Hotspot Question
You need to implement App1.
How should you configure the locations? To answer, select the appropriate option from each list
in the answer area.
QUESTION 174
Drag and Drop Question
You need to configure access to the Certificate Revocation Lists (CRLs).
How should you configure the access? To answer, drag the appropriate protocol or servers to the
correct network type. Each protocol or server may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
Answer:
QUESTION 175
Hotspot Question
You need to deploy the new SQL cluster for App2.
How should you complete the relevant Windows PowerShell command? To answer, select the
appropriate Windows PowerShell segment from each list in the answer area.
Answer:
QUESTION 176
Hotspot Question
You need to implement the file share for the new virtual desktop environment.
How should you configure the implementation? To answer, select the appropriate option from
each list in the answer area.
QUESTION 176
Hotspot Question
You need to implement the file share for the new virtual desktop environment.
How should you configure the implementation? To answer, select the appropriate option from
each list in the answer area.
QUESTION 177
Drag and Drop Question
You need to implement VM-SQLclusterl.contoso.com.
Which three actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
QUESTION 178
You need to implement a new highly available storage solution for the Hyper-V environment.
Which servers should you include in the scale-out file cluster?
A. CHI-SERVER1 and CHI-SERVER2
B. SEA3-HVNODE1 and SEA3-HVNODE2
C. SEA-SERVER1 and SEA-SERVER2
D. CHIl-HVNODE1 and CHI1-HVNODE2
Answer: B
QUESTION 179
You plan to allow users to run internal applications from outside the company's network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS)
role installed.
You must secure on-premises resources by using multi-factor authentication (MFA).
You need to design a solution to enforce different access levels for users with personal Windows
8.1 or iOS 8 devices.
Solution: You migrate the AD FS server to Microsoft Azure and connect it to the internal Active
Directory instance on the network.
Then, you use the Workplace Join process to configure access for personal devices to the onpremises
resources.
Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION 180
You plan to allow users to run internal applications from outside the company s network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS)
role installed.
You must secure on-premises resources by using multi-factor authentication (MFA).
You need to design a solution to enforce different access levels for users with personal Windows
8.1 or iOS 8 devices.
Solution: You install a local instance of the MFA Server.
You connect the instance to the Microsoft Azure MFA provider and then you use Microsoft Intune
to manage personal devices.
Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION 181
A company has data centers in Seattle and New York.
A high-speed link connects the data centers.
Each data center runs a virtualization infrastructure that uses Hyper-V Server 2012 and Hyper-V
Server 2012 R2.
Administrative users from the Seattle and New York offices are members of Active Directory
Domain Services groups named SeattleAdmins and NewYorkAdmins, respectively.
You deploy one System Center Virtual Machine Manager (SCVMM) in the Seattle data center.
You create two private clouds named SeattleCloud and NewYorkCloud in the Seattle and New
York data centers, respectively.
You have the following requirements:
- Administrators from each data center must be able to manage the
virtual machines and services from their location by using a web
portal.
- Administrators must not apply new resource quotas or change resource
quotas.
- You must manage public clouds by using the existing SCVMM server.
- You must use the minimum permissions required to perform the
administrative tasks.
You need to configure the environment.
What should you do?
A. For both the Seattle and New York admin groups, create a User Role and assign it to the
Application Administrator profile.
Add the Seattle and New York private clouds to the corresponding User Role.
B. For both the Seattle and New York admin groups, create a User Role and assign it to the
Delegated Administrator profile.
Add the Seattle and New York private clouds to the corresponding User Role.
C. For both the Seattle and New York admin groups, create a User Role and assign it to the
Tennant Administrator profile.
Add the Seattle and New York private clouds to the corresponding User Role.
D. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of each
Hyper-V host in Seattle and New York, respectively.
Answer: B
QUESTION 182
You administer an Active Directory Domain Services forest that includes an Active Directory
Federation Services (AD FS) server and Azure Active Directory.
The fully qualified domain name of the AD FS server is adfs.contoso.com.
Your must implement single sign-on (SSO) for a cloud application that is hosted in Azure.
All domain users must be able to use SSO to access the application.
You need to configure SSO for the application.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Use the Azure Active Directory Synchronization tool to configure user synchronization.
B. Use the AD FS Configuration wizard to specify the domain and administrator for the Azure
Active Directory service.
C. Create a trust between AD FS and Azure Active Directory.
D. In the Azure management portal, activate directory synchronization.
Answer: AB
QUESTION 183
Your network contains an Active Directory domain named contoso.com.
You currently have an intranet web site that is hosted by two Web servers named Web1 and
Web2.
Web1 and Web2 run Windows Server 2012.
Users use the name intranet.contoso.com to request the web site and use DNS round robin.
You plan to implement the Network Load Balancing (NLB) feature on Web1 and Web2.
You need to recommend changes to the DNS records for the planned implementation.
What should you recommend?
