[Free] New Updated (October) Microsoft 70-980 Real Exam 11-20

Ensurepass

 

QUESTION 11

Your company has a main office.

 

The network contains an Active Directory domain named contoso.com. The main office contains a server named Server1 that runs Windows Server 2012. Server1 has the Remote Access server role installed and is configured to accept incoming SSTP-based VPN connections.

 

All client computers run Windows 7.

 

The company plans to open a temporary office that will contain a server named Server2 that runs

 

Windows Server 2012 and has the DHCP Server server role installed. The office will also have 50 client computers and an Internet connection.

 

You need to recommend a solution to provide the users in the temporary office with access to the resources in the main office.

 

What should you recommend?

 

More than one answer choice may achieve the goal. Select the BEST answer.

 

A.

Use the Connection Manager Administration Kit (CMAK) to create a connection package that specifies Server1 as the target for SSTP-based VPN connections. Manually distribute the CMAK package to each client computer in the temporar

y office.

B.

Install the Remote Access server role on Server2. From Routing and Remote Access on Server2, add a SSTP-based VPN port. From DHCP on Server2, configure the default gateway server option.

C.

Uses the Connection Manager Administration Kit (CMAK) to create a connection package that specifies Server1 as the target for SSTP-based VPN connections. Use a Group Policy object

(GPO) to distribute the CMAK package to each client computer in the temporary office.

D.

Install the Remote Access server role on Server2. From Routing and Remote Access on Server2, configure a demand-dial interface. From DHCP on Server2, configure the default gateway server option.

 

Correct Answer: B

Explanation:

See link for an article on both Routing and Remote Access server role and the DHCP default gateway option.

http://blogs.technet.com/b/rrasblog/archive/2009/03/25/remote-access-deployment-part-2-configuringrras-asa-vpn-server.aspx

 

 

QUESTION 12

Your network contains an Active Directory forest named contoso.com. The forest is managed by using Microsoft System Center 2012.

 

Web developers must be able to use a self-service portal to request the deployment of virtual machines based on predefined templates. The requests must be approved by an administrator before the virtual machines are deployed.

 

You need to recommend a solution to deploy the virtual machines.

 

What should you include in the recommendation?

 

More than one answer choice may achieve the goal. Select the BEST answer.

 

A.

A Virtual Machine Manager (VMM) service template, an Operations Manager dashboard, and an Orchestrator runbook.

B.

A Service Manager service offering, an Orchestrator runbook, and an Operations Manager dashboard.

C.

A Virtual Machine Manager (VMM) service template, a Service Manager service offering, and an Orchestrator runbook.

D.

A Service Manager service offering, an Orchestrator runbook, and Configuration Managerpackages.

 

Correct Answer: C

 

 

QUESTION 13

Your network contains an internal network and a perimeter network. The internal network contains an Active Directory forest named contoso.com. The forest contains a Microsoft Exchange Server 2010 organization. All of the domain controllers in contoso.com run Windows Server 2012.

 

The perimeter network contains an Active Directory forest named litware.com.

 

You deploy Microsoft Forefront Unified Access Gateway (UAG) to litware.com. All of the domain controllers in litware.com run Windows Server 2012.

 

Some users connect from outside the network to use Outlook Web App.

 

You need to ensure that external users can authenticate by using client certificates.

 

What should you do?

More than one answer choice may achieve the goal. Select the BEST answer.

 

A.

To the perimeter network, add an Exchange server that has the Client Access server role installed.

B.

Deploy UAG to contoso.com.

C.

Enable Kerberos delegation in litware.com.

D.

Enable Kerberos constrained delegation in litware.com.

 

Correct Answer: D

 

 

QUESTION 14

Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.

 

You plan to deploy DirectAccess.

 

The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.

 

You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.

 

Solution: You enable force tunneling.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: A

 

 

QUESTION 15

Your network contains an Active Directory domain named contoso.com. The domain contains servers that run either Windows Server 2008 R2 or Windows Server 2012.

 

All client computers on the internal network are joined to the domain. Some users establish VPN connections to the network by using Windows computers that do not belong to the domain.

 

All client computers receive IP addresses by using DHCP.

 

You need to recommend a Network Access Protection (NAP) enforcement method to meet the following requirements:

 

clip_image002Verify whether the client computers have up-to-date antivirus software.

clip_image002[1]Provides a warning to users who have virus definitions that are out-of-date.

clip_image002[2]Ensure that client computers that have out-of-date virus definitions can connect to the network.

 

Which NAP enforcement method should you recommend?

 

A.

DHCP

B.

IPSec

C.

VPN

D.

