Q1. - (Topic 9)
Your network contains an Active Directory domain named contoso.com.
On several organizational units (OUs), an administrator named Admin1 plans to delegate control of custom tasks. You need to ensure that Admin1 can delegate a custom task named Task1 by using the Delegation of Control Wizard.
What should you do?
A. Add a new class to the Active Directory schema.
B. Configure a custom MMC console.
C. Modify the Delegwiz.inf file.
D. Configure a new authorization store by using Authorization Manager.
Answer: C
Explanation:
http://support.microsoft.com/kb/308404
Q2. - (Topic 10)
Your network contains an Active Directory domain named contoso.com.
You plan to deploy an Active Directory Federation Services (AD FS) farm that will contain eight federation servers.
You need to identify which technology or technologies must be deployed on the network before you install the federation servers.
Which technology or technologies should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
A. Network Load Balancing (NLB)
B. Microsoft Forefront Identity Manager (FIM) 2010
C. The Windows Internal Database feature
D. Microsoft SQL Server 2012
E. The Windows Identity Foundation 3.5 feature
Answer: A,D
Explanation: Best practices for deploying a federation server farm We recommend the following best practices for deploying a federation server in a production environment:
* (A) Use NLB or some other form of clustering to allocate a single IP address for many federation server computers.
* (D) If the AD FS configuration database will be stored in a SQL database, avoid editing the SQL database from multiple federation servers at the same time.
* If you will be deploying multiple federation servers at the same time or you know that you
will be adding more servers to the farm over time, consider creating a server image of an existing federation server in the farm and then installing from that image when you need to create additional federation servers quickly.
* Reserve a static IP address for each federation server in the farm and, depending on your Domain Name System (DNS) configuration, insert an exclusion for each IP address in Dynamic Host Configuration Protocol (DHCP). Microsoft NLB technology requires that each server that participates in the NLB cluster be assigned a static IP address.
Reference: When to Create a Federation Server Farm
Q3. DRAG DROP - (Topic 10)
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. The domain contains a server named Server1.
Server1 is a certification authority (CA). All servers run Windows Server 2012 R2.
You plan to deploy BitLocker Drive Encryption (BitLocker) to all client computers. The unique identifier for your organization is set to Contoso.
You need to ensure that you can recover the BitLocker encrypted data by using a BitLocker data recovery agent. You must be able to perform the recovery from any administrative computer.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q4. - (Topic 9)
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites. You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.
What should you include in the recommendation?
A. Set the ISATAP State to state enabled.
B. Enable split tunneling.
C. Set the ISATAP State to state disabled.
D. Enable force tunneling.
Answer: D
Explanation:
http://blogs.technet.com/b/csstwplatform/archive/2009/12/15/directaccess-how-to-configure-forcetunneling-forda-so-that-client-are-forced-to-use-ip-https.aspx You can configure DirectAccess clients to send all of their traffic through the tunnels to the DirectAccess server with force tunneling. When force tunneling is configured, DirectAccess clients that detect that they are on the Internet modify their IPv4 default route so that default route IPv4 traffic is not sent. With the exception of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that goes through tunnels to the DirectAccess server.
Q5. - (Topic 9)
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012.
The forest contains an Active Directory domain. The domain contains a global security group named GPO_Admins that is responsible for managing Group Policies in the forest.
A second forest named fabrikam.com contains three domains. The forest functional level is Windows Server 2003.
You need to design a trust infrastructure to ensure that the GPO_Admins group can create, edit, and link Group Policies in every domain of the fabrikam.com forest.
What should you include in the design?
More than one answer choice may achieve the goal. Select the BEST answer.
A. A two-way forest trust
B. A one-way forest trust
C. Three external trusts
D. Three shortcut trusts
Answer: B
Q6. HOTSPOT - (Topic 9)
You have a domain controller that hosts an Active Directory-integrated zone. On the domain controller, you run the following cmdlet:
PS C:\> Get-DnsServerScavenging NoRefreshlnterval:2.00:00:00
Refreshlnterval:3.00:00:00 Scavenginglnterval:4.00:00:00 ScavengingState:True LastScavengeTime:1/30/2014 9:10:36 AM
Use the drop-down menus to select the answer choice that completes each statement.
Answer:
Q7. DRAG DROP - (Topic 10)
Your network contains an Active Directory domain named contoso.com. The domain contains multiple servers that are configured as Hyper-V hosts.
You plan to implement four virtual machines. The virtual machines will be configured as shown in the following table.
You need to identify which network must be added to each virtual machine.
Which network types should you identify?
To answer, drag the appropriate Network Type to the correct virtual machine in the answer area. Each Network Type may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.
Answer:
Q8. - (Topic 10)
Your company has 10,000 users located in 25 different sites.
All servers run Windows Server 2012. All client computers run either Windows 7 or Windows 8.
You need to recommend a solution to provide self-service password reset for all of the users.
What should you include in the recommendation?
A. The Microsoft System Center 2012 Service Manager Self-Service Portal and Microsoft System Center 2012 Orchestrator runbooks
B. Microsoft System Center 2012 Operations Manager management packs and Microsoft System Center 2012 Configuration Manager collections
C. The Microsoft System Center 2012 Service Manager Self-Service Portal and Microsoft System Center 2012 Operation Manager management packs
D. Microsoft System Center 2012 App Controller and Microsoft System Center 2012 Orchestrator runbooks
Answer: A
Q9. - (Topic 9)
Your network contains an internal network and a perimeter network. The internal network contains an Active Directory forest named contoso.com. The forest contains a Microsoft Exchange Server 2010 organization. All of the domain controllers in contoso.com run Windows Server 2012.
The perimeter network contains an Active Directory forest named litware.com.
You deploy Microsoft Forefront Unified Access Gateway (UAG) to litware.com. All of the domain controllers in litware.com run Windows Server 2012.
Some users connect from outside the network to use Outlook Web App.
You need to ensure that external users can authenticate by using client certificates. What should you do?
More than one answer choice may achieve the goal. Select the BEST answer.
A. To the perimeter network, add an Exchange server that has the Client Access server role installed.
B. Deploy UAG to contoso.com.
C. Enable Kerberos delegation in litware.com.
D. Enable Kerberos constrained delegation in litware.com.
Answer: D
Q10. - (Topic 5)
You need to recommend a solution for managing updates. The solution must meet the technical requirements.
What should you include in the recommendation?
A. A System Center 2012 Configuration Manager management point in the main office and a WSUS downstream server in each office
B. A System Center 2012 Configuration Manager software update point in the main office and a System Center 2012 Configuration Manager distribution point in each office
C. A System Center 2012 Configuration Manager management point in the main office and a System Center 2012 Configuration Manager distribution point in each office
D. A WSUS upstream server in the main office and a WSUS downstream server in each office
Answer: B