Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug Microsoft Official New Released 70-414
100% Free Download! 100% Pass Guaranteed!

Implementing an Advanced Server Infrastructure

Question No: 71 – (Topic 7)

An organization uses an Active Directory Rights Management Services (AD RMS) cluster named RMS1 to protect content for a project. You uninstall AD RMS when the project is complete. You need to ensure that the protected content is still available after AD RMS is uninstalled.

Solution: You enable the decommissioning service by using the AD RMS management console. You grant all users the Read amp; Execute permission to the decommission pipeline.

Does this meet the goal?

  1. Yes

  2. No

Answer: B Explanation:

The proper procedure is:

->Inform your users that you are decommissioning the AD RMS installation and advise them to connect to the cluster to save their content without AD RMS protection. Alternatively, you could delegate a trusted person to decrypt all rights- protected content by temporarily adding that person to the AD RMS super users

group.

->After you believe that all of the content is unprotected and saved, you should export the server licensor certificate, and then uninstall AD RMS from the server.

Question No: 72 – (Topic 7)

You plan to allow users to run internal applications from outside the company’s network. You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS) role installed. You must secure on-premises resources by using multi-factor authentication (MFA). You need to design a solution to enforce different access levels for users with personal Windows 8.1 or iOS 8 devices.

Solution: You install a local instance of MFA Server. You connect the instance to the Microsoft Azure MFA provider, and then run the following Windows PowerShell cmdlet.

Enable-AdfsDeviceRegistration

Does this meet the goal?

  1. Yes

  2. No

Answer: B Explanation:

We must install AD FS Adapter, not register a host for the Device Registration Service. Note: The Enable-AdfsDeviceRegistration cmdlet configures a server in an Active Directory Federation Services (AD FS) farm to host the Device Registration Service.

Reference: Using Multi-Factor Authentication with Windows Server 2012 R2 AD FS https://msdn.microsoft.com/en-us/library/azure/dn807157.aspx

Question No: 73 – (Topic 7)

A company has data centers in Seattle and New York. A high-speed link connects the data centers. Each data center runs a virtualization infrastructure that uses Hyper-V Server 2012 and Hyper-V Server 2012 R2. Administrative users from the Seattle and New York offices are members of Active Directory Domain Services groups named SeattleAdmins and NewYorkAdmins, respectively.

You deploy one System Center Virtual Machine Manager (SCVMM) in the Seattle data center. You create two private clouds named SeattleCloud and NewYorkCloud in the Seattle and New York data centers, respectively.

You have the following requirements:

->Administrators from each data center must be able to manage the virtual machines and services from their location by using a web portal.

->Administrators must not apply new resource quotas or change resource quotas.

->You must manage public clouds by using the existing SCVMM server.

->You must use the minimum permissions required to perform the administrative tasks.

You need to configure the environment. What should you do?

  1. For both the Seattle and New York admin groups, create a User Role and assign it to the Application Administrator profile. Add the Seattle and New York private clouds to the corresponding User Role.

  2. For both the Seattle and New York admin groups, create a User Role and assign it to the Tennant Administrator profile. Add the Seattle and New York private clouds to the corresponding User Role.

  3. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of each Hyper-V host in Seattle and New York, respectively.

  4. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of the SCVMM server.

Answer: A Explanation:

Members of the Application Administrator (Self-Service User) ole can create, deploy, and manage their own virtual machines and services by using the VMM console or a Web portal.

Question No: 74 – (Topic 7)

You administer an Active Directory Domain Services environment. There are no certification authorities (CAs) in the environment.

You plan to implement a two-tier CA hierarchy with an offline root CA.

You need to ensure that the issuing CA is not used to create additional subordinate CAs. What should you do?

  1. In the CAPolicy.inf file for the issuing CA, enter the following constraint: PathLength=1

  2. In the CAPolicy.inf file for the root CA, enter the following constraint: PathLength=1

  3. In the CAPolicy.inf file for the root CA, enter the following constraint: PathLength=2

  4. In the CAPolicy.inf file for the issuing CA, enter the following constraint: PathLength=2

Answer: B Explanation:

You can use the CAPolicy.inf file to define the PathLength constraint in the Basic Constraints extension of the root CA certificate. Setting the PathLength basic constraint allows you to limit the path length of the CA hierarchy by specifying how many tiers of subordinate CAs can exist beneath the root. A PathLength of 1 means there can be at most one tier of CAs beneath the root. These subordinate CAs will have a PathLength basic constraint of 0, which means that they cannot issue any subordinate CA certificates.

Reference: Windows Server 2008 R2 CAPolicy.inf Syntax

http://blogs.technet.com/b/askds/archive/2009/10/15/windows-server-2008-r2-capolicy-inf- syntax.aspx

Question No: 75 – (Topic 7)

Your network contains an Active Directory domain named contoso.com.

You currently have an intranet web site that is hosted by two Web servers named Web1 and Web2. Web1 and Web2 run Windows Server 2012.

Users use the name intranet.contoso.com to request the web site and use DNS round robin.

You plan to implement the Network Load Balancing (NLB) feature on Web1 and Web2. You need to recommend changes to the DNS records for the planned implementation. What should you recommend?

