Ensurepass

QUESTION 321

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. The domain contains a virtual machine named VM1.

 

A developer wants to attach a debugger to VM1.

 

You need to ensure that the developer can connect to VM1 by using a named pipe.

 

Which virtual machine setting should you configure?

 

A.

BIOS

B.

Network Adapter

C.

COM 1

D.

Processor

 

Correct Answer: C

Explanation:

Named pipes can be used to connect to a virtual machine by configuring COM 1.

 

References:

http://support.microsoft.com/kb/819036

http://support.microsoft.com/kb/141709

 

 

 

QUESTION 322

Your network contains an Active Directory domain named contoso.com. The domain contains four servers. The servers are configured as shown in the following table.

 

 

clip_image001

 

You plan to deploy an enterprise certification authority (CA) on a server named Servers. Server5 will be used to issue certificates to domain-joined computers and workgroup computers.

 

You need to identify which server you must use as the certificate revocation list (CRL) distribution point for Server5.

 

Which server should you identify?

 

A.

Server1

B.

Server3

C.

Server4

D.

Server2

 

Correct Answer: B

Explanation:

CDP (and AD CS) always uses a Web Server

NB: this CDP must be accessible from outside the AD, but here we don’t have to wonder about that as there’s only one web server.

 

http://technet.microsoft.com/fr-fr/library/cc782183%28v=ws.10%29.aspx

 

Selecting a CRL Distribution Point

Because CRLs are valid only for a limited time, PKI clients need to retrieve a new CRL periodically. Windows Server 2003 PKI Applications look in the CRL distribution point extension for a URL that points to a network location from which the CRL object can be retrieved. Because CRLs for enterprise CAs are stored in Active Directory, they can be accessed by means of LDAP. In comparison, because CRLs for stand-alone CAs are stored in a directory on the server, they can be accessed by means of HTTP, FTP, and so on as long as the CA is online. Therefore, you should set the CRL distribution point after the CA has been installed.

 

The system account writes the CRL to its distribution point, whether the CRL is published manually or is published according to an established schedule. Therefore you must ensure that the system accounts for CAs have permission to write to the CRL distribution point. Because the CRL path is also included in every certificate, you must define the CRL location and its access path before deploying certificates. If an Application performs revocation checking and a valid CRL is not available on the local computer, it rejects the certificate.

 

You can modify the CRL distribution point by using the Certification Authority MMC snap-in. In this way, you can change the location where the CRL is published to meet the needs of users in your organization. You must move the CRL distribution point from the CA configuration folder to a Web server to change the location of the CRL, and you must move each new CRL to the new distribution point, or else the chain will break when the previous CRL expires.

 

Note

On root CAs, you must also modify the CRL distribution point in the CAPolicy.inf file so that the root CA certificate references the correct CDP and AIA paths, if specified. If you are using certificates on the Internet, you must have at least one HTTPs-accessible location for all certificates that are not limited to internal use.

 

http://technet.microsoft.com/en-us/library/cc771079.aspx

 

Configuring Certificate Revocation

It is not always possible to contact a CA or other trusted server for information about the validity of a certificate. To effectively support certificate status checking, a client must be able to access revocation data to determine whether the certificate is valid or has been revoked. To support a variety of scenarios, Active Directory Certificate Services (AD CS) supports industry-standard methods of certificate revocation. These include publication of certificate revocation lists (CRLs) and delta CRLs, which can be made available to clients from a variety of locations, including Active Directory Domain Services (AD DS), Web servers, and network file shares.

 

 

QUESTION 323

Your network contains an Active Directory forest named contoso.com. All domain controllers currently run Windows Server 2008 R2.

 

You plan to install a new domain controller named DC4 that runs Windows Server 2012 R2.

 

The new domain controller will have the following configurations:

 

clip_image003Schema master

clip_image003[1]Global catalog server

clip_image003[2]DNS Server server role

clip_image003[3]Active Directory Certificate Services server role

 

You need to identify which configurations cannot be fulfilled by using the Active Directory Domain Services Configuration Wizard.

 

Which two configurations should you identify? (Each correct answer presents part of the solution. Choose two.)

 

A.

Enable the global catalog server.

B.

Transfer the schema master.

C.

Install the Active Directory Certificate Services role.

D.

Install the DNS Server role.

 

Correct Answer: BC

Explanation:

AD Installation Wizard will automatically install DNS and allows for the option to set it as a global catalog server. ADCS and schema must be done separately.

 

clip_image005

 

 

QUESTION 324

DRAG DROP

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012.

 

The domain contains an organizational unit (OU) named OU1. OU1 contains an OU named OU2. OU2 contains a user named User1.

 

User1 is the member of a group named Group1. Group1 is in the Users container.

 

You create five Group Policy objects (GPO). The GPOs are configured as shown in the following table.

 

clip_image007

 

The Authenticated Users group is assigned the default permissions to all of the GPOs.

 

There are no site-level GPOs.

 

You need to identify which three GPOs will be applied to User1 and in which order the GPOs will be applied to User1.

 

Which three GPOs should you identify in sequence?

 

To answer, move the appropriate three GPOs from the list of GPOs to the answer area and arrange them in the correct order.

