Q1. HOTSPOT - (Topic 10)
You plan to deploy a certification authority (CA) infrastructure that contains the following servers:
. An offline standalone root CA named CA1
. An enterprise subordinate CA named CA2
On all of the computers, you import the root CA certificate from CA1 to the Trusted Root Certification Authorities Certificates store.
You need to ensure that CA2 can issue certificates for the CA hierarchy.
What should you do? To answer, select the appropriate options in the answer area.
Answer:
Q2. - (Topic 9)
You have a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role installed.
You need to recommend changes to the DNS infrastructure to protect the cache from cache poisoning attacks.
What should you configure on Server1?
A. DNS cache locking
B. The global query block list
C. DNS Security Extensions (DNSSEC)
D. DNS devolution
Answer: A
Q3. - (Topic 10)
Your Active Directory currently contains five virtualized domain controllers that run Windows Server 2012 R2.
The system state of each domain controller is backed up daily. The backups are shipped to a remote location weekly.
Your company recently implemented a disaster recovery site that contains several servers. The servers run Windows Server 2012 R2 and have the Hyper-V server role installed. The disaster recovery site has a high-speed WAN link to the main office.
You need to create an Active Directory recovery plan that meets the following requirements:
. Restores the Active Directory if a catastrophe prevents all access to the main office.
. Minimizes data loss.
What should you include in the plan?
A. Hyper-V replicas
B. Live migration
C. Virtual machine checkpoints
D. System state restores
Answer: A
Q4. DRAG DROP - (Topic 9)
Your network contains an Active Directory domain named contoso.com. The domain contains an IP Address Management (IPAM) server.
You plan to delegate the administration of IPAM as shown in the following table.
You need to recommend which IPAM security group must be used for each department. The solution must minimize the number of permissions assigned to each group.
What should you recommend?
To answer, drag the appropriate group to the correct department in the answer area. Each group may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.
Answer:
Q5. - (Topic 9)
A new company registers the domain name of contoso.com. The company has a web presence on the Internet. All Internet resources have names that use a DNS suffix of contoso.com.
A third-party hosts the Internet resources and is responsible for managing the contoso.com DNS zone on the Internet. The zone contains several hundred records.
The company plans to deploy an Active Directory forest.
You need to recommend an Active Directory forest infrastructure to meet the following requirements:
. Ensure that users on the internal network can resolve the names of the company's Internet resources.
. Minimize the amount of administrative effort associated with the addition of new Internet servers.
What should you recommend?
A. A forest that contains a single domain named contoso.local
B. A forest that contains a root domain named contoso.com and another domain named contoso.local
C. A forest that contains a root domain named contoso.com and another domain named ad.contoso.com
D. A forest that contains a single domain named contoso.com
Answer: A
Q6. - (Topic 1)
You are planning the implementation of two new servers that will be configured as RADIUS servers.
You need to recommend which configuration must be performed on the VPN servers. The solution must meet the technical requirements.
What should you do on each VPN server?
A. Add a RADIUS client.
B. Install the Health Registration Authority role service.
C. Enable DirectAccess.
D. Modify the authentication provider.
Answer: D
Explanation:
D:\Documents and Settings\useralbo\Desktop\1.jpg
Q7. DRAG DROP - (Topic 9)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2008 R2. Server1 is a file server.
You deploy a new member server named Server2 that runs Windows Server 2012.
You plan to migrate file shares from Server1 to Server2. File share and NTFS permissions
are assigned only to domain local groups.
You need to identify which actions are required to perform the migration.
Which five actions should you identify?
To answer, move the five appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q8. DRAG DROP - (Topic 9)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 resides in the perimeter network and has the Remote Access server role installed.
Some users have laptop computers that run Windows 7 and are joined to the domain. Some users work from home by using their home computers. The home computers run either Windows XP, Windows Vista/ Windows 7, or Windows 8.
You need to configure the computers for remote access.
Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area
and arrange them in the correct order.
Answer:
Q9. - (Topic 1)
You are planning the migration of research.contoso.com.
You need to identify which tools must be used to perform the migration.
Which tools should you identify?
