Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-980
100% Free Download! 100% Pass Guaranteed!

Recertification for MCSE: Server Infrastructure

Question No: 131 – (Topic 8)

You plan to allow users to run internal applications from outside the company’s network. You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS) role installed. You must secure on-premises resources by using multi-factor authentication (MFA). You need to design a solution to enforce different access levels for users with personal Windows 8.1 or iOS 8 devices.

Solution: You install a local instance of the MFA Server. You connect the instance to the Microsoft Azure MFA provider and then you use Microsoft Intune to manage personal devices.

Does this meet the goal?

  1. Yes

  2. No

Answer: A

Question No: 132 – (Topic 8)

A company has data centers in Seattle and New York. A high-speed link connects the data centers. Each data center runs a virtualization infrastructure that uses Hyper-V Server 2012 and Hyper-V Server 2012 R2. Administrative users from the Seattle and New York offices are members of Active Directory Domain Services groups named SeattleAdmins and NewYorkAdmins, respectively.

You deploy one System Center Virtual Machine Manager (SCVMM) in the Seattle data center. You create two private clouds named SeattleCloud and NewYorkCloud in the Seattle and New York data centers, respectively.

You have the following requirements:

-> Administrators from each data center must be able to manage the virtual machines and services from their location by using a web portal.

-> Administrators must not apply new resource quotas or change resource quotas.

-> You must manage public clouds by using the existing SCVMM server.

-> You must use the minimum permissions required to perform the administrative tasks.

You need to configure the environment. What should you do?

  1. For both the Seattle and New York admin groups, create a User Role and assign it to the Application Administrator profile. Add the Seattle and New York private clouds to the corresponding User Role.

  2. For both the Seattle and New York admin groups, create a User Role and assign it to the Delegated Administrator profile. Add the Seattle and New York private clouds to the corresponding User Role.

  3. For both the Seattle and New York admin groups, create a User Role and assign it to the Tennant Administrator profile. Add the Seattle and New York private clouds to the corresponding User Role.

  4. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of each Hyper-V host in Seattle and New York, respectively.

Answer: B

Question No: 133 – (Topic 8)

Your company has an office in New York.

Many users connect to the office from home by using the Internet.

You deploy an Active Directory Certificate Services (AD CS) infrastructure that contains an enterprise certification authority (CA) named CA1. CA1 is only available from hosts on the internal network.

You need to ensure that the certificate revocation list (CRL) is available to all of the users.

What should you do? (Each correct answer presents part of the solution. Choose all that apply.)

  1. Create a scheduled task that copies the CRL files to a Web server.

  2. Run the Install-ADCSWebEnrollment cmdlet.

  3. Run the Install-EnrollmentPolicyWebService cmdlet.

  4. Deploy a Web server that is accessible from the Internet and the internal network.

  5. Modify the location of the Authority Information Access (AIA).

  6. Modify the location of the CRL distribution point (CDP).

Answer: D,F Explanation:

CRLs will be located on Web servers which are Internet facing. CRLs will be accessed using the HTTP retrieval protocol.

CRLs will be accessed using an external URL of http://dp1.pki.contoso.com/pki

F: To successfully authenticate an Internet Protocol over Secure Hypertext Transfer Protocol (IP-HTTPS)-based connection, DirectAccess clients must be able to check for certificate revocation of the secure sockets layer (SSL) certificate submitted by the DirectAccess server. To successfully perform intranet detection, DirectAccess clients must be able to check for certificate revocation of the SSL certificate submitted by the network location server. This procedure describes how to do the following:

Create a Web-based certificate revocation list (CRL) distribution point using Internet Information Services (IIS)

Configure permissions on the CRL distribution shared folder

Publish the CRL in the CRL distribution shared folder Reference: Configure a CRL Distribution Point for Certificates

Question No: 134 – (Topic 8)

Your network contains an Active Directory forest named contoso.com.

Your company works with a partner company that has an Active Directory forest named

fabrikam.com. Both forests contain domain controllers that run only Windows Server 2012 R2.

The certification authority (CA) infrastructure of both companies is configured as shown in the following table.

Ensurepass 2018 PDF and VCE

You need to recommend a certificate solution that meets the following requirements:

-> Server authentication certificates issued from fabrikam.com must be trusted automatically by the computers in contoso.com.

-> The computers in contoso.com must not trust automatically any other type of

certificates issued from the CA hierarchy in fabrikam.com.

What should you include in the recommendation?

  1. Deploy a Group Policy object (GPO) that defines intermediate CAs. Import a certificate that has an application policy object identifier (OID) of CA Encryption Certificate.

  2. Deploy a Group Policy object (GPO) that defines an enterprise trust. Import a certificate that has an application policy object identifier (OID) of Microsoft Trust List Signing.

  3. Deploy a Group Policy object (GPO) that defines an enterprise trust. Import a certificate that has an application policy object identifier (OID) of CA Encryption Certificate.

  4. Deploy a Group Policy object (GPO) that defines intermediate CAs. Import a certificate that has an application policy object identifier (OID) of Microsoft Trust List Signing.

Answer: B

Question No: 135 – (Topic 8)

Your network contains an Active Directory domain named contoso.com.

