Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 10)
Your network contains an Active Directory domain named contoso.com.
Your company has an enterprise root certification authority (CA) named CA1.
You plan to deploy Active Directory Federation Services (AD FS) to a server named Server1.
The company purchases a Microsoft Office 365 subscription.
You plan to register the company's SMTP domain for Office 365 and to configure single sign-on for all users.
You need to identify which certificate or certificates are required for the planned deployment.
Which certificate or certificates should you identify? (Each correct answer presents a complete solution. Choose all that apply.)
A. a server authentication certificate that is issued by a trusted third-party root CA and that contains the subject name serverl.contoso.com
B. a server authentication certificate that is issued by CA1 and that contains the subject name Server1
C. a server authentication certificate that is issued by a trusted third-party root CA and that contains the subject name Server1
D. a server authentication certificate that is issued by CA1 and that contains the subject name serverl.contoso.com
E. self-signed server authentication certificates for server1.contoso.com
Answer: A
Q2. - (Topic 9)
Your network contains a Hyper-V host named Host1 that runs Windows Server 2012. Host1 contains a virtual machine named DC1. DC1 is a domain controller that runs Windows Server 2012.
You plan to clone DC1.
You need to recommend which steps are required to prepare DC1 to be cloned.
What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.)
A. Run dcpromo.exe /adv.
B. Create a file named Dccloneconfig.xml.
C. Add DC1 to the Cloneable Domain Controllers group.
D. Run sysprep.exe /oobe.
E. Run New-VirtualDiskClone.
Answer: B,C
Explanation:
http://blogs.technet.com/b/askpfeplat/archive/2012/10/01/virtual-domain-controller-cloning-in-windowsserver-2012.aspx DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more. This file can be generated in a few different ways. There's a new group in town. It's called Cloneable Domain Controllers and you can find it in the Users container. Membership in this group dictates whether a DC can or cannot be cloned. This group has some permissions set on the domain head that should not be removed. Removing these permissions will cause cloning to fail. Also, as a best practice, DCs shouldn't be added to the group until you plan to clone and DCs should be removed from the group once cloning is complete. Cloned DCs will also end up in the Cloneable Domain Controllers group. Make sure to remove those as well
Q3. - (Topic 1)
You need to recommend a solution for DHCP logging. The solution must meet the technical requirement.
What should you include in the recommendation?
A. Event subscriptions
B. IP Address Management (IPAM)
C. DHCP audit logging
D. DHCP filtering
Answer: B
Explanation:
D:\Documents and Settings\useralbo\Desktop\1.jpg
Feature description IPAM in Windows Server 2012 is a new built-in framework for discovering, monitoring, auditing, and managing the IP address space used on a corporate network. IPAM provides for administration and monitoring of servers running Dynamic Host Configuration Protocol (DHCP) and Domain Name Service (DNS). IPAM includes components for:
. Automatic IP address infrastructure discover)': IPAM discovers domain controllers, DHCP servers, and DNS servers in the domains you choose. You can enable or disable management of these servers by IPAM.
. Custom IP address space display, reporting, and management: The display of IP addresses is highly customizable and detailed tracking and utilization data is available. IPv4 and IPv6 address space is organized into IP address blocks, IP address ranges, and individual IP addresses. IP addresses are assigned built-in or user-defined fields that can be used to further organize IP address space into hierarchical, logical groups.
. Audit of server configuration changes and tracking of IP address usage: Operational events are displayed for the IPAM server and managed DHCP servers. IPAM also enables IP address tracking using DHCP lease events and user logon events collected from Network Policy Server (NPS), domain controllers, and DHCP servers. Tracking is available by IP address, client ID, host name, or user name.
. Monitoring and management of DHCP and DNS services: IPAM enables automated service availability monitoring for Microsoft DHCP and DNS servers across the forest. DNS zone health is displayed, and detailed DHCP server and scope management is available using the IPAM console. http://technet.microsoft.com/en-us/library/hh831353.aspx
Q4. - (Topic 8)
You need to recommend which Certificate Services role service must be deployed to the perimeter network. The solution must meet the security requirements.
