Q1. - (Topic 8)
Your network contains an Active Directory forest named contoso.com.
You plan to add a new domain named child.contoso.com to the forest.
On the DNS servers in child.contoso.com, you plan to create conditional forwarders that
point to the DNS servers in contoso.com.
You need to ensure that the DNS servers in contoso.com can resolve names for the
servers in child.contoso.com.
What should you create on the DNS servers in contoso.com?
A. A zone delegation
B. A conditional forwarder
C. A root hint
D. A trust point
Answer: A
Explanation: Understanding Zone Delegation
Domain Name System (DNS) provides the option of dividing up the namespace into one or
more zones, which can then be stored, distributed, and replicated to other DNS servers.
When you are deciding whether to divide your DNS namespace to make additional zones,
consider the following reasons to use additional zones:
You want to delegate management of part of your DNS namespace to another location or
department in your organization.
You want to divide one large zone into smaller zones to distribute traffic loads among
multiple servers, improve DNS name resolution performance, or create a more-fault-tolerant DNS environment.
You want to extend the namespace by adding numerous subdomains at once, for example,
to accommodate the opening of a new branch or site.
Reference: Understanding Zone Delegation
Q2. HOTSPOT - (Topic 8)
Your network contains an Active Directory forest named northwindtraders.com.
The client computers in the finance department run either Windows 8.1, Windows 8, or Windows 7. All of the client computers in the marketing department run Windows 8.1.
You need to design a Network Access Protection (NAP) solution for northwindtraders.com that meets the following requirements:
. The client computers in the finance department that run Windows 7 must have a firewall enabled and the antivirus software must be up-to-date.
. The finance computers that run Windows 8.1 or Windows 8 must have automatic updating enabled and the antivirus software must be up-to-date.
. The client computers in the marketing department must have automatic updating enabled and the antivirus software must be up-to-date.
. If a computer fails to meet its requirements, the computers must be provided access to a limited set of resources on the network.
. If a computer meets its requirements, the computer must have full access to the network.
What is the minimum number of objects that you should create to meet the requirements? To answer, select the appropriate number for each object type in the answer area.
Answer:
Q3. HOTSPOT - (Topic 8)
Your network contains an Active Directory forest name fabrikam.com. The forest contains two domains named fabrikam.com and contoso.com. All servers run Windows Server 2012 R2.
The forest contains a DHCP server named Server1 and a DNS server named Server2.
You need to recommend a solution to ensure that any computers that are neither members of contoso.com nor fabrikam.com receive a DNS suffix of guest.fabrikam.com.
What two commands should you run? To answer, select the appropriate options in the answer area.
Answer:
Q4. - (Topic 8)
Your network contains an Active Directory domain. All servers run Windows Server 2012 R2.
The domain contains the servers shown in the following table.
You need to recommend which servers will benefit most from implementing data
deduplication.
Which servers should you recommend?
A. Server1 and Server2
B. Server1 and Server3
C. Server1 and Server4
D. Server2 and Server3
E. Server2 and Server4
F. Server3 and Server4
Answer: D
Explanation: * Server 2: Data deduplication involves finding and removing duplication within data without compromising its fidelity or integrity. The goal is to store more data in less space by segmenting files into small variable-sized chunks (32–128 KB), identifying duplicate chunks, and maintaining a single copy of each chunk. Redundant copies of the chunk are replaced by a reference to the single copy. The chunks are compressed and then organized into special container files in the System Volume Information folder
* Server 3: In Windows Server 2012 R2, Data Deduplication can be installed on a scale-out file server and used to optimize live VHDs for VDI workloads.
Reference: What's New in Data Deduplication in Windows Server
Q5. - (Topic 8)
You have a server named Server1 that runs Windows Server 2012.
You have a 3-TB database that will be moved to Server1.
Server1 has the following physical disks:
. Three 2-TB SATA disks that are attached to a single IDE controller . One 1-TB SATA disk that is attached to a single IDE controller
You need to recommend a solution to ensure that the database can be moved to Server1. The solution must ensure that the database is available if a single disk fails.
What should you include in the recommendation?
