[Free] 2018(June) Dumps4cert Microsoft 70-768 Dumps with VCE and PDF Download 1-10

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 May Microsoft Official New Released 70-768
100% Free Download! 100% Pass Guaranteed!

Configuring Advanced Windows Server 2012 R2 Services

Question No: 1 – (Topic 1)

Your network contains an Active directory forest named contoso.com. The forest contains two child domains named east.contoso.com and west.contoso.com.

You install an Active Directory Rights Management Services (AD RMS) cluster in each child domain.

You discover that all of the users in the contoso.com forest are directed to the AD RMS cluster in east.contoso.com.

You need to ensure that the users in west.contoso.com are directed to the AD RMS cluster in west.contoso.com and that the users in east.contoso.com are directed to the AD RMS cluster in east.contoso.com.

What should you do?

  1. Modify the Service Connection Point (SCP).

  2. Configure the Group Policy object (GPO) settings of the users in the west.contoso.com domain.

  3. Configure the Group Policy object (GPO) settings of the users in the east.contoso.com domain.

  4. Modify the properties of the AD RMS cluster in west.contoso.com.

Answer: B Explanation:

The west.contoso.com are the ones in trouble that need to be redirected to the west.contoso.com not the east.contoso.com.

Note: It is recommended that you use GPO to deploy AD RMS client settings and that you only deploy settings as needed.

Reference: AD RMS Best Practices Guide

Question No: 2 – (Topic 1)

Your network contains an Active Directory domain named contoso.com.

A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS).

After the proof of concept was complete, the Active Directory Rights Management Services server role was removed.

You attempt to deploy AD RMS.

During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found.

You need to remove the existing AD RMS SCP. Which tool should you use?

  1. Active Directory Users and Computers

  2. Authorization Manager

  3. Active Directory Domains and Trusts

  4. Active Directory Sites and Services

  5. Active Directory Rights Management Services

    Answer: E Explanation:

    ADRMS will registered the Service Connection Point (SCP) in Active Directory and you will need to unregister first before you remove the ADRMS server role.

    If your ADRMS server is still alive, you can easily manually remove the SCP by below:

    Ensurepass 2018 PDF and VCE

    http://www.rickygao.com/wp-content/uploads/2013/08/080513_1308_Howtomanual1.png

    Ensurepass 2018 PDF and VCE

    http://www.rickygao.com/wp-content/uploads/2013/08/080513_1308_Howtomanual2.png Reference: How to manually remove or reinstall ADRMS

    Question No: 3 HOTSPOT – (Topic 1)

    Your network contains an Active Directory domain named contoso.com.

    You have a failover cluster named Cluster1 that contains two nodes named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role

    installed.

    You plan to create two virtual machines that will run an application named App1. App1 will store data on a virtual hard drive named App1data.vhdx. App1data.vhdx will be shared by both virtual machines.

    The network contains the following shared folders:

    ->An SMB file share named Share1 that is hosted on a Scale-Out File Server.

    ->An SMB file share named Share2 that is hosted on a standalone file server.

    ->An NFS share named Share3 that is hosted on a standalone file server.

    You need to ensure that both virtual machines can use App1data.vhdx simultaneously.

    What should you do?

    To answer, select the appropriate configurations in the answer area.

    Ensurepass 2018 PDF and VCE

    Ensurepass 2018 PDF and VCE

    Answer:

    Ensurepass 2018 PDF and VCE

    Explanation:

    Ensurepass 2018 PDF and VCE

    Explanation/Reference:

    • Simultaneous access to vhd can only be done by scale-out file server

    • Create your VHDX data files to be shared as fixed-size or dynamically expanding, on the disk where you manually attached the Shared VHDX filter. Old VHD files are not allowed. Differencing disks are not allowed.

    Question No: 4 DRAG DROP – (Topic 1)

    Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2.

    All domain user accounts have the Division attribute automatically populated as part of the user provisioning process. The Support for Dynamic Access Control and Kerberos

    armoring policy is enabled for the domain.

    You need to control access to the file shares on Server1 based on the values in the Division attribute and the Division resource property.

    Which three actions should you perform in sequence?

