Page: 1
/ 17
Total 243 questions
You need to implement App1.
How should you configure the locations? To answer, select the appropriate option from each list in the answer area.
Answer :
Explanation:
This should be Cluster3 and use CSV on the Hyper-V Host.
App1 must support dynamic quorum which is a 2012R2 feature. Cluster1 is again 2012.
You need to implement a new highly available storage solution for the Hyper-V environment. Which servers should you include in the scale-out file cluster?
- A. CHI-SERVER1 and CHI-SERVER2
- B. SEA3-HVNODE1 and SEA3-HVNODE2
- C. SEA-SERVER1 and SEA-SERVER2
- D. CHIl-HVNODE1 and CHI1-HVNODE2
Answer : C
You need to deploy the new SQL Server virtual machines.
What should you do?
- A. On the specified cluster nodes in the primary data center in Seattle, run the following Windows PowerShell command: Set-SCVMHost -AvailableForPlacement
- B. On the specified cluster nodes in the primary data center in Chicago, select the Host is available for placement check box.
- C. On Chi-Primary, run the following Windows PowerShell cmdlet for the specified nodes: Add-Sccustomplacementrule
- D. On Sea-Primary, configure placement rules for the specified nodes.
Answer : C
Explanation: * Scenario: A Hyper-V cluster named Clusterl.contoso.com includes two unused SQL Server virtual machines (VMs) named SQL-SERVER1 and SQL-SERVER2.
The cluster also includes a Hyper-V Host group named Chi-Primary.
* The Add-SCCustomPlacementRule adds a custom placement rule to the placement configuration for a host group.
Reference: Add-SCCustomPlacementRule
https://technet.microsoft.com/en-us/library/hh801560.aspx
You need to implement VM-SQLclusterl.contoso.com.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer :
You need to collect the required security logs.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer :
Explanation:
Box 1: Install and configure Audit Collection Services on DETSCOM01.
Box 2: Modify the properties of the Operations Manager agent on DETCA01 and CHICA01 to enable an Audit Collection Services forwarding server.
Box 3: In the Agent Health State section of the Operations Manager console, select
DETCA01 and CHICA01 and enable audit collection.
Note:
* Audit collection services (Box 1)
In System Center 2012 Operations Manager, Audit Collection Services (ACS) provides a means to collect records generated by an audit policy and store them in a centralized database.
ACS requires the following components: ACS Forwarders, ACS Collector, ACS Database
* ACS Forwarders (box 2)
The service that runs on ACS forwarders is included in the Operations Manager agent. By default, this service is installed but not enabled when the Operations Manager agent is installed. You can enable this service for multiple agent computers at the same time using the Enable Audit Collection task.
* (box 3) Enable audit collection
After you install the ACS collector and database you can then remotely enable this service on multiple agents through the Operations Manager console by running the Enable Audit
Collection task.
To enable audit collection on Operations Manager agents (see step 5 below)
-> Log on to the computer with an account that is a member of the Operations
Manager Administrators role. This account must also have the rights of a local administrator on each agent computer that you want to enable as an ACS forwarder.
-> In the Operations console, click Monitoring.
-> In the navigation pane, expand Operations Manager, expand Agent Details, and then click Agent Health State. This view has two panes, and the actions in this procedure are performed in the right pane.
-> In the details pane, click all agents that you want to enable as ACS forwarders.
You can make multiple selections by pressing CTRL or SHIFT.
-> In the Actions pane, under Health Service Tasks, click Enable Audit Collection to open the Run Task - Enable Audit Collection dialog box.
Etc.
This question consists of two statements: One is named Assertion and the other is named Reason. Both of these statements may be true; both may be false; or one may be true, while the other may be false.
To answer this question, you must first evaluate whether each statement is true on its own. If both statements are true, then you must evaluate whether the Reason (the second statement) correctly explains the Assertion (the first statement). You will then select the answer from the list of answer choices that matches your evaluation of the two statements.
Assertion:
You must install and configure Network Device Enrollment Services (NDES) on CHICA01.
Reason:
NDES allows non-domain joined devices to obtain a Certificate Revocation List from an
Active Directory-integrated certification authority, and then validate whether a certificate is valid.
