Q1. DRAG DROP - (Topic 10) 

Your network contains an Active Directory domain named contoso.com. The domain contains four servers named Server1, Server2, Server3 and Server4 that run Windows Server 2012. 

Server1 and Server2 are configured as file servers and are part of a failover cluster named Cluster1. Server3 and Server4 have Microsoft SQL Server 2012 installed and are part of a failover cluster named Cluster2. 

You add a disk named Disk1 to the nodes in Cluster1. Disk1 will be used to store the data files and log files used by SQL Server 2012. 

You need to configure the environment so that access to Disk1 remains available when a node on Cluster1 fails over or fails back. 

Which three actions should you perform? 

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order. 

Answer: 


Q2. - (Topic 10) 

Your network contains an Active Directory domain named contoso.com. 

Your company has an enterprise root certification authority (CA) named CA1. 

You plan to deploy Active Directory Federation Services (AD FS) to a server named Server1. 

The company purchases a Microsoft Office 365 subscription. 

You plan to register the company's SMTP domain for Office 365 and to configure single sign-on for all users. 

You need to identify which certificate or certificates are required for the planned deployment. 

Which certificate or certificates should you identify? (Each correct answer presents a complete solution. Choose all that apply.) 

A. a server authentication certificate that is issued by a trusted third-party root CA and that contains the subject name serverl.contoso.com 

B. a server authentication certificate that is issued by CA1 and that contains the subject name Server1 

C. a server authentication certificate that is issued by a trusted third-party root CA and that contains the subject name Server1 

D. a server authentication certificate that is issued by CA1 and that contains the subject name serverl.contoso.com 

E. self-signed server authentication certificates for server1.contoso.com 

Answer:


Q3. - (Topic 10) 

Your network contains an Active Directory domain named contoso.com. 

The corporate security policy states that when new user accounts, computer accounts, and contacts are added to an organizational unit (OU) named Secure, the addition must be audited. 

You need to recommend an auditing solution to meet the security policy. 

What should you include in the recommendation? (Each answer presents part of the solution. Choose all that apply.) 

A. From the Default Domain Controllers Policy, enable the Audit directory services setting. 

B. Create a new Group Policy object (GPO) that is linked to the Secure OU, and then modify the Audit directory services setting. 

C. From the Secure OU, modify the Auditing settings. 

D. From the Default Domain Controllers Policy, enable the Audit object access setting. 

E. From the Secure OU, modify the Permissions settings. 

F. Create a new Group Policy object (GPO) that is linked to the Secure OU, and then modify the Audit object access setting. 

Answer: A,C 

Explanation: 

Creating a New Object: Resulting in multiple Event ID 5137 entries containing all attributes provided explicitly by the security principal that invoked the operation (but not those automatically generated by the system). Note that similar information also gets recorded if audit of User Account Management or Directory Service Access is enabled. 


Q4. DRAG DROP - (Topic 9) 

Your company plans to deploy a remote access solution to meet the following requirements: 

. Ensure that client computers that are connected to the Internet can be managed remotely without requiring that the user log on. 

. Ensure that client computers that run Windows Vista or earlier can connect remotely. 

. Ensure that non-domain-joined computers can connect remotely by using TCP port 443. 

You need to identify which remote access solutions meet the requirements. 

Which solutions should you identify? 

To answer, drag the appropriate solution to the correct requirement in the answer area. Each solution may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content. 

Answer: 


Q5. DRAG DROP - (Topic 10) 

Your network contains an Active Directory domain named contoso.com. The domain contains multiple servers that are configured as Hyper-V hosts. 

You plan to implement four virtual machines. The virtual machines will be configured as shown in the following table. 

You need to identify which network must be added to each virtual machine. 

Which network types should you identify? 

To answer, drag the appropriate Network Type to the correct virtual machine in the answer area. Each Network Type may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content. 

Answer: 


Q6. - (Topic 8) 

You are evaluating the deployment of a multi-site Hyper-V failover cluster in the Miami office and the Seattle office to host App2. 

You need to identify which changes must be made to support the use of the multi-site cluster. 

Which changes should you identify? 

