You need to implement App1.
How should you configure the locations? To answer, select the appropriate option from each list in the answer area.
Answer :
Explanation:
This should be Cluster3 and use CSV on the Hyper-V Host.
App1 must support dynamic quorum which is a 2012R2 feature. Cluster1 is again 2012.
You need to implement a new highly available storage solution for the Hyper-V environment. Which servers should you include in the scale-out file cluster?
Answer : C
You need to deploy the new SQL Server virtual machines.
What should you do?
Answer : C
Explanation: * Scenario: A Hyper-V cluster named Clusterl.contoso.com includes two unused SQL Server virtual machines (VMs) named SQL-SERVER1 and SQL-SERVER2.
The cluster also includes a Hyper-V Host group named Chi-Primary.
* The Add-SCCustomPlacementRule adds a custom placement rule to the placement configuration for a host group.
Reference: Add-SCCustomPlacementRule
https://technet.microsoft.com/en-us/library/hh801560.aspx
You need to implement VM-SQLclusterl.contoso.com.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer :
You need to collect the required security logs.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer :
Explanation:
Box 1: Install and configure Audit Collection Services on DETSCOM01.
Box 2: Modify the properties of the Operations Manager agent on DETCA01 and CHICA01 to enable an Audit Collection Services forwarding server.
Box 3: In the Agent Health State section of the Operations Manager console, select
DETCA01 and CHICA01 and enable audit collection.
Note:
* Audit collection services (Box 1)
In System Center 2012 Operations Manager, Audit Collection Services (ACS) provides a means to collect records generated by an audit policy and store them in a centralized database.
ACS requires the following components: ACS Forwarders, ACS Collector, ACS Database
* ACS Forwarders (box 2)
The service that runs on ACS forwarders is included in the Operations Manager agent. By default, this service is installed but not enabled when the Operations Manager agent is installed. You can enable this service for multiple agent computers at the same time using the Enable Audit Collection task.
* (box 3) Enable audit collection
After you install the ACS collector and database you can then remotely enable this service on multiple agents through the Operations Manager console by running the Enable Audit
Collection task.
To enable audit collection on Operations Manager agents (see step 5 below)
-> Log on to the computer with an account that is a member of the Operations
Manager Administrators role. This account must also have the rights of a local administrator on each agent computer that you want to enable as an ACS forwarder.
-> In the Operations console, click Monitoring.
-> In the navigation pane, expand Operations Manager, expand Agent Details, and then click Agent Health State. This view has two panes, and the actions in this procedure are performed in the right pane.
-> In the details pane, click all agents that you want to enable as ACS forwarders.
You can make multiple selections by pressing CTRL or SHIFT.
-> In the Actions pane, under Health Service Tasks, click Enable Audit Collection to open the Run Task - Enable Audit Collection dialog box.
Etc.
This question consists of two statements: One is named Assertion and the other is named Reason. Both of these statements may be true; both may be false; or one may be true, while the other may be false.
To answer this question, you must first evaluate whether each statement is true on its own. If both statements are true, then you must evaluate whether the Reason (the second statement) correctly explains the Assertion (the first statement). You will then select the answer from the list of answer choices that matches your evaluation of the two statements.
Assertion:
You must install and configure Network Device Enrollment Services (NDES) on CHICA01.
Reason:
NDES allows non-domain joined devices to obtain a Certificate Revocation List from an
Active Directory-integrated certification authority, and then validate whether a certificate is valid.
Evaluate the Assertion and Reason statements and choose the correct answer option.
Answer : D
Explanation: The Network Device Enrollment Service (NDES) allows software on routers and other network devices running without domain credentials to obtain certificates based on the Simple Certificate Enrollment Protocol (SCEP).
Reference: Network Device Enrollment Service Guidance
https://technet.microsoft.com/en-us/library/hh831498.aspx
You plan to configure Windows Network Load Balancing (NLB) for a company. You display following Network Load Balancing Manager window:
Answer :
Explanation:
Box 1: Healthy State -
Box 2: Yes, the cluster is correctly configured.
Box 3: Yes, the NLB cluster will start automatically and be available.
Topic 7, Contoso, Ltd Case D -
Overview -
Contoso, Ltd., is a manufacturing company that makes several different components that are used in automobile production. Contoso has a main office in Detroit, a distribution center in Chicago, and branch offices in Dallas, Atlanta, and San Diego.
The contoso.com forest and domain functional level are Windows Server 2008 R2. All servers run Windows Server 2012 R2, and all client workstations run Windows 7 or
Windows 8. Contoso uses System Center 2012 Operations Manager and Audit Collection
Services (ACS) to monitor the environment. There is no certification authority (CA) in the environment.
Current Environment -
The contoso.com domain contains the servers as shown in the following table:
Your network contains an Active Directory domain named contoso.com. All servers run
Windows Server 2012 R2. The network contains a System Center 2012 R2 Data Protection
Manager (DPM) deployment.
The domain contains six servers. The servers are configured as shown in the following table.
Answer : A
Explanation:
Encryption keys in Active Directory Domain Services: If distributed key management (DKM) is configured, then you are storing VMM-related encryption keys in Active Directory Domain
Services (AD DS). To back up these keys, back up Active Directory on a regular basis.
Reference: Back Up and Restore Virtual Machine Manager
https://technet.microsoft.com/en-us/library/dn768227.aspx#BKMK_b_misc
This question consists of two statements: One is named Assertion and the other is named
Reason. Both of these statements may be true; both may be false; or one may be true, while the other may be false.
To answer this question, you must first evaluate whether each statement is true on its own.
