NEW QUESTION NO: 6
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the DHCP Server server role installed.
All of the client computers that are in a subnet named Subnet1 receive their IP address configurations from Server1.
You plan to add another DHCP server named Server2 to Subnet1.
You need to recommend changes to the DHCP infrastructure to ensure that the client computers continue to receive IP addressing information if a single DHCP server fails.
What should you do?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Create a Network Load Balancing (NLB) cluster.
B. Configure Failover for the scope.
C. Create a DHCP failover cluster.
D. Create a split scope.
Answer: B
Explanation/Reference:
Explanation:
One of the great features in Windows Server 2012 R2 is the DHCP failover for Microsoft DHCP scopes.
Failover is where the environment suffers an outage of a service which triggers the failover of that service function to a secondary server or site. The assumption for most failover configurations is that the primary server is completely unavailable.


NEW QUESTION NO: 7
On Server2, you create a Run As Account named Account1. Account1 is associated to an Active Directory account named VMMIPAM.
You need to implement an IPAM solution.
What should you do? To answer, select the appropriate configuration for each server in the answer area.
Hot Area:

Answer: 

Explanation/Reference:
Testlet 1
Overview
Alpine Ski House provides vacation travel accommodations. Its main office is in Vancouver. Alpine Ski House also has branch offices in Montreal, Denver, and New York.
An additional sales office is located in Los Angeles. This office has client devices only.
All servers in each office run Windows Server 2012 R2. All client devices in each office run Windows 8.1.
Alpine Ski House plans to acquire another company named Margie's Travel. Margies Travel has an AD DS domain named margiestravel.com.
Danner and New York
The Denver and New York offices have their own child domain named us.alpineskihouse.com. The domain controllers are displayed in the following table:

Vancouver and Montreal
Alpine Ski House has an Active Directory Domain Services (AD DS) domain named aplineskihouse.com for the Vancouver and Montreal offices. The forest and domain functional levels are set to Windows Server
2008. The domain controllers in the domain contain Dynamic Host Configuration Protocol (DHCP) servers and DNS servers. The domain controllers are displayed in the following table:

The Vancouver office also has a certification authority (CA) installed on a server named ALP-CA01.
Business Requirements
Growth
An additional branch office is planned in an extremely remote, mountainous location that does not have traditional access to the Internet.
The remote branch office location will use a high-latency, low-bandwidth satellite connection to the Denver and Vancouver offices.
The Los Angeles office will be expanded to include sales and billing staff. The Los Angeles location will not contain IT staff.
File Management
Currently, each office has a dedicated file share that is hosted on a domain controller. The company plans to implement a new file sharing capability to synchronize data between offices and to maximize performance for locating files that are saved in a different branch office. Sales users in the Los Angeles office must also be able to retrieve file data from each branch office.
Recovery time objective
The business requires that the data stored in AD DS must be recovered within an hour. This data includes user accounts, computer accounts, groups, and other objects. Any customized attributes must also be recovered. The current backup solution uses a tape drive, which requires a minimum of two hours between notification and recovery.
Office 365
Alpine Ski House purchased Office 365 Enterprise E3 licenses for all users in the organization.
Technical Requirements
Existing environment
Users in the Montreal office of Alpine Ski House report slow times to log on to their devices. An administrator determines that users in the Montreal location occasionally authenticate to a domain controller with an IP address of 172.16.0.10/24. All authentication requests must first be attempted in the same location as the client device that is being authenticated.
Growth
The remote branch office must have a single domain controller named REMOTE- DC01.us.aplineskihouse.com.
The replication between domains must either use best-effort or low-cost replication. After the expansion, authentication must occur locally.
Any server placed in the Los Angeles office must not contain cached passwords.
File management
Where possible, the new file management solution must be centralized. If supported, the data must be stored in a single location in each branch office.
Acquisition
After acquiring Margie's Travel, all AD DS objects, including user account passwords, must be a migrated to the alpineskihouse.com domain. Alpine Ski House plans to use the Active Directory Migration Tool (ADMT) to complete the migration process.
The password complexity requirements for the margiestravel.com domain are unknown. Users should not be forced to change their passwords after migrating their user accounts. Some computer objects will be renamed during the migration.
Office 365
Alpine Ski House must use Microsoft Azure to facilitate directory synchronization (DirSync) with Office 365.
The DirSync utility must be installed on a virtual machine in Microsoft Azure.

