What is the minimum number of certificate servers you need to deploy?
A. 2
B. 3
C. 4
D. 5
Answer: C
Explanation:
QUESTION 148
Your network contains two servers named Server1 and Server2 that run Windows Server 2012.
Server1 and Server2 are members of a failover cluster named Cluster1 and are connected to an
iSCSI Storage Area Network (SAN).
You need to ensure that you can implement the clustered File Server role of the File Server for
scale-out application data type for Cluster1.
What should you install?
A. The iSCSI Target Server cluster role
B. The Distributed Transaction Coordinator (DTC) cluster role
C. The DFS Namespace Server cluster role
D. A Cluster Shared Volume (CSV)
Answer: D
Explanation:
QUESTION 149
Your network contains an Active Directory domain named contoso.com.
The domain contains Server 2012 R2 and has the Hyper-V server role installed.
You need to log the amount of system resources used by each virtual machine.
What should you do?
A. From Windows PowerShell, run the Enable-VMResourceMeteringcmdlet.
B. From Windows System Resource Manager, enable Accounting.
C. From Windows System Resource Manager, add a resource allocation policy.
D. From Windows PowerShell, run the Measure-VM cmdlet.
Answer: A
Explanation:
The Enable-VMResourceMeteringcmdlet collects resource utilization data for a virtual machine or
resource pool.
QUESTION 150
Your network contains an Active Directory domain named contoso.com.
The domain contains a member server named HVServer1.
HVServer1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
HVServer1 hosts 10 generation 1 virtual machines.
All of the virtual machines connect to a virtual switch named Switch1.
Switch1 is configured as a private network.
All of the virtual machines have the DHCP guard and the router guard settings enabled.
You install the DHCP server role on a virtual machine named Server1.
You authorize Server1 as a DHCP server in contoso.com.
You create an IP scope.
You discover that the virtual machines connected to Switch1 do not receive IP settings from
Server1.
You need to ensure that the virtual machines can use Server1 as a DHCP server.
What should you do?
A. Enable MAC address spoofing on Server1.
B. Enable single-root I/O visualization (SR-IOV) on Server1.
C. Disable the DHCP guard on Server1.
D. Disable the DHCP guard on all of the virtual machines that are DHCP clients.
Answer: C
Explanation:
DHCP guard setting
This setting stops the virtual machine from making DHCP offers over this network interface.
To be clear this does not affect the ability to receive a DHCP offer (i.e. if you need to use DHCP
to acquire an IP address that will work) it only blocks the ability for the virtual machine to act as a
DHCP server.
QUESTION 151
You have a server named Server1 that runs Windows Server 2012 R2.
You plan to enable Hyper-V Network Virtualization on Server1.
You need to install the Windows Network Virtualization Filter Driver on Server1.
Which Windows PowerShell cmdlet should you run?
A. Set-NetVirtualizationGlobal
B. Enable-NetAdapterBinding
C. Add - WindowsFeature
D. Set-NetAdapterVmq
Answer: B
Explanation:
Hyper-V Network Virtrtualization runs multiple virtual networks on a physical network. And each
virtual network operates as if it is running as a physical network. The The Set-NetAdaptercmdlet
sets the basic properties of a network adapter such as virtual LAN (VLAN) identifier (ID) and MAC
address. Thus if you add the binding parameter to the command then you will be able to install
the Windows Network Virtualization Filter Driver.
Step one: Enable Windows Network Virtualization (WNV). This is a binding that is applied to the
NIC that you External Virtual Switch is bound to. This can be a physical NIC, it can be an LBFO
NIC team. Either way, it is the network adapter that your External Virtual Switch uses to exit the
server. This also means that if you have multiple virtual networks or multiple interfaces that you
can pick and choose and it is not some global setting.If you have one External Virtual Switch this
is fairly easy:
$vSwitch = Get-VMSwitch -SwitchType External# Check if Network Virtualization is bound#
This could be done by checking for the binding and seeing if it is enabledForEach-Object -
InputObject $vSwitch {if ((Get-NetAdapterBinding -ComponentID "ms_netwnv" -
InterfaceDescription $_.NetAdapterInterfaceDescription).Enabled -eq $false){ # Lets enable
itEnable-NetAdapterBinding -InterfaceDescription $_.NetAdapterInterfaceDescription -
ComponentID "ms_netwnv"}}
QUESTION 152
Your network contains an Active Directory domain named contoso.com.
You install Windows Server 2012 R2 on a new server named Server1 and you join Server1 to the
domain.
You need to ensure that you can view processor usage and memory usage information in Server
Manager.
What should you do?
A. From Server Manager, click Configure Performance Alerts.
B. From Performance Monitor, create a Data Collector Set (DCS).
C. From Performance Monitor, start the System Performance Data Collector Set (DCS).
D. From Server Manager, click Start Performance Counters.
Answer: D
Explanation:
You should navigate to the Server Manager snap-in and there click on All Servers, and then
Performance Counters. The Performance Counters, when started can be set to collect and
display data regarding processor usage, memory usage, amongst many other resources like diskrelated
and security related data, that can be monitored.
http://technet.microsoft.com/en-us/library/bb734903.aspx
QUESTION 153
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the Hyper-V server role installed.
The domain contains a virtual machine named VM1.
A developer wants to attach a debugger to VM1.
You need to ensure that the developer can connect to VM1 by using a named pipe.
Which virtual machine setting should you configure?
A. BIOS
B. Network Adapter
C. COM 1
D. Processor
Answer: C
Explanation:
Named pipes can be used to connect to a virtual machine by configuring COM 1.
http://support.microsoft.com/kb/819036
http://support.microsoft.com/kb/141709
QUESTION 154
Your network contains an Active Directory domain named contoso.com.
The domain contains a member server named Server 1.
Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
You create an external virtual switch named Switch1.
Switch1 has the following configurations:
- Connection type: External network
- Single-root I/O virtualization (SR-IOV): Enabled
Ten virtual machines connect to Switch1.
You need to ensure that all of the virtual machines that connect to Switch1 are isolated from the
external network and can connect to each other only.
The solution must minimize network downtime for the virtual machines.
What should you do?
A. Remove Switch1 and recreate Switch1 as an internal network.
B. Change the Connection type of Switch1 to Private network.
C. Change the Connection type of Switch1 to Internal network.
D. Remove Switch1 and recreate Switch1 as a private network.
Answer: B
Explanation:
You can change the connection type of a virtual switch from the virtual switch manager without
having to remove it. A private virtual network is isolated from all external network traffic on the
virtualization server, as well any network traffic between the management operating system and
the external network. This type of network is useful when you need to create an isolated
networking environment, such as an isolated test domain.
http://technet.microsoft.com/en-us/library/cc816585%28v=WS.10%29.aspx
http://blogs.technet.com/b/jhoward/archive/2008/06/17/hyper-v-what-are-the-uses-for-differenttypes-
of-virtual-networks.aspx
QUESTION 155
Your network contains two Hyper-V hosts named Host1 and Host2.
Host1 contains a virtual machine named VM1.
Host2 contains a virtual machine named VM2.
VM1 and VM2 run Windows Server 2012 R2.
You install the Network Load Balancing feature on VM1 and VM2.
You need to ensure that the virtual machines are configured to support Network Load Balancing
(NLB).
Which virtual machine settings should you configure on VM1 and VM2?
A. DHCP guard
B. MAC address
C. Router guard
D. Port mirroring
Answer: B
Explanation:
When MAC addresses are not assigned to virtual machines, it could cause network problems.
http://blogs.msdn.com/b/clustering/archive/2010/07/01/10033544.aspx
QUESTION 156
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1.
Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
On Server1, an administrator creates a virtual machine named VM1.
A user named User1 is the member of the local Administrators group on Server1.
User1 attempts to modify the settings of VM1 as shown in the following exhibit. (Click the Exhibit
button.)
You need to ensure that User1 can modify the settings of VM1 by running the Set-Vmcmdlet.
What should you instruct User1 to do?
A. Run Windows PowerShell with elevated privileges.
B. Install the Integration Services on VM1.
C. Modify the membership of the local Hyper-V Administrators group.
D. Import the Hyper-V module.
Answer: A
Explanation:
You can only use the PowerShell snap-in to modify the VM settings with the vmcmdlets when you
are an Administrator.
