Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 8)
A company has offices in multiple geographic locations. The sites have high-latency, low-bandwidth connections. You need to implement a multisite Windows Deployment Services (WDS) topology for deploying standard client device images to all sites.
Solution: At each site, you install a WDS Server. You apply the same configuration settings to each WDS Server. You configure Distributed File Server Replication (DFSR) to synchronize install images.
Does this meet the goal?
A. Yes
B. No
Answer: A
Q2. - (Topic 5)
You need to perform the directory synchronization with Office 365.
What should you do first?
A. Set the domain functional level to Windows Server 2012.
B. Upgrade the Office 365 licenses to Enterprise E4.
C. Set the forest functional level to Windows Server 2012.
D. Create a site-to-site VPN.
E. Install the DirSync utility in the on-premises environment.
Answer: E
Q3. - (Topic 8)
Your network contains an Active Directory forest named contoso.com. The forest is
managed by using Microsoft System Center 2012.
Web developers must be able to use a self-service portal to request the deployment of
virtual machines based on predefined templates. The requests must be approved by an
administrator before the virtual machines are deployed.
You need to recommend a solution to deploy the virtual machines.
What should you include in the recommendation?
More than one answer choice may achieve the goal. Select the BEST answer.
A. A Virtual Machine Manager (VMM) service template, an Operations Manager dashboard, and an Orchestrator runbook
B. A Service Manager service offering, an Orchestrator runbook, and an Operations Manager dashboard
C. A Virtual Machine Manager (VMM) service template, a Service Manager service offering, and an Orchestrator runbook
D. A Service Manager service offering, an Orchestrator runbook, and Configuration Managerpackages
Answer: C
Explanation: As a practical example, a user could initiate an Orchestrator runbook by requesting a service in a self-service portal. The runbook would then await approval by IT. Once approved, it would then automatically provision the necessary virtual machines through System Center Virtual Machine Manager, deploy the required software via Configuration Manager, arrange backup through System Center Data Protection Manager and integrate monitoring with a third-party system.
Reference: Microsoft System Center Orchestrator 2012: Lead the System Center Band
Q4. - (Topic 1)
You need to recommend a solution for DHCP logging. The solution must meet the technical requirement.
What should you include in the recommendation?
A. Event subscriptions
B. IP Address Management (IPAM)
C. DHCP audit logging
D. DHCP filtering
Answer: B
Explanation: * Scenario: A central log of the IP address leases and the users associated to those leases must be created.
* Feature description IPAM in Windows Server 2012 is a new built-in framework for discovering, monitoring, auditing, and managing the IP address space used on a corporate network. IPAM provides for administration and monitoring of servers running Dynamic Host Configuration Protocol (DHCP) and Domain Name Service (DNS). IPAM includes components for:
. Automatic IP address infrastructure discover)': IPAM discovers domain controllers, DHCP servers, and DNS servers in the domains you choose. You can enable or disable management of these servers by IPAM.
. Custom IP address space display, reporting, and management: The display of IP addresses is highly customizable and detailed tracking and utilization data is available. IPv4 and IPv6 address space is organized into IP address blocks, IP address ranges, and individual IP addresses. IP addresses are assigned built-in or user-defined fields that can be used to further organize IP address space into hierarchical, logical groups.
. Audit of server configuration changes and tracking of IP address usage: Operational events are displayed for the IPAM server and managed DHCP servers. IPAM also enables IP address tracking using DHCP lease events and user logon events collected from Network Policy Server (NPS), domain controllers, and DHCP servers. Tracking is available by IP address, client ID, host name, or user name.
. Monitoring and management of DHCP and DNS services: IPAM enables automated service availability monitoring for Microsoft DHCP and DNS servers across the forest. DNS zone health is displayed, and detailed DHCP server and scope management is available using the IPAM console.
Reference: IP Address Management (IPAM) Overview
Q5. - (Topic 7)
You need to implement the Microsoft Azure migration plan. What should you do?