NEW QUESTION NO: 8
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server
2008 R2. All domain controllers are installed on physical servers. The network contains several Hyper-V hosts.
The network contains a Microsoft System Center 2012 infrastructure.
You plan to use domain controller cloning to deploy several domain controllers that will run Windows Server 2012.
You need to recommend which changes must be made to the network infrastructure before you can use domain controller cloning.
What should you recommend?
A. Upgrade a global catalog server to Windows Server 2012. Deploy Virtual Machine Manager (VMM).
B. Upgrade a global catalog server to Windows Server 2012. Install the Windows Deployment Services server role on a server that runs Windows Server 2012.
C. Upgrade the domain controller that has the PDC emulator operations master role to Windows Server
2012. Deploy a Hyper-V host that runs Windows Server 2012.
D. Upgrade the domain controller that has the infrastructure master operations master role to Windows Server 2012. Install the Windows Deployment Services server role on a server that runs Windows Server 2012.
Answer: C
Explanation/Reference:
Explanation:
The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows Server 2012, but it does not have to be running on a hypervisor.

NEW QUESTION NO: 9
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.

The domain contains two global groups. The groups are configured as shown in the following table.

You need to ensure that the RODC is configured to meet the following requirements:
Cache passwords for all of the members of Branch1Users.

Prevent the caching of passwords for the members of Helpdesk.

What should you do?
A. Modify the membership of the Denied RODC Password Replication group.
B. Install the BranchCache feature on RODC1.
C. Modify the delegation settings of RODC1.
D. Create a Password Settings object (PSO) for the Helpdesk group.
Answer: A
Explanation/Reference:
Explanation:
Password Replication Policy Allowed and Denied lists
Two new built-in groups are introduced in Windows Server 2008 Active Directory domains to support RODC operations. These are the Allowed RODC Password Replication Group and Denied RODC Password Replication Group.
These groups help implement a default Allowed List and Denied List for the RODC Password Replication Policy. By default, the two groups are respectively added to the msDS-RevealOnDemandGroup and msDS-NeverRevealGroup Active Directory attributes.

NEW QUESTION NO: 10
You need to recommend a trust model.
What should you include in the recommendation?
A. A one-way, forest trust that has selective authentication.
B. A one-way, external trust
C. A two-way, external trust
D. A one-way, forest trust that has domain-wide authentication.
Answer: A
Explanation/Reference:
From case study:
Users in the Montreal office must only be allowed to access shares that are located on File01 and File02.
The Montreal users must be prevented from accessing any other servers in the proseware.com forest regardless of the permissions on the resources.

NEW QUESTION NO: 11
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.

All client computers run either Windows 7 or Windows 8.
Goal: You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.
Solution: You implement the 802.1x Network Access Protection (NAP) enforcement method.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation/Reference:
Explanation:
NAP supports a variety of what we call enforcement methods. In the NAP space, and enforcement method is simply a term that defines the way a machine connects to a network. In NAP, these are DHCP, 802.1x (wired or wireless), VPN, IPsec, or via a Terminal Services Gateway.

NEW QUESTION NO: 12
You need to recommend a remote access solution that meets the VPN requirements.
Which role service should you include in the recommendation?
A. Routing
B. Network Policy Server
C. DirectAccess and VPN (RAS)
D. Host Credential Authorization Protocol
Answer: B
Explanation/Reference:
Explanation:
Scenario:
A server that runs Windows Server 2012 will perform RADIUS authentication for all of the VPN connections.
Ensure that NAP with IPSec enforcement can be configured.
Network Policy Server
Network Policy Server (NPS) allows you to create and enforce organization-wide network access policies for client health, connection request authentication, and connection request authorization. In addition, you can use NPS as a Remote Authentication Dial-In User Service (RADIUS) proxy to forward connection requests to a server running NPS or other RADIUS servers that you configure in remote RADIUS server groups.
NPS allows you to centrally configure and manage network access authentication, authorization, are client health policies with the following three features: RADIUS server. NPS performs centralized authorization, authorization, and accounting for wireless, authenticating switch, remote access dial-up and virtual private network (VNP) connections. When you use NPS as a RADIUS server, you configure network access servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. You also configure network policies that NPS uses to authorize connection requests, and you can configure RADIUS accounting so that NPS logs accounting information to log files on the local hard disk or in a Microsoft SQL Server database.