Which Certificate Services role services should you recommend?
A. Online Responder and Network Device Enrollment Service
B. Online Responder and Certificate Enrollment Web Service
C. Certificate Enrollment Web Service and Certificate Enrollment Policy Web Service
D. Certificate Enrollment Policy Web Service and Certification Authority Web Enrollment
Answer: C
Q5. - (Topic 9)
Your network contains an Active Directory domain named contoso.com.
All client computers run either Windows 7 or Windows 8.
Some users work from customer locations, hotels, and remote sites. The remote sites often
have firewalls that limit connectivity to the Internet.
You need to recommend a VPN solution for the users.
Which protocol should you include in the recommendation?
A. PPTP
B. SSTP
C. IKEv2
D. L2TP/IPSec
Answer: B
Q6. - (Topic 10)
Your network contains an Active Directory domain named contoso.com. The domain contains a Microsoft System Center 2012 infrastructure.
All client computers have a custom application named App1 installed. App1 generates an Event ID 42 every time the application runs out of memory.
Users report that when App1 runs out of memory, their client computer runs slowly until they manually restart App1.
You need to recommend a solution that automatically restarts App1 when the application runs out of memory. The solution must use the least amount of administrative effort.
What should you include in the recommendation?
A. From Configurations Manager, create a desired configuration management baseline.
B. From Windows System Resource Manager, create a resource allocation policy.
C. From Event Viewer, attach a task to the event.
D. From Operations Manager, create an alert.
Answer: D
Q7. - (Topic 10)
Your network contains an Active Directory forest named contoso.com.
Your company works with a partner company that has an Active Directory forest named fabrikam.com. Both forests contain domain controllers that run only Windows Server 2012 R2.
The certification authority (CA) infrastructure of both companies is configured as shown in the following table.
You need to recommend a certificate solution that meets the following requirements:
. Server authentication certificates issued from fabrikam.com must be trusted automatically by the computers in contoso.com.
. The computers in contoso.com must not trust automatically any other type of certificates issued from the CA hierarchy in fabrikam.com.
What should you include in the recommendation?
A. Deploy a Group Policy object (GPO) that defines intermediate CAs. Import a certificate that has an application policy object identifier (OID) of CA Encryption Certificate.
B. Deploy a Group Policy object (GPO) that defines an enterprise trust. Import a certificate that has an application policy object identifier (OID) of Microsoft Trust List Signing.
C. Deploy a Group Policy object (GPO) that defines an enterprise trust. Import a certificate that has an application policy object identifier (OID) of CA Encryption Certificate.
D. Deploy a Group Policy object (GPO) that defines intermediate CAs. Import a certificate that has an application policy object identifier (OID) of Microsoft Trust List Signing.
Answer: B
Q8. - (Topic 2)
You need to recommend a solution for the RODC
Which attribute should you include in the recommendation?
A. systemFlags
B. searchFlags
C. policy-Replication-Flags
D. flags
Answer: B
Q9. - (Topic 6)
You need to recommend changes to the existing environment to meet the email requirement.
What should you recommend?
A. Implement a two-way forest trust that has selective authentication.
B. Implement qualified subordination.
C. Deploy the FabrikamCA root certificate to all of the client computers.
D. Deploy a user certificate from FabrikamCA to all of the users.
Answer: B
Topic 7, Northwind Traders (B)
Overview
Northwind Traders is an IT services and hosting provider.
Northwind Traders has two main data centers in North America. The data centers are located in the same city. The data centers connect to each other by using high-bandwidth, low-latency WAN links. Each data center connects directly to the Internet.
Northwind Traders also has a remote office in Asia that connects to both of the North American data centers by using a WAN link. The Asian office has 30 multipurpose servers.