A. Create a service locator (SRV) record. Map the SRV record to Intranet.
B. Delete both host (A) records named Intranet.
Create a pointer (PTR) record for each Web server.
C. Remove both host (A) records named Intranet.
Create a new host (A) record named Intranet.
D. Delete both host (A) records named Intranet.
Create two new alias (CNAME) records named Intranet. Map each CNAME record to a Web
server name.
Answer: C
QUESTION 184
You have a small Hyper-V cluster built on two hosts that run Windows Server 2012 R2 Hyper-V.
You manage the virtual infrastructure by using System Center Virtual Machine Manager 2012.
Distributed Key Management is not installed.
You have the following servers in the environment:
You have the following requirements:
- You must back up virtual machines at the host level.
- You must be able to back up virtual machines that are configured for
live migration.
- You must be able to restore the entire VMM infrastructure.
You need to design and implement the backup plan.
What should you do?
A. Run the following Windows PowerShell command:
Checkpoint-VM -Name DPMI -ComputerName SQL1
B. Install the DPM console on VMM1
C. Configure backup for all disk volumes on FILESERVER1.
D. Install the VMM console on DPMI.
Answer: A
QUESTION 185
You are an Active Directory administrator for Contoso, Ltd.
You have a properly configured certification authority (CA) in the contoso.com Active Directory
Domain Services (AD DS) domain.
Contoso employees authenticate to the VPN by using a user certificate issued by the CA.
Contoso acquires a company named Litware, Inc., and establishes a forest trust between
contoso.com and litwareinc.com.
No CA currently exists in the litwareinc.com AD DS domain.
Litware employees do not have user accounts in contoso.com and will continue to use their
litwareinc.com user accounts.
Litware employees must be able to access Contoso's VPN and must authenticate by using a user
certificate that is issued by Contoso's CA.
You need to configure cross-forest certificate enrollment for Litware users.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Grant the litwareinc.com AD DS Domain Computers group permissions to enroll for the VPN
template on the Contoso CA.
B. Copy the VPN certificate template from contoso.com to litwareinc.com.
C. Add Contoso's root CA certificate as a trusted root certificate to the Trusted Root Certification
Authority in litware.com.
D. Configure clients in litwareinc.com to use a Certificate Policy server URI that contains the
location of Contoso's CA.
Answer: AC
QUESTION 186
You manage a Hyper-V 2012 cluster by using System Center Virtual Machine Manager 2012
SP1. You need to ensure high availability for business-critical virtual machines (VMs) that host
business-critical SQL Server databases.
Solution: You set the memory-weight threshold value to High for each business-critical VM, Does
this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 187
You administer a group of servers that run Windows Server 2012 R2.
You must install all updates.
You must report on compliance with the update policy on a monthly basis.
You need to configure updates and compliance reporting for new devices.
What should you do?
A. Deploy the Microsoft Baseline Security Analyzer.
Scan the servers and specify the /apply switch.
B. In Configuration Manager, deploy a new Desired Configuration Management baseline that
includes all required updates.
C. Configure a new group policy to install updates monthly.
Deploy the group policy to all servers.
D. In Operations Manager, create an override that enables the software updates management
pack. Apply the new override to the servers.
Answer: C
QUESTION 188
NOTE: Once you answer this question, you will NOT be able to return to it.
You manage a Hyper-V 2012 cluster by using System Center Virtual Machine Manager 2012
SP1. You need to ensure high availability for business-critical virtual machines (VMs) that host
business-critical SQL Server databases.
Solution: You configure preferred and possible owners for each business-critical VM.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 189
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System Center 2012 infrastructure.
You deploy a service named Service1 by using a service template.
Service1 contains two virtual machines.
The virtual machines are configured as shown in the following table.
You need to recommend a monitoring solution to ensure that an administrator can review the
availability information of Service1.
Solution: From Configuration Manager, you create a Collection and a Desired Configuration
Management baseline.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 190
You have a small Hyper-V cluster built on two hosts that run Windows Server 2012 R2 Hyper-V.
You manage the virtual infrastructure by using System Center Virtual Machine Manager 2012.
Distributed Key Management is not installed.
You have the following servers in the environment:
You have the following requirements:
- You must back up virtual machines at the host level.
- You must be able to back up virtual machines that are configured for
live migration.
- You must be able to restore the entire VMM infrastructure.
You need to design and implement the backup plan.
What should you do?
A. Run the following Windows PowerShell command:
Checkpoint-VM -Name DPMI -ComputerName SQL1
B. Install the DPM console on VMM1
C. Configure backup for all disk volumes on FILESERVER1.
D. Install the VMM console on DPMI.
Answer: A
QUESTION 191
You administer a group of servers that run Windows Server 2012 R2.
You must install all updates.
You must report on compliance with the update policy on a monthly basis.
You need to configure
A. Deploy the Microsoft Baseline Security Analyzer.
Scan the servers and specify the /apply switch.
