Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 10)
Your network contains 500 client computers that run Windows 7 and a custom application named App1. App1 uses data stored in a shared folder.
You have a failover cluster named Cluster1 that contains two servers named Server1 and Server2.
Server1 and Server2 run Windows Server 2012 and are connected to an iSCSI Storage Area Network (SAN).
You plan to move the shared folder to Cluster1.
You need to recommend which cluster resource must be created to ensure that the shared folder can be accessed from Cluster1.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
A. The Generic Application cluster role
B. The DFS Namespace Server cluster role
C. The clustered File Server role of the File Server for general use type
D. The clustered File Server role of the File Server for scale-out application data type
Answer: C
Q2. - (Topic 9)
Your network contains an Active Directory forest. The forest contains two Active Directory domains named contoso.com and child.contoso.com. The forest functional level is Windows Server 2003. The functional level of both domains is Windows Server 2008.
The forest contains three domain controllers. The domain controllers are configured as shown in the following table.
DC1 and DC2 have the DNS Server server role installed and are authoritative for both contoso.com and child.contoso.com.
The child.contoso.com domain contains a server named serverl.child.contoso.com that runs Windows Server 2012.
You plan to deploy server1.child.contoso.com as a read-only domain controller (RODC).
You run the adprep.exe /rodcprep command on DC3 and receive the following error message:
You need to identify what prevents you from successfully running Adprep /rodcprep on DC3.
What should you identify?
A. The domain functional level of child.contoso.com is set to the wrong level.
B. DC3 cannot connect to the infrastructure master on DC2.
C. DC3 cannot connect to the domain naming master on DC1.
D. The forest functional level is set to the wrong level.
Answer: B
Q3. - (Topic 9)
Your company has a main office, ten regional datacenters. and 100 branch offices. You are designing the site topology for an Active Directory forest named contoso.com.
The forest will contain the following servers:
. In each regional datacenter and in the main office, a domain controller that runs Windows Server 2012 . In each branch office, a file server that runs Windows Server 2012
You have a shared folder that is accessed by using the path \\contoso.com\shares\software. The folder will be replicated to a local file server in each branch office by using Distributed File System (DFS) replication.
You need to recommend an Active Directory site design to meet the following requirements:
. Ensure that users in the branch offices will be authenticated by a domain controller in the closest regional datacenter.
. Ensure that users automatically connect to the closest file server when they access \\contoso.com\shares\software.
How many Active Directory sites should you recommend?
A. 1
B. 10
C. 11
D. 111
Answer: D
Q4. - (Topic 2)
You run the Get-DNSServercmdlet on DC01 and receive the following output:
You need to recommend changes to DC01. Which attribute should you recommend modifying?
A. EnablePollutionProtection
B. isReadOnly
C. Locking Percent
D. ZoneType
Answer: C
Q5. HOTSPOT - (Topic 9)
You have a domain controller that hosts an Active Directory-integrated zone. On the domain controller, you run the following cmdlet:
PS C:\> Get-DnsServerScavenging NoRefreshlnterval:2.00:00:00
Refreshlnterval:3.00:00:00 Scavenginglnterval:4.00:00:00 ScavengingState:True LastScavengeTime:1/30/2014 9:10:36 AM
Use the drop-down menus to select the answer choice that completes each statement.
Answer:
Q6. - (Topic 5)
You are planning the deployment of System Center 2012 Virtual Machine Manager (VMM).
You need to identify which additional System Center 2012 product is required to meet the virtualization requirements.
What should you include in the recommendation?
A. App Controller
B. Operations Manager
C. Configuration Manager
D. Service Manager
Answer: B
Topic 6, Proseware Inc (B)
General Overview
Proseware Inc., is a manufacturing company that has 4,000 employees.
Proseware works with a trading partner named Fabrikam, Inc.
Physical Locations
Proseware has a main office and two branch offices. The main office is located in London. The branch offices are located in Madrid and Berlin. Proseware has a sales department based in the London office and a research department based in the Berlin office. The offices connect to each other by using a WAN link. Each office connects directly to the Internet.
Proseware rents space at a hosting company. All offices have a dedicated WAN link to the hosting company. Web servers that are accessible from the Internet are located at the hosting company.
Active Directory
The Proseware network contains an Active Directory forest named proseware.com. The forest contains a single domain. The forest functional level is Windows Server 2012.
Each office contains three domain controllers. An Active Directory site is configured for each office.
System state backups are performed every day on the domain controllers by using System Center 2012 R2 Data Protection Manager (DPM).
Virtualization
Proseware has Hyper-V hosts that run Windows Server 2012 R2. Each Hyper-V host manages eight to ten virtual machines. The Hyper-V hosts are configured as shown in the following table.
All of the Hyper-V hosts store virtual machines on direct-attached storage (DAS).
