[Free] 2018(Aug) Ensurepass Microsoft 70-980 Dumps with VCE and PDF 261-270

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Microsoft Official New Released 70-980
100% Free Download! 100% Pass Guaranteed!

Recertification for MCSE: Server Infrastructure

Question No: 261 – (Topic 10)

You need to recommend a trust model.

What should you include in the recommendation?

  1. A one-way, forest trust that has selective authentication.

  2. A one-way, external trust

  3. A two-way, external trust

  4. A one-way, forest trust that has domain-wide authentication.

Answer: A

Explanation: As users in the Montreal office is in a separate site, and they need access to only to some of the resources, the File01 file server in New York and the File02 file server in Chicago, we should use a one-way forest trust with selective authentication.

  • When you enable the selective authentication feature of a forest trust relationship, users accessing cross-forest resources from one forest cannot authenticate to a domain controller or resource server (e.g., file server, print server) in the other forest unless they are explicitly allowed to do so. Selective authentication lessens the attack surface by restricting the quantity of authentication requests that can pass through an interforest trust.

  • From case study:

    / The Montreal site will have its own forest named montreal.proseware.com.

    / Users in the Montreal office must only be allowed to access shares that are located on File01 and File02. The Montreal users must be prevented from accessing any other servers in the proseware.com forest regardless of the permissions on the resources.

    Reference: http://windowsitpro.com/security/selective-authentication

    Question No: 262 – (Topic 10)

    You run the Get-DNSServer cmdlet on DC01 and receive the following output:

    Ensurepass 2018 PDF and VCE

    You need to recommend changes to DC01. Which attribute should you recommend modifying?

    1. EnablePollutionProtection

    2. isReadOnly

    3. Locking Percent

    4. ZoneType

    Answer: C

    Explanation: * Scenario: The DNS servers must be prevented from overwriting the existing DNS entries that have been stored in cache.

  • Cache locking is configured as a percent value. For example, if the cache locking value is set to 50, then the DNS server will not overwrite a cached entry for half of the duration of the TTL. By default, the cache locking percent value is 100. This means that cached entries will not be overwritten for the entire duration of the TTL. The cache locking value is stored in the CacheLockingPercent registry key. If the registry key is not present, then the DNS server will use the default cache locking value of 100.

  • Reference: DNS Cache Locking

    https://technet.microsoft.com/en-us/library/ee649148(v=ws.10).aspx

    Question No: 263 HOTSPOT – (Topic 10)

    You need to recommend a configuration for the DHCP infrastructure.

    What should you recommend? To answer, select the appropriate options in the answer area.

    Ensurepass 2018 PDF and VCE

    Ensurepass 2018 PDF and VCE

    Answer:

    Ensurepass 2018 PDF and VCE

    Explanation:

    Ensurepass 2018 PDF and VCE

    Box 1: DC02

    DC02 is in New York site, which does not have a DHCP server, and it is a domain controller (which is required).

    Not RAS01 as it is not a domain controller.

    Not DC4 or RAS02 as they are located in Chicago, and the Chicago site already has a DHCP server.

    Box 2: Host standby.

    In Host standby mode only one of the servers actively leases IP addresses.

    Not Load-Balanced as in this mode both DHCP servers answer client request, but according to scenario only one DHCP Server in each site must lease IP addresses at a given time.

    Box 3: State switchover interval

    For automatic state switchover to happen from communication interrupt to partner down

    state, you need to enable state switchover interval. If you don’t do that then you would need to manually transition primary server to partner down mode.

    • Scenario:

      鈥ll of the DHCP Server server roles must be installed on a domain controller.

      鈥nly one DHCP server in each site must lease IP addresses at any given time.

      Question No: 264 DRAG DROP – (Topic 10)

      You need to recommend changes for the Active Directory infrastructure.

      What should you recommend? To answer, drag the appropriate domain and forest functional levels for proseware.com to the correct locations. Each functional level may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

      Ensurepass 2018 PDF and VCE

      Answer:

      Ensurepass 2018 PDF and VCE

      Explanation:

      Ensurepass 2018 PDF and VCE

      From the scenario we have that Domain controllers that run Windows Server 2012 R2 and Windows Server 2008 R2 must be able to be deployed to the proseware.com domain. We should therefore set both domain functional level and forest functional level to Windows Server 2008 R2.

      Box 1: Windows Server 2008 R2

      We can set the domain functional level for proseware.com to Windows Server 2008 R2 as only Domain controllers that run Windows Server 2012 R2 and Windows Server 2008 R2 must be able to be deployed to the proseware.com domain.