B. In Configuration Manager, deploy a new Desired Configuration Management baseline that
includes
all required updates.
C. Configure a new group policy to install updates monthly.
Deploy the group policy to all servers.
D. In Operations Manager, create an override that enables the software updates management pack.
Apply the new override to the servers.
Answer: C
QUESTION 192
You are an Active Directory administrator for Contoso, Ltd.
You have a properly configured certification authority (CA) in the contoso.com Active Directory
Domain Services (AD DS) domain. Contoso employees authenticate to the VPN by using a user
certificate issued by the CA.
Contoso acquires a company named Litware, Inc., and establishes a forest trust between
contoso.com and litwareinc.com. No CA currently exists in the litwareinc.com AD DS domain.
Litware employees do not have user accounts in contoso.com and will continue to use their
litwareinc.com user accounts.
Litware employees must be able to access Contoso's VPN and must authenticate by using a user
certificate that is issued by Contoso's CA.
You need to configure cross-forest certificate enrollment for Litware users.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Grant the litwareinc.com AD DS Domain Computers group permissions to enroll for the VPN
template on the Contoso CA.
B. Copy the VPN certificate template from contoso.com to litwareinc.com.
C. Add Contoso's root CA certificate as a trusted root certificate to the Trusted Root Certification
Authority in litware.com.
D. Configure clients in litwareinc.com to use a Certificate Policy server URI that contains the location
of Contoso's CA.
Answer: AC
QUESTION 193
A company has data centers in Seattle and New York. A high-speed link connects the data
centers. Each data center runs a virtualization infrastructure that uses Hyper-V Server 2012 and
Hyper-V Server 2012 R2. Administrative users from the Seattle and New York offices are
members of Active Directory Domain Services groups named SeattleAdmins and
NewYorkAdmins, respectively.
You deploy one System Center Virtual Machine Manager (SCVMM) in the Seattle data center.
You create two private clouds named SeattleCloud and NewYorkCloud in the Seattle and New
York data centers, respectively.
You have the following requirements:
- Administrators from each data center must be able to manage the
virtual machines and services
from their location by using a web portal.
- Administrators must not apply new resource quotas or change resource
quotas.
- You must manage public clouds by using the existing SCVMM server.
- You must use the minimum permissions required to perform the
administrative tasks.
You need to configure the environment.
What should you do?
A. For both the Seattle and New York admin groups, create a User Role and assign it to the
Application Administrator profile. Add the Seattle and New York private clouds to the
corresponding User Role.
B. For both the Seattle and New York admin groups, create a User Role and assign it to the
Delegated Administrator profile. Add the Seattle and New York private clouds to the
corresponding User Role.
C. For both the Seattle and New York admin groups, create a User Role and assign it to the Tennant
Administrator profile. Add the Seattle and New York private clouds to the corresponding User
Role.
D. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of each Hyper-V
host in Seattle and New York, respectively.
Answer: B
QUESTION 194
You administer an Active Directory Domain Services forest that includes an Active Directory
Federation Services (AD FS) server and Azure Active Directory.
The fully qualified domain name of the AD FS server is adfs.contoso.com.
Your must implement single sign-on (SSO) for a cloud application that is hosted in Azure.
All domain users must be able to use SSO to access the application.
You need to configure SSO for the application.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Use the Azure Active Directory Synchronization tool to configure user synchronization.
B. Use the AD FS Configuration wizard to specify the domain and administrator for the Azure Active
Directory service.
C. Create a trust between AD FS and Azure Active Directory.
D. In the Azure management portal, activate directory synchronization.
Answer: AB
QUESTION 195
You manage a Hyper-V 2012 cluster by using System Center Virtual Machine Manager 2012
SP1. You need to ensure high availability for business-critical virtual machines (VMs) that host
business-critical SQL Server databases.
Solution: You set the memory-weight threshold value to High for each business-critical VM, Does
this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 196
NOTE: Once you answer this question, you will NOT be able to return to it. You manage a Hyper-
V 2012 cluster by using System Center Virtual Machine Manager 2012 SP1.
You need to ensure high availability for business-critical virtual machines (VMs) that host
business-critical SQL Server databases.
Solution: You configure preferred and possible owners for each business-critical VM.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 197
You plan to allow users to run internal applications from outside the company's network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS)
role installed. You must secure on-premises resources by using multi-factor authentication (MFA).
You need to design a solution to enforce different access levels for users with personal Windows
8.1 or iOS 8 devices.
Solution: You migrate the AD FS server to Microsoft Azure and connect it to the internal Active
Directory instance on the network. Then, you use the Workplace Join process to configure access
for personal devices to the on-premises resources.
Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION 198
You plan to allow users to run internal applications from outside the company s network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS)
role installed. You must secure on-premises resources by using multi-factor authentication (MFA).
You need to design a solution to enforce different access levels for users with personal Windows
8.1 or iOS 8 devices.
Solution: You install a local instance of the MFA Server.
