You administer a group of servers that run windows server 2012 R2
You must install all updates, you must report on compliance with the update policy on a monthly basis.
you need to configure updates and compliance reporting for new devices
what should you do?
A. In the service manager console, add all the updates and servers to a new change request, approve the
change request.
B. In Virtual Machine Manager, deploy a new update baseline that includes all required updates.
C. Deploy the microsoft Baseline security analyzer, scan the servers and specifiy the /apply switch.
D. In orchestrator, create a software runbook that install all required updates to the servers on a monthly
schedule, start the runbook.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
ATT: This question is one of a series of similar questions. I recommend choosing an answer, if the options
contain one, that does NOT require System Center because the Question does not mention that System
Center is installed.
Also, make sure to select an answer that is able to generate Compliance Reports.
Most Probably Answer Options For This Question Instance:
Configure a new group policy to install updates monthly. Deploy the group policy to all servers.
In Configuration Manager, deploy a new Desired Configuration Management baseline that includes all
required updates.
In Virtual Machine Manager, deploy a new update baseline that includes all required updates.
Configure windows server update service(WSUS) to automatically approve all updates. Configure the
servers to use the WSUS server for updates
http://www.certifychat.com/70-414-a/273-administer-servers-run-windows-server-2012-r2.html
QUESTION 108
Your network contains an internal network and a perimeter network.
The internal network contains an Active Directory domain named contoso.com
All client computers in the perimeter network are part of a workgroup.
The internal network contains a Microsoft System Center 2012 infrastructure.
You plan to implement an update infrastructure to update the following:
Citrix Xenserver
System Center 2012
Windows Server 2003
Microsoft SQL Server 2008 R2
Microsoft SharePoint Server 2010
Another administrator recommends implementing a single WSUS server to manage all of the updates.
You need to identify which updates can be applied by using the recommended deployment of
WSUS.
What should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
A. VMWare ESX
B. Citrix XenServer
C. SQL Server 2008 R2
D. Windows Server 2003
E. SharePoint Server 2010
F. System Center 2012
Correct Answer: CDEF
Section: [none]
Explanation
Explanation/Reference:
http://www.certifychat.com/70-414-a/302-plan-implement-update-infrastructure-update-following.html?
highlight=plan+implement+update+infrastructure+update+following%3A
QUESTION 109
Your network contains an Active Directory domain named contoso.com. The domain
contains multiple servers that run Windows Server 2012. All client computers run Windows 7.
The network contains two data centers.
You plan to deploy one file server to each data center.
You need to recommend a solution to provide redundancy for shared folders if a single data center
fails.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
A. A Distributed File System (DFS) namespace and DFS Replication
B. Cluster Shared Volumes (CSVs)
C. The clustered File Server role of the File Server for general use type
D. The clustered File Server role of the File Server scale-out application data type
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
http://www.certifychat.com/70-414-a/300-recommend-solution-provide-redundancy-shared-folderssingle.
html?highlight=recommend+solution+provide+redundancy+shared+folders+single+data+center
+fails.
QUESTION 110
Only the members of FC2 can connect to SAN1
You plan to implement 20 highly available virtual machines on FC1, All of the virtual machines must be
stored in a single shared folder
You need to ensure that the VHD Files of the virtual machines can be stored on SAN1, VHD files
must be available from any node in FC2
What should you do on FC2 ?
A. Configure the clustered File server role of the filer server for general use.
B. Add the iSCSI target server cluster role.
C. Configure the clustered file server role of the scale-out file server for application data.
D. Add the storage services role service.
Correct Answer: BC
Section: [none]
Explanation
Explanation/Reference:
SOFS are used because we need the VHD file share to be accessible from any node in the FC2 cluster.
iSCSI target server role will facilitate the storage with the SAN.
Reference:
iSCSI Target Server is ideal for the following:
Network and diskless boot By using boot-capable network adapters or a software loader, you can
deploy hundreds of diskless servers. With iSCSI Target Server, the deployment is fast. In Microsoft
internal testing, 256 computers deployed in 34 minutes. By using differencing virtual hard disks, you
can save up to 90% of the storage space that was used for operating system images. This is ideal for
large deployments of identical operating system images, such as on virtual machines running Hyper-V
or in high-performance computing (HPC) clusters.
Server application storage Some applications require block storage. iSCSI Target Server can
provide these applications with continuously available block storage. Because the storage is remotely
accessible, it can also consolidate block storage for central or branch office locations.
Heterogeneous storage iSCSI Target Server supports non-Microsoft iSCSI initiators, making it easy
to share storage on servers in a mixed software environment.
Development, test, demonstration, and lab environments When iSCSI Target Server is enabled, a
computer running the Windows Server operating system becomes a network-accessible block storage
device. This is useful for testing applications prior to deployment in a storage area network (SAN).
http://www.certifychat.com/70-414-a/380-plan-implement-20-highly-available-virtual-machines-fc1.html
QUESTION 111
You implement a cross-forest enrollment between contoso.com and Fabricam.com
You receive version errors when you deploy updated certificates from the Contoso domain to the Fabricam
domain.
You need to ensure that you can deploy the certificates to the fabricam.com domain.
What should you do?
A. Run the following Windows PowerShell script:
DumpADObk.ps1 -ForestName fabricam.com
B. Run the following Windows PowerShell script:
PKISync.ps1 -sourceforest contoso.com -targetforest fabricam.com -f
C. Run the following Windows PowerShell script:
Get-CertificationAuthority contoso.com | Get-PendingRequest | Approve-CertificateRequest
D. Run the following Windows PowerShell script:
Get-CertificationAuthority -Name contoso.com | Get-PolicyModuleFlag | Enable-
PolicyModuleFlag
EnableOCSPRevNoCheck, DisableExtensionList -RestartCA
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
http://www.certifychat.com/70-414-a/347-ensure-deploy-certificates-fabricam-com-domain.html
QUESTION 112
A company has offices in Seattle and Shanghai. You use Hyper-V Server as the server 2012 R2
virtualization platform. Each office has a secured server room where all the servers are located. Eighty
percent of the company’s servers are virtual.
The company signs a data center services agreement with a vendor that is located in New York. The
agreement includes a 1GB per second link to the collocation facility in New York.
The link between the Seattle and Shanghai offices is slow and unreliable.
