Question 6 of 137

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run

Windows Server 2012 R2.

Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a cluster disk resource.

A developer creates an application named App1. App1 is NOT a cluster-aware application. App1 runs as a service. App1 stores date on the cluster disk resource.

You need to ensure that App1 runs in Cluster1. The solution must minimize development effort.

Which cmdlet should you run?

    Correct Answer: A

    Since App1 runs as a service, the appropriate cmdlet to ensure high availability within the failover cluster would be Add-ClusterGenericServiceRole. This cmdlet is specifically used to configure high availability for services that were not originally designed to run in a failover cluster. This ensures that the failover cluster monitors the service itself, rather than just the process, providing a more accurate and efficient way to ensure App1's availability.

Question 7 of 137

Your network contains a perimeter network and an internal network. The internal network contains an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store.

You plan to deploy a federation server proxy to a server named Server2 in the perimeter network.

You need to identify which value must be included in the certificate that is deployed to Server2.

What should you identify?

    Correct Answer: B

    When deploying a federation server proxy in a perimeter network, the certificate that is used on the proxy server must include the name of the Federation Service. This ensures that the subject name in the server authentication certificate matches the Federation Service name value that is specified in the AD FS Management snap-in. This matching is necessary for proper communication and trust between the proxy and the federation server.

Question 8 of 137

You have a server named Server1 that runs Windows Server 2012 R2.

From Server Manager, you install the Active Directory Certificate Services server role on Server1.

A domain administrator named Admin1 logs on to Server1.

When Admin1 runs the Certification Authority console, Admin1 receive the following error message.

You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.

What should you do?

    Correct Answer: D

    The error message indicates that the Active Directory Certificate Services (AD CS) role has been installed, but it has not been configured yet. To resolve this issue, you need to complete the configuration of the AD CS role. This can be done from Server Manager by selecting the AD CS role and following the configuration steps to set up the certification authority. Once the AD CS role is configured, the Certification Authority console should open without any errors.

Question 9 of 137

Your network contains an Active Directory domain named contoso.com.

A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS).

After the proof of concept was complete, the Active Directory Rights Management Services server role was removed.

You attempt to deploy AD RMS.

During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found.

You need to remove the existing AD RMS SCP.

Which tool should you use?

    Correct Answer: D

    E

    ADRMS will registered the Service Connection Point (SCP) in Active Directory and you will need to unregister first before you remove the ADRMS server role.

    If your ADRMS server is still alive, you can easily manually remove the SCP by below:

    Reference: How to manually remove or reinstall ADRMS

Question 10 of 137

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.

DC1 has the DNS Server server role installed.

The network contains client computers that run either Linux, Windows 7, or Windows 8. You have a standard primary zone named adatum.com as shown in the exhibit. (Click the Exhibit button.)

You plan to configure Name Protection on all of the DHCP servers.

You need to configure the adatum.com zone to support Name Protection.

Which two configurations should you perform from DNS Manager? (Each correct answer presents part of the solution. Choose two.)

    Correct Answer: C, D

    BD

    Name protection requires secure update to work. Without name protection DNS names may be hijacked.

    You can use the following procedures to allow only secure dynamic updates for a zone. Secure dynamic update is supported only for Active Directoryintegrated zones. If the zone type is configured differently, you must change the zone type and directory-integrate the zone before securing it for Domain Name System

    (DNS) dynamic updates.

    1. (B) Convert primary DNS server to Active Directory integrated primary

    2. (D) Enable secure dynamic updates

    Reference: DHCP: Secure DNS updates should be configured if Name Protection is enabled on any IPv4 scope http://technet.microsoft.com/en-us/library/ee941152(v=ws.10).aspx