Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a child domain named east.contoso.com and the servers shown in the following table.
You need to create a folder for the Central Store to manage Group Policy template files for the entire forest.
What should you name the folder, and on which server should you create the folder? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Your on-premises network contains a single-domain Active Directory Domain Services (AD DS) forest. You have an Azure AD tenant named contoso.com. The AD DS forest syncs with the Azure AD tenant by using Azure AD Connect.
You need to ensure that users in the forest that have a custom attribute of NoSync are excluded from synchronization.
How should you configure the Azure AD Connect cloudFiltered attribute, and which tool should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a server named Server1 that runs Windows Server and contains two drives named C and D. Server1 hosts multiple file shares.
You enable Data Deduplication on drive D and select the General purpose file server workload.
You need to minimize the space consumed by files that were recently modified or deleted.
What should you do?
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the domain controllers shown in the following table.
You need to configure DC3 to be the authoritative time server for the domain.
Which operations master role should you transfer to DC3, and which console should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You create an organization unit (OU) that contains the client computers in the branch office. You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to the new OU.
Does this meet the goal?
You have a Group Policy Object (GPO) named GPO1 that contains user settings only.
You plan to apply GPO1 to a global security group named Group1.
You link GP01 to the domain, and you remove all the permissions granted to the Authenticated Users group.
You need to configure permissions for GP01 to meet the following requirements.
• GPO1 must apply only to the users in Group 1.
• The solution must use the principle of least privilege
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant Group writeback is enabled in Azure AD Connect.
The AD DS domain contains a server named Server1 Server 1 contains a shared folder named share1.
You have an Azure Storage account named storage2 that uses Azure AD-based access control. The storage2 account contains a share named shared
You need to create a security group that meets the following requirements:
• Can contain users from the AD DS domain
• Can be used to authorize user access to share 1 and share2
What should you do?
Your network contains an Active Directory domain named contoso.com. The domain contains the computers shown in the following table.
On Server3, you create a Group Policy Object (GPO) named GP01 and link GPOI to contoso.com. GP01 includes a shortcut preference named Shortcut1 that has item-level targeting configured as shown in the following exhibit.
To which computer will Shortcut1 be applied?
Your network contains a Active Directory Domain Service (AD DS) forest named contoso.com. The forest root domain contains a server named server1. contoso.com.
A two-way forest trust exists between the contoso.com forest and an AD DS forest named fabrikam.com. The fabrikam.com forest contains 10 child domains.
You need to ensure that only the members of a group named fabrikam\Group1 can authenticate to server1.contoso.com.
What should you do first?
You have an Azure subscription that contains the virtual networks shown in the following table.
You deploy a virtual machine named VM1 that runs Windows Server. VM1 is connected to Subnet11.
You plan to add an additional network interface named NIC1 to VM1.
To which subnets can NIC1 be attached?
Your company has a main office and a branch office. The two offices are connected by using a WAN link. Each office contains a firewall that filters WAN traffic.
The network in the branch office contains 10 servers that run Windows Server. All servers are administered from the main office only.
You plan to manage the servers in the branch office by using a Windows Admin Center gateway.
On a server in the branch office, you install the Windows Admin Center gateway by using the defaults settings.
You need to configure the firewall in the branch office to allow the required inbound connection to the Windows Admin Center gateway.
Which inbound TCP port should you allow?
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the offices shown in the following table.
You need to deploy a Network Policy Server (NPS) named NPS1 to enforce network access policies for all remote connections.
What is the minimum number of RADIUS clients that you should add to NPS1?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are planning the deployment of DNS to a new network.
You have three internal DNS servers as shown in the following table.
The contoso.local zone contains zone delegations for east.conloso.local and west.contoso.local. All the DNS servers use root hints.
You need to ensure that all the DNS servers can resolve the names of all the internal namespaces and internet hosts.
Solution: On Server2 and Server3, you configure a conditional forwarder for contoso.local.