You must design and implement a cost-effective data recovery solution to replicate virtual servers
from Seattle to both New York and Shanghai locations.
The solution must support the following requirements.
Perform failover replication from Seattle to New York.
Perform scheduled replication between as many location as possible.
In case of a disaster, a fast failover should be possible to the replicated
servers with minimal changes required to the existing infrastructure.
Which two actions should you perform? Each correct answer presents a part of the solution.
A. Use Hyper-V Replica unplanned failovers.
B. User Hyper-V Replica planned failovers.
C. Configure the Seattle Hyper-V server as the primary replica server and the New York Hyper-V server
as the secondary replica Server.
D. Configure the Seattle Hyper-V server as the primary replica server and the Shanghai Hyper-V server
as the secondary replica server
Correct Answer: BC
Section: [none]
Explanation
Explanation/Reference:
http://www.certifychat.com/70-414-a/348-design-implement-cost-effective-data-recovery-solution.html?
highlight=design+implement+cost-effective+data+recovery+solution+replicate+virtual+servers+Seattle
+York+Shanghai+locations.
QUESTION 113
Your network contains a Microsoft System 2012 insfrastruture. The infrastruture contains two host group
that are configured as shown in the following table.
You integrate Operations Manager and Virtual Machine Manager (VMM).
You need to ensure that all PRO tips are implemented automatically for the critical virtual machines
only.
What should you do?
More tan one answer choice may achieve the goal. Select the BEST answer.
A. Move all of the critical Virtual Machines to HG1, and then Modify the properties of HG1
B. Modify the properties of the All Host group.
C. Move all of the critical machines to a new host group named HG3, and then modify the properties of
HG3
D. Modify the properties os each critical virtual machine
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Performance and Resource Optimization (PRO) Tips:
To activate PRO, enable PRO for the host clusters and host groups containing the VMs that you want to
participate in PRO or enable system-wide PRO in the VMM settings.
To define the scope that PRO is enabled on, place the VMs that you want PRO enabled for in a Host
Group and activate PRO for that host group. (Remember, in VMM, a Host Group is like an
Organizational Unit).
PRO tips are Performance and Resource Optimization Tip messages. When enabled, PRO assesses the
state of the VMs in it's scope and gives you tips on how to optimize their performance and resource usage.
https://technet.microsoft.com/en-us/library/cc956140.aspx
http://www.certifychat.com/70-414-a/371-ensure-pro-tips-implemented-automatically-critical.html?
highlight=network+Microsoft+System+2012+insfrastruture.+infrastruture+host+group+configured+shown
+table.
QUESTION 114
Your network contains a Hyper-V host named Host1. Host1 hosts 25 Virtual machines.
All of the virtual machines are configured to start automatically when Host1 restarts.
You discover that some of the virtual machines fail to start automatically when Host1 restarts and require
an administrator to start them manually.
You need to modify the settings of the virtual machines to ensure that they automatically restart
when Host1 restarts.
Which settings should you modify?
A. Integration Services
B. Memory
C. Processor
D. BIOS
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
We need to modify the available Startup RAM assigned to the VMs.
There is obviously not enough RAM available for all the VMs and the Host OS to boot up at once, so we
lower the startup memory so that all the machines will start more slowly, but at least they have enough
RAM.
http://www.certifychat.com/70-414-a/364-modify-settings-virtual-machines-ensure-automatic.html
QUESTION 115
You have an Active Directory domain named adatum.com. All servers run Windows Server 2012.
You have a failover cluster named FC1 that contains two servers named Node1 and Node2. Node1 and
Node2 are connected to an iSCSI Storage Area Network (SAN).
You plan to deploy a shared folder named Share1 to FC1.
You need to recommend which cluster resource must be created to ensure that the shared folder
can be accessed from both nodes of FC1 simultaneously.
What should you recommend?
A. The Generic Application cluster role
B. The clustered File Server role of the File Server for general use type
C. The clustered File Server role of the File Server for scale-out application data type
D. The DFS Namespace Server cluster role
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
http://www.certifychat.com/70-414-a/368-recommend-cluster-resource-created-ensure-share.html
QUESTION 116
You have an Active Directory domain named adatum.com. All servers fun Windows Server 2012. All client
computers run Windows 8.
You need to recommend a solution to provide users the ability to reset their passwords without any
administrator intervention.
What should you include in the recommendation?
A. the Microsoft System Center 2012 Orchestrator runbooks and Microsoft System Center 2012 Operation
Manager management packs
B. the Microsoft System Center 2012 Service Manager Self-Service Portal and Microsoft System Center
2012 Orchestrator runbooks
C. the Microsoft System Center 2012 Service Manager and Microsoft System Center 2012 Configuration
Manager collections
D. the Microsoft System Center 2012 Service Manager Self-Service Portal and Microsoft System Center
2012 App Controller
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
We obviously need Service Manager and the Self-Service Portal....
The question asks us to allow users to "reset" their password... this implies that we need them to be able to
reset the password NOT change it to whatever they want. We can use an Orchestrator Runbook that
automatically generates a new password for the users when they request it from their Portal.
http://contoso.se/blog/?p=3085
http://www.certifychat.com/70-414-a/369-provide-users-ability-reset-passwords-administrator-interven.html
QUESTION 117
Your network contains a virtualization infrastructure. The virtualization infrastruture contains two Hyper-V
Hosts named Host1 and Host2. Host1 and Host2 are members of a host group named HostGroup1.
You need to recommend a delegation solution to ensure that members of a group named
VMAdmins can perform the following task on Host2:
Create new virtual machines.
Manage virtual machines.
Manage the settings of network connections.
Create network adapter teams
The solution must minimize the number of permissions assigned to VMadmins,
What group or role should you use to delegate the permissions?
A. a user role that is based on the Delegated Administrator profile
B. a user role that is based on the Self-Service User Profile
C. the local Hyper-V Administrator group
D. a user role that is based on the Administrator profile
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Administrator profile users can perform all VMM actions on all objects that are managed by the VMM
server. So also Host1.
Delegated Administrator role users have full VMM administrator rights, with a few exceptions, on all objects
in the scope defined by the host groups and library that are assigned to the role. A delegated administrator
cannot modify VMM settings or add or remove members of the Administrator role. Thus Cannot change
teaming settings
Self-Service User role can use the VMM console or the VMM command shell to create and manage their
own virtual machines and services. In the VMM console, self-service users can view status, resource
usage, jobs, and PRO tips (by permission only) for their own virtual machines and services. They can view
available capacity and quota usage within their assigned private clouds, but they cannot see host groups,
hosts, library servers and shares, or network and storage configurations.
