[Free] New Updated (October) Microsoft 70-980 Real Exam 21-30

Ensurepass

 

QUESTION 21

DRAG DROP

Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the following table.

 

clip_image001

 

You plan to implement Network Access Protection (NAP) with IPSec enforcement on all client computers.

 

You need to identify on which servers you must perform the configurations for the NAP deployment.

 

Which servers should you identify?

 

To answer, drag the appropriate servers to the correct actions. Each server may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

 

clip_image002

 

Correct Answer:

clip_image003

 

 

QUESTION 22

You deploy an Active Directory domain named contoso.com to the network. The domain is configured as an Active Directory-integrated zone. All domain controllers run Windows Server 2012 and are DNS servers.

 

You plan to deploy a child domain named operations.contoso.com.

 

You need to recommend changes to the DNS infrastructure to ensure that users in the operations department can access the servers in the contoso.com domain.

 

What should you include in the recommendation?

 

A.

A zone delegation for _msdcs.contoso.com

B.

Changes to the replication scope of contoso.com

C.

Changes to the replication scope of _msdcs.contoso.com

D.

Changes to the replication scope of operations.contoso.com

 

Correct Answer: B

Explanation:

http://support.microsoft.com/kb/255248

Manually Create a Delegation for the Child Domain on the Parent (Root) DNS Server

1. Right-click the root zone, click New Delegation, and then click Next.

2. Type the domain name for the child domain, and then click Next.

3. Add the child DNS server to host the new zone, and then click Next. NOTE: A domain controller that is a DNS server should have a static Transport Control Protocol/Internet Protocol

(TCP/IP) address. Verify that this step is performed before you install DNS on the child domain controller. If no DNS TCP/IP address exists, DNS is installed as a root server. If you see that a

“.” folder is created after you install DNS, you must remove the root configuration. For additional information about how to do this, click the article number below to view the article in the Microsoft Knowledge Base:

229840 DNS Server’s Root Hints and Forwarder Pages Are Unavailable

4. On the child domain DNS server, right-click My Network Places, and then click Properties.

5. Right-click the appropriate local connection, and then click Properties.

6. Under Components checked are used by this connection, click Internet Protocol (TCP/IP), and then click Properties.

7. Click Use the following DNS server addresses:, and then type the TCP/IP address of the parent (root) DNS server.

 

QUESTION 23

HOTSPOT

Your network contains an Active Directory forest name fabrikam.com. The forest contains two domains named fabrikam.com and contoso.com. All servers run Windows Server 2012 R2.

 

The forest contains a DHCP server named Server1 and a DNS server named Server2.

 

You need to recommend a solution to ensure that any computers that are neither members of contoso.com nor fabrikam.com receive a DNS suffix of guest.fabrikam.com.

 

What two commands should you run?

 

To answer, select the appropriate options in the answer area.

 

clip_image005

 

Correct Answer:

clip_image007

 

 

QUESTION 24

Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.

 

clip_image008

 

All client computers run either Windows 7 or Windows 8.

 

The corporate security policy states that all of the client computers must have the latest security updates installed.

 

You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.

 

Solution: You implement the VPN enforcement method.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: B

 

 

QUESTION 25

Your company has two main offices and 10 branch offices. Each office is configured as a separate Active Directory site.

 

The main offices sites are named Site1 and Site2. Each office connects to Site1 and Site2 by using a WAN link. Each site contains a domain controller that runs Windows Server 2008.

 

You are redesigning the Active Directory infrastructure.

 

You plan to implement domain controllers that run Windows Server 2012 and decommission all of the domain controllers that run Windows Server 2008.

 

You need to recommend a placement plan for the Windows Server 2012 domain controllers to meet the following requirements:

 

clip_image010Ensure that users can log on to the domain if a domain controller or a WAN link fails.

clip_image010[1]Minimize the number of domain controllers implemented.

 

What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.)

 

A.

Read-only domain controllers (RODCs) in the branch office sites

B.

A writable domain controller in Site1

C.

A writable domain controller in Site2

D.

