Recertification for MCSE: Server Infrastructure
Question No: 281 – (Topic 12)
You need to recommend a solution for GPO1.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
In west.northwindtraders.com, create a copy of GPO1 and link the new GPO to Site2. Apply a WMI filter to the new GPO.
In west.northwindtraders.com, create a copy of GPO1 and link the new GPO to west.northwindtraders.com. Configure security filtering on the new GPO.
Link GPO1 to west.northwindtraders.com and configure security filtering on GPO1.
Link GPO1 to Site2 and apply a WMI filter to GPO1.
Answer: D Explanation: * Scenario:
The northwindtraders.com domain contains a Group Policy object (GPO) named GPO1. GP01 is applied to all of the users in the Montreal office.
Apply GPO1 to all of the San Diego users.
GPO1 must not be applied to computers that run Windows 8.1.
* WM Filter for Operating Systems. Example: Windows 8.1 64 bit
SELECT version FROM Win32_OperatingSystem WHERE Version LIKE quot;6.3%quot; and ProductType = quot;1quot; AND OSArchitecture = quot;64-bitquot;
Question No: 282 HOTSPOT – (Topic 12)
You are planning the certificates for Northwind Traders.
You need to identify the certificate configurations required for App1.
How should you configure the certificate request? To answer, select the appropriate options in the answer area.
Box 1: App1.public.northwindtraders.com
* From the scenario:
Users must be able to access App1 from the Internet.
The servers in the perimeter network are accessible from the Internet by using a domain name suffix of public.northwindtraders.com.
Configure a web application proxy on Server6.
Box 2: Server Authentication
Certificates that server programs use to authenticate themselves to clients
From the scenario:
Configure a web application proxy on Server6.
Question No: 283 HOTSPOT – (Topic 12)
On Server2, you create a Run As Account named Account1. Account1 is associated to an Active Directory account named VMMIPAM.
You need to implement an IPAM solution.
What should you do? To answer, select the appropriate configuration for each server in the answer area.
Box 1: Add a network service
On the VMM server use the Add Network Service Wizard to setup a service, which runs with the newly created VMMIPAM account, and which connects to IPAM server on Server3. Box 2:
On the IPAM server add the new VMMIPAM account to the IPAM ASM Administrators and to the Remote Management Users groups. This ensures that the Network Service which is run with the VMMIPAM account has the required permissions to access the IPAM server.
Server2 is running System Center 2012 R2 Virtual Machine Manager (VMM) server. Server3 is running IPAM server.
Question No: 284 – (Topic 12)
You need to recommend a solution for the sales reports. What should you include in the recommendation?
BranchCache in distributed cache mode
BranchCache in hosted cache mode
Distributed File System (DFS)
Explanation: DFS to increase the availability of data by storing the data on multiple servers. DFS could make the sales reports available, even if the WAN link is down.
Scenario: Server3 has a shared folder that contains sales reports. The sales reports are read frequently by the users in both offices. The reports are generated automatically once per week by an enterprise resource planning (ERP) system.
If a WAN link fails, users must be able to access ALL of the sales reports
Not A, Not C: Branchcache (hosted or distributed) does not work when content server is not reachable (link down).
Not B: According to the scenario, the computers in the San Diego office are often replaced, so offline caching will not make the reports available all the time if WAN link goes down.
Reference: What Is DFS?
Question No: 285 – (Topic 12)
You need to recommend a solution for the replication of Active Directory. What should you recommend modifying?
The Active Directory Schema
The properties of Site1
The RODC1 computer account
The properties of Site2
Explanation: An AD Schema can be configured to prevent specific information from being replicated. You add an attribute to the RODC filtered attribute set, and then mark it as confidential.
Scenario: Prevent an Active Directory Domain Services (AD DS) attribute named SSNumber from replicating to Site2.
Reference: Appendix D: Steps to Add an Attribute to the RODC Filtered Attribute Set https://technet.microsoft.com/en-us/library/cc772331(v=ws.10).aspx
Question No: 286 – (Topic 12)
You need to implement a solution for DNS replication. Which cmdlets should you run?
Set-DnsServer and Invoke-DnsServerZoneSign
ConvertTo-DnsServerPrimaryZone and Register-DnsServerDirectoryPartition
UnRegister-DnsServerDirectoryPartition and Add-DnsServerForwarder
Set-DnsServerDnsSecZoneSetting and Invoke-DnsServerZoneSign
Explanation: Currently DNS zones are replicated to all Domain Controllers, but they should only replicate only to DC1, DC2, and DC3. We can unregister other DNS servers (RODC1) with the help of UnRegister-DnsServerDirectoryPartition cmdlet, which deregisters a Domain Name System (DNS) server from a specified DNS application directory partition.
RODC1 is still used as a DNS server, but does not receive zone replication, but it should still function as a DNS server as all computers need to resolve names by using a local DNS server. We configure RODC1 to forward DNS requests to DC1, DC2 or DC3 with the help of the Add-DnsServerForwarder command.
