Case Study 1: Contoso, Ltd

Overview
Contoso, Ltd., is a healthcare company in Europe that has 2,000 users.
The company is migrating to Windows Server 2012.
The company has two main offices and two branch offices.
The main offices are located in Paris and Amsterdam.
One of the branch offices is a sales office located in Berlin.
The other branch office is a research office located in Brussels.
The offices connect to each other by using a WAN link.

Current Environment
Active Directory
The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each
office. The forest contains a child domain named research.contoso.com.

The functional level of both the domains is Windows Server 2008. In each site, there are two domain
controllers for the contoso.com domain and two domain controllers for the research.contoso.com domain.

The domain controllers run Windows Server 2008 R2. All of the domain controllers are global catalog
servers. The FSMO roles were not moved since the domains were deployed.

Network Infrastructure
All servers run Windows Server 2008 R2. Each user has a laptop computer that runs Windows 7.
The company has 10 print servers. Each print server contains several shared printers.

The company has 10 file servers that have the following disk configurations:

A simple volume named C that is the System and Boot volume and is formatted NTFS
A mounted virtual hard disk (VHD) named DATA that is formatted NTFS
A simple volume named D that is formatted FAT32
A simple volume named E that is formatted NTFS
A Clustered Shared Volume (CSV)

The Paris office contains a server named PA1.

The Amsterdam office contains a server named AMI.

Both servers have the following server roles installed:

DNS Server
DHCP Server
Remote Access

The DNS servers are configured to use the DNS servers of the company's Internet Service Provider (ISP) as
forwarders. Users often work remotely. The users access the internal network by using an SSTP-based VPN
connection.

Requirements
Planned Changes
The company plans to implement the following changes:

 Create a child domain named sales.contoso.com.

Only the domain controllers in sales.contoso.com will host a zone for the sales.contoso.com domain.
 The domain controllers in sales.contoso.com will run Windows Server 2012.
The client computers in sales.contoso.com will use the sales.contoso.com domain controllers as
their DNS servers.
 Implement two servers in the Amsterdam office and two servers in the Paris office to replace PA1
and AMI.
These new servers will run Windows Server 2012 and will not have shared storage.
 Decommission the research.contoso.com domain.
All of the users and the Group Policy objects (GPOs) in research.contoso.com will be migrated to
contoso.com.
 Migrate the existing print queues to virtualized instances of Windows Server 2012.
 Migrate the file servers to new servers that run Windows Server 2012.
 Implement RADIUS authentication for VPN connections.
 Deploy Windows Server 2012 to all new servers.

Technical Requirements
The company identifies following technical requirements:

 All changes to Group Policies must be logged.

 Network Access Protection (NAP) policies must be managed centrally.
 Core networking services in each office must be redundant if a server fails.
 The possibility of IP address conflicts during the DHCP migration must be minimized.
 A central log of the IP address leases and the users associated to those leases must be created.
 All of the client computers must be able to resolve internal names and internet names.
 Administrators in the Paris office need to deploy a series of desktop restrictions to the entire
company by using Group Policy.
 The new sales.contoso.com domain will contain a web application that will access data from a
Microsoft
 SQL Server located in the contoso.com domain.
The web application must use integrated Windows authentication.
 Users' credentials must be passed from the web applications to the SQL Server.

Questions
Question 1
You are planning the migration of research.contoso.com.
You need to identify which tools must be used to perform the migration.

Which tools should you identify?

A. Active Directory Migration Tool version 3.2 (ADMT v3.2) and Group Policy Management Console
(GPMC)
B. Active Directory Federation Services (AD FS) and Microsoft Federation Gateway
C. Active Directory Migration Tool version 3.2 (ADMT v3.2) and Active Directory Federation Services
(AD FS)
D. Active Directory Lightweight Directory Services (AD LDS) and Group Policy Management Console
(GPMC)

Correct answer: A

Question 2
You need to recommend a management solution for the GPOs.
The solution must meet the technical requirements.

What should you include in the recommendation?

A. Microsoft Desktop Optimization Pack (MDOP)

B. Microsoft System Center 2012 Operations Manager
 C. Microsoft System Center 2012 Data Protection Manager (DPM)
D. Microsoft Baseline Security Analyzer (MBSA)

Correct answer: A

Explanation/Reference:

http://technet.microsoft.com/en-us/windows/microsoft-desktop-optimization-pack.aspx

Microsoft Desktop Optimization Pack contains Advanced Group Policy Management.

By providing change control, offline editing, and role-based delegation, Microsoft® Advanced Group Policy
Management (AGPM) can help you better manage Group Policy objects (GPOs) in your environment. AGPM
is a key component of the Microsoft Desktop Optimization Pack (MDOP). AGPM 4.0 introduces support for
searching, cross-forest management, and the latest Windows® operating systems.

Question 3
You need to recommend a solution for DHCP logging.
The solution must meet the technical requirement.

What should you include in the recommendation?

A. Event subscriptions
B. IP Address Management (IPAM)
C. DHCP audit logging
D. DHCP filtering

Correct answer: B

Question 4
You are evaluating the implementation of data deduplicatton on the planned Windows Server 2012 file
servers. The planned servers will have the identical disk configurations as the current servers.

You need to identify which volumes can be enabled for data deduplication.

Which volumes should you identify?

(Each correct answer presents part of the solution. Choose all that apply.)

A. C
B. D
C. E
D. The CSV
E. DATA

Correct answer: C, E

Explanation/Reference:

http://technet.microsoft.com/en-us/library/hh831700.aspx
Volumes that are candidates for deduplication must conform to the following requirements:
 Must not be a system or boot volume. Deduplication is not supported on operating system volumes.
 Can be partitioned as a master boot record (MBR) or a GUID Partition Table (GPT), and must be
formatted using the NTFS file system.
 Can reside on shared storage, such as storage that uses a Fibre Channel or an SAS array, or when
an iSCSI SAN and Windows Failover Clustering is fully supported.
 Do not rely on Cluster Shared Volumes (CSVs). You can access data if a deduplication-enabled
volume is converted to a CSV, but you cannot continue to process files for deduplication.
  Do not rely on the Microsoft Resilient File System (ReFS).
 Must be exposed to the operating system as non-removable drives. Remotely-mapped drives are not
supported.

Question 5
You need to recommend which changes must be implemented to the network before you can deploy the new
web application.

What should you include in the recommendation?

A. Upgrade the DNS servers to Windows Server 2010.
B. Upgrade the domain controllers to Windows Server 2012.
C. Change the forest functional level to Windows Server 2008 R2.
D. Change the functional level of both the domains to Windows Server 2008 R2.

Correct answer: B

Question 6
You need to recommend changes to the DNS environment that support the implementation of the
sales.contoso.com domain.

The solution must ensure that the users in all of the domains can resolve both Internet names and the
names of the servers in all of the internal domains.

What should you recommend?

A. On the DNS servers in contoso.com, create a zone delegation in the contoso.com zone.
On the DNS servers in sales.contoso.com, add a forwarder to the contoso.com DNS servers.
B. On the DNS servers in contoso.com, configure a reverse lookup zone.
On the DNS servers in sales.contoso.com, configure a conditional forwarder to contoso.com.
C. On the DNS servers in contoso.com, configure a conditional forwarder to sales.contoso.com.
On the DNS servers in sales.contoso.com, configure a reverse zone.
D. On the DNS servers in contoso.com, add a conditional forwarder to the sales.contoso.com zone.
On the DNS servers in sales.contoso.com, add a forwarder to the DNS servers of the company's ISP.

Correct answer: A

Question 7
You are planning the implementation of two new servers that will be configured as RADIUS servers.
You need to recommend which configuration must be performed on the VPN servers.
The solution must meet the technical requirements.

What should you do on each VPN server?

A. Install the Health Registration Authority role service.

B. Add a RADIUS client.
C. Enable DirectAccess.
D. Modify the authentication provider.

Correct answer: D

Question 8
After the planned upgrade to Windows Server 2012, you restore a user account from the Active Directory
Recycle Bin.

You need to replicate the restored user account as quickly as possible.

Which cmdlets should you run?

A. Get-ADReplicationSite and Set-ADReplicationConnection

B. Get-ADReplicationAttributeMetadata and Compare-Object
C. Get-ADReplicationUpToDatenessVectorTable and Set-ADReplicationSite
D. Get ADDomainController and Sync-ADObject

Correct answer: D

Question 9
You implement a new virtualized print server that runs Windows Server 2012.
You need to migrate the print queues.

Which tool should you use?

A. Windows Server Migration Tools

B. Active Directory Migration Tool (ADMT)
C. Print Management
D. Computer Management

Correct answer: C

Question 10
You need to recommend a fault-tolerant solution for the VPN.
The solution must meet the technical requirements.

