Q1. - (Topic 8)
Your company has a main office.
The network contains an Active Directory domain named contoso.com. The main office contains a server named Server1 that runs Windows Server 2012. Server1 has the Remote Access server role installed and is configured to accept incoming SSTP-based VPN connections.
All client computers run Windows 7.
The company plans to open a temporary office that will contain a server named Server2 that runs
Windows Server 2012 and has the DHCP Server server role installed. The office will also have 50 client computers and an Internet connection.
You need to recommend a solution to provide the users in the temporary office with access to the resources in the main office.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Use the Connection Manager Administration Kit (CMAK) to create a connection package that specifies Server1 as the target for SSTP-based VPN connections. Manually distribute the CMAK package to each client computer in the temporary office.
B. Install the Remote Access server role on Server2. From Routing and Remote Access on Server2, add a SSTP-based VPN port. From DHCP on Server2, configure the default gateway server option.
C. Uses the Connection Manager Administration Kit (CMAK) to create a connection package that specifies Server1 as the target for SSTP-based VPN connections. Use a Group Policy object (GPO) to distribute the CMAK package to each client computer in the temporary office.
D. Install the Remote Access server role on Server2. From Routing and Remote Access on Server2, configure a demand-dial interface. From DHCP on Server2, configure the default gateway server option.
Answer: B
Explanation:
* configure RRAS server role as a VPN server on a Windows server 2008 R2 machine. To do that, you need to first install the RRAS server role.
* in case of IPv4 the remote access client’s VPN configuration is the ONLY configuration that governs whether it has default IPv4 gateway towards VPN server or not
Reference: Remote Access Deployment – Part 2: Configuring RRAS as a VPN server
Q2. - (Topic 2)
You need to recommend a deployment method for Proseware.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
A. A WDS Deployment server and Multicast transmissions
B. A WDS Deployment server and Unicast transmissions
C. A WDS Transport server and Multicast transmissions
D. A WDS Transport server and Unicast transmissions
Answer: A
Explanation: Consider implementing multicasting if your organization:
Has network routers that support multicasting.
Is a large company that requires many concurrent client installations.
Wants to use network bandwidth efficiently. This is because with this feature, images are
sent over the network only once, and you can specify limitations (for example, to only use
10 percent of your bandwidth).
Has enough disk space on client computers for the image to be downloaded.
Q3. DRAG DROP - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 resides in the perimeter network and has the Remote Access server role installed.
Some users have laptop computers that run Windows 7 and are joined to the domain. Some users work from home by using their home computers. The home computers run either Windows XP, Windows Vista/ Windows 7, or Windows 8.
You need to configure the computers for remote access.
Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q4. - (Topic 8)
Your network contains an Active Directory domain.
You plan to implement a remote access solution that will contain three servers that run Windows Server 2012. The servers will be configured as shown in the following table.
Server1 will support up to 200 concurrent VPN connections.
You need to ensure that all VPN connection requests are authenticated and authorized by either Server2 or Server3. The solution must ensure that the VPN connections can be authenticated if either Server2 or Server3 fails.
What should you do?
A. On Server1, configure a RADIUS proxy. On Server2 and Server3, add a RADIUS client.
B. On Server2 and Server3, add a RADIUS client. On Server1, modify the Authentication settings.
C. On Server1, configure a RADIUS proxy. Add Server2 and Server3 to a failover cluster.
D. Add Server2 and Server3 to a Network Load Balancing (NLB) cluster. On Server1, modify the Authentication settings.
Answer: B
Explanation:
* A network access server (NAS) is a device that provides some level of access to a larger network. A NAS using a RADIUS infrastructure is also a RADIUS client, sending connection requests and accounting messages to a RADIUS server for authentication, authorization, and accounting.
* Client computers, such as wireless portable computers and other computers running client operating systems, are not RADIUS clients. RADIUS clients are network access
servers—such as wireless access points, 802.1X-capable switches, virtual private network (VPN) servers, and dial-up servers—because they use the RADIUS protocol to communicate with RADIUS servers such as Network Policy Server (NPS) servers.
Reference: RADIUS Client
http://technet.microsoft.com/en-us/library/cc754033.aspx
Q5. - (Topic 8)
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
The domain contains two global groups. The groups are configured as shown in the following table.