 

clip_image009

 

Correct Answer:

clip_image011

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 325

HOTSPOT

You have two servers that run Windows Server 2012 R2. The servers are configured as shown in the following table.

 

clip_image013

 

You need to ensure that Server2 can be managed by using Server Manager from Server1.

 

In the table below, identify which actions must be performed on Server1 and Server2.Make only one selection in each row. Each correct selection is worth one point.

 

clip_image015

 

Correct Answer:

clip_image017

 

 

 

 

 

QUESTION 326

Your network contains an Active Directory domain named contoso.com. The network contains a server named Server1 that runs Windows Server 2012 R2 and a server named Server2 that runs Windows Server 2008 R2 Service Pack 1 (SP1). Server1 and Server2 are member servers. You need to ensure that you can manage Server2 from Server1 by using Server Manager. Which two tasks should you perform? (Each correct answer presents part of the solution. Choose two.)

 

A.

Install Windows Management Framework 3.0 on Server2.

B.

Install Remote Server Administration Tools on Server1.

C.

Install the Windows PowerShell 2.0 engine on Server1.

D.

Install Microsoft .NET Framework 4 on Server2.

E.

Install Remote Server Administration Tools on Server2.

 

Correct Answer: AD

Explanation:

http://technet.microsoft.com/en-us/library/hh831456.aspx#BKMK_softconfig

 

clip_image019

 

 

QUESTION 327

Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-V server role installed.Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.

 

Server1 is configured as shown in the following table.

 

clip_image021

 

You need to configure VM4 to track the CPU, memory, and network usage.

 

What should you configure?

 

A.

NUMA topology

B.

Resource control

C.

Resource metering

D.

Virtual Machine Chimney

E.

The VLAN ID

F.

Processor Compatibility

G.

The startup order

H.

Automatic Start Action

I.

Integration Services

J.

Port mirroring

K.

Single-root I/O virtualization

 

Correct Answer: C

Explanation:

Metrics collected for each virtual machine using resource metering:

Average CPU usage, measured in megahertz over a period of time. Average physical memory usage, measured in megabytes. Minimum memory usage (lowest amount of physical memory). Maximum memory usage (highest amount of physical memory). Maximum amount of disk space allocated to a virtual machine. Total incoming network traffic, measured in megabytes, for a virtual network adapter.

Total outgoing network traffic, measured in megabytes, for a virtual network adapter

 

 

QUESTION 328

Your network contains a server named Server1 that has the Network Policy and Access Services server role installed.

 

AH of the network access servers forward connection requests to Server1.

 

You create a new network policy on Server1.

 

You need to ensure that the new policy applies only to connection requests from the 192.168.0.0/24 subnet.

 

What should you do?

 

A.

Set the Client IP4 Address condition to 192.168.0.0/24.

B.

Set the Client IP4 Address condition to 192.168.0.

C.

Set the Called Station ID constraint to 192.168.0_0/24.

D.

Set the Called Station ID constraint to 192_168.0

 

Correct Answer: A

Explanation:

After creating a network policy with the New Network Policy Wizard or by creating a custom policy, you can specify the conditions that connection requests must have in order to match the network policy; if the conditions configured in the policy match the connection request, Network Policy Server (NPS) applies the settings designated in the network policy to the connection.

 

Incorrect:

Not C, not D: Called station ID

Allows you to specify the telephone number of the dial-up server that clients are allowed to use to access the network.

 

 

 

 

QUESTION 329

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2.

 

The domain contains two domain controllers. The domain controllers are configured as shown in the following table.

 

clip_image023

 

Active Directory Recycle Bin is enabled.

 

You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago.

 

You need to restore the membership of Group1.

 

What should you do?

 

A.

Perform tombstone reanimation.

B.

Export and import data by using Dsamain.

C.

Perform a non-authoritative restore.

D.

Recover the items by using Active Directory Recycle Bin.

 

Correct Answer: B

Explanation:

As far as the benefits of the Windows 2012 Recycle Bin, they are the same as the Windows 2008 R2 recycle bin with the exception of the new user interface which makes it more user-friendly. These additional benefits include:

All deleted AD object information including attributes, passwords and group membership can be selected in mass then undeleted from the user interface instantly or via Powershell

User-friendly and intuitive interface to filter on AD objects and a time period

Can undelete containers with all child objects

https://www.simple-talk.com/sysadmin/exchange/the-active-directory-recycle-bin-in- windows-server-2008-r2/

http://communities.quest.com/community/quest-itexpert/blog/2012/09/24/the-windows- server-2012-recycle-binand-recovery-manager-for-active-directory

 

 

 

 

 

 

 

 

 

 

QUESTION 330

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 has the Remote Desktop Session Host role service installed. The computer account of Server1 resides in an organizational unit (OU) named OU1.

 

You create and link a Group Policy object (GPO) named GPO1 to OU1. GPO1 is configured as shown in the exhibit. (Click the Exhibit button.)

 

clip_image025

 

You need to prevent GPO1 from applying to your user account when you log on to Server1. GPO1 must apply to every other user who logs on to Server1.

 

What should you configure?

 

A.

Item-level targeting

B.

Security Filtering

C.

Block Inheritance

D.

WMI Filtering

 

Correct Answer: B

Explanation:

Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.

 

Free VCE & PDF File for Microsoft 70-417 Actual Tests

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…