Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. HOTSPOT - (Topic 7)
You need to protect the personal data of employees.
What should you do? To answer, select the appropriate options in the answer area.
Answer:
Q2. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The Active Directory site topology is configured as shown in the exhibit. (Click the Exhibit button.)
DC1 and DC2 run Windows Server 2003 R2. All FSMO roles are located on DC2.
You plan to deploy a read-only domain controller (RODC) to Site3.
You need to recommend changes to the network to support the planned RODC
implementation.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
A. To Site1, add an RODC that runs Windows Server 2012.
B. Replace DC2 with a domain controller that runs Windows Server 2012.
C. To Site2, add an RODC that runs Windows Server 2012.
D. Replace DC1 with a domain controller that runs Windows Server 2012.
Answer: D
Explanation: Each RODC requires a writable domain controller running Windows Server
2012 for the same domain from which the RODC can directly replicate.
Typically, this requires that a writable domain controller running Windows Server 2012 be
placed in the nearest site in the topology.
Reference: Active Directory Replication Considerations
Q3. - (Topic 8)
Your network contains 50 servers that run Windows Server 2003 and 50 servers that run Windows Server 2008.
You plan to implement Windows Server 2012.
You need to create a report that includes the following information:
. The servers that run applications and services that can be moved to Windows
Server 2012
. The servers that have hardware that can run Windows Server 2012
. The servers that are suitable to be converted to virtual machines hosted on Hyper-
V hosts that run Windows Server 2012
What should you do?
A. From an existing server, run the Microsoft Application Compatibility Toolkit (ACT).
B. Install Windows Server 2012 on a new server, and then run the Windows Server Migration Tools.
C. Install Windows Server 2012 on a new server, and then run Microsoft Deployment Toolkit (MDT) 2012.
D. From an existing server, run the Microsoft Assessment and Planning (MAP) Toolkit.
Answer: D
Explanation:
The Microsoft Assessment and Planning Toolkit (MAP) is an agentless, automated, multiproduct planning and assessment tool for quicker and easier desktop, server and cloud migrations. MAP provides detailed readiness assessment reports and executive proposals with extensive hardware and software information, and actionable recommendations to help organizations accelerate their IT infrastructure planning process, and gather more detail on assets that reside within their current environment. MAP also provides server utilization data for Hyper-V server virtualization planning; identifying server placements, and performing virtualization candidate assessments, including ROI analysis for server consolidation with Hyper-V. The latest version of the MAP Toolkit adds new scenarios to help you plan your IT future while supporting your current business needs. Included scenarios help you to: Plan your deployment of Windows 8 and Windows Server 2012 with hardware and infrastructure readiness assessments Assess your environment for Office 2013 Plan your migration to Windows Azure Virtual Machines Track Lync Enterprise/Plus usage Size your desktop virtualization needs for both Virtual Desktop Infrastructure (VDI) and session based virtualization using Remote Desktop Services Ready your information platform for the cloud with SQL Server 2012 Virtualize your existing Linux servers onto Hyper-V Identify opportunities to lower your virtualization costs with Hyper-V using the VMware migration assessment MAP is just one of the tools provided by the Microsoft Solution Accelerators team. The Microsoft Assessment and Planning Toolkit, Microsoft Deployment Toolkit, and Security Compliance Manager provide tested guidance and automated tools to help organizations plan, securely deploy, and manage new Microsoft technologies—easier, faster, and at less cost. All are freely available, and fully-supported by Microsoft.
Reference: Microsoft Assessment and Planning Toolkit
Q4. - (Topic 8)
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
The domain contains two global groups. The groups are configured as shown in the following table.
You need to ensure that the RODC is configured to meet the following requirements:
. Cache passwords for all of the members of Branch1Users.
. Prevent the caching of passwords for the members of Helpdesk.
What should you do?
A. Modify the membership of the Denied RODC Password Replication group.
B. Install the BranchCache feature on RODC1.
C. Modify the delegation settings of RODC1.
D. Create a Password Settings object (PSO) for the Helpdesk group.
Answer: A
Explanation: Password Replication Policy Allowed and Denied lists
Two new built-in groups are introduced in Windows Server 2008 Active Directory domains to support RODC operations. These are the Allowed RODC Password Replication Group and Denied RODC Password Replication Group. These groups help implement a default Allowed List and Denied List for the RODC Password Replication Policy. By default, the two groups are respectively added to the msDS-RevealOnDemandGroup and msDS-NeverRevealGroup Active Directory attributes.
Reference: Password Replication Policy
Q5. - (Topic 8)
Your network contains an Active Directory domain named contoso.com.
On several organizational units (OUs), an administrator named Admin1 plans to delegate control of custom tasks. You need to ensure that Admin1 can delegate a custom task named Task1 by using the Delegation of Control Wizard.
What should you do?