Thus best practices dictate that User1 run the Powershell with elevated privileges.
http://technet.microsoft.com/en-us/library/jj713439.aspx
QUESTION 157
Your network contains an Active Directory domain named contoso.com.
The domain contains two member servers named Server1 and Server2.
All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed.
The servers are configured as nodes in a failover cluster named Cluster1.
Cluster1 has access to four physical disks.
The disks are configured as shown in the following table.
You need to ensure that all of the disks can be added to a Cluster Shared Volume (CSV).
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. Enable BitLocker on Disk4.
B. Disable BitLocker on Disk1.
C. Format Disk2 to use NTFS.
D. Format Disk3 to use NTFS.
Answer: CD
Explanation:
cannot use a disk for a CSV that is formatted with FAT, FAT32, or Resilient File System (ReFS).
QUESTION 158
Your network contains three servers named HV1, HV2, and Server1 that run Windows Server
2012 R2. HV1 and HV2 have the Hyper-V server role installed.
Server1 is a file server that contains 3 TB of free disk space.
HV1 hosts a virtual machine named VM1. The virtual machine configuration file for VM1 is stored
in D:\VM and the virtual hard disk file is stored in E:\VHD.
You plan to replace drive E with a larger volume.
You need to ensure that VM1 remains available from HV1 while drive E is being replaced.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Perform a live migration to HV2.
B. Add HV1 and HV2 as nodes in a failover cluster.
Perform a storage migration to HV2.
C. Add HV1 and HV2 as nodes in a failover cluster.
Perform a live migration to HV2.
D. Perform a storage migration to Server1.
Answer: D
QUESTION 159
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
You have a failover cluster named Cluster1 that contains two nodes named Server1 and Server2.
Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed.
You plan to create two virtual machines that will run an application named App1.
App1 will store data on a virtual hard drive named App1data.vhdx.
App1data.vhdx will be shared by both virtual machines.
The network contains the following shared folders:
- An SMB file share named Share1 that is hosted on a Scale-Out File Server.
- An SMB file share named Share2 that is hosted on a standalone file
server.
- An NFS share named Share3 that is hosted on a standalone file server.
You need to ensure that both virtual machines can use App1data.vhdx simultaneously.
What should you do? To answer, select the appropriate configurations in the answer area.
Answer:
QUESTION 160
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2.
Server1 hosts 50 virtual machines that run Windows Server 2012 R2.
Your company uses smart cards for authentication.
You need to ensure that you can use smart card authentication when you connect to the virtual
machine by using Virtual Machine Connection.
What should you configure?
A. The NUMA Spanning settings
B. The RemoteFX settings
C. The Enhanced Session Mode Policy
D. The Integration Services settings
Answer: C
QUESTION 161
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2.
Server1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
VM1 has several snapshots.
You need to modify the snapshot file location of VM1.
What should you do?
A. Delete the existing snapshots, and then modify the settings of VM1.
B. Right-click VM1, and then click Move. ..
C. Right-click VM1, and then click Export...
D. PauseVM1, and then modify the settings of VM1.
Answer: A
Explanation:
You will need to navigate to the Hyper-V Management snap-in
(C:\ProgramData\Microsoft\Windows\Hyper-V) and from there access the Snapshot file Location
tab where you can change the settings for the VM1 snapshot file location. However, since there
are already several snapshots in existence, you will need to delete them first because you will not
be able to change the location of the snapshot file while there is an existing snapshot.
You need to modify the snapshot file location of VM1.
QUESTION 162
Your network contains an Active Directory domain named contoso.com.
The domain contains four servers named Server1, Server2, Server3, and Server4 that run Windows
Server 2012 R2.
All servers have the Hyper-V server role and the Failover Clustering feature installed.
You need to replicate virtual machines from Cluster1 to Cluster2.
Which three actions should you perform? (Each correct answer presents part of the solution.
Choose three.)
A. From Hyper-V Manager on a node in Cluster2, create three virtual machines.
B. From Cluster2, add and configure the Hyper-V Replica Broker role.
C. From Failover Cluster Manager on Cluster1, configure each virtual machine for replication.
D. From Cluster1, add and configure the Hyper-V Replica Broker role.
E. From Hyper-V Manager on a node in Cluster2 modify the Hyper-V settings.
Answer: BCD
Explanation:
These are two clusters, to replicate any VM to a cluster you need to configure the Replica Broker
role on each cluster the last step should be enabling replication on the VMs.
Case Study 5: Contoso Ltd Case B (QUESTION 163 - QUESTION 168)
Background
Overview
Contoso, Ltd., is a software development company. The company has a main office in Seattle
and branch offices that are located in Los Angeles and New Delhi. Contoso's sales staff are all
located in the Los Angeles office. Contoso's software developers are all located in the New Delhi
office.
Current Environment
The network for the Seattle office contains:
- 2 domain controllers with integrated DNS
- 200 Windows workstations
- 14-node Hyper-V cluster
- 1 file server with multiple shares
- 1 Active Directory Rights Management Services (AD RMS) cluster
The network for the Los Angeles office contains:
- 2 domain controllers with integrated DNS
- 100 Windows workstations
- 1 file server with multiple shares
The network for the New Delhi office contains:
- 2 domain controllers with integrated DNS
- 300 Windows workstations
- 10 Hyper-V servers that host 100 development virtual machines (VMs)
- 50 production virtual machines that are hosted in Azure
All the Contoso offices connect to each other by using VPN links, and each office is connected to
the Internet.
Contoso has a single Active Directory Domain Services (AD DS) domain named contoso.com.
Contoso.com has a configured certification authority (CA). Contoso currently leverages System
Center Virtual Machine Manager 2012 R2 to manage its virtual environment servers.
Contoso uses an application named HRApp1 for its human resources (HR) department. HR users
report that the application stops responding and must be restarted before they can continue their
work.
Fabrikam Inc
Contoso has recently acquired Fabrikam. Inc. Fabrikam has a single office that is located in
Seattle.
Fabrikam has a single AD DS domain named fabrikam.com.
The network for Fabrikam contains:
- 2 domain controllers with Active Directory-integrated DNS
- 150 Windows workstations
- 5 Hyper-V servers
- 1 file server with multiple shares
A two-way trust exists between Contoso.com and Fabrikam.com.
Business Requirements
Consolidation
Contoso must complete the consolidation of the Contoso and Fabrikam networks.
The consolidation of the two networks must:
- Minimize all hardware and software costs.
- Minimize WAN traffic.
- Enable the users by providing self-service whenever possible.
Security
Contoso requires that all Windows client devices must be encrypted with BitLocker by using the
Trusted Platform
The CA for the domain contoso.com must be designated as the resource forest. The domain
fabrikam.com must leverage certificates that are issued by the domain contoso.com.
Other Information
HRApp1
Each time HRApp1 stops responding and is restarted, an incident must be created and
associated with the existing problem ticket.
Development environment
You have the following requirements:
- Developers must be able to manage their own VM checkpoints.
- You must implement a disaster recovery strategy for development
virtual machines.
Technical Requirements
Windows System Updates
You have the following system update requirements:
- Consolidate reporting of all software updates in all offices.
- Software updates must be applied to all Windows devices.
- Ensure the ability to report on update compliance.
Monitoring
You have the following monitoring requirements:
- Each time HRApp1 shows performance problems, ensure that a ticket is
created.
- When performance problems are resolved, ensure that the ticket closes
automatically.
Security
You have the following security requirements:
- Ensure that all documents are protected.
- Ensure that contoso.com domain users get use licenses for RMSprotected
documents from the domain contoso.com.
- Ensure that fabrikam.com domain users get use licenses for RMSprotected
documents from the domain contoso.com.
QUESTION 163
Drag and Drop Question
You need to implement the network Unlock feature to meet the BitLocker requirements.
In which order should you perform the actions? To answer, move all actions from the list of
actions to the answer area and arrange them in the correct order.
Answer:
QUESTION 164
You need to ensure that the developers can manage their own virtual machines.
