Your company has a main office and a branch office.
Each office contains several hundred computers that run Windows 2012.
You plan to deploy two Windows Server Update Services (WSUS) servers.
The WSUS servers will be configured as shown in the following table.
You need to implement the WSUS infrastructure to meet the following requirements:
- All updates must be approved from a server in the main office.
- All client computers must connect to a WSUS server in their local office.
What should you do? (Each correct answer presents part of the solution. Choose all that apply.)
A. Deploy a Group Policy object (GPO) that has the update location set to Server1.
B. On Server2, configure WSUS in Replica mode.
C. On Server1, configure WSUS in Replica mode.
D. On Server2, configure WSUS in Autonomous mode.
E. Deploy a Group Policy object (GPO) that has the update location set to Server2.
F. On Server1, configure WSUS in Autonomous mode.
Correct Answer: ABE
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
Explanation:
We simply need to configure the downsteam server (server 2) as a replica server, and the use the GPO in
the branch office to point the local branch clients to Server2 for updates.
We also need to have a GPO in the main office to point the main office clients to Server 1 for updates.
We do not need Autonomous mode - Autonomous mode will allow the Upstream server (server1) to share
updates with the downstream server (server2) but it will NOT allow it to share update approval status. The
requirement specifies that all updates must be approved on server 1.
http://technet.microsoft.com/en-us/library/cc720448(v=ws.10).aspx
QUESTION 28
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System center 2012 infrastructure.
The domain contains the computers configured as shown in the following table.
You need to implement a monitoring solution that gathers the security logs from all of the
computers in the domain.
Which monitoring solution should you implement? More than one answer choice may achieve the goal.
Select the BEST answer.
A. Data Collector Sets (DCSs)
B. Event subscriptions
C. Desired Configuration Management in Configuration Manager
D. Audit Collection Services (ACS) in Operations Manager
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
Explanation:
QUESTION 29
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System Center 2012 infrastructure.
All client computers have a custom application named App1 installed.
App1 generates an Event ID 42 every time the application runs out of memory.
Users report that when App1 runs out of memory, their client computer runs slowly until they manually
restart App1.
You need to recommend a solution that automatically restarts App1 when the application runs out
of memory.
What should you include in the recommendation?
A. From Configurations Manager, create a desired configuration management baseline,
B. From Operations Manager, create an alert.
C. From Windows System Resource Manager, create a resource allocation policy.
D. From Event Viewer, attach a task to the event.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Explanation:
QUESTION 30
Your company has a human resources department and a finance department.
You are planning an administrative model for both departments to meet the following requirements:
- Provide human resources managers with the ability to view the audit logs for
the files of their department.
- Ensure that only domain administrators can view the audit logs for the files
of the finance department.
You need to recommend a solution for the deployment of file servers for both departments.
What should you recommend? More than one answer choice may achieve the goal. Select the BEST
answer.
A. Deploy two file servers. Add the human resources managers to the local Administrators group on one
of the servers.
B. Deploy two file servers. Add the human resources managers to the local Event Log Readers group on
one of the servers.
C. Deploy one file server. Add the human resources managers to the local Administrators group.
D. Deploy one file server. Add the human resources managers to the local Event Log Readers group.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 31
Your network contains a Microsoft System Center 2012 infrastructure.
You use Virtual Machine Manager (VMM) to manage 20 Hyper-V hosts.
You deploy a Windows Server Update Services (WSUS) server.
You need to automate the remediation of non-compliant Hyper-V hosts.
The solution must minimize the amount of time that virtual machines are unavailable.
What should you do first?
A. Install the WSUS Administration console on the VMM server, and then add the WSUS server to the
fabric.
B. Configure the Hyper-V hosts to download Windows updates from the WSUS server by using a Group
Policy object (GPO).
C. Configure the Hyper-V hosts to download Windows updates from the VMM server by using a Group
Policy object (GPO).
D. Install the Virtual Machine Manager console on the WSUS server, and then add the WSUS server to
the fabric.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
http://es.calameo.com/read/00194520942e7d03de414
http://technet.microsoft.com/es-es/library/gg675084.aspx
VMM requires the 64-bit version of Windows Server Update Service (WSUS) 3.0 Service Pack 2 (SP2).
The WSUS server can be installed on the VMM management server or on a remote server.
If you installed the WSUS server on a remote server:
Install a WSUS Administration Console on the VMM management server.
QUESTION 32
Your network contains an internal network and a perimeter network.
The internal network contains an Active Directory domain named contoso.com.
All client computers in the perimeter network are part of a workgroup.
The internal network contains a Microsoft System Center 2012 infrastructure.
You plan to implement an update infrastructure to update the following:
- Windows Server 2012
- System Center 2012
- Windows Server 2003
- Microsoft SQL Server 2012
- Third-party visualization hosts
- Microsoft SharePoint Server 2010
Another administrator recommends implementing a single WSUS server to manage all of the updates.
You need to identify which updates can be applied by using the recommended deployment of
WSUS.
What should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
A. Third-party virtualization hosts
B. System Center 2012
C. Windows Server 2012
D. SharePoint Server 2010
E. Windows Server 2003
F. SQL Server 2012
Correct Answer: BCDEF
Section: [none]
Explanation
Explanation/Reference:
Explanation:
All Windows Products can be updated by WSUS.
Windows Sharepoint Services updates are released in the Operating System product category, so if you
are running WSS on Windows Server 2008 R2, and have the OS synchronized, they should already be
synchronized and detected.
Microsoft Office Sharepoint Server updates are released in the Office product category associated with the
release version. (E.g. MOSS 2007 updates will be found in the Office 2007 product category.)
http://social.technet.microsoft.com/Forums/da/winserverwsus/thread/b6d908a9-6fce-43e6-88b2-
d38a5d8e029e
QUESTION 33
Your network contains an Active Directory domain named contoso.com.
You plan to implement Microsoft System Center 2012.
You need to identify which solution automates the membership of security groups for
contoso.com.
The solution must use workflows that provide administrators with the ability to approve the addition of
members to the security groups.
Which System Center 2012 roles should you identify?
A. Service Manager and Virtual Machine Manager (VMM)
B. Configuration Manager and Orchestrator
C. Operations Manager and Orchestrator
D. Orchestrator and Service Manager
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
Service Manager is an automated helpdesk solution when combined with one or two of the other SC2012
features (see below); contains self-service portal.
Service Manager uses Workflows; which are a sequence of activities that automate a business process.
When an Alert is imported into Service Manager, it sits there as an “Event” which can then be
MANAGED by an Administrator, or delegated, or Administrated etc!!!
Orchestrator as we know, is used to AUTOMATE things.
In this case, we use Orchestrator to automate the addition of members to security groups, and the Service
Manager Workflows to allow the administrators to approve the additions before implementing them
Here: We do not need to monitor anything, so we don't need Operations Manager. We do need
WORKFLOWS, which is provided by Service Manager along with the ability to allow an Event to sit in
Service Manager and wait for Administrator Interaction.
GOLDEN RULE for answering these types of question:
1. Orchestrator - AUTOMATES Things!
2. Service Manager - WORKFLOWS, Client-Portals, Allows event to be managed by Administrators!
3. Operations Manager - MONITORS, Creates Alerts, Creates Reports!
recommend an auditing solution to meet
http://www.microsoftvirtualacademy.com/tracks/system-center-2012-orchestrator-service-manager
QUESTION 34
Your network contains 10 servers that run Windows Server 2012.
The servers have the Hyper-V server role installed.
The servers host a Virtual Desktop Infrastructure (VDI) that contains persistent virtual machines.
Each virtual machine is assigned to a specific user.
Users can install software on their specific virtual machine.
You need to implement a solution to generate monthly reports that contain a list of all the installed
software on the virtual machines.
The solution must NOT require the installation of additional software on the virtual machines.
Which solution should you implement?
A. A Microsoft System Center 2012 Configuration Manager software inventory
B. A Microsoft System Center 2012 Configuration Manager hardware inventory
C. Microsoft Assessment and Planning (MAP) Toolkit scans
D. Microsoft Audit Collection Services (ACS) audit logs
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
There is nothing to indicate that we have a a subscription to System Center, so we cannot use A or B
anyway.
C is correct, the Microsoft Assessment and Planning (MAP) Toolkit is an agentless inventory, assessment,
and reporting tool.
Map can be scheduled to scan the machines and generate the desired report.
QUESTION 35
Your network contains 20 servers that run Windows Server 2012.
The servers have the Hyper-V server role installed.
You plan to deploy a management solution.
You need to recommend which Microsoft System Center 2012 roles must be deployed to meet the
following requirements:
- An administrator must be notified when an incident occurs, such as a serious error in the event log, on a
Hyper-V host, or on a virtual machine.
- An administrator must be able to assign an incident to a specific administrator for resolution.
- An incident that remains unresolved for more than 10 hours must be escalated automatically to another
administrator.
- Administrators must be able to generate reports that contain the details of incidents and escalations.
Which System Center 2012 roles should you recommend? More than one answer choice may achieve the
goal. Select the BEST answer.
A. Operations Manager and Service Manager
B. Service Manager and Virtual Machine Manager (VMM)
C. Configuration Manager and Service Manager
D. Operations Manager and Orchestrator
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Operations Manager – This is a MONITORING tool, it monitors things, but it ALSO can create ALERTS.
Operations Manager Alerts are basically Events that are triggered by a predefined action (for example, you
can create an Alert that is triggered whenever App1 crashes).
SCOM Alerts can then be exported from Operations Manager by a “connector” which will then import them
into a different SC2012 feature such as:
Service Manager – When an Alert is imported into Service Manager, it sits there as an “Event” which can
then be MANAGED by an Administrator, or delegated, or Administrated etc.
OR
Orchestrator – When an Alert is imported into Orchestrator, an Orchestrator Runbook can be employed to
automate a task that is triggered by the Alert. For example, we can configure Orchestrator to automatically
restart App1 whenever a specific App1 crash Alert is sent to it.
Here, criteria 1 and 4 are met by Operations Manager, while criteria 2 and 3 are met by Service Manager.
GOLDEN RULE for answering these types of question:
1. Orchestrator - AUTOMATES Things!
2. Service Manager - WORKFLOWS, Client-Portals, Allows event to be managed by Administrators!
3. Operations Manager - MONITORS, Creates Alerts, Creates Reports!
QUESTION 36
Your network contains an Active Directory domain named contoso.com.
The domain contains a Hyper-V host named Server1.
Server1 has an offline virtual machine named VM1 that is stored on a virtual hard disk named VMl.vhd.
You plan to implement multiple virtual machines that have the same configurations as VM1.
You need to recommend a virtual hard disk solution for the planned implementation.
The solution must meet the following requirements:
- Minimize the amount of time required to create the new virtual machines.
- Minimize the amount of storage space required on Server1.
What should you include in the recommendation?