A. Add a new class to the Active Directory schema.
B. Configure a custom MMC console.
C. Modify the Delegwiz.inf file.
D. Configure a new authorization store by using Authorization Manager.
Answer: C
Explanation:
To add a task to the Delegation Wizard, you must create a task template by using the
following syntax in the Delegwiz.inf file
;---------------------------------------------------------
[template1]
AppliesToClasses=<comma delimited list of object types to which this
template applies; for example, if "organizationalUnit" is in the list,
this template will be shown when the Delegation Wizard is invoked on
an OU>
Description = "<task description which will appear in the wizard>"
Etc.
Reference: How to customize the task list in the Delegation Wizard http://support.microsoft.com/kb/308404
Q6. - (Topic 8)
You plan to simplify the organizational unit (OU) structure for a company. You must consolidate all member servers in the domain to a single OU named MemberServers.
You must apply Group Policy settings for servers that meet the following criteria:
Server operating systems: Windows Server 2012
Server hardware platform: 64-bit
Server memory: less than 16 GB of RAM
Solution: You create a WMI filter action that includes the following query:
Does this meet the goal?
A. Yes
B. No
Answer: B
Q7. - (Topic 8)
Your network contains an Active Directory forest named contoso.com. The forest contains
a single domain and two sites named Montreal and Vancouver.
Montreal contains an IP Address Management (IPAM) server named Server1 that is used to manage all of the DHCP servers and the DNS servers in the site.
Vancouver contains several DHCP servers and several DNS servers.
In Vancouver, you install the IP Address Management (IPAM) Server feature on a server named Server2.
You need to recommend which configurations must be performed to ensure that the DHCP servers and the DNS servers in Vancouver are managed by Server2.
What should you recommend?
A. Replicate the IPAM database from Server1 to Server2. On Server2, change the manageability status of the DNS servers and the DHCP servers in Vancouver.
B. Replicate the IPAM database from Server1 to Server2. On Server1, change the manageability status of the DNS servers and the DHCP servers in Vancouver.
C. From Server2, run the Invoke-IpamGpoProvisioning cmdlet On Server2, change the manageability status of the DNS servers and the DHCP servers in Vancouver.
D. From Server1, run the Invoke-IpamGpoProvisioning cmdlet. On Server1, change the manageability status of the DNS servers and the DHCP servers in Vancouver.
Answer: C
Explanation: Invoke-IpamGpoProvisioning Creates and links group policies in the specified domain for provisioning required access settings on the servers managed by the computer running the IPAM server.
Q8. - (Topic 8)
Your network contains an Active Directory domain.
You plan to implement a remote access solution that will contain three servers that run Windows Server 2012. The servers will be configured as shown in the following table.
Server1 will support up to 200 concurrent VPN connections.
You need to ensure that all VPN connection requests are authenticated and authorized by either Server2 or Server3. The solution must ensure that the VPN connections can be authenticated if either Server2 or Server3 fails.
What should you do?
A. On Server1, configure a RADIUS proxy. On Server2 and Server3, add a RADIUS client.
B. On Server2 and Server3, add a RADIUS client. On Server1, modify the Authentication settings.
C. On Server1, configure a RADIUS proxy. Add Server2 and Server3 to a failover cluster.
D. Add Server2 and Server3 to a Network Load Balancing (NLB) cluster. On Server1, modify the Authentication settings.
Answer: B
Explanation:
* A network access server (NAS) is a device that provides some level of access to a larger network. A NAS using a RADIUS infrastructure is also a RADIUS client, sending connection requests and accounting messages to a RADIUS server for authentication, authorization, and accounting.
* Client computers, such as wireless portable computers and other computers running client operating systems, are not RADIUS clients. RADIUS clients are network access
servers—such as wireless access points, 802.1X-capable switches, virtual private network (VPN) servers, and dial-up servers—because they use the RADIUS protocol to communicate with RADIUS servers such as Network Policy Server (NPS) servers.
Reference: RADIUS Client
http://technet.microsoft.com/en-us/library/cc754033.aspx
Q9. - (Topic 8)
Your network contains 50 servers that run Windows Server 2003 and 50 servers that run Windows Server 2008.
You plan to implement Windows Server 2012 R2.
You need to create a report that includes the following information:
. The servers that run applications and services that can be moved to Windows Server 2012 R2
. The servers that have hardware that can run Windows Server 2012 R2 . The servers that are suitable to be converted to virtual machines hosted on Hyper-
V hosts that run Windows Server 2012 R2
Solution: From an existing server, you run the Microsoft Application Compatibility Toolkit (ACT).
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation: With the ACT, you can: Analyze your portfolio of applications, websites, and computers Evaluate operating system deployments, the impact of operating system updates, and your compatibility with websites Centrally manage compatibility evaluators and configuration settings Rationalize and organize applications, websites, and computers Prioritize application compatibility efforts with filtered reporting Add and manage issues and solutions for your enterprise-computing environment Deploy automated mitigations to known compatibility issues Send and receive compatibility information from the Microsoft Compatibility Exchange
Q10. - (Topic 8)
A company has a line-of-business application named App1 that runs on an internal IIS server. App1 uses a SQL Server 2008 database that is hosted on the same server. You move the database to a dedicated SQL Server named SQL1.