You connect the instance to the Microsoft Azure MFA provider and then you use Microsoft Intune
to manage personal devices.
Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION 199
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System Center 2012 infrastructure.
You deploy a service named Service1 by using a service template. Service1 contains two virtual
machines. The virtual machines are configured as shown in the following table.
You need to recommend a monitoring solution to ensure that an administrator can review the
availability information of Service1.
Solution: From Configuration Manager, you create a Collection and a Desired Configuration
Management baseline.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 200
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System Center 2012 infrastructure.
You deploy a service named Service1 by using a service template. Service1 contains two virtual
machines. The virtual machines are configured as shown in the following table.
You need to recommend a monitoring solution to ensure that an administrator can review the
availability information of Service1.
Solution: From Operations Manager, you create a Distributed Application and a Monitor Override.
Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION 201
An organization uses an Active Directory Rights Management Services (AD RMS) cluster names
RMS1 to protect content for a project.
You uninstall AD RMS when the project is complete.
You need to ensure that the protected content is still available after AD RMS is uninstalled.
Solution: You run the following Windows PowerShell command:
Set-ItemProperty -Path <protected content>:\ -Name IsDecommissioned -
Value $true - EnableDecommission
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 202
An organization uses an Active Directory Rights Management Services (AD RMS) cluster named
RMS1 to protect content for a project. You uninstall AD RMS when the project is complete.
You need to ensure that the protected content is still available after AD RMS is uninstalled.
Solution: You add the backup service account to the SuperUsers group and back up the
protected content. Then, you restore the content to a file server and apply the required NTFS
permissions to the files.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 203
You install the Service Manager Self-Service Portal on a server named CONTOSOSSP1.
Users report that they receive access denied messages when they try to connect to the portal.
You must grant users the minimum required permissions.
You need to ensure that all users in the Contoso domain can access the Service Manager Self-
Service Portal.
What should you do?
A. In Active Directory, create a new group named PortalUsers.
Add the PortalUsers group to the Contoso \Domain Users group, and then add the group to the
local users group on CONTOSOSSP1.
B. Using the account that you used to install the Self-Service portal, grant the Contoso\Domain
Users group Read permissions to the portal.
C. In Service Manager, create a new user role named PortalUsers.
Grant the PortalUsers role rights to all catalog items, and then add the Contoso\Domain Users
Active Directory Domain Services group to the PortalUsers role.
D. Using the account that you used to install the Self-Serviceportal, grant the Contoso\Domain Users
group Contribute permissions to the portal.
Answer: D
QUESTION 204
You need to deploy the virtual network for the development servers.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Associate VLAN ID 40 with the new logical network.
B. On HV-Cluster1, create a new logical network that uses a single connected network.
C. Associate VLAN ID 20 with the new logical network.
D. On HV-Cluster1, create a new logical network that uses private VLAN networks.
E. On HV-Cluster2, create a new logical network that uses a single connected network.
F. On HV-Cluster2, create a new logical network that uses private VLAN networks.
Answer: AB
QUESTION 205
You need to configure migration for HV-CLUSTER1. What should you do?
A. Use live migration between HV-Cluster1 and HV-Cluster3.
B. Configure a Hyper-V replica between HV-Cluster1 and HV-Cluster3.
C. Configure a Hyper-V replica between HV-Cluster1 and HV-Cluster4.
D. Use live migration between HV-Cluster1 and HV-Cluster4.
Answer: C
QUESTION 206
You need to change the HR application server environment. What should you do?
A. Use Microsoft Virtual Machine Converter 3.0 to convert DAL-APPSERVER2.
B. Use Virtual Machine Manager to convert DAL-APPSERVER2.
C. Use Microsoft Virtual Machine Converter 3.0 to convert DAL-APPSERVER1.
D. Use Virtual Machine Manager to convert DAL-APPSERVER1.
Answer: C
QUESTION 207
Drag and Drop Question
You use the entire System Center suite.
You integrate Service Manager with Operations Manager.
Virtual Machine Manager, Orchestrator, and Active Directory.
You perform all remediation by using Orchestrator runbooks.
An application experiences performance problems on a periodic basis.
You have the following requirements:
- A new incident must be opened when System Center Operations Manager
(SCOM) detects a performance problem.
- The incident must be closed when the performance problem is resolved.
- The incident must be associated with the HR performance problem in
Service Manager.
You need to configure the environment.
QUESTION 208
Drag and Drop Question
You are planning to set up a proof-of-concept network virtualization environment.
The environment will contain three servers.
The servers will be configured as shown in the following table.
VMM will be used to manage the virtualization environment. Server2 runs three virtual machines.
All of the virtual machines are configured to use network virtualization.
You need to enable network connectivity between the virtual machines and Server3.
Which four actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
QUESTION 209
Drag and Drop Question
You need to ensure that all new production Hyper-V virtual machines can be deployed correctly.
