Q1. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains four computers that are configured as shown in the following table.
You plan to use domain controller cloning.
You need to identify on which computers you can clone domain controllers that run Windows Server 2012.
Which computers should you identify? (Each correct answer presents part of the solution.
Choose all that apply.)
A. Server1
B. Server2
C. Server3
D. Client1
Answer: A,D
Explanation:
DC cloning can be done from either Hyper-V on Server 2012 and Hyper-V on Windows 8.
Q2. - (Topic 8)
Your company has two main offices and 10 branch offices. Each office is configured as a separate Active Directory site.
The main offices sites are named Site1 and Site2. Each office connects to Site1 and Site2 by using a WAN link. Each site contains a domain controller that runs Windows Server 2008.
You are redesigning the Active Directory infrastructure.
You plan to implement domain controllers that run Windows Server 2012 and decommission all of the domain controllers that run Windows Server 2008.
You need to recommend a placement plan for the Windows Server 2012 domain controllers to meet the following requirements:
. Ensure that users can log on to the domain if a domain controller or a WAN link fails. . Minimize the number of domain controllers implemented.
What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.)
A. Read-only domain controllers (RODCs) in the branch office sites
B. A writable domain controller in Site1
C. A writable domain controller in Site2
D. Writable domain controllers in the branch office sites
Answer: A,B,C
Explanation: A (not D) Writeable domain controllers are not needed to authenticate users at the branch offices.
Q3. - (Topic 8)
A company has offices in multiple geographic locations. The sites have high-latency, low-bandwidth connections. You need to implement a multisite Windows Deployment Services (WDS) topology for deploying standard client device images to all sites.
Solution: At each site, you create a multicast deployment. You pre-stage the client images that you plan to deploy and point them to the local WDS server.
Does this meet the goal?
A. Yes
B. No
Answer: A
Q4. HOTSPOT - (Topic 5)
You need to design the acquisition strategy for Margie's Travel.
What should you do? To answer, select the appropriate option for each action in the answer area.
Answer:
Q5. - (Topic 8)
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
The domain contains two global groups. The groups are configured as shown in the following table.
You need to ensure that the RODC is configured to meet the following requirements:
. Cache passwords for all of the members of Branch1Users.
. Prevent the caching of passwords for the members of Helpdesk.
What should you do?
A. Modify the membership of the Denied RODC Password Replication group.
B. Install the BranchCache feature on RODC1.
C. Modify the delegation settings of RODC1.
D. Create a Password Settings object (PSO) for the Helpdesk group.
Answer: A
Explanation: Password Replication Policy Allowed and Denied lists
Two new built-in groups are introduced in Windows Server 2008 Active Directory domains to support RODC operations. These are the Allowed RODC Password Replication Group and Denied RODC Password Replication Group. These groups help implement a default Allowed List and Denied List for the RODC Password Replication Policy. By default, the two groups are respectively added to the msDS-RevealOnDemandGroup and msDS-NeverRevealGroup Active Directory attributes.
Reference: Password Replication Policy
Q6. - (Topic 6)
This question consists of two statements: One is named Assertion and the other is named Reason. Both of these statements may be true; both may be false; or one may be true, while the other may be false.
To answer this question, you must first evaluate whether each statement is true on its own. If both statements are true, then you must evaluate whether the Reason (the second statement) correctly explains the Assertion (the first statement). You will then select the answer from the list of answer choices that matches your evaluation of the two statements.
Assertion:
You must host the DNS zone research.contoso.com on MADSRV1.
Reason:
You must host Domain Name System Security Extensions (DNSSEQ zones on Active Directory Domain Services-integrated DNS servers.
Evaluate the Assertion and Reason statements and choose the correct answer option.
A. Both the Assertion and Reason are true, and the Reason is the correct explanation for the Assertion,
B. Both the Assertion and Reason are true, but the Reason is not the correct explanation for the Assertion.
C. The Assertion is true, but the Reason is false.
D. The Assertion is false, but the Reason is true.
E. Both the Assertion and the Reason are false.
Answer: C
Q7. - (Topic 3)
You need to recommend changes to the Active Directory environment to support the virtualization requirements.
What should you include in the recommendation?
A. Raise the functional level of the domain and the forest.
B. Upgrade the domain controller that has the domain naming master role to Windows Server 2012.
C. Implement Administrator Role Separation.
D. Upgrade the domain controllers that have the PDC emulator master role to Windows Server 2012.
Answer: D
Explanation: From case study:
* Ensure that the additional domain controllers for the branch offices can be deployed by using domain controller cloning.
Q8. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The physical
topology of the network is configured as shown in the exhibit.
Each office contains 500 employees.
You plan to deploy several domain controllers to each office.
You need to recommend a site topology for the planned deployment.
What should you include in the recommendation?
More than one answer choice may achieve the goal. Select the BEST answer.
Exhibit
A. Five sites and one site link
B. Three sites and three site links
C. One site
D. Five sites and three site links
Answer: D
Explanation:
Create a site for each LAN, or set of LANs, that are connected by a high speed backbone, and assign the site a name. Connectivity within the site must be reliable and always available. This would mean 5 sites Site links are transitive, so if site A is connected to site B, and site B is connected to site C, then the KCC assumes that domain controllers in site A can communicate with domain controllers in site C. You only need to create a site link between site A and site C if there is in fact a distinct network connection between those two sites. This would mean 3 sitelinks So answer is "Five sites and three site links"
Reference: Defining Sites and Site Links http://technet.microsoft.com/en-us/library/cc960573.aspx
Q9. DRAG DROP - (Topic 8)
Your network contains an Active Directory forest named adatum.com. The forest contains a single domain. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.
The DNS zone of adatum.com is Active Directory-integrated.
You need to implement DNSSEC to meet the following requirements:
Ensure that the zone is signed.
Ensure that the zone signing key (ZSK) changes every 30 days.
Ensure that the key signing key (KSK) changes every 365 days.
What should you do? To answer, drag the appropriate cmdlets to the correct requirements. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q10. - (Topic 8)
You are designing an Active Directory forest for a company named Contoso, Ltd. Contoso identifies the following administration requirements for the design:
. User account administration and Group Policy administration will be performed by
network technicians. The technicians will be added to a group named OUAdmins.
. IT staff who are responsible for backing up servers will have user accounts that are members of the Backup Operators group in the domain.
. All user accounts will be located in an organizational unit (OU) named AllEmployees.
You run the Delegation of Control Wizard and assign the OUAdmins group full control to all of the objects in the AllEmployeesOU.
After delegating the required permissions, you discover that the user accounts of some of the IT staff have inconsistent permissions on the objects in AllEmployees.
You need to recommend a solution to ensure that the members of OUAdmins can manage all of the objects in AllEmployees.
What should you include in the recommendation?
A. Remove the IT staff user accounts from Backup Operators and place them in a new group. Grant the new group the Backup files and directories user right and the Restore files and directories user right. Enforce permission inheritance on all of the objects in the AllEmployeesOU.
B. Create separate administrator user accounts for the technicians. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Delegate permissions to the new user accounts.
C. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard.
D. Move the user accounts of the technicians to a separate OU. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard on the AllEmployeesOU.
Answer: C