You have servers that have the DNS Server role installed. The servers are configured as shown in the following table.
 
All the client computers in the New York office use Server2 as the DNS server.
You need to configure name resolution in the New York office to meet the following requirements:
✑ Ensure that the client computers in New York can resolve names from contoso.com.
✑ Ensure that Server2 forwards all DNS queries for internet hosts to 131. 107.100.200.
The solution must NOT require modifications to Server1.
Which two components should you configure on Server2? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. a forwarder

B. a conditional forwarder

C. a delegation

D. a secondary zone

E. a reverse lookup zone

HOTSPOT -
Your network contains three Active Directory Domain Services (AD DS) forests as shown in the following exhibit.
 
The network contains the users shown in the following table.
 
The network contains the security groups shown in the following table.
 
For each of the following statements, select Yes if the statement is true. Otherwise. select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

DRAG DROP -
You deploy a single-domain Active Directory Domain Services (AD DS) forest named contoso.com.
You deploy a server to the domain and configure the server to run a service.
You need to ensure that the service can use a group managed service account (gMSA) to authenticate.
Which three PowerShell cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
Select and Place:
 

SIMULATION
-
You need to collect the recommended Windows Performance Counters from SRV1 in a Log Analytics workspace.
The required files are stored in a shared folder named dc1install.
To complete this task, sign in to the required computer or computers.

HOTSPOT
-
You have a server named Server1 that runs Windows Server and contains three volumes named C, D, and E.
Files are stored on Server1 as shown in the following table.
 
For volume D, Data Deduplication is enabled and set to General purpose file server.
You perform the following actions:
•	Move File1 to volume D.
•	Copy File2 to volume D and name the copy File4.
•	Move File3 to volume E.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

Your network contains a multi-site Active Directory Domain Services (AD DS) forest. Each Active Directory site is connected by using manually configured site links and automatically generated connections.
You need to minimize the latency for changes to Active Directory.
What should you do?

A. For each site links, modify the site link costs.

B. Create a site link bridge that contains all the site links.

C. For each site link, modify the options attribute.

D. For each site link, modify the replication schedule.

HOTSPOT
-
Your network contains an Azure Active Directory Domain Services (Azure AD DS) domain named contoso.com.
You need to configure a password policy for the local user accounts on the Azure virtual machines joined to contoso.com.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains the sites and site links shown in the following exhibit.
 
The sites contain the bridgehead domain controllers shown in the following table.
 
The IP intersite transport container is configured as shown in the following exhibit.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

Overview -
Company Information -
ADatum Corporation is a manufacturing company that has a main office in Seattle and two branch offices in Los Angeles and Montreal.
Fabrikam Partnership -
ADatum recently partnered with 2 company named Fabrikam, Inc.
Fabrikam is a manufacturing company that has a main office in Boston and a branch office in Orlando.
Both companies intend to collaborate on several joint projects.
Existing Environment -
ADatum AD DS Environment -
The on-premises network of ADatum contains an Active Directory Domain Services (AD DS) forest named adatum.com.
The forest contains two domains named adatum.com and east.adatum.com and the domain controllers shown in the following table.
 
Fabrikam AD DS Environment -
The on-premises network of Fabrikam contains an AD DS forest named fabrikam.com.
The forest contains two domains named fabrikam.com and south.fabrikam.com.
The fabrikam.com domain contains an organizational unit (OU) named Marketing.
Server Infrastructure -
The adatum.com domain contains the servers shown in the following table.
 
HyperV1 contains the virtual machines shown in the following table.
 
All the virtual machines on HyperV1 have only the default management tools installed.
SSPace1 contains the Storage Spaces virtual disks shown in the following table.
 
Azure Resources -
ADatum has an Azure subscription that contains an Azure AD tenant. Azure AD Connect is configured to sync the adatum.com forest with Azure AD.
The subscription contains the virtual networks shown in the following table.
 
The subscription contains the Azure Private DNS zones shown in the following table.
 
The subscription contains the virtual machines shown in the following table.
 
All the servers are in a workgroup.
The subscription contains a storage account named storage1 that has a file share named share1.
Requirements -
Planned Changes -
ADatum plans to implement the following changes:
•	Sync Data1 to share1.
•	Configure an Azure runbook named Task1.
•	Enable Azure AD users to sign in to Server1.
•	Create an Azure DNS Private Resolver that has the following configurations:
•	Name: Private1
•	Region: West US
•	Virtual network: VNet1
•	Inbound endpoint: SubnetB
•	Enable users in the adatum.com domain to access the resources in the south.fabrikam.com domain.
Technical Requirements -
ADatum identifies the following technical requirements:
•	The data on SSPace1 must be available always.
•	DC2 must become the schema master if DC1 fails.
•	VM3 must be configured to enable per-folder quotas.
•	Trusts must allow access to only the required resources.
•	The users in the Marketing OU must have access to storage1.
•	Azure Automanage must be used on all supported Azure virtual machines.
•	A direct SSH session must be used to manage all the supported virtual machines on HyperV1.
You need to ensure that VM3 meets the technical requirements.
What should you install first?

A. Enhanced Storage

B. the iSNS Server service

C. File Server Resource Manager (FSRM)

D. Windows Standards-Based Storage Management

HOTSPOT -
Your network contains a two-domain on-premises Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains the domain controllers shown in the following table.
 
All domain controllers are backed up by using Azure Backup.
You create an Active Directory site named Site3. Site1, Site2, and Site3 each has a dedicated site link to the Hub site.
In Site3, you install a new server named Server1.
You need to promote Server1 to an RODC in child.contoso.com by using the Install from Media (IFM) option. The solution must minimize network traffic.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

SIMULATION
-
You need to create a Group Policy Object (GPO) named GPO1 that only applies to a group named MemberServers.
To complete this task, sign in the required computer or computers.

