You need to implement a Hyper-V Recovery Manager solution in the hosting environment of
Northwind Traders.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list
of actions to the answer area and arrange them in the correct order.
Select and Place:
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
In the section Planned changes it says:
Windows Azure Hyper-V Recovery Manager should be used for the protection of virtual machines.
Windows Azure Hyper-V Restore Manager is a cloud-based service, the Hyper-V Replication features the
Backing up virtual machines used in Windows Azure. Windows Azure Hyper-V Restore Manager is part of
Microsoft Azure Site Recovery.
Microsoft Azure Site Recovery can protect virtual machines running on Hyper-V host servers which are
located in VMM Clouds (System Center Virtual Machine Manager) , Using Azure Site Recovery You can
set up replication and failover between two local VMM servers or between a local VMM server and
Microsoft Azure.
For more information on the topic, see the Deployment Guide for Windows Azure Site Recovery: Deploying
Azure Site Recovery: Protection between local sites
https://azure.microsoft.com/en-us/documentation/articles/site-recovery-vmm-to-vmm/?cdn=disable
QUESTION 10
You need to recommend a configuration for the CA extensions of Northwind Traders that meets the
certificate revocation requirement of Customer1.
What should you recommend? To answer, select the appropriate prefix of the target location for the each
extension settings in the answer area.
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
In the section requirements of Customer1 states:
Customer1 must be able to check the revocation status of certificates, issued by the Northwind Traders.
The CRLs of Devtec GmbH can by activating the option CRLs published at this location for a location
type file: // will be published in a directory that is accessible through a web server. By activating the option
in the CDP extension of issued certificates include a matching http: // URL, the information for the
retrieval of the revocation list are directly integrated into the certificates.
Testlet 1
Case Study 5: Contoso Ltd Case B
Contoso, Ltd., is a software development company. The company has a main office in Seattle and branch
offices that are located in Los Angeles and New Delhi. Contoso's sales staff are all located in the Los
Angeles office. Contoso's software developers are all located in the New Delhi office.
Current Environment
The network for the Seattle office contains:
- 2 domain controllers with integrated DNS
- 200 Windows workstations
- 14-node Hyper-V cluster
- 1 file server with multiple shares
- 1 Active Directory Rights Management Services (AD RMS) cluster
The network for the Los Angeles office contains:
- 2 domain controllers with integrated DNS
- 100 Windows workstations
- 1 file server with multiple shares
The network for the New Delhi office contains:
- 2 domain controllers with integrated DNS
- 300 Windows workstations
- 10 Hyper-V servers that host 100 development virtual machines (VMs)
- 50 production virtual machines that are hosted in Azure
All the Contoso offices connect to each other by using VPN links, and each office is connected to the
Internet.
Contoso has a single Active Directory Domain Services (AD DS) domain named contoso.com.
Contoso.com has a configured certification authority (CA). Contoso currently leverages System Center
Virtual Machine Manager 2012 R2 to manage its virtual environment servers.
Contoso uses an application named HRApp1 for its human resources (HR) department. HR users report
that the application stops responding and must be restarted before they can continue their work.
Fabrikam Inc
Contoso has recently acquired Fabrikam. Inc. Fabrikam has a single office that is located in Seattle.
Fabrikam has a single AD DS domain named fabrikam.com.
The network for Fabrikam contains:
- 2 domain controllers with Active Directory-integrated DNS
- 150 Windows workstations
- 5 Hyper-V servers
- 1 file server with multiple shares
A two-way trust exists between Contoso.com and Fabrikam.com.
Business Requirements
Consolidation
Contoso must complete the consolidation of the Contoso and Fabrikam networks.
The consolidation of the two networks must:
- Minimize all hardware and software costs.
- Minimize WAN traffic.
- Enable the users by providing self-service whenever possible.
Security
Contoso requires that all Windows client devices must be encrypted with BitLocker by using the Trusted
Platform
The CA for the domain contoso.com must be designated as the resource forest. The domain
fabrikam.com must leverage certificates that are issued by the domain contoso.com.
Other Information
HRApp1
Each time HRApp1 stops responding and is restarted, an incident must be created and associated with
the existing problem ticket.
Development environment
You have the following requirements:
- Developers must be able to manage their own VM checkpoints.
- You must implement a disaster recovery strategy for development virtual machines.
Technical Requirements
Windows System Updates
You have the following system update requirements:
- Consolidate reporting of all software updates in all offices.
- Software updates must be applied to all Windows devices.
- Ensure the ability to report on update compliance.
Monitoring
You have the following monitoring requirements:
- Each time HRApp1 shows performance problems, ensure that a ticket is created.
- When performance problems are resolved, ensure that the ticket closes automatically.
Security
You have the following security requirements:
- Ensure that all documents are protected.
- Ensure that contoso.com domain users get use licenses for RMS-protected documents from the
domain contoso.com.
- Ensure that fabrikam.com domain users get use licenses for RMS-protected documents from the
domain contoso.com.
QUESTION 1
This question consists of two statements: One is named Assertion and the other is named Reason. Both of
these statements may be true; both may be false; or one may be true, while the other may be false.
To answer this question, you must first evaluate whether each statement is true on its own. If both
statements are true, then you must evaluate whether the Reason (the second statement) correctly explains
the Assertion (the first statement). You will then select the answer from the list of answer choices that
matches your evaluation of the two statements.
Assertion:
You must implement Azure site recovery between the New Delhi and Seattle offices to meet the backup
requirements.
Reason:
Azure site recovery allows replication and failover of virtual machines on host servers that are located in
the Virtual Machine Manager cloud.
Evaluate the Assertion and Reason statements and choose the correct answer option.
A. Both the Assertion and Reason are true, and the Reason is the correct explanation for the Assertion.
B. Both the Assertion and Reason are true, but the Reason is not the correct explanation for the
Assertion.
C. The Assertion is true, but the Reason is false.
D. The Assertion is false, but the Reason is true.
E. Both the Assertion and the Reason are false.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
Certbase notes:
In the section Development Environment states that
You need to create a plan for disaster recovery of used for software development virtual machines.
The data used for software development virtual machines (VMs) hosted on 10 Hyper-V servers in the site
New Delhi. The Stuttgart has a Hyper-V cluster with 14 nodes. Replicating the virtual machines from New
Delhi to Stuttgart would be a possible way to ensure disaster recovery.
The assertion is true. The statement of reasons is also correct and also constitutes an acceptable
justification of the claim.
Microsoft Azure Site Recovery organizes and manages the replication of your primary data center to a
secondary location, so your data is backed up in the event of planned or unplanned outages and are
restorable. Internal private clouds that reside on System Center Virtual Machine Manager (VMM), you can
back up other internal sites or from the Microsoft Azure Storage. To make replication, VMM uses the
Hyper-V Replica, a replication mechanism that is built into Hyper-V in Windows Server 2012 and Windows
Server 2012 R2.
It provides asynchronous replication of Hyper-V virtual computers between two host servers. Every server
workload that can be virtualized in Hyper-V can be replicated. The replication works over any ordinary IPbased
network. The Hyper-V Replica can be used with stand-alone servers, failover clusters or a
combination of both.
QUESTION 2
This question consists of two statements: One is named Assertion and the other is named Reason. Both of
these statements may be true; both may be false; or one may be true, while the other may be false.
To answer this question, you must first evaluate whether each statement is true on its own. If both
statements are true, then you must evaluate whether the Reason (the second statement) correctly explains
the Assertion (the first statement). You will then select the answer from the list of answer choices that
matches your evaluation of the two statements.
Assertion:
You must implement a Windows Server Gateway in the Seattle office.
Reason:
A Windows Server Gateway will prevent users from saving documents outside of the Seattle location.
Evaluate the Assertion and Reason statements and choose the correct answer option.
A. Both the Assertion and Reason are true, and the Reason is the correct explanation for the Assertion.
B. Both the Assertion and Reason are true, but the Reason is not the correct explanation for the
Assertion.
C. The Assertion is true, but the Reason is false.
D. The Assertion is false, but the Reason is true.
E. Both the Assertion and the Reason are false.
Correct Answer: E
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
Certbase notes:
The case study can be seen no indication that in Stuttgart a Windows Server gateway must be
implemented. Both the statement and the statement of reasons is incorrect. What is the Windows Server
Gateway?
f you are a system administrator, network architect, or other IT professional, Windows Server Gateway
might interest you under one or more of the following circumstances:
You are using or plan on using System Center 2012 R2, which is required when you deploy Windows
Server Gateway.
You design or support IT infrastructure for an organization that is using or planning to use Hyper-V to
deploy virtual machines (VMs) on virtual networks.
You design or support IT infrastructure for an organization that has deployed or is planning to deploy
cloud technologies.
You want to provide full network connectivity between physical networks and virtual networks.
You want to provide your organization’s customers with access to their virtual networks over the
Internet.
https://technet.microsoft.com/en-gb/library/dn313101.aspx
QUESTION 3
You need to design a solution that meets all of the software update requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Implement System Center Service Manager.
B. Deploy a configuration baseline to all devices.
C. Implement System Center Operations Manager.
D. Implement System Center Configuration Manager
Correct Answer: BD
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
The section Technical Requirements - Windows Updates states that updates must be applied to all
Windows devices.
In addition, compliance with the installation specifications must be testable. Configuration Baselines in
System Center 2012 Configuration Manager are pre-defined configuration items that optionally contain
other configuration items. After a basic configuration has been created, you can deploy to a collection and
to allow devices to download in this collection the basis for the configuration and evaluate compliance with
reporting requirements.
For example can be checked with a configuration baseline, if a client all required updates of WSUS
infrastructure installed.
In the Configuration Manager Console under Assets and Compliance -> Compliance Settings ->
Configuration Baselines right click and select "Create Configuration Baseline".
QUESTION 4
Drag and Drop Question
You need to implement the network Unlock feature to meet the BitLocker requirements.
In which order should you perform the actions? To answer, move all actions from the list of actions to the
answer area and arrange them in the correct order.
Select and Place:
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 //
Certbase notes:
Updated: October 17, 2014
Applies To: Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 8
This topic for the IT professional describes how BitLocker Network Unlock works and how to configure it.
Network Unlock was introduced in Windows 8 and Windows Server 2012 as a BitLocker protector option
for operating system volumes. Network Unlock enables easier management for BitLocker enabled
desktops and servers in a domain environment by providing automatic unlock of operating system volumes
at system reboot when connected to a wired corporate network. This feature requires the client hardware
to have a DHCP driver implemented in its UEFI firmware.
Without Network Unlock, operating system volumes protected by TPM+PIN protectors require a PIN to be
entered when a computer reboots or resumes from hibernation (for example, by Wake on LAN). This can
make it difficult to enterprises to roll out software patches to unattended desktops and remotely
administered servers.
Network Unlock allows BitLocker-enabled systems with TPM+PIN and that meet the hardware
requirements to boot into Windows without user intervention. Network Unlock works in a similar fashion to
the TPM+StartupKey at boot. Rather than needing to read the StartupKey from USB media, however, the
key for Network Unlock is composed from a key stored in the TPM and an encrypted network key that is
sent to the server, decrypted and returned to the client in a secure session.
This topic contains:
https://technet.microsoft.com/en-gb/library/jj574173.aspx
QUESTION 5
You need to design a solution that meets the monitoring requirements.
What should you do?
A. In Service Manager , create an alert routing rule in the Operations Manager Alert connector that
created a new incident when the HR application procedure a performance alert.
B. In service Manager, create a queue that will open a new ticket or close any existing HR application
performance ticket when the performance alert has been resolved in Operations Manager.
C. In Service Manager, create a workflow that will open a new ticket or close any existing HR application
performance ticket when the performance alert has been resolved in Operation Manager.
D. In Operations Manager , create an override for the HR application monitor that will close any open HR
application performance tickets in service manager.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Create the Operation Manager Alert Connector
http://valentincristea.com/2013/11/28/automating-incident-problem-management-part-ii-configuring-thescomscsm-
connector/
Configure the “Run As Account” (recommendations on the accounts required for creating Operations
Manager Alert Connectors can be found here, v.2007 is similar to v.2012). The best practice states:
“Domain account specifically created for this purpose that is only in the Users local security group and in
an Administrator user role in Operations Manager and in an Advanced Operator user role in Service
Manager.”
On the “Alerts Routing Rules”, add the Incident template defined above.
QUESTION 6
You need to ensure that the developers can manage their own virtual machines.
Solution: You perform the following actions:
In Virtual Machine Manager, you create a new user role named DevUsers that uses the Application
Administrator profile.
You grant Checkpoint permissions to the DevUsers role.
You distribute the Self-Service Portal URL to the developers.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
In the section Development Environment states:
that the developer must have the opportunity to have their self-created snapshots of virtual machines
(VMs) to manage.
The steps described satisfy the request partially. Among other things, would have the role of developing
the user accounts of the developer to be added.
Profile
On this page, you choose the type of user role to create. As Figure 2 shows, the profiles from which you
can choose are Fabric Administrator, Read-Only Administrator, Tenant Administrator, and Application
Administrator. The list doesn't include the Administrator user role because it comes predefined when you
install VMM 2012, as mentioned previously.
Actions
For the Tenant Administrator or Application Administrator user role, you'll have the option to choose
specific actions that will be permitted. As Figure 5 shows, you can select actions such as Checkpoint
(administrators can create and manage VM checkpoints) and Deploy (administrators can create VMs and
services). Make sure that you understand the purpose of each action, taking into consideration the scope
of the user role.
http://windowsitpro.com/virtual-machine-manager/microsoft-system-center-2012-sp1-virtual-machinemanager-
user-roles
QUESTION 7
You need to ensure that the developers can manage their own virtual machines.
Solution: You perform the following actions:
In Virtual Machine Manager, you create a new user role named DevUsers that uses the Application
Administrator profile.
You grant Checkpoint permissions to the DevUsers role.
You distribute the Virtual Machine Manager Console URL to the developers.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
A: Yes.
– Application Administrator (Self-Service User)
Members of the Self-Service User role can create, deploy, and manage their own virtual machines and
services by using the VMM console or a Web portal.
To create a self-service user, see How to Create a Self-Service User Role in VMM.
– Checkpoint
Grants members permission to create, edit, and delete checkpoints for their own virtual machines and to
restore their virtual machine to a previous checkpoint.
QUESTION 8
You need to ensure that the developers can manage their own virtual machines.
Solution: You perform the following tasks:
In Virtual Machine Manager, you create a new user role named DevUsers that uses the Application
Administrator profile.
You add the virtual machines to the DevUsers role.
You grant checkpoint permissions to the DevUsers role.
You distribute the App Controller console URL to the developers.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
In the section Development Environment states that the developer must have the opportunity to have their
self-created snapshots of virtual machines (VMs) to manage. The steps described satisfy the request
partially. Among other things, would have the role of developing the user accounts of the developer to be
added.
QUESTION 9
You need to ensure that the developers can manage their own virtual machines.
Solution: You perform the following tasks:
In Virtual Machine Manager, you create a new user role named DevUsers that uses the Application
Administrator profile.
You add the virtual machines to the DevUsers role.
You grant checkpoint permissions to the DevUsers role.
You install and configure App controller.
You distribute the App controller console URL to the developers.
Does this meet the goal?
A. YES
B. NO.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
A: Yes.
– Application Administrator (Self-Service User)
Members of the Self-Service User role can create, deploy, and manage their own virtual machines and
services by using the VMM console or a Web portal.
To create a self-service user, see How to Create a Self-Service User Role in VMM.
– Checkpoint
Grants members permission to create, edit, and delete checkpoints for their own virtual machines and to
restore their virtual machine to a previous checkpoint.
Testlet 1
Case Study 6: Contoso Ltd Case C
Contoso, Ltd., is a manufacturing company. The company has offices in Chicago and Seattle. Each office
contains two data centers. All of the data centers and sites for the company have network connectivity to
each other. The company uses a single Active Directory Domain Services (AD DS) domain.
Contoso is growing rapidly and needs to expand its computer infrastructure.
Current Environment Chicago Office
The Chicago office contains a primary data center and a backup data center. A Hyper-V cluster named
Cluster1.contoso.com resides in the primary data center. The cluster has a multiple network path
configured. The cluster includes two unused SQL Server virtual machines (VMs) named SQL-SERVER1
and SQL-SERVER2. The cluster also includes a Hyper-V Host group named Chi-Primary.
Clusterl.contoso.com contains the following servers:
- CHI1-HVNODE1.contoso.com
- CHI1-HVNODE2.contoso.com
- CHI1-HVNODE3.contoso.com
- CHI1-HVNODE4.contoso.com
The backup data center for the Chicago office is located on a Hyper-V cluster named
Cluster2.contoso.com. The cluster has a single network path configured. The cluster includes a Hyper-V
Host group named Chi-Backup.
Cluster2.contoso.com contains the following servers:
- CHI2-HVNODEl.contoso.com
- CHI2-HVNODE2.contoso.com
- CHI2-HVNODE3.contoso.com
- CHI2-HVNODE4.contoso.com
In addition, the Chicago office contains two standalone Hyper-V servers named CHIHVSERVER1.
contoso.com and CHI-HVSERVER2.contoso.com.
There are also four newly built servers:
- CHI-SERVERl.contoso.com
- CHI-SERVER2.contoso.com
- CHI-SERVER3.contoso.com
- CHI-SERVER4.contoso.com
All the servers in the Chicago office run Windows Server 2012. Any future servers that are deployed in the
Chicago office must also run Windows Server 2012.
All servers in the Chicago office use the subnet 10.20.xx.
Current Environment Seattle Office
The Seattle office contains a primary data center and a backup data center. The primary data center is
located on a Hyper-V cluster named Cluster3.contoso.com. The cluster has a multiple network path
configured. The cluster includes two unused SQL Server virtual machines named SQL-SERVER3 and
SQL-SERVERS The cluster includes a Hyper-V Host group named Sea-Primary.
Cluster3.contoso.com contains the following servers:
- SEA3-HVNODEl.contoso.com
- SEA3-HVNODE2.contoso.com
- SEA3-HVNODE3.contoso.com
- SEA3-HVNODE4.contoso.com
The backup data center for the Seattle office is located on a Hyper-V cluster named
Cluster4.contoso.com. The cluster has a single network path configured.
The cluster includes a Hyper-V Host group named Sea-Backup.
Cluster4.contoso.com contains the following servers:
- SEA4-HVNODEl.contoso.com
- SEA4-HVNODE2.contoso.com
- SEA4-HVNODE3.contoso.com
- SEA4-HVNODE4.contoso.com
In addition, the Seattle office contains two standalone Hyper-V servers named SEAHVSERVERl.
contoso.com and SEA-HVSERVER2.contoso.com.
There are also four newly built servers:
- SEA-SERVERl.contoso.com
- SEA-SERVER2.contoso.com
- SEA-SERVER3.contoso.com
- SEA-SERVER4.contoso.com
All servers in the Seattle office run Windows Server 2012 R2. Any future servers that are deployed in the
Seattle office must also run Windows Server 2012 R2.
All servers in the Seattle office use the subnet 10.10.x.x.
Business Requirements
Apps
Contoso plans to deploy new applications to make its departments more efficient.
App1
Contoso must create a new application named App1 for the human resources (HR) department. The
infrastructure for App1 must reside in a virtual environment and the data files for App1 must reside on a
single shared disk.
In addition, the infrastructure for App1 must meet the following requirements:
- maximize data protection
- withstand the loss of a single guest virtual machine
- withstand the loss of a single physical server
To support App1, Contoso must deploy a new cluster named Applcluster.contoso.com.
The cluster has the following requirements:
- It must span multiple sites.
- It must support dynamic quorums.
- It must prevent failures caused by a 50% split.
App2
Contoso must create a new application named App2. To support App2, Contoso must deploy a new SQL
Server cluster. The cluster must not be part of the domain.
The server deployment team that will install the cluster has limited permissions. The server deployment
team does not have the ability to create objects in Active Directory.
Virtualization and Storage
New VMs
Any new VMs that are deployed to the Hyper-V cluster in Cluster3.contoso.com have the following
requirements:
- New SQL Server VMs must be deployed only to odd-numbered servers in the cluster.
- All other new VM guests must be deployed to any available server in the cluster.
New VDE
The company needs a highly available file share cluster for a new Virtual Desktop Environment (VDE). It
has the following requirements:
- The file share cluster must withstand the loss of a single server.
- The file share cluster must withstand the loss of a single network path.
- The file share cluster must use the least amount of disk space.
New virtualized SQL Server cluster
Contoso must create a new application for manufacturing. The company needs a new virtualized SQL
Server cluster named VM-SQLclusterl.contoso.com.
It has the following requirements:
- The cluster must use a shared virtual hard disk.
- The cluster must have two nodes named VM-SQL-NODE1.contoso.com and VM-SQLNODE2.
contoso.com.
Highly available storage solution
The company is deploying new hardware that will replace the existing Hyper-V clusters.
The new file share cluster must have a highly available storage solution for a Hyper-V environment.
It has the following requirements:
- The new file share cluster must support guest VM clusters.
- The storage cannot reside on any of the physical Hyper-V hosts.
QUESTION 1
You need to implement a new highly available storage solution for the Hyper-V environment.
Which servers should you include in the scale-out file cluster?
A. CHI-SERVER1 and CHI-SERVER2
B. SEA3-HVNODE1 and SEA3-HVNODE2
C. SEA-SERVER1 and SEA-SERVER2
D. CHIl-HVNODE1 and CHI1-HVNODE2
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
12/12/2015 // Checked
QUESTION 2
You need to enable virtual machine network health detection on all supported clusters.
What should you do?
A. On the virtual machine settings page for Cluster4, select the Protect network checkbox for each virtual
machine on the cluster.
B. On the virtual machine settings page for Cluster1, select the Protect network checkbox for each virtual
machine on the cluster.
C. On each guest virtual machine in Cluster4, configure protected access for the network interface
card.
D. On each guest virtual machine in Cluster3, configure protected access for the network interface
card.
E. On the virtual machine settings page for Cluster3, select the Protect network checkbox for each virtual
machine on the cluster.
F. On each guest virtual machine in Cluster1, configure protected access for the network interface
card.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
Certbase notes:
Figure 1. Protected network setting
Protected networks are a new feature in Windows Server 2012 R2 Failover Clustering. Protected
networks allow the detection of a network failure and automatically move a virtual machine is on a host
server on which the external virtual network is available.
In principle, all virtual machines on all four existing clusters from feature Protected network benefit. For
optimum support of the recognition and protection against network failures, however, it is necessary that
the cluster nodes can communicate over multiple network paths with each other.
For Cluster1 and Cluster3 multiple network paths for the cluster communications are configured. The
nodes of Cluster2 and Cluster3 can each only a single network path to communicate. The following
Technet article for more information on the topic:
https://technet.microsoft.com/en-gb/library/dn265972.aspx#BKMK_VMHealth
QUESTION 3
Drag and Drop Question
You need to implement VM-SQLclusterl.contoso.com.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the
list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked with certbase
Certbase notes:
In the section New virtualized SQL Server cluster that:
The cluster must use a shared virtual disk.
Shared virtual disks are a new feature for use in failover cluster running Windows Server 2012 R2. Shared
virtual disks are not the same as Cluster Shared Volumes (CSVs).
In previous versions of Windows Server clustering virtual machines Unable using a shared virtual disk.
With the feature "shared virtual hard disk" will create a high-availability infrastructure. It is particularly
important for deployments of private clouds and in the cloud hosted environments, manage large
workloads.
Shared virtual disks allow the access of multiple virtual machines on the same VHDX file, which shared
storage for the Windows Failover Clustering is provided. The files for shared virtual disks can be hosted on
Cluster Shared Volumes (Cluster Shared Volumes, CSV) or SMB (Server Message Block) -based
horizontally scalable file shares on the file server.
The following Technet article contains instructions for how to create a shared virtual disk: providing a host
cluster by using a shared virtual disk
QUESTION 4
Hotspot Question
You need to deploy the new SQL cluster for App2.
How should you complete the relevant Windows PowerShell command? To answer, select the appropriate
Windows PowerShell segment from each list in the answer area.
Hot Area:
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
Change the Config :
-Cluster1.contoso.com
-node SEA-SERVER1;SEA-SERVER2
-StaticAddress 10.20.1.100
-IgnoreNetwordk 10.0.0.0./8
-AdministrativeAccessPoint ActiveDirectoryAndDNS
to :
-Cluster5.contoso.com
-node SEA-SERVER1;SEA-SERVER2
-StaticAddress 10.10.1.100
-NoStorage
-AdministrativeAccessPointDNS
------------------------------------------------
Certbase notes:
With regard to the planned SQL Server cluster, the case study the following information can be obtained
from:
For the support of the new App2 application, the company must provide a SQL Server cluster. The cluster
should be disconnected from Active Directory.
The team for the installation of the cluster has limited permissions. Team members can not create objects
in Active Directory.
You can deploy 2012 R2 in Windows Server a failover cluster in which the network name can not depend
on Active Directory Domain Services (Active Directory Domain Services, AD DS). This concept is referred
to as a separate Active Directory Cluster. With this deployment method, you can create a failover cluster
and need not to the previously required permissions to create computer objects in AD DS. Also, you must
not ask for the preliminary deployment of computer objects in AD DS.
If you create a separate Active Directory Cluster, the network name of the cluster (also referred to as
administrative access point) and registers the network name for the cluster roles with client access points
in DNS (Domain Name System) , However, no computer objects for the cluster in AD DS are written. This
applies to the computer object for the cluster (also called the cluster name object or CNO called) exists
and for computer objects for Cluster roles that normally Client Access Points in AD DS would (these are
referred to as virtual computer objects or VCOs).
The following Technet article contains More information on the subject and an example of the use of New
cluster to create a separate Active Directory Cluster: providing a separate Active Directory Cluster
QUESTION 5
Hotspot Question
You need to implement the file share for the new virtual desktop environment.
How should you configure the implementation? To answer, select the appropriate option from each list in
the answer area.
Hot Area:
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
Change the Config : Site2 to site1
Notes:
Since the Virtual Desktop infrastructure at Frankfurt Airport is to be created, the file server cluster should
also be implemented at the Frankfurt location. It is clear from the case study does not make clear whether
the file server cluster should contain virtualized or physical node. However, it is noted that each multiple
network paths are used in data center 1 and data center 3, while in the data center 2 and data center 4
each only a single network path is used.
To support tolerance for the failure of a network path, the new cluster should therefore be created in the
data center 1 of the Frankfurt location.
The choices in the section memory type contain both types of memory as well as options and features that
are used in connection with storage solutions. The commitment to one of the options becomes significantly
more difficult.
For a file server cluster iSCSI based storage or Fibre Channel-based storage is mandatory. Data
deduplication is but also relevant in view of the requirement to reduce the storage requirements.
Note: The name of the data center (Data Center 1 Data Center 4) do not occur in the case study. The
solution assumes that orient the names of the data center to the cluster name. Data Center 1 is that which
contains Cluster1. Data Center 2 is the one that contains Cluster2 etc.
QUESTION 6
Hotspot Question
You need to implement App1.
How should you configure the locations? To answer, select the appropriate option from each list in the
answer area.
Hot Area:
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
To support the requirements in terms of reliability, should the virtual machines, which are used by App1, be
provided on a cluster. None of the existing cluster includes nodes at multiple locations.
The given choices therefore provide most support for some of the requirements. Since there is the
personnel department at the Frankfurt site, Cluster1 receives opposite Cluster3 preference.
With respect to the data LUN for App1 says the case study. The data files from App1 to be stored on a
single disk Taking into account the requirements in section High-availability Memory appears a shared
cluster volume (Cluster Shared Volume, CSV) as the best solution.
QUESTION 7
You must deploy the virtual machines for the scheduled SQL Server cluster.
How do you proceed?
A. Configure on Chi-Backup placement rules for the corresponding node.
B. Run to the corresponding cluster node of the primary datacenter in Chicago the following Windows
PowerShell cmdlet: Set-SCVMHost -AvaliableForPlacement
C. Select the properties of the corresponding cluster node of the primary data center in Chicago, select
This host is available for placement.
D. Configure on Sea-Backup placement rules for the corresponding node.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
In the section New virtualized SQL Server cluster is mentioned that a new virtualized SQL Server cluster
is planned with two nodes.
However, there is no information, to which location or on which Hyper-V cluster, the new virtualized cluster
hosted. In section virtualization and storage:
New VMs there is a request for new VMs to the cluster cluster3.contoso.com be provided at the
Seattle site.
It states: New SQL Server VMs may be provided only on cluster servers with odd numbers.
This requirement can be implemented with a placement rule for the host group Chi-Backup.
Note:
The Answers B and C do the same thing and are thus unsuitable.
Neither answers represents a unique solution.
QUESTION 8
You need to configure migration for HV-CLUSTER1. What should you do?
A. Use live migration between HV-Cluster1 and HV-Cluster3.
B. Configure a Hyper-V replica between HV-Cluster1 and HV-Cluster3.
C. Configure a Hyper-V replica between HV-Cluster1 and HV-Cluster4.
D. Use live migration between HV-Cluster1 and HV-Cluster4.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
QUESTION 9
You need to deploy the new SQL Server virtual machines.
What should you do?
A. On Chi-Primary, configure placement rules for the specified nodes.
B. On the specified cluster nodes in the primary data center in Chicago, run the following Windows
PowerShell command: Set-SCVMHost -AvaliableForPlacement
C. On the specified cluster nodes in the primary data center in Chicago, select the Host is available for
placement check box.
D. On Sea-Primary, configure placement rules for the specified nodes.
E. Both the Assertion and the Reason are false.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
QUESTION 10
You need to prepare the environment for APP1
Which two actions should you perform?
Each correct answer presents a part of the solution.
A. Install a new cluster for App1 at the Seattle data center
B. Run the following Windiows PowerShell cmdlet for each node in the backup data center.
Set LowerQuorumPriorityNodeID=1
C. Install a new cluster for App1 at the Chigago data center.
D. Run the following Windows PowerShell cmdlet for each node in the backup data center sit
Set NodeWeight=1
Correct Answer: AB
Section: [none]
Explanation
Explanation/Reference:
Testlet 1
Case Study 6: Contoso Ltd Case D
Overview
Contoso, Ltd., is a manufacturing company that makes several different components that are used in
automobile production. Contoso has a main office in Detroit, a distribution center in Chicago, and branch
offices in Dallas, Atlanta, and San Diego. The contoso.com forest and domain functional level are Windows
Server 2008 R2. All servers run Windows Server 2012 R2, and all client workstations run Windows 7 or
Windows 8. Contoso uses System Center 2012 Operations Manager and Audit Collection Services (ACS)
to monitor the environment. There is no certification authority (CA) in the environment.
Current Environment
The contoso.com domain contains the servers as shown in the following table:
Contoso sales staff travel within the United States and connect to a VPN by using mobile devices to
access the corporate network. Sales users authenticate to the VPN by using their Active Directory
usernames and passwords. The VPN solution also supports certification-based authentication.
Contoso uses an inventory system that requires manually counting products and entering that count into a
database. Contoso purchases new inventory software that supports wireless handheld scanners and
several wireless handheld scanners. The wireless handheld scanners run a third party operating system
that supports the Network Device Enrollment Service (NDES).
Business Requirements
Security
The wireless handheld scanners must use certification-based authentication to access the wireless
network.
Sales users who use mobile devices must use certification-based authentication to access the VPN. When
sales users leave the company, Contoso administrators must be able to disable their VPN access by
revoking their certificates.
Monitoring
All servers must be monitored by using System Center 2012 Operating Manager. In addition to monitoring
the Windows operating system, you must collect security logs from the CA servers by using ACS, and
monitor the services that run on the CA and Certificate Revocation List (CRL) servers, such as certification
authority and web services.
Technical Requirements
CA Hierarchy
Contoso requires a two-tier CA hierarchy. The CA hierarchy must include a stand-alone offline root and
two Active Directory-integrated issuing CAs: one for issuing certificates to domain-joined devices, and one
for issuing certificates to non-domain-joined devices by using the NDES. CRLs must be published to two
web servers: one in Detroit and one in Chicago.
Contoso has servers that run Windows Server 2012 R2 to use for the CA hierarchy. The servers are
described in the following table:
The IT security department must have the necessary permissions to manage the CA and CRL servers. A
domain group named Corp-IT Security must be used for this purpose.
The IT security department users are not domain admins.
Fault Tolerance
The servers that host the CRL must be part of a Windows Network Load Balancing (NLB) cluster. The CRL
must be available to users in all locations by using the hostname crl.contoso.com, even if one of the
underlying web servers is offline.
QUESTION 1
You need to automatically restart the appropriate web service on DETCRL01 and CHICRL01 if the
web service is stopped.
Solution: You create a recovery task in SCOM and configure it to start the World Wide Web publishing
service.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
In addition to the alert notification in case of problems provide the monitors in System Center 2012 -
Operations Manager further options.
These include diagnostic and recovery tasks, help you to analyze and solve problems. A task is a script or
other executable code, the / key, either on the computer hosting the Operations console or on the server,
client, or other device which is administered, will be executed.
Using Tasks to the most diverse activities are carried out, for example, restarting an application in which an
error has occurred, or deleting files. Monitors can have two types be assigned tasks: diagnostic tasks to
help you understand the cause of a problem to identify, contain or additional diagnostic information, and
recovery tasks to correct the problem.
With a recovery task, for example, a service can be started, if this was stopped inadvertently or by mistake.
From diagnostic and recovery tasks scripts and executables command line files can be executed. These
tasks can be run automatically when the monitor the status "Error" has.
This allows solving problems automate. Diagnostic and recovery tasks can always be created only for a
specific monitor. A diagnostic or recovery task you have created for a monitor can not be used for another
monitor or be linked to this. Rather, you must create the task for each monitor again.
QUESTION 2
You need to automatically restart the appropriate web service on DETCRL01 and CHICRL01 if the
web service is stopped.
Solution: You create a diagnostic task in SCOM and configure it to start the World Wide Web publishing
service.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 3
You need to automatically restart the appropriate web service on DETCRL01 and CHICRL01 if the
web service is stopped.
Solution: You create a diagnostic task in SCOM and configure it to start the Server service.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
In addition to the alert notification in case of problems provide the monitors in System Center 2012 -
Operations Manager further options. These include diagnostic and recovery tasks, help you to analyze and
solve problems. A task is a script or other executable code, the / key, either on the computer hosting the
Operations console or on the server, client, or other device which is administered, will be executed. Using
Tasks to the most diverse activities are carried out, for example, restarting an application in which an error
has occurred, or deleting files. Monitors can have two types be assigned tasks: diagnostic tasks to help
you understand the cause of a problem to identify, contain or additional diagnostic information, and
recovery tasks to correct the problem. With a recovery task, for example, a service can be started, if this
was stopped inadvertently or by mistake. From diagnostic and recovery tasks scripts and executables
command line files can be executed. These tasks can be run automatically when the monitor the status
"Error" has. This allows solving problems automate. Diagnostic and recovery tasks can always be created
only for a specific monitor. A diagnostic or recovery task you have created for a monitor can not be used
for another monitor or be linked to this. Rather, you must create the task for each monitor again.
---------------
It is not the Server service that needs to be restarted. The Internet Information Services (IIS) World Wide
Web Publishing Service (W3SVC), which manages the HTTP protocol and HTTP performance counters,
needs to be restarted.
https://technet.microsoft.com/en-us/library/cc734944(v=ws.10).aspx
QUESTION 4
You need to automatically restart the appropriate web service on DETCRL01 and CHICRL01 if the
web service is stopped.
Solution: you create a Windows Events monitor SCOM and configure it to monitor even related to the
http.sys Service.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 5
Your network contains an Active Directory domain named contoso.com. Your company has an enterprise
root certification authority (CA) named CA1.
You plan to deploy Active Directory Federation Services (AD FS) to a server named Server1. The
company purchases a Microsoft Office 365 subscription.
You plan to register the company's SMTP domain for Office 365 and to configure single sign-on for all
users.
You need to identify which certificate is required for the planned deployment.
Which certificate should you identify?
A. a server authentication certificate that is issued by a trusted third-party root CA and that contains the
subject name serverl.contoso.com
B. a self-signed server authentication certificate for server1.contoso.com
C. a server authentication certificate that is issued by a trusted third-party root CA and that contains the
subject name Server1
D. a server authentication certificate that is issued by CA1 and that contains the subject name Server1
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Prepare Your Server and Install ADFS You can install ADFS on a domain controller or another server.
You'll first need to configure a few prerequisites. The following steps assume you're installing to Windows
Server 2008 R2. Using Server Manager, install the IIS role and the Microsoft .NET Framework. Then
purchase and install a server-authentication certificate from a public certificate authority. Make sure you
match the certificate's subject name with the Fully Qualified Domain Name of the server. Launch IIS
Manager and import that certificate to the default Web site.
https://technet.microsoft.com/en-us/magazine/jj631606.aspx
QUESTION 6
You administer an Active Directory Domain Services environment. There are no certification authorities
(CAs) in the environment.
You plan to implement a two-tier CA hierarchy with an offline root CA.
You need to ensure that the issuing CA is not used to create additional subordinate CAs.
What should you do?
A. In the CAPolicy.inf file for the issuing CA, enter the following constraint:
PathLength=1
B. In the CAPolicy.inf file for the root CA, enter the following constraint:
PathLength=1
C. In the CAPolicy.inf file for the root CA, enter the following constraint:
PathLength=2
D. In the CAPolicy.inf file for the issuing CA, enter the following constraint:
PathLength=2
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
https://technet.microsoft.com/en-gb/library/cc737026(v=ws.10).aspx
You can use the CAPolicy.inf file to define the PathLength constraint in the Basic Constraints extension of
the root CA certificate. Setting the PathLength basic constraint allows you to limit the path length of the CA
hierarchy by specifying how many tiers of subordinate CAs can exist beneath the root. A PathLength of 1
means there can be at most one tier of CAs beneath the root. These subordinate CAs will have a
PathLength basic constraint of 0, which means that they cannot issue any subordinate CA certificates.
http://blogs.technet.com/b/askds/archive/2009/10/15/windows-server-2008-r2-capolicy-inf- syntax.aspx
QUESTION 7
This question consists of two statements: One is named Assertion and the other is named Reason. Both of
these statements may be true; both may be false; or one may be true, while the other may be false.
To answer this question, you must first evaluate whether each statement is true on its own. If both
statements are true, then you must evaluate whether the Reason (the second statement) correctly explains
the Assertion (the first statement). You will then select the answer from the list of answer choices that
matches your evaluation of the two statements.
Assertion:
You can manage VMware ESX hosts and virtual machines by using a System Center Virtual Machine
Manager (SCVMM) server.
Reason:
SCVMM automatically imports ESX hosts and virtual machines when you add the corresponding VMware
vCenter to the SCVMM server.
Evaluate the Assertion and Reason statements and choose the correct answer option.
A. Both the Assertion and Reason are true, and the Reason is the correct explanation for the Assertion.
B. Both the Assertion and Reason are true, but the Reason is not the correct explanation for the
Assertion.
C. The Assertion is true, but the Reason is false.
D. The Assertion is false, but the Reason is true.
E. Both the Assertion and the Reason are false.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
* Assertion: true
Virtual Machine Manager (VMM) enables you to deploy and manage virtual machines and services across
multiple hypervisor platforms, including VMware ESX and ESXi hosts.
* Reason: False
When you add a vCenter Server, VMM no longer imports, merges and synchronizes the VMware tree
structure with VMM. Instead, after you add a vCenter Server, you can add selected ESX servers and hosts
to any VMM host group. Therefore, there are fewer issues with synchronization.
https://technet.microsoft.com/en-us/library/gg610683.aspx
QUESTION 8
Drag and Drop Question
You need to delegate permissions for DETCA01.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the
list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Section: [none]
Explanation
Explanation/Reference:
QUESTION 9
Drag and Drop Question
You need to configure access to the Certificate Revocation Lists (CRLs).
How should you configure the access? To answer, drag the appropriate protocol or servers to the correct
network type. Each protocol or server may be used once, more than once, or not at all. You may need to
drag the split bar between panes or scroll to view content.
Select and Place:
Section: [none]
Explanation
Explanation/Reference:
QUESTION 10
Hotspot Question
You plan to configure Windows Network Load Balancing (NLB) for a company.
You display following Network Load Balancing Manager window:
Use the drop-down menus to select the answer choice that answers each question based on the
information presented in the graphic.
Hot Area:
Correct Answer:
Section: [none]
Explanation
Explanation/Reference:
QUESTION 11
Drag and Drop Question
You need to collect the required security logs.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the
list of actions to the answer area and arrange them in the correct order.
Select and Place:
Section: [none]
Explanation
Explanation/Reference:
Note:
* Audit collection services (Box 1)
In System Center 2012 – Operations Manager, Audit Collection Services (ACS) provides a means to
collect records generated by an audit policy and store them in a centralized database.
ACS requires the following components: ACS Forwarders, ACS Collector, ACS Database
* ACS Forwarders (box 2)
The service that runs on ACS forwarders is included in the Operations Manager agent. By default, this
service is installed but not enabled when the Operations Manager agent is installed. You can enable this
service for multiple agent computers at the same time using the Enable Audit Collection task.
* (box 3) Enable audit collection
. After you install the ACS collector and database you can then remotely enable this service on multiple
agents through the Operations Manager console by running the Enable Audit Collection task.
To enable audit collection on Operations Manager agents (see step 5 below)
Log on to the computer with an account that is a member of the Operations Manager Administrators role.
This account must also have the rights of a local administrator on each agent computer that you want to
enable as an ACS forwarder.
In the Operations console, click Monitoring.
In the navigation pane, expand Operations Manager, expand Agent Details, and then click Agent
Health State. This view has two panes, and the actions in this procedure are performed in the right pane.
In the details pane, click all agents that you want to enable as ACS forwarders. You can make multiple
selections by pressing CTRL or SHIFT.
In the Actions pane, under Health Service Tasks, click Enable Audit Collection to open the Run
Task - Enable Audit Collection dialog box.
Etc
QUESTION 12
This question consists of two statements: One is named Assertion and the other is named Reason.
Both of these statements may be true; both may be false; or one may be true, while the other may
be false.
To answer this question, you must first evaluate whether each statement is true on its own. If both
statements are true, then you must evaluate whether the Reason (the second statement) correctly explains
the Assertion (the first statement). You will then select the answer from the list of answer choices that
matches your evaluation of the two statements.
Assertion:
You must install and configure Network Device Enrollment Services (NDES) on CHICA01
Reason:
NDES allows non-domain joined devices to obtain a Certificate Revocation List from Active Driectoryintegrated
certification authority, and then validate whether certificates is valid.
Evaluate the Assertion and Reason statements and choose the correct answer option.
A. Both the Assertion and Reason are true, and the Reason is the correct explanation for the Assertion.
B. Both the Assertion and Reason are true, but the Reason is not the correct explanation for the
Assertion.
C. The Assertion is true, but the Reason is false.
D. The Assertion is false, but the Reason is true.
E. Both the Assertion and the Reason are false.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
QUESTION 13
Drag and Drop Question
You need to implement Windows Network Load Balancing (NLB).
Which three actions should you perform in sequence? To answer, move the appropriate actions from the
list of actions to the answer area and arrange them in correct order.
Select and Place:
Section: [none]
Explanation
Explanation/Reference:
Testlet 1
TESTLET OVERVIEW
Title: Case Study
The following testlet will present a Case Study followed by [count] multiple choice question(s), [count]
create a tree question(s), [count] build list and reorder question(s) and [count] drop and connect question
(s).
You will have [count] minutes to complete the testlet.
For help on how to answer the questions, click the Instuctions button on the question screen.
Overview
Overview
Background
Main Office
Main Office Clusters
The data center has a cluster named cluster1 that runs Windows Server 2012 R2. Cluster1 uses the
domain Cluster1.contoso.com. The cluster is partially configured and has three server nodes.
The cluster uses storage area network (SAN) attached storage. There are no cluster roles assigned.
Cluster1 contains the following domains:
● CLUS1-SRV1.contoso.com
● CLUS1-SRV2.contoso.com
● CLUS1-SRV3.contoso.com
In addition, the environment contains two Windows Server 2012 R2 Hyper-V clusters named
HV-Cluster1 and HV-Cluster2. HV-Cluster1 and HV-Cluster2 use Fibre Channel SAN storage.
The Hyper-V clusters contain server nodes as shown in the following table:
Main office network
Main office network
The main office data center uses a virtual local area network (VLAN) to deploy servers by using PXE boot.
The VLAN ID is 30, and it uses the subnet 10.15.30.0/24.
There is a firewall that prevents all inbound connections to all servers in the data center except for the
subnet 10.50.50.0/24.
Contoso has two additional VLANs as shown in the following table;
SAN storage configuration for Cluster1
SAN storage configuration for Cluster1
The Windows PowerShell command Get-ClusterSharedVolumeState –name "Cluster1.contoso.com"
returns the following data:
Name: Cluster Disk X
VolumeName: \\?\Volume {2297f079-53c2-41e9-94d1-483d61ea67d7}\
Node: Clus1-Srv1
StateInfo: Direct
VolumeFriendName: Volume1
FileSystemRedirectedIOReason:
BlockRedirectedIOReason:
Name: Cluster Disk Y
VolumeName: \\?\Volume {0312ef48-74c7-4a4d-946e-4bb4a397ab1f}\
Node: Clus1-Srv2
Statelnfo: FileSystemRedirected
VolumeFriendName: Volume2
FileSystemRedirectedIOReason: UserRequest
BlockRedirectedIOReason: NotBlockedRedirected
Name: Cluster Disk Z
VolumeName: \\?\Volume {c4689cef-83e3-4f47-9eaf-161a9e31c4a0}\
Node: Clus1-Srv3
Statelnfo: Block Redirected
VolumeFriendName: Volume3
FileSystemRedirectedIOReason: NotFileSystemRedirected
BlockRedirectedIOReason: NoDiskConnectivity
Sales Office
Sales Office
Sales office servers
The data center has the following virtual and physical servers:
● two standalone servers that are not joined to the contoso.com domain named SERVER1 and
SERVER2
● two dedicated storage servers that are allocated, but not yet built, named STORAGE1 and STORAGE2
STORAGE1 and STORAGE2 each have 48 GB of RAM and 10 1-TB SAS disks.
Sales office clusters
Sales office clusters
The data center has a cluster named Cluster2 that runs Windows Server 2012 R2. Cluster2 uses the
domain Cluster2.contoso.com.
The cluster is partially configured and has three server nodes. The cluster uses SAN attached storage.
There are no cluster roles assigned.
Cluster2 contains the following domains:
● CLUS2-SRV1.contoso.com
● CLUS2-SRV2.contoso.com
● CLUS2-SRV3.contoso.com
In addition, the environment contains two Windows Server 2012 R2 Hyper-V clusters named HV-Cluster3
and HV-Cluster4. HV-Cluster3 and HV-Cluster4 use Fibre Channel SAN storage. The Hyper-V clusters
contain server nodes as shown in the following table:
SAN storage configuration for Cluster4
SAN storage configuration for Cluster4
The Windows PowerShell command
Get-ClusterSharedVolumeState –name "Cluster4.contoso.com" returns the following data:
Name: Cluster Disk X
VolumeName: \\?\Volume {09009c16-d33e-49fb-aa6a-abdb31921e76}\
Node: Clus2-Srv1
StateInfo: Direct
VolumeFriendName: Volume1
FileSystemRedirectedIOReason: NotFileSystemRedirected
BlockRedirectedIOReason: NotBlockedRedirected
Name: Cluster Disk Y
VolumeName: \\?\Volume {a6cedeab-6966-4eb0-b5c1-b819c6c34fbf}\
Node: Clus2-Srv2
Statelnfo: FileSystemRedirected
VolumeFriendName: Volume2
FileSystemRedirectedIOReason:
BlockRedirectedIOReason:
Name: Cluster Disk Z
VolumeName: \\?\Volume { }\
Node: Clus2-Srv3
Statelnfo:
VolumeFriendName: Volume3
FileSystemRedirectedIOReason:
BlockRedirectedIOReason:
QUESTION 1
You need to change the HR application server environment.
What should you do?
A. Use Microsoft Virtual Machine Converter 3.0 to convert DAL-APPSERVER2.
B. Use Microsoft Virtual Machine Converter 3.0 to convert DAL-APPSERVER1.
C. Use Virtual Machine Converter to convert DAL-APPSERVER1.
D. Use Virtual Machine Converter to convert DAL-APPSERVER2.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
http://www.certifychat.com/70-414-a/354-please-help.html
QUESTION 2
You need to deploy the virtual network for the development servers.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Associate VLAN ID 20 with the new logical network.
B. Associate VLAN ID 40 with the new logical network.
C. On HV-Cluster2, create a new logical network that uses private VLAN networks.
D. On HV-Cluster1, create a new logical network that uses a single connected network.
E. On HV-Cluster2, create a new logical network that uses a single connected network.
F. On HV-Cluster1, create a new logical network that uses private VLAN networks.
Correct Answer: BC
Section: [none]
Explanation
Explanation/Reference:
http://www.certifychat.com/70-414-a/431-study-questions-coming-frequently.html
QUESTION 3
Drag and Drop Question
You need to create a script to deploy DFS replication.
Which Windows PowerShell commands should you add to the script? To answer, select the appropriate
Windows PowerShell commands in each list in the answer area.
Hot Area:
Correct Answer:
Section: [none]
Explanation
Explanation/Reference:
Answer Area changed.
Use the below answer
1
New-DfsReplicationGroup -GroupName "RG-HR" | New-DfcReplicationFolder -FolderName "HR Data"
2-
Add-DfsrMember -GroupName "RG-HR" -ComputerName "DAL-FS"1, "DAL-FS2"
3-
Add-DfsrConnection -GroupName "RG-H R" -SourceComputerName "DAL-FS1" -
DestinationComputerName "DAL-FS2"
4-
Set-DfcrConnectionSchedule -GroupName "RG-HR" -SourceComputerName "DAL-FS1" -
DestinationComputerNanme "DAL-FS2" -DAY "SunDay"
Question Set 1
QUESTION 1
Your network contains two clusters.
The clusters are configured as shown in the following table.
All of the servers in both of the clusters run Windows Server 2012.
You need to plan the application of Windows updates to the nodes in the cluster.
What should you include in the plan? More than one answer choice may achieve the goal. Select the
BEST answer.
A. Cluster-Aware Updating (CAU) self-updating and downloaded updates from Windows Server Update
Services (WSUS)
B. Microsoft System Center 2012 Service Manager integrated with Windows Server Update Service
(WSUS)
C. A manual application of Windows updates on all of the cluster node
D. Microsoft System Center 2012 Configuration Manager integrated with Windows Server Update Service
(WSUS)
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
https://technet.microsoft.com/en-us/library/hh831694.aspx
Currently, the following Windows Server 2012 clustered workloads are tested and certified for CAU: SMB,
Hyper-V, DFS Replication, DFS Namespaces, iSCSI, and NFS.
Notes:
Updated: October 17, 2013
Applies To: Windows Server 2012 R2, Windows Server 2012
This topic provides an overview of Cluster-Aware Updating (CAU), a feature for failover clusters that was
introduced in Windows Server 2012. CAU automates the software updating process on clustered servers
while maintaining availability. This topic describes scenarios and applications for using CAU, and provides
links to content that describes how to integrate CAU into other IT automation and management processes.
Practical applications
CAU reduces service outages in clustered services, reduces the need for manual updating
workarounds, and makes the end-to-end cluster updating process more reliable for the administrator.
When the CAU feature is used together with continuously available cluster workloads, such as
continuously available file servers (file server workload with SMB Transparent Failover) or Hyper-V, the
cluster updates can be performed with zero impact to service availability for clients.
CAU facilitates the adoption of consistent IT processes across the enterprise. You can create Updating
Run Profiles for different classes of failover clusters and then manage them centrally on a file share to
ensure that CAU deployments throughout the IT organization apply updates consistently, even if the
clusters are managed by different lines-of-business or administrators.
CAU can schedule Updating Runs on regular daily, weekly, or monthly intervals to help coordinate
cluster updates with other IT management processes.
CAU provides an extensible architecture to update the cluster software inventory in a cluster-aware
fashion. This can be used by publishers to coordinate the installation of software updates that are not
published to Windows Update or Microsoft Update or that are not available from Microsoft, for example,
updates for non-Microsoft device drivers.
CAU self-updating mode enables a “cluster in a box” appliance (a set of clustered physical machines
running Windows Server 2012, typically packaged in one chassis) to update itself. Typically, such
appliances are deployed in branch offices with minimal local IT support to manage the clusters. Selfupdating
mode offers great value in these deployment scenarios.
QUESTION 2
Your network contains an Active Directory domain named contoso.com.
The network contains a server named Server1 that has the Hyper-V server role installed.
Server1 hosts a virtual machine named VM1.
You deploy a new standalone server named Server2.
You install the Hyper-V server role on Server2.
Another administrator named Admin1 plans to create a replica of VM1 on Server2.
You need to ensure that Admin1 can configure Server2 to receive a replica of VM1.
To which group should you add Admin1?
A. Server Operators
B. Domain Admins
C. Hyper-V Administrators
D. Replicator
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
QUESTION 3
Your network contains an Active Directory domain named contoso.com.
The domain contains 20 servers that run Windows Server 2012.
The domain contains a Microsoft System Center 2012 infrastructure.
A web application named WebApp1 is installed on the 20 servers.
You plan to deploy a custom registry key for WebApp1 on the 20 servers.
You need to deploy the registry key to the 20 servers.
The solution must ensure that you can verify whether the registry key was applied successfully to the
servers.
What should you do? More than one answer choice may achieve the goal. Select the BEST answer.
A. From Operations Manager, create a monitor.
B. From the Group Policy Management console, create a Group Policy object (GPO).
C. From Configuration Manager, create a Compliance Settings.
D. From Orchestrator Runbook Designer, create a runbook.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
System Center Configuration Manager can be used to deploy software (including registry keys) to
clients and servers.
SCCM also generates reports after deployments, which you can then use to verify deployment
success/failure.
https://technet.microsoft.com/en-us/library/bb680619.aspx
Explanation:
http://technet.microsoft.com/en-us/library/gg682139.aspx
QUESTION 4
Your network contains an Active Directory domain named contoso.com.
You currently have an intranet web site that is hosted by two Web servers named Web1 and Web2.
Web1 and Web2 run Windows Server 2012.
Users use the name intranet.contoso.com to request the web site and use DNS round robin.
You plan to implement the Network Load Balancing (NLB) feature on Web1 and Web2.
You need to recommend changes to the DNS records for the planned implementation.
What should you recommend?
A. Create one alias (CNAME) record named Intranet. Map the CNAME record to Intranet.
B. Delete both host (A) records named Intranet. Create a pointer (PTR) record for each Web server.
C. Create a new host (A) record named Intranet. Remove both host (A) records for Web1 and Web2.
D. Delete one of the host (A) records named Intranet. Modify the remaining host (A) record named
Intranet.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
QUESTION 5
Your network contains five servers that run Windows Server 2012.
You install the Hyper-V server role on the servers.
You create an external virtual network switch on each server.
You plan to deploy five virtual machines to each Hyper-V server.
Each virtual machine will have a virtual network adapter that is connected to the external virtual network
switch and that has a VLAN identifier of 1.
Each virtual machine will run Windows Server 2012.
All of the virtual machines will run the identical web application.
You plan to install the Network Load Balancing (NLB) feature on each virtual machine and join each virtual
machine to an NLB cluster.
The cluster will be configured to use unicast only.
You need to ensure that the NLB feature can distribute connections across all of the virtual
machines.
What should you do?
A. From the properties of each virtual machine, add a second virtual network adapter.
Connect the new virtual network adapters to the external virtual network switch.
Configure the new virtual network adapters to use a VLAN identifier of 2.
B. On each Hyper-V server, create a new private virtual network switch.
From the properties of each virtual machine, add a second virtual network adapter.
Connect the new virtual network adapters to the new private virtual network switches.
C. On each Hyper-V server, create a new external virtual network switch.
From the properties of each virtual machine, add a second virtual network adapter.
Connect the new virtual network adapters to the new external virtual network switches.
D. From the properties of each virtual machine, enable MAC address spoofing for the existing virtual
network adapter.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
Explanation:
MAC spoofing
The changing of the assigned MAC address may allow the bypassing of access control lists on servers or
routers, either hiding a computer on a network or allowing it to impersonate another network device.
A user may wish to legitimately spoof the MAC address of a previous hardware device in order to reacquire
connectivity after hardware failure.
http://blogs.technet.com/b/jhoward/archive/2009/05/21/new-in-hyper-v-windows-server-2008-r2-part-2-
macspoofing.aspx
QUESTION 6
Your network contains a server named Server1 that runs Windows Server 2012.
Server1 is configured as a Hyper-V host.
Server1 hosts a virtual machine named VM1.
VM1 is configured as a file server that runs Windows Server 2012.
VM1 connects to a shared storage device by using the iSCSI Initiator.
You need to back up the files and the folders in the shared storage used by VM1.
The solution must ensure that open files are included in the backup.
What should you do?
A. From Hyper-V Manager, create a snapshot of VM1.
B. From Server1, perform a backup by using Windows Server Backup.
C. From VM1, perform a backup by using Windows Server Backup.
D. From Microsoft System Center 2012 Virtual Machine Manager (VMM), create a copy of VM1.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Reference: https://technet.microsoft.com/en-us/library/dn798286.aspx#BKMK_VM_B
Back up data from within the Virtual Machine when you need to backup data that is not supported
by Hyper-V VSS... like iSCSI Storage.
certbase notes:
We can start Server Backup on VM1 and make a backup of the relevant user data Windows. The Volume
Shadow Copy Service (VSS) allows besides, also the fuse of files that are in use. The remaining solutions
not lead to the goal. The user data are not on the Hyper-V host, but on an external storage device. The
Creating a Snapshots (apart from the fact, that a Snapshot never an alternative to a data backup
represents) or backing up or Copy the virtual machine, closes the data of the external memory not a.
Explanation:
Backing Up Hyper-V Virtual Machines Using Windows Server Backup
http://blogs.msdn.com/b/taylorb/archive/2008/08/20/backing-up-hyper-v-virtual-machines-usingwindowsserver-
backup.aspx
QUESTION 7
Your network contains three networks named LAN1, LAN2, and LAN3.
You have a Hyper-V host named Hyper1 that has Windows Server 2012 installed.
Hyper1 has three network adapters.
The network adapters are configured as shown in the following table.
Hyper1 hosts 10 virtual machines.
A virtual machine named VM1 runs a line-of-business applicatio
n that is used by all of the users of LAN1.
All of the other virtual machines are connected to LAN2.
You need to implement a solution to ensure that users can access VM1 if either NIC1 or NIC2 fails.
What should you do?
A. From the properties of each virtual network adapter, enable network adapter teaming, and then modify
the bandwidth management settings.
B. From the properties of each virtual network adapter, enable network adapter teaming, and then enable
virtual LAN identification.
C. From the properties of each physical network adapter, enable network adapter teaming, and then add a
second legacy network adapter to VM1.
D. From the properties of each physical network adapter, enable network adapter teaming, and then
create a virtual switch.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
NIC Teaming Overview
https://technet.microsoft.com/en-us/library/hh831648.aspx
Updated: November 5, 2014
Applies To: Windows Server 2012 R2
NIC Teaming, also known as load balancing and failover (LBFO), allows multiple network adapters on a
computer to be placed into a team for the following purposes:
Bandwidth aggregation
Traffic failover to prevent connectivity loss in the event of a network component failure
This feature has been a requirement for independent hardware vendors (IHVs) to enter the server network
adapter market, but until now NIC Teaming has not been included in Windows Server operating systems.
For more information about NIC Teaming in Windows Server® 2012 R2, see Windows Server 2012 R2
NIC Teaming (LBFO) Deployment and Management.
For more information about NIC Teaming in Windows Server® 2012, see Windows Server 2012 NIC
Teaming (LBFO) Deployment and Management.
https://technet.microsoft.com/en-US/library/mt179272.aspx
QUESTION 8
Your network contains an Active Directory domain named contoso.com.
You deploy Microsoft System Center 2012 Virtual Machine Manager (VMM).
The network contains five physical servers.
The servers are configured as shown in the following table.
You plan to use VMM to convert the existing physical servers to virtual machines.
You need to identify which physical servers can be converted to virtual machines.
Which servers should you identify? (Each correct answer presents part of the solution. Choose all that
apply.)
A. Server1
B. Server2
C. Server3
D. Server4
E. Server5
Correct Answer: ADE
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked with certbase
certbase Notes:
Microsoft System Center Virtual Machine Manager (VMM) allows you to convert physical machines to
virtual machines using the physical-to-virtual machine conversion (P2V). VMM simplifies P2V conversion
by a task-based wizard that largely automates the conversion process. For a P2V conversion following
conditions apply to the source computer:
Mindestes 512 MB RAM
Volumes are only supported up to a size of 2040 GB.
ACPI BIOS (Advanced Configuration and Power Interface) - Vista WinPE will not install using a different
BIOS.
VMM and the host computer must have access to the source machine.
Must not be located in a perimeter network. A perimeter network, also known as a screened subnet, is a
collection of devices and subnets that are positioned between an intranet and the Internet to protect the
intranet from unauthorized Internet users. The source computer for a P2V conversion can be in any other
network topology, connect to the source computer manufactured in the VMM server for temporary
installation of an agent and Windows Management Instrumentation (WMI) calls to the source computer can
be made.
https://technet.microsoft.com/en-us/library/gg610562.aspx
Explanation:
https://technet.microsoft.com/en-us/library/gg610610.aspx
QUESTION 9
Your network contains an Active Directory Rights Management Services (AD RMS) cluster named
Cluster1.
You plan to change Cluster1 to a new AD RMS cluster named Cluster2.
You need to ensure that all users retrieve the location of the AD RMS templates from Cluster2.
What should you do?
A. Create an alias (CNAME) record named clusterl.contoso.com that points to Cluster2.
B. Modify the Service Connection Point (SCP).
C. Modify the templates file location of the rights policy templates.
D. Modify the exclusion policies.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Only one SCP can exist in your Active Directory forest. If you try to install AD RMS and an SCP already
exists in your forest from a previous AD RMS installation that was not properly deprovisioned, the new
SCP will not install properly. It must be removed before you can establish the new SCP.
SCP – Service Connection point holds the IP address of the ADRMS Certification Cluster. You can ONLY
HAVE ONE OF THESE on your network. If you install ADRMS, and then uninstall it, the SCP might still be
there, so when you attempt to reinstall ADRMS you will need to delete the old SCP. You can delete the
SCP with Active Directory by using the Sites and Services console or with Adsiedit or AD RMS Itself if
it is still installed OR you can download the AD RMS Administration Toolkit and run ADScpRegister.exe
unregisterscp – haven’t seen this though.
Reference: http://social.technet.microsoft.com/wiki/contents/articles/710.the-ad-rms-service-connectionpoint.
aspx
QUESTION 10
Your network contains an Active Directory domain named contoso.com.
You deploy Active Directory Certificate Services (AD CS).
Your company, which is named Contoso, Ltd., has a partner company named Fabrikam, Inc.
Fabrikam also deploys AD CS. Contoso and Fabrikam plan to exchange signed and encrypted email
messages.
You need to ensure that the client computers in both Contoso and Fabrikam trust each other's
email certificates.
The solution must prevent other certificates from being trusted.
What should you do? More than one answer choice may achieve the goal. Select the BEST answer.
A. Implement an online responder in each company.
B. Exchange the root certification authority (CA) certificates of both companies, and then deploy the
certificates to the Trusted Root Certification Authorities store by using Group Policy objects (GPOs).
C. Exchange the root certification authority (CA) certificates of both companies, and then deploy the
certificates to the Enterprise Trust store by using Group Policy objects (GPOs).
D. Implement cross-certification in each company.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
QUESTION 11
Your network contains an Active Directory domain named contoso.com.
Your company has an enterprise root certification authority (CA) named CA1.
You plan to deploy Active Directory Federation Services (AD FS) to a server named Serverl.
The company purchases a Microsoft Office 365 subscription.
You plan register the company's SMTP domain for Office 365 and to configure single sign-on for all users
.
You need to identify which certificate or certificates are required for the planned deployment.
Which certificate or certificates should you identify?
A. a server authentication certificate that is issued by a trusted third-party and that contains the subject
name serverl.contoso.com
B. a server authentication certificate that is issued by CA1 and that contains the subject name Server1
C. a server authentication certificate that is issued by a trusted third-party root CA and that contains the
subject name Server1
D. a server authentication certificate that is issued by CA1 and that contains the subject name
serverl.contoso.com
E. self-signed server authentication certificates for serverl.contoso.com
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Correct - A - AD FS requires an SSL certificate (which is also known as a Server Authentication Certificate)
that is issued by a third party, and whose UPN is internet-routable.
Not B or C or D - A is required for AD FS... the rest are not required as they are either privately issued, or
have a short/private UPN.
Not E - E refers to server authentication certificates, the requirements asks for a token-signing certificate.
Token signing certificates are generated automatically and Microsoft recommends that we use the default
certificate as it has the benefit of updating itself when it expires etc.
https://gyazo.com/48a6ff83688b3c355578d5dea565acbd
Reference: https://support.office.com/en-sg/article/Plan-for-third-party-SSL-certificates-for-Office-365-
b48cdf63-07e0-4cda-8c12-4871590f59ce
QUESTION 12
Your network contains an Active Directory domain named contoso.com.
The network contains two servers named Server1 and Server2.
You deploy Active Directory Certificate Services (AD CS).
The certification authority (CA) is configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can issue certificates based on certificate templates.
What should you do?
A. On Server1, install the Network Device Enrollment Service role service.
B. Configure Server2 as a standalone subordinate CA.
C. Configure Server2 as an Enterprise CA.
D. On Server1, run the Add-CertificateEnrollmentPolicyServer cmdlet.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Not A or C as those are not applicable.
Not B as a standalone CA cannot issue certificates.
Explanation:
In a typical CA infrastructure the Stand-alone CAs are primarily intended to be used as Trusted Offline
RootCAs in a CA hierarchy or when extranets and the Internet are involved.
In a stand-alone CA Certificatetemplates are not used.
An enterprise CA uses certificate types, which are based on a certificate template
QUESTION 13
Your network contains an Active Directory domain named contoso.com.
You plan to deploy an Active Directory Federation Services (AD FS) farm that will contain eight federation
servers.
You need to identify which technology or technologies must be deployed on the network before
you install the federation servers.
Which technology or technologies should you identify? (Each correct answer presents part of the solution.
Choose all that apply.)
A. Network Load Balancing (NLB)
B. Microsoft Forefront Identity Manager (FIM) 2010
C. The Windows Internal Database feature
D. Microsoft SQL Server 2012
E. The Windows Identity Foundation 3.5 feature
Correct Answer: AD
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Best practices for deploying a federation server farm We recommend the following best practices for
deploying a federation server in a production environment:
- (A) Use NLB or some other form of clustering to allocate a single IP address for many federation server
computers.
- (D) If the AD FS configuration database will be stored in a SQL database, avoid editing the SQL database
from multiple federation servers at the same time.
- If you will be deploying multiple federation servers at the same time or you know that you will be adding
more servers to the farm over time, consider creating a server image of an existing federation server in the
farm and then installing from that image when you need to create additional federation servers quickly.
- Reserve a static IP address for each federation server in the farm and, depending on your Domain Name
System (DNS) configuration, insert an exclusion for each IP address in Dynamic Host Configuration
Protocol (DHCP). Microsoft NLB technology requires that each server that participates in the NLB cluster
be assigned a static IP address.
Reference: When to Create a Federation Server Farm
QUESTION 14
Your network contains an Active Directory domain named contoso.com.
The network contains a server named Server1 that runs Windows Server 2012.
Server1 has the Active Directory Certificate Services server role installed.
Serve1l is configured as an offline standalone root certification authority (CA).
You install the Active Directory Certificate Services server role on Server2 and configure the server as an
enterprise subordinate CA.
You need to ensure that the certificate issued to Server2 is valid for 10 years.
What should you do first?
A. Modify the registry on Server1.
B. Modify the registry on Server2.
C. Modify the CAPolicy.inf file on Server2.
D. Modify the subordinate CA certificate template.
E. Modify the CAPolicy.inf file on Server1.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
The issuing CA is an offline standalone CA so templates do not apply here (normally with a normal
CA you would simply copy the certificate template and then modify it, create a certificate from that
new template and then issue it to Server2).
But since the issuing CA is a standalone, offline CA (standalone CAs do not use templates), we will
simply power the CA server on modify the registy settings using certutil.exe
We will then export the new, modified certificate to Server2.
The commands we need to modify the registry are:
certutil -setreg ca\ValidityPeriod “Years”
certutil -setreg ca\ValidityPeriodUnits “5”
http://technet.microsoft.com/en-us/library/hh831348.aspx
http://marckean.wordpress.com/2010/07/28/build-an-offline-root-ca-with-a-subordinate-ca/
Point 4. Setup the root CA to issue certificates with an expiry date of 10 years (will issue to the Sub CA for
10 years)
Change the following registry path on the Root CA -HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\services\CertSvc\Configuration\Root-CA\ValidityPeriodUnits
Change the REG_DWORD decimal value to 10.
This changes it to 10 years, so when the Sub CA gets a certificate, it won’t expire for another 10 years.
QUESTION 15
Your company has an office in New York.
Many users connect to the office from home by using the Internet.
You deploy an Active Directory Certificate Services (AD CS) infrastructure that contains an enterprise
certification authority (CA) named CA1.
CA1 is only available from hosts on the internal network.
You need to ensure that the certificate revocation list (CRL) is available to all of the users.
What should you do? (Each correct answer presents part of the solution. Choose all that apply.)
A. Create a scheduled task that copies the CRL files to a Web server.
B. Run the Install-ADCSWebEnrollment cmdlet.
C. Run the Install-EnrollmentPolicyWebService cmdlet.
D. Deploy a Web server that is accessible from the Internet and the internal network.
E. Modify the location of the Authority Information Access (AIA).
F. Modify the location of the CRL distribution point (CDP).
Correct Answer: ADF
Section: [none]
Explanation
Explanation/Reference:
Explanation:
D: access to CRLs for the 'Internet scenario' is fully supported and includes the following features:
CRLs will be located on Web servers which are Internet facing.
CRLs will be accessed using the HTTP retrieval protocol.
CRLs will be accessed using an external URL of
http://dp1.pki.contoso.com/pk
F: To successfully authenticate an Internet Protocol over Secure Hypertext Transfer Protocol (IP-HTTPS)-
based connection, DirectAccess clients must be able to check for certificate revocation of the secure
sockets layer (SSL) certificate submitted by the DirectAccess server.
To successfully perform intranet detection, DirectAccess clients must be able to check for certificate
revocation of the SSL certificate submitted by the network location server.
This procedure describes how to do the following:
Create a Web-based certificate revocation list (CRL) distribution point using Internet Information Services
(IIS)
Configure permissions on the CRL distribution shared folder Publish the CRL in the CRL distribution
shared folder
Reference: Configure a CRL Distribution Point for Certificates
QUESTION 16
Your network contains five Active Directory forests.
You plan to protect the resources in one of the forests by using Active Directory Rights Management
Services (AD RMS)
Users in all of the forests will access the protected resources.
You need to identify the minimum number of AD RMS clusters required for the planned
deployment.
What should you identify?
A. One root cluster and five licensing clusters
B. One licensing cluster and five root clusters
C. Five root clusters
D. Five licensing clusters
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
C is Correct.
Root Cluster – this is the first server in an AD RMS cluster, which automatically becomes the Root Cluster
by default. The Root Cluster handles all certification and licensing requests for the domain in which it is
installed. It is recommended to have as few AD RMS Clusters as possible.
Each Forest will become a Root Cluster.
Licensing-Only Cluster - Licensing-Only Clusters perform only licensing (not certification). Licensing only
clusters decrease performance as they have to constantly "check back" with the Root Cluster for licensing
integrity. Licensing clusters are ONLY recommended when you have a department that requires a different
licensing arrangement to your other departments.
In the case of this question: We have 5 Forest, so we have to have at least 5 Root Clusters. We have no
need for licensing clusters.
https://technet.microsoft.com/en-us/library/cc771175.aspx
https://technet.microsoft.com/en-us/library/jj554774.aspx
QUESTION 17
Your network contains a Hyper-V host named Host1.
Host1 hosts 25 virtual machines.
All of the virtual machines are configured to start automatically when Host1 restarts.
You discover that some of the virtual machines fail to start automatically when Host1 restarts and require
an administrator to start them manually.
You need to modify the settings of the virtual machines to ensure that they automatically restart
when Host1 restarts.
Which settings should you modify?
A. Memory weight
B. Maximum RAM
C. Startup RAM
D. Minimum RAM
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
QUESTION 18
Your network contains multiple servers that run Windows Server 2012.
The network contains a Storage Area Network (SAN) that only supports Fibre Channel connections.
You have two failover clusters.