Each North American data center contains two separate network segments. One network segment is used to host the internal servers of Northwind Traders. The other network segment is used for the hosted customer environments.
Existing Environment
Active Directory
The network contains an Active Directory forest named northwindtraders.com. The forest contains a single domain. All servers run Windows Server 2012 R2.
Server Environment
The network has the following technologies deployed:
Service Provider Foundation
Windows Azure Pack for Windows Server
System Center 2012 R2 Virtual Machine Manager (VMM)
An Active Directory Rights Management Services (AD RMS) cluster
An Active Directory Certificate Services (AD CS) enterprise certification authority (CA)
All newly deployed servers will include the following components:
Dual 10-GbE Remote Direct Memory Access (RDMA)-capable network adapters
Dual 1-GbE network adapters
128 GB of RAM
Requirements
Business Goals
Northwind Traders will provide hosting services to two customers named Customer1 and Customer2. The network of each customer is configured as shown in the following table.
Planned Changes
Northwind Traders plans to implement the following changes:
Deploy System Center 2012 R2 Operations Manager.
Deploy Windows Server 2012 R2 iSCSI and SMB-based storage.
Implement Hyper-V Recovery Manager to protect virtual machines.
Deploy a certificate revocation list (CRL) distribution point (CDP) on the internal network.
For Customer 1, install server authentication certificates issued by the CA of Northwind Traders on the virtual machine in the hosting networks.
General Requirements
Northwind Traders identifies the following requirements:
Storage traffic must use dedicated adapters.
All storage and network traffic must be load balanced.
The amount of network traffic between the internal network and the hosting network must be minimized.
The publication of CRLs to CDPs must be automatic.
Each customer must use dedicated Hyper-V hosts.
Administrative effort must be minimized, whenever possible.
All servers and networks must be monitored by using Operations Manager.
Anonymous access to internal file shares from the hosting network must be prohibited.
All Hyper-V hosts must use Cluster Shared Volume (CSV) shared storage to host virtual machines.
All Hyper-V storage and network traffic must remain available if single network adapter fails.
The Hyper-V hosts connected to the SMB-based storage must be able to make use of the RDMA technology.
The number of servers and ports in the hosting environment to which the customer
has access must be minimized.
Customer1 Requirements
Northwind Traders identifies the following requirements for Customer1:
. Customer1 must use SMB-based storage exclusively.
. Customer1 must use App Controller to manage hosted virtual machines.
. The virtual machines of Customer1 must be recoverable if a single data center fails.
. Customer1 must be able to delegate self-service roles in its hosted environment to its users.
. Customer1 must be able to check for the revocation of certificates issued by the CA of Northwind Traders.
. The users of Customer1 must be able to obtain use licenses for documents protected by the AD RMS of Northwind Traders.
. Certificates issued to the virtual machines of Customer1 that reside on the hosted networks must be renewed automatically.
Customer2 Requirements
Northwind Traders identifies the following requirements for Customer2:
. Customer2 must use iSCSI-based storage exclusively.
. All of the virtual machines of Customer2 must be migrated by using a SAN transfer.
. None of the metadata from the virtual machines of Customer2 must be stored in Windows Azure.
. The network configuration of the Hyper-V hosts for Customer2 must be controlled by using logical switches.
. The only VMM network port profiles and classifications allowed by Customer2 must be low-bandwidth, medium-bandwidth, or high-bandwidth.
. The users at Northwind Traders must be able to obtain use licenses for documents protected by the AD RMS cluster of Customer2. Customer2 plans to decommission its AD RMS cluster during the next year.
Q10. DRAG DROP - (Topic 9)
Your network contains an Active Directory forest named corp.contoso.com. All servers run Windows Server 2012.
The network has a perimeter network that contains servers that are accessed from the Internet by using the contoso.com namespace.
The network contains four DNS servers. The servers are configured as shown in the following table.