      Box 2: Windows Server 2008 R2

      As we cannot set the domain functional level to a value that is lower than the forest functional level we should set the forest function level to Windows Server 2008 R2 as well.

      Question No: 265 DRAG DROP – (Topic 10)

      You need to recommend the VPN protocols for Proseware.

      What should you recommend? To answer, drag the appropriate VPN protocols to the correct offices. Each protocol may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content,

      Ensurepass 2018 PDF and VCE

      Answer:

      Ensurepass 2018 PDF and VCE

      Explanation:

      Ensurepass 2018 PDF and VCE

      Explanation Box 1: IKEv2

      An IKEv2 VPN provides resilience to the VPN client when the client moves from one wireless hotspot to another or when it switches from a wireless to a wired connection. This meets the requirement that users in the New York office must be able to reconnect to the remote access VPN servers automatically.

      Box 2: SSTP

      SSTP is the only of the listed tunneling protocols that uses SSL, and users in the Chicago office must use SSL to connect to the remote access VPN servers.

      Question No: 266 – (Topic 10)

      You need to recommend a solution for the RODC.

      Which attribute should you include in the recommendation?

      1. systemFlags

      2. searchFlags

      3. policy-Replication-Flags

      4. flags

      Answer: B

      Explanation: You can modify the searchFlags value for a read-only domain controller (RODC) to indicate confidential data on order to exclude specific data from replicating to RODCs in the forest. This meets the requirement as it is stated that RODCs must not contain personal user information.

      Reference: Customize the RODC Filtered Attribute Set https://technet.microsoft.com/en-us/library/cc754794(v=ws.10).aspx

      Topic 11, Litware, Inc Overview

      Litware, Inc., is a manufacturing company. The company has a main office and two branch offices. The main office is located in Seattle. The branch offices are located in Los Angeles and Boston.

      Existing Environment Active Directory

      The network contains an Active Directory forest named litwareinc.com. The forest contains

      a child domain for each office. The child domains are named boston.litwareinc.com and la.litwareinc.com. An Active Directory site exists for each office.

      In each domain, all of the client computer accounts reside in an organizational unit (OU) named AllComputers and all of the user accounts reside in an OU named AllUsers.

      All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. The functional level of the domain and the forest is Windows Server 2008.

      Network Infrastructure

      The main office has the following servers:

      -> Five physical Hyper-V hosts that run Windows Server 2012

      -> Three virtual file servers that run Windows Server 2008 R2

      -> One physical DHCP server that runs Windows Server 2008 R2

      -> Ten physical application servers that run Windows Server 2012

      -> One virtual IP Address Management (IPAM) server that runs Windows Server 2012

      -> One virtual Windows Server Update Services (WSUS) server that runs Windows Server 2008 R2

      -> One physical domain controller and two virtual domain controllers that run Windows Server 2008 R2

      Each branch office has following servers:

      -> One virtual file server that runs Windows Server 2008 R2

      -> Two physical Hyper-V hosts that run Windows Server 2012

      -> One physical DHCP server that runs Windows Server 2008 R2

      -> One physical domain controller and two virtual domain controllers that run Windows Server 2008 R2

      All of the offices have a high-speed connection to the Internet. The offices connect to each other by using T1 leased lines.

      The IPAM server in the main office gathers data from the DNS servers and the DHCP servers in all of the offices.

      Requirements Planned Changes

      The company plans to implement the following changes:

      -> Implement the Active Directory Recycle Bin.

      -> Implement Network Access Protection (NAP).

      -> Implement Folder Redirection in the Boston office only.

      -> Deploy an application named Appl to all of the users in the Boston office only.

      -> Migrate to IPv6 addressing on all of the servers in the Los Angeles office. Some application servers in the Los Angeles office will have only IPv6 addresses.

      Technical Requirements

      The company identifies the following technical requirements:

      -> Minimize the amount of administrative effort whenever possible.

      -> Ensure that NAP with IPSec enforcement can be configured.

      -> Rename boston.litwareinc.com domain to bos.litwareinc.com.

      -> Migrate the DHCP servers from the physical servers to a virtual server that runs Windows Server 2012.

      -> Ensure that the members of the Operators groups in all three domains can manage the IPAM server from their client computer.

      VPN Requirements

      You plan to implement a third-party VPN server in each office. The VPN servers will be configured as RADIUS clients. A server that runs Windows Server 2012 will perform RADIUS authentication for all of the VPN connections.

      Visualization Requirements

      The company identifies the following visualization requirements:

      -> Virtualize the application servers.