Does this meet the goal?
Task 9
You need to ensure that all the computers in the domain use DNSSEC to resolve names in the adatum.com zone.
Task 3
You need to configure SRV1 as a DNS server. SRV1 must be able resolve names from the contoso.com domain by using DC1. All other names must be resolved by using the root hint servers.
Task 1
You need to create a group-managed service account (gMSA) named gMSA1 and make gMSA1 available on SRV1.
Task 12
You need to create a Group Policy Object (GPO) named GPO1 that only applies to a group named MemberServers.
Task 10
You need to configure Hyper-V to ensure that running virtual machines can be moved between SRV1 and SRV2 without downtime.
You do NOT need to move any virtual machines at this time.
Task 8
You need to deploy a new primary DNS zone named fabrikam.com to DC1. The zone must be signed.
Task 5
You have an application that is copied to a folder named C:\app on SRV1. C:\app also contains also a Dockerfile for the app.
On SRV1. you need to create a container image for the application by using the Dockerfile. The container image mutt be named app1.
Task 10
You use a Group Policy preference to map \\dd.contoso.com\instal1 as drive H for all users. If a user already has an existing drive mapping for H. the new drive mapping must take precedence.
Task 7
You need to collect the recommended Windows Performance Counters from SRV1 in a Log Analytics workspace.
The required tiles are stored in a shared folder named \dc\install.
Task 9
You plan to create group managed service accounts (gMSAs).
You need to configure the domain to support the creation of gMSAs.
Task 2
You need to ensure that you can manage SRV1 remotely by using PowerShell
Task 6
You need to ensure that you can manage DC1 by using Windows Admin Center on SRV1.
The required source files are located in a folder named \\dc1.contoso.com\install.
Task 8
You need to create an Active Directory Domain Services (AD DS) site named Site2 that is associated to an IP address range of 192.168.2.0 to 192.168.2.255.
DC1 fails.
You need to meet the technical requirements for the schema master.
Yourunntdsutil.exe.
Which five commands should you run in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order?
You need to ensure that VM3 meets the technical requirements.
What should you install first?
You need to ensure that data availability on SSPace1 meets the technical requirements.
What is the maximum number of physical disks that can fail on each disk? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to ensure that access to storage1 for the Marketing OU users meets the technical requirements.
What should you implement?
You need to implement the planned changes for Microsoft Entra users to sign in to Server1.
Which PowerShell cmdlet should you run?
You need to ensure that Automanage meets the technical requirements.
On which Azure virtual machines should you enable Automanage?
Which two languages can you use for Task1? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
You need to implement the planned changes for the Azure DNS Private Resolver.
Which private DNS zones can you use for name resolution?
You need to implement the planned change for Data1.
Which actions should you perform in sequence? To answer, drag the appropriate actions to the correct order. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You need to meet technical requirements for HyperV1.
Which command should you run? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to meet the technical requirements for Server1. Which users can currently perform the required tasks?
You need to meet the technical requirements for VM3
On which volumes can you enable Data Deduplication?
You need to meet the technical requirements for VM2.
What should you do?
What should you implement for the deployment of DC3?
You need to implement a name resolution solution that meets the networking requirements. Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point
You need to configure remote administration to meet the security requirements. What should you use?
You are planning the implementation Azure Arc to support the planned changes. You need to configure the environment to support configuration management policies. What should you do?
You need to configure Azure File Sync to meet the file sharing requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.
Which three actions should you perform in sequence to meet the security requirements for Webapp1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to implement an availability solution for DHCP that meets the networking requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to meet the security requirements for passwords.
Where should you configure the components for Azure AD Password Protection? lo answer, drag the appropriate components to the correct locations. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE Each correct selection is worth one point.
You need to configure the Group Policy settings to ensure that the Azure Virtual Desktop session hosts meet the security requirements. What should you configure?
You need to configure network communication between the Seattle and New York offices. The solution must meet the networking requirements.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.