* Scenario. Technical Requirement related to DNS:
Ensure that all DNS zone data is encrypted when it is replicated
All computers must be able to resolve names by using a local DNS server All DNS zones must replicate only to DC1, DC2, and DC3
Reference: UnRegister-DnsServerDirectoryPartition, Add-DnsServerForwarder
Question No: 287 DRAG DROP – (Topic 12)
You need to recommend a solution for managing Windows Azure.
Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Question No: 288 – (Topic 12)
You need to recommend an Office 365 integration solution. What should you include in the recommendation?
Active Directory directory synchronization
The Active Directory Migration Tool (ADMT)
Windows Identity Foundation (WIF) 3.5
The Sync Framework Toolkit
Explanation: * Scenario: Each office is configured as an Active Directory site.
Reference: Synchronizing your directory with Office 365 is easy https://blogs.office.com/2014/04/15/synchronizing-your-directory-with-office-365-is-easy/
Topic 13, Alpine Ski Overview
Alpine Ski House provides vacation travel accommodations. Its main office is in Vancouver. Alpine Ski House also has branch offices in Montreal, Denver, and New York.
An additional sales office is located in Los Angeles. This office has client devices only.
All servers in each office run Windows Server 2012 R2. All client devices in each office run Windows 8.1.
Alpine Ski House plans to acquire another company named Margie#39;s Travel. Margies Travel has an AD DS domain named margiestravel.com.
Danner and New York
The Denver and New York offices have their own child domain named us.alpineskihouse.com. The domain controllers are displayed in the following table:
Vancouver and Montreal
Alpine Ski House has an Active Directory Domain Services (AD DS) domain named aplineskihouse.com for the Vancouver and Montreal offices. The forest and domain functional levels are set to Windows Server 2008. The domain controllers in the domain contain Dynamic Host Configuration Protocol (DHCP) servers and DNS servers. The domain controllers are displayed in the following table:
The Vancouver office also has a certification authority (CA) installed on a server named ALP-CA01.
Business Requirements Growth
An additional branch office is planned in an extremely remote, mountainous location that
does not have traditional access to the Internet.
The remote branch office location will use a high-latency, low-bandwidth satellite connection to the Denver and Vancouver offices.
The Los Angeles office will be expanded to include sales and billing staff. The Los Angeles location will not contain IT staff.
Currently, each office has a dedicated file share that is hosted on a domain controller. The company plans to implement a new file sharing capability to synchronize data between offices and to maximize performance for locating files that are saved in a different branch office. Sales users in the Los Angeles office must also be able to retrieve file data from each branch office.
Recovery time objective
The business requires that the data stored in AD DS must be recovered within an hour. This data includes user accounts, computer accounts, groups, and other objects. Any customized attributes must also be recovered. The current backup solution uses a tape drive, which requires a minimum of two hours between notification and recovery.
Alpine Ski House purchased Office 365 Enterprise E3 licenses for all users in the organization.
Technical Requirements Existing environment
Users in the Montreal office of Alpine Ski House report slow times to log on to their devices.
An administrator determines that users in the Montreal location occasionally authenticate to a domain controller with an IP address of 172.16.0.10/24. All authentication requests must first be attempted in the same location as the client device that is being authenticated.
The remote branch office must have a single domain controller named REMOTE- DC01.us.aplineskihouse.com.
The replication between domains must either use best-effort or low-cost replication. After the expansion, authentication must occur locally.
Any server placed in the Los Angeles office must not contain cached passwords.
Where possible, the new file management solution must be centralized. If supported, the data must be stored in a single location in each branch office.
After acquiring Margie#39;s Travel, all AD DS objects, including user account passwords, must be a migrated to the alpineskihouse.com domain. Alpine Ski House plans to use the Active Directory Migration Tool (ADMT) to complete the migration process.
The password complexity requirements for the margiestravel.com domain are unknown. Users should not be forced to change their passwords after migrating their user accounts. Some computer objects will be renamed during the migration.
Alpine Ski House must use Microsoft Azure to facilitate directory synchronization (DirSync) with Office 365. The DirSync utility must be installed on a virtual machine in Microsoft Azure.
Question No: 289 – (Topic 13)
You need to configure the connection between the new remote branch office and the existing branch offices.
What should you create?
SMTP site link
Question No: 290 – (Topic 13)
You need to design a solution for the recovery-time objective.
Which two actions should you perform? Each correct answer presents part of the solution.
Schedule a task to create a snapshot of the NTDS database before the existing backup job runs.
Enable the KDC support for claims, compound authentication, and Kerberos armoring administrative template policy.
Set the functional level for each domain to Windows Server 2012.
Set the functional level of the forest to Windows Server 2008 R2.
Enable the Active Directory Recycle Bin.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|