Your company has a main office and a branch office. Each office contains several hundred
computers that run Windows 2012.
You plan to deploy two Windows Server Update Services (WSUS) servers. The WSUS
servers will be configured as shown in the following table.

You need to implement the WSUS infrastructure to meet the following requirements:
All updates must be approved from a server in the main office.
All client computers must connect to a WSUS server in their local office.
What should you do? (Each correct answer presents part of the solution. Choose all that
apply.

Your company has a human resources department a finance department, a sales
department and an R&D department.
The company audits the access of documents that contain department-specific sensitive
information.
You are planning an administrative model for the departments to meet the following
requirements:
Provide R&D managers with the ability to back up all the files of their department only.
Provide finance managers with the ability to view the audit logs for the files of their
department only.
Provide human resources managers with the ability to view the audit logs for the files of their
department only.
Provide sales managers with the ability to modify the permissions on all the shared folders of
their department only.
You need to identify the minimum amount of file servers required on the network to meet the
requirements of each department.
How many file servers should you identify?

Your network contains an Active Directory domain named contoso.com. The network
contains two servers named Server1 and Server2.
You deploy Active Directory Certificate Services (AD CS). The certification authority (CA) is
configured as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that you can issue certificates based on certificate templates.
What should you do?

Your network contains an Active Directory forest named contoso.com.
Your company works with a partner company that has an Active Directory forest named
fabrikam.com. Both forests contain domain controllers that run only Windows Server 2012 R2.
The certification authority (CA) infrastructure of both companies is configured as shown in
the following table.

You need to recommend a certificate solution that meets the following requirements:
Server authentication certificates issued from fabrikam.com must be trusted automatically by
the computers in contoso.com.

The computers in contoso.com must not trust automatically any other type of certificates
issued from the CA hierarchy in fabrikam.com.
What should you include in the recommendation?

Your network contains an Active Directory domain named contoso.com.
Your company has an enterprise root certification authority (CA) named CA1.
You plan to deploy Active Directory Federation Services (AD FS) to a server named Server1.
The company purchases a Microsoft Office 365 subscription.
You plan to register the company’s SMTP domain for Office 365 and to configure single
sign-on for all users.
You need to identify which certificate or certificates are required for the planned deployment.
Which certificate or certificates should you identify? {Each correct answer presents a
complete solution. Choose all that apply.)

Your network contains five Active Directory forests.

You plan to protect the resources in one of the forests by using Active Directory Rights
Management Services (AD RMS).
Users in all of the forests will access the protected resources.
You need to identify the minimum number of AD RMS clusters required for the planned
deployment.
What should you identify?

DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain
contains two domain controllers named DC1 and DC2. The domain contains a server named
Server1.
Server1 is a certification authority (CA). All servers run Windows Server 2012 R2.
You plan to deploy BitLocker Drive Encryption (BitLocker) to all client computers. The unique
identifier for your organization is set to Contoso.
You need to ensure that you can recover the BitLocker encrypted data by using a BitLocker
data recovery agent. You must be able to perform the recovery from any administrative computer.
Which four actions should you perform in sequence? To answer, move the appropriate
actions from the list of actions to the answer area and arrange them in the correct order.

Your network contains an Active Directory domain named contoso.com. The network
contains a perimeter network. The perimeter network and the internal network are separated
by a firewall.
On the perimeter network, you deploy a server named Server1 that runs Windows Server
2012.
You deploy Active Directory Certificate Services (AD CS).
Each user is issued a smart card.
Users report that when they work remotely, they are unable to renew their smart card
certificate.
You need to recommend a solution to ensure that the users can renew their smart card
certificate from the Internet.
What should you recommend implementing on Server1?
More than one answer choice may achieve the goal. Select the BEST answer.

Your network contains an Active Directory domain named contoso.com.

You plan to deploy an Active Directory Federation Services (AD FS) farm that will contain
eight federation servers.
You need to identify which technology or technologies must be deployed on the network
before you install the federation servers.
Which technology or technologies should you identify? (Each correct answer presents part of
the solution. Choose all that apply.)

HOTSPOT
You plan to deploy a certification authority (CA) infrastructure that contains the following servers:
+ An offline standalone root CA named CA1
+ An enterprise subordinate CA named CA2
On all of the computers, you import the root CA certificate from CA1 to the Trusted Root
Certification Authorities Certificates store.
You need to ensure that CA2 can issue certificates for the CA hierarchy.
What should you do? To answer, select the appropriate options in the answer area.