    Ensurepass 2018 PDF and VCE

    Answer:

    Ensurepass 2018 PDF and VCE

    Explanation:

    Ensurepass 2018 PDF and VCE

    • First create a claim type for the property, then create a reference resource property that points back to the claim. Finally set the classification value on the folder.

    • Configure the components and policy

      1. Create claim types

      2. Create resource properties

        Deploy the central access policy

      3. Assign the CAP to the appropriate shared folders on the file server.

        Question No: 5 – (Topic 1)

        You have a server named Server1 that runs Windows Server 2012 R2.

        When you install a custom Application on Server1 and restart the server, you receive the following error message: quot;The Boot Configuration Data file is missing some required information.

        File: \Boot\BCD

        Error code: 0x0000034.quot;

        You start Server1 by using Windows RE.

        You need to ensure that you can start Windows Server 2012 R2 on Server1. Which tool should you use?

        1. Bootsect

        2. Bootim

        3. Bootrec

        4. Bootcfg

          Answer: C Explanation:

    • Bootrec.exe tool to troubleshoot quot;Bootmgr Is Missingquot; issue. The /ScanOs option scans all disks for installations that are compatible with Windows Vista or Windows 7.

      Additionally, this option displays the entries that are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not list.

    • Error code 0x0000034 while booting. Resolution:

        1. Put the Windows Windows 7 installation disc in the disc drive, and then start the computer.

        2. Press any key when the message indicating quot;Press any key to boot from CD or DVD …quot;. appears.

        3. Select a language, time, currency, and a keyboard or another input method. Then click Next.

        4. Click Repair your computer.

        5. Click the operating system that you want to repair, and then click Next.

        6. In the System Recovery Options dialog box, click Command Prompt.

        7. Type Bootrec /RebuildBcd, and then press ENTER.

          Incorrect:

          Not A. Bootsect.exe updates the master boot code for hard disk partitions to switch between BOOTMGR and NTLDR. You can use this tool to restore the boot sector on your computer. This tool replaces FixFAT and FixNTFS.

          Not D. The bootcfg command is a Microsoft Windows Server 2003 utility that modifies the Boot.ini file.

          Reference: Bootsect Command-Line Options http://technet.microsoft.com/en-us/library/cc749177(v=ws.10).aspx http://support.microsoft.com/kb/927392/en-us

          http://answers.microsoft.com/en-us/windows/forum/windows_7-system/error-code- 0x0000034-in-windows-7/4dcb8d38-a206-40ed-bced-55e4a4de9bf2

          Question No: 6 – (Topic 1)

          Your network contains a perimeter network and an internal network. The internal network contains an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store.

          You plan to deploy a federation server proxy to a server named Server2 in the perimeter network.

          You need to identify which value must be included in the certificate that is deployed to Server2.

          What should you identify?

          1. The FQDN of the AD FS server

          2. The name of the Federation Service

          3. The name of the Active Directory domain

          4. The public IP address of Server2

            Answer: A Explanation:

            To add a host (A) record to corporate DNS for a federation server On a DNS server for the corporate network, open the DNS snap-in.

            1. In the console tree, right-click the applicable forward lookup zone, and then click New Host (A).

            2. In Name, type only the computer name of the federation server or federation server cluster (for example, type fs for the fully qualified domain name (FQDN) fs.adatum.com).

            3. In IP address, type the IP address for the federation server or federation server cluster (for example, 192.168.1.4).

            4. Click Add Host.

              Reference: Add a host (A) record to corporate DNS for a federation server http://technet.microsoft.com/en-us/library/cc776786(v=ws.10).aspx

              Question No: 7 – (Topic 1)

              You create a new virtual disk in a storage pool by using the New Virtual Disk Wizard. You discover that the new virtual disk has a write-back cache of 1 GB.

              You need to ensure that the virtual disk has a write-back cache of 5 GB. What should you do?

