QUESTION 1
Your network contains two clusters.
The clusters are configured as shown in the following table.
All of the servers in both of the clusters run Windows Server 2012.
You need to plan the application of Windows updates to the nodes in the cluster.
What should you include in the plan? More than one answer choice may achieve the goal. Select
the BEST answer.
A. Cluster-Aware Updating (CAU) self-updating and downloaded updates from Windows Server
Update Services (WSUS)
B. Microsoft System Center 2012 Service Manager integrated with Windows Server Update
Service (WSUS)
C. A manual application of Windows updates on all of the cluster node
D. Microsoft System Center 2012 Configuration Manager integrated with Windows Server
Update Service (WSUS)
Answer: A
QUESTION 2
Your network contains an Active Directory domain named contoso.com.
The network contains a server named Server1 that has the Hyper-V server role installed.
Server1 hosts a virtual machine named VM1.
You deploy a new standalone server named Server2.
You install the Hyper-V server role on Server2.
Another administrator named Admin1 plans to create a replica of VM1 on Server2.
You need to ensure that Admin1 can configure Server2 to receive a replica of VM1.
To which group should you add Admin1?
A. Server Operators
B. Domain Admins
C. Hyper-V Administrators
D. Replicator
Answer: C
QUESTION 3
Your network contains an Active Directory domain named contoso.com.
The domain contains 20 servers that run Windows Server 2012.
The domain contains a Microsoft System Center 2012 infrastructure.
A web application named WebApp1 is installed on the 20 servers.
You plan to deploy a custom registry key for WebApp1 on the 20 servers.
You need to deploy the registry key to the 20 servers.
The solution must ensure that you can verify whether the registry key was applied successfully to
the servers.
What should you do? More than one answer choice may achieve the goal. Select the BEST
answer.
A. From Operations Manager, create a monitor.
B. From the Group Policy Management console, create a Group Policy object (GPO).
C. From Configuration Manager, create a Compliance Settings.
D. From Orchestrator Runbook Designer, create a runbook.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/gg682139.aspx
QUESTION 4
Your network contains servers that run Windows Server 2012.
The network contains two servers named Server1 and Server2 that are connected to a SAS
storage device. The device only supports two connected computers.
Server1 has the iSCSI Target Server role service installed.
Ten application servers use their iSCSI Initiator to connect to virtual disks in the SAS storage
device via iSCSI targets on Server1.
Currently, Server2 is used only to run backup software.
You install the iSCSI Target Server role service on Server2.
You need to ensure that the iSCSI targets are available if Server1 fails.
Which five actions should you perform? To answer, move the five appropriate actions from the list
of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
http://blogs.msdn.com/b/clustering/archive/2012/05/01/10299698.aspx
QUESTION 5
Your network contains multiple servers that run Windows Server 2012.
You plan to implement three virtual disks.
The virtual disks will be configured as shown in the following table.
You need to identify the minimum number of physical disks required for each virtual disk.
How many disks should you identify? To answer, drag the appropriate number of disks to the
correct virtual disk in the answer area. Each number of disks may be used once, more than once,
or not at all. Additionally, you may need to drag the split bar between panes or scroll to view
content.
Answer:
Explanation:
http://technet.microsoft.com/es-es/library/jj822938.aspx
They are not talking about Clusters, a single server only, so a standalone server.
QUESTION 6
Your network contains an Active Directory domain named contoso.com.
You currently have an intranet web site that is hosted by two Web servers named Web1 and
Web2.
Web1 and Web2 run Windows Server 2012.
Users use the name intranet.contoso.com to request the web site and use DNS round robin.
You plan to implement the Network Load Balancing (NLB) feature on Web1 and Web2.
You need to recommend changes to the DNS records for the planned implementation.
What should you recommend?
A. Create one alias (CNAME) record named Intranet. Map the CNAME record to Intranet.
B. Delete both host (A) records named Intranet. Create a pointer (PTR) record for each Web
server.
C. Create a new host (A) record named Intranet. Remove both host (A) records for Web1 and
Web2.
D. Delete one of the host (A) records named Intranet. Modify the remaining host (A) record
named Intranet.
Answer: C
QUESTION 7
Your network contains five servers that run Windows Server 2012.
You install the Hyper-V server role on the servers.
You create an external virtual network switch on each server.
You plan to deploy five virtual machines to each Hyper-V server.
Each virtual machine will have a virtual network adapter that is connected to the external virtual
network switch and that has a VLAN identifier of 1.
Each virtual machine will run Windows Server 2012.
All of the virtual machines will run the identical web application.
You plan to install the Network Load Balancing (NLB) feature on each virtual machine and join
each virtual machine to an NLB cluster.
The cluster will be configured to use unicast only.
You need to ensure that the NLB feature can distribute connections across all of the virtual
machines.
What should you do?
A. From the properties of each virtual machine, add a second virtual network adapter.
Connect the new virtual network adapters to the external virtual network switch.
Configure the new virtual network adapters to use a VLAN identifier of 2.
B. On each Hyper-V server, create a new private virtual network switch.
From the properties of each virtual machine, add a second virtual network adapter.
Connect the new virtual network adapters to the new private virtual network switches.
C. On each Hyper-V server, create a new external virtual network switch.
From the properties of each virtual machine, add a second virtual network adapter.
Connect the new virtual network adapters to the new external virtual network switches.
D. From the properties of each virtual machine, enable MAC address spoofing for the existing
virtual network adapter.
Answer: D
Explanation:
MAC spoofing
The changing of the assigned MAC address may allow the bypassing of access control lists on
servers or routers, either hiding a computer on a network or allowing it to impersonate another
network device. A user may wish to legitimately spoof the MAC address of a previous hardware
device in order to reacquire connectivity after hardware failure.
http://blogs.technet.com/b/jhoward/archive/2009/05/21/new-in-hyper-v-windows-server-2008-r2-
part-2-macspoofing.aspx
QUESTION 8
Your network contains a server named Server1 that runs Windows Server 2012.
Server1 is configured as a Hyper-V host. Server1 hosts a virtual machine named VM1.
VM1 is configured as a file server that runs Windows Server 2012.
VM1 connects to a shared storage device by using the iSCSI Initiator.
You need to back up the files and the folders in the shared storage used by VM1.
The solution must ensure that open files are included in the backup.
What should you do?
A. From Hyper-V Manager, create a snapshot of VM1.
B. From Server1, perform a backup by using Windows Server Backup.
C. From VM1, perform a backup by using Windows Server Backup.
D. From Microsoft System Center 2012 Virtual Machine Manager (VMM), create a copy of VM1.
Answer: C
Explanation:
Backing Up Hyper-V Virtual Machines Using Windows Server Backup
http://blogs.msdn.com/b/taylorb/archive/2008/08/20/backing-up-hyper-v-virtual-machines-usingwindowsserver-
backup.aspx
QUESTION 9
Your network contains three networks named LAN1, LAN2, and LAN3.
You have a Hyper-V host named Hyper1 that has Windows Server 2012 installed.
Hyper1 has three network adapters.
The network adapters are configured as shown in the following table.
Hyper1 hosts 10 virtual machines. A virtual machine named VM1 runs a line-of-business
application that is used by all of the users of LAN1.
All of the other virtual machines are connected to LAN2.
You need to implement a solution to ensure that users can access VM1 if either NIC1 or NIC2
fails.
What should you do?
A. From the properties of each virtual network adapter, enable network adapter teaming, and
then modify the bandwidth management settings.
B. From the properties of each virtual network adapter, enable network adapter teaming, and
then enable virtual LAN identification.
C. From the properties of each physical network adapter, enable network adapter teaming, and
then add a second legacy network adapter to VM1.
D. From the properties of each physical network adapter, enable network adapter teaming, and
then create a virtual switch.
Answer: D
QUESTION 10
Your network contains an Active Directory Rights Management Services (AD RMS) cluster
named Cluster1.
You plan to change Cluster1 to a new AD RMS cluster named Cluster2.
You need to ensure that all users retrieve the location of the AD RMS templates from Cluster2.
What should you do?