A. On Microsoft Azure, install and configure System Center 2012 R2 Virtual Machine Manager.
B. On an on-premises server, install and configure System Center 2012 R2 Service Manager.
C. On an on-premises server, install and configure System Center 2012 R2 App Controller.
D. On an on-premises server, install and configure Windows Deployment Services.
E. On Microsoft Azure, install and configure System Center 2012 R2 Orchestrator.
Answer: C
Explanation:
* Scenario: Azure migration The company plans to migrate existing services, including System Center management servers, to Azure. To reduce costs, the migration must use the minimum number of Azure VM instances to migrate the services.
Reference: Understanding App Controller 2012
Q6. - (Topic 8)
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Network Policy Server server role installed.
You configure Server1 as part of a Network Access Protection (NAP) solution that uses the
802.lx enforcement method,
You add a new switch to the network and you configure the switch to use 802.lx authentication.
You need to ensure that only compliant client computers can access network resources through the new switch.
What should you do on Server1?
A. Add the IP address of each new switch to a remediation server group.
B. Add the IP address of each new switch to the list of RADIUS clients.
C. Add the IP address of each new switch to a connection request policy as an Access Client IPv4 Address.
D. Add the IP address of each new switch to a remote RADIUS server group.
Answer: B
Explanation: 802.1X and RADIUS-compliant APs (Acess Points), when they are deployed in a RADIUS infrastructure with a RADIUS server such as an NPS server, are called RADIUS clients.
Q7. HOTSPOT - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains four servers. The servers are configured as shown in the following table.
You plan to provide users with the ability to use Workplace Join for their personal device when they connect to the internal network.
You need to recommend a certificate configuration for the planned deployment.
What should you include in the recommendation? To answer, select the appropriate names in the answer area.
Answer:
Q8. - (Topic 8)
Your network contains an internal network and a perimeter network. The internal network contains an Active Directory forest named contoso.com. The forest contains a Microsoft Exchange Server 2010 organization. All of the domain controllers in contoso.com run Windows Server 2012.
The perimeter network contains an Active Directory forest named litware.com.
You deploy Microsoft Forefront Unified Access Gateway (UAG) to litware.com. All of the domain controllers in litware.com run Windows Server 2012.
Some users connect from outside the network to use Outlook Web App.
You need to ensure that external users can authenticate by using client certificates.
What should you do?
More than one answer choice may achieve the goal. Select the BEST answer.
A. To the perimeter network, add an Exchange server that has the Client Access server role installed.
B. Deploy UAG to contoso.com.
C. Enable Kerberos delegation in litware.com.
D. Enable Kerberos constrained delegation in litware.com.
Answer: D
Explanation: Forefront TMG provides support for Kerberos constrained delegation (often abbreviated as KCD) to enable published Web servers to authenticate users by Kerberos afterForefront TMG verifies their identity by using a non-Kerberos authentication method. When used in this way, Kerberos constrained delegation eliminates the need for requiring users to provide credentials twice.
Reference: About Kerberos constrained delegation
Q9. - (Topic 8)
Your network contains an Active Directory forest named contoso.com. The forest contains one domain.
Your company plans to open a new division named Division1. A group named Division1Admins will administer users and groups for Division1.
You identify the following requirements for Division1:
All Division1 users must have a complex password that is 14 characters.
Division1Admins must be able to manage the user accounts for Division1.
Division1Admins must be able to create groups, and then delete the groups that
they create.
Division1Admins must be able to reset user passwords and force a password
change at the next logon for all Division1 users.
You need to recommend changes to the forest to support the Division1 requirements.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
A. In the forest create a new organizational unit (OU) named Division1 and delegate permissions for the OU to the Division1Admins group. Move all of the Division1 user accounts to the new OU. Create a fine-grained password policy for the Division1 users.
B. Create a new child domain named divisionl.contoso.com. Move all of the Division1 user accounts to the new domain. Add the Division1Admin members to the Domain Admins group. Configure the password policy in a Group Policy object (GPO).
C. Create a new forest. Migrate all of the Division1 user objects to the new forest and add the Division1Admins members to the Enterprise Admins group. Configure the password policy in a Group Policy object (GPO).
