Answer: A
Explanation: Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to.
Question No : 107 - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.
Solution: You enable split tunneling.
Does this meet the goal?
A. Yes B. No
Answer: A
Explanation: DirectAccess by default enables split tunneling. All traffic destined to the corpnet is sent over the DA IPsec tunnels, and all traffic destined for the Internet is sent directly to the Internet over the local interface. This prevents DA clients from bringing the corporate Internet connection to its knees.
is DA split tunneling really a problem? The answer is no.
Why? Because the risks that exist with VPNs, where the machine can act as a router between the Internet and the corporate network is not valid with DirectAccess. IPsec rules on the UAG server require that traffic be from an authenticated source, and all traffic between the DA client and server is protected with IPsec.
Thus, in the scenario where the DA client might be configured as a router, the source of the traffic isn’t going to be the DA client, and authentication will fail – hence preventing the type of routing that VPN admins are concerned about.
Reference: Why Split Tunneling is Not a Security Issue with DirectAccess
You manage an Active Directory Domain Services forest that contains a root domain named contoso.com and a child domain named branch.contoso.com. You have three servers named SRV01, SRV02, and SRV03. All servers run Windows Server 2012 R2.
SRV01 and SRV02 are domain controllers for the domain contoso.com. SRV03 is the domain controller for branch.contoso.com. User accounts and resources exist in both domains. All resources in branch.contoso.com are physically located in a remote branch office.
The remote branch office must be configured as Read-Only Domain Controller (RODC).
The solution must minimize the impact on users and the number of servers deployed in the branch office.
You need to configure the environment.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Question No : 108 DRAG DROP - (Topic 8)
Your network contains three servers named Server1, Server2, and Server3 that run Windows Server 2012. Server3 is connected to a disk storage array.
You need to ensure that Server1 can store files on the storage array. The solution must ensure that Server1 can access the storage as a local disk.
What should you configure on each server?
To answer, drag the appropriate configuration to the correct location in the answer area.
Each configuration may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.
Answer:
You manage a server named DA01 that has the DirectAccess feature configured. You deploy a new server named DA02. Both servers run Microsoft Windows Server 2012 R2.
Question No : 109 DRAG DROP - (Topic 8)
Question No : 110 DRAG DROP - (Topic 8)
You need to configure a Direct Access load-balanced cluster named WAP01 that contains servers DA01 and DA02.
How should you complete the relevant Windows PowerShell commands? To answer, drag the appropriate Windows PowerShell segment to the correct locations. Each Windows PowerShell segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Your network contains an Active Directory forest. The forest contains two Active Directory domains named contoso.com and child.contoso.com. The forest functional level is
Windows Server 2003. The functional level of both domains is Windows Server 2008.
The forest contains three domain controllers. The domain controllers are configured as shown in the following table.
Question No : 111 - (Topic 8)
DC1 and DC2 have the DNS Server server role installed and are authoritative for both contoso.com and child.contoso.com.
The child.contoso.com domain contains a server named serverl.child.contoso.com that runs Windows Server 2012.
You plan to deploy server1.child.contoso.com as a read-only domain controller (RODC).
You run the adprep.exe /rodcprep command on DC3 and receive the following error message:
You need to identify what prevents you from successfully running Adprep /rodcprep on DC3.
What should you identify?