Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 2)
You run the Get-DNSServercmdlet on DC01 and receive the following output:
You need to recommend changes to DC01. Which attribute should you recommend modifying?
A. EnablePollutionProtection
B. isReadOnly
C. Locking Percent
D. ZoneType
Answer: C
Q2. - (Topic 10)
Your network contains an Active Directory domain named contoso.com.
You currently have an intranet web site that is hosted by two Web servers named Web1 and Web2. Web1 and Web2 run Windows Server 2012.
Users use the name intranet.contoso.com to request the web site and use DNS round robin.
You plan to implement the Network Load Balancing (NLB) feature on Web1 and Web2.
You need to recommend changes to the DNS records for the planned implementation.
What should you recommend?
A. Create a service locator (SRV) record. Map the SRV record to Intranet.
B. Delete both host (A) records named Intranet. Create a pointer (PTR) record for each Web server.
C. Remove both host (A) records named Intranet. Create a new host (A) record named Intranet.
D. Delete both host (A) records named Intranet. Create two new alias (CNAME) records named Intranet. Map each CNAME record to a Web server name.
Answer: C
Q3. DRAG DROP - (Topic 7)
You need to prepare the required Hyper-V virtual network components for Customer2.
Which four objects should you create and configure in sequence? To answer, move the appropriate objects from the list of objects to the answer area and arrange them in the correct order.
Answer:
Q4. DRAG DROP - (Topic 2)
You need to recommend changes for the Active Directory infrastructure.
What should you recommend? To answer, drag the appropriate domain and forest functional levels for proseware.com to the correct locations. Each functional level may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Topic 3, Litware, Inc
Overview
Litware, Inc., is a manufacturing company. The company has a main office and two branch offices. The main office is located in Seattle. The branch offices are located in Los Angeles and Boston.
Existing Environment
Active Directory
The network contains an Active Directory forest named litwareinc.com. The forest contains a child domain for each office. The child domains are named boston.litwareinc.com and la.litwareinc.com. An Active Directory site exists for each office.
In each domain, all of the client computer accounts reside in an organizational unit (OU) named AllComputers and all of the user accounts reside in an OU named AllUsers.
All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. The functional level of the domain and the forest is Windows Server 2008.
Network Infrastructure
The main office has the following servers:
Five physical Hyper-V hosts that run Windows Server 2012
Three virtual file servers that run Windows Server 2008 R2
One physical DHCP server that runs Windows Server 2008 R2
Ten physical application servers that run Windows Server 2012
One virtual IP Address Management (IPAM) server that runs Windows Server 2012
One virtual Windows Server Update Services (WSUS) server that runs Windows Server 2008 R2
One physical domain controller and two virtual domain controllers that run Windows Server 2008 R2
Each branch office has following servers:
One virtual file server that runs Windows Server 2008 R2
Two physical Hyper-V hosts that run Windows Server 2012
One physical DHCP server that runs Windows Server 2008 R2
One physical domain controller and two virtual domain controllers that run Windows Server 2008 R2
All of the offices have a high-speed connection to the Internet. The offices connect to each other by using T1 leased lines.
The IPAM server in the main office gathers data from the DNS servers and the DHCP servers in all of the offices.
Requirements Planned Changes
The company plans to implement the following changes:
Implement the Active Directory Recycle Bin.
Implement Network Access Protection (NAP).
Implement Folder Redirection in the Boston office only.
Deploy an application named Appl to all of the users in the Boston office only.
Migrate to IPv6 addressing on all of the servers in the Los Angeles office. Some
application servers in the Los Angeles office will have only IPv6 addresses.
Technical Requirements
The company identifies the following technical requirements:
Minimize the amount of administrative effort whenever possible.
Ensure that NAP with IPSec enforcement can be configured.
Rename boston.litwareinc.com domain to bos.litwareinc.com.
Migrate the DHCP servers from the physical servers to a virtual server that runs Windows Server 2012.
Ensure that the members of the Operators groups in all three domains can manage the IPAM server from their client computer.
VPN Requirements
You plan to implement a third-party VPN server in each office. The VPN servers will be configured as RADIUS clients. A server that runs Windows Server 2012 will perform RADIUS authentication for all of the VPN connections.