NEW QUESTION NO: 13
Your network contains 50 servers that run Windows Server 2003 and 50 servers that run Windows Server
2008.
You plan to implement Windows Server 2012 R2.
You need to create a report that includes the following information:
The servers that run applications and services that can be moved to Windows Server 2012 R2

The servers that have hardware that can run Windows Server 2012 R2

The servers that are suitable to be converted to virtual machines hosted on Hyper-V hosts that run

Windows Server 2012 R2
Solution: You install Windows Server 2012 R2 on a new server, and then you run the Windows Server Migration Tools. Does this meet the goal?
A. No
B. Yes
Answer: A

NEW QUESTION NO: 14
Your company has three offices. The offices are located in New York, Chicago, and Atlanta.
The network contains an Active Directory domain named contoso.com that has three Active Directory sites named Site1, Site2, and Site3. The New York office is located in Site1. The Chicago office is located in Site2. The Atlanta office is located in Site3. There is a local IT staff to manage the servers in each site. The current domain controllers are configured as shown in the following table.

The company plans to open a fourth office in Montreal that will have a corresponding Active Directory site.
Because of budget cuts, a local IT staff will not be established for the Montreal site.
The Montreal site has the following requirements:
Users must be able to authenticate locally.

Users must not have the ability to log on to the domain controllers.

Domain account passwords must not be obtained from servers in the Montreal site.

Network bandwidth between the Montreal site and the other sites must be minimized.

Users in the Montreal office must have access to applications by using Remote Desktop Services

(RDS).
You need to recommend a solution for the servers in the Montreal site.
What should you recommend?
A. Install a domain controller in the Montreal site that has a Server Core installation of Windows Server
2012. Install a member server in the Montreal site to host additional server roles.
B. Install a domain controller in the Montreal site that has a Server Core installation of Windows Server
2012. Install a member server in the New York site to host additional server roles.
C. Install a read-only domain controller (RODC) in the Montreal site. Install a member server in the New York site to host additional server roles.
D. Only install a domain controller in the Montreal site that has a Server Core installation of Windows Server 2012.
Answer: C

NEW QUESTION NO: 15
You need to implement the Microsoft Azure migration plan. What should you do?
A. On Microsoft Azure, install and configure System Center 2012 R2 Virtual Machine Manager.
B. On an on-premises server, install and configure System Center 2012 R2 Service Manager.
C. On an on-premises server, install and configure System Center 2012 R2 App Controller.
D. On an on-premises server, install and configure Windows Deployment Services.
E. On Microsoft Azure, install and configure System Center 2012 R2 Orchestrator.
Answer: C
Explanation/Reference:
* Scenario: Azure migration
The company plans to migrate existing services, including System Center management servers, to Azure.
To reduce costs, the migration must use the minimum number of Azure VM instances to migrate the services.

NEW QUESTION NO: 16
You need to recommend a deployment method for Proseware.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
A. A WDS Deployment server and Multicast transmissions
B. A WDS Deployment server and Unicast transmissions
C. A WDS Transport server and Multicast transmissions
D. A WDS Transport server and Unicast transmissions
Answer: A
Explanation/Reference:
Consider implementing multicasting if your organization:
Has network routers that support multicasting.

Is a large company that requires many concurrent client installations.

Wants to use network bandwidth efficiently. This is because with this feature, images are sent over the

network only once, and you can specify limitations (for example, to only use 10 percent of your bandwidth).
Has enough disk space on client computers for the image to be downloaded.