Solution: You perform the following actions:
- In Virtual Machine Manager, you create a new user role named DevUsers
that uses the Application Administrator profile.
- You grant Checkpoint permissions to the DevUsers role.
- You distribute the Self-Service Portal URL to the developers.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 165
This question consists of two statements: One is named Assertion and the other is named
Reason. Both of these statements may be true; both may be false; or one may be true, while the
other may be false.
To answer this question, you must first evaluate whether each statement is true on its own.
If both statements are true, then you must evaluate whether the Reason (the second statement)
correctly explains the Assertion (the first statement). You will then select the answer from the list
of answer choices that matches your evaluation of the two statements.
Assertion:
You must implement a Windows Server Gateway in the Seattle office.
Reason:
A Windows Server Gateway will prevent users from saving documents outside of the Seattle
location.
Evaluate the Assertion and Reason statements and choose the correct answer option.
A. Both the Assertion and Reason are true, and the Reason is the correct explanation for the
Assertion.
B. Both the Assertion and Reason are true, but the Reason is not the correct explanation for the
Assertion.
C. The Assertion is true, but the Reason is false.
D. The Assertion is false, but the Reason is true.
E. Both the Assertion and the Reason are false.
Answer: C
QUESTION 166
You need to ensure that the developers can manage their own virtual machines.
Solution: You perform the following tasks:
- In Virtual Machine Manager, you create a new user role named DevUsers
that uses the Application Administrator profile,
- You add the virtual machines to the DevUsers role.
- You grant Checkpoint permissions to the DevUsers role.
- You install and configure App Controller.
- You distribute the App Controller console URL to the developers.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
Virtual Machine Manager Self-Service Portal The VMM Self-Service Portal is an optional, Webbased
component that a VMM administrator can install and configure to allow users to create and
manage their own virtual machines within a controlled environment on a limited group of virtual
machine hosts. The VMM administrator creates self-service user roles which determine the scope
of the users' actions on their own virtual machines. To create, operate, and manage virtual
machines, self-service users use the Virtual Machine Manager Self-Service Portal. The
administrator determines which host groups self-service users can create virtual machines on.
When a self-service user creates a virtual machine, the virtual machine is automatically placed on
the most suitable host in the host group based on host ratings.
https://technet.microsoft.com/en-us/library/cc764267.aspx
QUESTION 167
You need to design a solution that meets all of the software update requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Implement System Center Service Manager.
B. Deploy a configuration baseline to all devices.
C. Implement System Center Operations Manager.
D. Implement System Center Configuration Manager.
Answer: BC
QUESTION 168
This question consists of two statements: One is named Assertion and the other is named
Reason. Both of these statements may be true; both may be false; or one may be true, while the
other may be false.
To answer this question, you must first evaluate whether each statement is true on its own. If both
statements are true, then you must evaluate whether the Reason (the second statement)
correctly explains the Assertion (the first statement). You will then select the answer from the list
of answer choices that matches your evaluation of the two statements.
Assertion:
You must implement Azure site recovery between the New Delhi and Seattle offices to meet the
backup requirements.
Reason:
Azure site recovery allows replication and failover of virtual machines on host servers that are
located in the Virtual Machine Manager cloud.
Evaluate the Assertion and Reason statements and choose the correct answer option.
A. Both the Assertion and Reason are true, and the Reason is the correct explanation for the
Assertion.
B. Both the Assertion and Reason are true, but the Reason is not the correct explanation for the
Assertion.
C. The Assertion is true, but the Reason is false.
D. The Assertion is false, but the Reason is true.
E. Both the Assertion and the Reason are false.
Answer: B
Case Study 6: Contoso Ltd Case C (QUESTION 169 - QUESTION 178)
Background
Overview
Contoso, Ltd., is a manufacturing company. The company has offices in Chicago and Seattle.
Each office contains two data centers. All of the data centers and sites for the company have
network connectivity to each other. The company uses a single Active Directory Domain Services
(AD DS) domain.
Contoso is growing rapidly and needs to expand its computer infrastructure.
Current Environment Chicago Office
The Chicago office contains a primary data center and a backup data center. A Hyper-V cluster
named Clusterl.contoso.com resides in the primary data center. The cluster has a multiple
network path configured. The cluster includes two unused SQL Server virtual machines (VMs)
named SQL-SERVER1 and SQL-SERVER2. The cluster also includes a Hyper-V Host group
named Chi-Primary.
Clusterl.contoso.com contains the following servers:
- CHI1-HVNODE1.contoso.com
- CHI1-HVNODE2.contoso.com
- CHI1-HVNODE3.contoso.com
- CHI1-HVNODE4.contoso.com
The backup data center for the Chicago office is located on a Hyper-V cluster named
Cluster2.contoso.com. The cluster has a single network path configured. The cluster includes a
Hyper-V Host group named Chi-Backup.
Cluster2.contoso.com contains the following servers:
- CHI2-HVNODEl.contoso.com
- CHI2-HVNODE2.contoso.com
- CHI2-HVNODE3.contoso.com
- CHI2-HVNODE4.contoso.com
In addition, the Chicago office contains two standalone Hyper-V servers named CHIHVSERVER1.
contoso.com and CHI-HVSERVER2.contoso.com.
There are also four newly built servers:
- CHI-SERVERl.contoso.com
- CHI-SERVER2.contoso.com
- CHI-SERVER3.contoso.com
- CHI-SERVER4.contoso.com
All the servers in the Chicago office run Windows Server 2012. Any future servers that are
deployed in the Chicago office must also run Windows Server 2012.
All servers in the Chicaoo office use the subnet 10.20.xx.
Current Environment Seattle Office
The Seattle office contains a primary data center and a backup data center. The primary data
center is located on a Hyper-V cluster named Cluster3.contoso.com. The cluster has a multiple
network path configured. The cluster includes two unused SQL Server virtual machines named
SQL-SERVER3 and SQL-SERVERS The cluster includes a Hyper-V Host group named Sea-
Primary.
Cluster3.contoso.com contains the following servers:
- SEA3-HVNODEl.contoso.com
- SEA3-HVNODE2.contoso.com
- SEA3-HVNODE3.contoso.com
- SEA3-HVNODE4.contoso.com
The backup data center for the Seattle office is located on a Hyper-V cluster named
Cluster4.contoso.com. The cluster has a single network path configured.
The cluster includes a Hyper-V Host group named Sea-Backup.
Cluster4.contoso.com contains the following servers:
- SEA4-HVNODEl.contoso.com
- SEA4-HVNODE2.contoso.com
- SEA4-HVNODE3.contoso.com
- SEA4-HVNODE4.contoso.com
In addition, the Seattle office contains two standalone Hyper-V servers named SEAHVSERVERl.
contoso.com and SEA-HVSERVER2.contoso.com.
There are also four newly built servers:
- SEA-SERVERl.contoso.com
- SEA-SERVER2.contoso.com
- SEA-SERVER3.contoso.com
- SEA-SERVER4.contoso.com
All servers in the Seattle office run Windows Server 2012 R2. Any future servers that are
deployed in the Seattle office must also run Windows Server 2012 R2.
All servers in the Seattle office use the subnet 10.10.x.x.
Business Requirements
Apps
Contoso plans to deploy new applications to make its departments more efficient.
App1
Contoso must create a new application named App1 for the human resources (HR) department.
The infrastructure for App1 must reside in a virtual environment and the data files for App1 must
reside on a single shared disk.
In addition, the infrastructure for App1 must meet the following requirements:
- maximize data protection
- withstand the loss of a single guest virtual machine
- withstand the loss of a single physical server
To support App1, Contoso must deploy a new cluster named Applcluster.contoso.com.
The cluster has the following requirements:
- It must span multiple sites.
- It must support dynamic quorums.
- It must prevent failures caused by a 50% split.
App2
Contoso must create a new application named App2. To support App2, Contoso must deploy a
new SQL Server cluster. The cluster must not be part of the domain.
The server deployment team that will install the cluster has limited permissions. The server
deployment team does not have the ability to create objects in Active Directory.
Virtualization and Storage
New VMs
Any new VMs that are deployed to the Hyper-V cluster in Cluster3.contoso.com have the
following requirements:
- New SQL Server VMs must be deployed only to odd-numbered servers in
the cluster.