If both statements are true, then you must evaluate whether the Reason (the second statement) correctly explains the Assertion (the first statement). You will then select the answer from the list of answer choices that matches your evaluation of the two statements.
Assertion:
You can manage VMware ESX hosts and virtual machines by using a System Center
Virtual Machine Manager (SCVMM) server.
Reason:
SCVMM automatically imports ESX hosts and virtual machines when you add the corresponding VMware vCenter to the SCVMM server.
Evaluate the Assertion and Reason statements and choose the correct answer option.
Answer : C
Explanation:
* Assertion: true
Virtual Machine Manager (VMM) enables you to deploy and manage virtual machines and services across multiple hypervisor platforms, including VMware ESX and ESXi hosts.
* Reason: False
When you add a vCenter Server, VMM no longer imports, merges and synchronizes the
VMware tree structure with VMM. Instead, after you add a vCenter Server, you can add selected ESX servers and hosts to any VMM host group. Therefore, there are fewer issues with synchronization.
Reference: Managing VMware ESX Hosts in VMM Overview
https://technet.microsoft.com/en-us/library/gg610683.aspx
Your network contains an Active Directory domain named contoso.com. The domain contains four servers on a test network. The servers are configured as shown in the following table.
Answer : C
Explanation:
Cluster1 is configured as a file share for general use and quick smb share. You cant place shared vhdx disks on quick smb, and its not recommended to store Hyper-V stuff on general use file shares.
An organization uses an Active Directory Rights Management Services (AD RMS) cluster named RMS1 to protect content for a project. You uninstall AD RMS when the project is complete. You need to ensure that the protected content is still available after AD RMS is uninstalled.
Solution: You enable the decommissioning service by using the AD RMS management console. You grant all users the Read & Execute permission to the decommission pipeline.
Does this meet the goal?
Answer : B
Explanation:
The proper procedure is:
-> Inform your users that you are decommissioning the AD RMS installation and advise them to connect to the cluster to save their content without AD RMS protection. Alternatively, you could delegate a trusted person to decrypt all rights- protected content by temporarily adding that person to the AD RMS super users group.
-> After you believe that all of the content is unprotected and saved, you should export the server licensor certificate, and then uninstall AD RMS from the server.
You plan to allow users to run internal applications from outside the companys network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services
(AD FS) role installed. You must secure on-premises resources by using multi-factor authentication (MFA). You need to design a solution to enforce different access levels for users with personal Windows 8.1 or iOS 8 devices.
Solution: You install a local instance of MFA Server. You connect the instance to the
Microsoft Azure MFA provider, and then run the following Windows PowerShell cmdlet.
Enable-AdfsDeviceRegistration -
Does this meet the goal?
Answer : B
Explanation:
We must install AD FS Adapter, not register a host for the Device Registration Service.
Note: The Enable-AdfsDeviceRegistration cmdlet configures a server in an Active Directory
Federation Services (AD FS) farm to host the Device Registration Service.
Reference: Using Multi-Factor Authentication with Windows Server 2012 R2 AD FS https://msdn.microsoft.com/en-us/library/azure/dn807157.aspx
A company has data centers in Seattle and New York. A high-speed link connects the data centers. Each data center runs a virtualization infrastructure that uses Hyper-V Server 2012 and Hyper-V Server 2012 R2. Administrative users from the Seattle and New York offices are members of Active Directory Domain Services groups named SeattleAdmins and
NewYorkAdmins, respectively.
You deploy one System Center Virtual Machine Manager (SCVMM) in the Seattle data center. You create two private clouds named SeattleCloud and NewYorkCloud in the
Seattle and New York data centers, respectively.
You have the following requirements:
-> Administrators from each data center must be able to manage the virtual machines and services from their location by using a web portal.
-> Administrators must not apply new resource quotas or change resource quotas.
-> You must manage public clouds by using the existing SCVMM server.
-> You must use the minimum permissions required to perform the administrative tasks.
You need to configure the environment.
What should you do?
Answer : A
Explanation:
Members of the Application Administrator (Self-Service User) ole can create, deploy, and manage their own virtual machines and services by using the VMM console or a Web portal.
You administer an Active Directory Domain Services environment. There are no certification authorities (CAs) in the environment.
You plan to implement a two-tier CA hierarchy with an offline root CA.
You need to ensure that the issuing CA is not used to create additional subordinate CAs.
What should you do?
Answer : B
Explanation:
You can use the CAPolicy.inf file to define the PathLength constraint in the Basic
Constraints extension of the root CA certificate. Setting the PathLength basic constraint allows you to limit the path length of the CA hierarchy by specifying how many tiers of subordinate CAs can exist beneath the root. A PathLength of 1 means there can be at most one tier of CAs beneath the root. These subordinate CAs will have a PathLength basic constraint of 0, which means that they cannot issue any subordinate CA certificates.
Reference: Windows Server 2008 R2 CAPolicy.inf Syntax
http://blogs.technet.com/b/askds/archive/2009/10/15/windows-server-2008-r2-capolicy-inf- syntax.aspx
Your network contains an Active Directory domain named contoso.com.
You currently have an intranet web site that is hosted by two Web servers named Web1 and Web2. Web1 and Web2 run Windows Server 2012.
Users use the name intranet.contoso.com to request the web site and use DNS round robin.
You plan to implement the Network Load Balancing (NLB) feature on Web1 and Web2.
You need to recommend changes to the DNS records for the planned implementation.
What should you recommend?
Answer : A
Reference: How to Configure Network Load Balancing for Configuration Manager Site
Systems -
https://technet.microsoft.com/en-us/library/bb633031.aspx