      -> Ensure that the additional domain controllers for the branch offices can be deployed by using domain controller cloning.

      -> Automatically distribute the new virtual machines to Hyper-V hosts based on the current resource usage of the Hyper-V hosts.

      Server Deployment Requirements

      The company identifies the following requirements for the deployment of new servers on

      the network:

      -> Deploy the new servers over the network.

      -> Ensure that all of the server deployments are done by using multicast.

      Security Requirements

      A new branch office will open in Chicago. The new branch office will have a single read- only domain controller (RODC). Confidential attributes must not be replicated to the Chicago office.

      Question No: 267 – (Topic 11)

      You need to recommend a change to the Active Directory environment to support the company#39;s planned changes.

      What should you include in the recommendation?

      1. Raise the functional level of the domain and the forest.

      2. Implement Administrator Role Separation.

      3. Upgrade the domain controllers that have the PDC emulator master role to Windows Server 2012.

      4. Upgrade the domain controller that has the domain naming master role to Windows Server 2012.

      Answer: A Explanation:

    • Scenario planned changes include: Implement the Active Directory Recycle Bin. The functional level of the domain and the forest is Windows Server 2008.

    • To support the Active Directory Recycle Bin, the functional level of your AD LDS configuration set to Windows Server 2008 R2 or higher.

      Incorrect:

      Not C: All domain controllers, not just the ones with the PDC emulator role, must be upgraded to Windows Server 2012.

      Not D: All domain controllers, not just the ones domain naming master role, must be upgraded to Windows Server 2012.

      Reference: Requirements for Active Directory Recycle Bin https://technet.microsoft.com/en-us/library/dd379484(v=ws.10).aspx

      Question No: 268 – (Topic 11)

      You need to recommend changes to the Active Directory site topology to support on the company#39;s planned changes.

      What should you include in the recommendation?

      1. A new site

      2. A new site link bridge

      3. A new site link

      4. A new subnet

      Answer: D Explanation:

      From the Planned Changes section of the scenario we find that a migration to IPv6 addressing in the Los Angeles office will happen.

      A new subnet would be needed to implement this change.

      Incorrect:

      Not A: A new branch office will open in Chicago, and this would require a new site. However, this change is classified as Security Requirements, not as Planned Changes.

      Reference: Understanding Sites, Subnets, and Site Links http://technet.microsoft.com/en-us/library/cc754697.aspx

      Question No: 269 – (Topic 11)

      You need to recommend changes to the Active Directory environment to support the virtualization requirements.

      What should you include in the recommendation?

      1. Raise the functional level of the domain and the forest.

      2. Upgrade the domain controller that has the domain naming master role to Windows

        Server 2012.

      3. Implement Administrator Role Separation.

      4. Upgrade the domain controllers that have the PDC emulator master role to Windows Server 2012.

      Answer: D

      Explanation: * From case study: Ensure that the additional domain controllers for the branch offices can be deployed by using domain controller cloning.

    • To support DC cloning the PDC emulator role holder must be online and available to the cloned DC and must be running Windows Server 2012.

      Reference: Virtual Domain Controller Cloning in Windows Server 2012

      https://blogs.technet.microsoft.com/askpfeplat/2012/10/01/virtual-domain-controller-cloning- in-windows-server-2012/

      Question No: 270 – (Topic 11)

      You need to recommend an IPAM management solution for the Operators groups. The solution must meet the technical requirements.

      What should you include in the recommendation?

      1. Run the Invoke-IpamGpoProvisioningcmdlet in all three domains. Add the computers used by the members of the Operators group to the IPAM server.

      2. Modify the membership of the IPAM Administrators group and the WinRMRemoteWMIUsers_ group on the IPAM server.

      3. Run the Set-IpamConfigurationcmdlet and modify the membership of the WinRMRemoteWMRJsers_ group on the IPAM server.

      4. Run the Set-IpamConfigurationcmdlet on the IPAM server. Run the Invoke- IpamGpoProvisioningcmdlet in all three domains.

      Answer: B Explanation:

      Scenario: Ensure that the members of the Operators groups in all three domains can manage the IPAM server from their client computer.

      100% Ensurepass Free Download!
      70-980 PDF
      100% Ensurepass Free Guaranteed!
      70-980 Dumps

      EnsurePass ExamCollection Testking
      Lowest Price Guarantee Yes No No
      Up-to-Dated Yes No No
      Real Questions Yes No No
      Explanation Yes No No
      PDF VCE Yes No No
      Free VCE Simulator Yes No No
      Instant Download Yes No No