A. Configure all of the virtual machines to use dynamic memory. Implement Distributed File System (DFS) Replication and store the virtual machine files in a replicated folder. 

B. Implement Distributed File System (DFS) Replication and store the virtual machine files in a replicated folder. Upgrade the WAN link between the Miami and Seattle offices. 

C. Purchase a storage solution that replicates the virtual machines. Configure all of the virtual machines to use dynamic memory. 

D. Upgrade the WAN link between the Miami and Seattle offices. Purchase a storage solution that replicates the virtual machines. 

Answer:


Q7. - (Topic 9) 

Your network contains an Active Directory domain named contoso.com. The domain contains servers that run either Windows Server 2008 R2 or Windows Server 2012. 

All client computers on the internal network are joined to the domain. Some users establish VPN connections to the network by using Windows computers that do not belong to the domain. 

All client computers receive IP addresses by using DHCP. 

You need to recommend a Network Access Protection (NAP) enforcement method to meet the following requirements: 

Verify whether the client computers have up-to-date antivirus software. 

Provides a warning to users who have virus definitions that are out-of-date. 

Ensure that client computers that have out-of-date virus definitions can connect to 

the network. 

Which NAP enforcement method should you recommend? 

A. DHCP 

B. IPSec 

C. VPN 

D. 802.1x 

Answer:

Explanation: 

http://technet.microsoft.com/en-us/library/cc733020(v=ws.10).aspx 

NAP enforcement for DHCP 

DHCP enforcement is deployed with a DHCP Network Access Protection (NAP) enforcement server component, a DHCP enforcement client component, and Network Policy Server (NPS). 

Using DHCP enforcement, DHCP servers and NPS can enforce health policy when a computer attempts to lease or renew an IP version 4 (IPv4) address. However, if client computers are configured with a static IP address or are otherwise configured to circumvent the use of DHCP, this enforcement method is not effective. 


Q8. - (Topic 9) 

Your company has two main offices and 10 branch offices. Each office is configured as a separate Active Directory site. 

The main offices sites are named Site1 and Site2. Each office connects to Site1 and Site2 by using a WAN link. Each site contains a domain controller that runs Windows Server 2008. 

You are redesigning the Active Directory infrastructure. 

You plan to implement domain controllers that run Windows Server 2012 and decommission all of the domain controllers that run Windows Server 2008. 

You need to recommend a placement plan for the Windows Server 2012 domain controllers to meet the following requirements: 

. Ensure that users can log on to the domain if a domain controller or a WAN link fails. . Minimize the number of domain controllers implemented. 

What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.) 

A. Read-only domain controllers (RODCs) in the branch office sites 

B. A writable domain controller in Site1 

C. A writable domain controller in Site2 

D. Writable domain controllers in the branch office sites 

Answer: B,C,D 


Q9. - (Topic 6) 

You need to recommend changes to the existing environment to meet the email requirement. 

What should you recommend? 

A. Implement a two-way forest trust that has selective authentication. 

B. Implement qualified subordination. 

C. Deploy the FabrikamCA root certificate to all of the client computers. 

D. Deploy a user certificate from FabrikamCA to all of the users. 

Answer:

Topic 7, Northwind Traders (B) 

Overview 

Northwind Traders is an IT services and hosting provider. 

Northwind Traders has two main data centers in North America. The data centers are located in the same city. The data centers connect to each other by using high-bandwidth, low-latency WAN links. Each data center connects directly to the Internet. 

Northwind Traders also has a remote office in Asia that connects to both of the North American data centers by using a WAN link. The Asian office has 30 multipurpose servers. 

Each North American data center contains two separate network segments. One network segment is used to host the internal servers of Northwind Traders. The other network segment is used for the hosted customer environments. 

Existing Environment 

Active Directory 

The network contains an Active Directory forest named northwindtraders.com. The forest contains a single domain. All servers run Windows Server 2012 R2. 

