PrepAway - Latest Free Exam Questions & Answers

What should you deploy?

A company has Active Directory Domain Services (AD DS) domain controllers that run on Windows Server
2012 R2 servers. There are two forests, and each has a single domain. There is a two-way forest trust between
the forests. The company uses Hyper-V for server visualization. The Hyper-V environment contains the HyperV host servers as shown in the following table:

You prepare to deploy System Center 2012 R2 Data Protection Manager (DPM) to back up the Hyper-V
environment. The deployment must meet the followingrequirements:
ensure that all Hyper-V servers can be backed up byusing DPM Hyper-v hosts in the perimeter network must
use certificate-based authentication Hyper-V hosts in the internal network must use Kerberos authentication
minimize the total number of DPM servers
You need to deploy DPM to the environment.
What should you deploy?

PrepAway - Latest Free Exam Questions & Answers

A.
four DPM servers in the internal network and two DPM servers in the perimeter network

B.
two DPM servers in the internal network only

C.
two DPM servers in the internal network and two DPM servers in the perimeter network

D.
two DPM servers in the internal network and one DPM server in the per meter network

21 Comments on “What should you deploy?

    1. Ahmed says:

      I think C is correct Answer we need two server on each location for redundancy purpose

      See the following note

      DPM 2012 brings certificate-based authentication to bear on the following workloads: File Server, Hyper-V and SQL Server in both standalone and clustered configurations. You can also use certificate-based authentication on a secondary DPM 2012 server for disaster recovery to protect data sources in a non-trusted domain when the primary DPM 2012 server fails. The two DPM 2012 servers need to be in the same or trusted domains. The only data sources that support certificate-based protection that are missing from this lineup are Exchange, SharePoint and Bare-Metal Recovery/System State.




      0



      0
  6. Scorpio says:

    I agree with tvojahlava
    Key – Hyper-v hosts in the perimeter network must use certificate-based authentication
    DPM 2012 R2 can do certificate based authentication so 2 DPM servers are more than enough to back up entire environment

    Does anyone else have better explanation?




    0



    0
  8. koka says:

    there is 2 type of this question: first this one with at least 1 DPM

    answers:
    A. four DPM servers in the internal network and two DPM servers in the perimeter network
    B.two DPM servers in the internal network only
    C.two DPM servers in the internal network and two DPM servers in the perimeter network
    D.two DPM servers in the internal network and one DPM server in the per meter network

    second question with minimum of 2 DPM each host, so:
    A.four DPM servers in the internal network and two DPM servers in the perimeter network
    B.two DPM servers in the internal network and one DPM server in the perimeter network
    C.two DPM servers in the internal network only
    D.two DPM servers in the internal network and two DPM servers in the perimeter network

    logicaly, onlu
    D and A makes sense?




    0



    0
  10. Bill says:

    Is it my opinion that neither of the suggested answers are correct!

    Explanation:

    DPM can protect servers and workstations across domains within a forest that has a two way trust relationship with the domain that has the DPM server.
    Since, in the question it states that there is a two-way trust relationship between the forests “contoso.com” and “fabrikam.com”, only 1 DPM server installed in either domain would be enough.
    http://technet.microsoft.com/en-us/library/hh758203.aspx

    Also, since, you can manually install a DPM agent to an untrusted domain or workgroup (aka in a perimeter network/DMZ) with the option “-IsNonDomainServer”, you do not need to install DPM on “ext.contoso.com”.
    http://technet.microsoft.com/en-us/library/hh757942.aspx

    Thus, only 1 DPM server would suffice!

    But since this is obviously a trick question, I would go with either B or D.




    0



    0
  11. mark86 says:

    I think that the best answer is D and I explain why:

    1) here http://technet.microsoft.com/en-us/library/hh916530.aspx it is written that

    “DPM supports protecting DPM SERVERS THAT ARE IN UNTRUSTED DOMAINS if the primary and secondary DPM servers are in domains that trust each other or if they are in the same domain”.

    So there must be at least one DPM Server in the untrusted domain in order for the two DPM servers in the internal network to protect it.

    2) here http://technet.microsoft.com/en-us/library/hh757954.aspx it is written that

    “Restrictions: Protection of perimeter network (DMZ) machines is not supported in DPM.”

    So there must be another DPM Server in the untrusted domain in order for the two DPM servers in the internal network to protect it.




    0



    0
    1. Arie says:

      Agreed, the correct answer is D.

      Since at least one DPM server is required in the perimeter network, answer B is not correct. Since one of the requirements is to minimize the total number of DPM servers, answer A and C are not correct. Answer D fulfills all the requirements.




      0



      0
  14. Stefan says:

    The question explains there is a 2-way forest trust, but doesn’t talk about a 2-way domain trust. So you would need 2 DPM servers in the internal network.

    https://technet.microsoft.com/en-us/library/hh758179.aspx

    “A DPM server can resources in a domain, or across domains within a forest that has a two-way trust relationship with the domain that the DPM server is located in. If there is not a two-way trust across domains, you need a separate DPM server for each domain. A DPM server can protect data across forest if there’s a forest-level two-way trust between the forests.”




    0



    0
  15. Cribb says:

    I was thinking B at first but after reading this:

    https://technet.microsoft.com/en-us/magazine/jj554308.aspx

    where it states:

    “While most machines in an enterprise are joined to a domain, there are often situations where you have to protect computers in untrusted domains or workgroup situations (perimeter network). DPM 2010 protected these workloads with local accounts and Windows NT LAN Manager (NTLM) authentication. Due to weaknesses in NTLM and the hassle of local account management and auditing, this wasn’t a great solution.

    DPM 2012 brings certificate-based authentication to bear on the following workloads: File Server, Hyper-V and SQL Server in both standalone and clustered configurations. You can also use certificate-based authentication on a secondary DPM 2012 server for disaster recovery to protect data sources in a non-trusted domain when the primary DPM 2012 server fails. The two DPM 2012 servers need to be in the same or trusted domains. The only data sources that support certificate-based protection that are missing from this lineup are Exchange, SharePoint and Bare-Metal Recovery/System State.”

    I am now thinking D

    I have been known to mis-read or mis-understand things before…someone correct me if you think I am wrong




    0



    0
  16. Remzo says:

    Answer B

    “DPM can protect servers and workstations across domains within a forest that has a two-way trust relationship with the domain that the DPM server is located in. If there is not a two-way trust across domains, you can protect the computers using DPM’s support for computers in workgroups or untrusted domains. For more information, see Managing Protected Computers in Workgroups and Untrusted Domains.”

    https://technet.microsoft.com/en-us/library/hh757757(v=sc.12).aspx

    So, one DPM can backup all, but since that’s not an answer. Next best is 2 DPM’s




    0



    0

Leave a Reply