D. In the forest create a new organizational unit (OU) named Division1 and add Division1Admins to the Managed By attribute of the new OU. Move the Division1 user objects to the new OU. Create a fine-grained password policy for the Division1 users.
Answer: A
Q10. HOTSPOT - (Topic 4)
You need to recommend a solution for communicating to Windows Azure services.
What should you recommend? To answer, select the appropriate options in the answer area.
Answer:
Q11. - (Topic 8)
Your company has two divisions named Division1 and Division2.
The network contains an Active Directory domain named contoso.com. The domain contains two child domains named divisionl.contoso.com and division2.contoso.com.
The company sells Division1 to another company.
You need to prevent administrators in contoso.com and division2.contoso.com from gaining administrative access to the resources in divisionl.contoso.com.
What should you recommend?
A. Create a new tree in the forest named contoso.secure. Migrate the resources and the accounts in divisionl.contoso.com to contoso.secure.
B. On the domain controller accounts in divisionl.contoso.com, deny the Enterprise Admins group the Allowed to Authenticate permission.
C. Create a new forest and migrate the resources and the accounts in divisionl.contoso.com to the new forest.
D. In divisionl.contoso.com, remove the Enterprise Admins group from the Domain Admins group and remove the Enterprise Admins group from the access control list (ACL) on the divisionl.contoso.com domain object.
Answer: C
Q12. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites. You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.
What should you include in the recommendation?
A. Set the ISATAP State to state enabled.
B. Enable split tunneling.
C. Set the ISATAP State to state disabled.
D. Enable force tunneling.
Answer: D
Explanation:
You can configure DirectAccess clients to send all of their traffic through the tunnels to the DirectAccess server with force tunneling. When force tunneling is configured, DirectAccess clients that detect that they are on the Internet modify their IPv4 default route so that default route IPv4 traffic is not sent. With the exception of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that goes through tunnels to the DirectAccess server.
Q13. DRAG DROP - (Topic 2)
You need to recommend changes for the Active Directory infrastructure.
What should you recommend? To answer, drag the appropriate domain and forest functional levels for proseware.com to the correct locations. Each functional level may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q14. - (Topic 8)
You have a virtual machine (VM) named VM-APP1 that hosts critical application named APP1. The VM has the following VHDX virtual disks:
Both VHDX virtual disks are located on LUN1 of a Storage Area Network.
Every time you perform Storage Live Migration for VM-APP1, it takes a few hours.
You need to ensure that the storage supports Offloaded Data Transfer (ODX), and that
ODX is enabled.
Which two Windows PowerShell commands should you run? Each correct answer presents
part of the solution.
A. Set-ItemProperty HKLM:\system\currentcontrolset\control\filesystem -Name “FilterSupportedFeaturesMode” –Value 0
B. Set-StorageSubSystem –InputObject (Get-StorageSubSystem) –ThrottleLimit 0
C. Get-ItemProperty HKLM:\system\currentcontrolset\services\<FilterName> -Name “SupportedFeatures”
D. Set-ItemProperty HKLM:\system\currentcontrolset\control\filesystem –Name “FilterSupportedFeatiresMode” –Value1
Answer: A,C
Q15. - (Topic 1)
You implement a new virtualized print server that runs Windows Server 2012.
You need to migrate the print queues.
Which tool should you use?
A. Windows Server Migration Tools
B. Active Directory Migration Tool (ADMT)
C. Print Management
D. Computer Management
Answer: C
Explanation:
* Scenario: Migrate the existing print queues to virtualized instances of Windows Server 2012.
* To manage the migration process, use one of the following: . The Printer Migration Wizard, which you access through Print Management, a
snap-in in
. Microsoft Management Console (MMC).
. The Printbrm.exe command-line tool.
You can perform the migration locally or remotely, and from either a client computer or server. Important
As a best practice, run the Printer Migration Wizard or Printbrm.exe from a computer running Windows Server 2012
* Reference: Migrate Print and Document Services to Windows Server 2012