Which three actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
QUESTION 210
Drag and Drop Question
You need to configure the environment to support App1.
Which four actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
Answer:
QUESTION 211
Hotspot Question
You need to create a script to deploy DFS replication.
Which Windows PowerShell commands should you add to the script? To answer, select the
appropriate Windows PowerShell commands in each list in the answer area.
Answer:
Case Study 6: Contoso Ltd Case D (QUESTION 212 - QUESTION 225)
Overview
Contoso, Ltd., is a manufacturing company that makes several different components that are
used in automobile production. Contoso has a main office in Detroit, a distribution center in
Chicago, and branch offices in Dallas, Atlanta, and San Diego. The contoso.com forest and
domain functional level are Windows Server 2008 R2. All servers run Windows Server 2012 R2,
and all client workstations run Windows 7 or Windows 8. Contoso uses System Center 2012
Operations Manager and Audit Collection Services (ACS) to monitor the environment. There is no
certification authority (CA) in the environment.
Current Environment
The contoso.com domain contains the servers as shown in the following table:
Contoso sales staff travel within the United States and connect to a VPN by using mobile devices
to access the corporate network. Sales users authenticate to the VPN by using their Active
Directory usernames and passwords. The VPN solution also supports certification-based
authentication.
Contoso uses an inventory system that requires manually counting products and entering that
count into a database. Contoso purchases new inventory software that supports wireless
handheld scanners and several wireless handheld scanners. The wireless handheld scanners run
a third party operating system that supports the Network Device Enrollment Service (NDES).
Business Requirements
Security
The wireless handheld scanners must use certification-based authentication to access the
wireless network.
Sales users who use mobile devices must use certification-based authentication to access the
VPN. When sales users leave the company, Contoso administrators must be able to disable their
VPN access by revoking their certificates.
Monitoring
All servers must be monitored by using System Center 2012 Operating Manager. In addition to
monitoring the Windows operating system, you must collect security logs from the CA servers by
using ACS, and monitor the services that run on the CA and Certificate Revocation List (CRL)
servers, such as certification authority and web services.
Technical Requirements
CA Hierarchy
Contoso requires a two-tier CA hierarchy. The CA hierarchy must include a stand-alone offline
root and two Active Directory-integrated issuing CAs: one for issuing certificates to domain-joined
devices, and one for issuing certificates to non-domain-joined devices by using the NDES. CRLs
must be published to two web servers: one in Detroit and one in Chicago.
Contoso has servers that run Windows Server 2012 R2 to use for the CA hierarchy.
The servers are described in the following table:
The IT security department must have the necessary permissions to manage the CA and CRL
servers. A domain group named Corp-IT Security must be used for this purpose. The IT security
department users are not domain admins.
Fault Tolerance
The servers that host the CRL must be part of a Windows Network Load Balancing (NLB) cluster.
The CRL must be available to users in all locations by using the hostname crl.contoso.com, even
if one of the underlying web servers is offline.
QUESTION 212
You need to automatically restart the appropriate web service on DETCRL01 and CHICRL01 if
the web service is stopped.
Solution: You create a recovery task in SCOM and configure it to start the World Wide Web
publishing service.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
Explanation:
The Internet Information Services (IIS) World Wide Web Publishing Service (W3SVC), sometimes
referred to as the WWW Service, manages the HTTP protocol and HTTP performance counters.
The following is a list of the managed entities that are included in this managed entity:
* IIS Web Site
An Internet Information Services (IIS) Web site is a unique collection of Web pages and Web
applications that is hosted on an IIS Web server. Web sites have bindings that consist of a port
number, an IP address, and an optional host name or names.
* Active Server Pages (ASP)
https://technet.microsoft.com/en-us/library/cc734944(v=ws.10).aspx
QUESTION 213
You plan to allow users to run internal applications from outside the company's network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS)
role installed. You must secure on-premises resources by using multi-factor authentication (MFA).
You need to design a solution to enforce different access levels for users with personal Windows
8.1 or iOS 8 devices.
Solution: You install a local instance of MFA Server. You connect the instance to the Microsoft
Azure MFA provider, and then run the following Windows PowerShell cmdlet.
Enable-AdfsDeviceRegistration
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
We must install AD FS Adapter, not register a host for the Device Registration Service.
Note: The Enable-AdfsDeviceRegistration cmdlet configures a server in an Active Directory
Federation Services (AD FS) farm to host the Device Registration Service.
https://msdn.microsoft.com/en-us/library/azure/dn807157.aspx
QUESTION 214
An organization uses an Active Directory Rights Management Services (AD RMS) cluster named
RMS1 to protect content for a project. You uninstall AD RMS when the project is complete.
You need to ensure that the protected content is still available after AD RMS is uninstalled.
Solution: You enable the decommissioning service by using the AD RMS management console.