A. Differencing VHD disks
B. Dynamically expanding VHD disks
C. Dynamically expanding VHDX disks
D. Differencing VHDX disks
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
A Differencing VHD is a pretty nifty tool to use. Basically what happens is, there is a Parent VHD
(VM1.vhd) in this case. All new Differencing Disks are based off of a reference of the Parent Disk's
configuration. So each new Differencing VHD is tiny in size, because it merely references the Parent Disk
in order to boot etc, and then all changes are written to the Differencing VHD (not the Parent). This means
multiple Differencing VHDs can utilize one Parent VHD, but they all take very little storage because they
only save information that is unique to them.
For example, If I install iTunes on a VM that is using a Differencing Disk, that modification will ONLY be
present on the Differencing disk.
This conserves space, and because the new Differencing VHDs are so small in size, they are quick to
create.
This meets both requirements.
QUESTION 37
Your network contains the following:
- 20 Hyper-V hosts
- 100 virtual machines
- 2,000 client computers
You need to recommend an update infrastructure design to meet the following requirements:
- Deploy updates to of the all virtual machines and the client computers from a
single console.
- Generate reports that contain a list of the applied updates.
What should you recommend? More than one answer choice may achieve the goal. Select the BEST
answer.
A. One Windows Server update Services (WSUS) server integrated with Microsoft System Center 2012
Configuration Manager and a second WSUS server that is integrated with Microsoft System Center
2012 Virtual Machine Manager (VMM)
B. One Windows Server Update Services (WSUS) server integrated with Microsoft System Center 2012
Configuration Manager and Microsoft System Center 2012 Virtual Machine Manager (VMM)
C. One Windows Server Update Services (WSUS) server integrated with Microsoft System Center 2012
Virtual Machine Manager (VMM)
D. One Windows Server Update Services (WSUS) server integrated with Microsoft System Center 2012
Configuration Manager, a second WSUS server integrated with Microsoft System Center 2012 Virtual
Machine Manager (VMM), and a third standalone WSUS server.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
The Windows Server Update Services (WSUS) can be integrated into the System Center 2012
Configuration Manager. The Virtual Machine Manager 2012 supports using a WSUS server that is part of a
Configuration Manager environment. After the Windows Server Update Services were integrated into
Virtual Machine Manager, can be viewed status information about the VMM console and configuration
changes are made.
QUESTION 38
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System Center 2012 infrastructure.
You deploy a service named Service1 by using a service template.
Service1 contains two virtual machines.
The virtual machines are configured as shown in the following table.
You need to recommend a monitoring solution to ensure that an administrator can review the
availability information of Service1.
What should you do?
A. From Configuration Manager, create a Collection and a Desired Configuration Management baseline.
B. From Virtual Machine Manager (VMM), modify the properties of the service template.
C. From Operations Manager, create a Distributed Application and a Monitor Override.
D. From Operations Manager, create a Distributed Application and a Service Level Tracking object.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
Explanation:
QUESTION 39
Your company has three main offices named Main1, Main2, and Main3.
The network contains an Active Directory domain named contoso.com.
Each office contains a help desk group.
You plan to deploy Microsoft System Center 2012 Configuration Manager to meet the following
requirements:
- The members of the Domain Admins group must be able to manage all of the Configuration Manager
settings.
- The help desk groups must be able to manage only the client computers in their respective office by
using Configuration Manager.
You need to recommend a Configuration Manager infrastructure to meet the requirements.
Which infrastructure should you recommend? More than one answer choice may achieve the goal. Select
the BEST answer.
A. One site that contains a collection for each office
B. Three sites that each contain one collection
C. Three sites that contain one collection for each office
D. One site that contains one collection
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Collections specify the user and computer resources that an administrative user can view or
manage.
As they said, there is more than one correct answer, but BEST PRACTICE would be to create only one
Site with 3 collections to delegate the permissions and scope of permissions.
Updated: June 18, 2015
Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager
SP1,
System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System
Center 2012 R2 Configuration Manager SP1
Microsoft System Center 2012 Configuration Manager provides a comprehensive solution for change and
configuration management. Configuration Manager lets you perform tasks such as the following:
Deploy operating systems, software applications, and software updates.
Monitor and remediate computers for compliance settings.
Monitor hardware and software inventory.
Remotely administer computers.
QUESTION 40
Your network contains a data center named DataCenter1 that contains multiple servers.
The servers are configured as Hyper-V hosts.
Your company deploys a disaster recovery site.
The disaster recovery site has a dedicated connection to DataCenter1.
The network is connected to the disaster recovery site by using a dedicated link.
DataCenter1 contains 10 business critical virtual machines that run a line-of-business application named
Appl.
You need to recommend a business continuity solution to ensure that users can connect to App1
within two hours if DataCenter1 fails.
What should you include in the recommendation? More than one answer choice may achieve the goal.
Select the BEST answer.
A. From Microsoft System Center 2012 Virtual Machine Manager (VMM), implement live migration on the
virtual machines.
B. From Hyper-V Manager, create snapshots of the virtual machines.
C. From Microsoft System Center 2012 Data Protection Manager, implement a protection group.
D. From Hyper-V Manager, implement Hyper-V replicas.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
QUESTION 41
Your network contains an Active Directory domain named contoso.com.
The domain contains several domain controllers.
The domain controllers run either Windows Server 2012 or Windows Server 2008 R2.
The domain functional level is Windows Server 2008 R2.The forest functional level is Windows Server
2008.
The corporate compliance policy states that all items deleted from Active Directory must be recoverable
from a Recycle Bin.
You need to recommend changes to the current environment to meet the compliance policy.
Which changes should you recommend? (Each correct answer presents part of the solution. Choose all
that apply.)
A. Raise the forest functional level to Windows Server 2008 R2.
B. Run the Enable-ADOptionalFeature cmdlet.
C. Run the New-ADObject cmdlet.
D. Run the Set-Server cmdlet
E. Raise the domain functional level to Windows Server 2012.
Correct Answer: AB
Section: [none]
Explanation
Explanation/Reference:
Explanation:
You can enable Active Directory Recycle Bin only if the forest functional level of your environment is set to
Windows Server 2008 R2.
B: Enabling Active Directory Recycle Bin
After the forest functional level of your environment is set to Windows Server 2008 R2, you can enable
Active Directory Recycle Bin by using the following methods:
- Enable-ADOptionalFeature Active Directory module cmdlet (This is the recommended method.)
- Ldp.exe
Note: By default, Active Directory Recycle Bin in Windows Server 2008 R2 is disabled.
Reference: Enable Active Directory Recycle Bin
QUESTION 42
Your company has a main office and a branch office.
You plan to implement a failover cluster named Cluster1 to host an application named Appl.
The data of App1 will replicate to all of the nodes in Cluster1.
Cluster1 will contain two servers.
The servers will be configured as shown in the following table.
The cluster nodes will not use shared storage.
The branch office contains two file servers named Server3 and Server4.
You need to ensure that App1 fails over automatically to another server if a single node in Cluster1
fails.
What should you do? More than one answer choice may achieve the goal. Select the BEST answer.
A. Add Server1, Server2, and Server3 to a Network Load Balancing (NLB) cluster.
B. Add Server3 as a file share witness for Cluster1.
C. Add Server3 and Server4 to a new failover cluster named Cluster2. Install App1 on Cluster2.
D. Add Server3 as a node in Cluster1.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Notes:
We have a two-node cluster. We can either use a quorum disk, a witness file share, or an additional node
to still maintain a majority for the operation of the cluster in case of failure of a single node. A witness file
share on a "witness location" is compared with an additional node in the branch office, the better Solution.
QUESTION 43
Your network contains the following roles and applications:
- Microsoft SQL Server 2012
- Distributed File System (DFS) Replication
- Active Directory Domain Services (AD DS)
- Active Directory Rights Management Services (AD RMS)
- Active Directory Lightweight Directory Services (AD LDS)
You plan to deploy Active Directory Federation Services (AD FS).
You need to identify which deployed services or applications can be used as attribute stores for
the planned AD FS deployment.
What should you identify? (Each correct answer presents a complete solution. Choose all that apply.)
A. DFS
B. AD RMS
C. Microsoft SQL Server 2012
D. AD LDS
E. AD DS
Correct Answer: CDE
Section: [none]
Explanation
Explanation/Reference:
Explanation:
QUESTION 44
Your network contains an Active Directory domain named contoso.com.
The network contains 15,000 client computers.
You plan to deploy an Active Directory Certificate Services (AD CS) infrastructure and issue certificates to
all of the network devices.
You need to recommend a solution to minimize the amount of network utilization caused by
certificate revocation list (CRL) checking.
What should you include in the recommendation? More than one answer choice may achieve the goal.
Select the BEST answer.
A. The Network Device Enrollment Service role service
B. An increase of the CRL validity period
C. A reduction of the CRL validity period
D. The Online Responder role service
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
Explanation:
QUESTION 45
Your network contains an Active Directory domain named contoso.com.
You deploy Active Directory Certificate Services (AD CS).
You plan to deploy 100 external Web servers that will be publicly accessible and will require Secure
Sockets Layer (SSL) certificates.
You also plan to deploy 50,000 certificates for secure email exchanges with Internet-based recipients.
You need to recommend a certificate services solution for the planned deployment.
What should you recommend? More than one answer choice may achieve the goal. Select the BEST
answer.
A. Deploy a certification authority (CA) that is subordinate to an external root CA.
B. Purchase 50,100 certificates from a trusted third-party root certification authority (CA).
C. Distribute a copy of the root certification authority (CA) certificate to external relying parties.
D. Instruct each user to request a Secure Email certificate from a trusted third-party root CA, and then
purchase 100 Web server certificates.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
A Subordinate CA can be used to issue certificates for specific uses such as; secure email, webbased
authentication and smart card authentication.
Subordinate CAs can be subordinate to either a internal or external Root CA.
B is absolute nonsense, there is no need to purchase 50000 certificates. If you do purchase a certificate
ever, you simply purchase ONE and issue it to clients at will.
For this same reason, D is also not applicable.
C could be applicable, except that this is not a Certification Trust scenrio between our business and a
Relying party who has their own CA infrastructure. We do not yet have a way to issue certificates safely to
the Internet-Based Clients, therefore we need to Deploy a Subordinate CA.
QUESTION 46
Your network contains an Active Directory domain named contoso.com.
The network has an Active Directory Certificate Services (AD CS) infrastructure.
You need to issue a certificate to users to meet the following requirements:
- Ensure that the users can encrypt files by using Encrypting File System
(EFS).
- Ensure that all of the users reenroll for their certificate every six months.
What should you do first?
A. From the properties of the User certificate template, assign the Allow -Enroll permission to the
Authenticated
Users group.
B. From the properties of the Basic EFS template, assign the Allow -Enroll permission to the
Authenticated
Users group.
C. Create a copy of the User certificate template, and then modify the extensions of the copy.
D. Create a copy of the Basic EFS certificate template, and then modify the validity period of the copy.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
Explanation:
QUESTION 47
Your network contains an Active Directory domain named contoso.com.
The network has an Active Directory Certificate Services (AD CS) infrastructure.
You deploy Active Directory Rights Management Services (AD RMS) on the network.