You need to ensure that the RODC is configured to meet the following requirements:
. Cache passwords for all of the members of Branch1Users.
. Prevent the caching of passwords for the members of Helpdesk.
What should you do?
A. Modify the password replication policy of RODC1.
B. Modify the delegation settings of RODC1.
C. Modify the membership of the Allowed RODC Password Replication group.
D. Modify the membership of the Denied RODC Password Replication group.
E. Modify the delegation settings of DC1 and DC2.
F. Install the BranchCache feature on RODC1.
G. Create a Password Settings object (PSO) for the Helpdesk group.
H. Create a Password Settings object (PSO) for the Branch1Users group.
Answer: A
Explanation: The Password Replication Policy acts as an access control list (ACL). It determines if an RODC should be permitted to cache a password. After the RODC receives an authenticated user or computer logon request, it refers to the Password Replication Policy to determine if the password for the account should be cached.
Reference: Password Replication Policy
Q6. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8.
The corporate security policy states that all of the client computers must have the latest security updates installed.
You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.
Solution: You implement the IPsec enforcement method.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation: Note: NAP enforcement for IPsec-protected traffic works by providing X.509 certificates, called health certificates, to client computers that meet network health requirements. Health certificates are used to authenticate NAP client computers when they initiate IPsec-protected communications with other computers. Computers that are noncompliant with health requirements do not have health certificates. If a computer that does not have a health certificate initiates communication with a computer that has a health certificate, the connection is not allowed. In this way, NAP with IPsec enforcement restricts noncompliant computers from accessing IPsec-protected resources on the network.
Because IPsec controls host access on a per-connection basis, IPsec enforcement provides the strongest form of NAP enforcement.
Q7. - (Topic 6)
You need To configure the Group Policy for salespeople.
Solution: You move all shared desktops to a separate organizational unit (OU). You create one Group Policy object (GPO) that has an AppLocker policy rule and enable loopback policy processing within the GPO. You link the GPO to the new OU.
Does this meet the goal?
A. Yes
B. No
Answer: B
Q8. - (Topic 3)
You need to recommend a migration strategy for the DHCP servers. The strategy must meet the technical requirements.
Which Windows PowerShell cmdlet should you recommend running on the physical DHCP servers?
A. Import-SmigServerSetting
B. Export-SmigServerSetting
C. Receive-SmigServerData
D. Send-SmigServerData
Answer: B
Explanation: * Scenario: / Main office: One physical DHCP server that runs Windows Server 2008 R2 / each branch office: One physical DHCP server that runs Windows Server 2008 R2 / The IPAM server in the main office gathers data from the DNS servers and the DHCP servers in all of the offices.
* Example:
Command Prompt: C:\PS>
Export-SmigServerSetting -Feature "DHCP" -User All -Group -Path "c:\temp\store" -Verbose
This sample command exports the Dynamic Host Configuration Protocol (DHCP) Server and all other Windows features that are required by DHCP Server.
Q9. - (Topic 8)
Your network contains an Active Directory domain named contoso.com.
All client computers run either Windows 7 or Windows 8.
Some users work from customer locations, hotels, and remote sites. The remote sites often
have firewalls that limit connectivity to the Internet.
You need to recommend a VPN solution for the users.
Which protocol should you include in the recommendation?
A. PPTP
B. SSTP
C. IKEv2
D. L2TP/IPSec
Answer: B
Explanation: Secure Socket Tunneling Protocol (SSTP) is a form of VPN tunnel that provides a mechanism to transport PPP or L2TP traffic through an SSL 3.0 channel. SSL provides transport-level security with key-negotiation, encryption and traffic integrity checking. The use of SSL over TCP port 443 allows SSTP to pass through virtually all firewalls and proxy servers except for authenticated web proxies.
Q10. - (Topic 1)
You need to recommend which changes must be implemented to the network before you can deploy the new web application.
What should you include in the recommendation?
A. Change the forest functional level to Windows Server 2008 R2.
B. Upgrade the DNS servers to Windows Server 2012.
C. Change the functional level of both the domains to Windows Server 2008 R2.
D. Upgrade the domain controllers to Windows Server 2012.
Answer: D
Explanation:
Scenario:
The domain controllers run Windows Server 2008 R2.
The company is migrating to Windows Server 2012.