All of the client computers on the perimeter network use Server1 and Server2 for name resolution.
You plan to add DNS servers to the corp.contoso.com domain.
You need to ensure that the client computers automatically use the additional name servers. The solution must ensure that only computers on the perimeter network can resolve names in the corp.contoso.com domain.
Which DNS configuration should you implement on Server1 and Server2?
To answer, drag the appropriate DNS configuration to the correct location in the answer area. Each DNS configuration may be used once, more than once, or not at all.
Additionally, you may need to drag the split bar between panes or scroll to view content.
Answer:
Q11. - (Topic 10)
Your network contains an Active Directory forest named contoso.com. The forest contains multiple servers that run Windows Server 2012. The network contains 1,000 client computers that run Windows 7. Two hundred remote users have laptop computers and only work from home.
The network does not provide remote access to users.
You need to recommend a monitoring solution to meet the following requirements:
Generate a list of updates that are applied successfully to all computers.
Minimize the amount of bandwidth used to download updates.
An administrator must approve the installation of an update on any client computer.
What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.)
A. Microsoft Asset Inventory Service (AIS)
B. Windows InTune
C. Windows Server Update Services (WSUS)
D. Active Directory Federation Services (AD FS)
E. Microsoft System Center 2012 Service Manager
Answer: A,B,C
Q12. - (Topic 9)
Your company is a hosting provider that provides cloud-based services to multiple customers.
Each customer has its own Active Directory forest located in your company's datacenter.
You plan to provide VPN access to each customer. The VPN solution will use RADIUS for authentication services and accounting services.
You need to recommend a solution to forward authentication and accounting messages from the perimeter network to the Active Directory forest of each customer.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
A. One RADIUS proxy for each customer and Active Directory Federation Services (AD FS)
B. A RADIUS server for each customer and one RADIUS proxy
C. One RADIUS proxy and one Active Directory Lightweight Directory Services (AD LDS) instance for each customer
D. A RADIUS server for each customer and a RADIUS proxy for each customer
Answer: B
Q13. - (Topic 10)
Your network contains an Active Directory domain named contoso.com. The network contains a perimeter network. The perimeter network and the internal network are separated by a firewall.
On the perimeter network, you deploy a server named Server1 that runs Windows Server 2012.
You deploy Active Directory Certificate Services (AD CS).
Each user is issued a smart card.
Users report that when they work remotely, they are unable to renew their smart card certificate.
You need to recommend a solution to ensure that the users can renew their smart card certificate from the Internet.
What should you recommend implementing on Server1?
More than one answer choice may achieve the goal. Select the BEST answer.
A. The Certificate Enrollment Policy Web Service role service and the Certificate Enrollment Web Service role service
B. The Active Directory Federation Services server role
C. An additional certification authority (CA) and the Online Responder role service
D. The Certification Authority Web Enrollment role service and the Online Responder role service
Answer: A
Q14. DRAG DROP - (Topic 6)
You need to recommend a monitoring solution for Proseware.
Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q15. - (Topic 1)
You implement and authorize the new DHCP servers. You import the server configurations and the scope configurations from PA1 and AM1.
You need to ensure that clients can obtain DHCP address assignments after you shut down PA1 and AM1. The solution must meet the technical requirements.
What should you do?
A. Run the Get-DhcpServerv4Lease cmdlet and the Remove-DhcpServerv4Lease cmdlet. Run the Windows Server Migration Tools.
B. Run the Get-DhcpServerv4Lease cmdlet and the Add-DhcpServerv4Lease cmdlet. Activate the scopes.
C. Run the Get-DhcpServerv4FreeIPAddress cmdlet and the Invoke-DhcpServerv4FailoverReplication cmdlet. Run the Windows Server Migration Tools.
D. Run the Get-DhcpServerv4FreeIPAddress cmdlet and the Invoke-DhcpServerv4FailoverReplication cmdlet Activate the scopes.
Answer: B