Q1. - (Topic 9)
Your network contains an Active Directory domain named contoso.com. The functional level of the domain and the forest is Windows Server 2008 R2.
All domain controllers run Windows Server 2008 R2.
You plan to deploy a new line-of-business application named App1 that uses claims-based authentication.
You need to recommend changes to the network to ensure that Active Directory can provide claims for App1.
What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.)
A. From the properties of the computer accounts of the domain controllers, enable Kerberos constrained delegation.
B. From the Default Domain Controllers Policy, enable the Support for Dynamic Access Control and Kerberos armoring setting.
C. Deploy Active Directory Lightweight Directory Services (AD LDS).
D. Raise the domain functional level to Windows Server 2012.
E. Add domain controllers that run Windows Server 2012.
Answer: B,E
Q2. - (Topic 10)
Your network contains a Microsoft System Center 2012 Virtual Machine Manager (VMM) server named Server1.
You use Server1 to manage 20 Hyper-V hosts.
The network also contains five Citrix XenServer virtualization hosts.
You need to recommend which installation is required to manage the XenServer servers from Server1.
What should you recommend installing?
A. The Citrix XenServer - Microsoft System Center Integration Pack on the Citrix XenServer hosts
B. The Citrix XenServer - Microsoft System Center Integration Pack on Server1
C. Citrix Essentials for Hyper-V on Server1
D. Citrix Essentials for Hyper-V on the Citrix XenServer hosts
Answer: A
Q3. - (Topic 9)
Your network contains an Active Directory domain named contoso.com.
All client computers run either Windows 7 or Windows 8.
Some users work from customer locations, hotels, and remote sites. The remote sites often
have firewalls that limit connectivity to the Internet.
You need to recommend a VPN solution for the users.
Which protocol should you include in the recommendation?
A. PPTP
B. SSTP
C. IKEv2
D. L2TP/IPSec
Answer: B
Q4. - (Topic 10)
You have a Windows Server 2012 R2 failover cluster that contains four nodes. Each node has four network adapters. The network adapters on each node are configured as shown in the following table.
NIC4 supports Remote Direct Memory Access (RDMA) and Receive Side Scaling (RSS). The cluster networks are configured as shown in the following table.
You need to ensure that ClusterNetwork4 is used for Cluster Shared Volume (CSV) redirected traffic.
What should you do?
A. Set the metric of ClusterNetwork4 to 90,000 and disable SMB Multichannel.
B. On each server, replace NIC4 with a 1-Gbps network adapter.
C. Set the metric of ClusterNetwork4 to 30,000 and disable SMB Multichannel.
D. On each server, enable RDMA on NIC4.
Answer: C
Q5. - (Topic 9)
You are designing an Active Directory forest for a company named Contoso, Ltd. Contoso identifies the following administration requirements for the design:
. User account administration and Group Policy administration will be performed by network technicians. The technicians will be added to a group named OUAdmins.
. IT staff who are responsible for backing up servers will have user accounts that are members of the Backup Operators group in the domain.
. All user accounts will be located in an organizational unit (OU) named AllEmployees.
You run the Delegation of Control Wizard and assign the OUAdmins group full control to all of the objects in the AllEmployeesOU.
After delegating the required permissions, you discover that the user accounts of some of the IT staff have inconsistent permissions on the objects in AllEmployees.
You need to recommend a solution to ensure that the members of OUAdmins can manage all of the objects in AllEmployees.
What should you include in the recommendation?
A. Remove the IT staff user accounts from Backup Operators and place them in a new group. Grant the new group the Backup files and directories user right and the Restore files and directories user right. Enforce permission inheritance on all of the objects in the AllEmployeesOU.
B. Create separate administrator user accounts for the technicians. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Delegate permissions to the new useraccounts.
C. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard.
D. Move the user accounts of the technicians to a separate OU. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard on the AllEmployeesOU.
Answer: B
Q6. - (Topic 10)
Your network contains an Active Directory domain named contoso.com. The network has an Active Directory Certificate Services (AD CS) infrastructure.
You need to issue a certificate to users to meet the following requirements: . Ensure that the users can encrypt files by using Encrypting File System (EFS). . Ensure that all of the users reenroll for their certificate every six months.
Solution: You create a copy of the Basic EFS certificate template, and then you modify the validity period of the copy.
Does this meet the goal?
A. Yes
B. No
Answer: A
Q7. - (Topic 9)
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.
Solution: You enable split tunneling. Does this meet the goal?
A. Yes
B. No
Answer: B
Q8. - (Topic 9)
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8.
Goal: You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.
Solution: You implement the 802.1x Network Access Protection (NAP) enforcement method.
Does this meet the goal?
A. Yes
B. No
Answer: A
Q9. DRAG DROP - (Topic 10)
Your network contains servers that run Windows Server 2012. The network contains two servers named Server1 and Server2 that are connected to a SAS storage device. The device only supports two connected computers.
Server1 has the iSCSI Target Server role service installed. Ten application servers use their iSCSI Initiator to connect to virtual disks in the SAS storage device via iSCSI targets on Server1.
Currently, Server2 is used only to run backup software.
You install the iSCSI Target Server role service on Server2.
You need to ensure that the iSCSI targets are available if Server1 fails.
Which five actions should you perform?
To answer, move the five appropriate actions from the list of actions to the answer area
and arrange them in the correct order.
Answer:
Q10. - (Topic 1)
You are planning the decommissioning of research.contoso.com.
You need to ensure that an administrator named Admin5 in the research department can manage the user accounts that are migrated to contoso.com. The solution must minimize the number of permissions assigned to Admin5.
What should you do before you migrate the user accounts?
A. Run the New-Object cmdlet, and then run the Add-ADPrincipalGroupMembershipcmdlet.
B. Create a new organizational unit (OU), and then add Admin5 to the Account Operators group.
C. Create a new organizational unit (OU), and then run the Delegation of Control Wizard.
D. Run the New-Object cmdlet, and then run the Add-ADCentralAccessPolicyMembercmdlet.
Answer: C
Explanation:
D:\Documents and Settings\useralbo\Desktop\1.jpg http://technet.microsoft.com/en-us/library/dd145344.aspx