Writable domain controllers in the branch office sites

 

Correct Answer: BCD

 

 

QUESTION 26

You are designing an Active Directory forest for a company named Contoso, Ltd. Contoso identifies the following administration requirements for the design:

 

User account administration and Group Policy administration will be performed by network technicians. The technicians will be added to a group named OUAdmins. IT staff who are responsible for backing up servers will have user accounts that are members of the Backup Operators group in the domain. All user accounts will be located in an organizational unit (OU) named AllEmployees.

 

You run the Delegation of Control Wizard and assign the OUAdmins group full control to all of the objects in the AllEmployeesOU.

 

After delegating the required permissions, you discover that the user accounts of some of the IT staff have inconsistent permissions on the objects in AllEmployees.

 

You need to recommend a solution to ensure that the members of OUAdmins can manage all of the objects in AllEmployees.

 

What should you include in the recommendation?

 

A.

Remove the IT staff user accounts from Backup Operators and place them in a new group. Grant the new group the Backup files and directories user right and the Restore files and directories user right. Enforce permission inheritance on all of the objects in the AllEmployeesOU.

B.

Create separate administrator user accounts for the technicians. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Delegate permissions to the new useraccounts.

C.

Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard.

D.

Move the user accounts of the technicians to a separate OU. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard on the AllEmployeesOU.

 

Correct Answer: B

 

 

QUESTION 27

DRAG DROP

Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2008 R2.

 

You plan to replace the domain controllers with new servers that run Windows Server 2012. The new servers will be named DC3 and DC4.

 

You need to recommend a strategy to replace DC1 and DC2 with DC3 and DC4. The solution must minimize the amount of disruption to the users.

 

Which three actions should you recommend?

 

To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.

 

clip_image012

 

Correct Answer:

clip_image014

 

 

QUESTION 28

Your company has a main office and four branch offices. The main office is located in London.

 

The network contains an Active Directory domain named contoso.com. Each office contains one domain controller that runs Windows Server 2012. The Active Directory site topology is configured as shown in the exhibit. (Click the Exhibit button.)

 

clip_image015

 

You discover that when a domain controller in a branch office is offline for maintenance, users in that branch office are authenticated by using the domain controllers in any of the sites.

 

You need to recommend changes to Active Directory to ensure that when a domain controller in a branch office is offline, the users in that branch office are authenticated by the domain controllers in London.

 

What should you include in the recommendation?

 

A.

Modify the DC Locator DNS Records settings.

B.

Disable site link bridging.

< /td>

C.

Modify the site link costs.

D.

Modify the service location (SRV) records in DNS.

 

Correct Answer: A

Explanation:

After having read several articles on the subject, I would say the correct answer for this question would be modifying the DC locator DNS record. Though I have never used it in any environment I worked in. But I am not sure. If anyone can clarify this one, mail me at badmuts13(a)gmail.com

 

 

QUESTION 29

Your network contains an Active Directory domain named contoso.com.

 

All client computers run either Windows 7 or Windows 8.

 

Some users work from customer locations, hotels, and remote sites. The remote sites often have firewalls that limit connectivity to the Internet.

 

You need to recommend a VPN solution for the users.

 

Which protocol should you include in the recommendation?

 

A.

PPTP

B.

SSTP

C.

IKEv2

D.

L2TP/IPSec

 

Correct Answer: B

 

 

QUESTION 30

Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites. You plan to deploy DirectAccess.

 

The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.

 

You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.

 

What should you include in the recommendation?

 

A.

Set the ISATAP State to state enabled.

B.

Enable split tunneling.

C.

Set the ISATAP State to state disabled.

D.

Enable force tunneling.

 

Correct Answer: D

Explanation:

http://blogs.technet.com/b/csstwplatform/archive/2009/12/15/directaccess-how-to-configure-forcetunneling-forda-so-that-client-are-forced-to-use-ip-https.aspx

You can configure DirectAccess clients to send all of their traffic through the tunnels to the DirectAccess server with force tunneling. When force tunneling is configured, DirectAccess clients that detect that they are on the Internet modify their IPv4 default route so that default route IPv4 traffic is not sent. With the exception of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that goes through tunnels to the DirectAccess server.

 

Free VCE & PDF File for Microsoft 70-980 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…