[Free] Download New Updated (December) Microsoft 70-414 Exam Questions 61-70

Ensurepass

QUESTION 61

Your network contains the following roles and applications:

 

– Microsoft SQL Server 2012

– Distributed File System (DFS) Replication

– Active Directory Domain Services (AD DS)

– Active Directory Rights Management Services (AD RMS)

– Active Directory Lightweight Directory Services (AD LDS)

 

You plan to deploy Active Directory Federation Services (AD FS). You need to identify which deployed services or applications can be used as attribute stores for the planned AD FS deployment. What should you identify? (Each correct answer presents a complete solution. Choose all that apply.)

 

A.

DFS

B.

AD RMS

C.

Microsoft SQL Server 2012

D.

AD LDS

E.

AD DS

 

Correct Answer: CDE

Explanation:

clip_image002

 

http://technet.microsoft.com/library/dd807092(v=ws.10).aspx

 

 

QUESTION 62

Your network contains an Active Directory domain named contoso.com. The network contains 15,000 client computers. You plan to deploy an Active Directory Certificate Services (AD CS) infrastructure and issue certificates to all of the network devices. You need to recommend a solution to minimize the amount of network utilization caused by certificate revocation list (CRL) checking.

What should you include in the recommendation?

More than one answer choice may achieve the goal. Select the BEST answer.

 

A.

The Network Device Enrollment Service role service

B.

An increase of the CRL validity period

C.

A reduction of the CRL validity period

D.

The Online Responder role service

 

Correct Answer: D

Explanation:

clip_image004

 

http://technet.microsoft.com/en-us/library/cc753468.aspx

 

 

QUESTION 63

Your network contains an Active Directory domain named contoso.com. You deploy Active Directory Certificate Services (AD CS). You plan to deploy 100 external Web servers that will be publicly accessible and will require Secure Sockets Layer (SSL) certificates. You also plan to deploy 50,000 certificates for secure email exchanges with Internet-based recipients. You need to recommend a certificate services solution for the planned deployment. What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.

 

A.

Deploy a certification authority (CA) that is subordinate to an external root CA.

B.

Purchase 50,100 certificates from a trusted third-party root certification authority (CA).

C.

Distribute a copy of the root certification authority (CA) certificate to external relying parties.

D.

Instruct each user to request a Secure Email certificate from a trusted third-party root CA, and then purchase 100 Web server certificates.

 

Correct Answer: A

Explanation:

clip_image006

http://technet.microsoft.com/en-us/library/cc772192(v=ws.10).aspx

 

 

QUESTION 64

Your network contains an Active Directory domain named contoso.com. The network has an Active Directory Certificate Services (AD CS) infrastructure. You need to issue a certificate to users to meet the following requirements:

 

– Ensure that the users can encrypt files by using Encrypting File System (EFS).

– Ensure that all of the users reenroll for their certificate every six months.

 

What should you do first?

 

A.

From the properties of the User certificate template, assign the Allow – Enroll permission to the Authenticated

Users group.

B.

From the properties of the Basic EFS template, assign the Allow – Enroll permission to the Authenticated

Users group.

C.

Create a copy of the User certificate template, and then modify the extensions of the copy.

D.

Create a copy of the Basic EFS certificate template, and then modify the validity period of the copy.

 

Correct Answer: D

Explanation:

clip_image008

 

http://technet.microsoft.com/en-us/library/cc786499(v=ws.10).aspx

 

 

QUESTION 65

Your network contains an Active Directory domain named contoso.com. The network has an Active Directory Certificate Services (AD CS) infrastructure. You deploy Active Directory Rights Management Services (AD RMS) on the network. You provide several users on the network with the ability to protect content by using AD RMS. You need to recommend a solution to provide the members of a group named Audit with the ability to read and modify all of the AD RMS-protected content. What should you recommend?

 

A.

Issue a CEP Encryption certificate to the members of the Audit group.

B.

Issue a key recovery agent certificate to the members of the Audit group.

C.

Add the Audit group as a member of the super users group.

D.

Add the Audit group as a member of the Domain Admins group.

 

Correct Answer: C

Explanation:

clip_image010

http://technet.microsoft.com/en-us/library/ee424431.aspx

 

 

QUESTION 66

Your network contains an Active Directory domain named contoso.com. The network contains a perimeter network. The perimeter network and the internal network are separated by a firewall. On the perimeter network, you deploy a server named Server1 that runs Windows Server 2012. You deploy Active Directory Certificate Services (AD CS). Each user is issued a smart card. Users report that when they work remotely, they are unable to renew their smart card certificate. You need to recommend a solution to ensure that the users can renew their smart card certificate from the Internet. What should you recommend implementing on Server1? More than one answer choice may achieve the goal. Select the BEST answer.