Visualization Requirements
The company identifies the following visualization requirements:
Virtualize the application servers.
Ensure that the additional domain controllers for the branch offices can be deployed by using domain controller cloning.
Automatically distribute the new virtual machines to Hyper-V hosts based on the current resource usage of the Hyper-V hosts.
Server Deployment Requirements
The company identifies the following requirements for the deployment of new servers on the network:
Deploy the new servers over the network.
Ensure that all of the server deployments are done by using multicast.
Security Requirements
A new branch office will open in Chicago. The new branch office will have a single read-only domain controller (RODC). Confidential attributes must not be replicated to the Chicago office.
Q5. - (Topic 9)
You have a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role installed.
You need to recommend changes to the DNS infrastructure to protect the cache from cache poisoning attacks.
What should you configure on Server1?
A. DNS cache locking
B. The global query block list
C. DNS Security Extensions (DNSSEC)
D. DNS devolution
Answer: A
Q6. - (Topic 9)
Your network contains an Active Directory domain named contoso.com.
The domain contains the organization units (OUs) configured as shown in the following table.
Users and computers at the company change often.
You create a Group Policy object (GPO) named GPO6. GPO6 contains user settings.
You need to ensure that GPO6 applies to users when they log on to the kiosk computers
only. The solution must minimize administrative effort.
What should you do?
A. Link GPO6 to OU4 and configure loopback processing in GPO6.
B. Link GPO6 to OU1 and configure WMI filtering on GPO3.
C. Link GPO6 to OU1 and configure loopback processing in GPO6.
D. Link GPO6 to OU1 and configure loopback processing in GPO5.
Answer: A
Q7. - (Topic 9)
Your network contains an Active Directory domain named contoso.com. The domain contains three Active Directory sites. The Active Directory sites are configured as shown in the following table.
The sites connect to each other by using the site links shown in the following table.
Site link name Connected sites
You need to design the Active Directory site topology to meet the following requirements:
. Ensure that all replication traffic between Site2 and Site3 replicates through Site1 if a domain controller in Site1 is available.
. Ensure that the domain controllers between Site2 and Site3 can replicate if all of the domain controllers in Site1 are unavailable.
What should you do?
A. Delete Link1.
B. Delete Link2.
C. Delete Link3.
D. Disable site link bridging.
E. Create one site link bridge.
F. Modify the cost of Link2.
G. Create one SMTP site link between Site2 and Site3.
H. Create one SMTP site link between Site1 and Site3. Create one SMTP site link between Site1 and Site2.
Answer: F
Q8. DRAG DROP - (Topic 7)
You need to implement a Hyper-V Recovery Manager solution in the hosting environment of Northwind Traders.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Topic 8, A.Datum Corporation
Overview
A. Datum Corporation is an accounting company.
The company has a main office and two branch offices. The main office is located in Miami.
The branch offices are located in New York and Seattle.
Existing Environment
Network Infrastructure
The network contains an Active Directory domain named adatum.com. All servers run Windows Server 2008 R2. The main office has the following servers and client computers:
Two domain controllers configured as DNS servers and DHCP servers
One file server that has multiples shares
One thousand client computers that run Windows 7
Each branch office has the following servers and client computers:
One domain controller configured as a DNS server and a DHCP server
Five hundred to 800 client computers that run Windows XP
Each office has multiple subnets. The network speed of the local area network (LAN) is 1 gigabit per second. The offices connect to each other by using a WAN link. The main office is connected to the Internet.
Current Issues
The WAN link between the Miami office and the Seattle office is a low bandwidth link with high latency. The link will not be replaced for another year.
Requirements
Application Requirements
The company is developing an application named App1. App1 is a multi-tier application that will be sold as a service to customers.
Each instance of App1 is comprised of the following three tiers:
A web front end
A middle tier that uses Windows Communication Foundation (WCF)
A Microsoft SQL Server 2008 R2 database on the back end
Each tier will be hosted on one or more virtual machines. Multiple tiers cannot coexist on the same virtual machine.
