Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 10)
Your network contains an Active Directory domain named contoso.com.
You currently have an intranet web site that is hosted by two Web servers named Web1 and Web2. Web1 and Web2 run Windows Server 2012.
Users use the name intranet.contoso.com to request the web site and use DNS round robin.
You plan to implement the Network Load Balancing (NLB) feature on Web1 and Web2.
You need to recommend changes to the DNS records for the planned implementation.
What should you recommend?
A. Create a service locator (SRV) record. Map the SRV record to Intranet.
B. Delete both host (A) records named Intranet. Create a pointer (PTR) record for each Web server.
C. Remove both host (A) records named Intranet. Create a new host (A) record named Intranet.
D. Delete both host (A) records named Intranet. Create two new alias (CNAME) records named Intranet. Map each CNAME record to a Web server name.
Answer: C
Q2. - (Topic 10)
Your network contains an Active Directory domain named contoso.com.
The corporate security policy states that when new user accounts, computer accounts, and contacts are added to an organizational unit (OU) named Secure, the addition must be audited.
You need to recommend an auditing solution to meet the security policy.
What should you include in the recommendation? (Each answer presents part of the solution. Choose all that apply.)
A. From the Default Domain Controllers Policy, enable the Audit directory services setting.
B. Create a new Group Policy object (GPO) that is linked to the Secure OU, and then modify the Audit directory services setting.
C. From the Secure OU, modify the Auditing settings.
D. From the Default Domain Controllers Policy, enable the Audit object access setting.
E. From the Secure OU, modify the Permissions settings.
F. Create a new Group Policy object (GPO) that is linked to the Secure OU, and then modify the Audit object access setting.
Answer: A,C
Explanation:
Creating a New Object: Resulting in multiple Event ID 5137 entries containing all attributes provided explicitly by the security principal that invoked the operation (but not those automatically generated by the system). Note that similar information also gets recorded if audit of User Account Management or Directory Service Access is enabled.
Q3. - (Topic 9)
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8.
The corporate security policy states that all of the client computers must have the latest
security updates installed.
You need to implement a solution to ensure that only the client computers that have all of
the required security updates installed can connect to VLAN 1. The solution must ensure
that all other client computers connect to VLAN 3.
Solution: You implement the VPN enforcement method.
Does this meet the goal?
A. Yes
B. No
Answer: B
Q4. - (Topic 9)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2008 R2. All domain controllers are installed on physical servers. The network contains several Hyper-V hosts.
The network contains a Microsoft System Center 2012 infrastructure.
You plan to use domain controller cloning to deploy several domain controllers that will run Windows Server 2012.
You need to recommend which changes must be made to the network infrastructure before you can use domain controller cloning.
What should you recommend?
A. Upgrade a global catalog server to Windows Server 2012. Deploy Virtual Machine Manager (VMM).
B. Upgrade a global catalog server to Windows Server 2012. Install the Windows Deployment Services server role on a server that runs Windows Server 2012.
C. Upgrade the domain controller that has the PDC emulator operations master role to Windows Server 2012. Deploy a Hyper-V host that runs Windows Server 2012.
D. Upgrade the domain controller that has the infrastructure master operations master role to Windows Server 2012. Install the Windows Deployment Services server role on a server that runs Windows Server 2012.
Answer: C
Q5. DRAG DROP - (Topic 9)
Your network contains an Active Directory forest named contoso.com.
Your company merges with another company that has an Active Directory forest named
litwareinc.com.
Each forest has one domain.
You establish a two-way forest trust between the forests.
The network contains three servers. The servers are configured as shown in the following table.
You confirm that the client computers in each forest can resolve the names of the client computers in both forests.
On dc1.litwareinc.com, you create a zone named GlobalNames.
You need to recommend changes in both forests to ensure that the users in both forests can resolve single-label names by using the GlobalNames zone in litwareinc.com.
Which changes should you recommend?
To answer, drag the appropriate configuration to the correct server in the answer area. Each configuration may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.
