Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. DRAG DROP - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the following table.
You plan to implement Network Access Protection (NAP) with IPSec enforcement on all client computers.
You need to identify on which servers you must perform the configurations for the NAP deployment.
Which servers should you identify? To answer, drag the appropriate servers to the correct actions. Each server may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Answer:
Q2. - (Topic 4)
You need to recommend a solution for the replication of Active Directory.
What should you recommend modifying?
A. The Active Directory Schema
B. The properties of Site1
C. The RODC1 computer account
D. The properties of Site2
Answer: A
Explanation: The schema is the Active Directory component that defines all the objects and attributes that the directory service uses to store data. The physical structure of the schema consists of the object definitions. The schema itself is stored in the directory. The schema is stored in its own partition (the schema partition) in the directory. The schema is replicated among all the domain controllers in the forest, and any change that is made to the schema is replicated to every domain controller in the forest. Because the schema dictates how information is stored, and because any changes that are made to the schema affect every domain controller, changes to the schema should be made only when necessary — through a tightly controlled process — after testing has been performed to ensure that there will be no adverse effects on the rest of the forest.
Reference: How the Active Directory Schema Works
Q3. - (Topic 3)
You need to recommend changes to the Active Directory environment to support the virtualization requirements.
What should you include in the recommendation?
A. Raise the functional level of the domain and the forest.
B. Upgrade the domain controller that has the domain naming master role to Windows Server 2012.
C. Implement Administrator Role Separation.
D. Upgrade the domain controllers that have the PDC emulator master role to Windows Server 2012.
Answer: D
Explanation: From case study:
* Ensure that the additional domain controllers for the branch offices can be deployed by using domain controller cloning.
Q4. - (Topic 8)
Your network contains an Active Directory domain named contoso.com.
You deploy several servers that have the Remote Desktop Session Host role service installed.
You have two organizational units (OUs). The OUs are configured as shown in the following table.
GPO1 contains the Folder Redirection settings for all of the users.
You need to recommend a solution to prevent the sales users' folders from being redirected when the users log on to a Remote Desktop session.
What should you include in the recommendation?
A. FromGPO2, set the loopback processing mode.
B. From GPO1, set the loopback processing mode.
C. Configure security filtering for GPO1.
D. Apply a WMI filter to GPO2.
Answer: A
Explanation:
Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to.
Reference: Loopback processing of Group Policy
Q5. - (Topic 8)
Your network contains an Active Directory forest named contoso.com.
You plan to deploy 200 new physical servers during the next 12 months by using Windows
Deployment Services (WDS). You identify four server builds for the 200 servers as shown in the following table.
You need to recommend the minimum number of images that must be created for the planned deployment.
How many images should you recommend?
A. 1
B. 2
C. 3
D. 4
Answer: B
Explanation:
One image for the Full Installation of Windows Server 2012, and one image for Server Core installation of Windows Server 2012.
Q6. - (Topic 8)
A company has a line-of-business application named Appl that runs on an internal IIS server. Ap1l uses a SQL Server 2008 database that is hosted on the same server. You move the database to a dedicated SQL Server named SQL1. Users report that they can no longer access the application by using their domain credentials. You need to ensure that users can access Appl.
Solution: You configure App1 and SQL1 to use NTLM authentication. Then you restart the IIS and SQL Server services.
Does this meet the goal?
A. Yes
B. No
Answer: B
Q7. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The functional level of the domain and the forest is Windows Server 2008 R2.
All domain controllers run Windows Server 2008 R2.
You plan to deploy a new line-of-business application named App1 that uses claims-based authentication.
You need to recommend changes to the network to ensure that Active Directory can provide claims for App1.
What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.)
A. From the properties of the computer accounts of the domain controllers, enable Kerberos constrained delegation.
B. From the Default Domain Controllers Policy, enable the Support for Dynamic Access Control and Kerberos armoring setting.