The Hyper-V Administrators group is a new local security group. Add users to this group instead of the
local Administrators group to provide them with access to Hyper-V. Members of the Hyper-V
Administrators have complete and unrestricted access to all features of Hyper-V.
QUESTION 118
Your network contains five Active Directory forests.
You plan to protect the resources in one of the forests by using Active Directory Rights Management
Services (AD RMS)
users in only one forest will access the protected resources
You need to identify the minimum number of AD RMS clusters required for the planned deployment.
What should you identify?
A. Five root clusters and one licensing cluster
B. Five licensing clusters and one root clusters
C. One root cluster
D. One licensing cluster
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
http://www.certifychat.com/70-414-a/394-identify-minimum-ad-rms-clusters-requiredplanned.
html#post2121
QUESTION 119
You have a Windows Server 2012 R2 failover cluster that contains four nodes. The cluster has Dynamic
Optimization enabled. You deploy three highly available virtual machines to the cluster by using System
Center 2012 R2 Virtual Machine Manager (VMM). You need to prevent Dynamic Optimization from placing
any of the three virtual machines in the same node.
What should you do?
A. From the Virtual Machine Manager console, modify the Custom Properties of the virtual machines.
B. Set the Priority property of the virtual machine cluster role.
C. Set the AntiAffinityClassName property of the virtual machine cluster role.
D. From the Virtual Machine Manager console, modify the Compatibility settings in the Hardware
Configuration properties of the virtual machines.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
QUESTION 120
Your network contains an Active Directory domain named contoso.com.
The corporate security policy states that when new user accounts, computer accounts, and contacts are
added to an organizational unit (OU) named Secure, the addition must be audited.
You need to recommend an auditing solution to meet the security policy.
What should you include in the recommendation?
A. From the Default Domain Controllers Policy, enable the Audit directory services setting. From the
Secure OU, modify the 'Auditing settings.
B. From a Group Policy object (GPO) that is linked to the Secure OU, enable the Audit directory services
setting. From the Domain Controllers 00, modify the Permissions settings.
C. From a Group Policy object (GPO) that is linked to the Secure Ol4 enable the Audit directory services
setting. From the Domain Controllers OU, modify the Auditing settings.
D. From the Default Domain Controllers Policy, enable the Audit directory services setting. From the
Secure OU, modify the Permissions settings.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Question Set 1
QUESTION 1
Your network contains servers that run Windows Server 2012.
The network contains two servers named Server1 and Server2 that are connected to a SAS storage
device.
The device only supports two connected computers.
Server1 has the iSCSI Target Server role service installed.
Ten application servers use their iSCSI Initiator to connect to virtual disks in the SAS storage device via
iSCSI targets on Server1.
Currently, Server2 is used only to run backup software.
You install the iSCSI Target Server role service on Server2.
You need to ensure that the iSCSItargets are available if Server1 fails.
Which five actions should you perform? To answer, move the five appropriate actions from the list of
actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked with certbase
Explanation:
http://blogs.msdn.com/b/clustering/archive/2012/05/01/10299698.aspx
QUESTION 2
Your network contains multiple servers that run Windows Server 2012.
You plan to implement three virtual disks.
The virtual disks will be configured as shown in the following table.
You need to identify the minimum number of physical disks required for each virtual disk.
How many disks should you identify? To answer, drag the appropriate number of disks to the correct virtual
disk in the answer area. Each number of disks may be used once, more than once, or not at all.
Additionally, you may need to drag the split bar between panes or scroll to view content.
Select and Place:
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked with certbase
Explanation:
http://technet.microsoft.com/es-es/library/jj822938.aspx
They are not talking about Clusters, a single server only, so a standalone server.
QUESTION 3
You plan to delegate the management of virtual machines to five groups by using Microsoft System Center
2012 Virtual Machine Manager (VMM).
The network contains 20 Hyper-V hosts in a host group named HostGroup1.
You identify the requirements for each group as shown in the following table.
You need to identify which user role must be assigned to each group.
Which user roles should you identify? To answer, drag the appropriate user role to the correct group in the
answer area. Each user role may be used once, more than once, or not at all. Additionally, you may need
to drag the split bar between panes or scroll to view content.
Select and Place:
Correct Answer:
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked with certbase
Explanation:
http://mountainss.wordpress.com/2011/11/19/user-roles-in-system-center-virtual-machine-manager-2012/
http://technet.microsoft.com/en-us/library/gg696971.aspx
QUESTION 4
You have a failover cluster named Cluster1 that contains four Hyper-V hosts.
Cluster1 hosts 20 virtual machines.
You deploy a new failover cluster named Cluster2.
You plan to replicate the virtual machines from Cluster1 to Cluster2.
You need to recommend which actions must be performed on Cluster2 for the planned deployment.
Which three actions should you recommend? To answer, move the three appropriate actions from the list
of actions to the answer area and arrange them in the correct order.
Select and Place:
Section: [none]
Explanation
Explanation/Reference:
Explanation:
- Windows Server 2012 Hyper-V Role introduces a new capability, Hyper-V Replica, as a built-in
replication mechanism at a virtual machine (VM) level.
Hyper-V Replica can asynchronously replicate a selected VM running at a primary site to a designated
replica site across LAN/WAN.
Step 1: Prepare to Deploy Hyper-V Replica
1.1. Make basic planning decisions
1.2. Install the Hyper-V server role
1.3. Configure the firewall
1.4. Configure Hyper-V Replica Broker
Step2: Step 2: Enable Replication
2.1 Configure the Replica server
2.2. Configure a Replica server that is part of a failover cluster (optional)
2.3 Enable replication for virtual machines
Each virtual machine that is to be replicated must be enabled for replication.
2.4 Configure primary server to receive replication
QUESTION 5
Your network contains two servers named Server1 and Server2 that run Windows Server 2012.
Server1 has the iSCSI Target Server role service installed and is configured to have five iSCSI virtual
disks.
You install the Multipath I/O (MPIO) feature on Server2.
From the MPIO snap-in, you add support for iSCSI devices.
