Q1. - (Topic 8)
You need to ensure that the developers can manage their own virtual machines.
Solution: You perform the following actions:
. In Virtual Machine Manager, you create a new user role named DevUsers that uses the Application Administrator profile. . You create and publish a request offering that allows the DevUsers role to create
checkpoints.
. You grant Checkpoint permissions to the DevUsers role.
. You distribute the Self-Service portal to the developers.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation: Virtual Machine Manager Self-Service Portal The VMM Self-Service Portal is an optional, Web-based component that a VMM administrator can install and configure to allow users to create and manage their own virtual machines within a controlled environment on a limited group of virtual machine hosts. The VMM administrator creates self-service user roles which determine the scope of the users' actions on their own virtual machines. To create, operate, and manage virtual machines, self-service users use the Virtual Machine Manager Self-Service Portal. The administrator determines which host groups self-service users can create virtual machines on. When a self-service user creates a virtual machine, the virtual machine is automatically placed on the most suitable host in the host group based on host ratings.
Reference: Overview of Virtual Machine Manager
https://technet.microsoft.com/en-us/library/cc764267.aspx
Q2. - (Topic 7)
Your network contains an Active Directory domain named contoso.com.
Your company has an enterprise root certification authority (CA) named CA1.
You plan to deploy Active Directory Federation Services (AD FS) to a server named
Server1.
The company purchases a Microsoft Office 365 subscription.
You plan to register the company's SMTP domain for Office 365 and to configure single sign-on for all users.
You need to identify which certificate is required for the planned deployment.
Which certificate should you identify?
A. a server authentication certificate that is issued by a trusted third-party root CA and that contains the subject name serverl.contoso.com
B. a self-signed server authentication certificate for server1.contoso.com
C. a server authentication certificate that is issued by a trusted third-party root CA and that contains the subject name Server1
D. a server authentication certificate that is issued by CA1 and that contains the subject name Server1
Answer: A
Explanation: Prepare Your Server and Install ADFS You can install ADFS on a domain controller or another server. You’ll first need to configure a few prerequisites. The following steps assume you’re installing to Windows Server 2008 R2.
Using Server Manager, install the IIS role and the Microsoft .NET Framework. Then purchase and install a server-authentication certificate from a public certificate authority. Make sure you match the certificate’s subject name with the Fully Qualified Domain Name of the server. Launch IIS Manager and import that certificate to the default Web site.
Reference: Geek of All Trades: Office 365 SSO: A Simplified Installation Guide
https://technet.microsoft.com/en-us/magazine/jj631606.aspx
Q3. DRAG DROP - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. The domain contains a server named Server1.
Server1 is a certification authority (CA). All servers run Windows Server 2012 R2.
You plan to deploy BitLocker Drive Encryption (BitLocker) to all client computers. The unique identifier for your organization is set to Contoso.
You need to ensure that you can recover the BitLocker encrypted data by using a BitLocker data recovery agent. You must be able to perform the recovery from any administrative computer.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q4. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains multiple servers that run Windows Server 2012. All client computers run Windows 7.
The network contains two data centers.
You plan to deploy one file server to each data center.
You need to recommend a solution to provide redundancy for shared folders if a single data center fails.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
A. A Distributed File System (DFS) namespace and DFS Replication
B. Cluster Shared Volumes (CSVs)
C. The clustered File Server role of the File Server for general use type
D. The clustered File Server role of the File Server scale-out application data type
Answer: A
Q5. - (Topic 8)
You have a Windows Server 2012 R2 failover cluster that contains four nodes. Each node has four network adapters. The network adapters on each node are configured as shown in the following table.
NIC4 supports Remote Direct Memory Access (RDMA) and Receive Side Scaling (RSS). The cluster networks are configured as shown in the following table.
You need to ensure that ClusterNetwork4 is used for Cluster Shared Volume (CSV) redirected traffic.
What should you do?
A. Set the metric of ClusterNetwork4 to 90,000 and disable SMB Multichannel.
B. On each server, replace NIC4 with a 1-Gbps network adapter.
C. Set the metric of ClusterNetwork4 to 30,000 and disable SMB Multichannel.
D. On each server, enable RDMA on NIC4.
Answer: C
Q6. HOTSPOT - (Topic 8)
You need to create a script to deploy DFS replication.
Which Windows PowerShell commands should you add to the script? To answer, select the appropriate Windows PowerShell commands in each list in the answer area.
Answer:
Q7. - (Topic 8)
Your network contains an Active Directory domain named contoso.com.
You deploy Active Directory Certificate Services (AD CS).
Your company, which is named Contoso, Ltd., has a partner company named Fabrikam, Inc. Fabrikam also deploys AD CS.
Contoso and Fabrikam plan to exchange signed and encrypted email messages.
You need to ensure that the client computers in both Contoso and Fabrikam trust each other's email certificates. The solution must prevent other certificates from being trusted and minimize administrative effort.
What should you do?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Implement an online responder in each company.
B. Exchange the root certification authority (CA) certificates of both companies, and then deploy the certificates to the Enterprise Trust store by using Group Policy objects (GPOs).
C. Implement cross-certification in each company.
D. Exchange the root certification authority (CA) certificates of both companies, and then deploy the certificates to the Trusted Root Certification Authorities store by using Group Policy objects (GPOs).
Answer: C
Q8. - (Topic 7)
Your network contains an Active Directory domain named contoso.com.
You currently have an intranet web site that is hosted by two Web servers named Web1 and Web2. Web1 and Web2 run Windows Server 2012.
Users use the name intranet.contoso.com to request the web site and use DNS round robin.
You plan to implement the Network Load Balancing (NLB) feature on Web1 and Web2.
You need to recommend changes to the DNS records for the planned implementation.
What should you recommend?
A. Delete one of the host (A) records named Intranet. Modify the remaining host (A) record named Intranet.
B. Delete both host (A) records named Intranet. Create a pointer (PTR) record for each Web server.
C. Create a new host (A) record named Intranet. Remove both host (A) records for Web1 and Web2.
D. Create a service locator (SRV) record. Map the SRV record to Intranet.
Answer: C
Explanation: You must manually register the NLB cluster name in DNS by using a host (A) or (AAAA) record because DNS does not automatically register static IP addresses.
Reference: How to Configure Network Load Balancing for Configuration Manager Site Systems
https://technet.microsoft.com/en-us/library/bb633031.aspx
Q9. DRAG DROP - (Topic 2)
You need to recommend a monitoring solution for Proseware.
Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q10. - (Topic 8)
You plan to allow users to run internal applications from outside the company’s network. You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS) role installed. You must secure on-premises resources by using multi-factor authentication (MFA). You need to design a solution to enforce different access levels for users with personal Windows 8.1 or iOS 8 devices.
Solution: You install a local instance of the MFA Server. You connect the instance to the Microsoft Azure MFA provider and then you use Microsoft Intune to manage personal devices.
Does this meet the goal?
A. Yes
B. No
Answer: A