Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 2)
You need to recommend a trust model.
What should you include in the recommendation?
A. A one-way, forest trust that has selective authentication.
B. A one-way, external trust
C. A two-way, external trust
D. A one-way, forest trust that has domain-wide authentication.
Answer: A
Explanation:
From case study:
Users in the Montreal office must only be allowed to access shares that are located on
File01 and File02. The Montreal users must be prevented from accessing any other servers
in the proseware.com forest regardless of the permissions on the resources.
Q2. HOTSPOT - (Topic 8)
Your network contains an Active Directory forest name fabrikam.com. The forest contains two domains named fabrikam.com and contoso.com. All servers run Windows Server 2012 R2.
The forest contains a DHCP server named Server1 and a DNS server named Server2.
You need to recommend a solution to ensure that any computers that are neither members of contoso.com nor fabrikam.com receive a DNS suffix of guest.fabrikam.com.
What two commands should you run? To answer, select the appropriate options in the answer area.
Answer:
Q3. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8.
Goal: You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.
Solution: You implement the 802.1x Network Access Protection (NAP) enforcement method.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation: NAP supports a variety of what we call enforcement methods. In the NAP space, and enforcement method is simply a term that defines the way a machine connects to a network. In NAP, these are DHCP, 802.1x (wired or wireless), VPN, IPsec, or via a Terminal Services Gateway.
Q4. - (Topic 3)
You need to recommend a Group Policy strategy to support the company's planned changes.
What should you include in the recommendation?
A. Link a Group Policy object (GPO) to the AllComputers OU in each domain.
B. Link a Group Policy object (GPO) to litwareinc.com and configure filtering.
C. Link a Group Policy object (GPO) to each domain.
D. Link a Group Policy object (GPO) to the Boston site.
Answer: D
Explanation:
* Scenario:
Implement Folder Redirection in the Boston office only.
Deploy an application named Appl to all of the users in the Boston office only.
Migrate to IPv6 addressing on all of the servers in the Los Angeles office.
Q5. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate
network from the Internet, all of the traffic destined for the Internet must be routed through
the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets
the security policy requirement
Solution: You set the ISATAP State to state disabled.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation: With NAT64 and DNS64, the DirectAccess server now has the ability to take those client IPv6 packets and spin them down into IPv4 packets, so you can simply leave your internal network all IPv4. So back in the beginning it was standard practice to enable ISATAP globally. Today, because of the known issues, it is recommended not to use ISATAP at all, unless you have a specific reason for needing it
Note: ISATAP defines a method for generating a link-local IPv6 address from an IPv4 address, and a mechanism to perform Neighbor Discovery on top of IPv4.
Reference: IS ISATAP REQUIRED FOR DIRECTACCESS?
Q6. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. Client computers run either Windows 7 or Windows 8.
You plan to implement several Group Policy settings that will apply only to laptop computers.
You need to recommend a Group Policy strategy for the planned deployment.
What should you include in the recommendation?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Loopback processing
B. WMI filtering
C. Security filtering
D. Block inheritance
Answer: B
Explanation:
Group Policy WMI Filter – Laptop or Desktop Hardware A method to detect hardware as laptop only is to look for the presence of a battery based on the BatteryStatus property of the Win32_Battery class. By using the Win32_Battery class, we can search to see if there is a battery present. If the battery status is not equal to zero (BatteryStatus <> 0 ) then you know that it is a laptop.
Reference: Group Policy WMI Filter – Laptop or Desktop Hardware
Q7. - (Topic 8)
Your company has a main office that contains several servers and several users. The main office contains a file server named Server1 that runs Windows Server 2012.
The users access a large report file that is created on Server1 each day.
The company plans to open a new branch office. The branch office will contain only client computers.
You need to implement a solution to reduce the amount of bandwidth used by the client computers in the branch office to download the report each day.
What should you do?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Install the BranchCache for network files role service on Server1. Configure the client computers to use BranchCache in hosted cache mode.
B. Configure the offline settings of the shared folder that contains the report.
C. Install the BranchCache for network files role service on Server1. Configure the client computers to use Branchcache in distributed mode.
D. Enable the Background Intelligent Transfer Service (BITS) feature on Server1 and on each client computer in the branch office. Move the report to a web folder.
Answer: C
Explanation:
Distributed cache mode. In this mode, branch office client computers download content from the content servers in the main office and then cache the content for other computers in the same branch office.
Distributed cache mode does not require a server computer in the branch office. Reference: BranchCache Deployment Guide
Q8. DRAG DROP - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2008. Server1 is configured as an enterprise certification authority (CA).
You back up all of the data on Server1, and then export the private and public keys of the CA.
You plan to replace Server1 with a new member server that was purchased recently.
You need to identify which actions must be performed on the new server to restore the certificate services of Server1.
Which three actions should you identify?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q9. - (Topic 8)
You manage a server infrastructure for a software development company. There are 30 physical servers distributed across 4 subnets, and one Microsoft Hyper-V cluster that can run up to 100 virtual machines (VMs). You configure the servers to receive the IP address from a DHCP server named SERVER1 that runs Microsoft Windows Server 2012 R2. You assign a 30-day duration to all DHCP leases.
Developers create VMs in the environment to test new software. They may create VMs several times each week.
Developers report that some new VMs cannot acquire IP address. You observe that the DHCP scope is full and delete non-existent devices manually. All physical servers must keep their current DHCP lease configuration.