A. Active Directory Migration Tool version 3.2 (ADMT v3.2) and Group Policy Management Console (GPMC)
B. Active Directory Federation Services (AD FS) and Microsoft Federation Gateway
C. Active Directory Migration Tool version 3.2 (ADMT v3.2) and Active Directory Federation Services (AD FS)
D. Active Directory Lightweight Directory Services (AD LDS) and Group Policy Management Console (GPMC)
Answer: A
Explanation:
D:\Documents and Settings\useralbo\Desktop\1.jpg
D:\Documents and Settings\useralbo\Desktop\1.jpg
Topic 2, Proseware, Inc (A)
Overview
General Overview
Proseware, Inc. is a pharmaceutical services company that has a sales department, a marketing department, an operations department, and a human resources department.
Physical Locations
Proseware has two main offices. One of the offices is located in New York. The other office is located in Chicago. The New York office uses a 172.16.1.0/24 network ID. The Chicago office uses a 192.168.1.0/24 network ID.
The offices connect to each other by using a high-bandwidth, low-latency WAN link. Each office connects directly to the Internet.
Existing Environment
The network contains an Active Directory forest named proseware.com. The forest contains two domains named proseware.com and chicago.proseware.com. All of the user accounts and the computer accounts in the New York office reside in the proseware.com domain. All of the user accounts and the computer accounts in the Chicago office reside in the chicago.proseware.com domain. All DNS zones are Active-Directory-integrated.
Each office is configured as an Active Directory site. The network ID for each office is associated to the appropriate site.
Each office contains two domain controllers. The domain controllers were recently upgraded from Windows Server 2008 R2 to Windows Server 2012 R2. The functional level of the domain and the forest is Windows Server 2003.
The company uses Active Directory user attributes to store the personal information of its employees in custom attributes.
Existing Servers
The relevant servers are configured as shown in the following table.
All servers run Windows Server 2012 R2.
DC01 has an IPv4 scope. The starting IP address in the range is 172.16.1.100 and the ending address is 172.16.1.199.
DC03 has an IP4v scope. The starting IP address in the range is 192.168.1.100 and the ending IP address is 192.168.1.199. There are no exclusion ranges configured on DC01 or DC03.
Requirements
Planned Changes
Proseware plans to implement the following changes: . Deploy a read-only domain controller (RODC) to the London office. . Give users remote access to both offices by using a VPN connection from their
laptop or tablet. . If DC01 fails, ensure that the computers in the New York office can receive IP addresses within 30 minutes.
. In the New York site, deploy two 50-TB, Fibre Channel SAN disk arrays. Offloaded Data Transfer (ODX) will be used on both storage arrays. The Hyper-V hosts will use the new SANs for virtual machine storage.
. Open three additional offices in Montreal, Atlanta, and London. The offices will connect to each other by using a high-bandwidth, low-latency WAN link. Each office will connect directly to the Internet.
. For legal reasons, the Montreal site will have its own forest named
montreal.proseware.com.
. The Montreal and Atlanta offices will have local IT administrators to manage the network infrastructure of their respective office. The London office will not have a local IT staff. Each office will have approximately 50 client computers.
Technical Requirements
Proseware identifies the following technical requirements: . Users in the Montreal office must only be allowed to access shares that are located on File01 and File02. The Montreal users must be prevented from accessing any other servers in the proseware.com forest regardless of the permissions on the resources, . Users in the New York office must be able to reconnect to the remote access VPN servers automatically. Users in the Chicago office must use SSL to connect to the remote access VPN servers. . Domain controllers that run Windows Server 2012 R2 and Windows Server 2008 R2 must be able to be deployed to the proseware.com domain. . Administrators in the New York office must be able to restore objects from the Active Directory Recycle Bin. . The DNS servers must be prevented from overwriting the existing DNS entries that have been stored in cache. . Each DNS server must be managed by an administrator from the same office as the DNS server. . The required time to create new fixed virtual hard disks (VHDs) on the SANs must be minimized. . The remote access servers must be able to restrict outgoing traffic based on IP addresses. . All certificates must be deployed to all of the client computers by using auto-enrollment. . All of the DHCP Server server roles must be installed on a domain controller. . Only one DHCP server in each site must lease IP addresses at any given time. . DHCP traffic must not cross site boundaries. . RODCs must not contain personal user information.
Q10. - (Topic 9)
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.
Solution: You enable force tunneling. Does this meet the goal?
A. Yes
B. No
Answer: A