Q141. - (Topic 1)
You are planning the decommissioning of research.contoso.com.
You need to ensure that an administrator named Admin5 in the research department can manage the user accounts that are migrated to contoso.com. The solution must minimize the number of permissions assigned to Admin5.
What should you do before you migrate the user accounts?
A. Run the New-Object cmdlet, and then run the Add-ADPrincipalGroupMembershipcmdlet.
B. Create a new organizational unit (OU), and then add Admin5 to the Account Operators group.
C. Create a new organizational unit (OU), and then run the Delegation of Control Wizard.
D. Run the New-Object cmdlet, and then run the Add-ADCentralAccessPolicyMembercmdlet.
D:\\Documents and Settings\\useralbo\\Desktop\\1.jpg http://technet.microsoft.com/en-us/library/dd145344.aspx
Q142. HOTSPOT - (Topic 7)
You need to recommend changes to allow Customer1 to delegate permissions in its hosting environment to its users.
Where should you recommend performing each task? To answer, select the appropriate location for each task in the answer area.
Q143. DRAG DROP - (Topic 9)
Your network contains an Active Directory forest named contoso.com.
Your company merges with another company that has an Active Directory forest named
Each forest has one domain.
You establish a two-way forest trust between the forests.
The network contains three servers. The servers are configured as shown in the following table.
You confirm that the client computers in each forest can resolve the names of the client computers in both forests.
On dc1.litwareinc.com, you create a zone named GlobalNames.
You need to recommend changes in both forests to ensure that the users in both forests can resolve single-label names by using the GlobalNames zone in litwareinc.com.
Which changes should you recommend?
To answer, drag the appropriate configuration to the correct server in the answer area. Each configuration may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.
Q144. - (Topic 9)
Your company has three offices. The offices are located in New York, Chicago, and Atlanta.
The network contains an Active Directory domain named contoso.com that has three Active Directory sites named Site1, Site2,and Site3. The New York office is located in Site1. The Chicago office is located in Site2. The Atlanta office is located in Site3. There is a local IT staff to manage the servers in each site. The current domain controllers are configured as shown in the following table.
The company plans to open a fourth office in Montreal that will have a corresponding Active Directory site. Because of budget cuts, a local IT staff will not be established for the Montreal site.
The Montreal site has the following requirements:
. Users must be able to authenticate locally.
. Users must not have the ability to log on to the domain controllers.
. Domain account passwords must not be obtained from servers in the Montreal site.
. Network bandwidth between the Montreal site and the other sites must be minimized.
. Users in the Montreal office must have access to applications by using Remote Desktop Services (RDS).
You need to recommend a solution for the servers in the Montreal site.
What should you recommend?
A. Only install a domain controller in the Montreal site that has a Server Core installation of Windows Server 2012.
B. Install a read-only domain controller (RODC) in the New York site.
C. Install a read-only domain controller (RODC) in the Montreal site. Install a member server in the New York site to host additional server roles.
D. Install a domain controller in the Montreal site that has a Server Core installation of Windows Server 2012. Install a member server in the Montreal site to host additional server roles,
Q145. - (Topic 2)
You need to recommend a trust model.
What should you include in the recommendation?
A. A one-way, forest trust that has selective authentication.
B. A one-way, external trust
C. A two-way, external trust
D. A one-way, forest trust that has domain-wide authentication.
From case study:
Users in the Montreal office must only be allowed to access shares that are located on
File01 and File02. The Montreal users must be prevented from accessing any other servers
in the proseware.com forest regardless of the permissions on the resources.
Q146. - (Topic 3)
You need to recommend a solution that meets the security requirements.
Which schema attribute properties should you recommend modifying?
D:\\Documents and Settings\\useralbo\\Desktop\\1.jpg
Applies To: Windows Server 2008, Windows Server 2012 This topic includes procedures for adding an attribute to the filtered attribute set (FAS) for a readonly domain controller (RODC) and marking the attribute as confidential data. You can perform these procedures to exclude specific data from replicating to RODCs in the forest. Because the data is not replicated to any RODCs, you can be assured that the data will not be revealed to an attacker who manages to successfully compromise an RODC. In most cases, adding an attribute to the RODC FAS is completed by the developer of the application that added the attribute to the schema.
. Determine and then modify the current searchFlags value of an attribute
. Verify that an attribute is added to the RODC FAS
-Determine and then modify the current searchFlags value of an attribute To add an attribute to an RODC FAS, you must first determine the current searchFlags value of the attribute that you want to add, and then set the following values for searchflags:
. To add the attribute to the RODC FAS, set the 10th bit to 0x200.
. To mark the attribute as confidential, set the 7th bit to 0x080. http://technet.microsoft.com/en-us/library/cc754794(v=ws.10).aspx
Q147. - (Topic 10)
Your network contains a Hyper-V host named Host1. Host1 hosts 25 virtual machines. All of the virtual machines are configured to start automatically when Host1 restarts. You discover that some of the virtual machines fail to start automatically when Host1
restarts and require an administrator to start them manually.
You need to modify the settings of the virtual machines to ensure that they automatically
restart when Host1 restarts.
Which settings should you modify?
A. Maximum RAM
B. Minimum RAM
C. Memory weight
D. Startup RAM
Q148. - (Topic 9)
Your network contains an Active Directory domain named contoso.com. The physical
topology of the network is configured as shown in the exhibit.
Each office contains 500 employees.
You plan to deploy several domain controllers to each office.
You need to recommend a site topology for the planned deployment.
What should you include in the recommendation?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Five sites and one site link
B. Three sites and three site links
C. One site
D. Five sites and three site links
http://technet.microsoft.com/en-us/library/cc960573.aspx Create a site for each LAN, or set of LANs, that are connected by a high speed backbone, and assign the site a name. Connectivity within the site must be reliable and always available. This would mean 5 sites Site links are transitive, so if site A is connected to site B, and site B is connected to site C, then the KCC assumes that domain controllers in site A can communicate with domain controllers in site C. You only need to create a site link between site A and site C if there is in fact a distinct network connection between those two sites. This would mean 3 sitelinks So answer is "Five sites and three site links"
Q149. - (Topic 5)
You need to recommend a solution that manages the security events. The solution must meet the technical requirements.
Which configuration should you include in the recommendation?
A. Object access auditing by using a Group Policy object (GPO)
B. Event rules by using System Center 2012 Operations Manager
C. Event forwarding by using Event Viewer
D. Audit Collection Services (ACS) by using System Center 2012
Q150. - (Topic 9)
Your network contains an Active Directory forest. The forest contains a single domain. The forest has five Active Directory sites. Each site is associated to two subnets.
You add a site named Site6 that contains two domain controllers. Site6 is associated to one subnet.
You need to verify whether replication to the domain controllers in Site6 completes successfully.
Which two possible commands can you use to achieve the goal? Each correct answer presents a complete solution.
C. repadmin /showattr
E. repadmin /showrepl