You need to ensure that Server2 can connect to the five iSCSI disks.
The solution must ensure that Server2 uses MPIO to access the disks.
Which three actions should you perform? To answer, move the three appropriate actions from the list of
actions to the answer area and arrange them in the correct order.
Correct Answer:
Section: [none]
Explanation
Explanation/Reference:
Explanation:
- (Step 1):
On the Specify Access Servers page, click Add to specify the iSCSI initiator that will access your iSCSI
virtual disk. Doing this opens the Add Initiator ID dialog box
- (Step 2):
CONFIGURE ISCSI INITIATOR ON CLUSTER-NODES Start the iScsi Initiator control panel by running
iscsicpl on the command line. You will see a warning about the iScsi Initiator Service. Click Yes to start the
service. The properties screen will appear. Type the Target Server (in this scenario the DC) IP address in
the Target box and click Quick Connect.
The two targets are shown in the dialog box. Click Done. In the iScsi Initiator Properties screen you see the
two targets with status Inactive. Highlight the first one and click the Properties button.
In the Properties screen click the Add Session button. In the Connect to Target popup window you will get
select Enable multi-path and click Advanced.
- (Step 3):
Reference: Creating a Windows Server 2012 Multipath I/O iScsi Fail-over Cluster
QUESTION 6
Your network contains an Active Directory domain named contoso.com.
The network has an Active Directory Certificate Services (AD CS) infrastructure.
You publish the certificate revocation list (CRL) to a farm of Web servers.
You are creating a disaster recovery plan for the AD CS infrastructure.
You need to recommend which actions must be performed to restore certificate revocation
checking if a certification authority (CA) is offline for an extended period of time.
Which three actions should you recommend? To answer, move the three appropriate actions from the list
of actions to the answer area and arrange them in the correct order.
Select and Place:
Section: [none]
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc732443(v=ws.10).aspx
QUESTION 7
Your network contains an Active Directory domain named contoso.com.
The domain contains four servers named Server1, Server2, Server3, and Server4 that run Windows Server
2012.
Server1 and Server2 are configured as file servers and are part of a failover cluster named Cluster1.
Server3 and Server4 have Microsoft SQL Server 2012 installed and are part of a failover cluster named
Cluster2.
You add a disk named Disk1 to the nodes in Cluster1.
Disk1 will be used to store the data files and log files used by SQL Server 2012.
You need to configure the environment so that access to Disk1 remains available when a node on
Cluster1 fails over or fails back.
Which three actions should you perform? To answer, move the three appropriate actions from the list of
actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Section: [none]
Explanation
Explanation/Reference:
Explanation:
http://blogs.technet.com/b/josebda/archive/2012/08/23/windows-server-2012-scale-out-file-server-forsqlserver-
2012-step-by-step-installation.aspx
QUESTION 8
Your network contains an Active Directory domain named contoso.com.
The domain contains multiple servers that are configured as Hyper-V hosts.
You plan to implement four virtual machines.
The virtual machines will be configured as shown in the following table.
You need to identify which network must be added to each virtual machine.
Which network types should you identify? To answer, drag the appropriate Network Type to the correct
virtual machine in the answer area. Each Network Type may be used once, more than once, or not at all.
Additionally, you may need to drag the split bar between panes or scroll to view content.
Select and Place:
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked with certbase
Explanation:
http://blogs.technet.com/b/jhoward/archive/2008/06/17/hyper-v-what-are-the-uses-for-different-types-ofvirtual-
networks.aspx
An external network, which provides communication between a virtual machine and a physical network by
creating an association to a physical network adapter on the virtualization server.
An internal network, which provides communication between the virtualization server and virtual machines.
A private network, which provides communication between virtual machines only.
http://technet.microsoft.com/en-us/library/cc732470%28v=WS.10%29.aspx
QUESTION 9
Your network contains two servers named Server1 and Server2 that run Windows Server 2012.
Server1 and Server2 have the Hyper-V server role installed and are members of a failover cluster.
The network contains a Storage Area Network (SAN) that has a LUN named LUN1.
LUN1 is connected to a 12-TB disk on the SAN.
You plan to host three new virtual machines on the failover cluster.
Each virtual machine will store up to 4 TB of data on a single disk.
The virtual machines will be backed up from the hosts by using the Volume Shadow Copy Service (VSS).
You need to ensure that Server1 and Server2 can store the new virtual machines on the SAN.
Which three actions should you perform? To answer, move the three appropriate actions from the list of
actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked with certbase
Explanation:
http://technet.microsoft.com/en-us/library/hh831446.aspx
QUESTION 10
Your company has four offices.
The offices are located in Montreal, Seattle, New York, and Miami.
Users access all of the web-based resources by using web proxy servers.
The IP addresses of the web proxies at each office are configured as shown in the following table.
The connections to the web proxies are balanced by using round-robin DNS.
The company plans to deploy a new application.
The new application has a farm of front-end web servers that connect to a back-end application server.
When a session to a web server is established, the web server stores data until the session closes.
Once the session closes, the data is sent to the application server.
You need to ensure that the incoming sessions to the web server farm are distributed among the
web servers.
The solution must ensure that if a web server fails, the users are NOT directed to the failed server.
How should you configure the port rule? To answer, select the appropriate options in the answer area.
Hot Area:
Section: [none]
Explanation
Explanation/Reference:
QUESTION 11
Your network contains an Active Directory domain named contoso.com.
The domain contains a Network Load Balancing (NLB) cluster named Cluster1 that contains four nodes.
Cluster1 hosts a web application named App1.
The session state information of App1 is stored in a Microsoft SQL Server 2012 database.
The network contains four subnets.
You discover that all of the users from a subnet named Subnet1 always connect to the same NLB node.
You need to ensure that all of the users from each of the subnets connect equally across all of the
nodes in Cluster1.
What should you modify from the port settings? To answer, select the appropriate setting in the answer
area.
Hot Area:
Section: [none]
Explanation
Explanation/Reference:
QUESTION 12
Your network contains an Active Directory domain named contoso.com.
The domain contains two domain controllers named DC1 and DC2.
The domain contains a server named Server1.
Server1 is a certification authority (CA).
All servers run Windows Server 2012 R2.
You plan to deploy BitLocker Drive Encryption (BitLocker) to all client computers.
The unique identifier for your organization is set to Contoso.