- All other new VM guests must be deployed to any available server in
the cluster.
New VDE
The company needs a highly available file share cluster for a new Virtual Desktop Environment
(VDE). It has the following requirements:
- The file share cluster must withstand the loss of a single server.
- The file share cluster must withstand the loss of a single network
path.
- The file share cluster must use the least amount of disk space.
New virtualized SQL Server cluster
Contoso must create a new application for manufacturing. The company needs a new virtualized
SQL Server cluster named VM-SQLclusterl.contoso.com.
It has the following requirements:
- The cluster must use a shared virtual hard disk.
- The cluster must have two nodes named VM-SQL-NODE1.contoso.com and
VM-SQL-NODE2.contoso.com.
Highly available storage solution
The company is deploying new hardware that will replace the existing Hyper-V clusters.
The new file share cluster must have a highly available storage solution for a Hyper-V
environment.
It has the following requirements:
- The new file share cluster must support guest VM clusters.
- The storage cannot reside on any of the physical Hyper-V hosts.
QUESTION 169
You need to enable virtual machine network health detection on all supported clusters.
What should you do?
A. On the virtual machine settings page for Cluster4, select the Protect network checkbox for
each virtual machine on the cluster.
B. On the virtual machine settings page for Cluster1, select the Protect network checkbox for
each virtual machine on the cluster.
C. On each guest virtual machine in Cluster4, configure protected access for the network
interface card.
D. On each guest virtual machine in Cluster3, configure protected access for the network
interface card.
E. On the virtual machine settings page for Cluster3, select the Protect network checkbox for
each virtual machine on the cluster.
F. On each guest virtual machine in Cluster1, configure protected access for the network
interface card.
Answer: B
QUESTION 170
Hotspot Question
You plan to configure Windows Network Load Balancing (NLB) for a company.
You display following Network Load Balancing Manager window:
Use the drop-down menus to select the answer choice that answers each question based on the
information presented in the graphic.
Answer:
QUESTION 171
Drag and Drop Question
You need to implement Windows Network Load Balancing (NLB).
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in correct order.
QUESTION 172
Drag and Drop Question
You need to collect the required security logs.
Which three actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
QUESTION 173
Hotspot Question
You need to implement App1.
How should you configure the locations? To answer, select the appropriate option from each list
in the answer area.
QUESTION 174
Drag and Drop Question
You need to configure access to the Certificate Revocation Lists (CRLs).
How should you configure the access? To answer, drag the appropriate protocol or servers to the
correct network type. Each protocol or server may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
Answer:
QUESTION 175
Hotspot Question
You need to deploy the new SQL cluster for App2.
How should you complete the relevant Windows PowerShell command? To answer, select the
appropriate Windows PowerShell segment from each list in the answer area.
Answer:
QUESTION 176
Hotspot Question
You need to implement the file share for the new virtual desktop environment.
How should you configure the implementation? To answer, select the appropriate option from
each list in the answer area.
Answer:
QUESTION 177
Drag and Drop Question
You need to implement VM-SQLclusterl.contoso.com.
Which three actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
QUESTION 178
You need to implement a new highly available storage solution for the Hyper-V environment.
Which servers should you include in the scale-out file cluster?
A. CHI-SERVER1 and CHI-SERVER2
B. SEA3-HVNODE1 and SEA3-HVNODE2
C. SEA-SERVER1 and SEA-SERVER2
D. CHIl-HVNODE1 and CHI1-HVNODE2
Answer: B
QUESTION 179
You plan to allow users to run internal applications from outside the company's network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS)
role installed.
You must secure on-premises resources by using multi-factor authentication (MFA).
You need to design a solution to enforce different access levels for users with personal Windows
8.1 or iOS 8 devices.
Solution: You migrate the AD FS server to Microsoft Azure and connect it to the internal Active
Directory instance on the network.
Then, you use the Workplace Join process to configure access for personal devices to the onpremises
resources.
Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION 180
You plan to allow users to run internal applications from outside the company s network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS)
role installed.
You must secure on-premises resources by using multi-factor authentication (MFA).
You need to design a solution to enforce different access levels for users with personal Windows
8.1 or iOS 8 devices.
Solution: You install a local instance of the MFA Server.
You connect the instance to the Microsoft Azure MFA provider and then you use Microsoft Intune
to manage personal devices.
Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION 181
A company has data centers in Seattle and New York.
A high-speed link connects the data centers.
Each data center runs a virtualization infrastructure that uses Hyper-V Server 2012 and Hyper-V
Server 2012 R2.
Administrative users from the Seattle and New York offices are members of Active Directory
Domain Services groups named SeattleAdmins and NewYorkAdmins, respectively.
You deploy one System Center Virtual Machine Manager (SCVMM) in the Seattle data center.
You create two private clouds named SeattleCloud and NewYorkCloud in the Seattle and New
York data centers, respectively.
You have the following requirements:
- Administrators from each data center must be able to manage the
virtual machines and services from their location by using a web
portal.
- Administrators must not apply new resource quotas or change resource
quotas.
- You must manage public clouds by using the existing SCVMM server.
- You must use the minimum permissions required to perform the
administrative tasks.
You need to configure the environment.
What should you do?
A. For both the Seattle and New York admin groups, create a User Role and assign it to the
Application Administrator profile.
Add the Seattle and New York private clouds to the corresponding User Role.
B. For both the Seattle and New York admin groups, create a User Role and assign it to the
Delegated Administrator profile.
Add the Seattle and New York private clouds to the corresponding User Role.
C. For both the Seattle and New York admin groups, create a User Role and assign it to the
Tennant Administrator profile.
Add the Seattle and New York private clouds to the corresponding User Role.
D. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of each
Hyper-V host in Seattle and New York, respectively.
Answer: B
QUESTION 182
You administer an Active Directory Domain Services forest that includes an Active Directory
Federation Services (AD FS) server and Azure Active Directory.
The fully qualified domain name of the AD FS server is adfs.contoso.com.
Your must implement single sign-on (SSO) for a cloud application that is hosted in Azure.
All domain users must be able to use SSO to access the application.
You need to configure SSO for the application.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Use the Azure Active Directory Synchronization tool to configure user synchronization.
B. Use the AD FS Configuration wizard to specify the domain and administrator for the Azure
Active Directory service.
C. Create a trust between AD FS and Azure Active Directory.
D. In the Azure management portal, activate directory synchronization.
Answer: AB
QUESTION 183
Your network contains an Active Directory domain named contoso.com.
You currently have an intranet web site that is hosted by two Web servers named Web1 and
Web2.
Web1 and Web2 run Windows Server 2012.
Users use the name intranet.contoso.com to request the web site and use DNS round robin.
You plan to implement the Network Load Balancing (NLB) feature on Web1 and Web2.
You need to recommend changes to the DNS records for the planned implementation.
What should you recommend?
A. Create a service locator (SRV) record. Map the SRV record to Intranet.
B. Delete both host (A) records named Intranet.
Create a pointer (PTR) record for each Web server.
C. Remove both host (A) records named Intranet.
Create a new host (A) record named Intranet.
D. Delete both host (A) records named Intranet.
Create two new alias (CNAME) records named Intranet. Map each CNAME record to a Web
server name.
Answer: C
QUESTION 184
You have a small Hyper-V cluster built on two hosts that run Windows Server 2012 R2 Hyper-V.
You manage the virtual infrastructure by using System Center Virtual Machine Manager 2012.
Distributed Key Management is not installed.
You have the following servers in the environment:
You have the following requirements:
- You must back up virtual machines at the host level.
- You must be able to back up virtual machines that are configured for
live migration.
- You must be able to restore the entire VMM infrastructure.
You need to design and implement the backup plan.
What should you do?
A. Run the following Windows PowerShell command:
Checkpoint-VM -Name DPMI -ComputerName SQL1
B. Install the DPM console on VMM1
C. Configure backup for all disk volumes on FILESERVER1.
D. Install the VMM console on DPMI.
Answer: A
QUESTION 185
You are an Active Directory administrator for Contoso, Ltd.