You provide several users on the network with the ability to protect content by using AD RMS.
You need to recommend a solution to provide the members of a group named Audit with the ability
to read and modify all of the AD RMS-protected content.
What should you recommend?
A. Issue a CEP Encryption certificate to the members of the Audit group.
B. Issue a key recovery agent certificate to the members of the Audit group.
C. Add the Audit group as a member of the super users group.
D. Add the Audit group as a member of the Domain Admins group.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
A - Not Applicable.
B - Not Applicable - KRA allows allows a user to decrypt users’ archived private keys, but not to retrieve
them from the database.
C - Correct - Super Users Group in AD RMS can Decrypt AD RMS-Protected Content, and modify it.
D - Not Applicable - You don;t just go around handing out Admin Rights to people for any small reason!
QUESTION 48
Your network contains an Active Directory domain named contoso.com.
The network contains a perimeter network.
The perimeter network and the internal network are separated by a firewall.
On the perimeter network, you deploy a server named Server1 that runs Windows Server 2012.
You deploy Active Directory Certificate Services (AD CS).
Each user is issued a smart card. Users report that when they work remotely, they are unable to renew
their smart card certificate.
You need to recommend a solution to ensure that the users can renew their smart card certificate
from the Internet.
What should you recommend implementing on Server1? More than one answer choice may achieve the
goal. Select the BEST answer.
A. The Certification Authority Web Enrollment role service and the Online Responder role service
B. The Active Directory Federation Services server role
C. The Certificate Enrollment Policy Web Service role service and the Certificate Enrollment Web Service
role service
D. An additional certification authority (CA) and the Online Responder role service
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
Explanation:
QUESTION 49
Your company, which is named Contoso, Ltd., has offices only in North America.
The company has 2,000 users.
The network contains an Active Directory domain named contoso.com.
You plan to deploy an Active Directory Certificate Services (AD CS) infrastructure and assign certificates to
all client computers.
You need to recommend a PKI solution to protect the private key of the root certification authority
(CA) from being accessed by external users.
What should you recommend? More than one answer choice may achieve the goal. Select the BEST
answer.
A. An offline standalone root CA and an online enterprise issuing CA
B. An online enterprise root CA and an online enterprise issuing CA
C. An offline standalone root CA and an offline enterprise issuing CA
D. An online enterprise root CA, an online enterprise policy CA, and an online enterprise issuing CA
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
Explanation:
Notes:
The Public Key Infrastructure Public Key Infrastructure (PKI) supported by Microsoft a hierarchical
Certification Authority model. A certification hierarchy provides scalability, ease of use and consistency
with the growing number of commercial and other certification bodies. In its simplest form, a certification
hierarchy consists of a single certification body. In general, however, a hierarchy contains multiple CAs
with clearly defined relations between parent and child CAs. In this model, the subordinate CAs are
certified by the documents issued by the respective parent CA certificates, through which the public key of
a certification body will be bound to the identity. The uppermost certification body in a hierarchy is referred
to as root certification authority. The CAs below the root CAs are called subordinate CAs. If a root
certification authority in Windows XP and the Windows Server 2003 family as trustworthy considered
(because the associated certificate is stored in the certificate store Trusted Root Certification Authorities),
are all subordinate CAs in the hierarchy than trustworthy classified, unless the certificate of a subordinate
CA has been banned by the issuing CA or has expired. Root Certification Authorities provide extremely
important trust points in an organization is and should be protected and managed in accordance with. To
protect safety reasons and to the certification body from possible attacks by unauthorized persons on the
network, can be used as root of the certification hierarchy a standalone CA are used that the postcertification
Issuing CA goes offline. In order to use the possibilities of certificate auto-enrollment within the
domain environment, the issuing CA type companies should be.
http://technet.microsoft.com/en-us/library/cc737481(v=ws.10).aspx
QUESTION 50
Your network contains an Active Directory domain.
The domain contains a site named Site1.
All of the client computers in Site1 use static IPv4 addresses on a single subnet.
Site1 contains a Storage Area Network (SAN) device and two servers named Server1 and Server2 that run
Windows Server 2012.
You plan to implement a DHCP infrastructure that will contain Server1 and Server2.
The infrastructure will contain several IP address reservations.
You need to recommend a solution for the DHCP infrastructure to ensure that clients can receive IP
addresses from a DHCP server if either Server1 or Server2 fails.
What should you recommend? (Each correct answer is a complete solution. Choose all that apply.)
A. Configure all of the client computers to use IPv6 addresses, and then configure Server1 and Server2 to
run DHCP in stateless mode.
B. Configure Server1 and Server2 as members of a failover cluster, and then configure DHCP as a
clustered resource.
C. Configure a DHCP failover relationship that contains Server1 and Server2.
D. Create a scope for each server, and then configure each scope to contain half of the IP addresses.
Correct Answer: BC
Section: [none]
Explanation
Explanation/Reference:
// 30/11/2015 checked
certbase notes:
We can either use the Failover Clustering for the role DHCP server, the new DHCP failover or a shared
address space configured to compensate for the failure of a single DHCP server. A shared address space,
however, does not support the proposed IP address reservations. In addition, the number of available IP
addresses is reduced if a server fails to half.
QUESTION 51
Your network contains two servers named Server1 and Server2 that run Windows Server 2012.
Server1 and Server2 are connected to a Fibre Channel Storage Area Network (SAN).
Server1 and Server2 are members of a failover cluster named Cluster1.
You plan to host the clustered File Server role on the nodes in Cluster1.
Cluster1 will store application databases in shared folders.
You need to implement a storage solution for Cluster1.
The solution must minimize the amount of time the shared folders are unavailable during a failover.
What should you implement? More than one answer choice may achieve the goal. Select the BEST
answer.
A. An iSCSI Target Server cluster role in Cluster1
B. The Multi Path I/O (MPIO) feature on Server1 and Server2
C. A Virtual Fibre Channel SAN on Server1 and Server2
D. A Cluster Shared Volume (CSV) in Cluster1
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
This allows a PHYSICAL cluster to connect to a SAN or Fibre-Channel SAN and use the SAN to host
shared storage for the cluster. This will minimize downtime during failover because both Server 1 and
Server 2 will have red-and-write access to the SAN simultaneously. Both nodes can failover quickly
because they do not need to dismount or remount their VHDs as they share the same storage.
Not C - Virtual Fibre Channel SAN doesn't even apply here as our nodes are physical servers.
Not A - iSCSI Target Server Role will only allow clients or other servers to access the SAN through Servers
1 and 2.
Not B - Not Applicable Here.
Explanation:
http://technet.microsoft.com/en-us/library/jj612868.aspx
QUESTION 52
Your network contains a Microsoft System Center 2012 Virtual Machine Manager (VMM) infrastructure.
You plan to provide self-service users with the ability to create virtual machines that run Windows Server
2012 and have the following configurations:
- 8 GB of memory
- The File Server server role
- Windows Internal Database
- A local Administrator password set to 'P@$$w0rd''
You have a VHD that contains a generalized version of Windows Server 2012.
You need to ensure that the self-service users can provision virtual machines that are based on the
VHD.
What should you create? (Each correct answer presents part of the solution. Choose all that apply.)
A. A Hardware Profile
B. An Application Profile
C. An Application Host Profile
D. A VM Template
E. A Guest OS Profile
Correct Answer: ADE
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
Explanation:
http://technet.microsoft.com/en-us/library/hh368987.aspx
QUESTION 53
Your network contains a Hyper-V cluster named Cluster1.
You install Microsoft System Center 2012 Virtual Machine Manager (VMM).
You create a user account for another administrator named User1.
You plan to provide User1 with the ability to manage only the virtual machines that User1 creates.
You need to identify what must be created before you delegate the required permissions.
What should you identify?
A. A cloud
B. A service template
C. A host group
D. A Delegated Administrator
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
Explanation:
VMM uses "Host Groups" in the same way ADDS uses OUs (Organizational Units) to delegate
permissions and scope.
http://technet.microsoft.com/en-us/library/gg610645.aspx
You can assign host groups to the Delegated Administrator and the Read-Only Administrator user roles to
scope the user roles to specific host groups.
Members of these user roles can view and manage the fabric resources that are assigned to them at the
host group level.
You can create a private cloud from resources in host groups.
When you create a private cloud, you select which host groups will be part of the private cloud.
You can then allocate all or some of the resources from the selected host groups to the private cloud.
QUESTION 54
Your network contains four servers,
The servers are configured as shown in the following table.
You manage all of the servers and all of the clusters by using Microsoft System Center 2012 Virtual
Machine Manager (VMM).
You plan to implement Dynamic Optimization for the virtual machines.
You need to recommend a configuration for the planned implementation.
What should you recommend?
A. Dynamic Optimization on Cluster3 and Cluster4 only
Virtual machines that are balanced across the clusters
B. Dynamic Optimization on all of the clusters
Virtual machines that are balanced across the nodes in the clusters
C. Dynamic Optimization on all of the clusters
Virtual machines that are balanced across the clusters
D. Dynamic Optimization on Cluster1 and Cluster2 only
Virtual machines that are balanced across the nodes in the clusters
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Dynamic Optimization is compatible with Xen & VMware Servers.
So here we can implement Dynamic Otimization on ALL clusters. Dynamic Optimization will not
balance nodes between clusters though.
QUESTION 55
Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2012 R2.
The network contains a System Center 2012 R2 Data Protection Manager (DPM) deployment.
The domain contains six servers.
The servers are configured as shown in the following table.
You install System Center 2012 R2 Virtual Machine Manager (VMM) on the nodes in Cluster2.
You configure VMM to use a database in Cluster1. Server5 is the first node in the cluster.
You need to back up the VMM encryption key.
What should you back up?
A. a system state backup of Server2
B. a full system backup of Server6
C. a system state backup of Server5
D. a full system backup of Server3
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Encryption keys in Active Directory Domain Services: If distributed key management (DKM) is configured,
then you are storing VMM-related encryption keys in Active Directory Domain Services (AD DS). To back
up these keys, back up Active Directory on a regular basis.
https://technet.microsoft.com/en-us/library/dn768227.aspx#BKMK_b_misc
QUESTION 56
Your network contains an Active Directory domain named contoso.com. The network contains two servers
named Server1 and Server2.
You deploy Active Directory Certificate Services (AD CS). The certification authority (CA) is configured as
shown in the exhibit. (Click the Exhibit button).
You need to ensure that you can issue certificates based on certificate templates.
What should you do?
A. Configure Server2 as a standalone subordinate CA.
B. On Server1, install the Network Device Enrollment service role service.
C. Configure Server2 as an enterprise subordinate CA.
D. On Server1, run the Add-CATemplate cmdlet.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
The Add-CATemplate cmdlet adds a certificate template to the CA for issuing. Certificate templates allow
for the customization of a certificate that can be issued by the CA.
Example: Adds a CA template with the template display name Basic EFS and the template name EFS.
Windows PowerShell
C:\PS>Add-CATemplate -Name EFS
QUESTION 57
Your network contains an Active Directory domain named contoso.com. The domain contains four servers
on a test network.