You grant all users the Read & Execute permission to the decommission pipeline.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
The proper procedure is:
Inform your users that you are decommissioning the AD RMS installation and advise them to
connect to the cluster to save their content without AD RMS protection. Alternatively, you could
delegate a trusted person to decrypt all rights- protected content by temporarily adding that
person to the AD RMS super users group.
After you believe that all of the content is unprotected and saved, you should export the server
licensor certificate, and then uninstall AD RMS from the server.
QUESTION 215
Your network contains an Active Directory domain named contoso.com.
Your company has an enterprise root certification authority (CA) named CA1.
You plan to deploy Active Directory Federation Services (AD FS) to a server named Server1.
The company purchases a Microsoft Office 365 subscription.
You plan to register the company's SMTP domain for Office 365 and to configure single sign-on
for all users.
You need to identify which certificate is required for the planned deployment.
Which certificate should you identify?
A. a server authentication certificate that is issued by a trusted third-party root CA and that contains
the subject name serverl.contoso.com
B. a self-signed server authentication certificate for server1.contoso.com
C. a server authentication certificate that is issued by a trusted third-party root CA and that contains
the subject name Server1
D. a server authentication certificate that is issued by CA1 and that contains the subject name
Server1
Answer: A
Explanation:
Prepare Your Server and Install ADFS You can install ADFS on a domain controller or another
server. You'll first need to configure a few prerequisites.
The following steps assume you're installing to Windows Server 2008 R2.
Using Server Manager, install the IIS role and the Microsoft .NET Framework. Then purchase and
install a server-authentication certificate from a public certificate authority. Make sure you match
the certificate's subject name with the Fully Qualified Domain Name of the server.
Launch IIS Manager and import that certificate to the default Web site.
https://technet.microsoft.com/en-us/magazine/jj631606.aspx
QUESTION 216
You administer an Active Directory Domain Services environment.
There are no certification authorities (CAs) in the environment.
You plan to implement a two-tier CA hierarchy with an offline root CA.
You need to ensure that the issuing CA is not used to create additional subordinate CAs.
What should you do?
A. In the CAPolicy.inf file for the issuing CA, enter the following constraint:
PathLength=1
B. In the CAPolicy.inf file for the root CA, enter the following constraint:
PathLength=1
C. In the CAPolicy.inf file for the root CA, enter the following constraint:
PathLength=2
D. In the CAPolicy.inf file for the issuing CA, enter the following constraint:
PathLength=2
Answer: B
Explanation:
You can use the CAPolicy.inf file to define the PathLength constraint in the Basic Constraints
extension of the root CA certificate. Setting the PathLength basic constraint allows you to limit the
path length of the CA hierarchy by specifying how many tiers of subordinate CAs can exist
beneath the root. A PathLength of 1 means there can be at most one tier of CAs beneath the
root. These subordinate CAs will have a PathLength basic constraint of 0, which means that they
cannot issue any subordinate CA certificates.
http://blogs.technet.com/b/askds/archive/2009/10/15/windows-server-2008-r2-capolicy-infsyntax.
aspx
QUESTION 217
Drag and Drop Question
You need to delegate permissions for DETCA01.
Which three actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
Answer:
QUESTION 218
Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2012 R2.
The network contains a System Center 2012 R2 Data Protection Manager (DPM) deployment.
The domain contains six servers.
The servers are configured as shown in the following table.
You install System Center 2012 R2 Virtual Machine Manager (VMM) on the nodes in Cluster2.
You configure VMM to use a database in Cluster1. Server5 is the first node in the cluster.
You need to back up the VMM encryption key.
What should you back up?
A. a system state backup of Server2
B. a full system backup of Server6
C. a system state backup of Server5
D. a full system backup of Server3
Answer: A
Explanation:
Encryption keys in Active Directory Domain Services: If distributed key management (DKM) is
configured, then you are storing VMM-related encryption keys in Active Directory Domain
Services (AD DS). To back up these keys, back up Active Directory on a regular basis.
https://technet.microsoft.com/en-us/library/dn768227.aspx#BKMK_b_misc
QUESTION 219
Your network contains an Active Directory domain named contoso.com.
You currently have an intranet web site that is hosted by two Web servers named Web1 and
Web2. Web1 and Web2 run Windows Server 2012.
Users use the name intranet.contoso.com to request the web site and use DNS round robin.
You plan to implement the Network Load Balancing (NLB) feature on Web1 and Web2.
You need to recommend changes to the DNS records for the planned implementation.
What should you recommend?
A. Delete one of the host (A) records named Intranet. Modify the remaining host (A) record named
Intranet.
B. Delete both host (A) records named Intranet. Create a pointer (PTR) record for each Web server.
C. Create a new host (A) record named Intranet. Remove both host (A) records for Web1 and Web2.
D. Create a service locator (SRV) record. Map the SRV record to Intranet.
Answer: C
Explanation:
You must manually register the NLB cluster name in DNS by using a host (A) or (AAAA) record
because DNS does not automatically register static IP addresses.
https://technet.microsoft.com/en-us/library/bb633031.aspx
QUESTION 220
Your network contains an Active Directory domain named contoso.com.