You have a properly configured certification authority (CA) in the contoso.com Active Directory
Domain Services (AD DS) domain.
Contoso employees authenticate to the VPN by using a user certificate issued by the CA.
Contoso acquires a company named Litware, Inc., and establishes a forest trust between
contoso.com and litwareinc.com.
No CA currently exists in the litwareinc.com AD DS domain.
Litware employees do not have user accounts in contoso.com and will continue to use their
litwareinc.com user accounts.
Litware employees must be able to access Contoso's VPN and must authenticate by using a user
certificate that is issued by Contoso's CA.
You need to configure cross-forest certificate enrollment for Litware users.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Grant the litwareinc.com AD DS Domain Computers group permissions to enroll for the VPN
template on the Contoso CA.
B. Copy the VPN certificate template from contoso.com to litwareinc.com.
C. Add Contoso's root CA certificate as a trusted root certificate to the Trusted Root Certification
Authority in litware.com.
D. Configure clients in litwareinc.com to use a Certificate Policy server URI that contains the
location of Contoso's CA.
Answer: AC
QUESTION 186
You manage a Hyper-V 2012 cluster by using System Center Virtual Machine Manager 2012
SP1. You need to ensure high availability for business-critical virtual machines (VMs) that host
business-critical SQL Server databases.
Solution: You set the memory-weight threshold value to High for each business-critical VM, Does
this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 187
You administer a group of servers that run Windows Server 2012 R2.
You must install all updates.
You must report on compliance with the update policy on a monthly basis.
You need to configure updates and compliance reporting for new devices.
What should you do?
A. Deploy the Microsoft Baseline Security Analyzer.
Scan the servers and specify the /apply switch.
B. In Configuration Manager, deploy a new Desired Configuration Management baseline that
includes all required updates.
C. Configure a new group policy to install updates monthly.
Deploy the group policy to all servers.
D. In Operations Manager, create an override that enables the software updates management
pack. Apply the new override to the servers.
Answer: C
QUESTION 188
NOTE: Once you answer this question, you will NOT be able to return to it.
You manage a Hyper-V 2012 cluster by using System Center Virtual Machine Manager 2012
SP1. You need to ensure high availability for business-critical virtual machines (VMs) that host
business-critical SQL Server databases.
Solution: You configure preferred and possible owners for each business-critical VM.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 189
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System Center 2012 infrastructure.
You deploy a service named Service1 by using a service template.
Service1 contains two virtual machines.
The virtual machines are configured as shown in the following table.
You need to recommend a monitoring solution to ensure that an administrator can review the
availability information of Service1.
Solution: From Configuration Manager, you create a Collection and a Desired Configuration
Management baseline.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 190
You have a small Hyper-V cluster built on two hosts that run Windows Server 2012 R2 Hyper-V.
You manage the virtual infrastructure by using System Center Virtual Machine Manager 2012.
Distributed Key Management is not installed.
You have the following servers in the environment:
You have the following requirements:
- You must back up virtual machines at the host level.
- You must be able to back up virtual machines that are configured for
live migration.
- You must be able to restore the entire VMM infrastructure.
You need to design and implement the backup plan.
What should you do?
A. Run the following Windows PowerShell command:
Checkpoint-VM -Name DPMI -ComputerName SQL1
B. Install the DPM console on VMM1
C. Configure backup for all disk volumes on FILESERVER1.
D. Install the VMM console on DPMI.
Answer: A
QUESTION 191
You administer a group of servers that run Windows Server 2012 R2.
You must install all updates.
You must report on compliance with the update policy on a monthly basis.
You need to configure updates and compliance reporting for new devices.
What should you do?
A. Deploy the Microsoft Baseline Security Analyzer.
Scan the servers and specify the /apply switch.
B. In Configuration Manager, deploy a new Desired Configuration Management baseline that
includes
all required updates.
C. Configure a new group policy to install updates monthly.
Deploy the group policy to all servers.
D. In Operations Manager, create an override that enables the software updates management pack.
Apply the new override to the servers.
Answer: C
QUESTION 192
You are an Active Directory administrator for Contoso, Ltd.
You have a properly configured certification authority (CA) in the contoso.com Active Directory
Domain Services (AD DS) domain. Contoso employees authenticate to the VPN by using a user
certificate issued by the CA.
Contoso acquires a company named Litware, Inc., and establishes a forest trust between
contoso.com and litwareinc.com. No CA currently exists in the litwareinc.com AD DS domain.
Litware employees do not have user accounts in contoso.com and will continue to use their
litwareinc.com user accounts.
Litware employees must be able to access Contoso's VPN and must authenticate by using a user
certificate that is issued by Contoso's CA.
You need to configure cross-forest certificate enrollment for Litware users.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Grant the litwareinc.com AD DS Domain Computers group permissions to enroll for the VPN
template on the Contoso CA.
B. Copy the VPN certificate template from contoso.com to litwareinc.com.
C. Add Contoso's root CA certificate as a trusted root certificate to the Trusted Root Certification
Authority in litware.com.
D. Configure clients in litwareinc.com to use a Certificate Policy server URI that contains the location
of Contoso's CA.
Answer: AC
QUESTION 193
A company has data centers in Seattle and New York. A high-speed link connects the data
centers. Each data center runs a virtualization infrastructure that uses Hyper-V Server 2012 and
Hyper-V Server 2012 R2. Administrative users from the Seattle and New York offices are
members of Active Directory Domain Services groups named SeattleAdmins and
NewYorkAdmins, respectively.
You deploy one System Center Virtual Machine Manager (SCVMM) in the Seattle data center.
You create two private clouds named SeattleCloud and NewYorkCloud in the Seattle and New
York data centers, respectively.
You have the following requirements:
- Administrators from each data center must be able to manage the
virtual machines and services
from their location by using a web portal.
- Administrators must not apply new resource quotas or change resource
quotas.
- You must manage public clouds by using the existing SCVMM server.
- You must use the minimum permissions required to perform the
administrative tasks.
You need to configure the environment.
What should you do?
A. For both the Seattle and New York admin groups, create a User Role and assign it to the
Application Administrator profile. Add the Seattle and New York private clouds to the
corresponding User Role.
B. For both the Seattle and New York admin groups, create a User Role and assign it to the
Delegated Administrator profile. Add the Seattle and New York private clouds to the
corresponding User Role.
C. For both the Seattle and New York admin groups, create a User Role and assign it to the Tennant
Administrator profile. Add the Seattle and New York private clouds to the corresponding User
Role.
D. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of each Hyper-V
host in Seattle and New York, respectively.
Answer: B
QUESTION 194
You administer an Active Directory Domain Services forest that includes an Active Directory
Federation Services (AD FS) server and Azure Active Directory.
The fully qualified domain name of the AD FS server is adfs.contoso.com.
Your must implement single sign-on (SSO) for a cloud application that is hosted in Azure.
All domain users must be able to use SSO to access the application.
You need to configure SSO for the application.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Use the Azure Active Directory Synchronization tool to configure user synchronization.
B. Use the AD FS Configuration wizard to specify the domain and administrator for the Azure Active
Directory service.
C. Create a trust between AD FS and Azure Active Directory.
D. In the Azure management portal, activate directory synchronization.
Answer: AB
QUESTION 195
You manage a Hyper-V 2012 cluster by using System Center Virtual Machine Manager 2012
SP1. You need to ensure high availability for business-critical virtual machines (VMs) that host
business-critical SQL Server databases.
Solution: You set the memory-weight threshold value to High for each business-critical VM, Does
this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 196
NOTE: Once you answer this question, you will NOT be able to return to it. You manage a Hyper-
V 2012 cluster by using System Center Virtual Machine Manager 2012 SP1.
You need to ensure high availability for business-critical virtual machines (VMs) that host
business-critical SQL Server databases.
Solution: You configure preferred and possible owners for each business-critical VM.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 197
You plan to allow users to run internal applications from outside the company's network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS)
role installed. You must secure on-premises resources by using multi-factor authentication (MFA).
You need to design a solution to enforce different access levels for users with personal Windows
8.1 or iOS 8 devices.
Solution: You migrate the AD FS server to Microsoft Azure and connect it to the internal Active
Directory instance on the network. Then, you use the Workplace Join process to configure access
for personal devices to the on-premises resources.
Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION 198
You plan to allow users to run internal applications from outside the company s network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS)
role installed. You must secure on-premises resources by using multi-factor authentication (MFA).
You need to design a solution to enforce different access levels for users with personal Windows
8.1 or iOS 8 devices.
Solution: You install a local instance of the MFA Server.
You connect the instance to the Microsoft Azure MFA provider and then you use Microsoft Intune
to manage personal devices.
Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION 199
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System Center 2012 infrastructure.
You deploy a service named Service1 by using a service template. Service1 contains two virtual
machines. The virtual machines are configured as shown in the following table.
You need to recommend a monitoring solution to ensure that an administrator can review the
availability information of Service1.
Solution: From Configuration Manager, you create a Collection and a Desired Configuration
Management baseline.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 200
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System Center 2012 infrastructure.
You deploy a service named Service1 by using a service template. Service1 contains two virtual
machines. The virtual machines are configured as shown in the following table.
You need to recommend a monitoring solution to ensure that an administrator can review the
availability information of Service1.
Solution: From Operations Manager, you create a Distributed Application and a Monitor Override.
Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION 201
An organization uses an Active Directory Rights Management Services (AD RMS) cluster names
RMS1 to protect content for a project.
You uninstall AD RMS when the project is complete.
You need to ensure that the protected content is still available after AD RMS is uninstalled.
Solution: You run the following Windows PowerShell command:
Set-ItemProperty -Path <protected content>:\ -Name IsDecommissioned -
Value $true - EnableDecommission
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 202
An organization uses an Active Directory Rights Management Services (AD RMS) cluster named
RMS1 to protect content for a project. You uninstall AD RMS when the project is complete.
You need to ensure that the protected content is still available after AD RMS is uninstalled.
Solution: You add the backup service account to the SuperUsers group and back up the
protected content. Then, you restore the content to a file server and apply the required NTFS
permissions to the files.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 203
You install the Service Manager Self-Service Portal on a server named CONTOSOSSP1.
Users report that they receive access denied messages when they try to connect to the portal.
You must grant users the minimum required permissions.
You need to ensure that all users in the Contoso domain can access the Service Manager Self-
Service Portal.
What should you do?
A. In Active Directory, create a new group named PortalUsers.
Add the PortalUsers group to the Contoso \Domain Users group, and then add the group to the
local users group on CONTOSOSSP1.
B. Using the account that you used to install the Self-Service portal, grant the Contoso\Domain
Users group Read permissions to the portal.
C. In Service Manager, create a new user role named PortalUsers.
Grant the PortalUsers role rights to all catalog items, and then add the Contoso\Domain Users
Active Directory Domain Services group to the PortalUsers role.
D. Using the account that you used to install the Self-Serviceportal, grant the Contoso\Domain Users
group Contribute permissions to the portal.
Answer: D
QUESTION 204
You need to deploy the virtual network for the development servers.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Associate VLAN ID 40 with the new logical network.
B. On HV-Cluster1, create a new logical network that uses a single connected network.
C. Associate VLAN ID 20 with the new logical network.
D. On HV-Cluster1, create a new logical network that uses private VLAN networks.
E. On HV-Cluster2, create a new logical network that uses a single connected network.
F. On HV-Cluster2, create a new logical network that uses private VLAN networks.
Answer: AB
QUESTION 205
You need to configure migration for HV-CLUSTER1. What should you do?
A. Use live migration between HV-Cluster1 and HV-Cluster3.
B. Configure a Hyper-V replica between HV-Cluster1 and HV-Cluster3.
C. Configure a Hyper-V replica between HV-Cluster1 and HV-Cluster4.
D. Use live migration between HV-Cluster1 and HV-Cluster4.
Answer: C
QUESTION 206
You need to change the HR application server environment. What should you do?
A. Use Microsoft Virtual Machine Converter 3.0 to convert DAL-APPSERVER2.
B. Use Virtual Machine Manager to convert DAL-APPSERVER2.
C. Use Microsoft Virtual Machine Converter 3.0 to convert DAL-APPSERVER1.
D. Use Virtual Machine Manager to convert DAL-APPSERVER1.
Answer: C
QUESTION 207
Drag and Drop Question
You use the entire System Center suite.
You integrate Service Manager with Operations Manager.
Virtual Machine Manager, Orchestrator, and Active Directory.
You perform all remediation by using Orchestrator runbooks.
An application experiences performance problems on a periodic basis.
You have the following requirements:
- A new incident must be opened when System Center Operations Manager
(SCOM) detects a performance problem.
- The incident must be closed when the performance problem is resolved.
- The incident must be associated with the HR performance problem in
Service Manager.
You need to configure the environment.
QUESTION 208
Drag and Drop Question
You are planning to set up a proof-of-concept network virtualization environment.
The environment will contain three servers.
The servers will be configured as shown in the following table.
VMM will be used to manage the virtualization environment. Server2 runs three virtual machines.
All of the virtual machines are configured to use network virtualization.
You need to enable network connectivity between the virtual machines and Server3.
Which four actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
QUESTION 209
Drag and Drop Question
You need to ensure that all new production Hyper-V virtual machines can be deployed correctly.
Which three actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
QUESTION 210
Drag and Drop Question
You need to configure the environment to support App1.
Which four actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
Answer:
QUESTION 211
Hotspot Question
You need to create a script to deploy DFS replication.
Which Windows PowerShell commands should you add to the script? To answer, select the
appropriate Windows PowerShell commands in each list in the answer area.
Answer:
Case Study 6: Contoso Ltd Case D (QUESTION 212 - QUESTION 225)
Overview
Contoso, Ltd., is a manufacturing company that makes several different components that are
used in automobile production. Contoso has a main office in Detroit, a distribution center in
Chicago, and branch offices in Dallas, Atlanta, and San Diego. The contoso.com forest and
domain functional level are Windows Server 2008 R2. All servers run Windows Server 2012 R2,
and all client workstations run Windows 7 or Windows 8. Contoso uses System Center 2012
Operations Manager and Audit Collection Services (ACS) to monitor the environment. There is no
certification authority (CA) in the environment.
Current Environment
The contoso.com domain contains the servers as shown in the following table:
Contoso sales staff travel within the United States and connect to a VPN by using mobile devices
to access the corporate network. Sales users authenticate to the VPN by using their Active
Directory usernames and passwords. The VPN solution also supports certification-based
authentication.
Contoso uses an inventory system that requires manually counting products and entering that
count into a database. Contoso purchases new inventory software that supports wireless
handheld scanners and several wireless handheld scanners. The wireless handheld scanners run
a third party operating system that supports the Network Device Enrollment Service (NDES).
Business Requirements
Security
The wireless handheld scanners must use certification-based authentication to access the
wireless network.
Sales users who use mobile devices must use certification-based authentication to access the
VPN. When sales users leave the company, Contoso administrators must be able to disable their
VPN access by revoking their certificates.
Monitoring
All servers must be monitored by using System Center 2012 Operating Manager. In addition to
monitoring the Windows operating system, you must collect security logs from the CA servers by
using ACS, and monitor the services that run on the CA and Certificate Revocation List (CRL)
servers, such as certification authority and web services.
Technical Requirements
CA Hierarchy
Contoso requires a two-tier CA hierarchy. The CA hierarchy must include a stand-alone offline
root and two Active Directory-integrated issuing CAs: one for issuing certificates to domain-joined
devices, and one for issuing certificates to non-domain-joined devices by using the NDES. CRLs
must be published to two web servers: one in Detroit and one in Chicago.
Contoso has servers that run Windows Server 2012 R2 to use for the CA hierarchy.
The servers are described in the following table:
The IT security department must have the necessary permissions to manage the CA and CRL
servers. A domain group named Corp-IT Security must be used for this purpose. The IT security
department users are not domain admins.
Fault Tolerance
The servers that host the CRL must be part of a Windows Network Load Balancing (NLB) cluster.
The CRL must be available to users in all locations by using the hostname crl.contoso.com, even
if one of the underlying web servers is offline.
QUESTION 212
You need to automatically restart the appropriate web service on DETCRL01 and CHICRL01 if
the web service is stopped.
Solution: You create a recovery task in SCOM and configure it to start the World Wide Web
publishing service.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
Explanation:
The Internet Information Services (IIS) World Wide Web Publishing Service (W3SVC), sometimes
referred to as the WWW Service, manages the HTTP protocol and HTTP performance counters.
The following is a list of the managed entities that are included in this managed entity:
* IIS Web Site
An Internet Information Services (IIS) Web site is a unique collection of Web pages and Web
applications that is hosted on an IIS Web server. Web sites have bindings that consist of a port
number, an IP address, and an optional host name or names.
* Active Server Pages (ASP)
https://technet.microsoft.com/en-us/library/cc734944(v=ws.10).aspx
QUESTION 213
You plan to allow users to run internal applications from outside the company's network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS)
role installed. You must secure on-premises resources by using multi-factor authentication (MFA).
You need to design a solution to enforce different access levels for users with personal Windows
8.1 or iOS 8 devices.
Solution: You install a local instance of MFA Server. You connect the instance to the Microsoft
Azure MFA provider, and then run the following Windows PowerShell cmdlet.
Enable-AdfsDeviceRegistration
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
We must install AD FS Adapter, not register a host for the Device Registration Service.
Note: The Enable-AdfsDeviceRegistration cmdlet configures a server in an Active Directory
Federation Services (AD FS) farm to host the Device Registration Service.
https://msdn.microsoft.com/en-us/library/azure/dn807157.aspx
QUESTION 214
An organization uses an Active Directory Rights Management Services (AD RMS) cluster named
RMS1 to protect content for a project. You uninstall AD RMS when the project is complete.
You need to ensure that the protected content is still available after AD RMS is uninstalled.
Solution: You enable the decommissioning service by using the AD RMS management console.
You grant all users the Read & Execute permission to the decommission pipeline.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
The proper procedure is:
Inform your users that you are decommissioning the AD RMS installation and advise them to
connect to the cluster to save their content without AD RMS protection. Alternatively, you could
delegate a trusted person to decrypt all rights- protected content by temporarily adding that
person to the AD RMS super users group.
After you believe that all of the content is unprotected and saved, you should export the server
licensor certificate, and then uninstall AD RMS from the server.
QUESTION 215
Your network contains an Active Directory domain named contoso.com.
Your company has an enterprise root certification authority (CA) named CA1.
You plan to deploy Active Directory Federation Services (AD FS) to a server named Server1.
The company purchases a Microsoft Office 365 subscription.
You plan to register the company's SMTP domain for Office 365 and to configure single sign-on
for all users.
You need to identify which certificate is required for the planned deployment.
Which certificate should you identify?
A. a server authentication certificate that is issued by a trusted third-party root CA and that contains
the subject name serverl.contoso.com
B. a self-signed server authentication certificate for server1.contoso.com
C. a server authentication certificate that is issued by a trusted third-party root CA and that contains
the subject name Server1
D. a server authentication certificate that is issued by CA1 and that contains the subject name
Server1
Answer: A
Explanation:
Prepare Your Server and Install ADFS You can install ADFS on a domain controller or another
server. You'll first need to configure a few prerequisites.
The following steps assume you're installing to Windows Server 2008 R2.
Using Server Manager, install the IIS role and the Microsoft .NET Framework. Then purchase and
install a server-authentication certificate from a public certificate authority. Make sure you match
the certificate's subject name with the Fully Qualified Domain Name of the server.
Launch IIS Manager and import that certificate to the default Web site.
https://technet.microsoft.com/en-us/magazine/jj631606.aspx
QUESTION 216
You administer an Active Directory Domain Services environment.
There are no certification authorities (CAs) in the environment.
You plan to implement a two-tier CA hierarchy with an offline root CA.
You need to ensure that the issuing CA is not used to create additional subordinate CAs.
What should you do?
A. In the CAPolicy.inf file for the issuing CA, enter the following constraint:
PathLength=1
B. In the CAPolicy.inf file for the root CA, enter the following constraint:
PathLength=1
C. In the CAPolicy.inf file for the root CA, enter the following constraint:
PathLength=2
D. In the CAPolicy.inf file for the issuing CA, enter the following constraint:
PathLength=2
Answer: B
Explanation:
You can use the CAPolicy.inf file to define the PathLength constraint in the Basic Constraints
extension of the root CA certificate. Setting the PathLength basic constraint allows you to limit the
path length of the CA hierarchy by specifying how many tiers of subordinate CAs can exist
beneath the root. A PathLength of 1 means there can be at most one tier of CAs beneath the
root. These subordinate CAs will have a PathLength basic constraint of 0, which means that they
cannot issue any subordinate CA certificates.
http://blogs.technet.com/b/askds/archive/2009/10/15/windows-server-2008-r2-capolicy-infsyntax.
aspx
QUESTION 217
Drag and Drop Question
You need to delegate permissions for DETCA01.
Which three actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
Answer:
QUESTION 218
Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2012 R2.
The network contains a System Center 2012 R2 Data Protection Manager (DPM) deployment.
The domain contains six servers.
The servers are configured as shown in the following table.
You install System Center 2012 R2 Virtual Machine Manager (VMM) on the nodes in Cluster2.
You configure VMM to use a database in Cluster1. Server5 is the first node in the cluster.
You need to back up the VMM encryption key.
What should you back up?
A. a system state backup of Server2
B. a full system backup of Server6
C. a system state backup of Server5
D. a full system backup of Server3
Answer: A
Explanation:
Encryption keys in Active Directory Domain Services: If distributed key management (DKM) is
configured, then you are storing VMM-related encryption keys in Active Directory Domain
Services (AD DS). To back up these keys, back up Active Directory on a regular basis.
https://technet.microsoft.com/en-us/library/dn768227.aspx#BKMK_b_misc
QUESTION 219
Your network contains an Active Directory domain named contoso.com.
You currently have an intranet web site that is hosted by two Web servers named Web1 and
Web2. Web1 and Web2 run Windows Server 2012.
Users use the name intranet.contoso.com to request the web site and use DNS round robin.
You plan to implement the Network Load Balancing (NLB) feature on Web1 and Web2.
You need to recommend changes to the DNS records for the planned implementation.
What should you recommend?
A. Delete one of the host (A) records named Intranet. Modify the remaining host (A) record named
Intranet.
B. Delete both host (A) records named Intranet. Create a pointer (PTR) record for each Web server.
C. Create a new host (A) record named Intranet. Remove both host (A) records for Web1 and Web2.
D. Create a service locator (SRV) record. Map the SRV record to Intranet.
Answer: C
Explanation:
You must manually register the NLB cluster name in DNS by using a host (A) or (AAAA) record
because DNS does not automatically register static IP addresses.
https://technet.microsoft.com/en-us/library/bb633031.aspx
QUESTION 220
Your network contains an Active Directory domain named contoso.com.
The network contains two servers named Server1 and Server2.
You deploy Active Directory Certificate Services (AD CS).
The certification authority (CA) is configured as shown in the exhibit. (Click the Exhibit button).
You need to ensure that you can issue certificates based on certificate templates.
What should you do?
A. Configure Server2 as a standalone subordinate CA.
B. On Server1, install the Network Device Enrollment service role service.
C. Configure Server2 as an enterprise subordinate CA.
D. On Server1, run the Add-CATemplate cmdlet.
Answer: C
Explanation:
The Add-CATemplate cmdlet adds a certificate template to the CA for issuing. Certificate
templates allow for the customization of a certificate that can be issued by the CA.
Example: Adds a CA template with the template display name Basic EFS and the template name
EFS.
Windows PowerShell
C:\PS>Add-CATemplate -Name EFS
QUESTION 221
Your network contains an Active Directory domain named contoso.com.
The domain contains four servers on a test network. The servers are configured as shown in the
following table.
Server1 uses the storage shown in the following table.
You perform the following tasks:
- On Server2, you create an advanced SMB share named Share2A and an
applications SMB share named Share2B.
- On Server3, you create an advanced SMB share named Share3.
- On Server4, you create an applications SMB share named Share4.
You add Server3 and Server4 to a new failover cluster named Clus1.
