Ensurepass

QUESTION 181

Is the following statement about Hyper-V true or false? Hyper-V does not support wireless networks.

 

A.

True

B.

False

 

Correct Answer: B

Explanation:

Hyper-V 2012 supports wireless (one of my VM is currently connected to internet using the wifi card of my laptop…) True that in 2008 R2 it was not supported (unless many customizations, i know it as i did it)

 

 

QUESTION 182

You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store.

 

Some users report that they fail to authenticate to the AD FS infrastructure.

 

You discover that only users who run third-party web browsers experience issues.

 

You need to ensure that all of the users can authenticate to the AD FS infrastructure successfully.

 

Which Windows PowerShell command should you run?

 

A.

Set-ADFSProperties -SSOLifetime 1:00:00

B.

Set-ADFSProperties -AddProxyAuthenticationRules None

C.

Set-ADFSProperties -ExtendedProtectionTokenCheck None

D.

Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00

 

Correct Answer: C

Explanation:

Disable the Extended Protection for Authentication feature in AD FS 2.0 Certain client browser software, such as Firefox, Chrome, and Safari, do not support the Extended Protection for Authentication capabilities that can be used across the Windows platform to protect against man-in-the-middle attacks. To prevent this type of attack from occurring over secure AD FS communications, AD FS 2.0 enforces (by default) that all communications use a channel binding token (CBT) to mitigate against this threat. However, if it is important that browser clients that do not support Extended Protection for Authentication must be used in your organization, you will have to adjust a feature setting in AD FS 2.0 that will disable the CBT from being used over communications, which, in turn, may leave client credentials vulnerable to man-in-the-middle attacks. If this is the case, you can disable the Extended Protection for Authentication feature by using the Windows PowerShell cmdlet Set-ADFSProperties in the following procedure.

 

To disable the Extended Protection for Authentication feature in AD FS 2.0

On a federation server, login using the Administrator account, open the Windows PowerShell command prompt, and then type the following command:

Set-ADFSProperties -ExtendedProtectionTokenCheck None Repeat this step on each federation server in the farm.

 

 

 

 

 

QUESTION 183

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as an enterprise certification authority (CA).

 

You need to ensure that all of the users in the domain are issued a certificate that can be used for the following purposes:

 

clip_image002Email security

clip_image002[1]Client authentication

clip_image002[2]Encrypting File System (EFS)

 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

 

A.

Modify the properties of the User certificate template, and then publish the template.

B.

From a Group Policy, configure the Certificate Services Client Certificate Enrollment Policy settings.

C.

From a Group Policy, configure the Automatic Certificate Request Settings settings.

D.

Duplicate the User certificate template, and then publish the template.

E.

From a Group Policy, configure the Certificate Services Client Auto-Enrollment settings.

 

Correct Answer: DE

Explanation:

The default user template supports all of the requirements EXCEPT autoenroll as shown below:

 

clip_image004

 

However a duplicated template from users has the ability to autoenroll:

 

clip_image006

 

The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.

 

clip_image008

 

 

QUESTION 184

Sometimes its important to remove an RODC from your forest or domain.

 

However, its important that you follow a simple rule whilst removing RODC’s.

 

What is this rule?

 

A.

All RODC’s must be detached before removing a final writable domain controller

B.

All writable domain controllers must be removed before RODC’s can be detached

C.

Your forest must only consist of RODC’s if you want to remove them

D.

There are no rules for removing RODC’s

 

Correct Answer: A

Explanation:

After researching this and using logic, we need a writable DC for a RODC to exist, therefore we have to remove all RODC’s before removing the last writable DC.

 

 

QUESTION 185

DRAG DROP

clip_image010

 

Correct Answer:

clip_image012

 

 

 

 

 

 

QUESTION 186

Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as shown in the following table.

 

clip_image014

 

The network contains a server named Server1 that has the Hyper-V server role installed. DC6 is a virtual machine that is hosted on Server1.

 

You need to ensure that you can clone DC6.

