Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 9)
Your network contains an Active Directory domain named contoso.com. The domain contains servers that run either Windows Server 2008 R2 or Windows Server 2012.
All client computers on the internal network are joined to the domain. Some users establish VPN connections to the network by using Windows computers that do not belong to the domain.
All client computers receive IP addresses by using DHCP.
You need to recommend a Network Access Protection (NAP) enforcement method to meet the following requirements:
Verify whether the client computers have up-to-date antivirus software.
Provides a warning to users who have virus definitions that are out-of-date.
Ensure that client computers that have out-of-date virus definitions can connect to
the network.
Which NAP enforcement method should you recommend?
A. DHCP
B. IPSec
C. VPN
D. 802.1x
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc733020(v=ws.10).aspx
NAP enforcement for DHCP
DHCP enforcement is deployed with a DHCP Network Access Protection (NAP) enforcement server component, a DHCP enforcement client component, and Network Policy Server (NPS).
Using DHCP enforcement, DHCP servers and NPS can enforce health policy when a computer attempts to lease or renew an IP version 4 (IPv4) address. However, if client computers are configured with a static IP address or are otherwise configured to circumvent the use of DHCP, this enforcement method is not effective.
Q2. - (Topic 9)
Your network contains an Active Directory forest named adatum.com. All domain controllers run Windows Server 2008 R2. The functional level of the domain and the forest is Windows Server 2008.
You deploy a new Active Directory forest named contoso.com. All domain controllers run Windows Server 2012 R2. The functional level of the domain and the forest is Windows Server 2012 R2.
You establish a two-way, forest trust between the forests. Both networks contain member servers that run either Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008.
You plan to use the Active Directory Migration Tool 3.2 (ADMT 3.2) to migrate user accounts from adatum.com to contoso.com. SID history will be used in contoso.com and passwords will be migrated by using a Password Export Server (PES).
You need to recommend which changes must be implemented to support the planned migration.
Which two changes should you recommend? Each correct answer presents part of the solution.
A. In the contoso.com forest, deploy a domain controller that runs Windows Server 2008 R2.
B. In the adatum.com forest, upgrade the functional level of the forest and the domain.
C. In the contoso.com forest, downgrade the functional level of the forest and the domain.
D. In the adatum.com forest, deploy a domain controller that runs Windows Server 2012 R2.
Answer: A,C
Q3. DRAG DROP - (Topic 10)
Your network contains servers that run Windows Server 2012. The network contains two servers named Server1 and Server2 that are connected to a SAS storage device. The device only supports two connected computers.
Server1 has the iSCSI Target Server role service installed. Ten application servers use their iSCSI Initiator to connect to virtual disks in the SAS storage device via iSCSI targets on Server1.
Currently, Server2 is used only to run backup software.
You install the iSCSI Target Server role service on Server2.
You need to ensure that the iSCSI targets are available if Server1 fails.
Which five actions should you perform?
To answer, move the five appropriate actions from the list of actions to the answer area
and arrange them in the correct order.
Answer:
Q4. - (Topic 5)
You need to recommend a solution that manages the security events. The solution must meet the technical requirements.
Which configuration should you include in the recommendation?
A. Object access auditing by using a Group Policy object (GPO)
B. Event rules by using System Center 2012 Operations Manager
C. Event forwarding by using Event Viewer
D. Audit Collection Services (ACS) by using System Center 2012
Answer: D
Q5. - (Topic 9)
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate
network from the Internet, all of the traffic destined for the Internet must be routed through
the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets
the security policy requirement
Solution: You set the ISATAP State to state disabled.
Does this meet the goal?
A. Yes
B. No
Answer: B
Q6. - (Topic 9)
Your company has a main office and a branch office. The main office contains 2,000 users. The branch office contains 800 users. Each office contains three IP subnets.
The company plans to deploy an Active Directory forest.
You need to recommend an Active Directory infrastructure to meet the following requirements:
. Ensure that the users are authenticated by using a domain controller in their respective office. . Minimize the amount of Active Directory replication traffic between the offices.
Which Active Directory infrastructure should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Two domains and one site
B. Two domains and two sites
C. One domain and two sites
D. One domain and six sites
Answer: B
Explanation:
To minimize the amount of replication traffic, create 2 sites. http://technet.microsoft.com/en-us/library/bb742457.aspx
Q7. - (Topic 9)
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8.
The corporate security policy states that all of the client computers must have the latest security updates installed.
You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.
Which Network Access Protection (NAP) enforcement method should you implement?
A. VPN
B. DHCP
C. IPsec
D. 802.1x
Answer: D
Explanation:
http://blogs.technet.com/b/wincat/archive/2008/08/19/network-access-protection-using-802-1x-vlan-s-orportacls-which-is-right-for-you.aspx The most common method of the list is 802.1x for a variety of reasons. First, the industry has been selling 802.1x network authentication for the last 10 years. 1x gained tremendous popularity as wireless networking became prevalent in the late 90's and early 2000's and has been proven to be a viable solution to identifying assets and users on your network. For customers that have invested in 802.1x capable switches and access points, NAP can very easily be implemented to complement what is already in place. The Network Policy Server (NPS) role Windows Server 2008 has been dramatically improved to make 802.1x policy creation much simpler to do.
Q8. HOTSPOT - (Topic 10)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. System Center 2012 R2 Virtual Machine Manager (VMM) is deployed to the domain.