Evaluate the Assertion and Reason statements and choose the correct answer option.
- A. Both the Assertion and Reason are true, and the Reason is the correct explanation for the Assertion.
- B. Both the Assertion and Reason are true, but the Reason is not the correct explanation for the Assertion.
- C. The Assertion is true, but the Reason is false.
- D. The Assertion is false, but the Reason is true.
- E. Both the Assertion and the Reason are false.
Answer : D
Explanation: The Network Device Enrollment Service (NDES) allows software on routers and other network devices running without domain credentials to obtain certificates based on the Simple Certificate Enrollment Protocol (SCEP).
Reference: Network Device Enrollment Service Guidance
https://technet.microsoft.com/en-us/library/hh831498.aspx
You plan to configure Windows Network Load Balancing (NLB) for a company. You display following Network Load Balancing Manager window:
Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic.
Answer :
Explanation:
Box 1: Healthy State -
Box 2: Yes, the cluster is correctly configured.
Box 3: Yes, the NLB cluster will start automatically and be available.
Topic 7, Contoso, Ltd Case D -
Overview -
Contoso, Ltd., is a manufacturing company that makes several different components that are used in automobile production. Contoso has a main office in Detroit, a distribution center in Chicago, and branch offices in Dallas, Atlanta, and San Diego.
The contoso.com forest and domain functional level are Windows Server 2008 R2. All servers run Windows Server 2012 R2, and all client workstations run Windows 7 or
Windows 8. Contoso uses System Center 2012 Operations Manager and Audit Collection
Services (ACS) to monitor the environment. There is no certification authority (CA) in the environment.
Current Environment -
The contoso.com domain contains the servers as shown in the following table:
Contoso sales staff travel within the United States and connect to a VPN by using mobile devices to access the corporate network. Sales users authenticate to the VPN by using their Active Directory usernames and passwords. The VPN solution also supports certification-based authentication.
Contoso uses an inventory system that requires manually counting products and entering that count into a database. Contoso purchases new inventory software that supports wireless handheld scanners and several wireless handheld scanners. The wireless handheld scanners run a third party operating system that supports the Network Device
Enrollment Service (NDES).
Business Requirements -
Security -
The wireless handheld scanners must use certification-based authentication to access the wireless network.
Sales users who use mobile devices must use certification-based authentication to access the VPN. When sales users leave the company, Contoso administrators must be able to disable their VPN access by revoking their certificates.
Monitoring -
All servers must be monitored by using System Center 2012 Operating Manager. In addition to monitoring the Windows operating system, you must collect security logs from the CA servers by using ACS, and monitor the services that run on the CA and Certificate
Revocation List (CRL) servers, such as certification authority and web services.
Technical Requirements -
CA Hierarchy -
Contoso requires a two-tier CA hierarchy. The CA hierarchy must include a stand-alone offline root and two Active Directory-integrated issuing CAs: one for issuing certificates to domain-joined devices, and one for issuing certificates to non-domain-joined devices by using the NDES. CRLs must be published to two web servers: one in Detroit and one in
Chicago.
Contoso has servers that run Windows Server 2012 R2 to use for the CA hierarchy. The servers are described in the following table:
The IT security department must have the necessary permissions to manage the CA and
CRL servers. A domain group
Your network contains an Active Directory domain named contoso.com. All servers run
Windows Server 2012 R2. The network contains a System Center 2012 R2 Data Protection
Manager (DPM) deployment.
The domain contains six servers. The servers are configured as shown in the following table.
You install System Center 2012 R2 Virtual Machine Manager (VMM) on the nodes in
Cluster2.
You configure VMM to use a database in Cluster1. Server5 is the first node in the cluster.
You need to back up the VMM encryption key.
What should you back up?
- A. a system state backup of Server2
- B. a full system backup of Server6
- C. a system state backup of Server5
- D. a full system backup of Server3
Answer : A
Explanation:
Encryption keys in Active Directory Domain Services: If distributed key management (DKM) is configured, then you are storing VMM-related encryption keys in Active Directory Domain
Services (AD DS). To back up these keys, back up Active Directory on a regular basis.