What should you include in the recommendation?

A. DirectAccess
B. Failover Clustering
C. Network adapter teaming
D. Network Load Balancing (NLB)

Correct answer: D

Question 11
You are planning the decommissioning of research.contoso.com.

You need to ensure that an administrator named Admin5 in the research department can manage the user
accounts that are migrated to contoso.com.
The solution must minimize the number of permissions assigned to Admin5.

What should you do before you migrate the user accounts?

A. Run the New-Object cmdlet, and then run the Add-ADCentralAccessPolicyMember cmdlet.
B. Create a new organizational unit (OU), and then add Admin5 to the Account Operators group.
C. Run the New-Object cmdlet, and then run the Add-ADPrincipalGroupMembership cmdlet.
D. Create a new organizational unit (OU), and then run the Delegation of Control Wizard.

Correct answer: D

Question 12
You implement and authorize the new DHCP servers.
You import the server configurations and the scope configurations from PA1 and AM1.
You need to ensure that clients can obtain DHCP address assignments after you shut down PA1 and AMI.

The solution must meet the technical requirements. What should you do?

A. Run the Get-DhcpServerv4Lease cmdlet and the Remove-DhcpServerv4Lease cmdlet.

Run the Windows Server Migration Tools.
B. Run the Get-DhcpServerv4Lease cmdlet and the Add-DhcpServerv4Lease cmdlet.
Activate the scopes.
C. Run the Get-DhcpServerv4FreeIPAddress cmdlet and the Invoke-DhcpServerv4FailoverReplication
cmdlet.
Activate the scopes.
D. Run the Get-DhcpServerv4FreeIPAddress cmdlet and the Invoke-DhcpServerv4FailoverReplication
cmdlet.
Run the Windows Server Migration Tools.

Correct answer: B

Question 13
What method should you use to deploy servers?

A. WDS
B. AIK
C. ADK
D. EDT

Correct answer: A
Case Study 2: Litware, Inc

Overview
Litware, Inc. is a manufacturing company. The company has a main office and two branch offices. The main
office is located in Seattle. The branch offices are located in Los Angeles and Boston.

Current Environment
Active Directory
The network contains an Active Directory forest named litwareinc.com.
The forest contains a child domain for each office.
The child domains are named boston.litwareinc.com and la.litwareinc.com.
An Active Directory site exists for each office.

In each domain, all of the client computer accounts reside in an organizational unit (OU) named
AllComputers and all of the user accounts reside in an OU named AllUsers.

All domain controllers run Windows Server 2008 R2 and are configured as DNS servers.
The functional level of the domain and the forest is Windows Server 2008.

Network Infrastructure
The main office has the following servers:

Five physical Hyper-V hosts that run Windows Server 2012

Three virtual file servers that run Windows Server 2008 R2
One physical DHCP server that runs Windows Server 2008 R2
Ten physical application servers that run Windows Server 2012
One virtual IP Address Management (IPAM) server that runs Windows Server 2012
One virtual Windows Server Update Services (WSUS) server that runs Windows Server 2008 R2
One physical domain controller and two virtual domain controllers that run Windows Server 2008 R2

Each branch office has following servers:

One virtual file server that runs Windows Server 2008 R2

Two physical Hyper-V hosts that run Windows Server 2012
One physical DHCP server that runs Windows Server 2008 R2
One physical domain controller and two virtual domain controllers that run Windows Server 2008 R2

All of the offices have a high-speed connection to the Internet.

The offices connect to each other by using T1 leased lines.
The IPAM server in the main office gathers data from the DNS servers and the DHCP servers in all of the
offices.

Requirements
Planned Changes
The company plans to implement the following changes:

 Implement the Active Directory Recycle Bin.

 Implement Network Access Protection (NAP).
 Implement Folder Redirection in the Boston office only.
 Deploy an application named App1 to all of the users in the Boston office only.
 Migrate to IPv6 addressing on all of the servers in the Los Angeles office. Some application servers
in the
 Los Angeles office will have only IPv6 addresses.
Technical Requirements
The company identifies the following technical requirements:

 Minimize the amount of administrative effort whenever possible.

 Ensure that NAP with IPSec enforcement can be configured.
 Rename boston.litwareinc.com domain to bos.htwareinc.com.
 Migrate the DHCP servers from the physical servers to a virtual server that runs Windows Server
2012.
 Ensure that the members of the Operators groups in all three domains can manage the IPAM server
from their client computer.

VPN Requirements
You plan to implement a third-party VPN server in each office.
The VPN servers will be configured as RADIUS clients.
A server that runs Windows Server 2012 will perform RADIUS authentication for all of the VPN connections.

Virtualization Requirements
The company identifies the following virtualization requirements:

 Virtualize the application servers.

 Ensure that the additional domain controllers for the branch offices can be deployed by using domain
controller cloning.
 Automatically distribute the new virtual machines to Hyper-V hosts based on the current resource
usage of the Hyper-V hosts.

Server Deployment Requirements

The company identifies the following requirements for the deployment of new servers on the network:

 Deploy the new servers over the network.

 Ensure that all of the server deployments are done by using multicast.

Security Requirements
A new branch office will open in Chicago.
The new branch office will have a single read- only domain controller (RODC).
Confidential attributes must not be replicated to the Chicago office.

Questions
Question 1
You need to implement the technical requirements for the boston.litwareinc.com domain.

Which tools should you use?

A. Gpfixup and Gpupdate

B. Rendom and Gpfixup
C. Gpupdate and Dcgpofix
D. Adprep and Rendom

Correct answer: B

Explanation/Reference: Rename the domain with rendom and make the GPOs work with the new domain
name with gpfixup
Question 2
You need to recommend a server virtualization strategy that meets the technical requirements and the
virtualization requirements.

What should you include in the recommendation?

A. Windows Server Backup
B. The Microsoft Virtual Machine Converter
C. Microsoft System Center 2012 Virtual Machine Manager (VMM)
D. Disk2vhd

Correct answer: C

Question 3
You need to recommend a remote access solution that meets the VPN requirements.

Which role service should you include in the recommendation?

A. Routing
B. Network Policy Server
C. DirectAccess and VPN (RAS)
D. Host Credential Authorization Protocol

Correct answer: B

Question 4
You need to recommend changes to the Active Directory site topology to support on the company's planned
changes.

What should you include in the recommendation?

A. A new site link bridge

B. A new subnet
C. A new site link
D. A new site

Correct answer: B

Question 5
You need to recommend an IPAM management solution for the Operators groups.
The solution must meet the technical requirements.

What should you include in the recommendation?

A. Run the Invoke IpamGpoProvisioning cmdlet in all three domains. Add the computers used by the
members of the Operators group to the IPAM server.
B. Modify the membership of the IPAM Administrators group and the WinRMRemoteWMIUsers_ group
on the IPAM server.
C. Run the Set-IpamConfiguration cmdlet on the IPAM server. Run the Invoke-IpamGpoProvisioning
cmdlet in all three domains.
D. Run the Set-IpamConfiguration cmdlet and modify the membership of the
WinRMRemoteWMIUsers_ group on the IPAM server.

Correct answer: B
Question 6
You need to recommend a migration strategy for the DHCP servers.
The strategy must meet the technical requirements.

Which Windows PowerShell cmdlet should you recommend running on the physical DHCP servers?

A. Receive-SmigServerData
B. Import-SmigServerSetting
C. Export-SmigServerSetting
D. Send-SmigServerData

Correct answer: C

Explanation/Reference:
The DHCP roles will have to be migrated from the physical servers to virtual servers.
You have to export the server settings on the physical servers, than
you have to import the server settings on the virtual servers.

http://technet.microsoft.com/en-us/library/ee662317.aspx

Example:

Export-SmigServerSetting -Feature "DHCP" -User All -Group -Path "c:\temp\store" -Verbose

This sample command exports the Dynamic Host Configuration Protocol (DHCP) Server and all other
Windows features that are required by DHCP Server.
The command also exports local user accounts, local groups, and group memberships to the location
c:\temp\store that is specified in the -Path parameter.

Question 7
You need to recommend a solution that meets the security requirements.

Which schema attribute properties should you recommend modifying?

A. isCriticalSystemObject
B. searchFlags
C. schemaFlagsEx
D. isIndexed

Correct answer: B

Question 8
You need to recommend a Group Policy strategy to support the company's planned changes.

What should you include in the recommendation?

A. Link a Group Policy object (GPO) to the AllComputers OU in each domain.

B. Link a Group Policy object (GPO) to litwareinc.com and configure filtering.
C. Link a Group Policy object (GPO) to each domain.
D. Link a Group Policy object (GPO) to the Boston site.