The corporate security policy states that when new user accounts, computer accounts, and contacts are added to an organizational unit (OU) named Secure, the addition must be audited.

You need to recommend an auditing solution to meet the security policy.

What should you include in the recommendation? (Each answer presents part of the solution. Choose all that apply.)

  1. From the Default Domain Controllers Policy, enable the Audit directory services setting.

  2. Create a new Group Policy object (GPO) that is linked to the Secure OU, and then modify the Audit directory services setting.

  3. From the Secure OU, modify the Auditing settings.

  4. From the Default Domain Controllers Policy, enable the Audit object access setting.

  5. From the Secure OU, modify the Permissions settings.

  6. Create a new Group Policy object (GPO) that is linked to the Secure OU, and then modify the Audit object access setting.

Answer: A,B

Question No: 136 – (Topic 8)

Your network contains multiple servers that run Windows Server 2012.

The network contains a Storage Area Network (SAN) that only supports Fibre Channel connections.

You have two failover clusters. The failover clusters are configured as shown in the following table.

Ensurepass 2018 PDF and VCE

Only the members of Cluster1 can connect to the SAN.

You plan to implement 15 highly available virtual machines on Cluster2. All of the virtual machines will be stored in a single shared folder.

You need to ensure that the VHD files of the virtual machines can be stored on the SAN.

What should you do? (Each correct answer presents a complete solution. Choose all that apply.)

  1. From a node in Cluster2, create a Virtual Fibre Channel SAN.

  2. From a node in Cluster1, create a Virtual Fibre Channel SAN.

  3. From Cluster1, add the iSCSI Target Server cluster role.

  4. From Cluster1, configure the clustered File Server role of the File Server for scale-out application data type.

Answer: A,D

Question No: 137 HOTSPOT – (Topic 8)

Your company has four offices. The offices are located in Montreal, Seattle, New York, and Miami.

Users access all of the web-based resources by using web proxy servers. The IP addresses of the web proxies at each office are configured as shown in the following table.

Ensurepass 2018 PDF and VCE

The connections to the web proxies are balanced by using round-robin DNS.

The company plans to deploy a new application. The new application has a farm of front- end web servers that connect to a back-end application server. When a session to a web server is established, the web server stores data until the session closes. Once the session

closes, the data is sent to the application server.

You need to ensure that the incoming sessions to the web server farm are distributed among the web servers. The solution must ensure that if a web server fails, the users are NOT directed to the failed server.

How should you configure the port rule? To answer, select the appropriate options in the answer area.

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

Answer:

Ensurepass 2018 PDF and VCE

Question No: 138 HOTSPOT – (Topic 8)

You plan to implement a virtualization solution to host 10 virtual machines. All of the virtual machines will be hosted on servers that run Windows Server 2012.

You need to identify which servers must be deployed for the planned virtualization solution. The solution must meet the following requirements:

  • Minimize the number of servers.

  • Ensure that live migration can be used between the hosts.

    Which servers should you identify?

    To answer, select the appropriate servers in the answer area.

    Ensurepass 2018 PDF and VCE

    Answer:

    Ensurepass 2018 PDF and VCE

    Explanation:

    Ensurepass 2018 PDF and VCE

    Just two server with Hyper-V installed is enough to perform a Live Migration. (Minimize the number of servers)

    Question No: 139 – (Topic 8)

    Your network contains a Microsoft System Center 2012 infrastructure. You use Virtual Machine Manager (VMM) to manage 20 Hyper-V hosts. You deploy a Windows Server Update Services (WSUS) server.

    You need to automate the remediation of non-compliant Hyper-V hosts. The solution must minimize the amount of time that virtual machines are unavailable.

    What should you do first?

    1. Configure the Hyper-V hosts to download Windows updates from the WSUS server by using a Group Policy object (GPO).

    2. Install the WSUS Administration console on the VMM server, and then add the WSUS server to the fabric.

    3. Install the Virtual Machine Manager console on the WSUS server, and then add the WSUS server to the fabric.

    4. Configure the Hyper-V hosts to download Windows updates from the VMM server by using a Group Policy object (GPO).

    Answer: B

    Question No: 140 – (Topic 8)

    Your network contains an Active Directory domain named contoso.com. The network has an Active Directory Certificate Services (AD CS) infrastructure.

    You need to issue a certificate to users to meet the following requirements:

    -> Ensure that the users can encrypt files by using Encrypting File System (EFS).

    -> Ensure that all of the users reenroll for their certificate every six months.

    Solution: From the properties of the Basic EFS template, you assign the Allow – Enroll permission to the Authenticated Users group.

    Does this meet the goal?

    1. Yes

    2. No

    Answer: B

    100% Ensurepass Free Download!
    Download Free Demo:70-980 Demo PDF
    100% Ensurepass Free Guaranteed!
    Download 2018 EnsurePass 70-980 Full Exam PDF and VCE

    EnsurePass ExamCollection Testking
    Lowest Price Guarantee Yes No No
    Up-to-Dated Yes No No
    Real Questions Yes No No
    Explanation Yes No No
    PDF VCE Yes No No
    Free VCE Simulator Yes No No
    Instant Download Yes No No