Server Environment 

The network has the following technologies deployed: 

Service Provider Foundation 

Windows Azure Pack for Windows Server 

System Center 2012 R2 Virtual Machine Manager (VMM) 

An Active Directory Rights Management Services (AD RMS) cluster 

An Active Directory Certificate Services (AD CS) enterprise certification authority (CA) 

All newly deployed servers will include the following components: 

Dual 10-GbE Remote Direct Memory Access (RDMA)-capable network adapters 

Dual 1-GbE network adapters 

128 GB of RAM 

Requirements 

Business Goals 

Northwind Traders will provide hosting services to two customers named Customer1 and Customer2. The network of each customer is configured as shown in the following table. 

Planned Changes 

Northwind Traders plans to implement the following changes: 

Deploy System Center 2012 R2 Operations Manager. 

Deploy Windows Server 2012 R2 iSCSI and SMB-based storage. 

Implement Hyper-V Recovery Manager to protect virtual machines. 

Deploy a certificate revocation list (CRL) distribution point (CDP) on the internal network. 

For Customer 1, install server authentication certificates issued by the CA of Northwind Traders on the virtual machine in the hosting networks. 

General Requirements 

Northwind Traders identifies the following requirements: 

Storage traffic must use dedicated adapters. 

All storage and network traffic must be load balanced. 

The amount of network traffic between the internal network and the hosting network must be minimized. 

The publication of CRLs to CDPs must be automatic. 

Each customer must use dedicated Hyper-V hosts. 

Administrative effort must be minimized, whenever possible. 

All servers and networks must be monitored by using Operations Manager. 

Anonymous access to internal file shares from the hosting network must be prohibited. 

All Hyper-V hosts must use Cluster Shared Volume (CSV) shared storage to host virtual machines. 

All Hyper-V storage and network traffic must remain available if single network adapter fails. 

The Hyper-V hosts connected to the SMB-based storage must be able to make use of the RDMA technology. 

The number of servers and ports in the hosting environment to which the customer 

has access must be minimized. 

Customer1 Requirements 

Northwind Traders identifies the following requirements for Customer1: 

. Customer1 must use SMB-based storage exclusively. 

. Customer1 must use App Controller to manage hosted virtual machines. 

. The virtual machines of Customer1 must be recoverable if a single data center fails. 

. Customer1 must be able to delegate self-service roles in its hosted environment to its users. 

. Customer1 must be able to check for the revocation of certificates issued by the CA of Northwind Traders. 

. The users of Customer1 must be able to obtain use licenses for documents protected by the AD RMS of Northwind Traders. 

. Certificates issued to the virtual machines of Customer1 that reside on the hosted networks must be renewed automatically. 

Customer2 Requirements 

Northwind Traders identifies the following requirements for Customer2: 

. Customer2 must use iSCSI-based storage exclusively. 

. All of the virtual machines of Customer2 must be migrated by using a SAN transfer. 

. None of the metadata from the virtual machines of Customer2 must be stored in Windows Azure. 

. The network configuration of the Hyper-V hosts for Customer2 must be controlled by using logical switches. 

. The only VMM network port profiles and classifications allowed by Customer2 must be low-bandwidth, medium-bandwidth, or high-bandwidth. 

. The users at Northwind Traders must be able to obtain use licenses for documents protected by the AD RMS cluster of Customer2. Customer2 plans to decommission its AD RMS cluster during the next year. 


Q10. - (Topic 10) 

Your company has a main office and a branch office. Each office contains several hundred computers that run Windows 2012. 

You plan to deploy two Windows Server Update Services (WSUS) servers. The WSUS servers will be configured as shown in the following table. 

You need to implement the WSUS infrastructure to meet the following requirements: 

. All updates must be approved from a server in the main office. 

. All client computers must connect to a WSUS server in their local office. 

What should you do? (Each correct answer presents part of the solution. Choose all that apply. 

A. Deploy a Group Policy object (GPO) that has the update location set to Server1. 

B. On Server2, configure WSUS in Replica mode. 

C. On Server1, configure WSUS in Replica mode. 

D. On Server2, configure WSUS in Autonomous mode. 

E. Deploy a Group Policy object (GPO) that has the update location set to Server2. 

F. On Server1, configure WSUS in Autonomous mode. 

Answer: A,B,E,F