You need to ensure that you can recover the BitLocker encrypted data by using a BitLocker data
recovery agent.
You must be able to perform the recovery from any administrative computer.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list
of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Section: [none]
Explanation
Explanation/Reference:
QUESTION 13
You plan to deploy a certification authority (CA) infrastructure that contains the following servers:
- An offline standalone root CA named CA1
- An enterprise subordinate CA named CA2
On all of the computers, you import the root CA certificate from CA1 to the Trusted Root Certification
Authorities Certificates store.
You need to ensure that CA2 can issue certificates for the CA hierarchy.
What should you do? To answer, select the appropriate options in the answer area.
Hot Area:
Section: [none]
Explanation
Explanation/Reference:
QUESTION 14
Your network contains five physical servers.
The servers are configured as shown in the following table.
All servers run Windows Server 2012 R2.
During the setup of VMM, you configure distributed key management.
You need to ensure that the entire VMM infrastructure can be restored.
What should you include in the backup plan? To answer, select the appropriate server to back up for each
backup content type in the answer.
Hot Area:
Correct Answer:
Section: [none]
Explanation
Explanation/Reference:
QUESTION 15
Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2012 R2.
System Center 2012 R2 Virtual Machine Manager (VMM) is deployed to the domain.
In VMM, you create a host group named HostGroup1.
You add a 16-node Hyper-V failover cluster to HostGroup1.
From Windows PowerShell, you run the following commands:
Use the drop-down menus to select the answer choice that completes each statement.
Hot Area:
Correct Answer:
Section: [none]
Explanation
Explanation/Reference:
QUESTION 16
You are planning to set up a proof-of-concept network virtualization environment.
The environment will contain three servers.
The servers will be configured as shown in the following table.
You need to enable network connectivity between the virtual machines and Server3.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list
of actions to the answer area and arrange them in the correct order.
Select and Place:
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Windows Server Gateway
https://technet.microsoft.com/en-gb/library/dn313101.aspx
Windows Server Gateway integration with Hyper-V Network Virtualization
Windows Server Gateway is integrated with Hyper-V Network Virtualization, and is able to route network
traffic effectively in circumstances where there are many different customers - or tenants - who have
isolated virtual networks in the same datacenter.
Configuring VM Networks and Gateways in VMM
https://technet.microsoft.com/en-us/library/jj721575.aspx
And the procedure itself:
How to Add a Windows Server Gateway in VMM in System Center 2012 R2
https://technet.microsoft.com/en-us/library/dn249417.aspx
QUESTION 17
You have a System Center 2012 R2 Virtual Machine Manager (VMM) deployment.
You implement Hyper-V Recovery Manager for the deployment.
You create two new clouds named Cloud1 and Cloud2.
Metadata for both clouds is uploaded to Windows Azure.
You need to ensure that the virtual machines in Cloud1 are protected by using replicas in Cloud2.
Where should you perform each action? To answer, select the appropriate tool for each action in the
answer area.
Section: [none]
Explanation
Explanation/Reference:
QUESTION 18
Your network contains an Active Directory forest named contoso.com.
All servers run Windows Server 2012 R2.
The forest contains two servers.
The servers are configured as shown in the following table.
You prepare the forest to support Workplace Join and you enable the Device Registration Service (DRS)
on Server1.
You need to ensure that Workplace Join meets the following requirements:
- Application access must be based on device claims.
- Users who attempt to join their device to the workplace through Server2 must
be prevented from locking out their Active Directory account due to invalid
credentials.
Which cmdlet should you run to achieve each requirement? To answer, select the cmdlet for each
requirement in the answer area.
Hot Area:
Section: [none]
Explanation
Explanation/Reference:
QUESTION 19
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
You have a failover cluster named Cluster1 that contains two nodes named Server1 and Server2.
Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed.
You plan to create two virtual machines that will run an application named App1.
App1 will store data on a virtual hard drive named App1data.vhdx.
App1data.vhdx will be shared by both virtual machines.
The network contains the following shared folders:
- An SMB file share named Share1 that is hosted on a Scale-Out File Server.
- An SMB file share named Share2 that is hosted on a standalone file server.
- An NFS share named Share3 that is hosted on a standalone file server.
You need to ensure that both virtual machines can use App1data.vhdx simultaneously.
What should you do? To answer, select the appropriate configurations in the answer area.
Section: [none]
Explanation
Explanation/Reference:
QUESTION 20
Drag and Drop Question
You use the entire System Center suite.
You integrate Service Manager with Operations Manager. Virtual Machine Manager, Orchestrator, and
Active Directory.
You perform all remediation by using Orchestrator runbooks. An application experiences performance
problems on a periodic basis.
You have the following requirements:
A new incident must be opened when System Center Operations Manager (SCOM) detects a
performance problem.
The incident must be closed when the performance problem is resolved.
The incident must be associated with the HR performance problem in Service Manager.
You need to configure the environment.
Select and Place:
Section: [none]
Explanation
Explanation/Reference:
QUESTION 21
Drag and Drop Question
You are planning to set up a proof-of-concept network virtualization environment.
The environment will contain three servers. The servers will be configured as shown in the following table.
VMM will be used to manage the virtualization environment.
Server2 runs three virtual machines. All of the virtual machines are configured to use network virtualization.
You need to enable network connectivity between the virtual machines and Server3.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list
of actions to the answer area and arrange them in the correct order.
Select and Place:
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Windows Server Gateway
https://technet.microsoft.com/en-gb/library/dn313101.aspx
Windows Server Gateway integration with Hyper-V Network Virtualization
Windows Server Gateway is integrated with Hyper-V Network Virtualization, and is able to route network
traffic effectively in circumstances where there are many different customers - or tenants - who have
isolated virtual networks in the same datacenter.
Configuring VM Networks and Gateways in VMM
https://technet.microsoft.com/en-us/library/jj721575.aspx
And the procedure itself:
How to Add a Windows Server Gateway in VMM in System Center 2012 R2
https://technet.microsoft.com/en-us/library/dn249417.aspx
QUESTION 22
Drag and Drop Question
You need to ensure that all new production Hyper-V virtual machines can be deployed correctly.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the
list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Section: [none]
Explanation
Explanation/Reference:
QUESTION 23
Drag and Drop Question
You need to configure the environment to support App1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list
of actions to the answer area and arrange them in the correct order.