Servers
All servers run Windows Server 2012 R2. All of the servers are virtualized, except for the Hyper-V hosts.
VDI1 and VDI2 use locally attached storage to host virtual hard disk (VHD) files. The VHDs use the .vhd format.
A line-of-business application named SalesApp is used by the sales department and runs on a server named APP1. APP1 is hosted on HyperV2.
A server named CA1 has the Active Directory Certificate Services server role installed and is configured as an enterprise root certification authority (CA) named ProsewareCA.
Ten load-balanced web servers hosted on HyperV7 and HyperV8 run the Internet-facing web site that takes orders from Internet customers.
System Center 2012 R2 Operations Manager is used to monitor the health of the servers on the network.
All of the servers are members of the proseware.com domain, except for the servers located in the perimeter network.
Client Computers
All client computers run either Windows 8.1 or Windows 7. Some of the users in the London office connect to pooled virtual desktops hosted on VDI1 and VDI2.
Problem Statements
Proseware identifies the following issues on the network:
Virtualization administrators report that the load on the Hyper-V hosts is inconsistent. The virtualization administrators also report that administrators fail to account for host utilization when creating new virtual machines.
Users in the sales department report that they experience issues when they attempt to access SalesApp from any other network than the one in the London office.
Sometimes, configuration changes are not duplicated properly across the web servers, resulting in customer ordering issues. Web servers are regularly changed.
Demand for virtual desktops is increasing. Administrators report that storage space is becoming an issue as they want to add more virtual machines.
In the past, some personally identifiable information (PII) was exposed when paper shredding procedures were not followed.
Requirements
Planned Changes
Proseware plans to implement the following changes on the network: Implement a backup solution for Active Directory. Relocate the sales department to the Madrid office. Implement System Center 2012 R2 components, as required. Protect email attachments sent to Fabrikam that contain PII data so that the attachments cannot be printed. Implement System Center 2012 R2 Virtual Machine Manager (VMM) to manage the virtual machine infrastructure. Proseware does not plan to use private clouds in the near future. Deploy a new Hyper-V host named RESEARCH1 to the Berlin office. RESEARCH1 will be financed by the research department. All of the virtual machines deployed to RESEARCH1 will use VMM templates.
Technical Requirements
Proseware identifies the following virtualization requirements:
. The increased demand for virtual desktops must be met.
. Once System Center is deployed, all of the Hyper-V hosts must be managed by using VMM.
. If any of the Hyper-V hosts exceeds a set number of virtual machines, an administrator must be notified by email.
. Network administrators in each location must be responsible for managing the Hyper-V hosts in their respective location. The management of the hosts must be performed by using VMM.
. The network technicians in each office must be able to create virtual machines in their respective office. The network technicians must be prevented from modifying the host server settings.
. New virtual machines must be deployed to RESEARCH1 only if the virtual machine template used to create the machine has a value specified for a custom property named CostCenter' that matches Research'.
The web site configurations must be identical on all web servers.
Security Requirements
Proseware identifies the following security requirements:
. All email messages sent to and from Fabrikam must be encrypted by using digital certificates issued to users by the respective CA of their company. No other certificates must be trusted between the organizations.
. Microsoft Word documents attached to email messages sent from Proseware to Fabrikam must be protected.
. Privileges must be minimized, whenever possible.
Q7. - (Topic 9)
Your network contains an Active Directory domain named contoso.com. The domain contains servers that run either Windows Server 2008 R2 or Windows Server 2012.
All client computers on the internal network are joined to the domain. Some users establish VPN connections to the network by using Windows computers that do not belong to the domain.
All client computers receive IP addresses by using DHCP.
You need to recommend a Network Access Protection (NAP) enforcement method to meet the following requirements:
Verify whether the client computers have up-to-date antivirus software.
Provides a warning to users who have virus definitions that are out-of-date.
Ensure that client computers that have out-of-date virus definitions can connect to
the network.
Which NAP enforcement method should you recommend?
A. DHCP
B. IPSec
C. VPN
D. 802.1x
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc733020(v=ws.10).aspx
NAP enforcement for DHCP
DHCP enforcement is deployed with a DHCP Network Access Protection (NAP) enforcement server component, a DHCP enforcement client component, and Network Policy Server (NPS).
Using DHCP enforcement, DHCP servers and NPS can enforce health policy when a computer attempts to lease or renew an IP version 4 (IPv4) address. However, if client computers are configured with a static IP address or are otherwise configured to circumvent the use of DHCP, this enforcement method is not effective.
Q8. - (Topic 3)
You need to recommend a remote access solution that meets the VPN requirements.
Which role service should you include in the recommendation?