On Clus1, you configure the File Server for general use role, you create a quick SMB share
named Share5A, and then you create an applications SMB share named Share5B.
You plan to create a failover cluster of two virtual machines hosted on Server1.
The clustered virtual machines will use shared .vhdx files.
You need to recommend a location to store the shared .vhdx files.
Where should you recommend placing the virtual hard disk (VHD)?
A. \\Clus1\Share5A
B. \\Server2\Share2A
C. \\Server4\Share4
D. the D drive on Server1
Answer: A
Explanation:
vhdx files can be housed on a continuously-available SMB share on a Windows Storage Server
2012 R2 failover cluster.
QUESTION 222
This question consists of two statements: One is named Assertion and the other is named
Reason. Both of these statements may be true; both may be false; or one may be true, while the
other may be false.
To answer this question, you must first evaluate whether each statement is true on its own.
If both statements are true, then you must evaluate whether the Reason (the second statement)
correctly explains the Assertion (the first statement). You will then select the answer from the list
of answer choices that matches your evaluation of the two statements.
Assertion:
You can manage VMware ESX hosts and virtual machines by using a System Center Virtual
Machine Manager (SCVMM) server.
Reason:
SCVMM automatically imports ESX hosts and virtual machines when you add the corresponding
VMware vCenter to the SCVMM server.
Evaluate the Assertion and Reason statements and choose the correct answer option.
A. Both the Assertion and Reason are true, and the Reason is the correct explanation for the
Assertion.
B. Both the Assertion and Reason are true, but the Reason is not the correct explanation for the
Assertion.
C. The Assertion is true, but the Reason is false.
D. The Assertion is false, but the Reason is true.
E. Both the Assertion and the Reason are false.
Answer: C
Explanation:
* Assertion: true
Virtual Machine Manager (VMM) enables you to deploy and manage virtual machines and
services across multiple hypervisor platforms, including VMware ESX and ESXi hosts.
* Reason: False
When you add a vCenter Server, VMM no longer imports, merges and synchronizes the VMware
tree structure with VMM. Instead, after you add a vCenter Server, you can add selected ESX
servers and hosts to any VMM host group. Therefore, there are fewer issues with
synchronization.
https://technet.microsoft.com/en-us/library/gg610683.aspx
QUESTION 223
A company has data centers in Seattle and New York. A high-speed link connects the data
centers. Each data center runs a virtualization infrastructure that uses Hyper-V Server 2012 and
Hyper-V Server 2012 R2. Administrative users from the Seattle and New York offices are
members of Active Directory Domain Services groups named SeattleAdmins and
NewYorkAdmins, respectively.
You deploy one System Center Virtual Machine Manager (SCVMM) in the Seattle data center.
You create two private clouds named SeattleCloud and NewYorkCloud in the Seattle and New
York data centers, respectively.
You have the following requirements:
- Administrators from each data center must be able to manage the
virtual machines and services from their location by using a web
portal.
- Administrators must not apply new resource quotas or change resource
quotas.
- You must manage public clouds by using the existing SCVMM server.
- You must use the minimum permissions required to perform the
administrative tasks.
You need to configure the environment.
What should you do?
A. For both the Seattle and New York admin groups, create a User Role and assign it to the
Application Administrator profile. Add the Seattle and New York private clouds to the
corresponding User Role.
B. For both the Seattle and New York admin groups, create a User Role and assign it to the Tennant
Administrator profile. Add the Seattle and New York private clouds to the corresponding User
Role.
C. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of each Hyper-V
host in Seattle and New York, respectively.
D. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of the SCVMM
server.
Answer: A
Explanation:
Members of the Application Administrator (Self-Service User) ole can create, deploy, and manage
their own virtual machines and services by using the VMM console or a Web portal.
QUESTION 224
You need to automatically restart the appropriate web service on DETCRL01 and CHICRL01 if
the web service is stopped.
Solution: You create a diagnostic task in SCOM and configure it to start the Server service.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
It is not the Server service that needs to be restarted. The Internet Information Services (IIS)
World Wide Web Publishing Service (W3SVC), which manages the HTTP protocol and HTTP
performance counters, needs to be restarted.
https://technet.microsoft.com/en-us/library/cc734944(v=ws.10).aspx
QUESTION 225
You have a small Hyper-V cluster built on two hosts that run Windows Server 2012 R2 Hyper-V.
You manage the virtual infrastructure by using System Center Virtual Machine Manager 2012.
Distributed Key Management is not installed. You have the following servers in the environment:
You have the following requirements:
- You must back up virtual machines at the host level.
- You must be able to back up virtual machines that are configured for
live migration.
- You must be able to restore the entire VMM infrastructure.
You need to design and implement the backup plan.
What should you do?
A. Run the following Windows PowerShell command:
Get-VM VMM1 | Checkpoint-VM-SnapshotName "VMM backup"
B. Run the following Windows PowerShell command:
Set-DPMGlobalProperty-DPMServerName DPM1-KnownVMMServers VMM1
C. Configure System State Backup for DCL.
D. Configure backup for all disk volumes on FILESERVER1
Answer: B
Explanation:
DPM can protect Hyper-V virtual machines V during live migration.
Connect servers--Run the the Set-DPMGlobalProperty PowerShell command to connect all
the servers that are running Hyper-V to all the DPM servers.
The cmdlet accepts multiple DPM server names.
Set-DPMGlobalProperty -dpmservername <dpmservername> -knownvmmservers
<vmmservername>
https://technet.microsoft.com/en-us/library/jj656643.aspx
QUESTION 226
You need to deploy the new SQL Server virtual machines.
What should you do?
A. On Chi-Primary, configure placement rules for the specified nodes.
B. On the specified cluster nodes in the primary data center in Chicago, run the following Windows
PowerShell command: Set-SCVMHost -AvaliableForPlacement
C. On the specified cluster nodes in the primary data center in Chicago, select the Host is available
for placement check box.
D. On Sea-Primary, configure placement rules for the specified nodes.
E. Both the Assertion and the Reason are false.
Answer: B
QUESTION 227
You manage a Hyper-V 2012 cluster by using System Center Virtual Machine Manager 2012
SP1. You need to ensure high availability for business-critical virtual machines (VMs) that host
business-critical SQL Server databases.
Solution: You create an availability set and place each business-critial VM in the set.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 228
An organization uses an Active Directory Rights Management Services (AD RMS) cluster names
RMS1 to protect content for a project.
You uninstall AD RMS when the project is complete.
You need to ensure that the protected content is still available after AD RMS is uninstalled.
Solution: You run the following command from an administrative command prompt:
cipher /a/d/s:<protected share name>
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 229
You plan to allow users to run internal applications from outside the company's network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS)
role installed. You must secure on-premises resources by using multi-factor authentication (MFA).
You need to design a solution to enforce different access levels for users with personal Windows
8.1 or iOS 8 devices.
Solution: You install a local instance of MFA Server and connect it your Microsoft Azure MFA
provider. Then, you use the Workplace Join process to configure access for personal devices to
the on-premises resources.
Does this meet the goal?
A. Yes
B. No
Answer: A
 |
 |
 |
 |
 | |
|---|---|---|---|---|---|
|
Test
King
|
Pass4sure
|
Actual
Tests
|
Other
Brands
| ||
| Customer Reviews |  |
 |
 |
 |
 |
|
$89.99
|
$124.99
|
$125.99
|
$189.00
|
$29.99~$49.99
| |
| Up-To-Dated |  |
 |
 |
 |
 |
| Real Questions & Answers |  |
 |
 |
 |
 |
| Correct All Error |  |
 |
 |
 |
 |
| Premium VCE Dumps |  |
 |
 |
 |
 |
| Free VCE Simulator |  |
 |
 |
 |
 |
| Unlimited After One Time Purchasing |  |
 |
 |
 |
 |
| Instant Download |  |
 |
 |
 |
 |
| Printable PDF Dumps |  |
 |
 |
 |
 |
| 100% Pass Guarantee |  |
 |
 |
 |
 |
| 100% Money Back |  |
 |
 |
 |
 |
100% Pass:http://examsavior.com/
No comments:
Post a Comment