Select and Place:
Explanation
Explanation/Reference:
QUESTION 24
You plan to implement a virtualization solution to host 10 virtual machines.
All of the virtual machines will be hosted on servers that run Windows Server 2012.
You need to identify which servers must be deployed for the planned virtualization solution.
The solution must meet the following requirements:
- Minimize the number of servers.
- Ensure that live migration can be used between the hosts.
Which servers should you identify? To answer, select the appropriate servers in the answer area.
A. OPTION 1
B. OPTION 2
C. OPTION 3
D. OPTION 4
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Just two server with Hyper-V installed is enough to perform a Live Migration. (Minimize the number of
servers)
QUESTION 25
You have a failover cluster named Cluster1 that contains two Hyper-V hosts named Hyped. and Hyper2.
Clusterl hosts 15 virtual machines.
You deploy a new server named Hyper3.
You plan to replicate the virtual machines from Clusterl to Hyper3.
You need to recommend which actions must be performed on Hyper3 for the planned deployment.
Select and Place:
Section: [none]
Explanation
Explanation/Reference:
Note:
* Windows Server 2012 Hyper-V Role introduces a new capability, Hyper-V Replica, as a
built-in replication mechanism at a virtual machine (VM) level. Hyper-V Replica can
asynchronously replicate a selected VM running at a primary site to a designated replica site
across LAN/WAN.
*Step 1:
Prepare to Deploy Hyper-V Replica
1.1. Make basic planning decisions
1.2. Install the Hyper-V server role
1.3. Configure the firewall
1.4. Configure Hyper-V Replica Broker
Step2:
Step 2: Enable Replication
2.1 Configure the Replica server
2.2. Configure a Replica server that is part of a failover cluster (optional)
2.3 Enable replication for virtual machines
Each virtual machine that is to be replicated must be enabled for replication.
2.4 Configure primary server to receive replication
Reference: Deploy Hyper-V Replica
QUESTION 26
You plan to delegate the management of virtual machines to five groups by using Microsoft System Center
2012 Virtual Machine Manager (VMM).
The network contains 30 Hyper-V hosts in a host group named HG1.
You identify the requirements for each group as shown in the following table.
You need to identify which user role must be assigned to each group.
Which user roles should you identify?
To answer, drag the appropriate user role to the correct group in the answer area. Each user role may be
used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or
scroll to view content.
Select and Place:
Section: [none]
Explanation
Explanation/Reference:
QUESTION 27
Your network contains an Active Directory domain named contoso.com.
The network has an Active Directory Certificate Services (AD CS) infrastructure.
You publish the certificate revocation list (CRL) to a farm of Web servers.
You are creating a disaster recovery plan for the AD CS infrastructure.
You need to recommend which actions must be performed to restore certificate revocation
checking if a certification authority (CA) is offline for an extended period of time.
Which three actions should you recommend? To answer, move the three appropriate actions from the list
of actions to the answer area and arrange them in the correct order.
Select and Place:
Section: [none]
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc732443(v=ws.10).aspx
Question Set 1
QUESTION 1
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System Center 2012 infrastructure.
You deploy a service named Service1 by using a service template.
Service1 contains two virtual machines.
The virtual machines are configured as shown in the following table.
You need to recommend a monitoring solution to ensure that an administrator can review the
availability information of Service1.
Solution: From Configuration Manager, you create a Collection and a Desired Configuration Management
baseline.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 2
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System Center 2012 infrastructure.
You deploy a service named Service1 by using a service template.
Service1 contains two virtual machines.
The virtual machines are configured as shown in the following table.
You need to recommend a monitoring solution to ensure that an administrator can review the
availability information of Service1.
Solution: From Virtual Machine Manager (VMM), you modify the properties of the service template.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 3
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System Center 2012 infrastructure.
You deploy a service named Service1 by using a service template.
Service1 contains two virtual machines.
The virtual machines are configured as shown in the following table.
You need to recommend a monitoring solution to ensure that an administrator can review the
availability information of Service1.
Solution: From Operations Manager, you create a Distributed Application and a Service Level Tracking
object.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
QUESTION 4
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System Center 2012 infrastructure.
You deploy a service named Service1 by using a service template.
Service1 contains two virtual machines.
The virtual machines are configured as shown in the following table.
You need to recommend a monitoring solution to ensure that an administrator can review the
availability information of Service1.
Solution: From Operations Manager, you create a Distributed Application and a Monitor Override.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 5
Your network contains five servers that run Windows Server 2012 R2.
You install the Hyper-V server role on the servers.
You create an external virtual network switch on each server.
You plan to deploy five virtual machines to each Hyper-V server.
Each virtual machine will have a virtual network adapter that is connected to the external virtual network
switch and that has a VLAN identifier of 1.
Each virtual machine will run Windows Server 2012 R2.
All of the virtual machines will run the identical web application.
You plan to install the Network Load Balancing (NLB) feature on each virtual machine and join each virtual
machine to an NLB cluster.
The cluster will be configured to use unicast only.
You need to ensure that the NLB feature can distribute connections across all of the virtual
machines.
Solution: From the properties of each virtual machine, you enable MAC address spoofing for the existing
virtual network adapter.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
QUESTION 6
Your network contains five servers that run Windows Server 2012 R2.
You install the Hyper-V server role on the servers.
You create an external virtual network switch on each server.
You plan to deploy five virtual machines to each Hyper-V server.
Each virtual machine will have a virtual network adapter that is connected to the external virtual network
switch and that has a VLAN identifier of 1.
Each virtual machine will run Windows Server 2012 R2.
All of the virtual machines will run the identical web application.
You plan to install the Network Load Balancing (NLB) feature on each virtual machine and join each virtual
machine to an NLB cluster.
The cluster will be configured to use unicast only.
You need to ensure that the NLB feature can distribute connections across all of the virtual
machines.
Solution: On each Hyper-V server, you create a new external virtual network switch.
From the properties of each virtual machine, you add a second virtual network adapter and connect the
new virtual network adapters to the new external virtual network switches.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 7
Your network contains five servers that run Windows Server 2012 R2.
You install the Hyper-V server role on the servers.
You create an external virtual network switch on each server.
You plan to deploy five virtual machines to each Hyper-V server.
Each virtual machine will have a virtual network adapter that is connected to the external virtual network
switch and that has a VLAN identifier of 1.