 

A.

The Certification Authority Web Enrollment role service and the Online Responder role service

B.

The Active Directory Federation Services server role

C.

The Certificate Enrollment Policy Web Service role service and the Certificate Enrollment Web Service role service

D.

An additional certification authority (CA) and the Online Responder role service

 

Correct Answer: C

Explanation:

clip_image012

 

http://technet.microsoft.com/en-us/library/dd759230.aspx

 

 

QUESTION 67

Your company, which is named Contoso, Ltd., has offices only in North America. The company has 2,000 users. The network contains an Active Directory domain named contoso.com.

You plan to deploy an Active Directory Certificate Services (AD CS) infrastructure and assign certificates to all client computers.

You need to recommend a PKI solution to protect the private key of the root certification authority (CA) from being accessed by external users.

What should you recommend?

More than one answer choice may achieve the goal. Select the BEST answer.

 

A.

An offline standalone root CA and an online enterprise issuing CA

B.

An online enterprise root CA and an online enterprise issuing CA

C.

An offline standalone root CA and an offline enterprise issuing CA

D.

An online enterprise root CA, an online enterprise policy CA, and an online enterprise issuing CA

 

Correct Answer: A

Explanation:

http://technet.microsoft.com/en-us/library/cc737481(v=ws.10).aspx

 

 

QUESTION 68

Your network contains an Active Directory domain named contoso.com. The network has an Active Directory Certificate Services (AD CS) infrastructure. You publish the certificate revocation list (CRL) to a farm of Web servers. You are creating a disaster recovery plan for the AD CS infrastructure. You need to recommend which actions must be performed to restore certificate revocation checking if a certification authority (CA) is offline for an extended period of time. Which three actions should you recommend?

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.

 

clip_image014

 

Correct Answer:

clip_image016

 

Explanation:

clip_image018

 

http://technet.microsoft.com/en-us/library/cc732443(v=ws.10).aspx

 

 

QUESTION 69

Your network contains an Active Directory domain named contoso.com. The domain contains four servers named Server1, Server2, Server3, and Server4 that run Windows Server 2012. Server1 and 5erver2 are configured as file servers and are part of a failover cluster named Cluster1. Server3 and Server4 have Microsoft SQL Server 2012 installed and are part of a failover cluster named Cluster2.

You add a disk named Disk1 to the nodes in Cluster1. Disk1 will be used to store the data files and log files used by SQL Server 2012.

You need to configure the environment so that access to Disk1 remains available when a node on Cluster1 fails over or fails back.

Which three actions should you perform?

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.

clip_image020

 

Correct Answer:

clip_image022

 

Explanation:

http://blogs.technet.com/b/josebda/archive/2012/08/23/windows-server-2012-scale-out-file- server-for-sqlserver-2012-step-by-step-installation.aspx

 

 

QUESTION 70

Your network contains an Active Directory domain. The domain contains a site named Site1. All of the client computers in Site1 use static IPv4 addresses on a single subnet. Site1 contains a Storage Area Network (SAN) device and two servers named Server1 and Server2 that run Windows Server 2012. You plan to implement a DHCP infrastructure that will contain Server1 and Server2. The infrastructure will contain several IP address reservations.

You need to recommend a solution for the DHCP infrastructure to ensure that clients can receive IP addresses from a DHCP server if either Server1 or Server2 fails.

What should you recommend? (Each correct answer is a complete solution. Choose all that apply.)

 

A.

Configure all of the client computers to use IPv6 addresses, and then configure Server1 and Server2 to run DHCP in stateless mode.

B.

Configure Server1 and Server2 as members of a failover cluster, and then configure DHCP as a clustered resource.

C.

Configure a DHCP failover relationship that contains Server1 and Server2.

D.

Create a scope for each server, and then configure each scope to contain half of the IP addresses.

 

Correct Answer: BCD

Explanation:

clip_image024

 

http://blogs.technet.com/b/teamdhcp/archive/2012/06/28/ensuring-high-availability-of-dhcp- using-windowsserver-2012-dhcp-failover.aspx

 

Free VCE & PDF File for Microsoft 70-414 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…