The servers are configured as shown in the following table.
Server1 uses the storage shown in the following table.
You perform the following tasks:
- On Server2, you create an advanced SMB share named Share2A and an
applications SMB share named Share2B.
- On Server3, you create an advanced SMB share named Share3.
- On Server4, you create an applications SMB share named Share4.
You add Server3 and Server4 to a new failover cluster named Clus1. On Clus1, you configure the File
Server for general use role, you create a quick SMB share named Share5A, and then you create an
applications SMB share named Share5B.
You plan to create a failover cluster of two virtual machines hosted on Server1. The clustered
virtual machines will use shared .vhdx files. You need to recommend a location to store the shared
.vhdx files.
Where should you recommend placing the virtual hard disk (VHD)?
A. \\Clus1\Share5A
B. \\Server2\Share2A
C. \\Server4\Share4
D. the D drive on Server1
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
vhdx files can be housed on a continuously-available SMB share on a Windows Storage Server 2012 R2
failover cluster.
QUESTION 58
A company has data centers in Seattle and New York. A high-speed link connects the data centers. Each
data center runs a virtualization infrastructure that uses Hyper-V Server 2012 and Hyper-V Server 2012
R2.
Administrative users from the Seattle and New York offices are members of Active Directory Domain
Services groups named SeattleAdmins and NewYorkAdmins, respectively.
You deploy one System Center Virtual Machine Manager (SCVMM) in the Seattle data center. You create
two private clouds named SeattleCloud and NewYorkCloud in the Seattle and New York data centers,
respectively.
You have the following requirements:
- Administrators from each data center must be able to manage the virtual
machines and services from their location by using a web portal.
- Administrators must not apply new resource quotas or change resource quotas.
- You must manage public clouds by using the existing SCVMM server.
- You must use the minimum permissions required to perform the administrative
tasks.
You need to configure the environment.
What should you do?
A. For both the Seattle and New York admin groups, create a User Role and assign it to the Application
Administrator profile. Add the Seattle and New York private clouds to the corresponding User Role.
B. For both the Seattle and New York admin groups, create a User Role and assign it to the Tennant
Administrator profile. Add the Seattle and New York private clouds to the corresponding User Role.
C. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of each Hyper-V host
in Seattle and New York, respectively.
D. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of the SCVMM server.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Members of the Application Administrator (Self-Service User) ole can create, deploy, and manage their
own virtual machines and services by using the VMM console or a Web portal.
QUESTION 59
You have a small Hyper-V cluster built on two hosts that run Windows Server 2012 R2 Hyper-V.
You manage the virtual infrastructure by using System Center Virtual Machine Manager 2012. Distributed
Key Management is not installed.
You have the following servers in the environment:
You have the following requirements:
- You must back up virtual machines at the host level.
- You must be able to back up virtual machines that are configured for live
migration.
- You must be able to restore the entire VMM infrastructure.
You need to design and implement the backup plan.
What should you do?
A. Run the following Windows PowerShell command:
Get-VM VMM1 | Checkpoint-VM-SnapshotName "VMM backup"
B. Run the following Windows PowerShell command:
Set-DPMGlobalProperty-DPMServerName DPM1-KnownVMMServers VMM1
C. Configure System State Backup for DCL.
D. Configure backup for all disk volumes on FILESERVER1
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Explanation:
DPM can protect Hyper-V virtual machines V during live migration.
Connect servers--Run the the Set-DPMGlobalProperty PowerShell command to connect all the servers
that are running Hyper-V to all the DPM servers.
The cmdlet accepts multiple DPM server names.
Set-DPMGlobalProperty -dpmservername <dpmservername> -knownvmmservers <vmmservername>
https://technet.microsoft.com/en-us/library/jj656643.aspx
QUESTION 60
Your network contains the following roles and applications:
● Web Server (IIS)
● File and Storage Services
● Microsoft SQL Server 2008 R2
● Active Directory Domain Services(AD DS)
● Active Directory Certificate Services(AD CS)
You plan to deploy Active Directory Federation Services (AD FS).
You need to identify which deployed services or applications can be used as attribute stores for the
planned AD FS deployment.
What should you identify? (Each correct answer presents a complete solution. Choose all that apply.)
A. Microsoft SQL Server 2008 R2
B. AD DS
C. File and Storage Services
D. IIS
E. AD CS
Correct Answer: AB
Section: [none]
Explanation
Explanation/Reference:
http://www.certifychat.com/70-414-a/404-identify-deployed-services-applications-attribute.html
QUESTION 61
Your network contains two servers that run Windows Server 2012.
The servers are members of a failover cluster.
Each server has 32 GB of RAM and has the Hyper-V server role installed.
Each server hosts three highly available virtual machines.
All of the virtual machines have an application named App1 installed.
Each of the virtual machines is configured to have 4 GB of memory.
During regular business hours, the virtual machines use less than 2 GB of memory.
Each night, App1 truncates its logs and uses almost 4 GB of memory.
You plan to add another three virtual machines to each host.
The new virtual machines will run the same load as the existing virtual machines.
You need to ensure that all of the virtual machines can run on one of the Hyper-V hosts if a single
host fails.
What should you do?
A. From the properties of each Hyper-V host, modify the Allow virtual machines to span NUMA nodes.
B. From the properties of each virtual machine, modify the NUMA Configuration -Maximum amount of
memory setting.
C. From the properties of each virtual machine, modify the Smart Paging File Location.
D. From the properties of each virtual machine, modify the Dynamic Memory settings.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
certbase notes:
We need to ensure that all 12 virtual machines can run in an emergency on a Hyper-V host. The memory
that is allocated to the VMs currently (12 x 4 GB = 48 GB), but exceeds the physically existing memory of
a single host. The problem can be solved by the configuration of the dynamic memory allocation:
Explanation:
QUESTION 62
Your network contains an Active Directory domain.
The domain contains 10 file servers.
The file servers connect to a Fibre Channel SAN.
You plan to implement 20 Hyper-V hosts in a failover cluster.
The Hyper-V hosts will not have host bus adapters (HBAs).
You need to recommend a solution for the planned implementation that meets the following
requirements:
- The virtual machines must support live migration.
- The virtual hard disks (VHDs) must be stored on the file servers.
Which two technologies achieve the goal? Each correct answer presents a complete solution.
A. Cluster Shared Volume (CSV)
B. An NFS share
C. Storage pools
D. SMB 3.0 shares
Correct Answer: CD
Section: [none]
Explanation
Explanation/Reference:
Cluster-Shared Volumes require Host-Bus Adapter (HBA) hardware to be installed on the Physical NIC, so
it cannot be implemented here.
Answer:
Scale-Out File Server:
These are active-active File Servers, which means data can be accessed off of multiple File Server Cluster
Nodes simultaneously using the "Continuous Availability" feature in SMB 3.0 - be advised, SMB 3.0 cannot
be accessed by clients running Windows 7 or older!
To meet the requirements, we can create a storage pool from the file servers (who will run the Scale-Out
File Server Role, using continuous avialability) and then configure them to host an SMB 3.0 share for the
VHDs of the Virtual Machines.
To create an SMB 3.0 Share Across Multiple File Server:
SMB Transparent Failover has the following requirements:
A failover cluster running Windows Server 2012 with at least two nodes.
File Server role is installed on all cluster nodes.
Clustered file server configured with one or more file shares created with the continuously available
property. This is the default setting.
SMB client computers running the Windows 8 client or Windows Server 2012.
http://blogs.technet.com/b/clausjor/archive/2012/06/07/smb-transparent-failover-making-file-sharescontinuously-
available.aspx
QUESTION 63
Your network contains an Active Directory domain named contoso.com.
The domain contains four servers on a test network.
The servers are configured as shown in the following table.
Server1 uses the storage shown in the following table.
You perform the following tasks:
- On Server2F you create an advanced SMB share named Share2A and an
applications SMB share named Share2B.
- On Server3, you create an advanced SMB share named Share3.
- On Server4, you create an applications SMB share named Share4.
You add Server3 and Server4 to a new failover cluster named Clus1.
On Clus1, you configure the File Server for general use role, you create a quick SMB share named
Share5A, and then you create an applications SMB share named Share5B.
You plan to create a failover cluster of two virtual machines hosted on Server1.
The clustered virtual machines will use shared .vhdx files.
You need to recommend a location to store the shared .vhdx files.
Where should you recommend placing the virtual hard disk (VHD)?
A. \\Server3\Share3
B. \\Server2\Share2B
C. \\Clus1\Share5B
D. \\Server4\Share4
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
C is the correct answer. It has to be on an application smb share because its vhdx and you would want it
protected on a cluster.
QUESTION 64
Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2012 R2.
The network contains a System Center 2012 R2 Data Protection Manager (DPM) deployment.
The domain contains six servers.
The servers are configured as shown in the following table.
You install System Center 2012 R2 Virtual Machine Manager (VMM) on the nodes in Cluster2.
You configure VMM to use a database in Cluster1. Server5 is the first node in the cluster.
You need to back up the VMM encryption key.
What should you back up?
A. A full system backup of Server1
B. A full system backup of Server3
C. A backup of the Windows\DigitalLocker folder on Server5
D. A backup of the Windows\DigitalLocker folder on Server1
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
The VMM Encryption key is stored on the VMM server by default. But for Highly Available VMM setups
(when VMM is running in a CLUSTER) the Encryption key is stored in Active Directory.
To back up the encryption key we perform a full system Backup of AD.
QUESTION 65
You have a Windows Server 2012 R2 failover cluster that contains four nodes.
The cluster has Dynamic Optimization enabled.
You deploy three highly available virtual machines to the cluster by using System Center 2012 R2 Virtual
Machine Manager (VMM).
You need to prevent Dynamic Optimization from placing any of the three virtual machines in the
same node.
What should you do?
A. From the Virtual Machine Manager console, modify the Compatibility settings in the Hardware
Configuration properties of the virtual machines.
B. Set the Priority property of the virtual machine cluster role.
C. From the Virtual Machine Manager console, modify the Servicing Windows settings of the virtual
machines.
D. From the Virtual Machine Manager console, modify the Availability settings in the Hardware
Configuration properties of the virtual machines.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
Explanation:
The correct answer in the real exam is Anti Affinity command.
QUESTION 66
Your Active Directory currently contains five virtualized domain controllers that run Windows Server 2012
R2.
The system state of each domain controller is backed up daily.
The backups are shipped to a remote location weekly.
Your company recently implemented a disaster recovery site that contains several servers.
The servers run Windows Server 2012 R2 and have the Hyper-V server role installed.
The disaster recovery site has a high-speed WAN link to the main office.
You need to create an Active Directory recovery plan that meets the following requirements:
- Restores the Active Directory if a catastrophe prevents all access to the
main office.
- Minimizes data loss.
What should you include in the plan?
A. Hyper-V replicas
B. Live migration
C. Virtual machine checkpoints
D. System state restores
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
QUESTION 67
Your network contains 500 client computers that run Windows 7 and a custom application named App1.
App1 uses data stored in a shared folder.