You need to ensure that the DHCP lease duration for VMs is 8 hours.
What should you configure?
A. 4 server-level Allow filters
B. 1 server-level DHCP policy
C. 1 scope-level DHCP policy
D. 4 scope-level exclusion ranges
Answer: B
Q10. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8.
The corporate security policy states that all of the client computers must have the latest security updates installed.
You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.
Solution: You implement the DHCP Network Access Protection (NAP) enforcement method.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation: Implementing DHCP NAP to Enforce WSUS Updates
Q11. - (Topic 8)
Your company has a main office, ten regional datacenters and 100 branch offices. You are designing the site topology for an Active Directory forest named contoso.com. The forest will contain the following servers:
* In each regional datacenter and in the main office, a domain controller that runs Windows
Server 2012
* In each branch office, a file server that runs Windows Server 2012
You have a shared folder that is accessed by using the path \\contoso.com\shares\software. The folder will be replicated to a local file server in each branch office by using Distributed File System (DFS) replication.
You need to recommend an Active Directory site design to meet the following requirements:
* Ensure that users in the branch offices will be authenticated by a domain controller in the closest regional datacenter.
* Ensure that users automatically connect to the closest file server when they access \\contoso.com\shares\software.
How many Active Directory sites should you recommend?
A. 1
B. 10
C. 11
D. 111
Answer: D
Q12. - (Topic 3)
You need to recommend a solution that meets the security requirements.
Which schema attribute properties should you recommend modifying?
A. isIndexed
B. searchFlags
C. isCriticalSystemObject
D. schemaFlagsEx
Answer: B
Explanation:
* Scenario: ). Confidential attributes must not be replicated to the Chicago office.
* Applies To: Windows Server 2008, Windows Server 2012 This topic includes procedures for adding an attribute to the filtered attribute set (FAS) for a readonly domain controller (RODC) and marking the attribute as confidential data. You can perform these procedures to exclude specific data from replicating to RODCs in the forest. Because the data is not replicated to any RODCs, you can be assured that the data will not be revealed to an attacker who manages to successfully compromise an RODC. In most cases, adding an attribute to the RODC FAS is completed by the developer of the application that added the attribute to the schema.
. Determine and then modify the current searchFlags value of an attribute
. Verify that an attribute is added to the RODC FAS -Determine and then modify the current searchFlags value of an attribute To add an attribute to an RODC FAS, you must first determine the current searchFlags value of the attribute that you want to add, and then set the following values for searchflags:
. To add the attribute to the RODC FAS, set the 10th bit to 0x200.
. To mark the attribute as confidential, set the 7th bit to 0x080.
Reference: Adding Attributes to the RODC Filtered Attribute Set
http://technet.microsoft.com/en-us/library/cc754794(v=ws.10).aspx
Q13. - (Topic 8)
This question consists of two statements: One is named Assertion and the other Is named Reason. Both of these statements may be true; both may be false; or one may be true, while the other may be false.
To answer this question, you must first evaluate whether each statement is true on its own. If both statements are true, then you must evaluate whether the Reason (the second statement) correctly explains the Assertion (the first statement). You will then select the answer from the list of answer choices that matches your evaluation of the two statements.
Assertion:
DHCP failover clustering provides load balancing when you use multiple DHCP servers to distribute IP addresses to the network clients. Clients can renew their IP leases even if some of the DCHP servers become unavailable. DHCP failover clustering supports stateless and stateful IPv4 and IPv6 IP addresses, as well as DHCP policies and filtering.
Reason:
The cluster health monitoring mechanism ensures the fault tolerance of the DCHP service and all configured DHCP settings. It also protects the DHCP database from failures and corruptions.
Evaluate the Assertion and Reason statements and choose the correct answer option.
A. Both the Assertion and Reason are true, and the Reason is the correct explanation for the Assertion
B. Both the Assertion and Reason are true, but the Reason is not the correct explanation for the Assertion.
C. The Assertion is true, but the Reason is false.
D. The Assertion is false, but the Reason is true.
E. Both the Assertion and the Reason are false.
Answer: A
Q14. - (Topic 1)
You need to recommend changes to the DNS environment that support the implementation of the sales.contoso.com domain. The solution must ensure that the users in all of the domains can resolve both Internet names and the names of the servers in all of the internal domains.
What should you recommend?
A. On the DNS servers in contoso.com, configure a reverse lookup zone. On the DNS servers in sales.contoso.com, configure a conditional forwarder to contoso.com.
B. On the DNS servers in contoso.com, add a conditional forwarder to the sales.contoso.com zone. On the DNS servers in sales.contoso.com, add a forwarder to the DNS servers of the company's ISP.
C. On the DNS servers in contoso.com, create a zone delegation in the contoso.com zone. On the DNS servers in sales.contoso.com, add a forwarder to the contoso.com DNS servers.
D. On the DNS servers in contoso.com, configure a conditional forwarder to sales.contoso.com. On the DNS servers in sales.contoso.com, configure a reverse zone.
Answer: C
Explanation: Scenario: The client computers in sales.contoso.com will use the sales.contoso.com domain controllers as their DNS servers.
Q15. DRAG DROP - (Topic 2)
You need to recommend the VPN protocols for Proseware.
What should you recommend? To answer, drag the appropriate VPN protocols to the correct offices. Each protocol may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content,
Answer: