You install the Active Directory Certificate Services server role on Server2 and configure the server as an en
Your network contains an Active Directory domain named contoso.com. The network
contains a server named Server1 that runs Windows Server 2012. Server1 has the Active
Directory Certificate Services server role installed. Server1 is configured as an offline
standalone root certification authority (CA).
You install the Active Directory Certificate Services server role on Server2 and configure the
server as an enterprise subordinate CA.
You need to ensure that the certificate issued to Server2 is valid for 10 years.
What should you do first?
Which NAP enforcement method should you recommend?
Your network contains an Active Directory domain named contoso.com. The domain
contains servers that run either Windows Server 2008 R2 or Windows Server 2012.
All client computers on the internal network are joined to the domain. Some users establish
VPN connections to the network by using Windows computers that do not belong to the
domain.
All client computers receive IP addresses by using DHCP.
You need to recommend a Network Access Protection (NAP) enforcement method to meet
the following requirements:
Verify whether the client computers have up-to-date antivirus software.
Provides a warning to users who have virus definitions that are out-of-date.
Ensure that client computers that have out-of-date virus definitions can connect to the
network.
Which NAP enforcement method should you recommend?
You need to ensure that the certificate revocation list (CRL) is available to all of the users
Your company has an office in New York.
Many users connect to the office from home by using the Internet.
You deploy an Active Directory Certificate Services (AD CS) infrastructure that contains an
enterprise certification authority (CA) named CA1. CA1 is only available from hosts on the
internal network.
You need to ensure that the certificate revocation list (CRL) is available to all of the users.
What should you do? (Each correct answer presents part of the solution. Choose all that
apply.)
What should you recommend?
Your company is a hosting provider that provides cloud-based services to multiple
customers.
Each customer has its own Active Directory forest located in your company’s datacenter.
You plan to provide VPN access to each customer. The VPN solution will use RADIUS for
authentication services and accounting services.
You need to recommend a solution to forward authentication and accounting messages from
the perimeter network to the Active Directory forest of each customer.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
Which cmdlet should you run to achieve each requirement?
HOTSPOT
Your network contains an Active Directory forest named contoso.com. All servers run
Windows Server 2012 R2. The forest contains two servers.
The servers are configured as shown in the following table.
You prepare the forest to support Workplace Join and you enable the Device Registration
Service (DRS) on Server1.
You need to ensure that Workplace Join meets the following requirements:
Application access must be based on device claims.
Users who attempt to join their device to the workplace through Server2 must be prevented
from locking out their Active Directory account due to invalid credentials.
Which cmdlet should you run to achieve each requirement? To answer, select the cmdlet for
each requirement in the answer area.
What is the minimum number of objects that you should create to meet the requirements?
HOTSPOT
Your network contains an Active Directory forest named northwindtraders.com.
The client computers in the finance department run either Windows 8.1, Windows 8, or
Windows 7. All of the client computers in the marketing department run Windows 8.1.
You need to design a Network Access Protection (NAP) solution for northwindtraders.com
that meets the following requirements:
The client computers in the finance department that run Windows 7 must have a firewall
enabled and the antivirus software must be up-to-date.
The finance computers that run Windows 8.1 or Windows 8 must have automatic updating
enabled and the antivirus software must be up-to-date.
The client computers in the marketing department must have automatic updating enabled
and the antivirus software must be up-to-date.
If a computer fails to meet its requirements, the computers must be provided access to a
limited set of resources on the network.
If a computer meets its requirements, the computer must have full access to the network.
What is the minimum number of objects that you should create to meet the requirements?
To answer, select the appropriate number for each object type in the answer area.
What should you identify?
Your network contains the following roles and applications:
Microsoft SQL Server 2012
Distributed File System (DFS) Replication
Active Directory Domain Services (AD DS)
Active Directory Rights Management Services (AD RMS)
Active Directory Lightweight Directory Services (AD LDS)
You plan to deploy Active Directory Federation Services (AD FS).
You need to identify which deployed services or applications can be used as attribute stores
for the planned AD FS deployment.
What should you identify? (Each correct answer presents a complete solution. Choose all
that apply.)
What is the best approach to achieve the goal?
Your company plans to hire 100 sales representatives who will work remotely.
Each sales representative will be given a laptop that will run Windows 7. A corporate image
of Windows 7 will be applied to each laptop.
While the laptops are connected to the corporate network, they will be joined to the domain.
The sales representatives will not be local administrators.
Once the laptops are configured, each laptop will be shipped by courier to a sales
representative.
The sales representative will use a VPN connection to connect to the corporate network.
You need to recommend a solution to deploy the VPN settings for the sales representatives.
The solution must meet the following requirements:
Ensure that the VPN settings are the same for every sales representative.
Ensure that when a user connects to the VPN, an application named App1 starts.
What is the best approach to achieve the goal? More than one answer choice may achieve
the goal. Select the BEST answer.
What should you include in the recommendation?
Your company has 10,000 users located in 25 different sites.
All servers run Windows Server 2012. All client computers run either Windows 7 or Windows
8.
You need to recommend a solution to provide self-service password reset for all of the
users.
What should you include in the recommendation?
You need to ensure that all VPN connection requests are authenticated and authorized by either Server2 or Serv
Your network contains an Active Directory domain.
You plan to implement a remote access solution that will contain three servers that run
Windows Server 2012. The servers will be configured as shown in the following table.
Server1 will support up to 200 concurrent VPN connections.
You need to ensure that all VPN connection requests are authenticated and authorized by
either Server2 or Server3. The solution must ensure that the VPN connections can be
authenticated if either Server2 or Server3 fails.
What should you do?