C. Deploy Active Directory Lightweight Directory Services (AD LDS).
D. Raise the domain functional level to Windows Server 2012.
E. Add domain controllers that run Windows Server 2012.
Answer: B,E
Explanation: E: You must perform several steps to enable claims in Server 2012 AD. First, you must upgrade the forest schema to Server 2012. You can do so manually through Adprep, but Microsoft strongly recommends that you add the AD DS role to a new Server 2012 server or upgrade an existing DC to Server 2012.
B: Once AD can support claims, you must enable them through Group Policy:
. From the Start screen on a system with AD admin rights, open Group Policy Management and select the Domain Controllers Organizational Unit (OU) in the domain in which you wish to enable claims.
. Right-click the Default Domain Controllers Policy and select Edit.
. In the Editor window, drill down to Computer Configuration, Policies, Administrative
Templates, System, and KDC (Key Distribution Center). . Open.KDC support for claims, compound authentication, and Kerberos armoring. . Select the Enabled radio button..Supported.will appear under.Claims, compound
authentication for Dynamic Access Control and Kerberos armoring options
Reference: Enable Claims Support in Windows Server 2012 Active Directory
Q8. - (Topic 8)
Your company has three offices. The offices are located in Montreal, Toronto, and Vancouver.
The network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains one domain. The adatum.com forest contains two domains. All of the servers in adatum.com are located in the Toronto office. The servers in contoso.com are located in the Montreal and Vancouver offices. All of the servers in both of the forests run Windows Server 2012 R2.
A two-way, forest trusts exists between the forests.
Each office contains DHCP servers and DNS servers.
You are designing an IP Address Management (IPAM) solution to manage the network.
You need to recommend a solution for the placement of IPAM servers to manage all of the DHCP servers and all of the DNS servers in both of the forests. The solution must minimize the number of IPAM servers deployed.
What should you recommend?
A. One IPAM server in each office
B. One IPAM server in the Montreal office and one IPAM server in the Toronto office
C. One IPAM server in the Toronto office
D. Two IPAM servers in the Toronto office and one IPAM server in the Montreal office
E. Two IPAM servers in the Toronto office, one IPAM server in the Montreal office, and one IPAM server in the Vancouver office
Answer: B
Explanation: * There are three general methods to deploy IPAM servers:
Distributed: An IPAM server deployed at every site in an enterprise.
Centralized: One IPAM server in an enterprise.
Hybrid: A central IPAM server deployed with dedicated IPAM servers at each site.
Reference: IP Address Management (IPAM) Overview
Q9. - (Topic 8)
You manage a server infrastructure for a software development company. There are 30 physical servers distributed across 4 subnets, and one Microsoft Hyper-V cluster that can run up to 100 virtual machines (VMs). You configure the servers to receive the IP address from a DHCP server named SERVER1 that runs Microsoft Windows Server 2012 R2. You assign a 30-day duration to all DHCP leases.
Developers create VMs in the environment to test new software. They may create VMs several times each week.
Developers report that some new VMs cannot acquire IP address. You observe that the DHCP scope is full and delete non-existent devices manually. All physical servers must keep their current DHCP lease configuration.
You need to ensure that the DHCP lease duration for VMs is 8 hours.
What should you configure?
A. 4 server-level Allow filters
B. 1 server-level DHCP policy
C. 1 scope-level DHCP policy
D. 4 scope-level exclusion ranges
Answer: B
Q10. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. Client computers run either Windows 7 or Windows 8.
You plan to implement several Group Policy settings that will apply only to laptop computers.
You need to recommend a Group Policy strategy for the planned deployment.
What should you include in the recommendation?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Loopback processing
B. WMI filtering
C. Security filtering
D. Block inheritance
Answer: B
Explanation:
Group Policy WMI Filter – Laptop or Desktop Hardware A method to detect hardware as laptop only is to look for the presence of a battery based on the BatteryStatus property of the Win32_Battery class. By using the Win32_Battery class, we can search to see if there is a battery present. If the battery status is not equal to zero (BatteryStatus <> 0 ) then you know that it is a laptop.
Reference: Group Policy WMI Filter – Laptop or Desktop Hardware
Q11. - (Topic 8)
Your network contains a Hyper-V host named Host1 that runs Windows Server 2012. Host1 contains a virtual machine named DC1. DC1 is a domain controller that runs Windows Server 2012.