A. Create an alias (CNAME) record named clusterl.contoso.com that points to Cluster2.
B. Modify the Service Connection Point (SCP).
C. Modify the templates file location of the rights policy templates.
D. Modify the exclusion policies.
Answer: B
QUESTION 11
Your network contains an Active Directory domain named contoso.com.
You deploy Microsoft System Center 2012 Virtual Machine Manager (VMM).
The network contains five physical servers.
The servers are configured as shown in the following table.
You plan to use VMM to convert the existing physical servers to virtual machines.
You need to identify which physical servers can be converted to virtual machines.
Which servers should you identify? (Each correct answer presents part of the solution. Choose all
that apply.)
A. Server1
B. Server2
C. Server3
D. Server4
E. Server5
Answer: ADE
Explanation:
http://technet.microsoft.com/en-us/systemcenter/hh278293.aspx
QUESTION 12
Your network contains an Active Directory domain named contoso.com.
You deploy Active Directory Certificate Services (AD CS).
Your company, which is named Contoso, Ltd., has a partner company named Fabrikam, Inc.
Fabrikam also deploys AD CS. Contoso and Fabrikam plan to exchange signed and encrypted
email messages.
You need to ensure that the client computers in both Contoso and Fabrikam trust each other's
email certificates.
The solution must prevent other certificates from being trusted.
What should you do? More than one answer choice may achieve the goal. Select the BEST
answer.
A. Implement an online responder in each company.
B. Exchange the root certification authority (CA) certificates of both companies, and then
deploy the certificates to the Trusted Root Certification Authorities store by using Group
Policy objects (GPOs).
C. Exchange the root certification authority (CA) certificates of both companies, and then
deploy the certificates to the Enterprise Trust store by using Group Policy objects (GPOs).
D. Implement cross-certification in each company.
Answer: D
QUESTION 13
Your network contains an Active Directory domain named contoso.com.
Your company has an enterprise root certification authority (CA) named CA1.
You plan to deploy Active Directory Federation Services (AD FS) to a server named Serverl.
The company purchases a Microsoft Office 365 subscription.
You plan register the company's SMTP domain for Office 365 and to configure single sign-on for
all users.
You need to identify which certificate or certificates are required for the planned deployment.
Which certificate or certificates should you identify? (Each correct answer presents a complete
solution. Choose all that apply.)
A. a server authentication certificate that is issued by a trusted third-party root CA and that
contains the subject name serverl.contoso.com
B. a server authentication certificate that is issued by CA1 and that contains the subject name
Server1
C. a server authentication certificate that is issued by a trusted third-party root CA and that
contains the subject name Server1
D. a server authentication certificate that is issued by CA1 and that contains the subject name
serverl.contoso.com
E. self-signed server authentication certificates for serverl.contoso.com
Answer: AE
QUESTION 14
Your network contains an Active Directory domain named contoso.com.
You plan to deploy an Active Directory Federation Services (AD FS) farm that will contain eight
federation servers.
You need to identify which technology or technologies must be deployed on the network before
you install the federation servers.
Which technology or technologies should you identify? (Each correct answer presents part of the
solution. Choose all that apply.)
A. Network Load Balancing (NLB)
B. Microsoft Forefront Identity Manager (FIM) 2010
C. The Windows Internal Database feature
D. Microsoft SQL Server 2012
E. The Windows Identity Foundation 3.5 feature
Answer: AD
Explanation:
Best practices for deploying a federation server farm We recommend the following best practices
for deploying a federation server in a production environment:
- (A) Use NLB or some other form of clustering to allocate a single IP address for many federation
server computers.
- (D) If the AD FS configuration database will be stored in a SQL database, avoid editing the SQL
database from multiple federation servers at the same time.
- If you will be deploying multiple federation servers at the same time or you know that you will be
adding more servers to the farm over time, consider creating a server image of an existing
federation server in the farm and then installing from that image when you need to create
additional federation servers quickly.
- Reserve a static IP address for each federation server in the farm and, depending on your
Domain Name System (DNS) configuration, insert an exclusion for each IP address in Dynamic
Host Configuration Protocol (DHCP). Microsoft NLB technology requires that each server that
participates in the NLB cluster be assigned a static IP address.
Reference: When to Create a Federation Server Farm
QUESTION 15
Your network contains an Active Directory domain named contoso.com.
The network contains two servers named Server1 and Server2.
You deploy Active Directory Certificate Services (AD CS).
The certification authority (CA) is configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can issue certificates based on certificate templates.
What should you do?
A. On Server1, install the Network Device Enrollment Service role service.
B. Configure Server1 as a standalone root CA.
C. Configure Server2 as an Enterprise CA
D. On Server1, run the Add-CertificateEnrollmentPolicyServer cmdlet.
Answer: C
Explanation:
In a typical CA infrastructure the Stand-alone CAs are primarily intended to be used as Trusted
Offline RootCAs in a CA hierarchy or when extranets and the Internet are involved.
In a stand-alone CA Certificatetemplates are not used.
An enterprise CA uses certificate types, which are based on a certificate template
QUESTION 16
Your network contains an Active Directory domain named contoso.com.
The network contains a server named Server1 that runs Windows Server 2012.
Server1 has the Active Directory Certificate Services server role installed.
Serve1l is configured as an offline standalone root certification authority (CA).
You install the Active Directory Certificate Services server role on Server2 and configure the
server as an enterprise subordinate CA.
You need to ensure that the certificate issued to Server2 is valid for 10 years.
What should you do first?
A. Modify the registry on Server1.
B. Modify the registry on Server2.
C. Modify the CAPolicy.inf file on Server2.
D. Modify the subordinate CA certificate template.
E. Modify the CAPolicy.inf file on Server1.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/hh831348.aspx
http://marckean.wordpress.com/2010/07/28/build-an-offline-root-ca-with-a-subordinate-ca/
Point 4. Setup the root CA to issue certificates with an expiry date of 10 years (will issue to the
Sub CA for 10 years)
Change the following registry path on the Root CA -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\Root-
CA\ValidityPeriodUnits
Change the REG_DWORD decimal value to 10.
This changes it to 10 years, so when the Sub CA gets a certificate, it won’t expire for another 10
years.
QUESTION 17
Your company has an office in New York.
Many users connect to the office from home by using the Internet.
You deploy an Active Directory Certificate Services (AD CS) infrastructure that contains an
enterprise certification authority (CA) named CA1.
CA1 is only available from hosts on the internal network.
You need to ensure that the certificate revocation list (CRL) is available to all of the users.
What should you do? (Each correct answer presents part of the solution. Choose all that apply.)
A. Create a scheduled task that copies the CRL files to a Web server.
B. Run the Install-ADCSWebEnrollment cmdlet.
C. Run the Install-EnrollmentPolicyWebService cmdlet.
D. Deploy a Web server that is accessible from the Internet and the internal network.
E. Modify the location of the Authority Information Access (AIA).
F. Modify the location of the CRL distribution point (CDP).
Answer: ADF
Explanation:
D: access to CRLs for the 'Internet scenario' is fully supported and includes the following features:
CRLs will be located on Web servers which are Internet facing.
CRLs will be accessed using the HTTP retrieval protocol.
CRLs will be accessed using an external URL of
http://dp1.pki.contoso.com/pk
F: To successfully authenticate an Internet Protocol over Secure Hypertext Transfer Protocol (IPHTTPS)-
based connection, DirectAccess clients must be able to check for certificate revocation
of the secure sockets layer (SSL) certificate submitted by the DirectAccess server.
To successfully perform intranet detection, DirectAccess clients must be able to check for
certificate revocation of the SSL certificate submitted by the network location server.
This procedure describes how to do the following:
Create a Web-based certificate revocation list (CRL) distribution point using Internet Information
Services (IIS)
Configure permissions on the CRL distribution shared folder Publish the CRL in the CRL
distribution shared folder
Reference: Configure a CRL Distribution Point for Certificates
QUESTION 18
Your network contains five Active Directory forests.
You plan to protect the resources in one of the forests by using Active Directory Rights
Management Services (AD RMS)
Users in all of the forests will access the protected resources.
