Your role of Network Administrator at ABC.com includes the management of the Active Directory
Domain Services (AD DS) domain named ABC.com. All servers on the network run Windows
Server 2012.
You plan to enable external users to connect to the network using a VPN connection.

You are deploying Network Access Protection to ensure system health compliance for users that
connect over a VPN connection.
You install a Windows Server 2012 computer named ABC-NAP1 and install the Network Policy
Server role. You want to configure ABC-NAP1 as a Network Access Protection (NAP) health
policy server for the VPN connections.
You run the Configure NAP wizard to create a VPN Enforcement policy. However, you are unable
to complete the wizard.
How can you ensure that you are able to complete the Configure NAP wizard to configure VPN
Enforcement?

Your role of Network Administrator at ABC.com includes the management of the Active Directory
Domain Services (AD DS) domain named ABC.com. The network includes servers that run
Windows Server 2012.
The company has a Production department and a Research department. Each department is a
separate subnet.
A Windows Server 2012 server named ABC-NPS1 and is configured as a Network Policy Server
(NPS) server. ABC-NPS1 also runs the DHCP server role and has a DHCP scope for the
Production subnet and the Research subnet.
You need to configure NPS to ensure that computers on the Production subnet that do not comply
with the NPS requirements receive a restrictive set of network policies. You also need to ensure
that computers on the Research subnet that do not comply with the NPS requirements receive a
more restrictive set of network policies than the non-compliant Production computers.
You configure policies to apply to NAP-Capable Computers.

How can you apply different restrictions to computer based on their subnet?

Your role of Network Administrator at ABC.com includes the management of the Active Directory
Domain Services (AD DS) domain named ABC.com. The network includes servers that run
Windows Server 2012.
You implement DirectAccess. You leave the connection name as the default when you run the
DirectAccess wizard.
You want to view the properties of a DirectAccess connection.
In the Networks window, what is the name of the DirectAccess connection?

Your role of Network Administrator at ABC.com includes the management of the Active Directory
Domain Services (AD DS) domain named ABC.com. All servers on the network run Windows
Server 2012.
Several Sales users spend most of their time away from the office.
You implement DirectAccess to enable the Sales users to connect to the network when they are

away from the office. All computers used by the Sales users are joined to the domain.
You create a DirectAccess client group named SalesDirectAccess and add all the computer
accounts for the Sales users’ computers to the SalesDirectAccess group.
Some Sales users report that they are unable to access the network using DirectAccess. Other
Sales report that they can connect successfully.
You discover that only users using laptop computers can connect using DirectAccess. Sales
users are unable to connect when they use desktop computers.
How can you enable all Sales users to access the network using DirectAccess?

You work for a company named ABC.com. The ABC.com network consists of a single Active
Directory forest named ABC.com. The forest contains a single Active Directory Domain Services
(AD DS) domain named ABC.com. All servers in the ABC.com domain run Windows Server 2012.
ABC.com works with a partner company named Redbridge Logistics. The Redbridge Logistics
network consists of a single Active Directory forest named RedbridgeLogistics.com. The forest
contains a single Active Directory Domain Services (AD DS) domain named
RedbridgeLogistics.com. All servers in the RedbridgeLogistics.com domain run Windows Server
2012.
A forest trust exists between the two forests. The two networks are connected by a WAN link.
A server named ABC-DNS1 hosts an Active Directory-integrated zone for ABC.com. A server
named RL-DNS1 hosts an Active Directory-integrated zone for RedbridgeLogistics.com
Users in the ABC.com domain need to be able to resolve names of servers in the
RedbridgeLogistics.com domain.

You need to configure a name resolution solution that will enable name resolution in the event of a
WAN link failure.
What should you do?

You work for a company named ABC.com. The ABC.com network consists of a single Active
Directory forest named ABC.com. The forest contains a single Active Directory Domain Services
(AD DS) domain named ABC.com. All servers in the ABC.com domain run Windows Server 2012.
ABC.com works with a partner company named Redbridge Logistics. The Redbridge Logistics
network consists of a single Active Directory forest named RedbridgeLogistics.com. The forest
contains a single Active Directory Domain Services (AD DS) domain named
RedbridgeLogistics.com. All servers in the RedbridgeLogistics.com domain run Windows Server
2012.
A forest trust exists between the two forests. The two networks are connected by a WAN link.
A server named ABC-DNS1 hosts an Active Directory-integrated zone for ABC.com. A server
named RL-DNS1 hosts an Active Directory-integrated zone for RedbridgeLogistics.com.
RedbridgeLogistics.com plans to install additional DNS servers for the RedbridgeLogistics.com
domain.
Users in the ABC.com domain need to be able to resolve names of servers in the
RedbridgeLogistics.com domain.
You need to configure a name resolution solution that will ensure that name resolution requests
are automatically forwarded to the new RedbridgeLogistics.com DNS servers when they are
installed.

What should you do?

Your role of Network Administrator at ABC.com includes the management of the Active Directory
Domain Services (AD DS) domain named ABC.com. All servers on the network run Windows
Server 2012.
The corporate Web site www.ABC.com is hosted on a Windows Server 2012 Web Server hosted
on the corporate network. A public IP address is mapped to the private IP address of the Web
Server to provide Internet access to the corporate Web site.
DirectAccess is enabled on the network using the default configuration to enable external users to
access resources on the corporate network when they are away from the office.
Company security policy states that all connections from outside the office to www.ABC.com must
come through the corporate firewall using the external IP address of the Web site.
How can you ensure that external users cannot connect to www.ABC.com using a DirectAccess
connection?

Your role of Network Administrator at ABC.com includes the management of the Active Directory
Domain Services (AD DS) domain named ABC.com. The network includes servers that run
Windows Server 2008 R2 Service Pack 1 (SP1) and Windows Server 2012.
The Organizational Unit (OU) structure includes top-level OUs for each office location. Each toplevel OU contains OUs for each company department. Each departmental OU contains the user
accounts of the users working in that department in the relevant location.
Many Group Policy Objects (GPOs) are applied at the site level, domain level and OU level.
A group named ABC-Managers contains the user accounts of company managers from each
department.
You configure a Group Policy Object (GPO) named ManagersGPO and link it to the domain. You
need to apply the ManagersGPO to the ABC-Managers group.
How can you ensure that the ManagersGPO applies only to the ABC-Managers group?

Your role of Network Administrator at ABC.com includes the management of the Active Directory
Domain Services (AD DS) domain named ABC.com. The network includes servers that run
Windows Server 2008 R2 Service Pack 1 (SP1) and Windows Server 2012.
The Organizational Unit (OU) structure includes top-level OUs for each office location. Each toplevel OU contains OUs for each company department. Each departmental OU contains the user
accounts of the users working in that department in the relevant location.
Many Group Policy Objects (GPOs) are applied at the site level, domain level and OU level.
You create an OU named TestOU inside one of the departmental OUs. You want to ensure that
no GPOs from the site level, domain level, location OU level or department OU level are applied to

objects within TestOU.
How can you quickly achieve this goal?

Your role of Network Administrator at ABC.com includes the management of the Active Directory
Domain Services (AD DS) domain named ABC.com. The network includes servers that run
Windows Server 2008 R2 Service Pack 1 (SP1) and Windows Server 2012.
The Organizational Unit (OU) structure includes top-level OUs for each office location. Each toplevel OU contains OUs for each company department. Each departmental OU contains the user
accounts of the users working in that department in the relevant location.
Many Group Policy Objects (GPOs) are applied at the site level, domain level and OU level.
You discover that two GPOs applied at the domain level do not have the desired effect. You need
to change the order in which the GPOs are applied.
How can you configure the order of precedence of the GPOs?