Q1. DRAG DROP - (Topic 7)
You need to design the DNS zone for App1.
What should you do? To answer, drag the appropriate resource record to the correct DNS se Each resource record may be used once, more than once, or not at all. You may need to drag split bar between panes or scroll to view content.
Answer:
Q2. - (Topic 8)
Your network contains an Active Directory forest. The forest contains two Active Directory domains named contoso.com and child.contoso.com. The forest functional level is Windows Server 2003. The functional level of both domains is Windows Server 2008.
The forest contains three domain controllers. The domain controllers are configured as shown in the following table.
DC1 and DC2 have the DNS Server server role installed and are authoritative for both contoso.com and child.contoso.com.
The child.contoso.com domain contains a server named serverl.child.contoso.com that runs Windows Server 2012.
You plan to deploy server1.child.contoso.com as a read-only domain controller (RODC).
You run the adprep.exe /rodcprep command on DC3 and receive the following error message:
You need to identify what prevents you from successfully running Adprep /rodcprep on DC3.
What should you identify?
A. The domain functional level of child.contoso.com is set to the wrong level.
B. DC3 cannot connect to the infrastructure master on DC2.
C. DC3 cannot connect to the domain naming master on DC1.
D. The forest functional level is set to the wrong level.
Answer: B
Explanation: Adprep could not contact a replica…
This problem occurs when the Adprep /rodcprep command tries to contact the
infrastructure master for each application partition in the forest.
Reference: Error message when you run the "Adprep /rodcprep" command in Windows
Server 2008: "Adprep could not contact a replica for partition
DC=DomainDnsZones,DC=Contoso,DC=com"
Q3. HOTSPOT - (Topic 5)
You need to design the acquisition strategy for Margie's Travel.
What should you do? To answer, select the appropriate option for each action in the answer area.
Answer:
Q4. - (Topic 8)
You have a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role installed.
You need to recommend changes to the DNS infrastructure to protect the cache from cache poisoning attacks.
What should you configure on Server1?
A. DNS cache locking
B. The global query block list
C. DNS Security Extensions (DNSSEC)
D. DNS devolution
Answer: A
Explanation: Ache locking is a new feature available if your DNS server is running Windows Server 2008 R2. When you enable cache locking, the DNS server will not allow cached records to be overwritten for the duration of the time to live (TTL) value. Cache locking provides for enhanced security against cache poisoning attacks.
Q5. - (Topic 8)
Your company is a hosting provider that provides cloud-based services to multiple customers.
Each customer has its own Active Directory forest located in your company's datacenter.
You plan to provide VPN access to each customer. The VPN solution will use RADIUS for authentication services and accounting services.
You need to recommend a solution to forward authentication and accounting messages from the perimeter network to the Active Directory forest of each customer.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
A. One RADIUS proxy for each customer and Active Directory Federation Services (AD FS)
B. A RADIUS server for each customer and one RADIUS proxy
C. One RADIUS proxy and one Active Directory Lightweight Directory Services (AD LDS) instance for each customer
D. A RADIUS server for each customer and a RADIUS proxy for each customer
Answer: B
Explanation: RADIUS proxy You want to provide RADIUS authentication and authorization for outsourced service providers and minimize intranet firewall configuration. An intranet firewall is between your perimeter network (the network between your intranet and the Internet) and intranet. By placing an NPS server on your perimeter network, the firewall between your perimeter network and intranet must allow traffic to flow between the NPS server and multiple domain controllers. By replacing the NPS server with an NPS proxy, the firewall must allow only RADIUS traffic to flow between the NPS proxy and one or multiple NPS servers within your intranet.
Q6. - (Topic 8)
Your network contains an Active Directory forest named contoso.com. The forest contains
a single domain and two sites named Montreal and Vancouver.
Montreal contains an IP Address Management (IPAM) server named Server1 that is used to manage all of the DHCP servers and the DNS servers in the site.
Vancouver contains several DHCP servers and several DNS servers.
In Vancouver, you install the IP Address Management (IPAM) Server feature on a server named Server2.
