Recertification for MCSE: Server Infrastructure
Question No: 341 – (Topic 18)
Your network contains an Active Directory forest that has three domains. All domain controllers run Windows Server 2012.
You need to recommend a solution to control which attributes are replicated to global catalog servers in the forest. What should you include in the recommendation?
the partial attribute set.
application directory partitions.
the filtered attribute set.
Question No: 342 DRAG DROP – (Topic 18)
You manage a server named DA01 that has the DirectAccess feature configured. You deploy a new server named DA02. Both servers run Microsoft Windows Server 2012 R2.
You need to configure a Direct Access load-balanced cluster named WAP01 that contains servers DA01 and DA02.
How should you complete the relevant Windows PowerShell commands? To answer, drag the appropriate Windows PowerShell segment to the correct locations. Each Windows PowerShell segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Box 1: Add-WindowsFeature -Name DirectAccess-VPN, NLB
We set up DA01 for Directaccess-VPN and for Network load balancing. Box 2: NLB
DA02 will be a node in the cluster so it needs NLB Box 3: WAP01
Set up the cluster named WAP01. Box 4: DA02
Box 5: DA01
DA02 is a node in the cluster, while DA01 is the DirectAccess server. We add the DA02 server to the load balanced cluster as node. The Add-
RemoteAccessLoadBalancerNode cmdlet adds a server to the load balanced cluster. The server is added to the cluster to which the server on which the cmdlet is run, or to the server specified in the ComputerName parameter.
The -RemoteAccessServerParameter specifies a remote access server which should be added to the cluster. In this case DA01.
Question No: 343 – (Topic 18)
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8.
The corporate security policy states that all of the client computers must have the latest security updates installed.
You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.
Solution: You implement the DHCP Network Access Protection (NAP) enforcement method.
Does this meet the goal?
Explanation: Implementing DHCP NAP to Enforce WSUS Updates
Question No: 344 – (Topic 18)
You have a server named DNS1 that runs Windows Server 2012. DNS1 has the DNS server role installed.
You need to recommend changes to the DNS I to prevent several names from being registered in DNS.
What should you configure on DNS1?
DNS cache locking
DNS Security Extensions (DNSSEC)
The global query block list.
Question No: 345 – (Topic 18)
Your network contains a Hyper-V host named Host1 that runs Windows Server 2012. Host1 contains a virtual machine named DC1. DC1 is a domain controller that runs Windows Server 2012.
You plan to clone DC1.
You need to recommend which steps are required to prepare DC1 to be cloned.
What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.)
Run dcpromo.exe /adv.
Create a file named Dccloneconfig.xml.
Add DC1 to the Cloneable Domain Controllers group.
Run sysprep.exe /oobe.
Answer: B,C Explanation:
B: DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more. This file can be generated in a few different ways.
C: There#39;s a new group in town. It#39;s called Cloneable Domain Controllers and you can find it in the Users container. Membership in this group dictates whether a DC can or cannot be cloned. This group has some permissions set on the domain head that should not be removed. Removing these permissions will cause cloning to fail. Also, as a best practice, DCs shouldn#39;t be added to the group until you plan to clone and DCs should be removed from the group once cloning is complete. Cloned DCs will also end up in the Cloneable Domain Controllers group. Make sure to remove those as well.
Reference: http://blogs.technet.com/b/askpfeplat/archive/2012/10/01/virtual-domain- controller-cloning-in-windows-server-2012.aspx
Question No: 346 – (Topic 18)
Your company has a main office and four branch offices. The main office is located in London.
The network contains an Active Directory domain named contoso.com. Each office contains one domain controller that runs Windows Server 2012. The Active Directory site topology is configured as shown in the exhibit. (Click the Exhibit button.)
You discover that when a domain controller in a branch office is offline for maintenance, users in that branch office are authenticated by using the domain controllers in any of the sites.
You need to recommend changes to Active Directory to ensure that when a domain controller in a branch office is offline, the users in that branch office are authenticated by the domain controllers in London.
What should you include in the recommendation? Exhibit
Modify the DC Locator DNS Records settings.
Disable site link bridging.
Modify the site link costs.
Modify the service location (SRV) records in DNS.
Answer: A Explanation:
If local DC (domain controller) is not available, DC Locator service will look for another DC in a different site.
Note: The following sequence describes how the Locator is able to find a domain controller (see step 3 below) :
On the client (the computer locating the domain controller), the Locator is initiated as an RPC to the local Net Logon service. The Locator application programming interface (API)
(DsGetDcName) is implemented by the Net Logon service.
The client collects the information that is needed to select a domain controller and passes the information to the Net Logon service by using the DsGetDcName API.
The Net Logon service on the client uses the collected information to look up a domain controller for the specified domain in one of two ways:
For a DNS name, Net Logon queries DNS by using the IP/DNS-compatible Locator – that is, DsGetDcName calls the DnsQuery API to read the Service Resource (SRV) records and A records from DNS, after it appends an appropriate string to the front of the domain name that specifies the SRV record.