You need to identify the minimum number of AD RMS clusters required for the planned
deployment.
What should you identify?
A. One root cluster and five licensing clusters
B. One licensing cluster and five root clusters
C. Five root clusters
D. Five licensing clusters
Answer: C
QUESTION 19
Your network contains a Hyper-V host named Host1.
Host1 hosts 25 virtual machines.
All of the virtual machines are configured to start automatically when Host1 restarts.
You discover that some of the virtual machines fail to start automatically when Host1 restarts and
require an administrator to start them manually.
You need to modify the settings of the virtual machines to ensure that they automatically restart
when Host1 restarts.
Which settings should you modify?
A. Memory weight
B. Maximum RAM
C. Startup RAM
D. Minimum RAM
Answer: C
QUESTION 20
Your network contains multiple servers that run Windows Server 2012.
The network contains a Storage Area Network (SAN) that only supports Fibre Channel
connections.
You have two failover clusters.
The failover clusters are configured as shown in the following table.
You plan to implement 15 highly available virtual machines on Cluster2.
All of the virtual machines will be stored in a single shared folder.
You need to ensure that the VHD files of the virtual machines can be stored on the SAN.
What should you do? (Each correct answer presents a complete solution.Choose all that apply.)
A. From a node in Cluster2, create a Virtual Fibre Channel SAN.
B. From a node in Cluster1, create a Virtual Fibre Channel SAN.
C. From Cluster1, add the iSCSI Target Server cluster role.
D. From Cluster1, configure the clustered File Server role of the File Server for scale-out
application data type.
Answer: AD
QUESTION 21
Your network contains two servers named Server1 and Server2 that run Windows Server 2012.
Server1 and Server2 have the Hyper-V server role installed and are part of a host group named
Group1 in Microsoft System Center 2012 Virtual Machine Manager (VMM).
Server1 and Server2 have identical hardware, software, and settings.
You configure VMM to migrate virtual machines if the CPU utilization on a host exceeds 65
percent.
The current load on the servers is shown following table.
You start a new virtual machine on Server2 named VM8.
VM8 has a CPU utilization of 20 percent.
You discover that none of the virtual machines hosted on Server2 are migrated to Server1.
You need to ensure that the virtual machines hosted on Server2 are migrated to Server1.
What should you modify from the Dynamic Optimization configuration?
A. The Host Reserve threshold
B. The Aggressiveness level
C. The Dynamic Optimization threshold
D. The Power Optimization threshold
Answer: B
QUESTION 22
Your network contains a Microsoft System Center 2012 Virtual Machine Manager (VMM) server
named Server1.
You use Server1 to manage 20 Hyper-V hosts.
The network also contains five Citrix XenServer visualization hosts.
You need to recommend which installation is required to manage the XenServer servers from
Server1.
What should you recommend installing?
A. The Citrix XenServer-Microsoft System Center Integration Pack on Server1
B. Citrix Essentials for Hyper-V on Server1
C. Citrix Essentials for Hyper-V on the Citrix XenServer hosts
D. The Citrix XenServer-Microsoft System Center Integration Pack on the Citrix XenServer
hosts
Answer: D
QUESTION 23
Your network contains two data centers named DataCenter1 and DataCenter2.
The two data centers are connected by using a low-latency high-speed WAN link.
Each data center contains multiple Hyper-V hosts that run Windows Server 2012.
All servers connect to a Storage Area Network (SAN) in their local data center.
You plan to implement 20 virtual machines that will be hosted on the Hyper-V hosts.
You need to recommend a hosting solution for the virtual machines.
The solution must meet the following requirements:
- Virtual machines must be available automatically on the network if a
single Hyper-V host fails.
- Virtual machines must be available automatically on the network if a
single data center fails.
What should you recommend?
A. One failover cluster and one Distributed File System (DFS) Replication group in each data
center
B. One failover cluster in DataCenter1 and Hyper-V replicas to DataCenter2
C. One failover cluster that spans both data centers and SAN replication between the data
centers
D. One failover cluster in DataCenter2 and one DFS Replication group in DataCenter1
Answer: C
QUESTION 24
You have a Hyper-V host named Hyper1 that has Windows Server 2012 Installed.
Hyper1 hosts 20 virtual machines.
Hyper1 has one physical network adapter.
You need to implement a networking solution that evenly distributes the available bandwidth on
Hyper1 to all of the virtual machines.
What should you modify?
A. The Quality of Service (QoS) Packet Scheduler settings of the physical network adapter
B. The settings of the network adapter
C. The settings of the virtual switch
D. The settings of the legacy network adapter
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/hh831823.aspx
Following is a list of capabilities that enhance Hyper-V Virtual Switch usability:
1. Bandwidth limit and burst support: Bandwidth minimum guarantees amount of bandwidth
reserved. Bandwidth maximum caps the amount of bandwidth a VM can consume.
QUESTION 25
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System center 2012 infrastructure.
You deploy a second System Center 2012 infrastructure in a test environment.
You create a service template named Template1 in both System Center 2012 infrastructures.
For self-service users, you create a service offering for Template1.
The users create 20 instances of Template1.
You modify Template1 in the test environment.
You export the service template to a file named Templatel.xml.
You need to ensure that the changes to Template1 can be applied to the existing instances in the
production environment.
What should you do when you import the template?
A. Create a new service template.
B. Overwrite the current service template.
C. Change the release number of the service template.
D. Change the name of the service template.
Answer: C
QUESTION 26
Your network contains an Active Directory domain named contoso.com.
The corporate security policy states that when new user accounts, computer accounts, and
contacts are added to an organizational unit (OU) named Secure, the addition must be audited.
You need to recommend an auditing solution to meet the security policy.
What should you include in the recommendation? (Each answer presents part of the solution.
Choose all that apply.)
A. From the Default Domain Controllers Policy, enable the Audit directory services setting.
B. Create a new Group Policy object (GPO) that is linked to the Secure OU, and then modify the
Audit directory services setting.
C. From the Secure OU, modify the Auditing settings.
D. From the Default Domain Controllers Policy, enable the Audit object access setting.
E. From the Secure OU, modify the Permissions settings.
F. Create a new Group Policy object (GPO) that is linked to the Secure OU, and then modify the
Answer: AB
QUESTION 27
You plan to implement a virtualization solution to host 10 virtual machines.
All of the virtual machines will be hosted on servers that run Windows Server 2012.
You need to identify which servers must be deployed for the planned virtualization solution.
The solution must meet the following requirements:
- Minimize the number of servers.
- Ensure that live migration can be used between the hosts.
Which servers should you identify? To answer, select the appropriate servers in the answer area.
Explanation:
Just two server with Hyper-V installed is enough to perform a Live Migration. (Minimize the number
of servers)
QUESTION 28
Your company has 10,000 users located in 25 different sites.
All servers run Windows Server 2012.
All client computers run either Windows 7 or Windows 8.
You need to recommend a solution to provide self-service password reset for all of the users.
What should you include in the recommendation?
A. the Microsoft System Center 2012 Service Manager Self-Service Portal and Microsoft
System Center 2012 Operation Manager management packs
B. Microsoft System Center 2012 Operations Manager management packs and Microsoft
System Center 2012 Configuration Manager collections
C. Microsoft System Center 2012 App Controller and Microsoft System Center 2012
Orchestrator runbooks
D. the Microsoft System Center 2012 Service Manager Self-Service Portal and Microsoft
System Center 2012 Orchestrator runbooks
Answer: D
QUESTION 29
Your company has a human resources department, a finance department, a sales department,
and an R&D department.
The company audits the access of documents that contain department-specific sensitive
information.
You are planning an administrative model for the departments to meet the following requirements:
- Provide R&D managers with the ability to back up all the files of
their department only.
- Provide finance managers with the ability to view the audit logs for
the files of their department only.
- Provide human resources managers with the ability to view the audit
logs for the files of their department only.
- Provide sales managers with the ability to modify the permissions on
all the shared folders of their department only.
You need to identify the minimum amount of file servers required on the network to meet the
requirements of each department.
How many file servers should you identify?
A. 1
B. 2
C. 3
D. 4
Answer: C
Explanation:
Finance managers & human resources (2 fileserver) need separate for sake of security.
Sales managers R&D managers (1 fileserver) can work together (No contain sensitive
information).
QUESTION 30
Your company has a main office and a branch office.
Each office contains several hundred computers that run Windows 2012.
You plan to deploy two Windows Server Update Services (WSUS) servers.
The WSUS servers will be configured as shown in the following table.
You need to implement the WSUS infrastructure to meet the following requirements:
- All updates must be approved from a server in the main office.
- All client computers must connect to a WSUS server in their local
office.
What should you do? (Each correct answer presents part of the solution. Choose all that apply.)
A. Deploy a Group Policy object (GPO) that has the update location set to Server1.
B. On Server2, configure WSUS in Replica mode.
C. On Server1, configure WSUS in Replica mode.
D. On Server2, configure WSUS in Autonomous mode.
E. Deploy a Group Policy object (GPO) that has the update location set to Server2.
F. On Server1, configure WSUS in Autonomous mode.
Answer: ABEF
Explanation:
http://technet.microsoft.com/en-us/library/cc720448(v=ws.10).aspx
QUESTION 31
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System center 2012 infrastructure.
The domain contains the computers configured as shown in the following table.
You need to implement a monitoring solution that gathers the security logs from all of the
computers in the domain.
Which monitoring solution should you implement? More than one answer choice may achieve the
goal. Select the BEST answer.
A. Data Collector Sets (DCSs)
B. Event subscriptions
C. Desired Configuration Management in Configuration Manager
D. Audit Collection Services (ACS) in Operations Manager
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/bb381373.aspx
QUESTION 32
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System Center 2012 infrastructure.
All client computers have a custom application named App1 installed.
App1 generates an Event ID 42 every time the application runs out of memory.
Users report that when App1 runs out of memory, their client computer runs slowly until they
manually restart App1.
You need to recommend a solution that automatically restarts App1 when the application runs out
of memory.
What should you include in the recommendation?
A. From Configurations Manager, create a desired configuration management baseline,
B. From Operations Manager, create an alert.
C. From Windows System Resource Manager, create a resource allocation policy.
D. From Event Viewer, attach a task to the event.
Answer: B
Explanation:
http://www.systemcenterinsight.com/creating-alerts-view-in-operations-manager-2012/
QUESTION 33
Your company has a human resources department and a finance department.
You are planning an administrative model for both departments to meet the following
requirements:
- Provide human resources managers with the ability to view the audit
logs for the files of their department.
- Ensure that only domain administrators can view the audit logs for
the files of the finance department.
You need to recommend a solution for the deployment of file servers for both departments.
What should you recommend? More than one answer choice may achieve the goal. Select the
BEST answer.
A. Deploy two file servers. Add the human resources managers to the local Administrators
group on one of the servers.
B. Deploy two file servers. Add the human resources managers to the local Event Log
Readers group on one of the servers.
C. Deploy one file server. Add the human resources managers to the local Administrators
group.
D. Deploy one file server. Add the human resources managers to the local Event Log
Readers group.
Answer: B
QUESTION 34
Your network contains a Microsoft System Center 2012 infrastructure.
You use Virtual Machine Manager (VMM) to manage 20 Hyper-V hosts.
You deploy a Windows Server Update Services (WSUS) server.
You need to automate the remediation of non-compliant Hyper-V hosts.
The solution must minimize the amount of time that virtual machines are unavailable.
What should you do first?
A. Install the WSUS Administration console on the VMM server, and then add the WSUS server
to the fabric.
B. Configure the Hyper-V hosts to download Windows updates from the WSUS server by using
a Group Policy object (GPO).
C. Configure the Hyper-V hosts to download Windows updates from the VMM server by using
a Group Policy object (GPO).
D. Install the Virtual Machine Manager console on the WSUS server, and then add the WSUS
server to the fabric.
Answer: A
Explanation:
http://es.calameo.com/read/00194520942e7d03de414
http://technet.microsoft.com/es-es/library/gg675084.aspx
VMM requires the 64-bit version of Windows Server Update Service (WSUS) 3.0 Service Pack 2
(SP2).
The WSUS server can be installed on the VMM management server or on a remote server.
If you installed the WSUS server on a remote server:
Install a WSUS Administration Console on the VMM management server.
QUESTION 35
Your network contains an internal network and a perimeter network.
The internal network contains an Active Directory domain named contoso.com.
All client computers in the perimeter network are part of a workgroup.
The internal network contains a Microsoft System Center 2012 infrastructure.
You plan to implement an update infrastructure to update the following:
- Windows Server 2012
- System Center 2012
- Windows Server 2003
- Microsoft SQL Server 2012
- Third-party visualization hosts
- Microsoft SharePoint Server 2010
Another administrator recommends implementing a single WSUS server to manage all of the
updates.
You need to identify which updates can be applied by using the recommended deployment of
WSUS.
What should you identify? (Each correct answer presents part of the solution. Choose all that
apply.)
A. Third-party virtualization hosts
B. System Center 2012
C. Windows Server 2012
D. SharePoint Server 2010
E. Windows Server 2003
F. SQL Server 2012
Answer: BCDEF
Explanation:
Windows Sharepoint Services updates are released in the Operating System product category,
so if you are running WSS on Windows Server 2008 R2, and have the OS synchronized, they
should already be synchronized and detected.
Microsoft Office Sharepoint Server updates are released in the Office product category
associated with the release version. (E.g. MOSS 2007 updates will be found in the Office 2007
product category.)
http://social.technet.microsoft.com/Forums/da/winserverwsus/thread/b6d908a9-6fce-43e6-88b2-
d38a5d8e029e
QUESTION 36
Your network contains an Active Directory domain named contoso.com.
You plan to implement Microsoft System Center 2012.
You need to identify which solution automates the membership of security groups for
contoso.com.
The solution must use workflows that provide administrators with the ability to approve the
addition of members to the security groups.
Which System Center 2012 roles should you identify?
A. Service Manager and Virtual Machine Manager (VMM)
B. Configuration Manager and Orchestrator
C. Operations Manager and Orchestrator
D. Orchestrator and Service Manager
Answer: D
Explanation:
recommend an auditing solution to meet
http://www.microsoftvirtualacademy.com/tracks/system-center-2012-orchestrator-servicemanager
QUESTION 37
Your network contains 10 servers that run Windows Server 2012.
The servers have the Hyper-V server role installed.
The servers host a Virtual Desktop Infrastructure (VDI) that contains persistent virtual machines.
Each virtual machine is assigned to a specific user.
Users can install software on their specific virtual machine.
You need to implement a solution to generate monthly reports that contain a list of all the installed
software on the virtual machines.
The solution must NOT require the installation of additional software on the virtual machines.
Which solution should you implement?
A. A Microsoft System Center 2012 Configuration Manager software inventory
B. A Microsoft System Center 2012 Configuration Manager hardware inventory
C. Microsoft Assessment and Planning (MAP) Toolkit scans
D. Microsoft Audit Collection Services (ACS) audit logs
Answer: C
Explanation:
QUESTION 38
Your network contains 20 servers that run Windows Server 2012.
The servers have the Hyper-V server role installed.
You plan to deploy a management solution.
You need to recommend which Microsoft System Center 2012 roles must be deployed to meet
the following requirements:
- An administrator must be notified when an incident occurs, such as a
serious error in the event log, on a Hyper-V host, or on a virtual
machine.
- An administrator must be able to assign an incident to a specific
administrator for resolution.
- An incident that remains unresolved for more than 10 hours must be
escalated automatically to another administrator.
- Administrators must be able to generate reports that contain the
details of incidents and escalations.
Which System Center 2012 roles should you recommend? More than one answer choice may
achieve the goal. Select the BEST answer.
A. Operations Manager and Service Manager
B. Service Manager and Virtual Machine Manager (VMM)
C. Configuration Manager and Service Manager
D. Operations Manager and Orchestrator
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/hh524312.aspx
QUESTION 39
Your network contains the following:
- 20 Hyper-V hosts
- 100 virtual machines
- 2,000 client computers
You need to recommend an update infrastructure design to meet the following requirements:
- Deploy updates to of the all virtual machines and the client
computers from a single console.