A. Add each disk to a separate storage pool. Create a mirrored virtual disk.
B. Add two disks to a storage pool. Add the other disk to another storage pool. Create a mirrored virtual disk.
C. Add all of the disks to a single storage pool, and then create two simple virtual disks.
D. Add all of the disks to a single storage pool, and then create a parity virtual disk.
Answer: D
Explanation:
Parity A parity virtual disk is similar to a hardware Redundant Array of Inexpensive Disks (RAID5). Data, along with parity information, is striped across multiple physical disks. Parity enables Storage Spaces to continue to service read and write requests even when a drive has failed. A minimum of three physical disks is required for a parity virtual disk. Note that a parity disk cannot be used in a failover cluster.
Q6. - (Topic 8)
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012.
The forest contains an Active Directory domain. The domain contains a global security group named GPO_Admins that is responsible for managing Group Policies in the forest.
A second forest named fabrikam.com contains three domains. The forest functional level is Windows Server 2003.
You need to design a trust infrastructure to ensure that the GPO_Admins group can create, edit, and link Group Policies in every domain of the fabrikam.com forest.
What should you include in the design?
More than one answer choice may achieve the goal. Select the BEST answer.
A. A two-way forest trust
B. A one-way forest trust
C. Three external trusts
D. Three shortcut trusts
Answer: B
Q7. - (Topic 1)
You are planning the migration of research.contoso.com.
You need to identify which tools must be used to perform the migration.
Which tools should you identify?
A. Active Directory Migration Tool version 3.2 (ADMT v3.2) and Group Policy Management Console (GPMC)
B. Active Directory Federation Services (AD FS) and Microsoft Federation Gateway
C. Active Directory Migration Tool version 3.2 (ADMT v3.2) and Active Directory Federation Services (AD FS)
D. Active Directory Lightweight Directory Services (AD LDS) and Group Policy Management Console (GPMC)
Answer: A
Explanation:
* Scenario:
All of the users and the Group Policy objects (GPOs) in research.contoso.com will be
migrated to contoso.com.
two domain controllers for the research.contoso.com domain. The domain controllers run
Windows Server 2008 R2.
Q8. - (Topic 1)
You need to recommend a fault-tolerant solution for the VPN. The solution must meet the technical requirements.
What should you include in the recommendation?
A. Network adapter teaming
B. Network Load Balancing (NLB)
C. Failover Clustering
D. DirectAccess
Answer: B
Explanation:
* Scenario: Core networking services in each office must be redundant if a server fails.
* The Network Load Balancing (NLB) feature distributes traffic across several servers by using the TCP/IP networking protocol. By combining two or more computers that are running applications into a single virtual cluster, NLB provides reliability and performance for web servers and other mission-critical servers.
Reference: Network Load Balancing Overview
http://technet.microsoft.com/en-us/library/hh831698.aspx
Q9. HOTSPOT - (Topic 8)
Your network contains an Active Directory forest named contoso.com. The forest contains one domain. All domain controllers run Windows Server 2012. The functional level of the forest and the domain is Windows Server 2012.
The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
In the forest, you plan to add a new domain controller that runs Windows Server 2012 R2.
You need to prepare the environment before you add the new domain controller.
Which domain controllers must be available to run each command? To answer, select the
appropriate domain controllers in the answer area.
Answer:
Q10. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate
network from the Internet, all of the traffic destined for the Internet must be routed through
the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets
the security policy requirement.
Solution: You enable split tunneling.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation: DirectAccess by default enables split tunneling. All traffic destined to the corpnet is sent over the DA IPsec tunnels, and all traffic destined for the Internet is sent directly to the Internet over the local interface. This prevents DA clients from bringing the corporate Internet connection to its knees.
is DA split tunneling really a problem? The answer is no.
Why? Because the risks that exist with VPNs, where the machine can act as a router between the Internet and the corporate network is not valid with DirectAccess. IPsec rules on the UAG server require that traffic be from an authenticated source, and all traffic between the DA client and server is protected with IPsec.
Thus, in the scenario where the DA client might be configured as a router, the source of the traffic isn’t going to be the DA client, and authentication will fail – hence preventing the type of routing that VPN admins are concerned about.
Reference: Why Split Tunneling is Not a Security Issue with DirectAccess