Q31. - (Topic 10)
Your network contains an Active Directory domain named contoso.com.
You plan to deploy an Active Directory Federation Services (AD FS) farm that will contain eight federation servers.
You need to identify which technology or technologies must be deployed on the network before you install the federation servers.
Which technology or technologies should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
A. Network Load Balancing (NLB)
B. Microsoft Forefront Identity Manager (FIM) 2010
C. The Windows Internal Database feature
D. Microsoft SQL Server 2012
E. The Windows Identity Foundation 3.5 feature
Explanation: Best practices for deploying a federation server farm We recommend the following best practices for deploying a federation server in a production environment:
* (A) Use NLB or some other form of clustering to allocate a single IP address for many federation server computers.
* (D) If the AD FS configuration database will be stored in a SQL database, avoid editing the SQL database from multiple federation servers at the same time.
* If you will be deploying multiple federation servers at the same time or you know that you
will be adding more servers to the farm over time, consider creating a server image of an existing federation server in the farm and then installing from that image when you need to create additional federation servers quickly.
* Reserve a static IP address for each federation server in the farm and, depending on your Domain Name System (DNS) configuration, insert an exclusion for each IP address in Dynamic Host Configuration Protocol (DHCP). Microsoft NLB technology requires that each server that participates in the NLB cluster be assigned a static IP address.
Reference: When to Create a Federation Server Farm
Q32. - (Topic 10)
Your network contains an Active Directory domain named contoso.com. The domain contains a Microsoft System Center 2012 infrastructure.
All client computers have a custom application named App1 installed. App1 generates an Event ID 42 every time the application runs out of memory.
Users report that when App1 runs out of memory, their client computer runs slowly until they manually restart App1.
You need to recommend a solution that automatically restarts App1 when the application runs out of memory. The solution must use the least amount of administrative effort.
What should you include in the recommendation?
A. From Configurations Manager, create a desired configuration management baseline.
B. From Windows System Resource Manager, create a resource allocation policy.
C. From Event Viewer, attach a task to the event.
D. From Operations Manager, create an alert.
Q33. - (Topic 8)
You need to recommend which Certificate Services role service must be deployed to the perimeter network. The solution must meet the security requirements.
Which Certificate Services role services should you recommend?
A. Online Responder and Network Device Enrollment Service
B. Online Responder and Certificate Enrollment Web Service
C. Certificate Enrollment Web Service and Certificate Enrollment Policy Web Service
D. Certificate Enrollment Policy Web Service and Certification Authority Web Enrollment
Q34. - (Topic 10)
Your network contains multiple servers that run Windows Server 2012.
The network contains a Storage Area Network (SAN) that only supports Fibre Channel connections.
You have two failover clusters. The failover clusters are configured as shown in the following table.
Only the members of Cluster1 can connect to the SAN.
You plan to implement 15 highly available virtual machines on Cluster2. All of the virtual machines will be stored in a single shared folder.
You need to ensure that the VHD files of the virtual machines can be stored on the SAN.
What should you do? (Each correct answer presents a complete solution. Choose all that apply.)
A. From a node in Cluster2, create a Virtual Fibre Channel SAN.
B. From a node in Cluster1, create a Virtual Fibre Channel SAN.
C. From Cluster1, add the iSCSI Target Server cluster role.
D. From Cluster1, configure the clustered File Server role of the File Server for scale-out application data type.
* After the virtual machines are connected to the storage system using the virtual Fibre Channel components shared storage can be used by each VM, which enables Hyper-V guest clustering. Before the virtual Fibre Channel features were available, Hyper-V guest machines were limited to iSCSI connections to enable shared storage for guest clustering.
* A new feature in Windows Server 2012 Hyper-V is the ability to create a virtual Fibre Channel SAN. Each guest VM created on Windows Server 2012 includes a new option Add hardware Fibre Channel cards, which can be attributed to World Wide node names (WWNN) and select the virtual combine Virtual SAN Fibre Channel adapters.
Q35. - (Topic 3)
You need to recommend a remote access solution that meets the VPN requirements.
Which role service should you include in the recommendation?
B. Network Policy Server
C. DirectAccess and VPN (RAS)
D. Host Credential Authorization Protocol
D:\\Documents and Settings\\useralbo\\Desktop\\1.jpg
Updated: March 29, 2012 Applies To: Windows Server 2008 R2, Windows Server 2012 Network Policy Server Network Policy Server (NPS) allows you to create and enforce organization-wide network access policies for client health, connection request authentication, and connection request authorization. In addition, you can use NPS as a Remote Authentication Dial-In User Service (RADIUS) proxy to forward connection requests to a server running NPS or other RADIUS servers that you configure in remote RADIUS server groups. NPS allows you to centrally configure and manage network access authentication, authorization, are client health policies with the following three features: RADIUS server. NPS performs centralized authorization, authorization, and accounting for wireless, authenticating switch, remote access dial-up and virtual private network (VNP) connections. When you use NPS as a RADIUS server, you configure network access servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. You also configure network policies that NPS uses to authorize connection requests, and you can configure RADIUS accounting so that NPS logs accounting information to log files on the local hard disk or in a Microsoft SQL Server database. For more information, see RADIUS Server. http://technet.microsoft.com/en-us/library/cc732912.aspx
Q36. HOTSPOT - (Topic 9)
Your network contains an Active Directory domain named contoso.com.
The domain has a certification authority (CA). You create four certificate templates. The templates are configured as shown in the following table:
You install the Remote Access server role in the domain.
You need to configure DirectAccess to use one-time password (OTP) authentication.
What should you do? To answer, select the appropriate options in the answer area,
Q37. - (Topic 10)
Your network contains an Active Directory domain named contoso.com. The network has an Active Directory Certificate Services (AD CS) infrastructure.
You need to issue a certificate to users to meet the following requirements:
. Ensure that the users can encrypt files by using Encrypting File System (EFS).
. Ensure that all of the users reenroll for their certificate every six months.
Solution: From the properties of the Basic EFS template, you assign the Allow - Enroll permission to the Authenticated Users group.
Does this meet the goal?
Q38. DRAG DROP - (Topic 10)
Your network contains an Active Directory domain named contoso.com. The domain contains multiple servers that are configured as Hyper-V hosts.
You plan to implement four virtual machines. The virtual machines will be configured as shown in the following table.
You need to identify which network must be added to each virtual machine.
Which network types should you identify?
To answer, drag the appropriate Network Type to the correct virtual machine in the answer area. Each Network Type may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.
Q39. HOTSPOT - (Topic 7)
You need to recommend a configuration for the CA extensions of Northwind Traders that meets the certificate revocation requirement of Customer1.
What should you recommend? To answer, select the appropriate prefix of the target location for the each extension settings in the answer area.
Q40. - (Topic 9)
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Network Policy Server server role installed.
You configure Server1 as part of a Network Access Protection (NAP) solution that uses the
802.lx enforcement method,
You add a new switch to the network and you configure the switch to use 802.lx authentication.
You need to ensure that only compliant client computers can access network resources through the new switch.
What should you do on Server1?
A. Add the IP address of each new switch to a remediation server group.
B. Add the IP address of each new switch to the list of RADIUS clients.
C. Add the IP address of each new switch to a connection request policy as an Access Client IPv4 Address.
D. Add the IP address of each new switch to a remote RADIUS server group.