A. The partial attribute set
B. The filtered attribute set
C. Application directory partitions
D. Constrained delegation
Answer: B
Explanation: RODC filtered attribute set
Some applications that use AD DS as a data store might have credential-like data (such as passwords, credentials, or encryption keys) that you do not want to be stored on an RODC in case the RODC is compromised. For these types of applications, you can dynamically configure a set of attributes in the schema for domain objects that will not replicate to an RODC. This set of attributes is called the RODC filtered attribute set. Attributes that are defined in the RODC filtered attribute set are not allowed to replicate to any RODCs in the forest.
Reference: AD DS: Read-Only Domain Controllers