HOTSPOT
Your network contains an Active Directory domain named contoso.com. The relevant servers in the
domain are configured as shown in the following table.
You plan to create a shared folder on Server1 named Share1. Share1 must only be accessed by users
who are using computers that are joined to the domain.
You need to identify which servers must be upgraded to support the requirements of Share1.
In the table below, identify which computers require an upgrade and which computers do not
require an upgrade. Make only one selection in each row. Each correct selection is worth one point.
Answer: 
Explanation:
There is new file server functionality in Windows Server 2012. The file server should be upgraded to
Windows Server 2012.
‘users who are using computers that are joined to the domain’ This requires DAC, not just NTFS. As Server1 is the file server, it will need to be upgraded to 2012 to use DAC
0
0
DAC requirements are:
-at least one 2012 or 2012R2 file server
-at least one 2012 or 2012R2 DC
-Windows 7 or higher clients
AND
Domain funct.level must be set to 2012 or higher.
According to these requirements,DC3 should also be upgraded.
0
0
I found it on official 70-412 book, but on Internet there are no such requirement. Strange…
0
0
Here is the explanation:
“For domains that support user claims, every domain controller running the supported versions of Windows server must be configured with the appropriate setting to support claims and compound authentication, and to provide Kerberos armoring. Configure settings in the KDC Administrative Template policy as follows:
Always provide claims Use this setting if all domain controllers are running the supported versions of Windows Server. In addition, set the domain functional level to Windows Server 2012 or higher.
Supported When you use this setting, monitor domain controllers to ensure that the number of domain controllers running the supported versions of Windows Server is sufficient for the number of client computers that need to access resources protected by Dynamic Access Control.”
So, domain functional level of 2012 is not obligatory, and provided answer is correct.
0
0
Always provide claims Use this setting if all domain controllers are running the supported versions of Windows Server. In addition, set the domain functional level to Windows Server 2012 or higher.
A file server running Windows Server 2012 or Windows Server 2012 R2 must have a Group Policy setting that specifies whether it needs to get user claims for user tokens that do not carry claims. This setting is set by default to Automatic, which results in this Group Policy setting to be turned On if there is a central policy that contains user or device claims for that file server. If the file server contains discretionary ACLs that include user claims, you need to set this Group Policy to On so that the server knows to request claims on behalf of users that do not provide claims when they access the server.
0
0
“Share1 must only be accessed by users who are using computers that are joined to the domain.”
Always provide claims, so DC3 and File server was required to upgrade, as you will need to raise the DFL to 2012 /higher too.
0
0
‘users who are using computers that are joined to the domain’ This requires DAC, not just NTFS.
DAC requirements are:
-at least one 2012 or 2012R2 file server
-at least one 2012 or 2012R2 DC
-Windows 7 or higher clients
AND
Domain funct.level must be set to 2012 or higher.
According to these requirements,DC3 should also be upgraded.
upgrade dc3 and server1
0
0
I don’t know why you think you should also raise dfl.
http://social.technet.microsoft.com/wiki/contents/articles/14269.introducing-dynamic-access-control.aspx
” Domain controller
The first requirement is a Windows Server 2012 domain controller. This new authorization and auditing mechanism requires extensions to Active Directory. These new extensions build Windows claim types, which is where Windows stores claims for an Active Directory forest. ”
also:
“Claim-based authorization and auditing does not have a forest functional or domain functional requirement. You can implement and configure claims with a mixture of Windows Server 2008 and 2008 R2 domain controllers provided the domain has an adequate number Windows Server 2012 domain controllers to support authentication requests that include claim information.”
and:
“File Server
The next requirement for claim-based authorization and auditing is a Windows Server 2012 file server. When a user connects to a file share, the file server performs an access check to the share using the credentials of the incoming connection. This means the file server determines access to share.”
So i’m sticking with provided answer.
0
0
supplied answer is correct. no requirement for DFL of 2012.
0
0