              1. Detach the virtual disk, and then run the Resize-VirtualDisk cmdlet.

              2. Detach the virtual disk, and then run the Set-VirtualDisk cmdlet.

              3. Delete the virtual disk, and then run the New-StorageSubSystemVirtualDisk cmdlet.

              4. Delete the virtual disk, and then run the New-VirtualDisk cmdlet.

Answer: D Explanation:

So what about changing the cache size? Well, you can#39;t modify the cache size, but you can specify it at the time that you create a new virtual hard disk. In order to do so, you have to use Windows PowerShell.

New-VirtualDisk -StoragePoolFriendlyName quot;lt;storage pool namegt;quot; -FriendlyName quot;lt;v Reference: Using Windows Server 2012#39;s SSD Write-Back Cache

Question No: 8 HOTSPOT – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured.

For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll the smart card certificates for the users.

You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent.

Which setting should you modify? To answer, select the appropriate setting in the answer area.

Ensurepass 2018 PDF and VCE

Answer:

Ensurepass 2018 PDF and VCE

Explanation:

Ensurepass 2018 PDF and VCE

/ In application policy drop-down list select Certificate Request Agent.

/ The Issuance Requirements Tab

* Application policy. This option specifies the application policy that must be included in the signing certificate used to sign the certificate request. It is enabled when Policy type required in signature is set to either Application policy or Both application and issuance policy.

Question No: 9 – (Topic 1)

Your network contains two DNS servers named DNS1 and DNS2 that run Windows Server 2012 R2.

DNS1 has a primary zone named contoso.com. DNS2 has a secondary copy of the contoso.com zone.

You need to log the zone transfer packets sent between DNS1 and DNS2. What should you configure?

  1. Monitoring from DNS Manager

  2. Logging from Windows Firewall with Advanced Security

  3. A Data Collector Set (DCS) from Performance Monitor

  4. Debug logging from DNS Manager

Answer: D Explanation:

Debug logging allows you to log the packets sent and received by a DNS server. Debug logging is disabled by default, and because it is resource intensive, you should only activate it temporarily when you need more specific detailed information about server performance.

Reference: Active Directory 2008: DNS Debug Logging Facts.

Question No: 10 – (Topic 1)

Your network contains two Active Directory forests named contoso.com and adatum.com.

Contoso.com contains one domain. Adatum.com contains a child domain named child.adatum.com.

Contoso.com has a one-way forest trust to adatum.com. Selective authentication is enabled on the forest trust.

Several user accounts are migrated from child.adatum.com to adatum.com.

Users report that after the migration, they fail to access resources in contoso.com. The users successfully accessed the resources in contoso.com before the accounts were migrated.

You need to ensure that the migrated users can access the resources in contoso.com. What should you do?

  1. Replace the existing forest trust with an external trust.

  2. Run netdom and specify the /quarantine attribute.

  3. Disable SID filtering on the existing forest trust.

  4. Disable selective authentication on the existing forest trust.

Answer: C Explanation:

Security Considerations for Trusts

Need to gain access to the resources in contoso.com

Disabling SID Filter Quarantining on External Trusts

Although it reduces the security of your forest (and is therefore not recommended), you can disable SID filter quarantining for an external trust by using the Netdom.exe tool. You should consider disabling SID filter quarantining only in the following situations:

  • Users have been migrated to the trusted domain with their SID histories preserved, and you want to grant them access to resources in the trusting domain based on the SID history attribute.

    Etc.

    Incorrect:

    Not B. Enables administrators to manage Active Directory domains and trust relationships from the command prompt, /quarantine Sets or clears the domain quarantine.

    Not D. Selective authentication over a forest trust restricts access to only those users in a trusted forest who have been explicitly given authentication permissions to computer objects (resource computers) that reside in the trusting forest.

    Reference: Security Considerations for Trusts http://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx

    100% Dumps4cert Free Download!
    Download Free Demo:70-768 Demo PDF
    100% Dumps4cert Pass Guaranteed!
    Download 2018 Dumps4cert 70-768 Full Exam PDF and VCE

    Dumps4cert ExamCollection Testking
    Lowest Price Guarantee Yes No No
    Up-to-Dated Yes No No
    Real Questions Yes No No
    Explanation Yes No No
    PDF VCE Yes No No
    Free VCE Simulator Yes No No
    Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.