Answer:
Q6. - (Topic 2)
You run the Get-DNSServercmdlet on DC01 and receive the following output:
You need to recommend changes to DC01. Which attribute should you recommend modifying?
A. EnablePollutionProtection
B. isReadOnly
C. Locking Percent
D. ZoneType
Answer: C
Q7. - (Topic 9)
Your network contains an Active Directory domain. All servers run Windows Server 2012 R2.
The domain contains the servers shown in the following table.
You need to recommend which servers will benefit most from implementing data deduplication.
Which servers should you recommend?
A. Server1 and Server2
B. Server1 and Server3
C. Server1 and Server4
D. Server2 and Server3
E. Server2 and Server4
F. Server3 and Server4
Answer: D
Q8. DRAG DROP - (Topic 10)
Your network contains two servers named Server1 and Server2 that run Windows Server 2012.
Server1 has the iSCSI Target Server role service installed and is configured to have five iSCSI virtual disks.
You install the Multipath I/O (MPIO) feature on Server2.
From the MPIO snap-in, you add support for iSCSI devices.
You need to ensure that Server2 can connect to the five iSCSI disks. The solution must ensure that Server2 uses MPIO to access the disks.
Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area
and arrange them in the correct order.
Answer:
Q9. - (Topic 9)
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8.
The corporate security policy states that all of the client computers must have the latest security updates installed. You need to implement a solution to ensure that only the client computers that have all of
the required security updates installed can connect to VLAN 1. The solution must ensure
that all other client computers connect to VLAN 3.
Solution: You implement the IPsec enforcement method.
Does this meet the goal?
A. Yes
B. No
Answer: B
Q10. - (Topic 10)
Your network contains an Active Directory domain named contoso.com.
You plan to deploy an Active Directory Federation Services (AD FS) farm that will contain eight federation servers.
You need to identify which technology or technologies must be deployed on the network before you install the federation servers.
Which technology or technologies should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
A. Network Load Balancing (NLB)
B. Microsoft Forefront Identity Manager (FIM) 2010
C. The Windows Internal Database feature
D. Microsoft SQL Server 2012
E. The Windows Identity Foundation 3.5 feature
Answer: A,D
Explanation: Best practices for deploying a federation server farm We recommend the following best practices for deploying a federation server in a production environment:
* (A) Use NLB or some other form of clustering to allocate a single IP address for many federation server computers.
* (D) If the AD FS configuration database will be stored in a SQL database, avoid editing the SQL database from multiple federation servers at the same time.
* If you will be deploying multiple federation servers at the same time or you know that you
will be adding more servers to the farm over time, consider creating a server image of an existing federation server in the farm and then installing from that image when you need to create additional federation servers quickly.
* Reserve a static IP address for each federation server in the farm and, depending on your Domain Name System (DNS) configuration, insert an exclusion for each IP address in Dynamic Host Configuration Protocol (DHCP). Microsoft NLB technology requires that each server that participates in the NLB cluster be assigned a static IP address.
Reference: When to Create a Federation Server Farm
Q11. - (Topic 9)
Your network contains an Active Directory domain named contoso.com.
On several organizational units (OUs), an administrator named Admin1 plans to delegate control of custom tasks. You need to ensure that Admin1 can delegate a custom task named Task1 by using the Delegation of Control Wizard.
What should you do?
A. Add a new class to the Active Directory schema.
B. Configure a custom MMC console.
C. Modify the Delegwiz.inf file.
D. Configure a new authorization store by using Authorization Manager.
Answer: C
Explanation:
http://support.microsoft.com/kb/308404
Q12. - (Topic 10)
Your network contains four clusters. The clusters are configured as shown in the following table.
You manage all of the clusters by using Microsoft System Center 2012 Virtual Machine Manager (VMM). You plan to implement Dynamic Optimization for the virtual machines.
You need to recommend a configuration for the planned implementation.
What should you recommend?