You plan to clone DC1.
You need to recommend which steps are required to prepare DC1 to be cloned.
What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.)
A. Run dcpromo.exe /adv.
B. Create a file named Dccloneconfig.xml.
C. Add DC1 to the Cloneable Domain Controllers group.
D. Run sysprep.exe /oobe.
E. Run New-VirtualDiskClone.
Answer: B,C
Explanation:
B: DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more. This file can be generated in a few different ways.
C: There's a new group in town. It's called Cloneable Domain Controllers and you can find it in the Users container. Membership in this group dictates whether a DC can or cannot be cloned. This group has some permissions set on the domain head that should not be removed. Removing these permissions will cause cloning to fail. Also, as a best practice, DCs shouldn't be added to the group until you plan to clone and DCs should be removed from the group once cloning is complete. Cloned DCs will also end up in the Cloneable Domain Controllers group. Make sure to remove those as well.
Q12. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains four computers that are configured as shown in the following table.
You plan to use domain controller cloning.
You need to identify on which computers you can clone domain controllers that run Windows Server 2012.
Which computers should you identify? (Each correct answer presents part of the solution.
Choose all that apply.)
A. Server1
B. Server2
C. Server3
D. Client1
Answer: A,D
Explanation:
DC cloning can be done from either Hyper-V on Server 2012 and Hyper-V on Windows 8.
Q13. - (Topic 2)
You need to recommend a solution for the remote access servers. What should you include in the recommendation?
A. Network address translation (NAT)
B. Logging levels
C. Packet filtering
D. Packet tracing
Answer: A
Explanation: * Scenario: The remote access servers must be able to restrict outgoing traffic based on IP addresses.
* Network address translation (NAT) allows you to share a connection to the public Internet through a single interface with a single public IP address. The computers on the private network use private, non-routable addresses. NAT maps the private addresses to the public address.
Q14. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The physical
topology of the network is configured as shown in the exhibit.
Each office contains 500 employees.
You plan to deploy several domain controllers to each office.
You need to recommend a site topology for the planned deployment.
What should you include in the recommendation?
More than one answer choice may achieve the goal. Select the BEST answer.
Exhibit
A. Five sites and one site link
B. Three sites and three site links
C. One site
D. Five sites and three site links
Answer: D
Explanation:
Create a site for each LAN, or set of LANs, that are connected by a high speed backbone, and assign the site a name. Connectivity within the site must be reliable and always available. This would mean 5 sites Site links are transitive, so if site A is connected to site B, and site B is connected to site C, then the KCC assumes that domain controllers in site A can communicate with domain controllers in site C. You only need to create a site link between site A and site C if there is in fact a distinct network connection between those two sites. This would mean 3 sitelinks So answer is "Five sites and three site links"
Reference: Defining Sites and Site Links http://technet.microsoft.com/en-us/library/cc960573.aspx
Q15. - (Topic 8)
You have a System Center 2012 R2 Virtual Machine Manager (VMM) infrastructure that manages five Hyper-V hosts. The Hyper-V hosts are not clustered.
You have a virtual machine template that deploys a base image of Windows Server 2012 R2. No role services or features are enabled in the base image.
You need to deploy a virtual machine named VM1 that is based on the virtual machine template.
VM1 will be deployed as part of a service. VM1 must have the Web Server (IIS) server role installed. The solution must not require modifications to the virtual machine template or the base image.
What are two possible profile types that achieve the goal? Each correct answer presents a complete solution.
A. Capability
B. Application
C. Guest OS
D. Hardware
E. Physical Computer
Answer: A,C
Explanation: A: In Capability, you must select a capability profile that is supported by the private cloud. C:guest OS profile
* define Windows Operating System specialization values for the virtual machine.
*On the Configure Operating System page, configure the guest operating system settings. If you have an existing guest operating system profile that you want to use, in the Guest OS profile list, click the guest operating system profile that you want to use. After you configure the guest operating system settings, click Next.