Reference: Domain Controller Locator https://technet.microsoft.com/en-us/library/cc961830.aspx
Question No: 347 – (Topic 18)
Your network contains an Active Directory forest that has two domains named contoso.com and europe.contoso.com. The forest contains five servers. The servers are configured as shown in the following table.
You plan to manage the DHCP settings and the DNS settings centrally by using IP Address Management (IPAM).
You need to ensure that you can use IPAM to manage the DHCP and DNS settings in both
domains. The solution must use the minimum amount of administrative effort. What should you do?
Upgrade DCE1 and DCE2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature. Run the Set-IpamConfiguration cmdlet for each domain.
Upgrade DCE1 and DCE2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature. Run the Invoke-IpamGpoProvisioning cmdlet for each domain.
Upgrade DC1 and DC2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature. Run the Invoke-IpamGpoProvisioning cmdlet for each domain.
Upgrade DC1 and DC2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature. Run the Set-IpamConfiguration cmdlet for each domain.
Explanation: * You can use IPAM to manage DHCP servers running on Windows Server 2008 R2 and above. Here DCE1 and DCE2 are running Windows 2003, so they need to be upgraded to Windows Server 2008 R2 or above.
Creates and links group policies in the specified domain for provisioning required access settings on the servers managed by the computer running the IP Address Management (IPAM) server.
Not C: DC1 and DC2 do not need to be upgraded as IPAM can manage DHCP servers running on Windows Server 2008 R2 and above.
Not A, Not D: Set-IpamConfiguration
Sets the configuration for the computer running the IP Address Management (IPAM) server, including the TCP port number over which the computer running the IPAM Remote Server Administration Tools (RSAT) client connects with the computer running the IPAM server.
Reference: IPAM managed DHCP server requirements
Upgrade the Windows 2003 Servers.
Question No: 348 – (Topic 18)
Your company has a main office that contains several servers and several users. The main office contains a file server named Server1 that runs Windows Server 2012.
The users access a large report file that is created on Server1 each day.
The company plans to open a new branch office. The branch office will contain only client computers.
You need to implement a solution to reduce the amount of bandwidth used by the client computers in the branch office to download the report each day.
What should you do?
More than one answer choice may achieve the goal. Select the BEST answer.
Install the BranchCache for network files role service on Server1. Configure the client computers to use BranchCache in hosted cache mode.
Configure the offline settings of the shared folder that contains the report.
Install the BranchCache for network files role service on Server1. Configure the client computers to use Branchcache in distributed mode.
Enable the Background Intelligent Transfer Service (BITS) feature on Server1 and on each client computer in the branch office. Move the report to a web folder.
Answer: C Explanation:
Distributed cache mode. In this mode, branch office client computers download content from the content servers in the main office and then cache the content for other computers in the same branch office.
Distributed cache mode does not require a server computer in the branch office.
Reference: BranchCache Deployment Guide https://technet.microsoft.com/en-us/library/ee649232(v=ws.10).aspx
Question No: 349 – (Topic 18)
Your network contains an Active Directory domain named contoso.com. The physical topology of the network is configured as shown in the exhibit.
Each office contains 500 employees.
You plan to deploy several domain controllers to each office.
You need to recommend a site topology for the planned deployment. What should you include in the recommendation?
More than one answer choice may achieve the goal. Select the BEST answer. Exhibit
Five sites and one site link
Three sites and three site links
Five sites and three site links
Answer: D Explanation:
Create a site for each LAN, or set of LANs, that are connected by a high speed backbone, and assign the site a name. Connectivity within the site must be reliable and always available.
This would mean 5 sites Site links are transitive, so if site A is connected to site B, and site B is connected to site C, then the KCC assumes that domain controllers in site A can communicate with domain controllers in site C. You only need to create a site link between site A and site C if there is in fact a distinct network connection between those two sites.
This would mean 3 sitelinks
So answer is quot;Five sites and three site linksquot;
Question No: 350 – (Topic 18)
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The main office contains domain controllers that run Windows Server 2012. The branch office contains a read-only domain controller (RODC) that runs Windows Server 2012.
You need to recommend a solution to control which Active Directory attributes are replicated to the RODC.
What should you include in the recommendation?
The partial attribute set
The filtered attribute set
Application directory partitions
Explanation: RODC filtered attribute set
Some applications that use AD DS as a data store might have credential-like data (such as
passwords, credentials, or encryption keys) that you do not want to be stored on an RODC in case the RODC is compromised.
For these types of applications, you can dynamically configure a set of attributes in the schema for domain objects that will not replicate to an RODC. This set of attributes is called the RODC filtered attribute set. Attributes that are defined in the RODC filtered attribute set are not allowed to replicate to any RODCs in the forest.
Reference: AD DS: Read-Only Domain Controllers https://technet.microsoft.com/en-us/library/cc732801(v=ws.10).aspx
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|