Reference: Back Up and Restore Virtual Machine Manager
https://technet.microsoft.com/en-us/library/dn768227.aspx#BKMK_b_misc
This question consists of two statements: One is named Assertion and the other is named
Reason. Both of these statements may be true; both may be false; or one may be true, while the other may be false.
To answer this question, you must first evaluate whether each statement is true on its own.
If both statements are true, then you must evaluate whether the Reason (the second statement) correctly explains the Assertion (the first statement). You will then select the answer from the list of answer choices that matches your evaluation of the two statements.
Assertion:
You can manage VMware ESX hosts and virtual machines by using a System Center
Virtual Machine Manager (SCVMM) server.
Reason:
SCVMM automatically imports ESX hosts and virtual machines when you add the corresponding VMware vCenter to the SCVMM server.
Evaluate the Assertion and Reason statements and choose the correct answer option.
- A. Both the Assertion and Reason are true, and the Reason is the correct explanation for the Assertion.
- B. Both the Assertion and Reason are true, but the Reason is not the correct explanation for the Assertion.
- C. The Assertion is true, but the Reason is false.
- D. The Assertion is false, but the Reason is true.
- E. Both the Assertion and the Reason are false.
Answer : C
Explanation:
* Assertion: true
Virtual Machine Manager (VMM) enables you to deploy and manage virtual machines and services across multiple hypervisor platforms, including VMware ESX and ESXi hosts.
* Reason: False
When you add a vCenter Server, VMM no longer imports, merges and synchronizes the
VMware tree structure with VMM. Instead, after you add a vCenter Server, you can add selected ESX servers and hosts to any VMM host group. Therefore, there are fewer issues with synchronization.
Reference: Managing VMware ESX Hosts in VMM Overview
https://technet.microsoft.com/en-us/library/gg610683.aspx
Your network contains an Active Directory domain named contoso.com. The domain contains four servers on a test network. The servers are configured as shown in the following table.
Server1 uses the storage shown in the following table.
You perform the following tasks:
-> On Server2, you create an advanced SMB share named Share2A and an applications SMB share named Share2B.
-> On Server3, you create an advanced SMB share named Share3.
-> On Server4, you create an applications SMB share named Share4.
-> You add Server3 and Server4 to a new failover cluster named Clus1.
-> On Clus1, you configure the File Server for general use role, you create a quick
SMB share named Share5A, and then you create an applications SMB share named Share5B.
You plan to create a failover cluster of two virtual machines hosted on Server1. The clustered virtual machines will use shared .vhdx files.
You need to recommend a location to store the shared .vhdx files.
Where should you recommend placing the virtual hard disk (VHD)?
- A. \\Clus1\Share5A
- B. \\Server2\Share2A
- C. \\Server4\Share4
- D. the D drive on Server1
Answer : C
Explanation:
Cluster1 is configured as a file share for general use and quick smb share. You cant place shared vhdx disks on quick smb, and its not recommended to store Hyper-V stuff on general use file shares.
An organization uses an Active Directory Rights Management Services (AD RMS) cluster named RMS1 to protect content for a project. You uninstall AD RMS when the project is complete. You need to ensure that the protected content is still available after AD RMS is uninstalled.
Solution: You enable the decommissioning service by using the AD RMS management console. You grant all users the Read & Execute permission to the decommission pipeline.
Does this meet the goal?
- A. Yes
- B. No
Answer : B
Explanation:
The proper procedure is:
-> Inform your users that you are decommissioning the AD RMS installation and advise them to connect to the cluster to save their content without AD RMS protection. Alternatively, you could delegate a trusted person to decrypt all rights- protected content by temporarily adding that person to the AD RMS super users group.
-> After you believe that all of the content is unprotected and saved, you should export the server licensor certificate, and then uninstall AD RMS from the server.
You plan to allow users to run internal applications from outside the companys network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services
(AD FS) role installed. You must secure on-premises resources by using multi-factor authentication (MFA). You need to design a solution to enforce different access levels for users with personal Windows 8.1 or iOS 8 devices.
Solution: You install a local instance of MFA Server. You connect the instance to the
Microsoft Azure MFA provider, and then run the following Windows PowerShell cmdlet.
Enable-AdfsDeviceRegistration -
Does this meet the goal?