When customers purchase App1, they can select from one of the following service levels:
Standard: Uses a single instance of each virtual machine required by App1. If a virtual machine becomes unresponsive, the virtual machine must be restarted. Enterprise: Uses multiple instances of each virtual machine required by App1 to provide high-availability and fault tolerance.
All virtual hard disk (VHD) files for App1 will be stored in a file share. The VHDs must be available if a server fails.
You plan to deploy an application named App2. App2 is comprised of the following two tiers:
A web front end
A dedicated SQL Server 2008 R2 database on the back end
App2 will be hosted on a set of virtual machines in a Hyper-V cluster in the Miami office. The virtual machines will use dynamic IP addresses. A copy of the App2 virtual machines will be maintained in the Seattle office.
App2 will be used by users from a partner company named Trey Research. Trey Research has a single Active Directory domain named treyresearch.com. Treyresearch.com contains a server that has the Active Directory Federation Services server role and all of the Active Directory Federation Services (AD FS) role services installed.
Planned Changes
A. Datum plans to implement the following changes:
Replace all of the servers with new servers that run Windows Server 2012.
Implement a private cloud by using Microsoft System Center 2012 to host instances of App1.
In the Miami office, deploy four new Hyper-V hosts to the perimeter network.
In the Miami office, deploy two new Hyper-V hosts to the local network.
In the Seattle office, deploy two new Hyper-V hosts.
In the Miami office, implement a System Center 2012 Configuration Manager primary site that has all of the system roles installed.
Implement a public key infrastructure (PKI).
Notification Requirements
A. Datum identifies the following notification requirements:
Help desk tickets must be created and assigned automatically when an instance of App1 becomes unresponsive. Customers who select the Enterprise service level must receive an email notification each time a help desk ticket for their instance of App1 is opened or closed.
Technical Requirements
A. Datum identifies the following technical requirements:
Minimize costs whenever possible.
Minimize the amount of WAN traffic
Minimize the amount of administrative effort whenever possible.
Provide the fastest possible failover for the virtual machines hosting App2.
Ensure that administrators can view a consolidated report about the software updates in all of the offices.
Ensure that administrators in the Miami office can approve updates for the client computers in all of the offices.
Security Requirements
A. Datum identifies the following security requirements:
An offline root certification authority (CA) must be configured.
Client computers must be issued certificates by a server in their local office.
Changes to the CA configuration settings and the CA security settings must be logged.
Client computers must be able to renew certificates automatically over the Internet.
The number of permissions and privileges assigned to users must be minimized whenever possible.
. Users from a group named Group1 must be able to create new instances of App1 in the private cloud.
. Client computers must be issued new certificates when the computers are connected to the local network only.
. The virtual machines used to host App2 must use BitLocker Drive Encryption (BitLocker).
. Users from Trey Research must be able to access App2 by using their credentials from treyresearch.com.
Q9. - (Topic 3)
You need to recommend a remote access solution that meets the VPN requirements.
Which role service should you include in the recommendation?
A. Routing
B. Network Policy Server
C. DirectAccess and VPN (RAS)
D. Host Credential Authorization Protocol
Answer: B
Explanation:
D:\Documents and Settings\useralbo\Desktop\1.jpg
Updated: March 29, 2012 Applies To: Windows Server 2008 R2, Windows Server 2012 Network Policy Server Network Policy Server (NPS) allows you to create and enforce organization-wide network access policies for client health, connection request authentication, and connection request authorization. In addition, you can use NPS as a Remote Authentication Dial-In User Service (RADIUS) proxy to forward connection requests to a server running NPS or other RADIUS servers that you configure in remote RADIUS server groups. NPS allows you to centrally configure and manage network access authentication, authorization, are client health policies with the following three features: RADIUS server. NPS performs centralized authorization, authorization, and accounting for wireless, authenticating switch, remote access dial-up and virtual private network (VNP) connections. When you use NPS as a RADIUS server, you configure network access servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. You also configure network policies that NPS uses to authorize connection requests, and you can configure RADIUS accounting so that NPS logs accounting information to log files on the local hard disk or in a Microsoft SQL Server database. For more information, see RADIUS Server. http://technet.microsoft.com/en-us/library/cc732912.aspx
Q10. - (Topic 6)
You need to implement a solution for the email attachments.
