70-980 Exam Questions - Online Test
70-980 Premium VCE File
150 Lectures, 20 Hours
Q1. - (Topic 4)
You need to recommend a solution for the replication of Active Directory.
What should you recommend modifying?
A. The Active Directory Schema
B. The properties of Site1
C. The RODC1 computer account
D. The properties of Site2
Answer: A
Q2. - (Topic 10)
Your network contains an Active Directory domain named contoso.com.
The corporate security policy states that when new user accounts, computer accounts, and contacts are added to an organizational unit (OU) named Secure, the addition must be audited.
You need to recommend an auditing solution to meet the security policy.
What should you include in the recommendation? (Each answer presents part of the solution. Choose all that apply.)
A. From the Default Domain Controllers Policy, enable the Audit directory services setting.
B. Create a new Group Policy object (GPO) that is linked to the Secure OU, and then modify the Audit directory services setting.
C. From the Secure OU, modify the Auditing settings.
D. From the Default Domain Controllers Policy, enable the Audit object access setting.
E. From the Secure OU, modify the Permissions settings.
F. Create a new Group Policy object (GPO) that is linked to the Secure OU, and then modify the Audit object access setting.
Answer: A,C
Explanation:
Creating a New Object: Resulting in multiple Event ID 5137 entries containing all attributes provided explicitly by the security principal that invoked the operation (but not those automatically generated by the system). Note that similar information also gets recorded if audit of User Account Management or Directory Service Access is enabled.
Q3. HOTSPOT - (Topic 10)
You plan to deploy a certification authority (CA) infrastructure that contains the following servers:
. An offline standalone root CA named CA1
. An enterprise subordinate CA named CA2
On all of the computers, you import the root CA certificate from CA1 to the Trusted Root Certification Authorities Certificates store.
You need to ensure that CA2 can issue certificates for the CA hierarchy.
What should you do? To answer, select the appropriate options in the answer area.
Answer:
Q4. - (Topic 10)
Your network contains an Active Directory domain named contoso.com. The domain contains four servers on a test network. The servers are configured as shown in the following table.
Server1 uses the storage shown in the following table.
You perform the following tasks:
On Server2, you create an advanced SMB share named Share2A and an
applications SMB share named Share2B.
On Server3, you create an advanced SMB share named Share3.
On Server4, you create an applications SMB share named Share4.
You add Server3 and Server4 to a new failover cluster named Clus1.
On Clus1, you configure the File Server for general use role, you create a quick
SMB share named Share5A, and then you create an applications SMB share
named Share5B.
You plan to create a failover cluster of two virtual machines hosted on Server1. The clustered virtual machines will use shared .vhdx files.
You need to recommend a location to store the shared .vhdx files.
Where should you recommend placing the virtual hard disk (VHD)?
A. \\Server3\Share3
B. \\Server2\Share2B
C. \\Clus1\Share5B
D. \\Server4\Share4
Answer: C
Q5. - (Topic 1)
You are planning the migration of research.contoso.com.
You need to identify which tools must be used to perform the migration.
Which tools should you identify?
A. Active Directory Migration Tool version 3.2 (ADMT v3.2) and Group Policy Management Console (GPMC)
B. Active Directory Federation Services (AD FS) and Microsoft Federation Gateway
C. Active Directory Migration Tool version 3.2 (ADMT v3.2) and Active Directory Federation Services (AD FS)
D. Active Directory Lightweight Directory Services (AD LDS) and Group Policy Management Console (GPMC)
Answer: A
Explanation:
D:\Documents and Settings\useralbo\Desktop\1.jpg
D:\Documents and Settings\useralbo\Desktop\1.jpg
Topic 2, Proseware, Inc (A)
Overview
General Overview
Proseware, Inc. is a pharmaceutical services company that has a sales department, a marketing department, an operations department, and a human resources department.
Physical Locations
Proseware has two main offices. One of the offices is located in New York. The other office is located in Chicago. The New York office uses a 172.16.1.0/24 network ID. The Chicago office uses a 192.168.1.0/24 network ID.
The offices connect to each other by using a high-bandwidth, low-latency WAN link. Each office connects directly to the Internet.