  1. Delete one of the host (A) records named Intranet. Modify the remaining host (A) record named Intranet.

  2. Delete both host (A) records named Intranet. Create a pointer (PTR) record for each Web server.

  3. Create a new host (A) record named Intranet. Remove both host (A) records for Web1 and Web2.

  4. Create a service locator (SRV) record. Map the SRV record to Intranet.

Answer: A

Reference: How to Configure Network Load Balancing for Configuration Manager Site Systems

https://technet.microsoft.com/en-us/library/bb633031.aspx

Question No: 76 – (Topic 7)

Your network contains an Active Directory domain named contoso.com.

Your company has an enterprise root certification authority (CA) named CA1.

You plan to deploy Active Directory Federation Services (AD FS) to a server named Server1.

The company purchases a Microsoft Office 365 subscription.

You plan to register the company#39;s SMTP domain for Office 365 and to configure single sign-on for all users.

You need to identify which certificate is required for the planned deployment. Which certificate should you identify?

  1. a server authentication certificate that is issued by a trusted third-party root CA and that contains the subject name serverl.contoso.com

  2. a self-signed server authentication certificate for server1.contoso.com

  3. a server authentication certificate that is issued by a trusted third-party root CA and that contains the subject name Server1

  4. a server authentication certificate that is issued by CA1 and that contains the subject name Server1

Answer: A Explanation:

Prepare Your Server and Install ADFS

You can install ADFS on a domain controller or another server. You’ll first need to configure a few prerequisites. The following steps assume you’re installing to Windows Server 2008 R2.

Using Server Manager, install the IIS role and the Microsoft .NET Framework. Then purchase and install a server-authentication certificate from a public certificate authority. Make sure you match the certificate’s subject name with the Fully Qualified Domain Name of the server. Launch IIS Manager and import that certificate to the default Web site.

Reference: Geek of All Trades: Office 365 SSO: A Simplified Installation Guide https://technet.microsoft.com/en-us/magazine/jj631606.aspx

Question No: 77 – (Topic 7)

You need to automatically restart the appropriate web service on DETCRL01 and CHICRL01 if the web service is stopped.

Solution: You create a diagnostic task in SCOM and configure it to start the Server service.

Does this meet the goal?

  1. Yes

  2. No

Answer: B Explanation:

It is not the Server service that needs to be restarted. The Internet Information Services (IIS) World Wide Web Publishing Service (W3SVC), which manages the HTTP protocol and HTTP performance counters, needs to be restarted.

Reference: IIS World Wide Web Publishing Service (W3SVC) https://technet.microsoft.com/en-us/library/cc734944(v=ws.10).aspx

Question No: 78 – (Topic 7)

You have a small Hyper-V cluster built on two hosts that run Windows Server 2012 R2 Hyper-V. You manage the virtual infrastructure by using System Center Virtual Machine Manager 2012.

Distributed Key Management is not installed. You have the following servers in the environment:

Dumps4Cert 2018 PDF and VCE

You have the following requirements:

->You must back up virtual machines at the host level.

->You must be able to back up virtual machines that are configured for live migration.

->You must be able to restore the entire VMM infrastructure.

You need to design and implement the backup plan. What should you do?

  1. Run the following Windows PowerShell command:

    Get-VM VMM1 | Checkpoint-VM-SnapshotName “VMM backup”

  2. Run the following Windows PowerShell command:

    Set-DPMGlobalProperty-DPMServerName DPM1-KnownVMMServers VMM1

  3. Configure System State Backup for DCL.

  4. Configure backup for all disk volumes on FILESERVER1

Answer: B Explanation:

DPM can protect Hyper-V virtual machines V during live migration.

Connect servers-Run the the Set-DPMGlobalProperty PowerShell command to connect all the servers that are running Hyper-V to all the DPM servers. The cmdlet accepts multiple DPM server names.

Set-DPMGlobalProperty -dpmservername lt;dpmservernamegt; -knownvmmservers

lt;vmmservernamegt;

Reference: Set up protection for live migration https://technet.microsoft.com/en-us/library/jj656643.aspx

Question No: 79 – (Topic 7)

You need to automatically restart the appropriate web service on DETCRL01 and CHICRL01 if the web service is stopped.

Solution: You create a recovery task in SCOM and configure it to start the World Wide Web publishing service.

Does this meet the goal?

  1. Yes

  2. No

Answer: A Explanation:

The Internet Information Services (IIS) World Wide Web Publishing Service (W3SVC), sometimes referred to as the WWW Service, manages the HTTP protocol and HTTP performance counters.

The following is a list of the managed entities that are included in this managed entity:

  • IIS Web Site

    An Internet Information Services (IIS) Web site is a unique collection of Web pages and Web applications that is hosted on an IIS Web server. Web sites have bindings that consist of a port number, an IP address, and an optional host name or names.

  • Active Server Pages (ASP) Active Server Pages (ASP)

Reference: IIS World Wide Web Publishing Service (W3SVC) https://technet.microsoft.com/en-us/library/cc734944(v=ws.10).aspx

Question No: 80 DRAG DROP – (Topic 7)

You need to delegate permissions for DETCA01.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Dumps4Cert 2018 PDF and VCE

Answer:

Dumps4Cert 2018 PDF and VCE

100% Dumps4cert Free Download!
70-414 PDF
100% Dumps4cert Pass Guaranteed!
70-414 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.