- A. Yes
- B. No
Answer : B
Explanation:
We must install AD FS Adapter, not register a host for the Device Registration Service.
Note: The Enable-AdfsDeviceRegistration cmdlet configures a server in an Active Directory
Federation Services (AD FS) farm to host the Device Registration Service.
Reference: Using Multi-Factor Authentication with Windows Server 2012 R2 AD FS https://msdn.microsoft.com/en-us/library/azure/dn807157.aspx
A company has data centers in Seattle and New York. A high-speed link connects the data centers. Each data center runs a virtualization infrastructure that uses Hyper-V Server 2012 and Hyper-V Server 2012 R2. Administrative users from the Seattle and New York offices are members of Active Directory Domain Services groups named SeattleAdmins and
NewYorkAdmins, respectively.
You deploy one System Center Virtual Machine Manager (SCVMM) in the Seattle data center. You create two private clouds named SeattleCloud and NewYorkCloud in the
Seattle and New York data centers, respectively.
You have the following requirements:
-> Administrators from each data center must be able to manage the virtual machines and services from their location by using a web portal.
-> Administrators must not apply new resource quotas or change resource quotas.
-> You must manage public clouds by using the existing SCVMM server.
-> You must use the minimum permissions required to perform the administrative tasks.
You need to configure the environment.
What should you do?
- A. For both the Seattle and New York admin groups, create a User Role and assign it to the Application Administrator profile. Add the Seattle and New York private clouds to the corresponding User Role.
- B. For both the Seattle and New York admin groups, create a User Role and assign it to the Tennant Administrator profile. Add the Seattle and New York private clouds to the corresponding User Role.
- C. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of each Hyper-V host in Seattle and New York, respectively.
- D. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of the SCVMM server.
Answer : A
Explanation:
Members of the Application Administrator (Self-Service User) ole can create, deploy, and manage their own virtual machines and services by using the VMM console or a Web portal.
You administer an Active Directory Domain Services environment. There are no certification authorities (CAs) in the environment.
You plan to implement a two-tier CA hierarchy with an offline root CA.
You need to ensure that the issuing CA is not used to create additional subordinate CAs.
What should you do?
- A. In the CAPolicy.inf file for the issuing CA, enter the following constraint: PathLength=1
- B. In the CAPolicy.inf file for the root CA, enter the following constraint: PathLength=1
- C. In the CAPolicy.inf file for the root CA, enter the following constraint: PathLength=2
- D. In the CAPolicy.inf file for the issuing CA, enter the following constraint: PathLength=2
Answer : B
Explanation:
You can use the CAPolicy.inf file to define the PathLength constraint in the Basic
Constraints extension of the root CA certificate. Setting the PathLength basic constraint allows you to limit the path length of the CA hierarchy by specifying how many tiers of subordinate CAs can exist beneath the root. A PathLength of 1 means there can be at most one tier of CAs beneath the root. These subordinate CAs will have a PathLength basic constraint of 0, which means that they cannot issue any subordinate CA certificates.
Reference: Windows Server 2008 R2 CAPolicy.inf Syntax
http://blogs.technet.com/b/askds/archive/2009/10/15/windows-server-2008-r2-capolicy-inf- syntax.aspx
Your network contains an Active Directory domain named contoso.com.
You currently have an intranet web site that is hosted by two Web servers named Web1 and Web2. Web1 and Web2 run Windows Server 2012.
Users use the name intranet.contoso.com to request the web site and use DNS round robin.
You plan to implement the Network Load Balancing (NLB) feature on Web1 and Web2.
You need to recommend changes to the DNS records for the planned implementation.
What should you recommend?
- A. Delete one of the host (A) records named Intranet. Modify the remaining host (A) record named Intranet.
- B. Delete both host (A) records named Intranet. Create a pointer (PTR) record for each Web server.
- C. Create a new host (A) record named Intranet. Remove both host (A) records for Web1 and Web2.
- D. Create a service locator (SRV) record. Map the SRV record to Intranet.
Answer : A
Reference: How to Configure Network Load Balancing for Configuration Manager Site
Systems -
https://technet.microsoft.com/en-us/library/bb633031.aspx