Existing Environment
The network contains an Active Directory forest named proseware.com. The forest contains two domains named proseware.com and chicago.proseware.com. All of the user accounts and the computer accounts in the New York office reside in the proseware.com domain. All of the user accounts and the computer accounts in the Chicago office reside in the chicago.proseware.com domain. All DNS zones are Active-Directory-integrated.
Each office is configured as an Active Directory site. The network ID for each office is associated to the appropriate site.
Each office contains two domain controllers. The domain controllers were recently upgraded from Windows Server 2008 R2 to Windows Server 2012 R2. The functional level of the domain and the forest is Windows Server 2003.
The company uses Active Directory user attributes to store the personal information of its employees in custom attributes.
Existing Servers
The relevant servers are configured as shown in the following table.
All servers run Windows Server 2012 R2.
DC01 has an IPv4 scope. The starting IP address in the range is 172.16.1.100 and the ending address is 172.16.1.199.
DC03 has an IP4v scope. The starting IP address in the range is 192.168.1.100 and the ending IP address is 192.168.1.199. There are no exclusion ranges configured on DC01 or DC03.
Requirements
Planned Changes
Proseware plans to implement the following changes: . Deploy a read-only domain controller (RODC) to the London office. . Give users remote access to both offices by using a VPN connection from their
laptop or tablet. . If DC01 fails, ensure that the computers in the New York office can receive IP addresses within 30 minutes.
. In the New York site, deploy two 50-TB, Fibre Channel SAN disk arrays. Offloaded Data Transfer (ODX) will be used on both storage arrays. The Hyper-V hosts will use the new SANs for virtual machine storage.
. Open three additional offices in Montreal, Atlanta, and London. The offices will connect to each other by using a high-bandwidth, low-latency WAN link. Each office will connect directly to the Internet.
. For legal reasons, the Montreal site will have its own forest named
montreal.proseware.com.
. The Montreal and Atlanta offices will have local IT administrators to manage the network infrastructure of their respective office. The London office will not have a local IT staff. Each office will have approximately 50 client computers.
Technical Requirements
Proseware identifies the following technical requirements: . Users in the Montreal office must only be allowed to access shares that are located on File01 and File02. The Montreal users must be prevented from accessing any other servers in the proseware.com forest regardless of the permissions on the resources, . Users in the New York office must be able to reconnect to the remote access VPN servers automatically. Users in the Chicago office must use SSL to connect to the remote access VPN servers. . Domain controllers that run Windows Server 2012 R2 and Windows Server 2008 R2 must be able to be deployed to the proseware.com domain. . Administrators in the New York office must be able to restore objects from the Active Directory Recycle Bin. . The DNS servers must be prevented from overwriting the existing DNS entries that have been stored in cache. . Each DNS server must be managed by an administrator from the same office as the DNS server. . The required time to create new fixed virtual hard disks (VHDs) on the SANs must be minimized. . The remote access servers must be able to restrict outgoing traffic based on IP addresses. . All certificates must be deployed to all of the client computers by using auto-enrollment. . All of the DHCP Server server roles must be installed on a domain controller. . Only one DHCP server in each site must lease IP addresses at any given time. . DHCP traffic must not cross site boundaries. . RODCs must not contain personal user information.
Q6. - (Topic 10)
Your network contains an Active Directory domain. The domain contains 10 file servers. The file servers connect to a Fibre Channel SAN. You plan to implement 20 Hyper-V hosts in a failover cluster.
The Hyper-V hosts will not have host bus adapters (HBAs).
You need to recommend a solution for the planned implementation that meets the following requirements:
. The virtual machines must support live migration.
. The virtual hard disks (VHDs) must be stored on the file servers.
Which two technologies achieve the goal? Each correct answer presents a complete solution.
A. Cluster Shared Volume (CSV)
B. An NFS share
C. Storage pools
D. SMB 3.0 shares
Answer: C,D
Q7. - (Topic 10)
Your network contains an Active Directory forest named contoso.com.
Your company works with a partner company that has an Active Directory forest named fabrikam.com. Both forests contain domain controllers that run only Windows Server 2012 R2.
The certification authority (CA) infrastructure of both companies is configured as shown in the following table.
You need to recommend a certificate solution that meets the following requirements:
. Server authentication certificates issued from fabrikam.com must be trusted automatically by the computers in contoso.com.