Correct answer: D

Question 9
You need to ensure that NAP meets the technical requirements.
Which role services should you install?

A. Network Policy Server, Health Registration Authority and Host Credential Authorization Protocol
B. Health Registration Authority, Host Credential Authorization Protocol and Online Responder
C. Certification Authority, Network Policy Server and Health Registration Authority
D. Online Responder, Certification Authority and Network Policy Server

Correct answer: C

Question 10
You need to recommend a change to the Active Directory environment to support the company's planned
changes.

What should you include in the recommendation?

A. Upgrade the domain controllers that have the PDC emulator master role to Windows Server 2012.
B. Raise the functional level of the domain and the forest.
C. Implement Administrator Role Separation.
D. Upgrade the domain controller that has the domain naming master role to Windows Server 2012.

Correct answer: B

Explanation/Reference:
http://technet.microsoft.com/en-us/library/dd379481%28v=ws.10%29.aspx

You can enable Active Directory Recycle Bin only if the forest functional level of your environment is set to
Windows Server 2008 R2.
Current functional level of the domain and the forest is Windows Server 2008.

Question 11
You need to recommend changes to the Active Directory environment to support the virtualization
requirements.

What should you include in the recommendation?

A. Raise the functional level of the domain and the forest.

B. Implement Administrator Role Separation.
C. Upgrade the domain controllers that have the PDC emulator master role to Windows Server 2012.
D. Upgrade the domain controller that has the domain naming master role to Windows Server 2012.

Correct answer: C

Explanation/Reference:
http://technet.microsoft.com/en-us/library/jj574223.aspx#BKMK_VDCCloning

Question 12
You need to recommend a server deployment strategy for the main office that meets the server deployment
requirements.

What should you recommend installing in the main office?

A. Windows Deployment Services (WDS)

B. The Windows Assessment and Deployment Kit (Windows ADK)
C. The Windows Automated Installation Kit (Windows AIK)
D. The Express Deployment Tool (EDT)
Correct answer: A
Mixed Questions A
Question 1
Your company has a main office and four branch offices.
The main office is located in London.

The network contains an Active Directory domain named contoso.com.

The network is configured as shown in the exhibit.

Each office contains several servers that run Windows Server 2012.

In each branch office, you plan to deploy an additional 20 servers that will run Windows Server 2012.
Some of the servers will have a Server Core Installation of Windows Server 2012.

You identify the following requirements for the deployment of the new servers:

 Operating system images must be administered centrally.

 The operating system images must be deployed by using PXE.
 The WAN traffic caused by the deployment of each operating system must be minimized.

You need to recommend a solution for the deployment of the new servers.

What should you recommend?

A. Deploy Windows Deployment Services (WDS) in each office.

Replicate the images by using Distributed File System (DFS) Replication.
B. Deploy Windows Deployment Services (WDS) in each office.
Copy the images by using BranchCache.
C. Deploy Windows Deployment Services (WDS) in the main office only.
Copy the images by using BranchCache.
D. Deploy Windows Deployment Services (WDS) in the main office only.
Replicate the images by using Distributed File System (DFS) Replication.

Correct answer: A
Question 2
Your network contains an Active Directory domain named contoso.com.
The domain contains a Microsoft System Center 2012 infrastructure.
The domain contains two sites named Site1 and Site2.
The sites connect to each other by using a 1-Mbps WAN link.

The sites contain four servers.

The servers are configured as shown in the following table:

Server Name Site Configuration
Server1 Site1 Windows Server 2012
Virtual Machine Manager (VMM)
Windows Deployment Services (WDS)
Server2 Site1 Windows Server 2008 R2
Virtual Machine Manager (VMM)
Library
Server3 Site1 Windows Server 2012
Hyper-V
Server4 Site2 Windows Server 2012

In Site2, you plan to deploy 50 Hyper-V hosts.

You need to recommend a solution to deploy the Hyper-V hosts by using VMM.

The solution must minimize the amount of traffic between Site1 and Site2 during deployment.
What should you recommend?

A. On Server4, install VMM.

From the Virtual Machine Manager console, add Server1 as a PXE server and add Server4 as a
library server.
B. On Server4, install VMM.
From the Virtual Machine Manager console, add Server1 as a PXE server and a library server.
C. On Server4, install WDS.
From the Virtual Machine Manager console, add Server4 as a PXE server and a library server.
D. On Server4, install WDS.
From the Virtual Machine Manager console, add Server4 as a PXE server and add Server1 as a
library server.

Correct answer: C

Question 3
Your network contains an Active Directory forest named contoso.com.
The forest contains five domains.

You need to ensure that the CountryCode attribute is replicated to the global catalog.

What should you do?

A. Modify the configuration partition.

B. Create and modify an application partition.
C. Modify the schema partition.
D. Modify the domain partitions.

Correct answer: C

Question 4
Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2008 R2.
All domain controllers are installed on physical servers.
The network contains several Hyper-V hosts.
The network contains a Microsoft System Center 2012 infrastructure.
You plan to use domain controller cloning to deploy several domain controllers that will run Windows Server
2012.

You need to recommend which changes must be made to the network infrastructure before you can use
domain controller cloning.

What should you recommend?

A. Upgrade the domain controller that has the infrastructure master operations master role to Windows
Server 2012.
Install the Windows Deployment Services server role on a server that runs Windows Server 2012.
B. Upgrade the domain controller that has the PDC emulator operations master role to Windows Server
2012.
Deploy a Hyper-V host that runs Windows Server 2012.
C. Upgrade a global catalog server to Windows Server 2012.
Install the Windows Deployment Services server role on a server that runs Windows Server 2012.
D. Upgrade a global catalog server to Windows Server 2012.
Deploy Virtual Machine Manager (VMM).

Correct answer: B

Question 5
Your network contains an Active Directory domain named contoso.com.
The domain contains three Active Directory sites.

The Active Directory sites are configured as shown in the following table:
Site Name Location
Site1 New York
Site2 Vancouver
Site3 Beijing

The sites connect to each other by using the site links shown in the following table:

Site Link Name Connected Sites

Link1 Site1 and Site2
Link2 Site2 and Site3
Link3 Site1 and Site3

You need to design the Active Directory site topology to meet the following requirements:

 Ensure that all replication traffic between Site2 and Site3 replicates through Site1 if a domain
controller in Site1 is available.
 Ensure that the domain controllers between Site2 and Site3 can replicate if all of the domain
controllers in Site1 are unavailable.

What should you do?

A. Delete Link2.
B. Create one SMTP site link between Site1 and Site3. Create one SMTP site link between Site1 and
Site2.
C. Create one site link bridge.
D. Delete Link1.

Correct answer: A
Question 6
Your network contains an Active Directory forest named contoso.com.
You plan to deploy 200 new physical servers during the next 12 months by using Windows Deployment
Services (WDS).

You identify four server builds for the 200 servers as shown in the following table:
Build Name Configuration
File Servers Full installation of Windows Server 2012
Distrubuted File System (DFS) role servce
Web Servers Server Core installation of Windows Server 2012
Web Server (IIS) server role
Domain Controllers Full installation of Windows Server 2012
DNS Server server role
Networking Servers Server Core installation of Windows Server 2012
DHCP Server server role
WINS Server server role

You need to recommend the minimum number of images that must be created for the planned deployment.

How many images should you recommend?

A. 1
B. 2
C. 3
D. 4

Correct answer: A

Explanation/Reference:
http://technet.microsoft.com/en-us/library/hh831764.aspx

Question 7
Your company has a main office and four branch offices.
The main office is located in London.
The network contains an Active Directory domain named contoso.com.
Each office contains one domain controller that runs Windows Server 2012.

The Active Directory site topology is configured as shown in the exhibit:

You discover that when a domain controller in a branch office is offline for maintenance,
users in that branch office are authenticated by using the domain controllers in any of the sites.

You need to recommend changes to Active Directory to ensure that when a domain controller in a branch
office is offline, the users in that branch office are authenticated by the domain controllers in London.

What should you include in the recommendation?

A. Modify the site link costs.

B. Modify the DC Locator DNS Records settings.
C. Disable site link bridging.
D. Modify the service location (SRV) records in DNS.

Correct answer: B

Question 8
Your network contains an Active Directory domain named contoso.com.

The physical topology of the network is configured as shown in the exhibit:

Each office contains 500 employees.

You plan to deploy several domain controllers to each office.

You need to recommend a site topology for the planned deployment.

What should you include in the recommendation?

(More than one answer choice may achieve the goal. Select the BEST answer.)