Both organizations exchange root CA certificates and install the certificates in the relevant stores.
You duplicate the Enrollment Agent certificate template and generate a certificate based on the new template.
Which additional two actions should you perform? Each correct answer presents part of the solution.
A. Request cross-certification authority certificates.
B. Create Capolicy.inf files.
C. Request subordinate CA certificates.
D. Create Policy.inf files.
Answer: A,D
Q11. - (Topic 10)
Your company has an office in New York.
Many users connect to the office from home by using the Internet.
You deploy an Active Directory Certificate Services (AD CS) infrastructure that contains an enterprise certification authority (CA) named CA1. CA1 is only available from hosts on the internal network.
You need to ensure that the certificate revocation list (CRL) is available to all of the users.
What should you do? (Each correct answer presents part of the solution. Choose all that apply.)
A. Create a scheduled task that copies the CRL files to a Web server.
B. Run the Install-ADCSWebEnrollment cmdlet.
C. Run the Install-EnrollmentPolicyWebService cmdlet.
D. Deploy a Web server that is accessible from the Internet and the internal network.
E. Modify the location of the Authority Information Access (AIA).
F. Modify the location of the CRL distribution point (CDP).
Answer: A,D,F
Explanation:
CRLs will be located on Web servers which are Internet facing.
CRLs will be accessed using the HTTP retrieval protocol.
CRLs will be accessed using an external URL of http://dp1.pki.contoso.com/pki
F: To successfully authenticate an Internet Protocol over Secure Hypertext Transfer Protocol (IP-HTTPS)-based connection, DirectAccess clients must be able to check for certificate revocation of the secure sockets layer (SSL) certificate submitted by the DirectAccess server. To successfully perform intranet detection, DirectAccess clients must be able to check for certificate revocation of the SSL certificate submitted by the network
location server. This procedure describes how to do the following:
Create a Web-based certificate revocation list (CRL) distribution point using Internet
Information Services (IIS)
Configure permissions on the CRL distribution shared folder
Publish the CRL in the CRL distribution shared folder
Reference: Configure a CRL Distribution Point for Certificates
Q12. - (Topic 10)
Your network contains an Active Directory domain. The domain contains 10 file servers. The file servers connect to a Fibre Channel SAN. You plan to implement 20 Hyper-V hosts in a failover cluster.
The Hyper-V hosts will not have host bus adapters (HBAs).
You need to recommend a solution for the planned implementation that meets the following requirements:
. The virtual machines must support live migration.
. The virtual hard disks (VHDs) must be stored on the file servers.
Which two technologies achieve the goal? Each correct answer presents a complete solution.
A. Cluster Shared Volume (CSV)
B. An NFS share
C. Storage pools
D. SMB 3.0 shares
Answer: C,D
Q13. - (Topic 6)
You need to recommend changes to the virtual desktop infrastructure (VDI) environment.
What should you recommend?
A. Implement Hyper-V replication between VDI1 and VDI2.
B. Create new VDI virtual machines that are Generation 2 virtual machines.
C. Convert the existing VHDs to .vhdx format.
D. Move the VHDs to a Cluster Shared Volume (CSV) and implement Data Deduplication on the CSV.
Answer: D
Q14. - (Topic 10)
You have a System Center 2012 R2 Configuration Manager deployment.
All users have client computers that run Windows 8.1. The users log on to their client computer as standard users.
An application named App1 is deployed to the client computers by using System Center.
You need to recommend a solution to validate a registry key used by App1. If the registry key has an incorrect value, the value must be changed. The registry key must be validated every day. The solution must generate a report on non-compliant computers.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
A. Group Policy preferences
B. A desired configuration baseline
C. The Windows PowerShell Desired State Configuration (DSC) feature
D. The Microsoft Baseline Security Analyzer (MBSA)
Answer: B
Q15. - (Topic 9)
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate
network from the Internet, all of the traffic destined for the Internet must be routed through
the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets
the security policy requirement
Solution: You set the ISATAP State to state disabled.
Does this meet the goal?
A. Yes
B. No
Answer: B