 

Which FSMO role should you transfer to DC2?

 

A.

Rid master

B.

Domain naming master

C.

PDC emulator

D.

Infrastructure master

 

Correct Answer: C

Explanation:

The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 R2 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows Server 2012 R2, but it does not have to be running on a hypervisor.

http://technet.microsoft.com/en-us/library/hh831734. aspx

 

 

QUESTION 187

Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet.

 

You implement DirectAccess by using the default configuration.

 

You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com.

 

Which settings should you configure in a Group Policy object (GPO)?

 

A.

DirectAccess Client Experience Settings

B.

Name Resolution Policy

C.

DNS Client

D.

Network Connections

 

Correct Answer: B

Explanation:

For DirectAccess, the NRPT must be configured with the namespaces of your intranet with a leading dot (for example, .internal.contoso.com or .corp.contoso.com). For a DirectAccess client, any name request that matches one of these namespaces will be sent to the specified intranet Domain Name System (DNS) servers.

 

Include all intranet DNS namespaces that you want DirectAccess client computers to access.

There are no command line methods for configuring NRPT rules. You must use Group Policy settings. To configure the NRPT through Group Policy, use the Group Policy add-in at Computer Configuration PoliciesWindows SettingsName Resolution Policy in the Group Policy object for DirectAccess clients. You can create a new NRPT rule and edit or delete existing rules. For more information, see Configure the NRPT with Group Policy.

 

 

QUESTION 188

DRAG DROP

You have a server named Server1 that runs Windows Server 2012 R2. You are asked to test Windows Azure Online Backup to back up Server1. You need to back up Server1 by using Windows Azure Online Backup.

 

Which four actions should you perform in sequence?

 

To answer, move the appropriate four actions from the list of actions to the answer area and arrange them in the correct order.

 

clip_image016

 

Correct Answer:

clip_image018

 

 

QUESTION 189

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a server named Server1.

 

You install the Windows PowerShell Web Access gateway on Server1.

 

You need to provide administrators with the ability to manage the servers in the domain by using the Windows PowerShell Web Access gateway.

 

Which two cmdlets should you run on Server1? (Each correct answer presents part of the solution. Choose two.)

 

A.

Install PswaWebApplication

B.

Add PswaAuthorizationRule

C.

Set-WSManlnstance

D.

Set-WSManQuickConfig

E.

Set-BCAuthentication

 

Correct Answer: AB

Explanation:

Configure PowerShell Web Access Gateway using the following PowerShell Cmdlet.

Install-PswaWebApplication -UseTestCertificate

Running the cmdlet installs the Windows PowerShell Web Access web application within the IIS Default Web Site container. The cmdlet creates the infrastructure required to run Windows PowerShell Web Access on the default website, https://<server_name>/pswa.

Add-PswaAuthorizationRule

Adds a new authorization rule to the Windows PowerShell Web Access authorization rule set.

Parameters:

ComputerGroupName

ComputerName

ConfigurationName

RuleName

UserGroupName

UserName

Credential (Windows Server 2012 R2 and later)

 

References:

http://technet.microsoft.com/en-us/library/hh849867.aspx

http://technet.microsoft.com/en-us/library/hh849875.aspx

http://technet.microsoft.com/en-us/library/jj592890(v=wps.620).aspx

http://technet.microsoft.com/en-us/library/hh848404(v=wps.620).aspx

http://technet.microsoft.com/en-us/library/jj592894(v=wps.620).aspx

 

 

QUESTION 190

Virtual Network Manager (available from the Hyper-V Manager snap-in) offers three types of virtual networks that you can use to define various networking topologies for virtual machines and the virtualization server. Which type of virtual network is isolated from all external network traffic on the virtualization server, as well any network traffic between the management operating system and the external network.

 

A.

Internal virtual network

B.

Private virtual network

C.

External virtual network

D.

None of these

 

Correct Answer: B

 

Free VCE & PDF File for Microsoft 70-417 Actual Tests

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…