You have a failover cluster named Cluster1 that contains two servers named Server1 and Server2.
Server1 and Server2 run Windows Server 2012 and are connected to an iSCSI Storage Area Network
(SAN).
You plan to move the shared folder to Cluster1.
You need to recommend which cluster resource must be created to ensure that the shared folder
can be accessed from Cluster1.
What should you recommend? More than one answer choice may achieve the goal. Select the BEST
answer.
A. The Generic Application cluster role
B. The DFS Namespace Server cluster role
C. The clustered File Server role of the File Server for general use type
D. The clustered File Server role of the File Server for scale-out application data type
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
The question states that the client computers run Windows 7.
Windows 7 or older clients cannot access SMB 3.0 Shares (which is what Scale-Out File Servers use).
Our only other option is to create an File Server for General Use here (the only downside to this is that the
shared folder can only be read/accessed from one of the file servers at a time.. which isnt a huge issue in
this scenario).
QUESTION 68
Your network contains an Active Directory forest named contoso.com.
The forest contains multiple servers that run Windows Server 2012.
The network contains 1,000 client computers that run Windows 7.
Two hundred remote users have laptop computers and only work from home.
The network does not provide remote access to users.
You need to recommend a monitoring solution to meet the following requirements:
- Generate a list of updates that are applied successfully to all computers.
- Minimize the amount of bandwidth used to download updates.
- An administrator must approve the installation of an update on any client computer.
What should you include in the recommendation? (Each Answer presents part of the solution. Choose all
that apply.)
A. Microsoft Asset Inventory Service (AIS)
B. Windows InTune
C. Windows Server Update Services (WSUS)
D. Active Directory Federation Services (AD FS)
E. Microsoft System Center 2012 Service Manager
Correct Answer: BC
Section: [none]
Explanation
Explanation/Reference:
B & C.
Windows InTune can be used to manage remote clients and deploy updates to them even when they are
not connected to the domain, or are not even domain users.
Intune handles the updates & reporting for the 200 remote users. They use their own Internet to get the
updates
WSUS handles the “in-office” updates & reporting and satisfies the requirement of minimizing bandwidth
for downloading updates.
QUESTION 69
Your network contains an Active Directory domain named contoso.com.
The domain contains a System Center 2012 R2 Virtual Machine Manager (VMM) deployment.
The domain contains 20 Hyper-V hosts that run Windows Server 2012 R2.
Currently, the computer accounts of all of the Hyper-V hosts are in organizational unit (OU) named
Virtualization.
You plan to create two private clouds by using VMM named Cloud1 and Cloud2.
The virtual machines for Cloud1 will be hosted on two Hyper-V hosts named Server1 and Server2.
The virtual machines for Cloud2 will be hosted on two Hyper-V hosts named Server3 and Server4.
You need to recommend an administrative model for Cloud1 and Cloud2.
Which technology best achieves the goal? More than one answer choice may achieve the goal. Select the
BEST answer.
A. Two sites and two Application Administrator (Self-Service User) user roles
B. Two host groups and two Application Administrator (Self-Service User) user roles
C. Two OUs and two Application Administrator (Self-Service User) user roles
D. Two logical units and two Tenant Administrator user roles
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Host Groups are the "Organizational Units" of VMM! We need two host groups to allow us to delegate
permissions and Application Administrator Roles.
User Roles in VMM:
Administrator – This role is exactly what you think, can manages the scope of everything within VMM.
Fabric Administrator – Can perform ALL administrative tasks, but only within a defined Scope. That
scope can be a Host Group, a Private Cloud, or one or more Library Servers.
Tenant Administrator - user role can define the scope of tasks performed by self-service users on their
VMs, including creating and applying quotas on available resources. So, this is the user role you should
use if you want to give an administrator permission to manage self-service users and the resources they
consume. Members of the Tenant Administrator user role can also manage VM networks, including
managing and deploying their own VMs within a defined scope. The scope is limited to private cloud
objects.
Application Administrator - user role can deploy and manage their own VMs within the scope and quotas
defined by higher-level administrators. Note that this user role is called the Self-Service User user role in
VMM 2012 RTM.
QUESTION 70
Your company has three offices.
The offices are located in Seattle, London, and Tokyo.
The network contains an Active Directory domain named northwindtraders.com.
Each office is configured as an Active Directory site.
System Center 2012 R2 Operations Manager is deployed to the domain.
The servers in all three sites are monitored by using Operations Manager.
The company has a web site for its customers.
The web site requires users to sign-in.
You need to recommend a solution to monitor the web site.
The solution must meet the following requirements:
- Monitor the availability of the web site from locations in North America, Europe, Asia, and Australia.
- Monitor multi-step requests to the web site.
- Use a central console for monitoring.
What should you include in the recommendation?
A. Import the System Center Global Services Monitoring Management Pack and add the Web Application
Availability Monitoring monitoring type.
B. Add the Web Application Transaction monitoring type and configure watcher nodes.
C. Add the TCP Port monitoring type and configure watcher nodes.
D. Import the System Center Global Services Monitor Management Pack and add the Visual Studio Web
Test Monitoring monitoring type.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
The answer is D.
Visual Studio Web Test Supports Multistep AND External Server testing.
http://www.systemcentercentral.com/which-is-the-best-synthetic-web-transaction-to-use-in-operationsmanager-
for-my-requirements-scom-sysctr/
QUESTION 71
You have a System Center 2012 R2 Configuration Manager deployment.
All users have client computers that run Windows 8.1.
The users log on to their client computer as standard users.
An application named App1 is deployed to the client computers by using System Center.
You need to recommend a solution to validate a registry key used by App1.
If the registry key has an incorrect value, the value must be changed.
The registry key must be validated every day.
The solution must generate a report on non-compliant computers.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select
the BEST answer.
A. Group Policy preferences
B. A desired configuration baseline
C. The Windows PowerShell Desired State Configuration (DSC) feature
D. The Microsoft Baseline Security Analyzer (MBSA)
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
The question indicates that we HAVE System Center deployed so there is no need to fiddle around with
Group Polcies that won't really work properly.
Not A - Above reason.
Not C - We dont need to install the DSC Powershell Tools, we need to create a DSC baseline.
Not D - MBSA can analyze and report but NOT carry out actions (cannot change the value of the registry
key).
B - A Desired State Configurtion can stipulate the required status of the registry key. DSC also provides a
means for non-compliant machines to remidiate their compliance.
QUESTION 72
Your network contains an Active Directory forest named contoso.com.
Your company works with a partner company that has an Active Directory forest named fabrikam.com.
Both forests contain domain controllers that run only Windows Server 2012 R2.
The certification authority (CA) infrastructure of both companies is configured as shown in the following
table.
You need to recommend a certificate solution that meets the following requirements:
- Server authentication certificates issued from fabrikam.com must be trusted automatically by the
computers in contoso.com.
- The computers in contoso.com must not trust automatically any other type of certificates issued from the
CA hierarchy in fabrikam.com.
What should you include in the recommendation?
A. Deploy a Group Policy object (GPO) that defines intermediate CAs.
Import a certificate that has an application policy object identifier (OID) of CA Encryption Certificate.
B. Deploy a Group Policy object (GPO) that defines an enterprise trust.
Import a certificate that has an application policy object identifier (OID) of Microsoft Trust List Signing.
C. Deploy a Group Policy object (GPO) that defines an enterprise trust.
Import a certificate that has an application policy object identifier (OID) of CA Encryption Certificate.
D. Deploy a Group Policy object (GPO) that defines intermediate CAs.
Import a certificate that has an application policy object identifier (OID) of Microsoft Trust List Signing.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
If we need to import a certificate from a partner Enterprise/Forest, but we do not want to automatically trust
all of the certificates from their organization’s CA we simply:
Deploy a Group Policy object (GPO) that defines an enterprise trust.
Import a certificate that has an application policy object identifier (OID) of Microsoft Trust List
Signing.
Certificate Trust List (CTL):
This is almost the opposite of a Certificate-Revocation List (CRL).
Instead of making a list of which Certificates we no longer trust, we are adding this certificate to the
Certificate (Microsoft) Trust List (CTL) which specifies which certificates we DO trust.
If we add an external enterprises certificate to our CTL, our Network will ONLY trust that specific
certificate and nothing else from the partner enterprise unless we add more of their certificates to
our CTL.
QUESTION 73
Your network contains an Active Directory domain named contoso.com.
You plan to implement Network Load Balancing (NLB).
You need to identify which network services and applications can be load balanced by using NLB.
Which services and applications should you identify?
A. Microsoft SQL Server 2012 Reporting Services
B. A failover cluster
C. A DHCP server
D. A Microsoft Exchange Server 2010 Mailbox server
E. A file server
F. A Microsoft SharePoint Server 2010 front-end Web server
Correct Answer: AF
Section: [none]
Explanation
Explanation/Reference:
NLB is ONLY usable on STATELESS network services – ie: Read-only services, like front end web
servers, or SQL reporting servers. (on servers that do not allow the clients to change/modify
anything).
QUESTION 74
Your network contains an Active Directory domain named contoso.com.
The domain contains multiple servers that run Windows Server 2012.
All client computers run Windows 7.
The network contains two data centers.
You plan to deploy one file server to each data center.
You need to recommend a solution to provide redundancy for shared folders if a single data center
fails.
What should you recommend? More than one answer choice may achieve the goal. Select the BEST
answer.
A. A Distributed File System (DFS) namespace and DFS Replication
B. Cluster Shared Volumes (CSVs)
C. The clustered File Server role of the File Server for general use type
D. The clustered File Server role of the File Server scale-out application data type
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
QUESTION 75
You have a Windows Server 2012 R2 failover cluster that contains four nodes.
Each node has four network adapters.
The network adapters on each node are configured as shown in the following table.
NIC4 supports Remote Direct Memory Access (RDMA) and Receive Side Scaling (RSS).
The cluster networks are configured as shown in the following table.
You need to ensure that ClusterNetwork4 is used for Cluster Shared Volume (CSV) redirected
traffic.
What should you do?
A. Set the metric of ClusterNetwork4 to 90,000 and disable SMB Multichannel.
B. On each server, replace NIC4 with a 1-Gbps network adapter.
C. Set the metric of ClusterNetwork4 to 30,000 and disable SMB Multichannel.
D. On each server, enable RDMA on NIC4.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Redirected traffic will be sent to the NIC with the LOWEST Metric, but in server 2012 CSVs use SMB
Multichannel (which enables traffic to be redirected using TWO NICs) so we also need to disable SMB
Multichannel to prevent redirected traffic from being sent elsewhere on one of the other NICs.
QUESTION 76
Your network contains an Active Directory domain named contoso.com.
The domain contains 200 servers that run either Windows Server 2012 R2, Windows Server 2012, or
Windows Server 2008 R2.
The servers run the following enterprise applications:
- Microsoft Exchange Server 2013
- Microsoft SQL Server 2014
System Center 2012 R2 Operations Manager is deployed to the domain.
Operations Manager monitors all of the servers in the domain.