Users report that they can no longer access the application by using their domain credentials.
You need to ensure that users can access App1.
Solution: You configure Kerberos-constrained delegation and then run the following
command from an administrative command prompt:
setspn-a MSSQLsvc/SQLl:1433 <domain>\<sql_service> Does this meet the goal?
A. Yes
B. No
Answer: A
Q11. - (Topic 8)
You plan to deploy serverl.child.contoso.com as a read-only domain controller (RODC).
You run the adprep.exe /rodcprep command on DC3 and receive the following error message:
You need to identify what prevents you from successfully running Adprep /rodcprep on DC3.
What should you identify?
A. The domain functional level of child.contoso.com isset to the wrong level.
B. DC3 cannot connect to the domain naming master on DC1.
C. The forest functional level is set to the wrong level.
D. DC3 cannot connect to the infrastructure master onDC2.
Answer: D
Explanation: Adprep could not contact a replica…
This problem occurs when the Adprep /rodcprep command tries to contact the
infrastructure master for each application partition in the forest.
Reference: Error message when you run the "Adprep /rodcprep" command in Windows
Server 2008: "Adprep could not contact a replica for partition
DC=DomainDnsZones,DC=Contoso,DC=com"
Q12. - (Topic 5)
You need to design a solution for the recovery-time objective.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Schedule a task to create a snapshot of the NTDS database before the existing backup job runs.
B. Enable the KDC support for claims, compound authentication, and Kerberos armoring administrative template policy.
C. Set the functional level for each domain to Windows Server 2012.
D. Set the functional level of the forest to Windows Server 2008 R2.
E. Enable the Active Directory Recycle Bin.
Answer: A,E
Q13. - (Topic 2)
You run the Get-DNSServer cmdlet on DC01 and receive the following output:
You need to recommend changes to DC01. Which attribute should you recommend modifying?
A. EnablePollutionProtection
B. isReadOnly
C. Locking Percent
D. ZoneType
Answer: C
Explanation: * Scenario: The DNS servers must be prevented from overwriting the existing DNS entries that have been stored in cache.
* Cache locking is configured as a percent value. For example, if the cache locking value is set to 50, then the DNS server will not overwrite a cached entry for half of the duration of the TTL. By default, the cache locking percent value is 100. This means that cached entries will not be overwritten for the entire duration of the TTL. The cache locking value is stored in the CacheLockingPercent registry key. If the registry key is not present, then the DNS server will use the default cache locking value of 100.
Reference: DNS Cache Locking
Q14. - (Topic 8)
A company has offices in multiple geographic locations. The sites have high-latency, low-bandwidth connections. You need to implement a multisite Windows Deployment Services (WDS) topology for deploying standard client device images to all sites.
Solution: At each site, you create a multicast deployment. You pre-stage the client images that you plan to deploy and point them to the local WDS server.
Does this meet the goal?
A. Yes
B. No
Answer: A
Q15. - (Topic 8)
Your company has a main office.
The network contains an Active Directory domain named contoso.com. The main office contains a server named Server1 that runs Windows Server 2012. Server1 has the Remote Access server role installed and is configured to accept incoming SSTP-based VPN connections.
All client computers run Windows 7.
The company plans to open a temporary office that will contain a server named Server2 that runs
Windows Server 2012 and has the DHCP Server server role installed. The office will also have 50 client computers and an Internet connection.
You need to recommend a solution to provide the users in the temporary office with access to the resources in the main office.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Use the Connection Manager Administration Kit (CMAK) to create a connection package that specifies Server1 as the target for SSTP-based VPN connections. Manually distribute the CMAK package to each client computer in the temporary office.
B. Install the Remote Access server role on Server2. From Routing and Remote Access on Server2, add a SSTP-based VPN port. From DHCP on Server2, configure the default gateway server option.
C. Uses the Connection Manager Administration Kit (CMAK) to create a connection package that specifies Server1 as the target for SSTP-based VPN connections. Use a Group Policy object (GPO) to distribute the CMAK package to each client computer in the temporary office.
D. Install the Remote Access server role on Server2. From Routing and Remote Access on Server2, configure a demand-dial interface. From DHCP on Server2, configure the default gateway server option.
Answer: B
Explanation:
* configure RRAS server role as a VPN server on a Windows server 2008 R2 machine. To do that, you need to first install the RRAS server role.
* in case of IPv4 the remote access client’s VPN configuration is the ONLY configuration that governs whether it has default IPv4 gateway towards VPN server or not
Reference: Remote Access Deployment – Part 2: Configuring RRAS as a VPN server