Each virtual machine will run Windows Server 2012 R2. All of the virtual machines will run the identical
web application.
You plan to install the Network Load Balancing (NLB) feature on each virtual machine and join each virtual
machine to an NLB cluster.
The cluster will be configured to use unicast only.
You need to ensure that the NLB feature can distribute connections across all of the virtual
machines.
Solution: On each Hyper-V server, you create a new private virtual network switch.
From the properties of each virtual machine, you add a second virtual network adapter and connect the
new virtual network adapters to the new private virtual network switches.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 8
Your network contains five servers that run Windows Server 2012 R2.
You install the Hyper-V server role on the servers.
You create an external virtual network switch on each server.
You plan to deploy five virtual machines to each Hyper-V server.
Each virtual machine will have a virtual network adapter that is connected to the external virtual network
switch and that has a VLAN identifier of 1.
Each virtual machine will run Windows Server 2012 R2.
All of the virtual machines will run the identical web application.
You plan to install the Network Load Balancing (NLB) feature on each virtual machine and join each virtual
machine to an NLB cluster.
The cluster will be configured to use unicast only.
You need to ensure that the NLB feature can distribute connections across all of the virtual
machines.
Solution: From the properties of each virtual machine, you add a second virtual network adapter.
You connect the new virtual network adapters to the external virtual network switch and configure the new
virtual network adapters to use a VLAN identifier of 2.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 9
Your network contains an Active Directory domain named contoso.com.
The network has an Active Directory Certificate Services (AD CS) infrastructure.
You need to issue a certificate to users to meet the following requirements:
- Ensure that the users can encrypt files by using Encrypting File System
(EFS).
- Ensure that all of the users reenroll for their certificate every six months.
Solution: You create a copy of the User certificate template, and then you modify the extensions of the
copy.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 10
Your network contains an Active Directory domain named contoso.com.
The network has an Active Directory Certificate Services (AD CS) infrastructure.
You need to issue a certificate to users to meet the following requirements:
- Ensure that the users can encrypt files by using Encrypting File System
(EFS).
- Ensure that all of the users reenroll for their certificate every six months.
Solution: From the properties of the Basic EFS template, you assign the Allow -Enroll permission to the
Authenticated Users group.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 11
Your network contains an Active Directory domain named contoso.com.
The network has an Active Directory Certificate Services (AD CS) infrastructure
.
You need to issue a certificate to users to meet the following requirements:
- Ensure that the users can encrypt files by using Encrypting File System
(EFS).
- Ensure that all of the users reenroll for their certificate every six months.
Solution: You create a copy of the Basic EFS certificate template, and then you modify the validity period
of the copy.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
QUESTION 12
Your network contains an Active Directory domain named contoso.com.
The network has an Active Directory Certificate Services (AD CS) infrastructure.
You need to issue a certificate to users to meet the following requirements:
- Ensure that the users can encrypt files by using Encrypting File System
(EFS).
- Ensure that all of the users reenroll for their certificate every six months.
Solution: From the properties of the User certificate template, you assign the Allow -Enroll permission to
the Authenticated Users group.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 13
You manage a Hyper-V 2012 cluster by using System Center Virtual Machine Manager 2012 SP1.
You need to ensure high availability for business-critical virtual machines (VMs) that host
business-critical SQL Server databases.
Solution: You set the memory-weight threshold value to High for each business-critical VM.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 14
You manage a Hyper-V 2012 cluster by using System Center Virtual Machine Manager 2012 SP1.
You need to ensure high availability for business-critical virtual machines (VMs) that host
business-critical SQL Server databases.
Solution: You configure preferred and possible owners for each business-critical VM.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 15
An organization uses an Active Directory Rights Management Services (AD RMS) cluster named RMS1 to
protect content for a project.
You uninstall AD RMS when the project is complete. You need to ensure that the protected content is still
available after AD RMS is uninstalled.
Solution: You enable the decommissioning service by using the AD RMS management console.
You grant all users the Read & Execute permission to the decommission pipeline.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
QUESTION 16
An organization uses an Active Directory Rights Management Services (AD RMS) cluster names RMS1 to
protect content for a project.
You uninstall AD RMS when the project is complete.
You need to ensure that the protected content is still available after AD RMS is uninstalled.
Solution: You run the following command from an administrative command prompt:
cipher /a/d/s:<protected share name>
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 17
An organization uses an Active Directory Rights Management Services (AD RMS) cluster named RMS1 to
protect content for a project .
You uninstall ADRMS when the project is complete.
You need to ensure that the protected content is still available after AD RMS is uninstalled.
Solution: You run the following command from an administrative command prompt:
cipher/a/d/s:
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 18
You manage a Hyper-V 2012 cluster by using system center virtual manchine manager 2012 SP1.
You need to ensure high availability for business-critical virtual machines (VMs) that host business-critical
SQL server databases.
Solution: You create a custom placement rule and apply it to all business-critical VMs.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
ATT: This question is one of a series of similar questions where only the “Solution” changes. the answer
to this one appears to always be “No” unless the Solution involves the following:
Adding the VMs to an "Availability Set.
Modifying the Preferred and Possible Owners.
Configuring Custom Placement Rules."
The Following Settings all enable an aspect of Failover for Virtual Machines Running in a Cluster in VMM:
Availability Sets will make them highly avialable because VMM will keep each VM that is in the availability
set on its own SEPERATE physical Host machine. This is highly available because if one Host machine
crashes, you will only lose one of the SQL servers at most.
Preferred and Possible Owner nodes set preferences for which cluster nodes each VM is allowed on
(Possible Owners), and which nodes you would prefer each VM to be on (Preferred Owners). During
Dynamic Optimization, patching or cluster failover, your preferences will be taken into account and your
specified target nodes will be preferred. (This can be used in the same way as an Availability Set to keep
the SQL servers off the same physical Host.
Custom Placement Rules allow use to set which machine a VM must failover to, among other things. You
can also adjust cost settings etc.
QUESTION 19
You manage a Hyper-V 2012 cluster by using System Center Virtual Machine Manager 2012 SP1.
You need to ensure high availability for business-critical virtual machines (VMs) that host
business-critical SQL Server databases.
Solution: You create an availability set and place each business-critial VM in the set.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Pending
QUESTION 20
You plan to allow users to run internal applications from outside the company's network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS) role
installed.