A. Five sites and three site links

B. Five sites and one site link
C. Three sites and three site links
D. One site

Correct answer: A

Question 9
Your company has a main office and a branch office.
The main office contains 2,000 users.
The branch office contains 800 users.
Each office contains three IP subnets.
The company plans to deploy an Active Directory forest.

You need to recommend an Active Directory infrastructure to meet the following requirements:
  Ensure that the users are authenticated by using a domain controller in their respective office.
 Minimize the amount of Active Directory replication traffic between the offices.

Which Active Directory infrastructure should you recommend?

(More than one answer choice may achieve the goal. Select the BEST answer.)

A. Two domains and one site

B. Two domains and two sites
C. One domain and two sites
D. One domain and six sites

Correct answer: B

Explanation/Reference:
http://technet.microsoft.com/en-us/library/bb742457.aspx

Question 10
Your network contains an Active Directory domain named contoso.com.

The Active Directory site topology is configured as shown in the exhibit:

DC1 and DC2 run Windows Server 2003 R2.

All FSMO roles are located on DC2.
You plan to deploy a read-only domain controller (RODC) to Site3.

You need to recommend changes to the network to support the planned RODC implementation.

What should you recommend?

(More than one answer choice may achieve the goal. Select the BEST answer.)

A. To Site1, add an RODC that runs Windows Server 2012.

B. Replace DC2 with a domain controller that runs Windows Server 2012.
C. To Site2, add an RODC that runs Windows Server 2012.
D. Replace DC1 with a domain controller that runs Windows Server 2012.

Correct answer: D

Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc772065%28v=ws.10%29.aspx

Each RODC requires a writable domain controller running Windows Server 2008 for the same domain from
which the RODC can directly replicate.
Typically, this requires that a writable domain controller running Windows Server 2008 be placed in the
nearest site in the topology.
Question 11
Your network contains a Hyper-V host named Host1 that runs Windows Server 2012.
Host1 contains a virtual machine named DC1.
DC1 is a domain controller that runs Windows Server 2012.
You plan to clone DC1.

You need to recommend which steps are required to prepare DC1 to be cloned.

What should you include in the recommendation?

(Each correct answer presents part of the solution. Choose all that apply.)

A. Run sysprep.exe /oobe.

B. Run New-VirtualDiskClone.
C. Create a file named dccloneconfig.xml.
D. Add DC1 to the Cloneable Domain Controllers group.
E. Run dcpromo.exe /adv.

Correct answer: C, D

Explanation/Reference:
http://blogs.technet.com/b/askpfeplat/archive/2012/10/01/virtual-domain-controller-cloning-in-
windows-server-2012.aspx

Question 12
Your network contains an Active Directory domain named contoso.com.
Your company plans to open a branch office.
The branch office will have 10 client computers that run Windows 8 and at least one server that runs
Windows Server 2012.
The server will host BranchCache files and manage print queues for the network print devices in the branch
office.

You need to recommend a solution to ensure that the users in the branch office can print if the branch office
server fails.

What should you recommend?

(More than one answer choice may achieve the goal. Select the BEST answer.)

A. Printer pooling
B. Branch Office Direct Printing
C. A standby print server
D. A print server cluster
E. A secure Web Services on Devices (WSD) printer

Correct answer: B

Explanation/Reference:
http://technet.microsoft.com/en-us/library/jj134156.aspx

Branch Office Direct Printing can reduce Wide Area Network (WAN) usage by printing directly to a print
device instead of a server print queue.
This feature can be enabled or disabled on a per printer basis and is transparent to the user.
This feature requires a print server running Windows Server 2012 and clients running Windows 8.
It is enabled by an administrator using the Print Management Console or Windows PowerShell on the server.

Question 13
Your company has a main office that contains several servers and several users.
The main office contains a file server named Server1 that runs Windows Server 2012.
The users access a large report file that is created on Server1 each day.
The company plans to open a new branch office.
The branch office will contain only client computers.

You need to implement a solution to reduce the amount of bandwidth used by the client computers in the
branch office to download the report each day.

What should you do?

(More than one answer choice may achieve the goal. Select the BEST answer.)

A. Install the BranchCache for network files role service on Server1.

Configure the client computers to use BranchCache in hosted cache mode.
B. Configure the offline settings of the shared folder that contains the report.
C. Install the BranchCache for network files role service on Server1.
Configure the client computers to use Branchcache in distributed mode.
D. Enable the Background Intelligent Transfer Service (BITS) feature on Server1 and on each client
computer in the branch office.
Move the report to a web folder.

Correct answer: C

Explanation/Reference:
http://technet.microsoft.com/library/ee649232(WS.10).aspx

Distributed cache mode. In this mode, branch office client computers download content from the content
servers in the main office and then cache the content for other computers in the same branch office.
Distributed cache mode does not require a server computer in the branch office.

Question 14
Your network contains an Active Directory domain named contoso.com.

The domain contains four computers that are configured as shown in the following table:

Server Name Hypervisor

Server1 Hyper-V on Windows Server 2012
Server2 Hyper-V on Windows Server 2008 R2
Server3 VMware ESXi 5.0
Client1 Hyper-V on Windows 8

You plan to use domain controller cloning.

You need to identify on which computers you can clone domain controllers that run Windows Server 2012.

Which computers should you identify?

(Each correct answer presents part of the solution. Choose all that apply.)

A. Server1
B. Server2
C. Server3
D. Client1

Correct answer: A, D

Question 15
Your network contains an Active Directory domain named contoso.com.
You deploy several servers that have the Remote Desktop Session Host role service installed.
You have two organizational units (OUs).

The OUs are configured as shown in the following table:

 OU Name Group Policy Link Contents
OU1 GPO1 Sales Department user accounts
OU2 GPO2 Computer accounts of the
Remote Desktop Session Host
(RD Session Host) server

GPO1 contains the Folder Redirection settings for all of the users.

You need to recommend a solution to prevent the sales users' folders from being redirected when the users
log on to a Remote Desktop session.

What should you include in the recommendation?

A. From GPO2, set the loopback processing mode.

B. Apply a WMI filter to GPO2.
C. Configure security filtering for GPO1.
D. From GPO1, set the loopback processing mode.

Correct answer: A

Explanation/Reference:
http://support.microsoft.com/kb/231287

Question 16
Your network contains an Active Directory domain named contoso.com.
The functional level of the domain and the forest is Windows Server 2008 R2.
All domain controllers run Windows Server 2008 R2.
You plan to deploy a new line-of-business application named App1 that uses claims-based authentication.

You need to recommend changes to the network to ensure that Active Directory can provide claims for App1.

What should you include in the recommendation?

(Each correct answer presents part of the solution. Choose all that apply.)
A. Deploy Active Directory Lightweight Directory Services (AD LDS).
B. From the Default Domain Controllers Policy, enable the Support for Dynamic Access Control and
Kerberos armoring setting.
C. From the properties of the computer accounts of the domain controllers, enable Kerberos
constrained delegation.
D. Raise the domain functional level to Windows Server 2012.
E. Add domain controllers that run Windows Server 2012.

Correct answer: B, E

Question 17
Your company has two divisions named Division1 and Division2.
The network contains an Active Directory domain named contoso.com.
The domain contains two child domains named division1.contoso.com and division2.contoso.com.
The company sells Division1 to another company.

You need to prevent administrators in contoso.com and division2.contoso.com from gaining administrative
access to the resources in division1.contoso.com.

What should you recommend?

A. Create a new tree in the forest named contoso.secure.

Migrate the resources and the accounts in division1.contoso.com to contoso.secure.
 B. On the domain controller accounts in division1.contoso.com, deny the Enterprise Admins group the
Allowed to Authenticate permission.
C. Create a new forest and migrate the resources and the accounts in division1.contoso.com to the new
forest.
D. In division1.contoso.com, remove the Enterprise Admins group from the Domain Admins group and
remove the Enterprise Admins group from the access control list (ACL) on the division1.contoso.com
domain object.

Correct answer: C

Question 18
Your network contains an Active Directory domain named contoso.com.
On several organizational units (OUs), an administrator named Admin1 plans to delegate control of custom
tasks.

You need to ensure that Admin1 can delegate a custom task named Task1 by using the Delegation of
Control Wizard.

What should you do?

A. Add a new class to the Active Directory schema.
B. Configure a custom MMC console.
C. Modify the delegwiz.inf file.
D. Configure a new authorization store by using Authorization Manager.

Correct answer: C

Explanation/Reference:
http://support.microsoft.com/kb/308404

Question 19
Your network contains an Active Directory forest.
The forest contains two Active Directory domains named contoso.com and child.contoso.com.
The forest functional level is Windows Server 2003.
The functional level of both domains is Windows Server 2008.
The forest contains three domain controllers.