Audit Collection Services (ACS) is installed.
You need to recommend a monitoring strategy for the domain that meets the following
requirements:
- A group of administrators must be notified when an error is written to the
System log on the servers that run Exchange Server 2013.
- A group of administrators must be notified when a specific event is written
to The Application log on the servers that run SQL Server 2014.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select
the BEST answer.
A. From Operations Manager, enable audit collection.
B. From Operations Manager, implement two monitors.
C. From Computer Management, implement one event subscription.
D. From Operations Manager, implement two rules.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
Monitors monitor applications for their health state.
Rules can be used to create Alerts for events.
https://technet.microsoft.com/en-us/library/hh457603.aspx
QUESTION 77
Your network contains two servers named Server1 and Server2 that run Windows Server 2012.
Server1 and Server2 are members of a failover cluster named Cluster1 and are connected to an iSCSI
Storage Area Network (SAN).
You need to ensure that you can implement the clustered File Server role of the File Server for
scale-out application data type for Cluster1.
What should you install?
A. The iSCSI Target Server cluster role
B. The Distributed Transaction Coordinator (DTC) cluster role
C. The DFS Namespace Server cluster role
D. A Cluster Shared Volume (CSV)
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
Explanation:
http://technet.microsoft.com/en-us/library/jj612868.aspx
QUESTION 78
Your network contains a main data center and a disaster recovery data center.
Each data center contains a Storage Area Network (SAN).
The main data center contains a two-node failover cluster named Cluster1 that hosts a Microsoft SQL
Server 2012 database named DB1.
The database files in DB1 are stored on the
SAN in the main office.
The disaster recovery data center contains a server that runs SQL Server 2012.
You need to recommend a disaster recovery solution for the SQL Server database.
The solution must ensure that the database remains available if the main data center fails.
What should you recommend? More than one answer choice may achieve the goal. Select the BEST
answer.
A. Deploy Distributed File System (DFS) Replication.
B. Extend the failover cluster to the disaster recovery data center.
C. Implement a Cluster Shared Volume (CSV) and move the database files to the CSV.
D. Implement SQL Server database replication between the two data centers.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
Explanation:
QUESTION 79
You plan to implement a virtualization solution to host 10 virtual machines.
All of the virtual machines will be hosted on servers that run Windows Server 2012.
You need to identify which servers must be deployed for the planned virtualization solution.
The solution must meet the following requirements:
- Minimize the number of servers.
- Ensure that live migration can be used between the hosts.
Which servers should you identify? To answer, select the appropriate servers in the answer area.
A. OPTION 1
B. OPTION 2
C. OPTION 3
D. OPTION 4
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Just two server with Hyper-V installed is enough to perform a Live Migration. (Minimize the number of
servers)
QUESTION 80
Your network contains an Active Directory domain named contoso.com.
The domain contains Server 2012 R2 and has the Hyper-V server role installed.
You need to log the amount of system resources used by each virtual machine.
What should you do?
A. From Windows PowerShell, run the Enable-VMResourceMeteringcmdlet.
B. From Windows System Resource Manager, enable Accounting.
C. From Windows System Resource Manager, add a resource allocation policy.
D. From Windows PowerShell, run the Measure-VM cmdlet.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Enable-VMResourceMeteringcmdlet – begins logging the amount of system resources used by the
VM or VMs that you specify in the command.
Measure-VM - fetches the logged data for the VM or VMs.
The question asks us to begin logging the data, it does not ask us to fetch that logged data (whch hasn't
even been logged yet).
QUESTION 81
Your network contains an Active Directory domain named contoso.com.
The domain contains a member server named HVServer1.
HVServer1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
HVServer1 hosts 10 generation 1 virtual machines.
All of the virtual machines connect to a virtual switch named Switch1.
Switch1 is configured as a private network.
All of the virtual machines have the DHCP guard and the router guard settings enabled.
You install the DHCP server role on a virtual machine named Server1.
You authorize Server1 as a DHCP server in contoso.com.
You create an IP scope.
You discover that the virtual machines connected to Switch1 do not receive IP settings from Server1.
You need to ensure that the virtual machines can use Server1 as a DHCP server.
What should you do?
A. Enable MAC address spoofing on Server1.
B. Enable single-root I/O visualization (SR-IOV) on Server1.
C. Disable the DHCP guard on Server1.
D. Disable the DHCP guard on all of the virtual machines that are DHCP clients.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
DHCP guard setting
This setting stops the virtual machine from making DHCP offers over this network interface.
To be clear this does not affect the ability to receive a DHCP offer (i.e. if you need to use DHCP to acquire
an IP address that will work) it only blocks the ability for the virtual machine to act as a DHCP server.
QUESTION 82
You have a server named Server1 that runs Windows Server 2012 R2.
You plan to enable Hyper-V Network Virtualization on Server1.
You need to install the Windows Network Virtualization Filter Driver on Server1.
Which Windows PowerShell cmdlet should you run?
A. Set-NetVirtualizationGlobal
B. Enable-NetAdapterBinding
C. Add - WindowsFeature
D. Set-NetAdapterVmq
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Hyper-V Network Virtrtualization runs multiple virtual networks on a physical network. And each virtual
network operates as if it is running as a physical network.
The The Set-NetAdaptercmdlet sets the basic properties of a network adapter such as virtual LAN (VLAN)
identifier (ID) and MAC address.
Thus if you add the binding parameter to the command then you will be able to install the Windows
Network Virtualization Filter Driver.
Step one:Enable Windows Network Virtualization (WNV). This is a binding that is applied to the NIC that
you External Virtual Switch is bound to.
This can be a physical NIC, it can be an LBFO NIC team. Either way, it is the network adapter that your
External Virtual Switch uses to exit the server.
This also means that if you have multiple virtual networks or multiple interfaces that you can pick and
choose and it is not some global setting.
If you have one External Virtual Switch this is fairly easy:
$vSwitch = Get-VMSwitch -SwitchType External# Check if Network Virtualization is bound# This could be
done by checking for the binding and seeing if it is enabledForEach-Object - InputObject $vSwitch {if ((Get-
NetAdapterBinding -ComponentID "ms_netwnv" - InterfaceDescription
$_.NetAdapterInterfaceDescription).Enabled -eq $false){ # Lets enable itEnable-NetAdapterBinding -
InterfaceDescription $_.NetAdapterInterfaceDescription - ComponentID "ms_netwnv"}}
QUESTION 83
Your network contains an Active Directory domain named contoso.com.
You install Windows Server 2012 R2 on a new server named Server1 and you join Server1 to the domain.
You need to ensure that you can view processor usage and memory usage information in Server
Manager.
What should you do?
A. From Server Manager, click Configure Performance Alerts.
B. From Performance Monitor, create a Data Collector Set (DCS).
C. From Performance Monitor, start the System Performance Data Collector Set (DCS).
D. From Server Manager, click Start Performance Counters.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
QUESTION 84
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the Hyper-V server role installed.
The domain contains a virtual machine named VM1.
A developer wants to attach a debugger to VM1.
You need to ensure that the developer can connect to VM1 by using a named pipe.
Which virtual machine setting should you configure?
A. BIOS
B. Network Adapter
C. COM 1
D. Processor
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
QUESTION 85
Your network contains an Active Directory domain named contoso.com.
The domain contains a member server named Server 1.
Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
You create an external virtual switch named Switch1.
Switch1 has the following configurations:
- Connection type: External network
- Single-root I/O virtualization (SR-IOV): Enabled
Ten virtual machines connect to Switch1.
You need to ensure that all of the virtual machines that connect to Switch1 are isolated from the
external network and can connect to each other only.
The solution must minimize network downtime for the virtual machines.
What should you do?
A. Remove Switch1 and recreate Switch1 as an internal network.
B. Change the Connection type of Switch1 to Private network.
C. Change the Connection type of Switch1 to Internal network.
D. Remove Switch1 and recreate Switch1 as a private network.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
QUESTION 86
Your network contains two Hyper-V hosts named Host1 and Host2.
Host1 contains a virtual machine named VM1.
Host2 contains a virtual machine named VM2.
VM1 and VM2 run Windows Server 2012 R2.
You install the Network Load Balancing feature on VM1 and VM2.
You need to ensure that the virtual machines are configured to support Network Load Balancing
(NLB).
Which virtual machine settings should you configure on VM1 and VM2?
A. DHCP guard
B. MAC address
C. Router guard
D. Port mirroring
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Explanation:
When MAC addresses are not assigned to virtual machines, it could cause network problems.
http://blogs.msdn.com/b/clustering/archive/2010/07/01/10033544.aspx
QUESTION 87
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1.
Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
On Server1, an administrator creates a virtual machine named VM1.
A user named User1 is the member of the local Administrators group on Server1.
User1 attempts to modify the settings of VM1 as shown in the following exhibit. (Click the Exhibit button.)
You need to ensure that User1 can modify the settings of VM1 by running the Set-Vmcmdlet.
What should you instruct User1 to do?
A. Run Windows PowerShell with elevated privileges.
B. Install the Integration Services on VM1.
C. Modify the membership of the local Hyper-V Administrators group.
D. Import the Hyper-V module.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
You can only use the PowerShell snap-in to modify the VM settings with the vmcmdlets when you are an
Administrator.
Thus best practices dictate that User1 run the Powershell with elevated privileges.
http://technet.microsoft.com/en-us/library/jj713439.aspx
QUESTION 88
Your network contains an Active Directory domain named contoso.com.
The domain contains two member servers named Server1 and Server2.
All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed.
The servers are configured as nodes in a failover cluster named Cluster1.
Cluster1 has access to four physical disks.
The disks are configured as shown in the following table.
You need to ensure that all of the disks can be added to a Cluster Shared Volume (CSV).
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Enable BitLocker on Disk4.
B. Disable BitLocker on Disk1.
C. Format Disk2 to use NTFS.
D. Format Disk3 to use NTFS.
Correct Answer: CD
Section: [none]
Explanation
Explanation/Reference:
Explanation:
You cannot use a disk for a CSV that is formatted with FAT, FAT32, or Resilient File System (ReFS).
QUESTION 89
Your network contains three servers named HV1, HV2, and Server1 that run Windows Server 2012 R2.
HV1 and HV2 have the Hyper-V server role installed. Server1 is a file server that contains 3 TB of free disk
space.
HV1 hosts a virtual machine named VM1.
The virtual machine configuration file for VM1 is stored in D:\VM and the virtual hard disk file is stored in E:
\VHD.
You plan to replace drive E with a larger volume.
You need to ensure that VM1 remains available from HV1 while drive E is being replaced.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Perform a live migration to HV2.
B. Add HV1 and HV2 as nodes in a failover cluster.
Perform a storage migration to HV2.
C. Add HV1 and HV2 as nodes in a failover cluster.
Perform a live migration to HV2.
D. Perform a storage migration to Server1.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
QUESTION 90
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2.
Server1 hosts 50 virtual machines that run Windows Server 2012 R2.
Your company uses smart cards for authentication.
You need to ensure that you can use smart card authentication when you connect to the virtual
machine by using Virtual Machine Connection.
