PrepAway - Latest Free Exam Questions & Answers

What should you deploy?

A company has Active Directory Domain Services (AD DS) domain controllers that run on Windows Server 2012 R2 servers.
There are two forests, and each has a single domain.
There is a two-way forest trust between the forests.
The company uses Hyper-V for server virtualization.
The Hyper-V environment contains the Hyper-V host servers as shown in the following table:

You prepare to deploy System Center 2012 R2 Data Protection Manager (DPM) to back up the Hyper-V environment.
The deployment must meet the following requirements:-Ensure that all Hyper-V servers can be backed up from a minimum of two DPM servers.
-Minimize the total number of DPM servers.
You need to deploy DPM to the environment.
What should you deploy?

PrepAway - Latest Free Exam Questions & Answers

A.
four DPM servers in the internal network and two DPM servers in the perimeter network

B.
two DPM servers in the internal network and one DPM server in the perimeter network

C.
two DPM servers in the internal network only

D.
two DPM servers in the internal network and two DPM servers in the perimeter network

Explanation:
Requirements:
-Ensure that all Hyper-V servers can be backed up from a minimum of two DPM servers.
-Minimize the total number of DPM servers.
answer is C, you don’t need a dpm server in an untrusted domain
Certificate-Based Protection
While most machines in an enterprise are joined to a domain, there are often situations where you have to protect computers in untrusted domains or workgroup
situations (perimeter network). DPM 2010 protected these workloads with local accounts and Windows NT LAN Manager (NTLM) authentication. Due to
weaknesses in NTLM and the hassle of local account management and auditing, this wasn’t a great solution.
DPM 2012 brings certificate-based authentication to bear on the following workloads: File Server, Hyper-V and SQL Server in both standalone and clustered
configurations. You can also use certificate-based authentication on a secondary DPM 2012 server for disaster recovery to protect data sources in a non-trusted
domain when the primary DPM 2012 server fails. The two DPM 2012 servers need to be in the same or trusted domains. The only data sources that support
certificate-based protection that are missing from this lineup are Exchange, SharePoint and Bare-Metal Recovery/System State.
You’ll need an internal certificate authority for the certificates, as they can’t be self-signed. There are several steps in getting it all up and running. First, generate a
certificate for each DPM 2012 server. Then import that certificate to each server and enable certificate-based protection. Each server you want to protect must also
have the DPM 2012 agent installed. When a certificate is about to expire, DPM 2012 will warn you 30 days in advance. It will also issue a critical warning the day
before the certificate expires.
http://technet.microsoft.com/en-us/magazine/jj554308.aspx


Leave a Reply