A. Routing
B. Network Policy Server
C. DirectAccess and VPN (RAS)
D. Host Credential Authorization Protocol
Answer: B
Explanation:
D:\Documents and Settings\useralbo\Desktop\1.jpg
Updated: March 29, 2012 Applies To: Windows Server 2008 R2, Windows Server 2012 Network Policy Server Network Policy Server (NPS) allows you to create and enforce organization-wide network access policies for client health, connection request authentication, and connection request authorization. In addition, you can use NPS as a Remote Authentication Dial-In User Service (RADIUS) proxy to forward connection requests to a server running NPS or other RADIUS servers that you configure in remote RADIUS server groups. NPS allows you to centrally configure and manage network access authentication, authorization, are client health policies with the following three features: RADIUS server. NPS performs centralized authorization, authorization, and accounting for wireless, authenticating switch, remote access dial-up and virtual private network (VNP) connections. When you use NPS as a RADIUS server, you configure network access servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. You also configure network policies that NPS uses to authorize connection requests, and you can configure RADIUS accounting so that NPS logs accounting information to log files on the local hard disk or in a Microsoft SQL Server database. For more information, see RADIUS Server. http://technet.microsoft.com/en-us/library/cc732912.aspx
Q9. - (Topic 10)
Your network contains an Active Directory domain named contoso.com.
You plan to implement Microsoft System Center 2012.
You need to identify which solution automates the membership of security groups for contoso.com. The solution must use workflows that provide administrators with the ability to
approve the addition of members to the security groups.
Which System Center 2012 roles should you identify?
A. Configuration Manager and Orchestrator
B. Service Manager and Virtual Machine Manager (VMM)
C. Orchestrator and Service Manager
D. Operations Manager and Orchestrator
Answer: C
Q10. - (Topic 9)
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites. You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.
What should you include in the recommendation?
A. Set the ISATAP State to state enabled.
B. Enable split tunneling.
C. Set the ISATAP State to state disabled.
D. Enable force tunneling.
Answer: D
Explanation:
http://blogs.technet.com/b/csstwplatform/archive/2009/12/15/directaccess-how-to-configure-forcetunneling-forda-so-that-client-are-forced-to-use-ip-https.aspx You can configure DirectAccess clients to send all of their traffic through the tunnels to the DirectAccess server with force tunneling. When force tunneling is configured, DirectAccess clients that detect that they are on the Internet modify their IPv4 default route so that default route IPv4 traffic is not sent. With the exception of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that goes through tunnels to the DirectAccess server.
Q11. DRAG DROP - (Topic 2)
You need to recommend the VPN protocols for Proseware.
What should you recommend? To answer, drag the appropriate VPN protocols to the correct offices. Each protocol may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content,
Answer:
Q12. HOTSPOT - (Topic 10)
Your network contains an Active Directory domain named contoso.com. The domain contains a Network Load Balancing (NLB) cluster named Cluster1 that contains four nodes. Cluster1 hosts a web application named App1. The session state information of App1 is stored in a Microsoft SQL Server 2012 database.
The network contains four subnets.
You discover that all of the users from a subnet named Subnet1 always connect to the same NLB node.
You need to ensure that all of the users from each of the subnets connect equally across all of the nodes in Cluster1.
What should you modify from the port settings?
To answer, select the appropriate setting in the answer area.
Answer:
Q13. - (Topic 9)
Your network contains an Active Directory domain named contoso.com. Client computers run either Windows 7 or Windows 8.
You plan to implement several Group Policy settings that will apply only to laptop
computers.
You need to recommend a Group Policy strategy for the planned deployment.
What should you include in the recommendation?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Loopback processing
B. WMI filtering
C. Security filtering
D. Block inheritance
Answer: B
Explanation:
http://www.discoposse.com/index.php/2012/04/05/group-policy-wmi-filter-laptop-or-desktop-hardware/ Another method to detect hardware as laptop only is to look for the presence of a battery based on the BatteryStatus property of the Win32_Battery class. By using the Win32_Battery class, we can search to see if there is a battery present. If the battery status is not equal to zero (BatteryStatus <> 0 ) then you know that it is a laptop.
Q14. - (Topic 6)
You need to implement a solution for the email attachments.
Both organizations exchange root CA certificates and install the certificates in the relevant stores.
You duplicate the Enrollment Agent certificate template and generate a certificate based on the new template.
Which additional two actions should you perform? Each correct answer presents part of the solution.
A. Request cross-certification authority certificates.
B. Create Capolicy.inf files.
C. Request subordinate CA certificates.
D. Create Policy.inf files.
Answer: A,D
Q15. DRAG DROP - (Topic 7)
You need to prepare the required Hyper-V virtual network components for Customer2.
Which four objects should you create and configure in sequence? To answer, move the appropriate objects from the list of objects to the answer area and arrange them in the correct order.
Answer: