Which two actions should you perform?
Your network contains an Active Directory domain named contoso.com. The domain contains a file
server named Server1 and a domain controller named DC1. All servers run Windows Server 2012 R2.
A Group Policy object (GPO) named GPO1 is linked to the domain.
Server1 contains a folder named Folder1. Folder1 is shared as Share1.
You need to ensure that authenticated users can request assistance when they are denied access to
the resources on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose
two.)
You need to ensure that you can configure access-denied assistance on Server1 manually by using File Server Re
Your network contains an Active Directory domain named contoso.com. The domain contains a file
server named Server1. The File Server Resource Manager role service is installed on Server1. All
servers run Windows Server 2012 R2.
A Group Policy object (GPO) named GPO1 is linked to the organizational unit (OU) that contains
Server1. The following graphic shows the configured settings in GPO1.
Server1 contains a folder named Folder1. Folder1 is shared as Share1.
You attempt to configure access-denied assistance on Server1, but the Enable access-denied
assistance option cannot be selected from File Server Resource Manager.
You need to ensure that you can configure access-denied assistance on Server1 manually by using
File Server Resource Manager.
What should you do?
You need to ensure that access requests are unaffected when the rule is published
Your network contains an Active Directory domain named contoso.com. All servers run Windows
Server 2012 R2.
You are creating a central access rule named Test Finance that will be used to audit members of the
Authenticated users group for access failure to shared folders in the finance department.
You need to ensure that access requests are unaffected when the rule is published.
What should you do?
Which rule types should you configure on each side of the federated trust?
DRAG DROP
Your network contains two Active Directory forests named contoso.com and adatum.com. All
domain controllers run Windows Server 2012 R2.
A federated trust exists between adatum.com and contoso.com. The trust provides adatum.com
users with access to contoso.com resources.
You need to configure Active Directory Federation Services (AD FS) claim rules for the federated
trust.
The solution must meet the following requirements:
In contoso.com, replace an incoming claim type named Group with an outgoing claim type named
Role.
In adatum.com, allow users to receive their tokens for the relying party by using their Active
Directory group membership as the claim type.
The AD FS claim rules must use predefined templates.
Which rule types should you configure on each side of the federated trust?
To answer, drag the appropriate rule types to the correct location or locations. Each rule type may
be used once, more than once, or not at all. You may need to drag the split bar between panes or
scroll to view content.
You need to ensure that all users from the Internet are pre-authenticated before they can access App1
DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains two
servers named Server1 and Server3. The network contains a standalone server named Server2. All
servers run Windows Server 2012 R2. The servers are configured as shown in the following table.
Server3 hosts an application named App1. App1 is accessible internally by using the URL
https://app1.contoso.com. App1 only supports Integrated Windows authentication.
You need to ensure that all users from the Internet are pre-authenticated before they can access
App1.
What should you do? To answer, drag the appropriate servers to the correct actions. Each server
may be used once, more than once, or not at all. You may need to drag the split bar between panes
or scroll to view content.
How should you configure the certificate request?
DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 R2.
You plan to install the Active Directory Federation Services server role on Server1 to allow for
Workplace Join.
You run nslookupenterpriseregistration and you receive the following results:
You need to create a certificate request for Server1 to support the Active Directory Federation
Services (AD FS) installation.
How should you configure the certificate request? To answer, drag the appropriate names to the
correct locations. Each name may be used once, more than once, or not at all. You may need to drag
the split bar between panes or scroll to view content.
Which Windows PowerShell command should you run?
You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure
uses Active Directory as the attribute store.
Some users report that they fail to authenticate to the AD FS infrastructure.
You discover that only users who run third-party web browsers experience issues.
You need to ensure that all of the users can authenticate to the AD FS infrastructure successfully.
Which Windows PowerShell command should you run?
What should you identify?
Your network contains a perimeter network and an internal network. The internal network contains
an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active
Directory as the attribute store.
You plan to deploy a federation server proxy to a server named Server2 in the perimeter network.
You need to identify which value must be included in the certificate that is deployed to Server2.
What should you identify?
Which two actions should you perform?
Your network contains an Active Directory domain named contoso.com. The domain contains
servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active
Directory Federation Services server role installed.Server2 is a file server.
Your company introduces a Bring Your Own Device (BYOD) policy.
You need to ensure that users can use a personal device to access domain resources by using Single
Sign-On (SSO) while they are connected to the internal network.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose
two.)
What should you run from Windows PowerShell?
DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains four
member servers named Server 1, Server2, Server3, and Server4. All servers run Windows Server
2012 R2.
Server1 and Server2 are located in a site named Site1. Server3 and Server4 are located in a site
named Site2. The servers are configured as nodes in a failover cluster named Cluster1.
Cluster1 is configured to use the Node Majority quorum configuration.
You need to ensure that Server1 is the only server in Site1 that can vote to maintain quorum.
What should you run from Windows PowerShell?
To answer, drag the appropriate commands to the correct location. Each command may be used
once, more than once, or not at all. You may need to drag the split bar between panes or scroll to
view content.