The failover clusters are configured as shown in the following table.
You plan to implement 15 highly available virtual machines on Cluster2.
All of the virtual machines will be stored in a single shared folder.
You need to ensure that the VHD files of the virtual machines can be stored on the SAN.
What should you do? (Each correct answer presents a complete solution.Choose all that apply.)
A. From a node in Cluster2, create a Virtual Fibre Channel SAN.
B. From a node in Cluster1, create a Virtual Fibre Channel SAN.
C. From Cluster1, add the iSCSI Target Server cluster role.
D. From Cluster1, configure the clustered File Server role of the File Server for scale-out application data
type.
Correct Answer: CD
Section: [none]
Explanation
Explanation/Reference:
File Server for Scale-Out Application Data provides the File Server with the ability to share the
same folder from multiple nodes in the Cluster (so from both nodes, i our case)
iSCSI Target Server Role will expose the SAN Storage through iSCSI for the Guests to see.
Explanation:
* After the virtual machines are connected to the storage system using the virtual Fibre Channel
components shared storage can be used by each VM, which enables Hyper-V guest clustering. Before the
virtual Fibre Channel features were available, Hyper-V guest machines were limited to iSCSI connections
to enable shared storage for guest clustering.
* A new feature in Windows Server 2012 Hyper-V is the ability to create a virtual Fibre Channel SAN. Each
guest VM created on Windows Server 2012 includes a new option Add hardware Fibre Channel cards,
which can be attributed to World Wide node names(WWNN) and select the virtual combine Virtual SAN
Fibre Channel adapters.
QUESTION 19
Your network contains two servers named Server1 and Server2 that run Windows Server 2012.
Server1 and Server2 have the Hyper-V server role installed and are part of a host group named Group1 in
Microsoft System Center 2012 Virtual Machine Manager (VMM).
Server1 and Server2 have identical hardware, software, and settings.
You configure VMM to migrate virtual machines if the CPU utilization on a host exceeds 65 percent.
The current load on the servers is shown following table.
You start a new virtual machine on Server2 named VM8.
VM8 has a CPU utilization of 20 percent.
You discover that none of the virtual machines hosted on Server2 are migrated to Server1.
You need to ensure that the virtual machines hosted on Server2 are migrated to Server1.
What should you modify from the Dynamic Optimization configuration?
A. The Host Reserve threshold
B. The Aggressiveness level
C. The Dynamic Optimization threshold
D. The Power Optimization threshold
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Correct is B
Host Reserve Threshold – defines the amount of resources that are reserved for the Hyper-V Host’s
Operating System.
Power Optimization Threshold – defines power optimization settings. Can automatically power a machine
on or off according to settings.
Aggressiveness Level: Aggressiveness determines the amount of load imbalance that is required to initiate
a migration during Dynamic Optimization.
QUESTION 20
Your network contains a Microsoft System Center 2012 Virtual Machine Manager (VMM) server named
Server1.
You use Server1 to manage 20 Hyper-V hosts.
The network also contains five Citrix XenServer visualization hosts
.
You need to recommend which installation is required to manage the XenServer servers from
Server1.
What should you recommend installing?
A. The Citrix XenServer -Microsoft System Center Integration Pack on Server1
B. Citrix Essentials for Hyper-V on Server1
C. Citrix Essentials for Hyper-V on the Citrix XenServer hosts
D. The Citrix XenServer -Microsoft System Center Integration Pack on the Citrix XenServer hosts
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
SCCM VMM can be used to managed Virtual Machines from other vendors like VMWare and Citrix. To
enable VMM to manage Xenserver Hosts, you simply install the Microsoft System Center Integration
pack on the Xenserver Hosts.
https://www.citrix.com/blogs/2011/06/16/managing-xenserver-with-system-center-virtual-machinemanager-
scvmm-2012/
QUESTION 21
Your network contains two data centers named DataCenter1 and DataCenter2.
The two data centers are connected by using a low-latency high-speed WAN link.
Each data center contains multiple Hyper-V hosts that run Windows Server 2012.
All servers connect to a Storage Area Network (SAN) in their local data center.
You plan to implement 20 virtual machines that will be hosted on the Hyper-V hosts.
You need to recommend a hosting solution for the virtual machines.
The solution must meet the following requirements:
- Virtual machines must be available automatically on the network if a single
Hyper-V host fails.
- Virtual machines must be available automatically on the network if a single
data center fails.
What should you recommend?
A. One failover cluster and one Distributed File System (DFS) Replication group in each data center
B. One failover cluster in DataCenter1 and Hyper-V replicas to DataCenter2
C. One failover cluster that spans both data centers and SAN replication between the data centers
D. One failover cluster in DataCenter2 and one DFS Replication group in DataCenter1
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
QUESTION 22
You have a Hyper-V host named Hyper1 that has Windows Server 2012 Installed.
Hyper1 hosts 20 virtual machines.
Hyper1 has one physical network adapter.
You need to implement a networking solution that evenly distributes the available bandwidth on
Hyper1 to all of the virtual machines.
What should you modify?
A. The Quality of Service (QoS) Packet Scheduler settings of the physical network adapter
B. The settings of the virtual network adapter
C. The settings of the virtual switch
D. The settings of the legacy network adapter
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
https://gyazo.com/86e6a04f07489b438b4303348bb63356
Bandwidth aggregation is available in the settings of the virtual network adapter.
QUESTION 23
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System center 2012 infrastructure.
You deploy a second System Center 2012 infrastructure in a test environment.
You create a service template named Template1 in both System Center 2012 infrastructures.
For self-service users, you create a service offering for Template1.
The users create 20 instances of Template1.
You modify Template1 in the test environment.
You export the service template to a file named Templatel.xml.
You need to ensure that the changes to Template1 can be applied to the existing instances in the
production environment.
What should you do when you import the template?
A. Create a new service template.
B. Overwrite the current service template.
C. Change the release number of the service template.
D. Change the name of the service template.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
QUESTION 24
Your network contains an Active Directory domain named contoso.com.
The corporate security policy states that when new user accounts, computer accounts, and contacts are
added to an organizational unit (OU) named Secure, the addition must be audited.
You need to recommend an auditing solution to meet the security policy.
What should you include in the recommendation? (Each answer presents part of the solution. Choose all
that apply.)
A. From the Default Domain Controllers Policy, enable the Audit directory services setting.
B. Create a new Group Policy object (GPO) that is linked to the Secure OU, and then modify the Audit
directory services setting.
C. From the Secure OU, modify the Auditing settings.
D. From the Default Domain Controllers Policy, enable the Audit object access setting.
E. From the Secure OU, modify the Permissions settings.
F. Create a new Group Policy object (GPO) that is linked to the Secure OU, and then modify the Audit
object access setting.
Correct Answer: AC
Section: [none]
Explanation
Explanation/Reference:
Audit directory service access is the only way to track changes to OUs and GPOs.
Then we link the create a new GPO and customize our audit settings, then link it to the OU.
QUESTION 25
Your company has 10,000 users located in 25 different sites.
All servers run Windows Server 2012.
All client computers run either Windows 7 or Windows 8.
You need to recommend a solution to provide self-service password reset for all of the users.
What should you include in the recommendation?
A. the Microsoft System Center 2012 Service Manager Self-Service Portal and Microsoft System Center
2012 Operation Manager management packs
B. Microsoft System Center 2012 Operations Manager management packs and Microsoft System Center
2012 Configuration Manager collections
C. Microsoft System Center 2012 App Controller and Microsoft System Center 2012 Orchestrator
runbooks
D. the Microsoft System Center 2012 Service Manager Self-Service Portal and Microsoft System Center
2012 Orchestrator runbooks
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
QUESTION 26
Your company has a human resources department, a finance department, a sales department, and an
R&D department.
The company audits the access of documents that contain department-specific sensitive information.
You are planning an administrative model for the departments to meet the following requirements:
- Provide R&D managers with the ability to back up all the files of their
department only.
- Provide finance managers with the ability to view the audit logs for the
files of their department only.
- Provide human resources managers with the ability to view the audit logs for
the files of their department only.
- Provide sales managers with the ability to modify the permissions on all the
shared folders of their department only.
You need to identify the minimum amount of file servers required on the network to meet the
requirements of each department.
How many file servers should you identify?
A. 1
B. 2
C. 3
D. 4
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
01/12/2015 // Checked
Finance managers & human resources (2 fileserver) need separate for sake of security (If we assign
permission for both of them to view audit logs, then they will be able to see ALL audit logs on the server -
including that of the other department).
The R&D Managers will need their own file server too because backup operators can view and backup all
files on the server.
Sales managers can use either one of he auditing departments fileservers... Finance managers & human
resources each have their own file server for auditing, we can simply throw the Sales managers onto one
of those servers and delegate permissions for them (they obviously wont be able to view audit logs of the
other department on the server).
Certbase notes:
If we assume that the head of the Research and Development Department to use Windows Server Backup
for backing up your data, the department must have its own file server. Membership in the Administrators
group or the Backup Operators group is required for using Windows Server Backup. Members of these
groups can create backups of all files. The departments accounting and personnel also require each have
their own file server.
Here it is important to ensure that the head of department can only view audit records for the files of their
own department. The request of the head of sales department can be satisfied on fairly simple manner.
The appropriate user accounts can get full access to their department folder and the permissions then
autonomously manage. To meet this requirement, a separate file server is required. Since no monitoring is
required, the data can be provided on the file server of the accounting or the file server of the HR
department.
 |
 |
 |
 |
 | |
|---|---|---|---|---|---|
|
Test
King
|
Pass4sure
|
Actual
Tests
|
Other
Brands
| ||
| Customer Reviews |  |
 |
 |
 |
 |
|
$89.99
|
$124.99
|
$125.99
|
$189.00
|
$29.99~$49.99
| |
| Up-To-Dated |  |
 |
 |
 |
 |
| Real Questions & Answers |  |
 |
 |
 |
 |
| Correct All Error |  |
 |
 |
 |
 |
| Premium VCE Dumps |  |
 |
 |
 |
 |
| Free VCE Simulator |  |
 |
 |
 |
 |
| Unlimited After One Time Purchasing |  |
 |
 |
 |
 |
| Instant Download |  |
 |
 |
 |
 |
| Printable PDF Dumps |  |
 |
 |
 |
 |
| 100% Pass Guarantee |  |
 |
 |
 |
 |
| 100% Money Back |  |
 |
 |
 |
 |
100% Pass:http://examsavior.com/
It was really hard to think such a great success without the help of 70-414 Dumps because I was not having any background knowledge of the field. I liked questions and answers which were full of relevant information. 70-414 Dumps PDF has become my favorite study material.
ReplyDelete