The domain controllers are configured as shown in the following table:

Domain Controller Name Domain Operations Master Role

DC1 Contoso.com Schema Master
Domain Naming Master
DC2 Contoso.com PDC Emulator
Infrastructure Master
RID Master
DC3 Child.Contoso.com PDC Emulator
Infrastructure Master
RID Master

DC1 and DC2 have the DNS Server server role installed and are authoritative for both contoso.com and
child.contoso.com.

The child.contoso.com domain contains a server named serverl.child.contoso.com that runs Windows Server
2012. You plan to deploy server1.child.contoso.com as a read-only domain controller (RODC).

You run the adprep.exe /rodcprep command on DC3 and receive the following error message:
Adprep could not contact a replica for partition
DC=DomainDnsZones,DC=Contos,DC=com
Adprep failed the operation on partition DC=DomainDnsZones,DC=Contoso,DC=com
Skipping to next partition.

Adprep could not contact a replica for partition

DC=ForestDnsZones,DC=Contoso,DC=com
Adprep encountered an LDAP error. Error code: 0x). Server extend error code:
0x0, Server error message: (null)

Adprep failed the operation on partition DC=ForestDnsZones,DC=Contoso,DC=com

Skipping to next
Partition.

Adprep complete with errors. Not all partition are updated.

You need to identify what prevents you from successfully running Adprep /rodcprep on DC3.

What should you identify?

A. The domain functional level of child.contoso.com is set to the wrong level.

B. DC3 cannot connect to the infrastructure master on DC2.
C. DC3 cannot connect to the domain naming master on DC1.
D. The forest functional level is set to the wrong level.

Correct answer: B

Question 20
Your network contains an Active Directory forest named contoso.com.
The forest functional level is Windows Server 2012.
The forest contains an Active Directory domain.
The domain contains a global security group named GPO_Admins that is responsible for managing Group
Policies in the forest.
A second forest named fabrikam.com contains three domains.
The forest functional level is Windows Server 2003.

You need to design a trust infrastructure to ensure that the GPO_Admins group can create, edit, and link
Group Policies in every domain of the fabrikam.com forest.

What should you include in the design?

(More than one answer choice may achieve the goal. Select the BEST answer.)

A. A two-way forest trust

B. A one-way forest trust
C. Three external trusts
D. Three shortcut trusts

Correct answer: B

Question 21
Your network contains an Active Directory domain named contoso.com.
Client computers run either Windows 7 or Windows 8.
You plan to implement several Group Policy settings that will apply only to laptop computers.

You need to recommend a Group Policy strategy for the planned deployment.

What should you include in the recommendation?

(More than one answer choice may achieve the goal. Select the BEST answer.)

A. Loopback processing
 B. WMI filtering
C. Security filtering
D. Block inheritance

Correct answer: B

Question 22
Your company has a main office.
The main office is located in a building that has 10 floors.
A datacenter on the ground floor contains a Windows Server 2012 failover cluster.
The failover cluster contains a DHCP server resource named DHCP1.
All client computers receive their IP addresses from DHCP1.
All client computers are part of the 131.107.0.0/16 IPv4 subnet.
You plan to implement changes to the network subnets to include a separate subnet for each floor of the
office building.
The subnets will connect by using routers.

You need to recommend changes to the DHCP infrastructure to ensure that all of the client computers can
receive their IP configuration by using DHCP.

What should you recommend?

(More than one answer choice may achieve the goal. Select the BEST answer.)

A. Install a remote access server on each floor.

Configure a DHCP relay agent on each new DHCP server.
Create a scope for each subnet on DHCP1.
B. Install a DHCP server on each floor.
Create a scope for the local subnet on each new DHCP server.
Enable DHCP Failover on each new DHCP server.
C. Configure each router to forward requests for IP addresses to DHCP1.
Create a scope for each subnet on DHCP1.
D. Configure each router to forward requests for IP addresses to DHCP1.
Create a scope for the 10.0.0.0/16 subnet on DHCP1.

Correct answer: C

Question 23
You deploy an Active Directory domain named contoso.com to the network.
The domain is configured as an Active Directory-integrated zone.
All domain controllers run Windows Server 2012 and are DNS servers.
You plan to deploy a child domain named operations.contoso.com.

You need to recommend changes to the DNS infrastructure to ensure that users in the operations
department can access the servers in the contoso.com domain.

What should you include in the recommendation?

A. A zone delegation for _msdcs.contoso.com

B. Changes to the replication scope of contoso.com
C. Changes to the replication scope of _msdcs.contoso.com
D. Changes to the replication scope of operations.contoso.com

Correct answer: B

Explanation/Reference:
http://support.microsoft.com/kb/255248

Question 24
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com.
The domain contains three domain controllers.

The domain controllers are configured as shown in the following table:

Domain Controller Name Location Type

DC1 Main office Writable domain controller
DC2 Main office Writable domain controller
RODC1 Branch office Read-only domain controller (RODC)

The domain contains two global groups.

The groups are configured as shown in the following table:

Group Name Description

Helpdesk Supports users throughout the company
Branch1Users Contains users that work in the branch office only

You need to ensure that the RODC is configured to meet the following requirements:

 Cache passwords for all of the members of Branch1Users.

 Prevent the caching of passwords for the members of Helpdesk.

What should you do?

A. Create a Password Settings object (PSO) for the Helpdesk group.

B. Install the BranchCache feature on RODC1.
C. Modify the password replication policy of RODC1.
D. Modify the delegation settings of RODC1.

Correct answer: C

Question 25
Your company has a main office, ten regional datacenters; and 100 branch offices.
You are designing the site topology for an Active Directory forest named contoso.com.

The forest will contain the following servers:

 In each regional datacenter and in the main office, a domain controller that runs Windows Server.
 In each branch office, a file server that runs Windows Server 2012.

You have a shared folder that is accessed by using the path \\contoso.com\shares\software.
The folder will be replicated to a local file server in each branch office by using Distributed File System (DFS)
replication.

You need to recommend an Active Directory site design to meet the following requirements:

 Ensure that users in the branch offices will be authenticated by a domain controller in the closest
regional datacenter.
 Ensure that users automatically connect to the closest file server when they access
\\contoso.com\shares\software.

How many Active Directory sites should you recommend?

A. 1
B. 10
C. 11
D. 111
Correct answer: D

Question 26
Your network contains an Active Directory domain named contoso.com.
The domain contains three Active Directory sites.

The Active Directory sites are configured as shown in the following table:

Site Name Location

Site1 New York
Site2 Vancouver
Site3 Beijing

The sites connect to each other by using the site links shown in the following table:

Site Link Name Connected Sites

Link1 Site1 and Site2
Link2 Site2 and Site3
Link3 Site1 and Site3

You need to design the Active Directory site topology to meet the following requirements:

 Ensure that all replication traffic between Site2 and Site3 replicates through Site1 if a domain
controller in Site1 is available.
 Ensure that the domain controllers between Site2 and Site3 can replicate if all of the domain
controllers in Site1 are unavailable.

What should you do?

A. Delete Link3.
B. Create one SMTP site link between Site1 and Site3. Create one SMTP site link between Site1 and
Site2.
C. Create one site link bridge.
D. Modify the cost of Link2.

Correct answer: D

Question 27
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com.
The domain contains three domain controllers.

The domain controllers are configured as shown in the following table:

Domain Controller Name Location Type

DC1 Main office Writable domain controller
DC2 Main office Writable domain controller
RODC1 Branch office Read-only domain controller (RODC)

The domain contains two global groups.

The groups are configured as shown in the following table:

Group Name Description

Helpdesk Supports users throughout the company
Branch1Users Contains users that work in the branch office only

You need to ensure that the RODC is configured to meet the following requirements:
  Cache passwords for all of the members of Branch1Users.
 Prevent the caching of passwords for the members of Helpdesk.

What should you do?

A. Create a Password Settings object (PSO) for the Helpdesk group.

B. Install the BranchCache feature on RODC1.
C. Modify the membership of the Allowed RODC Password Replication group of RODC1.
D. Modify the membership of the Denied RODC Password Replication group of RODC1.

Correct answer: B

Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc730883%28v=ws.10%29.aspx

Question 28
Your network contains an Active Directory domain named contoso.com.
Your company has an enterprise root certification authority (CA) named CA1.
You plan to deploy Active Directory Federation Services (AD FS) to a server named Serverl.
The company purchases a Microsoft Office 365 subscription.
You plan register the company's SMTP domain for Office 365 and to configure single sign-on for all users.

You need to identify which certificate or certificates are required for the planned deployment.