In VMM, you create a host group named HostGroup1. You add a 16-node Hyper-V failover cluster to HostGroup1. From Windows PowerShell, you run the following commands:
Use the drop-down menus to select the answer choice that completes each statement.
Answer:
Q9. - (Topic 10)
Your network contains 500 client computers that run Windows 7 and a custom application named App1. App1 uses data stored in a shared folder.
You have a failover cluster named Cluster1 that contains two servers named Server1 and Server2.
Server1 and Server2 run Windows Server 2012 and are connected to an iSCSI Storage Area Network (SAN).
You plan to move the shared folder to Cluster1.
You need to recommend which cluster resource must be created to ensure that the shared folder can be accessed from Cluster1.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
A. The Generic Application cluster role
B. The DFS Namespace Server cluster role
C. The clustered File Server role of the File Server for general use type
D. The clustered File Server role of the File Server for scale-out application data type
Answer: C
Q10. - (Topic 10)
Your network contains an Active Directory domain named contoso.com. You deploy Active Directory Certificate Services (AD CS).
Your company, which is named Contoso, Ltd., has a partner company named Fabrikam, Inc. Fabrikam also deploys AD CS.
Contoso and Fabrikam plan to exchange signed and encrypted email messages.
You need to ensure that the client computers in both Contoso and Fabrikam trust each other's email certificates. The solution must prevent other certificates from being trusted and minimize administrative effort.
What should you do?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Implement an online responder in each company.
B. Exchange the root certification authority (CA) certificates of both companies, and then deploy the certificates to the Enterprise Trust store by using Group Policy objects (GPOs).
C. Implement cross-certification in each company.
D. Exchange the root certification authority (CA) certificates of both companies, and then deploy the certificates to the Trusted Root Certification Authorities store by using Group Policy objects (GPOs).
Answer: C
Q11. - (Topic 3)
You need to recommend changes to the Active Directory site topology to support on the company's planned changes.
What should you include in the recommendation?
A. A new site
B. A new site link bridge
C. A new site link
D. A new subnet
Answer: D
Explanation:
D:\Documents and Settings\useralbo\Desktop\1.jpg
Sites overview Sites in AD DS represent the physical structure, or topology, of your network. AD DS uses network topology information, which is stored in the directory as site, subnet, and site link objects, to build the most efficient replication topology. The replication topology itself consists of the set of connection objects that enable inbound replication from a source domain controller to the destination domain controller that stores the connection object. The Knowledge Consistency Checker (KCC) creates these connection objects automatically on each domain controller. http://technet.microsoft.com/en-us/library/cc754697.aspx
Q12. - (Topic 9)
Your company has a main office, ten regional datacenters. and 100 branch offices. You are designing the site topology for an Active Directory forest named contoso.com.
The forest will contain the following servers:
. In each regional datacenter and in the main office, a domain controller that runs Windows Server 2012 . In each branch office, a file server that runs Windows Server 2012
You have a shared folder that is accessed by using the path \\contoso.com\shares\software. The folder will be replicated to a local file server in each branch office by using Distributed File System (DFS) replication.
You need to recommend an Active Directory site design to meet the following requirements:
. Ensure that users in the branch offices will be authenticated by a domain controller in the closest regional datacenter.
. Ensure that users automatically connect to the closest file server when they access \\contoso.com\shares\software.
How many Active Directory sites should you recommend?
A. 1
B. 10
C. 11
D. 111
Answer: D
Q13. - (Topic 9)
Your network contains an Active Directory forest named contoso.com. The forest contains one domain.
Your company plans to open a new division named Division1. A group named Division1Admins will administer users and groups for Division1.
You identify the following requirements for Division1:
All Division1 users must have a complex password that is 14 characters.
Division1Admins must be able to manage the user accounts for Division1.
Division1Admins must be able to create groups, and then delete the groups that they create.
Division1Admins must be able to reset user passwords and force a password change at the next logon for all Division1 users.
You need to recommend changes to the forest to support the Division1 requirements.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
A. In the forest create a new organizational unit (OU) named Division1 and delegate permissions for the OU to the Division1Admins group. Move all of the Division1 user accounts to the new OU. Create a fine-grained password policy for the Division1 users.
B. Create a new child domain named divisionl.contoso.com. Move all of the Division1 user accounts to the new domain. Add the Division1Admin members to the Domain Admins group. Configure the password policy in a Group Policy object (GPO).
C. Create a new forest. Migrate all of the Division1 user objects to the new forest and add the Division1Admins members to the Enterprise Admins group. Configure the password policy in a Group Policy object (GPO).
D. In the forest create a new organizational unit (OU) named Division1 and add Division1Admins to the Managed By attribute of the new OU. Move the Division1 user objects to the new OU. Create a fine-grained password policy for the Division1 users.
Answer: A
Q14. - (Topic 5)
You need to recommend a solution that meets the technical requirements for DHCP.
What should you include in the recommendation for each office?
A. DHCP failover
B. Network Load Balancing (NLB)
C. DHCP server policies
D. IP Address Management (IPAM)
Answer: A
Q15. - (Topic 8)
You need to recommend which type of clustered file server and which type of file share must be used in the Hyper-V cluster that hosts App2. The solution must meet the technical requirements and the security requirements.
Solution: You recommend a scale-out file server that uses an SMB share.
Does this meet the goal?
A. Yes
B. No
Answer: A