What should you configure?
A. The NUMA Spanning settings
B. The RemoteFX settings
C. The Enhanced Session Mode Policy
D. The Integration Services settings
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
QUESTION 91
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2.
Server1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
VM1 has several snapshots.
You need to modify the snapshot file location of VM1.
What should you do?
A. Delete the existing snapshots, and then modify the settings of VM1.
B. Right-click VM1, and then click Move. ..
C. Right-click VM1, and then click Export...
D. PauseVM1, and then modify the settings of VM1.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
You will need to navigate to the Hyper-V Management snap-in (C:\ProgramData\Microsoft\Windows\Hyper-
V) and from there access the Snapshot file Location tab where you can change the settings for the VM1
snapshot file location.
However, since there are already several snapshots in existence, you will need to delete them first
because you will not be able to change the location of the snapshot file while there is an existing
snapshot.
You need to modify the snapshot file location of VM1.
QUESTION 92
Your network contains an Active Directory domain named contoso.com.
The domain contains four servers named Server1, Server2, Server3, and Server4 that run Windows Server
2012 R2.
All servers have the Hyper-V server role and the Failover Clustering feature installed.
You need to replicate virtual machines from Cluster1 to Cluster2.
Which three actions should you perform? (Each correct answer presents part of the solution.Choose
three.)
A. From Hyper-V Manager on a node in Cluster2, create three virtual machines.
B. From Cluster2, add and configure the Hyper-V Replica Broker role.
C. From Failover Cluster Manager on Cluster1, configure each virtual machine for replication.
D. From Cluster1, add and configure the Hyper-V Replica Broker role.
E. From Hyper-V Manager on a node in Cluster2 modify the Hyper-V settings.
Correct Answer: BCD
Section: [none]
Explanation
Explanation/Reference:
Explanation:
These are two clusters, to replicate any VM to a cluster you need to configure the Replica Broker role on
each cluster the last step should be enabling replication on the VMs.
QUESTION 93
You have a small Hyper-V cluster built on two hosts that run Windows Server 2012 R2 Hyper-V.
You manage the virtual infrastructure by using System Center Virtual Machine Manager 2012.
Distributed Key Management is not installed.
You have the following servers in the environment:
You have the following requirements:
You must back up virtual machines at the host level.
You must be able to back up virtual machines that are configured for live migration.
You must be able to restore the entire VMM infrastructure.
You need to design and implement the backup plan.
What should you do?
A. Run the following Windows PowerShell command:
Checkpoint-VM -Name DPMI -ComputerName SQL1
B. Install the DPM console on VMM1
C. Configure backup for all disk volumes on FILESERVER1.
D. Install the VMM console on DPMI.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
Explanation:
DPM can be used along with Hyper-V, and Hyper-V Clusters for a perfect backup solution. DPM can
be assigned the task of backing up a VM on one cluster node, then if that VM ends up being moved/failed
over/migrated to another cluster node DPM will contact Virtual Machine Manager (VMM) and automatically
find out where the VM was moved to. Then it will back up the VM as if it hadn’t even been moved at all.
Basically, DPM is an intelligent backup solution for Clustered Virtual Machines that move around to
different nodes a lot. It will find the VM that it is supposed to backup automatically and back it up as per
usual.
To do this, the VMM Console needs to be installed on the DPM server.
QUESTION 94
You administer a group of servers that run Windows Server 2012 R2.
You must install all updates.
You must report on compliance with the update policy on a monthly basis.
You need to configure updates and compliance reporting for new devices.
What should you do?
A. Deploy the Microsoft Baseline Security Analyzer. Scan the servers and specify the /apply switch.
B. In Configuration Manager, deploy a new Desired Configuration Management baseline that includes all
required updates.
C. Configure a new group policy to install updates monthly. Deploy the group policy to all servers.
D. In Operations Manager, create an override that enables the software updates management pack. Apply
the new override to the servers.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
ATT: This question is one of a series of similar questions. I recommend choosing an answer, if the options
contain one, that does NOT require System Center because the Question does not mention that System
Center is installed.
Also, make sure to select an answer that is able to generate Compliance Reports.
Most Probably Answer Options For This Question Instance:
Configure a new group policy to install updates monthly. Deploy the group policy to all servers.
In Configuration Manager, deploy a new Desired Configuration Management baseline that includes all
required updates.
In Virtual Machine Manager, deploy a new update baseline that includes all required updates.
Configure windows server update service(WSUS) to automatically approve all updates. Configure the
servers to use the WSUS server for updates
QUESTION 95
You are an Active Directory administrator for Contoso, Ltd.
You have a properly configured certification authority (CA) in the contoso.com Active Directory Domain
Services (AD DS) domain.
Contoso employees authenticate to the VPN by using a user certificate issued by the CA.
Contoso acquires a company named Litware, Inc., and establishes a forest trust between contoso.com and
litwareinc.com.
No CA currently exists in the litwareinc.com AD DS domain. Litware employees do not have user accounts
in contoso.com and will continue to use their litwareinc.com user accounts.
Litware employees must be able to access Contoso's VPN and must authenticate by using a user
certificate that is issued by Contoso's CA.
You need to configure cross-forest certificate enrollment for Litware users.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Grant the litwareinc.com AD DS Domain Computers group permissions to enroll for the VPN template
on the Contoso CA.
B. Copy the VPN certificate template from contoso.com to litwareinc.com.
C. Add Contoso's root CA certificate as a trusted root certificate to the Trusted Root Certification Authority
in litware.com.
D. Configure clients in litwareinc.com to use a Certificate Policy server URI that contains the location of
Contoso's CA.
Correct Answer: AC
Section: [none]
Explanation
Explanation/Reference:
First - Publish the root CA certificate from the resource forest to the account forest.
Second - Assign enroll permissions.
http://www.certifychat.com/70-414-a/429-configure-cross-forest-certificate-enrollment-litware-users.html?
highlight=configure+application.
QUESTION 96
A company has data centers in Seattle and New York. A high-speed link connects the data centers.
Each data center runs a virtualization infrastructure that uses Hyper-V Server 2012 and Hyper-V Server
2012 R2.
Administrative users from the Seattle and New York offices are members of Active Directory Domain
Services groups named SeattleAdmins and NewYorkAdmins, respectively.
You deploy one System Center Virtual Machine Manager (SCVMM) in the Seattle data center.
You create two private clouds named SeattleCloud and NewYorkCloud in the Seattle and New York data
centers, respectively.
You have the following requirements:
Administrators from each data center must be able to manage the virtual
machines and services from their location by using a web portal.
Administrators must not apply new resource quotas or change resource
quotas.
You must manage public clouds by using the existing SCVMM server. You must
use the minimum permissions required to perform the administrative tasks.
You need to configure the environment.
What should you do?
A. For both the Seattle and New York admin groups, create a User Role and assign it to the Application
Administrator profile.
Add the Seattle and New York private clouds to the corresponding User Role.
B. For both the Seattle and New York admin groups, create a User Role and assign it to the Delegated
Administrator profile.
Add the Seattle and New York private clouds to the corresponding User Role.
C. For both the Seattle and New York admin groups, create a User Role and assign it to the Tennant
Administrator profile.
Add the Seattle and New York private clouds to the corresponding User Role.
D. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of each Hyper-V host
in Seattle and New York, respectively.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
User Roles in VMM:
Administrator – This role is exactly what you think, can manages the scope of everything within VMM.
Fabric Administrator – Can perform ALL administrative tasks, but only within a defined Scope. That
scope can be a Host Group, a Private Cloud, or one or more Library Servers.
Tenant Administrator - user role can define the scope of tasks performed by self-service users on their
VMs, including creating and applying quotas on available resources. So, this is the user role you should
use if you want to give an administrator permission to manage self-service users and the resources they
consume. Members of the Tenant Administrator user role can also manage VM networks, including
managing and deploying their own VMs within a defined scope. The scope is limited to private cloud
objects.
Application Administrator - user role can deploy and manage their own VMs within the scope and quotas
defined by higher-level administrators. Note that this user role is called the Self-Service User user role in
VMM 2012 RTM.
QUESTION 97
You administer an Active Directory Domain Services forest that includes an Active Directory Federation
Services (AD FS) server and Azure Active Directory.
The fully qualified domain name of the AD FS server is adfs.contoso.com.
Your must implement single sign-on (SSO) for a cloud application that is hosted in Azure.
All domain users must be able to use SSO to access the application.
You need to configure SSO for the application.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Use the Azure Active Directory Synchronization tool to configure user synchronization.
B. Use the AD FS Configuration wizard to specify the domain and administrator for the Azure Active
Directory service.
C. Create a trust between AD FS and Azure Active Directory.
D. In the Azure management portal, activate directory synchronization.
Correct Answer: AC
Section: [none]
Explanation
Explanation/Reference:
You can employ both AD FS and Azure AD for use with single-sign on for Azure Cloud-Based Applications.
To do so:
1. Synchronize AD FS users with Azure AD (dirsync).
2. Create a trust between AD FS and Azure AD.
After this you can go through more advanced steps to configure advanced authentication settings, device
registraion and conditional access.
QUESTION 98
You have a small Hyper-V cluster built on two hosts that run Windows Server 2012 R2 Hyper-V.
You manage the virtual infrastructure by using System Center Virtual Machine Manager 2012.
Distributed Key Management is not installed.
You have the following servers in the environment:
You have the following requirements:
You must back up virtual machines at the host level.
You must be able to back up virtual machines that are configured for live
migration.
You must be able to restore the entire VMM infrastructure.
You need to design and implement the backup plan.
What should you do?
A. Run the following Windows PowerShell command:
Checkpoint-VM -Name DPMI -ComputerName SQL1
B. Install the DPM console on VMM1
C. Configure backup for all disk volumes on FILESERVER1.
D. Install the VMM console on DPMI.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
DPM can be used along with Hyper-V, and Hyper-V Clusters for a perfect backup solution. DPM can
be assigned the task of backing up a VM on one cluster node, then if that VM ends up being moved/failed
over/migrated to another cluster node DPM will contact Virtual Machine Manager (VMM) and automatically
find out where the VM was moved to. Then it will back up the VM as if it hadn’t even been moved at all.
Basically, DPM is an intelligent backup solution for Clustered Virtual Machines that move around to
different nodes a lot. It will find the VM that it is supposed to backup automatically and back it up as per
usual.
To do this, the VMM Console needs to be installed on the DPM server.
QUESTION 99
You administer a group of servers that run Windows Server 2012 R2.
You must install all updates.
You must report on compliance with the update policy on a monthly basis.
You need to configure updates and compliance reporting for new devices.
What should you do?
A. Deploy the Microsoft Baseline Security Analyzer.
Scan the servers and specify the /apply switch.
B. In Configuration Manager, deploy a new Desired Configuration Management baseline that includes all
required updates.
C. Configure a new group policy to install updates monthly.
Deploy the group policy to all servers.
D. In Operations Manager, create an override that enables the software updates management pack.
Apply the new override to the servers.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
ATT: This question is one of a series of similar questions. I recommend choosing an answer, if the options
contain one, that does NOT require System Center because the Question does not mention that System
Center is installed.
Also, make sure to select an answer that is able to generate Compliance Reports.
Most Probably Answer Options For This Question Instance:
Configure a new group policy to install updates monthly. Deploy the group policy to all servers.
In Configuration Manager, deploy a new Desired Configuration Management baseline that includes all
required updates.
In Virtual Machine Manager, deploy a new update baseline that includes all required updates.
Configure windows server update service(WSUS) to automatically approve all updates. Configure the
servers to use the WSUS server for updates
http://www.certifychat.com/70-414-a/342-configure-updates-compliance-reporting-devices.html?
highlight=configure+updates+compliance+reporting+devices.
QUESTION 100
You are an Active Directory administrator for Contoso, Ltd.
You have a properly configured certification authority (CA) in the contoso.com Active Directory Domain
Services (AD DS) domain.
Contoso employees authenticate to the VPN by using a user certificate issued by the CA.
Contoso acquires a company named Litware, Inc., and establishes a forest trust between contoso.com and
litwareinc.com.
No CA currently exists in the litwareinc.com AD DS domain.
Litware employees do not have user accounts in contoso.com and will continue to use their litwareinc.com
user accounts.
Litware employees must be able to access Contoso's VPN and must authenticate by using a user
certificate that is issued by Contoso's CA.
You need to configure cross-forest certificate enrollment for Litware users.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Grant the litwareinc.com AD DS Domain Computers group permissions to enroll for the VPN template
on the Contoso CA.
B. Copy the VPN certificate template from contoso.com to litwareinc.com.
C. Add Contoso's root CA certificate as a trusted root certificate to the Trusted Root Certification Authority
in litware.com.
D. Configure clients in litwareinc.com to use a Certificate Policy server URI that contains the location of
Contoso's CA.
Correct Answer: AC
Section: [none]
Explanation
Explanation/Reference:
First - Publish the root CA certificate from the resource forest to the account forests.
Then - Allow the tursted computer accounts in the account forest to enroll.
http://www.certifychat.com/70-414-a/429-configure-cross-forest-certificate-enrollment-litware-users.html?
highlight=configure+cross-forest+certificate+enrollment+Litware+users.
QUESTION 101
A company has data centers in Seattle and New York.
A high-speed link connects the data centers. Each data center runs a virtualization infrastructure that uses
Hyper-V Server 2012 and Hyper-V Server 2012 R2.
Administrative users from the Seattle and New York offices are members of Active Directory Domain
Services groups named SeattleAdmins and NewYorkAdmins, respectively.
You deploy one System Center Virtual Machine Manager (SCVMM) in the Seattle data center.
You create two private clouds named SeattleCloud and NewYorkCloud in the Seattle and New York data
centers, respectively.
You have the following requirements:
Administrators from each data center must be able to manage the virtual
machines and services from their location by using a web portal.
Administrators must not apply new resource quotas or change resource quotas.
You must manage public clouds by using the existing SCVMM server.
You must use the minimum permissions required to perform the administrative
tasks.
You need to configure the environment.
What should you do?
A. For both the Seattle and New York admin groups, create a User Role and assign it to the Application
Administrator profile.
Add the Seattle and New York private clouds to the corresponding User Role.
B. For both the Seattle and New York admin groups, create a User Role and assign it to the Delegated
Administrator profile.
Add the Seattle and New York private clouds to the corresponding User Role.
C. For both the Seattle and New York admin groups, create a User Role and assign it to the Tennant
Administrator profile.
Add the Seattle and New York private clouds to the corresponding User Role.
D. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of each Hyper-V host
in Seattle and New York, respectively.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
User Roles in VMM:
Administrator – This role is exactly what you think, can manages the scope of everything within VMM.
Fabric Administrator – Can perform ALL administrative tasks, but only within a defined Scope. That
scope can be a Host Group, a Private Cloud, or one or more Library Servers.
Tenant Administrator - user role can define the scope of tasks performed by self-service users on their
VMs, including creating and applying quotas on available resources. So, this is the user role you should
use if you want to give an administrator permission to manage self-service users and the resources they
consume. Members of the Tenant Administrator user role can also manage VM networks, including
managing and deploying their own VMs within a defined scope. The scope is limited to private cloud
objects.
Application Administrator - user role can deploy and manage their own VMs within the scope and quotas
defined by higher-level administrators. Note that this user role is called the Self-Service User user role in
VMM 2012 RTM.
http://www.certifychat.com/70-414-a/274-company-data-centers-seattle-york-speed-link-connects.html?
highlight=Seattle+York+admin+groups%2C+create+User+Role+assign+Application+Administrator+profile.
+Seattle+York+private+clouds+User+Role.
QUESTION 102
You administer an Active Directory Domain Services forest that includes an Active Directory Federation
Services (AD FS) server and Azure Active Directory.
The fully qualified domain name of the AD FS server is adfs.contoso.com.
Your must implement single sign-on (SSO) for a cloud application that is hosted in Azure. All domain users
must be able to use SSO to access the application.
You need to configure SSO for the application.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Use the Azure Active Directory Synchronization tool to configure user synchronization.
B. Use the AD FS Configuration wizard to specify the domain and administrator for the Azure Active
Directory service.
C. Create a trust between AD FS and Azure Active Directory.
D. In the Azure management portal, activate directory synchronization.
Correct Answer: AC
Section: [none]
Explanation
Explanation/Reference:
These are the very first, basic, configuration tasks you perform when setting up AD FS with Azure AD for
the prupose of single-sign on (Federation).
1. Synchronize AD FS users with Azure AD (dirsync).
2. Create a trust between AD FS and Azure AD.
Only after we have done the above two steps can we go on and configure things like Multi-Factor
Authentication, or Windows InTune which allows us to manage and administer Mobile (Personal) Devices
as if they were windows clients in our domain.
QUESTION 103
You install the Service Manager Self-Service Portal on a server named CONTOSOSSP1.
Users report that they receive access denied messages when they try to connect to the portal.
You must grant users the minimum required permissions.
You need to ensure that all users in the Contoso domain can access the Service Manager Self-
Service Portal.
What should you do?
A. In Active Directory, create a new group named PortalUsers.
Add the PortalUsers group to the Contoso\Domain Users group, and then add the group to the local
users group on CONTOSOSSP1.
B. Using the account that you used to install the Self-Service portal, grant the Contoso\Domain Users
group Read permissions to the portal.
C. In Service Manager, create a new user role named PortalUsers.
Grant the PortalUsers role rights to all catalog items, and then add the Contoso\Domain Users Active
Directory Domain Services group to the PortalUsers role.
D. Using the account that you used to install the Self-Serviceportal, grant the Contoso\Domain Users
group Contribute permissions to the portal.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Self Service Portal Users only need READ Access.
http://www.certifychat.com/70-414-a/272-install-service-manager-self-service-portal-server-namedcontosossp1.
html?highlight=ensure+users+Contoso+domain+access+Service+Manager+Self-+Service
+Portal.
QUESTION 104
You have a properly configured certification authority in a active directory domain services domain.
You must implement two-factor authentication and use virtual smart cards to secure user sessions.
You need to implement two-factor authentication for each client device.
What should you install on each client device?
A. A trusted platform module (TPM) chip.
B. A user certificate issue by a certification authority.
C. A smart card reader.
D. A local computer certificate issued by a certificate authority.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Virtual smart card technology uses cryptographic keys that are stored on computers that have the Trusted
Platform Module (TPM) installed.
Basically... think BitLocker....
To Authenticate:
The Virtual Smart Card can be thought of as a Physical Smart card that is contained on the computer. You
"swipe" that Virtual Smart Card in your Smart Card Reader (the TPM chip) and then you enter a PIN to
authenticate.
http://www.certifychat.com/70-414-a/344-install-client-device.html?highlight=implement+two-factor
+authentication+client+device.
QUESTION 105
You administer a group of servers that run Windows server 2012 R2.
You must install all updates. you must report on compilance with the update policy on a monthly basics.
You need to configure updates and compliance reporting for new devices.
What should you do?
A. In Operations Manager , create an override that enables the software updates management pack.
Apply the new override to the servers.
B. In Orchestrator, create a software runbook that installs all required updates to the servers on a monthly
schedule. Star the runbook.
C. In configuration manager, deploy a new desired configuration management baseline that includes all
required updates.
D. Configure windows server update service(WSUS) to automatically approve all updates.
Configure the servers to use the WSUS server for updates.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
ATT: This question is one of a series of similar questions. I recommend choosing an answer, if the options
contain one, that does NOT require System Center because the Question does not mention that System
Center is installed.
Also, make sure to select an answer that is able to generate Compliance Reports.
Most Probably Answer Options For This Question Instance:
Configure a new group policy to install updates monthly. Deploy the group policy to all servers.
In Configuration Manager, deploy a new Desired Configuration Management baseline that includes all
required updates.
In Virtual Machine Manager, deploy a new update baseline that includes all required updates.
Configure windows server update service(WSUS) to automatically approve all updates. Configure the
servers to use the WSUS server for updates
http://www.certifychat.com/70-414-a/342-configure-updates-compliance-reporting-devices.html?
highlight=configure+updates+compliance+reporting+devices.
QUESTION 106
Your network contains servers that run only Windows Server 2012.
You have five storage pools. The storage pools are configured as shown in the following table.
You need to identify which storage pools can be used as Clustered Resources.
Which storage pools should you identify?
A. StoragePool1
B. StoragePool2
C. StoragePool3
D. StoragePool4
E. StoragePool5
Correct Answer: ACD
Section: [none]
Explanation
Explanation/Reference:
To support clustered storage spaces the Disk bus type must be SAS.
Storage Spaces do not support iSCSI and Fibre Channel controllers
https://technet.microsoft.com/en-us/.../jj822937.aspx
http://www.certifychat.com/70-414-a/295-storage-pools-identify.html?highlight=storage+pools.+storage
+pools+configured+shown+table.
 |
 |
 |
 |
 | |
|---|---|---|---|---|---|
|
Test
King
|
Pass4sure
|
Actual
Tests
|
Other
Brands
| ||
| Customer Reviews |  |
 |
 |
 |
 |
|
$89.99
|
$124.99
|
$125.99
|
$189.00
|
$29.99~$49.99
| |
| Up-To-Dated |  |
 |
 |
 |
 |
| Real Questions & Answers |  |
 |
 |
 |
 |
| Correct All Error |  |
 |
 |
 |
 |
| Premium VCE Dumps |  |
 |
 |
 |
 |
| Free VCE Simulator |  |
 |
 |
 |
 |
| Unlimited After One Time Purchasing |  |
 |
 |
 |
 |
| Instant Download |  |
 |
 |
 |
 |
| Printable PDF Dumps |  |
 |
 |
 |
 |
| 100% Pass Guarantee |  |
 |
 |
 |
 |
| 100% Money Back |  |
 |
 |
 |
 |
100% Pass:http://examsavior.com/
No comments:
Post a Comment