You need to implement the planned changes for the Azure DNS Private Resolver.
Which private DNS zones can you use for name resolution?
Which two languages can you use for Task1? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
You need to ensure that access to storage1 for the Marketing OU users meets the technical requirements.
What should you implement?
You need to ensure that Automanage meets the technical requirements.
On which Azure virtual machines should you enable Automanage?
You need to ensure that VM3 meets the technical requirements.
What should you install first?
You need to implement the planned changes for Microsoft Entra users to sign in to Server1.
Which PowerShell cmdlet should you run?
You need to ensure that data availability on SSPace1 meets the technical requirements.
What is the maximum number of physical disks that can fail on each disk? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Task 1
You need to create a group-managed service account (gMSA) named gMSA1 and make gMSA1 available on SRV1.
Task 7
You need to monitor the security configuration of DC1 by using Microsoft Defender for Cloud.
The required source files are located in a folder named \\dc1.contoso.com\install.
Task2
You need to ensure that the Azure file share named share1 can sync to on-premises servers.
The required source files are located in a folder named \\dc1.contoso.com\install.
You do NOT need to specify the on-premises servers at this time.
You need to configure the Group Policy settings to ensure that the Azure Virtual Desktop session hosts meet the security requirements. What should you configure?
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant The on-premises network is connected to Azure by using a Site-to-Site VPN. You have the DNS zones shown in the following table.
You need to ensure that names from (aDiifcam.com can be resolved from the on-premises network Which two actions should you perform? Each correct answer presents part of the solution, NOTE: Each correct selection Is worth one point
Your network contains a Active Directory Domain Service (AD DS) forest named contoso.com. The forest root domain contains a server named server1. contoso.com.
A two-way forest trust exists between the contoso.com forest and an AD DS forest named fabrikam.com. The fabrikam.com forest contains 10 child domains.
You need to ensure that only the members of a group named fabrikam\Group1 can authenticate to server1.contoso.com.
What should you do first?
You have an Active Directory Domain Services (AD DS) domain that contains the domain controllers shown in the following table.
The domain contains an app named App1 that uses a custom application partition to store configuration data.
You decommission App1.
When you attempt to remove the custom application partition, the process fails.
Which domain controller is unavailable?
Your network contains two Active Directory forests and a domain trust as shown in the following exhibit.
The domain trust has the following configurations:
• Name: adatum.com
• Type: External
• Direction: One-way. outgoing
• Outgoing trust authentication level: Domain-wide authentication
The forests contain the network shares shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have a server named Server1.
You plan to use Storage Spaces to expand the storage available to Server1. You attach eight physical disks to Server1. Four disks are HDDs and four are SSDs.
You need to create a volume on Server1 that will use the storage on all the new disks. The solution must provide the fastest read performance for frequently used files.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Active Directory domain that contains a file server named Server1. Server1 runs Windows Server and includes the file shares shown in the following table.
When users login to the network they receive the following network drive mappings.
• H: maps to Wserver1\users\%UserName%
• G: maps to \\server1\%Department%
You need to limit the amount of space consumed by user's on Server!. The solution must meet the following requirements:
• Prevent users using more than 5GB of space on their H: drive
• Prevent Accounts department users from using more than 10GB of space on the G: drive
• Prevent Marketing department users from using more than 15GB of space on the G: drive
• Prevent Customer Service department users from using more than 2GB of space on the G: drive
• Minimize administrative effort
What should you use?
Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains the servers shown in the following table.
The domain controllers do NOT have internet connectivity.
You plan to implement Azure AD Password Protection for the domain.
You need to deploy Azure AD Password Protection agents. The solution must meet the following requirements:
• All Azure AD Password Protection policies must be enforced.
• Agent updates must be applied automatically.
• Administrative effort must be minimized.
What should you do? To answer select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant
You have several Windows 10 devices that are Azure AD hybrid-joined.
You need to ensure that when users sign in to the devices, they can use Windows Hello for Business.
Which optional feature should you select in Azure AD Connect?
You have two servers that have the Hyper-V server role installed. The servers are joined to a failover cluster both servers can connect to the same disk on an iSCSi storage device. You plan to use the iSCSI storage to store highly available Hyper-V virtual machines that will support live migration functionality. You need to configure a storage resource in the failover cluster to store the virtual machines.
What should you configure?
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains two servers named Server1 and Server2.
Server1 contains a disk named Disk2. Disk2 contains a folder named UserData. UserData is shared to the Domain Users group. Disk2 is configured for deduplication. Server1 is protected by using Azure Backup.
Server1 fails.
You connect Disk2 to Server2.
You need to ensure that you can access all the files on Disk2 as quickly as possible.
What should you do?
You have an on-premises server named Server1 that runs Windows Server. Server1 contains an app named App1 and a firewall named Firewall1.
You have an Azure subscription.
Internal users connect to App1 by using WebSockets.
You need to make App1 available to users on the internet. The solution must minimize the number of inbound ports open on Firewall 1.
What should you include in the solution?
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From a command prompt, you run netdom.exe query fsmo.
Does this meet the goal?
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three domains. Each domain contains 10 domain controllers.
You plan to store a DNS zone in a custom Active Directory partition.
You need to create the Active Directory partition for the zone. The partition must replicate to only four of the domain controllers.
What should you use?
You need to meet the technical requirements for User1. The solution must use the principle of least privilege.
What should you do?
You need to meet the technical requirements for Server4.
Which cmdlets should you run on Server1 and Server4? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to meet the security requirements for passwords.
Where should you configure the components for Azure AD Password Protection? lo answer, drag the appropriate components to the correct locations. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE Each correct selection is worth one point.
You need to configure network communication between the Seattle and New York offices. The solution must meet the networking requirements.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to implement a name resolution solution that meets the networking requirements. Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point
You need to configure Azure File Sync to meet the file sharing requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.
You need to implement an availability solution for DHCP that meets the networking requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You are planning the implementation Azure Arc to support the planned changes. You need to configure the environment to support configuration management policies. What should you do?
You need to configure remote administration to meet the security requirements. What should you use?
Which three actions should you perform in sequence to meet the security requirements for Webapp1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.