802.1x

 

Correct Answer: A

Explanation:

http://technet.microsoft.com/en-us/library/cc733020(v=ws.10).aspx

NAP enforcement for DHCP

DHCP enforcement is deployed with a DHCP Network Access Protection (NAP) enforcement server component, a DHCP enforcement client component, and Network Policy Server (NPS).

Using DHCP enforcement, DHCP servers and NPS can enforce health policy when a computer attempts to lease or renew an IP version 4 (IPv4) address. However, if client computers are configured with a static IP address or are otherwise configured to circumvent the use of DHCP, this enforcement method is not effective.

 

 

QUESTION 16

Your network contains an Active Directory domain named contoso.com. The domain contains three Active Directory sites. The Active Directory sites are configured as shown in the following table.

 

clip_image003

 

The sites connect to each other by using the site links shown in the following table.

 

clip_image004

 

You need to design the Active Directory site topology to meet the following requirements:

 

clip_image002[3]Ensure that all replication traffic between Site2 and Site3 replicates through Site1 if a domain controller in Site1 is available.

clip_image002[4]Ensure that the domain controllers between Site2 and Site3 can replicate if all of the domain controllers in Site1 are unavailable.

 

What should you do?

 

A.

Delete Link2.

B.

Disable site link bridging.

C.

Delete Link3.

D.

Create one site link bridge.

 

Correct Answer: D

 

 

 

QUESTION 17

Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.

 

All client computers run either Windows 7 or Windows 8.

 

The corporate security policy states that all of the client computers must have the latest security updates installed.

 

You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.

 

Which Network Access Protection (NAP) enforcement method should you implement?

 

A.

VPN

B.

DHCP

C.

IPsec

D.

802.1x

 

Correct Answer: D

Explanation:

http://blogs.technet.com/b/wincat/archive/2008/08/19/network-access-protection-using-802-1x-vlan-s-orportacls-which-is-right-for-you.aspx

The most common method of the list is 802.1x for a variety of reasons. First, the industry has been selling 802.1x network authentication for the last 10 years. 1x gained tremendous popularity as wireless networking became prevalent in the late 90’s and early 2000’s and has been proven to be a viable solution to identifying assets and users on your network. For customers that have invested in 802.1x capable switches and access points, NAP can very easily be implemented to complement what is already in place. The Network Policy Server (NPS) role

Windows Server 2008 has been dramatically improved to make 802.1x policy creation much simpler to do.

 

 

QUESTION 18

DRAG DROP

Your company plans to deploy a remote access solution to meet the following requirements:

 

clip_image002[5]Ensure that client computers that are connected to the Internet can be managed remotely without requiring that the user log on.

clip_image002[6]Ensure that client computers that run Windows Vista or earlier can connect remotely.

clip_image002[7]Ensure that non-domain-joined computers can connect remotely by using TCP port 443.

 

You need to identify which remote access solutions meet the requirements.

 

Which solutions should you identify?

 

To answer, drag the appropriate solution to the correct requirement in the answer area. Each solution may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.

 

clip_image006

 

Correct Answer:

clip_image008

 

 

QUESTION 19

Your network contains an Active Directory forest named adatum.com. All domain controllers run Windows Server 2008 R2. The functional level of the domain and the forest is Windows Server 2008.

 

You deploy a new Active Directory forest named contoso.com. All domain controllers run Windows Server 2012 R2. The functional level of the domain and the forest is Windows Server 2012 R2.

 

You establish a two-way, forest trust between the forests. Both networks contain member servers that run either Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008.

 

You plan to use the Active Directory Migration Tool 3.2 (ADMT 3.2) to migrate user accounts from adatum.com to contoso.com. SID history will be used in contoso.com and passwords will be migrated by using a Password Export Server (PES).

 

You need to recommend which changes must be implemented to support the planned migration.

 

Which two changes should you recommend? Each correct answer presents part of the solution.

 

A.

In the contoso.com forest, deploy a domain controller that runs Windows Server 2008 R2.

B.

In the adatum.com forest, upgrade the functional level of the forest and the domain.

C.

In the contoso.com forest, downgrade the functional level of the forest and the domain.

D.

In the adatum.com forest, deploy a domain controller that runs Windows Server 2012 R2.

 

Correct Answer: AC

 

 

QUESTION 20

DRAG DROP

Your network contains an Active Directory domain named contoso.com. The domain contains an IP Address Management (IPAM) server.

 

You plan to delegate the administration of IPAM as shown in the following table.

 

clip_image009

 

You need to recommend which IPAM security group must be used for each department. The solution must minimize the number of permissions assigned to each group.

 

What should you recommend?

 

To answer, drag the appropriate group to the correct department in the answer area. Each group may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.

 

clip_image011

 

Correct Answer:

clip_image013

 

Free VCE & PDF File for Microsoft 70-980 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…