Which certificate or certificates should you identify?

(Each correct answer presents a complete solution. Choose all that apply.)

A. A server authentication certificate that is issued by a trusted third-party root CA and that contains the
subject name server1.contoso.com
B. A server authentication certificate that is issued by CA1 and that contains the subject name Server1
C. A server authentication certificate that is issued by a trusted third-party root CA and that contains the
subject name Server1
D. A server authentication certificate that is issued by CA1 and that contains the subject name
server1.contoso.com
E. Self-signed server authentication certificates for server1.contoso.com

Correct answer: D, E

Question 29
You have a server named Server1 that runs Windows Server 2012.
You have a 3-TB database that will be moved to Server1.

Server1 has the following physical disks:

Three 2-TB SATA disks that are attached to a single IDE controller
One 1-TB SATA disk that is attached to a single IDE controller

You need to recommend a solution to ensure that the database can be moved to Server1.

Your solution must ensure that the database is available if a single disk fails.
What should you include in the recommendation?

A. Add each disk to a separate storage pool. Create a mirrored virtual disk.
B. Add two disks to a storage pool. Add the other disk to another storage pool. Create a mirrored virtual
disk.
C. Add all of the disks to a single storage pool, and then create two simple virtual disks.
D. Add all of the disks to a single storage pool, and then create a parity virtual disk.

Correct answer: D
Question 30
Your network contains an Active Directory forest named contoso.com.
The forest is managed by using Microsoft System Center 2012.
You plan to create virtual machine templates to deploy servers by using the Virtual Machine Manager Self-
service Portal (VMMSSP).
To the Virtual Machine Manager (VMM) library, you add a VHD that has a generalized image of Windows
Server 2012.

You need to identify which VMM components must be associated with the image.

Which components should you identify?

(Each correct answer presents part of the solution. Choose all that apply.)

A. A guest OS profile
B. A hardware profile
C. A capability profile
D. A host profile

Correct answer: A, B

Explanation/Reference:
http://technet.microsoft.com/en-us/library/jj860424.aspx

Mixed Questions B
Question 1
Your network contains 50 servers that run Windows Server 2003 and 50 servers that run Windows Server
2008.
You plan to implement Windows Server 2012.

You need to create a report that includes the following information:

 The servers that run applications and services that can be moved to Windows Server 2012
 The servers that have hardware that can run Windows Server 2012
 The servers that are suitable to be converted to virtual machines hosted on Hyper-V hosts that run
Windows Server 2012

What should you do?

A. From an existing server, run the Microsoft Application Compatibility Toolkit (ACT).
B. Install Windows Server 2012 on a new server, and then run the Windows Server Migration Tools.
C. Install Windows Server 2012 on a new server, and then run Microsoft Deployment Toolkit (MDT)
2012.
D. From an existing server, run the Microsoft Assessment and Planning (MAP) Toolkit.

Correct answer: D

Explanation/Reference:
http://technet.microsoft.com/en-us/library/bb977556.aspx

Question 2
Your network contains an Active Directory forest named contoso.com.
You plan to automate the deployment of servers that run Windows Server 2012.

You identify the following requirements for the deployment:

 Update the custom images that will be used for the deployment.
  Add custom drivers to the images that will be used for the deployment.
 Add software packages to the images that will be used for the deployment.
 Perform a zero touch bare-metal installation that uses Wake On LAN.

A network consultant recommends using Windows Deployment Services (WDS) and the Windows
Assessment and Deployment Kit (Windows ADK) to deploy the servers.

You need to identify which requirements are achieved by using the consultant's recommendations.

Which requirements should you identify?

(Each correct answer presents part of the solution. Choose all that apply.)

A. Add custom drivers to the images used for the deployment.

B. Add software packages to the images used for the deployment.
C. Update the custom images used for the deployment.
D. Perform a zero touch bare-metal installation that uses Wake On LAN.

Correct answer: A, B, C

Question 3
Your network contains an Active Directory domain named contoso.com.
The domain contains an organizational unit (OU) named 0U1.
You have a Group Policy object (GPO) named GP01 that is linked to contoso.com.
GPO1 contains custom security settings.

You need to design a Group Policy strategy to meet the following requirements:

 The security settings in GPO1 must be applied to all client computers.

 Only GPO1 and other GPOs that are linked to OU1 must be applied to the client computers in OU1.

What should you include in the design?

(More than one answer choice may achieve the goal. Select the BEST answer.)

A. Enable the Block Inheritance option at the domain level.

Enable the Enforced option on GPO1.
B. Enable the Block Inheritance option on OU1.
Link GPO1 to OU1.
C. Enable the Block Inheritance option on OU1.
Enable the Enforced option on GPO1.
D. Enable the Block Inheritance option on OU1.
Enable the Enforced option on all of the GPOs linked to OU1.

Correct answer: C

Question 4
A new company registers the domain name of contoso.com.
The company has a web presence on the Internet.
All Internet resources have names that use a DNS suffix of contoso.com.
A third-party hosts the Internet resources and is responsible for managing the contoso.com DNS zone on the
Internet.
The zone contains several hundred records.
The company plans to deploy an Active Directory forest.

You need to recommend an Active Directory forest infrastructure to meet the following requirements:

 Ensure that users on the internal network can resolve the names of the company's Internet
resources.
 Minimize the amount of administrative effort associated with the addition of new Internet servers.
What should you recommend?

A. A forest that contains a root domain named contoso.com and another domain named
ad.contoso.com
B. A forest that contains a root domain named contoso.com and another domain named contoso.local
C. A forest that contains a single domain named contoso.local
D. A forest that contains a single domain named contoso.com

Correct answer: C

Question 5
Your network contains an Active Directory forest named contoso.com.
forest contains one domain.
Your company plans to open a new division named Division1.
A group named Division1Admins will administer users and groups for Division1.

You identify the following requirements for Division1:

 All Division1 users must have a complex password that is 14 characters.

 Division1Admins must be able to manage the user accounts for Division1.
 Division1Admins must be able to create groups, and then delete the groups that they create.
 Division1Admins must be able to reset user passwords and force a password change at the next
logon for all Division1 users.

You need to recommend changes to the forest to support the Division1 requirements.

What should you recommend?

(More than one answer choice may achieve the goal. Select the BEST answer.

A. Create a new child domain named divisionl.contoso.com.

Move all of the Division1 user accounts to the new domain.
Add the Division1Admin members to the Domain Admins group.
Configure the password policy in a Group Policy object (GPO).
B. In the forest, create a new organizational unit (OU) named Division1 and add Division1Admins to the
Managed By attribute of the new OU.
Move the Division1 user objects to the new OU.
Create a fine-grained password policy for the Division1 users.
C. Create a new forest.
Migrate all of the Division1 user objects to the new forest and add the Division1Admins members to
the Enterprise Admins group.
Configure the password policy in a Group Policy object (GPO).
D. In the forest, create a new organizational unit (OU) named Division1 and delegate permissions for
the OU to the Division1Admins group.
Move all of the Division1 user accounts to the new OU.
Create a fine-grained password policy for the Division1 users.

Correct answer: D

Question 6
Your network contains an internal network and a perimeter network.

The internal network contains an Active Directory forest named contoso.com.

The forest contains a Microsoft Exchange Server 2010 organization.
All of the domain controllers in contoso.com run Windows Server 2012.

The perimeter network contains an Active Directory forest named litware.com.

You deploy Microsoft Forefront Unified Access Gateway (UAG) to litware.com.
All of the domain controllers in litware.com run Windows Server 2012.
Some users connect from outside the network to use Outlook Web App.

You need to ensure that external users can authenticate by using client certificates.

What should you do?

(More than one answer choice may achieve the goal. Select the BEST answer.)

A. Enable Kerberos constrained delegation in litware.com.

B. To the perimeter network, add an Exchange server that has the Client Access server role installed.
C. Enable Kerberos delegation in litware.com.
D. Deploy UAG to contoso.com.

Correct answer: A

Question 7
Your company has a main office and 20 branch offices.
All of the offices connect to each other by using a WAN link.
The network contains an Active Directory forest named contoso.com.
The forest contains a domain for each office.
The forest root domain contains all of the server resources.
Each branch office contains two domain controllers for the branch office domain and one domain controller
for the contoso.com domain.
Each branch office has a support technician who is responsible for managing the accounts of their respective
office only.
You recently updated all of the WAN links to high-speed WAN links.

You need to recommend changes to the Active Directory infrastructure to meet the following requirements:

 Reduce the administrative overhead of moving user accounts between the offices.
 Ensure that the support technician in each office can manage the user accounts of their respective
office.

What should you include in the recommendation?