You must secure on-premises resources by using multi-factor authentication (MFA).
You need to design a solution to enforce different access levels for users with personal Windows
8.1 or iOS 8 devices.
Solution: You migrate the AD FS server to Microsoft Azure and connect it to the internal Active Directory
instance on the network.
Then, you use the Workplace Join process to configure access for personal devices to the on-premises
resources.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
QUESTION 21
You plan to allow users to run internal applications from outside the company's network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS) role
installed.
You must secure on-premises resources by using multi-factor authentication (MFA).
You need to design a solution to enforce different access levels for users with personal Windows
8.1 or iOS 8 devices.
Solution: You install a local instance of MFA Server and connect it your Microsoft Azure MFA provider.
Then, you use the Workplace Join process to configure access for personal devices to the on-premises
resources.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
QUESTION 22
You plan to allow users to run internal applications from outside the company s network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS) role
installed.
You must secure on-premises resources by using multi-factor authentication (MFA).
You need to design a solution to enforce different access levels for users with personal Windows
8.1 or iOS 8 devices.
Solution: You install a local instance of the MFA Server.
You connect the instance to the Microsoft Azure MFA provider and then you use Microsoft Intune to
manage personal devices.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
QUESTION 23
You plan to allow users to run internal applications from outside the company's network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS) role
installed.
You must secure on-premises resources by using multi-factor authentication (MFA).
You need to design a solution to enforce different access levels for users with personal Windows
8.1 or iOS 8 devices.
Solution: You install a local instance of MFA Server. You connect the instance to the Microsoft Azure MFA
provider, and then run the following Windows PowerShell cmdlet.
Enable-AdfsDeviceRegistration
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Explanation:
We must install AD FS Adapter, not register a host for the Device Registration Service. Note: The Enable-
AdfsDeviceRegistration cmdlet configures a server in an Active Directory Federation Services (AD FS)
farm to host the Device Registration Service.
https://msdn.microsoft.com/en-us/library/azure/dn807157.aspx
QUESTION 24
An organization uses an Active Directory Rights Management Services (AD RMS) cluster named RMS1 to
protect content for a project.
You uninstall AD RMS when the project is complete.
You need to ensure that the protected content is still available after AD RMS is uninstalled.
Solution: You add the backup service account to the SuperUsers group and back up the protected
content. Then, you restore the content to a file server and apply the required NTFS permissions to the files.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 25
An organization uses an Active Directory Rights Management Services (AD RMS) cluster names RMS1 to
protect content for a project.
You uninstall AD RMS when the project is complete.
You need to ensure that the protected content is still available after AD RMS is uninstalled.
Solution: You run the following Windows PowerShell command:
Set-ItemProperty -Path <protected content>:\ -Name IsDecommissioned -Value
$true EnableDecommission
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
ATT: This question is one of a series of similar questions where ONLY the Soltion Changes. To
answer this question you simply need to know the steps required to ensure right's protected content is still
available after you uninstall AD RMS (detailed information regarding this is below under the "Explanation"
header.
To summarize: For the answer to this question to be "YES" you need to ENABLE DECOMMISSIONING
on the Cluster Node/s. You may also want to grant the AD RMS Users Read & Execute Permissions,
which will allow them to decrypt their content and store it as regular content on another database.
Explanation:
When you decommission AD RMS, the behavior of the AD RMS cluster is changed such that it can now
provide a key that decrypts the rights-protected content that it had previously published. This key allows
the content to be saved without AD RMS protection.
To decommissioning an AD RMS cluster:
1. Log on to the server on which you want to decommission AD RMS.
2. Modify the access control list (ACL) on the decommissioning.asmx file by granting the Everyone
group Read & Execute permissions. The default location for this file is %systemdrive%\inetpub
\wwwroot\_wmcs\decommission.
3. Open the Active Directory Rights Management Services console and add the AD RMS cluster.
Expand the AD RMS cluster, expand Security Policies , and then select Decommissioning .
4. Select the Enable Decommissioning option in the Actions pane. Can also be done with the
PowerShell Command: Set-ItemProperty -Path <drive>:\ -Name IsDecommissioned -Value $true -
EnableDecommission
5. Inform your users that you are decommissioning the AD RMS installation and advise them to connect
to the cluster to save their content without AD RMS protection. Alternatively, you could delegate a
trusted person to decrypt all rights-protected content by temporarily adding that person to the AD RMS
super users group.
6. After you believe that all of the content is unprotected and saved, you should export the server
licensor certificate, and then uninstall AD RMS from the server.
QUESTION 26
An organization uses an Active Directory Rights Management Services (AD RMS) cluster named RMS1 to
protect content for a project.
You uninstall AD RMS when the project is complete. You need to ensure that the protected content is still
available after AD RMS is uninstalled.
Solution: You enable the decommissioning service by using the AD RMS management console.
You grant all users the Read & Execute permission to the decommission pipeline.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
The proper procedure is:
Inform your users that you are decommissioning the AD RMS installation and advise them to connect to
the cluster to save their content without AD RMS protection. Alternatively, you could delegate a trusted
person to decrypt all rights- protected content by temporarily adding that person to the AD RMS super
users group.
After you believe that all of the content is unprotected and saved, you should export the server licensor
certificate, and then uninstall AD RMS from the server.
 |
 |
 |
 |
 | |
|---|---|---|---|---|---|
|
Test
King
|
Pass4sure
|
Actual
Tests
|
Other
Brands
| ||
| Customer Reviews |  |
 |
 |
 |
 |
|
$89.99
|
$124.99
|
$125.99
|
$189.00
|
$29.99~$49.99
| |
| Up-To-Dated |  |
 |
 |
 |
 |
| Real Questions & Answers |  |
 |
 |
 |
 |
| Correct All Error |  |
 |
 |
 |
 |
| Premium VCE Dumps |  |
 |
 |
 |
 |
| Free VCE Simulator |  |
 |
 |
 |
 |
| Unlimited After One Time Purchasing |  |
 |
 |
 |
 |
| Instant Download |  |
 |
 |
 |
 |
| Printable PDF Dumps |  |
 |
 |
 |
 |
| 100% Pass Guarantee |  |
 |
 |
 |
 |
| 100% Money Back |  |
 |
 |
 |
 |
100% Pass:http://examsavior.com/
No comments:
Post a Comment