The network contains two servers named Server1 and Server2.
You deploy Active Directory Certificate Services (AD CS).
The certification authority (CA) is configured as shown in the exhibit. (Click the Exhibit button).
You need to ensure that you can issue certificates based on certificate templates.
What should you do?
A. Configure Server2 as a standalone subordinate CA.
B. On Server1, install the Network Device Enrollment service role service.
C. Configure Server2 as an enterprise subordinate CA.
D. On Server1, run the Add-CATemplate cmdlet.
Answer: C
Explanation:
The Add-CATemplate cmdlet adds a certificate template to the CA for issuing. Certificate
templates allow for the customization of a certificate that can be issued by the CA.
Example: Adds a CA template with the template display name Basic EFS and the template name
EFS.
Windows PowerShell
C:\PS>Add-CATemplate -Name EFS
QUESTION 221
Your network contains an Active Directory domain named contoso.com.
The domain contains four servers on a test network. The servers are configured as shown in the
following table.
You perform the following tasks:
- On Server2, you create an advanced SMB share named Share2A and an
applications SMB share named Share2B.
- On Server3, you create an advanced SMB share named Share3.
- On Server4, you create an applications SMB share named Share4.
You add Server3 and Server4 to a new failover cluster named Clus1.
On Clus1, you configure the File Server for general use role, you create a quick SMB share
named Share5A, and then you create an applications SMB share named Share5B.
You plan to create a failover cluster of two virtual machines hosted on Server1.
The clustered virtual machines will use shared .vhdx files.
You need to recommend a location to store the shared .vhdx files.
Where should you recommend placing the virtual hard disk (VHD)?
A. \\Clus1\Share5A
B. \\Server2\Share2A
C. \\Server4\Share4
D. the D drive on Server1
Answer: A
Explanation:
vhdx files can be housed on a continuously-available SMB share on a Windows Storage Server
2012 R2 failover cluster.
QUESTION 222
This question consists of two statements: One is named Assertion and the other is named
Reason. Both of these statements may be true; both may be false; or one may be true, while the
other may be false.
To answer this question, you must first evaluate whether each statement is true on its own.
If both statements are true, then you must evaluate whether the Reason (the second statement)
correctly explains the Assertion (the first statement). You will then select the answer from the list
of answer choices that matches your evaluation of the two statements.
Assertion:
You can manage VMware ESX hosts and virtual machines by using a System Center Virtual
Machine Manager (SCVMM) server.
Reason:
SCVMM automatically imports ESX hosts and virtual machines when you add the corresponding
VMware vCenter to the SCVMM server.
Evaluate the Assertion and Reason statements and choose the correct answer option.
A. Both the Assertion and Reason are true, and the Reason is the correct explanation for the
Assertion.
B. Both the Assertion and Reason are true, but the Reason is not the correct explanation for the
Assertion.
C. The Assertion is true, but the Reason is false.
D. The Assertion is false, but the Reason is true.
E. Both the Assertion and the Reason are false.
Answer: C
Explanation:
* Assertion: true
Virtual Machine Manager (VMM) enables you to deploy and manage virtual machines and
services across multiple hypervisor platforms, including VMware ESX and ESXi hosts.
* Reason: False
When you add a vCenter Server, VMM no longer imports, merges and synchronizes the VMware
tree structure with VMM. Instead, after you add a vCenter Server, you can add selected ESX
servers and hosts to any VMM host group. Therefore, there are fewer issues with
synchronization.
https://technet.microsoft.com/en-us/library/gg610683.aspx
QUESTION 223
A company has data centers in Seattle and New York. A high-speed link connects the data
centers. Each data center runs a virtualization infrastructure that uses Hyper-V Server 2012 and
Hyper-V Server 2012 R2. Administrative users from the Seattle and New York offices are
members of Active Directory Domain Services groups named SeattleAdmins and
NewYorkAdmins, respectively.
You deploy one System Center Virtual Machine Manager (SCVMM) in the Seattle data center.
You create two private clouds named SeattleCloud and NewYorkCloud in the Seattle and New
York data centers, respectively.
You have the following requirements:
- Administrators from each data center must be able to manage the
virtual machines and services from their location by using a web
portal.
- Administrators must not apply new resource quotas or change resource
quotas.
- You must manage public clouds by using the existing SCVMM server.
- You must use the minimum permissions required to perform the
administrative tasks.
You need to configure the environment.
What should you do?
A. For both the Seattle and New York admin groups, create a User Role and assign it to the
Application Administrator profile. Add the Seattle and New York private clouds to the
corresponding User Role.
B. For both the Seattle and New York admin groups, create a User Role and assign it to the Tennant
Administrator profile. Add the Seattle and New York private clouds to the corresponding User
Role.
C. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of each Hyper-V
host in Seattle and New York, respectively.
D. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of the SCVMM
server.
Answer: A
Explanation:
Members of the Application Administrator (Self-Service User) ole can create, deploy, and manage
their own virtual machines and services by using the VMM console or a Web portal.
QUESTION 224
You need to automatically restart the appropriate web service on DETCRL01 and CHICRL01 if
the web service is stopped.
Solution: You create a diagnostic task in SCOM and configure it to start the Server service.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
It is not the Server service that needs to be restarted. The Internet Information Services (IIS)
World Wide Web Publishing Service (W3SVC), which manages the HTTP protocol and HTTP
performance counters, needs to be restarted.
https://technet.microsoft.com/en-us/library/cc734944(v=ws.10).aspx
QUESTION 225
You have a small Hyper-V cluster built on two hosts that run Windows Server 2012 R2 Hyper-V.
You manage the virtual infrastructure by using System Center Virtual Machine Manager 2012.
Distributed Key Management is not installed. You have the following servers in the environment:
You have the following requirements:
- You
You have the following requirements:
- You must back up virtual machines at the host level.
- You must be able to back up virtual machines that are configured for
live migration.
- You must be able to restore the entire VMM infrastructure.
You need to design and implement the backup plan.
What should you do?
A. Run the following Windows PowerShell command:
Get-VM VMM1 | Checkpoint-VM-SnapshotName "VMM backup"
B. Run the following Windows PowerShell command:
Set-DPMGlobalProperty-DPMServerName DPM1-KnownVMMServers VMM1
C. Configure System State Backup for DCL.
D. Configure backup for all disk volumes on FILESERVER1
Answer: B
Explanation:
DPM can protect Hyper-V virtual machines V during live migration.
Connect servers--Run the the Set-DPMGlobalProperty PowerShell command to connect all
the servers that are running Hyper-V to all the DPM servers.
The cmdlet accepts multiple DPM server names.
Set-DPMGlobalProperty -dpmservername <dpmservername> -knownvmmservers
<vmmservername>
https://technet.microsoft.com/en-us/library/jj656643.aspx
QUESTION 226
You need to deploy the new SQL Server virtual machines.
What should you do?
A. On Chi-Primary, configure placement rules for the specified nodes.
B. On the specified cluster nodes in the primary data center in Chicago, run the following Windows
PowerShell command: Set-SCVMHost -AvaliableForPlacement
C. On the specified cluster nodes in the primary data center in Chicago, select the Host is available
for placement check box.
D. On Sea-Primary, configure placement rules for the specified nodes.
E. Both the Assertion and the Reason are false.
Answer: B
QUESTION 227
You manage a Hyper-V 2012 cluster by using System Center Virtual Machine Manager 2012
SP1. You need to ensure high availability for business-critical virtual machines (VMs) that host
business-critical SQL Server databases.
Solution: You create an availability set and place each business-critial VM in the set.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 228
An organization uses an Active Directory Rights Management Services (AD RMS) cluster names
RMS1 to protect content for a project.
You uninstall AD RMS when the project is complete.
You need to ensure that the protected content is still available after AD RMS is uninstalled.
Solution: You run the following command from an administrative command prompt:
cipher /a/d/s:<protected share name>
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 229
You plan to allow users to run internal applications from outside the company's network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS)
role installed. You must secure on-premises resources by using multi-factor authentication (MFA).
You need to design a solution to enforce different access levels for users with personal Windows
8.1 or iOS 8 devices.
Solution: You install a local instance of MFA Server and connect it your Microsoft Azure MFA
provider. Then, you use the Workplace Join process to configure access for personal devices to
the on-premises resources.
Does this meet the goal?
A. Yes
B. No
Answer: A
 |
 |
 |
 |
 | |
|---|---|---|---|---|---|
|
Test
King
|
Pass4sure
|
Actual
Tests
|
Other
Brands
| ||
| Customer Reviews |  |
 |
 |
 |
 |
|
$89.99
|
$124.99
|
$125.99
|
$189.00
|
$29.99~$49.99
| |
| Up-To-Dated |  |
 |
 |
 |
 |
| Real Questions & Answers |  |
 |
 |
 |
 |
| Correct All Error |  |
 |
 |
 |
 |
| Premium VCE Dumps |  |
 |
 |
 |
 |
| Free VCE Simulator |  |
 |
 |
 |
 |
| Unlimited After One Time Purchasing |  |
 |
 |
 |
 |
| Instant Download |  |
 |
 |
 |
 |
| Printable PDF Dumps |  |
 |
 |
 |
 |
| 100% Pass Guarantee |  |
 |
 |
 |
 |
| 100% Money Back |  |
 |
 |
 |
 |
100% Pass:http://examsavior.com/
DumpsFactory brought the hope for success in 70-413 exam by providing me 70-413 dumps at the right time. I was guaranteed to pass this exam and I am happy for this to be true. I never saw any material as useful and handy as 70-413 dumps.
ReplyDelete