(More than one answer choice may achieve the goal. Select the BEST answer.)

A. Create shortcut trusts between each child domain.

In the main office, add a domain controller to each branch office domain.
B. Create a new child domain named corp.contoso.com.
Create a shortcut trust between each child domain and corp.contoso.com.
C. Move all of the user accounts of all the branch offices to the forest root domain.
Decommission all of the child domains.
D. Create a new forest root domain named contoso.local.
Move all of the user accounts of all the branch offices to the new forest root domain.
Decommission all of the child domains.

Correct answer: C

Question 8
Your company, which is named Contoso, Ltd., has a main office and two branch offices.
The main office is located in North America.
The branch offices are located in Asia and Europe.
You plan to design an Active Directory forest and domain infrastructure.

You need to recommend an Active Directory design to meet the following requirements:

 The contact information of all the users in the Europe office must not be visible to the users in the
other offices.
  The administrators in each office must be able to control the user settings and the computer settings
of the users in their respective office.

The solution must use the least amount of administrative effort.

What should you include in the recommendation?

A. One forest that contains three domains

B. One forest that contains one domain
C. Three forests that each contain one domain
D. Two forests that each contain one domain

Correct answer: B

Question 9
Your network contains an Active Directory forest named contoso.com.
You plan to deploy 200 Hyper-V hosts by using Microsoft System Center 2012 Virtual Machine Manager
(VMM) Service Pack 1 (SP1).
You add a PXE server to the fabric.

You need to identify which objects must be added to the VMM library for the planned deployment.

What should you identify?

(Each correct answer presents part of the solution. Choose all that apply.)

A. A host profile
B. A capability profile
C. A hardware profile
D. A generalized image
E. A service template

Correct answer: A, D

Question 10
You plan to deploy multiple servers in a test environment by using Windows Deployment Services (WDS).

You need to identify which network services must be available in the test environment to deploy the servers.

Which network services should you identify?

(Each correct answer presents part of the solution.Choose ail that apply.)

A. DHCP
B. Active Directory Domain Services (AD DS)
C. DNS
D. Active Directory Lightweight Directory Services (AD LDS)
E. WINS
F. Network Policy Server (NPS)

Correct answer: A, C

Explanation/Reference:
http://technet.microsoft.com/en-us/library/hh831764.aspx

Question 11
Your network contains an Active Directory forest named contoso.com.
The forest is managed by using Microsoft System Center 2012.
Web developers must be able to use a self-service portal to request the deployment of virtual machines
based on predefined templates.
The requests must be approved by an administrator before the virtual machines are deployed.
You need to recommend a solution to deploy the virtual machines.

What should you include in the recommendation?

(More than one answer choice may achieve the goal. Select the BEST answer.)

A. A Virtual Machine Manager (VMM) service template, a Service Manager service offering, and an
Orchestrator runbook.
B. A Virtual Machine Manager (VMM) service template, an Operations Manager dashboard, and an
Orchestrator runbook.
C. A Service Manager service offering, an Orchestrator runbook, and Configuration Manager packages.
D. A Service Manager service offering, an Orchestrator runbook, and an Operations Manager
dashboard.

Correct answer: A

Question 12
Your network contains an Active Directory domain named contoso.com.
The network contains a server named Server1 that has the Hyper-V server role installed.
Server1 hosts a virtual machine named VM1.
You deploy a new standalone server named Server2.
You install the Hyper-V server role on Server2.
Another administrator named Admin1 plans to create a replica of VM1 on Server2.

You need to ensure that Admin1 can configure Server2 to receive a replica of VM1.

To which group should you add Admin1?

A. Server Operators
B. Domain Admins
C. Hyper-V Administrators
D. Replicator

Correct answer: C

Question 13
Your network contains a server named Server1 that runs Windows Server 2012.
Server1 is configured as a Hyper-V host.
Server1 hosts a virtual machine named VM1.
VM1 is configured as a file server that runs Windows Server 2012.
VM1 connects to a shared storage device by using the iSCSI Initiator.

You need to back up the files and the folders in the shared storage used by VM1.

The solution must ensure that open files are included in the backup.
What should you do?

A. From Hyper-V Manager, create a snapshot of VM1.

B. From Server1, perform a backup by using Windows Server Backup.
C. From VM1, perform a backup by using Windows Server Backup.
D. From Microsoft System Center 2012 Virtual Machine Manager (VMM), create a copy of VM1.

Correct answer: C

Question 14
Your network contains an Active Directory domain named contoso.com.
You deploy Active Directory Certificate Services (AD CS).
Your company, which is named Contoso, Ltd., has a partner company named Fabrikam, Inc.
Fabrikam also deploys AD CS.
Contoso and Fabrikam plan to exchange signed and encrypted email messages.

You need to ensure that the client computers in both Contoso and Fabrikam trust each other's email
certificates.

The solution must prevent other certificates from being trusted.

What should you do?
(More than one answer choice may achieve the goal. Select the BEST answer.)

A. Implement an online responder in each company.

B. Exchange the root certification authority (CA) certificates of both companies, and then deploy the
certificates to the Trusted Root Certification Authorities store by using Group Policy objects (GPOs).
C. Exchange the root certification authority (CA) certificates of both companies, and then deploy the
certificates to the Enterprise Trust store by using Group Policy objects (GPOs).
D. Implement cross-certification in each company.

Correct answer: D

Question 15
Your network contains an Active Directory forest named contoso.com.
You plan to add a new domain named child.contoso.com to the forest.
On the DNS servers in child.contoso.com, you plan to create conditional forwarders that point to the DNS
servers in contoso.com.

You need to ensure that the DNS servers in contoso.com can resolve names for the servers in
child.contoso.com.

What should you create on the DNS servers in contoso.com?

A. A root hint
B. A zone delegation
C. A conditional forwarder
D. A trust point

Correct answer: B

Question 16
Your network contains a server named Server1 that runs Windows Server 2012.
Server1 has the DHCP Server server role installed.
The network contains a Virtual Desktop Infrastructure (VDI).
All virtual machines run Windows 8.

You identify the following requirements for allocating IPv4 addresses to client computers:

 All virtual desktops must have static IP addresses.

 All laptop computers must receive dynamic IP addresses.
 All virtual desktops must be prevented from obtaining dynamic address.

You need to recommend a DHCP solution that meets the requirements for allocating IPv4 addresses.

The solution must use the least amount of administrative effort.

What should you recommend?
(More than one answer choice may achieve the goal. Select the BEST answer.)

A. Create two physical subnets. Configure 802.1x authentication for each subnet.
B. Create two physical subnets. Connect the laptop computers to the subnet that contains Server1.
C. Configure DHCP filtering.
 D. Configure DHCP policies.

Correct answer: D

Question 17
You have a server named Server1 that runs Windows Server 2012.
Server1 has the DNS Server server role installed.

You need to recommend changes to the DNS infrastructure to protect the cache from cache poisoning
attacks.

What should you configure on Server1?

A. DNS devolution
B. DNS Security Extensions (DNSSEC)
C. DNS cache locking
D. The global query block list

Correct answer: C

Question 18
Your network contains an Active Directory forest that has two domains named contoso.com and
europe.contoso.com.
The forest contains five servers.

The servers are configured as shown in the following table:

Server Name Location Configuration Operating System

DC1 Contoso.com Domain Controller Windows Server 2008
DHCP Server R2
DNS Server
DC2 Contoso.com Domain Controller Windows Server 2008
DHCP Server R2
DNS Server
DCE1 Europe.Contoso.com Domain Controller Windows Server 2003
DHCP Server R2
DNS Server
DCE2 Europe.Contoso.com Domain Controller Windows Server 2003
DHCP Server R2
DNS Server
Server1 Contoso.com File Server Windows Server 2012

You plan to manage the DHCP settings and the DNS settings centrally by using IP Address Management
(IPAM).

You need to ensure that you can use IPAM to manage the DHCP and DNS settings in both domains.

The solution must use the minimum amount of administrative effort.

What should you do?

A. Upgrade DCE1 and DCE2 to Windows Server 2012, and then install the IP Address Management
(IPAM) Server feature.
Run the Invoke-IpamGpoProvisioning cmdlet for each domain.
B. Upgrade DCE1 and DCE2 to Windows Server 2012, and then install the IP Address Management
(IPAM) Server feature.
Run the Set-IpamConfiguration cmdlet for each domain.
 C. Upgrade DC1 and DC2 to Windows Server 2012, and then install the IP Address Management
(IPAM) Server feature.
Run the Set-IpamConfiguration cmdlet for each domain.
D. Upgrade DC1 and DC2 to Windows Server 2012, and then install the IP Address Management
(IPAM) Server feature.
Run the Invoke-IpamGpoProvisioning cmdlet for each domain.