A. Dynamic Optimization on Cluster2 and Cluster4 onlyVirtual machines that are balanced across the clusters
B. Dynamic Optimization on Cluster1 and Cluster2 onlyVirtual machines that are balanced across the nodes in the clusters
C. Dynamic Optimization on all of the clustersVirtual machines that are balanced across the nodes in the clusters
D. Dynamic Optimization on all of the clustersVirtual machines that are balanced across
the clusters
Answer: C
Q13. - (Topic 10)
Your network contains an internal network and a perimeter network. The internal network contains an Active Directory domain named contoso.com. All client computers in the perimeter network are part of a workgroup.
The internal network contains a Microsoft System Center 2012 infrastructure.
You plan to implement an update infrastructure to update the following:
Windows Server 2012
System Center 2012
Windows Server 2003
Microsoft SQL Server 2012
. Third-party virtualization hosts
. Microsoft SharePoint Server 2010
Another administrator recommends implementing a single WSUS server to manage all of the updates. You need to identify which updates can be applied by using the recommended deployment of WSUS.
What should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
A. SQL Server 2012
B. System Center 2012
C. SharePoint Server 2010
D. Windows Server 2012
E. Third-party virtualization hosts
F. Windows Server 2003
Answer: A,B,C,D,F
Explanation: Windows Sharepoint Services updates are released in the Operating System product category, so if you are running WSS on Windows Server 2008 R2, and have the OS synchronized, they should already be synchronized and detected. Microsoft Office Sharepoint Server updates are released in the Office product category associated with the release version. (E.g. MOSS 2007 updates will be found in the Office 2007 product category.
http://social.technet.microsoft.com/Forums/da/winserverwsus/thread/b6d908a9-6fce-43e6-88b2-d38a5d8e029e
Q14. HOTSPOT - (Topic 9)
Your network contains an Active Directory forest named northwindtraders.com.
The client computers in the finance department run either Windows 8.1, Windows 8, or Windows 7. All of the client computers in the marketing department run Windows 8.1.
You need to design a Network Access Protection (NAP) solution for northwindtraders.com that meets the following requirements:
. The client computers in the finance department that run Windows 7 must have a firewall enabled and the antivirus software must be up-to-date.
. The finance computers that run Windows 8.1 or Windows 8 must have automatic updating enabled and the antivirus software must be up-to-date.
. The client computers in the marketing department must have automatic updating enabled and the antivirus software must be up-to-date.
. If a computer fails to meet its requirements, the computers must be provided access to a limited set of resources on the network.
. If a computer meets its requirements, the computer must have full access to the network.
What is the minimum number of objects that you should create to meet the requirements? To answer, select the appropriate number for each object type in the answer area.
Answer:
Q15. - (Topic 10)
Your network contains an Active Directory forest named contoso.com.
Your company works with a partner company that has an Active Directory forest named fabrikam.com. Both forests contain domain controllers that run only Windows Server 2012 R2.
The certification authority (CA) infrastructure of both companies is configured as shown in the following table.
You need to recommend a certificate solution that meets the following requirements:
. Server authentication certificates issued from fabrikam.com must be trusted automatically by the computers in contoso.com.
. The computers in contoso.com must not trust automatically any other type of certificates issued from the CA hierarchy in fabrikam.com.
What should you include in the recommendation?
A. Deploy a Group Policy object (GPO) that defines intermediate CAs. Import a certificate that has an application policy object identifier (OID) of CA Encryption Certificate.
B. Deploy a Group Policy object (GPO) that defines an enterprise trust. Import a certificate that has an application policy object identifier (OID) of Microsoft Trust List Signing.
C. Deploy a Group Policy object (GPO) that defines an enterprise trust. Import a certificate that has an application policy object identifier (OID) of CA Encryption Certificate.
D. Deploy a Group Policy object (GPO) that defines intermediate CAs. Import a certificate that has an application policy object identifier (OID) of Microsoft Trust List Signing.
Answer: B