You need to recommend which configurations must be performed to ensure that the DHCP servers and the DNS servers in Vancouver are managed by Server2.
What should you recommend?
A. Replicate the IPAM database from Server1 to Server2. On Server2, change the manageability status of the DNS servers and the DHCP servers in Vancouver.
B. Replicate the IPAM database from Server1 to Server2. On Server1, change the manageability status of the DNS servers and the DHCP servers in Vancouver.
C. From Server2, run the Invoke-IpamGpoProvisioning cmdlet On Server2, change the manageability status of the DNS servers and the DHCP servers in Vancouver.
D. From Server1, run the Invoke-IpamGpoProvisioning cmdlet. On Server1, change the manageability status of the DNS servers and the DHCP servers in Vancouver.
Answer: C
Explanation: Invoke-IpamGpoProvisioning Creates and links group policies in the specified domain for provisioning required access settings on the servers managed by the computer running the IPAM server.
Q7. - (Topic 7)
You need to generate the required report
Which tool should you use?
A. Microsoft Deployment Toolkit (MDT)
B. Microsoft Desktop Optimization Pack (MDOP)
C. Microsoft Assessment and Planning Toolkit (MAP)
D. Application Compatibility Toolkit (ACT)
Answer: C
Explanation:
Scenario: Consolidation reports The company requires a report that describes the impact of consolidation. The report must provide the following information:
.An inventory of the existing physical server environment
.Visual charts that show the reduction of physical servers
Reference: Microsoft Assessment and Planning (MAP) Toolkit for Hyper-V
Q8. - (Topic 8)
Your company, which is named Contoso, Ltd., has a main office and two branch offices. The main office is located in North America. The branch offices are located in Asia and Europe.
You plan to design an Active Directory forest and domain infrastructure.
You need to recommend an Active Directory design to meet the following requirements:
* The contact information of all the users in the Europe office must not be visible to the users in the other offices.
* The administrators in each office must be able to control the user settings and the computer settings of the users in their respective office.
The solution must use the least amount of administrative effort.
What should you include in the recommendation?
A. One forest that contains three domains
B. Three forests that each contain one domain
C. Two forests that each contain one domain
D. One forest that contains one domain
Answer: D
Explanation: * The most basic of all Active Directory structures is the single domain model; this type of domain structure comes with one major advantage over the other models: simplicity. A single security boundary defines the borders of the domain, and all objects are located within that boundary. The establishment of trust relationships between other domains is not necessary, and implementation of technologies such as Group Policies is made easier by the simple structure.
Q9. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.
Solution: You enable force tunneling.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation: DirectAccess. DirectAccess allows connectivity to organizational network resources without the need for traditional virtual private network (VPN) connections.
DirectAccess allows remote users to securely access internal network file shares, Web sites, and applications without connecting to a virtual private network (VPN). An internal network is also known as a private network or intranet. DirectAccess establishes bi-directional connectivity with an internal network every time a DirectAccess-enabled computer connects to the Internet, even before the user logs on. Users never have to think about connecting to the internal network and IT administrators can manage remote computers outside the office, even when the computers are not connected to the VPN.
Q10. - (Topic 4)
You need to recommend a solution for GPO1.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
A. In west.northwindtraders.com, create a copy of GPO1 and link the new GPO to Site2. Apply a WMI filter to the new GPO.
B. In west.northwindtraders.com, create a copy of GPO1 and link the new GPO to west.northwindtraders.com. Configure security filtering on the new GPO.
C. Link GPO1 to west.northwindtraders.com and configure security filtering on GPO1.
D. Link GPO1 to Site2 and apply a WMI filter to GPO1.
Answer: D
Explanation: * Scenario:
The northwindtraders.com domain contains a Group Policy object (GPO) named GPO1.
GP01 is applied to all of the users in the Montreal office.
Apply GPO1 to all of the San Diego users.
GPO1 must not be applied to computers that run Windows 8.1.
* WM Filter for Operating Systems. Example:
Windows 8.1 64 bit
SELECT version FROM Win32_OperatingSystem WHERE Version LIKE "6.3%" and
ProductType = "1" AND OSArchitecture = "64-bit"