Correct answer: A

Explanation/Reference:
Invoke-IpamGpoProvisioning configures servers that will be managed and need to be done in every domain.
Set-IpamConfiguration configures the IPAM server itself and does not need to be run in every domain only
the IPAM server.

Question 19
Your company is a hosting provider that provides cloud-based services to multiple customers.
Each customer has its own Active Directory forest located in your company's datacenter.
You plan to provide VPN access to each customer.
The VPN solution will use RADIUS for authentication services and accounting services.

You need to recommend a solution to forward authentication and accounting messages from the perimeter
network to the Active Directory forest of each customer.

What should you recommend?

(More than one answer choice may achieve the goal. Select the BEST answer.)

A. A RADIUS server for each customer and one RADIUS proxy.

B. A RADIUS server for each customer and a RADIUS proxy for each customer.
C. One RADIUS proxy and one Active Directory Lightweight Directory Services (AD LDS) instance for
each customer.
D. One RADIUS proxy for each customer and Active Directory Federation Services (AD FS).

Correct answer: A

Question 20
Your network contains a server named Server1 that runs Windows Server 2012.
Server1 has the Network Policy Server server rote installed.
You configure Server1 as part of a Network Access Protection (NAP) solution that uses the 802.1x
enforcement method.
You add a new switch to the network and you configure the switch to use 802.1x authentication.

You need to ensure that only compliant client computers can access network resources through the new
switch.

What should you do on Server1?

A. Add the IP address of each new switch to the list of RADIUS clients.
B. Add the IP address of each new switch to a connection request policy as an Access Client IPv4
Address.
C. Add the IP address of each new switch to a remote RADIUS server group.
D. Add the IP address of each new switch to a remediation server group.

Correct answer: A

Question 21
Your network contains an Active Directory domain named contoso.com.
All client computers run either Windows 7 or Windows 8.
Some users work from customer locations, hotels, and remote sites.
The remote sites often have firewalls that limit connectivity to the Internet.

You need to recommend a VPN solution for the users.

Which protocol should you include in the recommendation?

A. L2TP/IPSec
B. PPTP
C. IKEv2
D. SSTP

Correct answer: D

Question 22
Your network contains an Active Directory domain named contoso.com.
Your company has 100 users in the sales department.
Each sales user has a domain-joined laptop computer that runs either Windows 7 or Windows 8.
The sales users rarely travel to the company's offices to connect directly to the corporate network.

You need to recommend a solution to ensure that you can manage the sales users' laptop computers when
the users are working remotely.

What solution should you include in the recommendation?

A. Deploy a Microsoft System Center 2012 Service Manager infrastructure.

B. Deploy the Remote Access server role on a server on the internal network.
C. Deploy the Network Policy and Access Services server role on a server on the internal network.
D. Deploy a Microsoft System Center 2012 Operations Manager infrastructure.

Correct answer: B

Question 23
Your network contains a server named Server1 that runs Windows Server 2012.
Server1 has the DHCP Server server role installed.
All of the client computers that are in a subnet named Subnet1 receive their IP address configurations from
Server1.
You plan to add another DHCP server named Server2 to Subnet1.

You need to recommend changes to the DHCP infrastructure to ensure that the client computers continue to
receive IP addressing information if a single DHCP server fails.

What should you do?

(More than one answer choice may achieve the goal. Select the BEST answer.)

A. Create a Network Load Balancing (NLB) cluster.

B. Configure Failover for the scope.
C. Create a DHCP failover cluster.
D. Create a split scope.

Correct answer: B

Question 24
Your network contains an Active Directory domain named contoso.com.
The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate network from the
Internet, all of the traffic destined for the Internet must be routed through the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the security policy
requirement.

What should you include in the recommendation?

A. Set the ISATAP State to state enabled.

B. Enable split tunneling.
C. Set the ISATAP State to state disabled.
D. Enable force tunneling.

Correct answer: D

Explanation/Reference:
You can configure DirectAccess clients to send all of their traffic through the tunnels to the DirectAccess
server with force tunneling. When force tunneling is configured, DirectAccess clients that detect that they are
on the Internet modify their IPv4 default route so that default route IPv4 traffic is not sent. With the exception
of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that goes through tunnels to the
DirectAccess server.

Question 25
Your network contains an Active Directory domain.
You plan to implement a remote access solution that will contain three servers that run Windows Server
2012.

The servers will be configured as shown in the following table:

Server Name Role Service Location

Server1 Direct Access and VPN (RRAS) Perimeter Network
Server2 NPS (Network Policy Server) Internal Network
Server3 NPS (Network Policy Server) Internal Network

You need to ensure that all VPN connection requests are authenticated and authorized by either Server2 or
Server3.

The solution must ensure that the VPN connections can be authenticated if either Server2 or Server3 fails.
What should you do?

A. On Server1, configure a RADIUS proxy.

Add Server2 and Server3 to a failover cluster.
B. Add Server2 and Server3 to a Network Load Balancing (NLB) cluster.
On Server1, modify the Authentication settings.
C. On Server1, configure a RADIUS proxy.
On Server2 and Server3, add a RADIUS client.
D. On Server2 and Server3, add a RADIUS client.
On Server1, modify the Authentication settings.

Correct answer: D

Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc754033.aspx

Question 26
Your company has a main office.
The network contains an Active Directory domain named contoso.com.
The main office contains a server named Server1 that runs Windows Server 2012.
Server1 has the Remote Access server role installed and is configured to accept incoming SSTP-based VPN
connections.
All client computers run Windows 7.
The company plans to open a temporary office that will contain a server named Server2 that runs Windows
Server 2012 and has the DHCP Server server role installed.
The office will also have 50 client computers and an Internet connection.

You need to recommend a solution to provide the users in the temporary office with access to the resources
in the main office.

What should you recommend?

(More than one answer choice may achieve the goal. Select the BEST answer.)

A. Use the Connection Manager Administration Kit (CMAK) to create a connection package that
specifies Server1 as the target for SSTP-based VPN connections.
Manually distribute the CMAK package to each client computer in the temporary office.
B. Install the Remote Access server role on Server2.
From Routing and Remote Access on Server2, add a SSTP-based VPN port.
From DHCP on Server2, configure the default gateway server option.
C. Uses the Connection Manager Administration Kit (CMAK) to create a connection package that
specifies Server1 as the target for SSTP-based VPN connections.
Use a Group Policy object (GPO) to distribute the CMAK package to each client computer in the
temporary office.
D. Install the Remote Access server role on Server2.
From Routing and Remote Access on Server2, configure a demand-dial interface.
From DHCP on Server2, configure the default gateway server option.

Correct answer: B

Question 27
Your network contains an Active Directory domain named contoso.com.
The domain contains servers that run either Windows Server 2008 R2 or Windows Server 2012.
All client computers on the internal network are joined to the domain.
Some users establish VPN connections to the network by using Windows computers that do not belong to
the domain.
All client computers receive IP addresses by using DHCP.

You need to recommend a Network Access Protection (NAP) enforcement method to meet the following
requirements:

 Verify whether the client computers have up-to-date antivirus software.

 Provides a warning to users who have virus definitions that are out-of-date.
 Ensure that client computers that have out-of-date virus definitions can connect to the network.

Which NAP enforcement method should you recommend?

A. VPN
B. DHCP
C. IPSec
D. 802.1x

Correct answer: B

Question 28
Your network contains multiple servers that run Windows Server 2012.
All client computers run Windows 8.

You need to recommend a centralized solution to download the latest antivirus definitions for Windows
Defender.
What should you include in the recommendation?

A. Microsoft System Center 2012 Endpoint Protection

B. Network Access Protection (NAP)
C. Microsoft System Center Essentials
D. Windows Server Update Services (WSUS)

Correct answer: D

Question 29
Your network contains an Active Directory domain named contoso.com.
The domain contains three VLANs.

The VLANs are configured as shown in the following table:

VLAN ID Contents Routing enabled to

1 Client computers VLAN 2
2 Application servers VLAN 1 and the Internet
Domain controllers
Network Policy Service (NPS) servers
3 Windows Server Update Services (WSUS) server Nowhere

All client computers run either Windows 7 or Windows 8.

The corporate security policy states that all of the client computers must have the latest security updates
installed.

You need to implement a solution to ensure that only the client computers that have all of the required
security updates installed can connect to VLAN 1.

The solution must ensure that all other client computers connect to VLAN 3.
Which Network Access Protection (NAP) enforcement method should you implement?

A. VPN
B. DHCP
C. IPSec
D. 802.1x

Correct answer: D