- Generate reports that contain a list of the applied updates.
What should you recommend? More than one answer choice may achieve the goal. Select the
BEST answer.
A. One Windows Server update Services (WSUS) server integrated with Microsoft System
Center 2012 Configuration Manager and a second WSUS server that is integrated with
Microsoft System Center 2012 Virtual Machine Manager (VMM)
B. One Windows Server Update Services (WSUS) server integrated with Microsoft System
Center 2012 Configuration Manager and Microsoft System Center 2012 Virtual Machine
Manager (VMM)
C. One Windows Server Update Services (WSUS) server integrated with Microsoft System
Center 2012 Virtual Machine Manager (VMM)
D. One Windows Server Update Services (WSUS) server integrated with Microsoft System
Center 2012 Configuration Manager, a second WSUS server integrated with Microsoft
System Center 2012 Virtual Machine Manager (VMM), and a third standalone WSUS server.
Answer: B
QUESTION 40
Your network contains an Active Directory domain named contoso.com.
The domain contains a Hyper-V host named Server1.
Server1 has an offline virtual machine named VM1 that is stored on a virtual hard disk named
VMl.vhd.
You plan to implement multiple virtual machines that have the same configurations as VM1.
You need to recommend a virtual hard disk solution for the planned implementation.
The solution must meet the following requirements:
- Minimize the amount of time required to create the new virtual
machines.
- Minimize the amount of storage space required on Server1.
What should you include in the recommendation?
A. Differencing VHD disks
B. Dynamically expanding VHD disks
C. Dynamically expanding VHDX disks
D. Differencing VHDX disks
Answer: A
Explanation:
http://lyncdup.com/2012/06/creating-hyper-v-3-differencing-disks-in-server-2012-with-gui-andpowershell/
QUESTION 41
Your company has three main offices named Main1, Main2, and Main3.
The network contains an Active Directory domain named contoso.com.
Each office contains a help desk group.
You plan to deploy Microsoft System Center 2012 Configuration Manager to meet the following
requirements:
- The members of the Domain Admins group must be able to manage all of
the Configuration Manager settings.
- The help desk groups must be able to manage only the client computers
in their respective office by using Configuration Manager.
You need to recommend a Configuration Manager infrastructure to meet the requirements.
Which infrastructure should you recommend? More than one answer choice may achieve the
goal. Select the BEST answer.
A. One site that contains a collection for each office
B. Three sites that each contain one collection
C. Three sites that contain one collection for each office
D. One site that contains one collection
Answer: A
QUESTION 42
You plan to delegate the management of virtual machines to five groups by using Microsoft
System Center 2012 Virtual Machine Manager (VMM).
The network contains 20 Hyper-V hosts in a host group named HostGroup1.
You identify the requirements for each group as shown in the following table.
You need to identify which user role must be assigned to each group.
Which user roles should you identify? To answer, drag the appropriate user role to the correct
group in the answer area. Each user role may be used once, more than once, or not at all.
Additionally, you may need to drag the split bar between panes or scroll to view content.
Explanation:
http://mountainss.wordpress.com/2011/11/19/user-roles-in-system-center-virtual-machinemanager-
2012/
http://technet.microsoft.com/en-us/library/gg696971.aspx
QUESTION 43
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System Center 2012 infrastructure.
You deploy a service named Service1 by using a service template.
Service1 contains two virtual machines.
The virtual machines are configured as shown in the following table.
You need to recommend a monitoring solution to ensure that an administrator can review the
availability information of Service1.
What should you do?
A. From Configuration Manager, create a Collection and a Desired Configuration Management
baseline.
B. From Virtual Machine Manager (VMM), modify the properties of the service template.
C. From Operations Manager, create a Distributed Application and a Monitor Override.
D. From Operations Manager, create a Distributed Application and a Service Level Tracking
object.
Answer: D
Explanation:
http://www.windowsitpro.com/article/system-center/dashboards-operations-manager-2012-
141491
http://technet.microsoft.com/en-us/library/hh230719.aspx
QUESTION 44
Your network contains a data center named DataCenter1 that contains multiple servers.
The servers are configured as Hyper-V hosts.
Your company deploys a disaster recovery site.
The disaster recovery site has a dedicated connection to DataCenter1.
The network is connected to the disaster recovery site by using a dedicated link.
DataCenter1 contains 10 business critical virtual machines that run a line-of-business application
named Appl.
You need to recommend a business continuity solution to ensure that users can connect to App1
within two hours if DataCenter1 fails.
What should you include in the recommendation? More than one answer choice may achieve the
goal. Select the BEST answer.
A. From Microsoft System Center 2012 Virtual Machine Manager (VMM), implement live
migration on the virtual machines.
B. From Hyper-V Manager, create snapshots of the virtual machines.
C. From Microsoft System Center 2012 Data Protection Manager, implement a protection group.
D. From Hyper-V Manager, implement Hyper-V replicas.
Answer: D
QUESTION 45
You have a failover cluster named Cluster1 that contains four Hyper-V hosts.
Cluster1 hosts 20 virtual machines.
You deploy a new failover cluster named Cluster2.
You plan to replicate the virtual machines from Cluster1 to Cluster2.
You need to recommend which actions must be performed on Cluster2 for the planned
deployment.
Which three actions should you recommend? To answer, move the three appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
Explanation:
- Windows Server 2012 Hyper-V Role introduces a new capability, Hyper-V Replica, as a built-in
replication mechanism at a virtual machine (VM) level. Hyper-V Replica can asynchronously
replicate a selected VM running at a primary site to a designated replica site across LAN/WAN.
Step 1: Prepare to Deploy Hyper-V Replica
1.1. Make basic planning decisions
1.2. Install the Hyper-V server role
1.3. Configure the firewall
1.4. Configure Hyper-V Replica Broker
Step2: Step 2: Enable Replication
2.1 Configure the Replica server
2.2. Configure a Replica server that is part of a failover cluster (optional)
2.3 Enable replication for virtual machines
Each virtual machine that is to be replicated must be enabled for replication.
2.4 Configure primary server to receive replication
QUESTION 46
Your network contains an Active Directory domain named contoso.com.
The domain contains several domain controllers.
The domain controllers run either Windows Server 2012 or Windows Server 2008 R2.
The domain functional level is Windows Server 2008 R2.
The forest functional level is Windows Server 2008.
The corporate compliance policy states that all items deleted from Active Directory must be
recoverable from a Recycle Bin.
You need to recommend changes to the current environment to meet the compliance policy.
Which changes should you recommend? (Each correct answer presents part of the solution.
Choose all that apply.)
A. Raise the forest functional level to Windows Server 2008 R2.
B. Run the Enable-ADOptionalFeature cmdlet.
C. Run the New-ADObject cmdlet.
D. Run the Set-Server cmdlet
E. Raise the domain functional level to Windows Server 2012.
Answer: AB
Explanation:
You can enable Active Directory Recycle Bin only if the forest functional level of your environment
is set to Windows Server 2008 R2.
B: Enabling Active Directory Recycle Bin
After the forest functional level of your environment is set to Windows Server 2008 R2, you can
enable Active Directory Recycle Bin by using the following methods:
- Enable-ADOptionalFeature Active Directory module cmdlet (This is the recommended method.)
- Ldp.exe
Note: By default, Active Directory Recycle Bin in Windows Server 2008 R2 is disabled.
Reference: Enable Active Directory Recycle Bin
QUESTION 47
Your company has a main office and a branch office.
You plan to implement a failover cluster named Cluster1 to host an application named Appl.
The data of App1 will replicate to all of the nodes in Cluster1.
Cluster1 will contain two servers.
The servers will be configured as shown in the following table.
The cluster nodes will not use shared storage.
The branch office contains two file servers named Server3 and Server4.
You need to ensure that App1 fails over automatically to another server if a single node in
Cluster1 fails.
What should you do? More than one answer choice may achieve the goal. Select the BEST
answer.
A. Add Server1, Server2, and Server3 to a Network Load Balancing (NLB) cluster.
B. Add Server3 as a file share witness for Cluster1.
C. Add Server3 and Server4 to a new failover cluster named Cluster2. Install App1 on Cluster2.
D. Add Server3 as a node in Cluster1.
Answer: B
QUESTION 48
Your network contains two servers named Server1 and Server2 that run Windows Server 2012.
Server1 has the iSCSI Target Server role service installed and is configured to have five iSCSI
virtual disks.
You install the Multipath I/O (MPIO) feature on Server2.
From the MPIO snap-in, you add support for iSCSI devices.
You need to ensure that Server2 can connect to the five iSCSI disks.
The solution must ensure that Server2 uses MPIO to access the disks.
Which three actions should you perform? To answer, move the three appropriate actions from the
list of actions to the answer area and arrange them in the correct order.
Explanation:
- (Step 1): On the Specify Access Servers page, click Add to specify the iSCSI initiator that will
access your iSCSI virtual disk. Doing this opens the Add Initiator ID dialog box
- (Step 2): CONFIGURE ISCSI INITIATOR ON CLUSTER-NODES Start the iScsi Initiator control
panel by running iscsicpl on the command line. You will see a warning about the iScsi Initiator
Service. Click Yes to start the service. The properties screen will appear. Type the Target Server
(in this scenario the DC) IP address in the Target box and click Quick Connect.
The two targets are shown in the dialog box. Click Done. In the iScsi Initiator Properties screen
you see the two targets with status Inactive. Highlight the first one and click the Properties button.
In the Properties screen click the Add Session button. In the Connect to Target popup window
you will get select Enable multi-path and click Advanced.
- (Step 3): Reference: Creating a Windows Server 2012 Multipath I/O iScsi Fail-over Cluster
Case Study 1: Contoso Ltd Case A (QUESTION 49 - QUESTION 60)
Overview
Contoso, Ltd. is a recruiting and staffing company that has offices throughout North America.
The company has a main office and six branch offices. The main office is located in Miami.
The branch offices are located in New York, Seattle, Los Angeles, Montreal, Toronto, and
Vancouver.
Existing Environment
Network Infrastructure
The network contains one Active Directory domain named contoso.com.
The main office has the following servers:
- One file server that maintains multiples shares
- Two domain controllers configured as DNS servers
- One Windows Server Update Services (WSUS) server
- Two DHCP servers that each have a scope for all of the subnets
- Two servers that have Failover Clustering configured and are used as
virtualization hosts
- One server that has Microsoft SQL Server 2012 installed and maintains
a customer relationship
management (CRM) database
Each branch office has the following servers:
- One domain controller configured as a DNS server
- One DHCP server that has a single scope for its respective office
Each office has a single subnet.
The network speed of the local area network (LAN) is 1 gigabit per second.
All of the offices have a high-speed connection to the Internet.
The offices connect to each other by using VPN appliances.
Current Issues
Users report that it can take a long time to download files from network shares in the main office.
A root cause analysis identifies that network traffic peaks when the users experience this issue.
Requirements
Planned Changes
The company plans to implement the following changes:
- Replace all of the domain controllers with new servers that run
Windows Server 2012.
- Upgrade the CRM application to use a web-based application that
connects to the current CRM
database. The web application will store session data in the memory of
each web server.
- Initially, deploy two front-end web servers to two virtual machines.
Additional virtual web servers will be deployed in the future.
- Monitor the availability of the CRM application and create alerts
when the overall availability is less than 99 percent.
- Implement Microsoft System Center 2012 to manage the new environment.
Business Requirements
The company identifies the following business requirements:
- Minimize hardware costs and software costs whenever possible.
- Minimize the amount of network traffic over the VPN whenever
possible.
- Ensure that the users in the branch offices can access files
currently on the main office file server if a Internet link fails.
Technical Requirements
The company identifies the following technical requirements:
- Provide a highly available DHCP solution.
- Maintain a central database that contains the security events from
all of the servers.The database must be encrypted.
- Ensure that an administrator in the main office can manage the
approval of Windows updates and updates to third-party applications for
all of the users.
- Ensure that all of the domain controllers have the ReliableTimeSource
registry value in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Param
eters set to 1, even if an administrator changes that value manually.
Virtualization Requirements
The company identifies the following virtualization requirements:
- Minimize the number of permissions and privileges assigned to users.
- Ensure that the members of a group named Group2 can add a WSUS server
to the fabric.
- Ensure that a diagram view of the virtualization environment can be
generated dynamically.
- Minimize the amount of administrative effort required to manage the
virtualization environment.
- Prevent the failure of a front-end web server from affecting the
availability of the CRM application.
- Ensure that the members of a group named Group1 can create new
virtual machines in the Los Angeles office only.
- Only create virtual machine templates by using objects that already
exist in the System Center 2012 Virtual Machine Manager (VMM) library.
- On the failover cluster in the main office, apply limited
distribution release (LDR) updates to the
virtualization hosts without disrupting the virtual machines hosted on
the virtualization hosts.
QUESTION 49
You are planning the delegation for the virtualization environment.
The delegation must meet the virtualization requirements.
Which user role profile should you select for Group2?
A. Delegated Administrator
B. Read-Only Administrator
C. Administrators
D. Self-Service User
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/gg696971.aspx
QUESTION 50
You need to create a virtual machine template for the web servers used by the CRM application.
The solution must meet the virtualization requirements.
What should you use?
A. An .iso image
B. A virtual machine
C. A Windows PowerShell script
D. A virtual hard disk (VHD)
Answer: D
Explanation:
QUESTION 50
You need to create a virtual machine template for the web servers used by the CRM application.
The solution must meet the virtualization requirements.
What should you use?
A. An .iso image
B. A virtual machine
C. A Windows PowerShell script
D. A virtual hard disk (VHD)
Answer: D
Explanation:
QUESTION 51
You are planning the deployment of System Center 2012 Virtual Machine Manager (VMM).
You need to identify which additional System Center 2012 product is required to meet the
visualization requirements.
What should you include in the recommendation?
A. Service Manager
B. Operations Manager
C. Configuration Manager
D. App Controller
Answer: B
Explanation:
QUESTION 52
You need to recommend a solution that resolves the current file server issue.
The solution must meet the business requirements.
What should you include in the recommendation?
A. Distributed File System (DFS)
B. BranchCache in distributed cache mode
C. BranchCache in hosted cache mode
D. A storage pool
Answer: A
Explanation:
Scenarios for Using DFS
By using from DFS-N and DFS Replication, your organization can benefit from several
implementation scenarios including:
- Sharing files across branch offices
- Data collection
- Data distribution
- Sharing Files Across Branch Offices
Organizations with multiple physical offices tend to share files or collaborate between offices.
You can use DFS Replication to replicate files between these offices, or from branch offices to a
hub site.
This form of replication helps reduce wide area network (WAN) traffic, and provides high
availability should a WAN link or a server fail. DFS Replication ensures that when changes are
made to a file, the changes are replicated to all other sites by using delta replication.
QUESTION 53
You need to recommend a solution for updating the virtualization hosts.
The solution must meet the visualization requirements.
What should you include in the recommendation?
A. Cluster-Aware Updating
B. WSUS
C. System Center Updates Publisher 2011
D. System Center 2012 Configuration Manager
Answer: A
Explanation:
QUESTION 54
You need to ensure that Group1 can perform the required tasks.
The solution must meet the visualization requirements.
What should you create?
A. A collection
B. A host group
C. An organizational unit (OU)
D. A site
Answer: B
Explanation:
QUESTION 55
You need to recommend a solution for managing updates.
The solution must meet the technical requirements.
What should you include in the recommendation?
A. A System Center 2012 Configuration Manager management point in the main office and a
System Center 2012 Configuration Manager distribution point in each office.
B. A System Center 2012 Configuration Manager management point in the main office and a
WSUS downstream server in each office.
C. A System Center 2012 Configuration Manager software update point in the main office and
a System Center 2012 Configuration Manager distribution point in each office.
D. A WSUS upstream server in and a WSUS downstream server in each office.
Answer: C
Explanation:
QUESTION 56
You need to recommend an automated remediation solution for the ReliableTimeSource registry
value.
The solution must meet the technical requirements.
What should you include in the recommendation?
A. A System Center 2102 Configuration Manager configuration baseline.
B. A System Center 2012 Operations Manager performance counter rule.
C. A System Center 2012 Configuration Manager maintenance task.
D. A System Center 2012 Operations Manager event rule.
Answer: A
Explanation:
QUESTION 57
You need to create a service template for the web servers used by the CRM application.
What should you include in the service template?
A. A VIP template
B. A host profile
C. Guest OS profile
D. A capability profile
Answer: A
Explanation:
QUESTION 58
You need to recommend a solution that meets the technical requirements for DHCP.
What should you include in the recommendation for each office?
A. Network Load Balancing (NLB)
B. DHCP failover
C. DHCP server policies
D. IP Address Management (IPAM)
Answer: B
Explanation:
QUESTION 59
You need to recommend a solution for deploying the web servers for the CRM application.
The solution must meet the visualization requirements.
What should you include in the recommendation?
A. Network Load Balancing (NLB) without affinity
B. Failover Clustering with one active node
C. Failover Clustering with two active nodes
D. Network Load Balancing (NLB) with client affinity
Answer: D
Explanation:
QUESTION 60
You need to recommend a solution that manages the security events.
The solution must meet the technical requirements.
Which configuration should you include in the recommendation?
A. Object access auditing by using a Group Policy object (GPO)
B. Event rules by using System Center 2012 Operations Manager
C. Event forwarding by using Event Viewer
D. Audit Collection Services (ACS) by using System Center 2012
Answer: D
QUESTION 61
Your network contains the following roles and applications:
- Microsoft SQL Server 2012
- Distributed File System (DFS) Replication
- Active Directory Domain Services (AD DS)
- Active Directory Rights Management Services (AD RMS)
- Active Directory Lightweight Directory Services (AD LDS)
You plan to deploy Active Directory Federation Services (AD FS).
You need to identify which deployed services or applications can be used as attribute stores for
the planned AD FS deployment.
What should you identify? (Each correct answer presents a complete solution. Choose all that
apply.)
A. DFS
B. AD RMS
C. Microsoft SQL Server 2012
D. AD LDS
E. AD DS
Answer: CDE
Explanation:
QUESTION 62
Your network contains an Active Directory domain named contoso.com.
The network contains 15,000 client computers.
You plan to deploy an Active Directory Certificate Services (AD CS) infrastructure and issue
certificates to all of the network devices.
You need to recommend a solution to minimize the amount of network utilization caused by
certificate revocation list (CRL) checking.
What should you include in the recommendation? More than one answer choice may achieve the
goal. Select the BEST answer.
A. The Network Device Enrollment Service role service
B. An increase of the CRL validity period
C. A reduction of the CRL validity period
D. The Online Responder role service
Answer: D
Explanation:
QUESTION 63
Your network contains an Active Directory domain named contoso.com.
You deploy Active Directory Certificate Services (AD CS).
You plan to deploy 100 external Web servers that will be publicly accessible and will require
Secure Sockets Layer (SSL) certificates.
You also plan to deploy 50,000 certificates for secure email exchanges with Internet-based
recipients.
You need to recommend a certificate services solution for the planned deployment.
What should you recommend? More than one answer choice may achieve the goal. Select the
BEST answer.
A. Deploy a certification authority (CA) that is subordinate to an external root CA.
B. Purchase 50,100 certificates from a trusted third-party root certification authority (CA).
C. Distribute a copy of the root certification authority (CA) certificate to external relying parties.
D. Instruct each user to request a Secure Email certificate from a trusted third-party root CA,
and then purchase 100 Web server certificates.
Answer: A
Explanation:
QUESTION 64
Your company, which is named Contoso, Ltd., has offices only in North America.
The company has 2,000 users.
The network contains an Active Directory domain named contoso.com.
You plan to deploy an Active Directory Certificate Services (AD CS) infrastructure and assign
certificates to all client computers.
You need to recommend a PKI solution to protect the private key of the root certification authority
(CA) from being accessed by external users.
What should you recommend? More than one answer choice may achieve the goal. Select the
BEST answer.
A. An offline standalone root CA and an online enterprise issuing CA
B. An online enterprise root CA and an online enterprise issuing CA
C. An offline standalone root CA and an offline enterprise issuing CA
D. An online enterprise root CA, an online enterprise policy CA, and an online enterprise issuing
CA
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc737481(v=ws.10).aspx
QUESTION 65
Your network contains an Active Directory domain named contoso.com.
The network has an Active Directory Certificate Services (AD CS) infrastructure.
You need to issue a certificate to users to meet the following requirements:
- Ensure that the users can encrypt files by using Encrypting File
System (EFS).
- Ensure that all of the users reenroll for their certificate every six
months.
What should you do first?
A. From the properties of the User certificate template, assign the Allow-Enroll permission to
the Authenticated Users group.
B. From the properties of the Basic EFS template, assign the Allow-Enroll permission to the
Authenticated Users group.
C. Create a copy of the User certificate template, and then modify the extensions of the copy.
D. Create a copy of the Basic EFS certificate template, and then modify the validity period of
the copy.
Answer: D
Explanation:
QUESTION 66
Your network contains an Active Directory domain named contoso.com.
The network has an Active Directory Certificate Services (AD CS) infrastructure.
You deploy Active Directory Rights Management Services (AD RMS) on the network.
You provide several users on the network with the ability to protect content by using AD RMS.
You need to recommend a solution to provide the members of a group named Audit with the
ability to read and modify all of the AD RMS-protected content.
What should you recommend?
A. Issue a CEP Encryption certificate to the members of the Audit group.
B. Issue a key recovery agent certificate to the members of the Audit group.
C. Add the Audit group as a member of the super users group.
D. Add the Audit group as a member of the Domain Admins group.
Answer: C
Explanation:
QUESTION 67
Your network contains an Active Directory domain named contoso.com.
The network contains a perimeter network.
The perimeter network and the internal network are separated by a firewall.
On the perimeter network, you deploy a server named Server1 that runs Windows Server 2012.
You deploy Active Directory Certificate Services (AD CS).
Each user is issued a smart card. Users report that when they work remotely, they are unable to
renew their smart card certificate.
You need to recommend a solution to ensure that the users can renew their smart card certificate
from the Internet.
What should you recommend implementing on Server1? More than one answer choice may
achieve the goal. Select the BEST answer.
A. The Certification Authority Web Enrollment role service and the Online Responder role
service
B. The Active Directory Federation Services server role
C. The Certificate Enrollment Policy Web Service role service and the Certificate Enrollment
Web Service role service
D. An additional certification authority (CA) and the Online Responder role service
Answer: C
Explanation:
QUESTION 68
Your network contains an Active Directory domain named contoso.com.
The network has an Active Directory Certificate Services (AD CS) infrastructure.
You publish the certificate revocation list (CRL) to a farm of Web servers.
You are creating a disaster recovery plan for the AD CS infrastructure.
You need to recommend which actions must be performed to restore certificate revocation
checking if a certification authority (CA) is offline for an extended period of time.
Which three actions should you recommend? To answer, move the three appropri
Explanation:
QUESTION 69
Your network contains an Active Directory domain named contoso.com.
The domain contains four servers named Server1, Server2, Server3, and Server4 that run
Windows Server 2012. Server1 and 5erver2 are configured as file servers and are part of a
failover cluster named Cluster1.
Server3 and Server4 have Microsoft SQL Server 2012 installed and are part of a failover cluster
named Cluster2.
You add a disk named Disk1 to the nodes in Cluster1.
Disk1 will be used to store the data files and log files used by SQL Server 2012.
You need to configure the environment so that access to Disk1 remains available when a node
on Cluster1 fails over or fails back.
Which three actions should you perform? To answer, move the three appropriate actions from the
list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
http://blogs.technet.com/b/josebda/archive/2012/08/23/windows-server-2012-scale-out-fileserver-
for-sqlserver-2012-step-by-step-installation.aspx
QUESTION 70
Your network contains an Active Directory domain.
The domain contains a site named Site1.
All of the client computers in Site1 use static IPv4 addresses on a single subnet.
Site1 contains a Storage Area Network (SAN) device and two servers named Server1 and
Server2 that run Windows Server 2012.
You plan to implement a DHCP infrastructure that will contain Server1 and Server2.
The infrastructure will contain several IP address reservations.
You need to recommend a solution for the DHCP infrastructure to ensure that clients can receive
IP addresses from a DHCP server if either Server1 or Server2 fails.
What should you recommend? (Each correct answer is a complete solution. Choose all that
apply.)
A. Configure all of the client computers to use IPv6 addresses, and then configure Server1
and Server2 to run DHCP in stateless mode.
B. Configure Server1 and Server2 as members of a failover cluster, and then configure DHCP
as a clustered resource.
C. Configure a DHCP failover relationship that contains Server1 and Server2.
D. Create a scope for each server, and then configure each scope to contain half of the IP
addresses.
Answer: BCD
Explanation:
QUESTION 71
Your network contains two servers named Server1 and Server2 that run Windows Server 2012.
Server1 and Server2 are connected to a Fibre Channel Storage Area Network (SAN).
Server1 and Server2 are members of a failover cluster named Cluster1.
You plan to host the clustered File Server role on the nodes in Cluster1.
Cluster1 will store application databases in shared folders.
You need to implement a storage solution for Cluster1.
The solution must minimize the amount of time the shared folders are unavailable during a
failover.
What should you implement? More than one answer choice may achieve the goal. Select the
BEST answer.
A. An iSCSI Target Server cluster role in Cluster1
B. The Multi Path I/O (MPIO) feature on Server1 and Server2
C. A Virtual Fibre Channel SAN on Server1 and Server2
D. A Cluster Shared Volume (CSV) in Cluster1
Answer: D
Explanation:
Case Study 2: A. Datum (QUESTION 72 - QUESTION 84)
Overview
A.Datum Corporation is an accounting company.
The company has a main office and two branch offices.
The main office is located in Miami.
The branch offices are located in New York and Seattle.
Existing Environment
Network Infrastructure
The network contains an Active Directory domain named adatum.com.
All servers run Windows Server 2008 R2.
The main office has the following servers and client computers:
- Two domain controllers configured as DNS servers and DHCP servers
- One file server that has multiples shares
- One thousand client computers that run Windows 7
- Each branch office has the following servers and client computers:
- One domain controller configured as a DNS server and a DHCP server
- Five hundred to 800 client computers that run Windows XP Each office
has multiple subnets.
The network speed of the local area network (LAN) is 1 gigabit per second.
The offices connect to each other by using a WAN link.
The main office is connected to the Internet.
Current Issues
The WAN link between the Miami office and the Seattle office is a low bandwidth link with high
latency. The link will not be replaced for another year.
Requirements
Application Requirements
The company is developing an application named Appl.
App1 is a multi-tier application that will be sold as a service to customers.
Each instance of App1 is comprised of the following three tiers:
- A web front end
- A middle tier that uses Windows Communication Foundation (WCF)
- A Microsoft SQL Server 2008 R2 database on the back end
Each tier will be hosted on one or more virtual machines.
Multiple-tiers cannot coexist on the same virtual machine.
When customers purchase App1, they can select from one of the following service levels:
- Standard: Uses a single instance of each virtual machine required by
Appl. If a virtual machine become unresponsive, the virtual machine
must be restarted.
- Enterprise: Uses multiple instances of each virtual machine required
by App1 to provide high-availability and fault tolerance.
All virtual hard disk (VHD) files for App1 will be stored in a file share.
The VHDs must be available if a server fails.
You plan to deploy an application named App2.
App2 is comprised of the following two tiers:
- A web front end
- A dedicated SQL Server 2008 R2 database on the back end
App2 will be hosted on a set of virtual machines in a Hyper-V cluster in the Miami office.
The virtual machines will use dynamic IP addresses.
A copy of the App2 virtual machines will be maintained in the Seattle office.
App2 will be used by users from a partner company named Trey Research.
Trey Research has a single Active Directory domain named treyresearch.com.
Treyresearch.com contains a server that has the Active Directory Federation Services server role
and all of the Active Directory Federation Services (AD F5} role services installed.
Planned Changes
Datum plans to implement the following changes:
- Replace all of the servers with new servers that run Windows Server
2012.
- Implement a private cloud by using Microsoft System Center 2012 to
host instances of Appl.
- In the Miami office, deploy four new Hyper-V hosts to the perimeter
network.
- In the Miami office, deploy two new Hyper-V hosts to the local
network.
- In the Seattle office, deploy two new Hyper-V hosts.
- In the Miami office, implement a System Center 2012 Configuration
Manager primary site that has all of the system roles installed.
- Implement a public key infrastructure (PKI).
- Implement AD FS.
Notification Requirements
Datum identifies the following notification requirements:
- Help desk tickets must be created and assigned automatically when an
instance of App1 becomes unresponsive.
- Customers who select the Enterprise service level must receive an
email notification each time a help desk ticket for their instance of
App1 is opened or closed.
Technical Requirements
Datum identifies the following technical requirements:
- Minimize costs whenever possible.
- Minimize the amount of WAN traffic.
- Minimize the amount of administrative effort whenever possible.
- Provide the fastest possible failover for the virtual machines
hosting App2.
- Ensure that administrators can view a consolidated report about the
software updates in all of the offices.
- Ensure that administrators in the Miami office can approve updates
for the client computers in all of the offices.
Security Requirements
Datum identifies the following security requirements:
- An offline root certification authority (CA) must be configured.
- Client computers must be issued certificates by a server in their
local office.
- Changes to the CA configuration settings and the CA security settings
must be logged.
- Client computers must be able to renew certificates automatically
over the Internet.
- The number of permissions and privileges assigned to users must be
minimized whenever possible.
- Users from a group named Group1 must be able to create new instances
of App1 in the private cloud.
- Cent computers must be issued new certificates when the computers are
connected to the local network only.
- The virtual machines used to host App2 must use BitLocker Drive
Encryption (BitLocker).
- Users from Trey Research must be able to access App2 by using their
credentials from treyresearch.com.
QUESTION 72
In adatum.com, you install and configure a server that has the Active Directory Federation
Services server role and all of the AD FS role services installed.
You need to recommend which AD FS configurations must be performed m adatum.com to meet
the security requirements.
Which configurations should you recommend before creating a trust policy?
A. Export the server authentication certificate and provide the certificate to Trey Research.
Import the token-signing certificate from Trey Research.
B. Export the server authentication certificate and provide the certificate to Trey Research.
Import the server authentication certificate from Trey Research.
C. Export the token-signing certificate and provide the certificate to Trey Research.
Import the server authentication certificate from Trey Research.
D. Export the token-signing certificate and provide the certificate to Trey Research.
Import the token-signing certificate from Trey Research.
Answer: B
Explanation:
 |
 |
 |
 |
 | |
|---|---|---|---|---|---|
|
Test
King
|
Pass4sure
|
Actual
Tests
|
Other
Brands
| ||
| Customer Reviews |  |
 |
 |
 |
 |
|
$89.99
|
$124.99
|
$125.99
|
$189.00
|
$29.99~$49.99
| |
| Up-To-Dated |  |
 |
 |
 |
 |
| Real Questions & Answers |  |
 |
 |
 |
 |
| Correct All Error |  |
 |
 |
 |
 |
| Premium VCE Dumps |  |
 |
 |
 |
 |
| Free VCE Simulator |  |
 |
 |
 |
 |
| Unlimited After One Time Purchasing |  |
 |
 |
 |
 |
| Instant Download |  |
 |
 |
 |
 |
| Printable PDF Dumps |  |
 |
 |
 |
 |
| 100% Pass Guarantee |  |
 |
 |
 |
 |
| 100% Money Back |  |
 |
 |
 |
 |
100% Pass:http://examsavior.com/
No comments:
Post a Comment