. The computers in contoso.com must not trust automatically any other type of certificates issued from the CA hierarchy in fabrikam.com.
What should you include in the recommendation?
A. Deploy a Group Policy object (GPO) that defines intermediate CAs. Import a certificate that has an application policy object identifier (OID) of CA Encryption Certificate.
B. Deploy a Group Policy object (GPO) that defines an enterprise trust. Import a certificate that has an application policy object identifier (OID) of Microsoft Trust List Signing.
C. Deploy a Group Policy object (GPO) that defines an enterprise trust. Import a certificate that has an application policy object identifier (OID) of CA Encryption Certificate.
D. Deploy a Group Policy object (GPO) that defines intermediate CAs. Import a certificate that has an application policy object identifier (OID) of Microsoft Trust List Signing.
Answer: B
Q8. DRAG DROP - (Topic 10)
You are planning to set up a proof-of-concept network virtualization environment. The environment will contain three servers. The servers will be configured as shown in the following table.
You need to enable network connectivity between the virtual machines and Server3.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q9. - (Topic 10)
Your company has an office in New York.
Many users connect to the office from home by using the Internet.
You deploy an Active Directory Certificate Services (AD CS) infrastructure that contains an enterprise certification authority (CA) named CA1. CA1 is only available from hosts on the internal network.
You need to ensure that the certificate revocation list (CRL) is available to all of the users.
What should you do? (Each correct answer presents part of the solution. Choose all that apply.)
A. Create a scheduled task that copies the CRL files to a Web server.
B. Run the Install-ADCSWebEnrollment cmdlet.
C. Run the Install-EnrollmentPolicyWebService cmdlet.
D. Deploy a Web server that is accessible from the Internet and the internal network.
E. Modify the location of the Authority Information Access (AIA).
F. Modify the location of the CRL distribution point (CDP).
Answer: A,D,F
Explanation:
CRLs will be located on Web servers which are Internet facing.
CRLs will be accessed using the HTTP retrieval protocol.
CRLs will be accessed using an external URL of http://dp1.pki.contoso.com/pki
F: To successfully authenticate an Internet Protocol over Secure Hypertext Transfer Protocol (IP-HTTPS)-based connection, DirectAccess clients must be able to check for certificate revocation of the secure sockets layer (SSL) certificate submitted by the DirectAccess server. To successfully perform intranet detection, DirectAccess clients must be able to check for certificate revocation of the SSL certificate submitted by the network
location server. This procedure describes how to do the following:
Create a Web-based certificate revocation list (CRL) distribution point using Internet
Information Services (IIS)
Configure permissions on the CRL distribution shared folder
Publish the CRL in the CRL distribution shared folder
Reference: Configure a CRL Distribution Point for Certificates
Q10. - (Topic 9)
Your network contains 50 servers that run Windows Server 2003 and 50 servers that run Windows Server 2008.
You plan to implement Windows Server 2012 R2.
You need to create a report that includes the following information:
. The servers that run applications and services that can be moved to Windows
Server 2012 R2
. The servers that have hardware that can run Windows Server 2012 R2
. The servers that are suitable to be converted to virtual machines hosted on Hyper-
V hosts that run Windows Server 2012 R2
Solution: You install Windows Server 2012 R2 on a new server, and then you run the Windows Server Migration Tools. Does this meet the goal?
A. Yes
B. No
Answer: B
- [2021-New] Microsoft 70-411 Dumps With Update Exam Questions (121-130)
- [2021-New] Microsoft 98-367 Dumps With Update Exam Questions (1-10)
- A Review Of Precise DP-900 Dumps Questions
- [2021-New] Microsoft 98-369 Dumps With Update Exam Questions (11-20)
- [2021-New] Microsoft 70-743 Dumps With Update Exam Questions (11-20)
- [2021-New] Microsoft 70-414 Dumps With Update Exam Questions (71-80)
- [2021-New] Microsoft 70-412 Dumps With Update Exam Questions (61-70)
- [2021-New] Microsoft 70-385 Dumps With Update Exam Questions (41-50)
- [2021-New] Microsoft 70-383 Dumps With Update Exam Questions (161-170)
- [2021-New] Microsoft 70-698 Dumps With Update Exam Questions (11-20)