HOTSPOT
-
You have a server named Server1 that runs Windows Server. Server1 has a single network interface and the Hyper-V virtual switches shown in the following exhibit.
 
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
 

HOTSPOT -
You have a Windows Server container host named Server1 that has a single disk.
On Server1, you plan to start the containers shown in the following table.
 
Which isolation mode can you use for each container? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have a server that runs Windows Server and has the DHCP Server role installed. The server has a scope named Scope1 that has the following configurations:
✑ Address range: 192.168.0.2 to 192. 168.1.254
✑ Mask: 255.255.254.0
✑ Router: 192.168.0.1
✑ Lease duration: 3 days
DNS server: 172.16.0.254 -
 
You have 50 Microsoft Teams Phone devices from the same vendor. All the devices have MAC addresses within the same range.
You need to ensure that all the Teams Phone devices that receive a lease from Scope1 have IP addresses in the range of 192.168.1.100 to 192.168.1.200. The solution must NOT affect other DHCP clients that receive IP configurations from Scope1.
What should you create?

A. a scope

B. a filter

C. scope options

D. a policy

You have an Azure virtual machine named VM1 that runs Windows Server.
You need to ensure that administrators request access to VM1 before establishing a Remote Desktop connection.
What should you configure?

A. Azure Front Door

B. Microsoft Defender for Cloud

C. Azure AD Privileged Identity Management (PIM)

D. a network security group (NSG)

SIMULATION
-
You need to replicate a read-only copy of a DNS zone named contoso.com D to SRV2.
To complete this task, sign in the required computer or computers.

DRAG DROP -
You have a server named Server1.
You plan to use Storage Spaces to expand the storage available to Server1. You attach eight physical disks to Server1. Four disks are HDDs and four are SSDs.
You need to create a volume on Server1 that will use the storage on all the new disks. The solution must provide the fastest read performance for frequently used files.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From a command prompt, you run netdom.exe query fsmo.
Does this meet the goal?

A. Yes

B. No

SIMULATION
-
You need to ensure that all DHCP clients that get an IP address from SRV1 will be configured to use DC1 as a DNS server.
To complete this task, sign in the required computer or computers.

Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the offices shown in the following table.
 
You need to deploy a Network Policy Server (NPS) named NPS1 to enforce network access policies for all remote connections.
What is the minimum number of RADIUS clients that you should add to NPS1?

A. 1

B. 3

C. 8

D. 180

E. 188

Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains a server named Server1.
You implement Just Enough Administration (JEA) on Server1.
You need to perform remote administration tasks on Server by using only JEA.
What should you use?

A. PowerShell only

B. Remote Server Administration Tools (RSAT) only

C. PowerShell or Remote Desktop only

D. PowerShell or Remote Server Administration Tools (RSAT) only

E. Remote Server Administration Tools (RSAT) or Remote Desktop only

F. PowerShell, Remote Server Administration Tools (RSAT), or Remote Desktop

SIMULATION
-
You need to register SRV1 to sync Azure file shares. The registration must use the 12345678 Storage Sync Service.
The required source files are located in a folder named dc1.contoso.cominstall.
You do NOT need to configure file share synchronization at this time, and you do NOT need to update the agent.

DRAG DROP -
Which three actions should you perform in sequence to meet the security requirements for Webapp1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
 

Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains 10 servers that run Windows Server. The servers have static
IP addresses.
You plan to use DHCP to assign IP addresses to the servers.
You need to ensure that each server always receives the same IP address.
Which type of identifier should you use to create a DHCP reservation for each server?

A. NetBIOS name

B. MAC address

C. fully qualified domain name (FQDN)

D. universally unique identifier (UUID)

HOTSPOT -
You need to configure network communication between the Seattle and New York offices. The solution must meet the networking requirements.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

DRAG DROP -
You deploy a single-domain Active Directory Domain Services (AD DS) forest named contoso.com.
You deploy five servers to the domain. You add the servers to a group named ITFarmHosts.
You plan to configure a Network Load Balancing (NLB) cluster named NLBCluster.contoso.com that will contain the five servers.
You need to ensure that the NLB service on the nodes of the cluster can use a group managed service account (gMSA) to authenticate.
Which three PowerShell cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
Select and Place:
 

HOTSPOT
-
Your on-premises network contains a server named Server1 and uses an IP address space of 192.168.10.0/24.
You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 uses an IP address space of 192.168.10.0/24.
You need to migrate Server1 to Subnet1. You must use Azure Extended Network to maintain the existing IP address of Server1.
What is the minimum number of virtual machines that you should deploy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From Active Directory Domains and Trusts, you right-click Active Directory Domains and Trusts in the console tree, and then select Operations
Master.
Does this meet the goal?

A. Yes

B. No

You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
You have several Windows 10 devices that are Azure AD hybrid-joined.
You need to ensure that when users sign in to the devices, they can use Windows Hello for Business.
Which optional feature should you select in Azure AD Connect?

A. Device writeback

B. Group writebeack

C. Azure AD app and attribute filtering

D. Password writeback

E. Directory extension attribute sync

HOTSPOT -
You plan to deploy an Azure virtual machine that will run Windows Server.
You need to ensure that an Azure Active Directory (Azure AD) user named
user1@contoso.com
can connect to the virtual machine by using the Azure Serial
Console.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have an on-premises server named Server1 that runs Windows Server. Server1 contains an app named App1 and a firewall named Firewall1.
You have an Azure subscription.
Internal users connect to App1 by using WebSockets.
You need to make App1 available to users on the internet. The solution must minimize the number of inbound ports open on Firewall1.
What should you include in the solution?

A. Microsoft Application Request Routing (ARR) Version 2

B. Azure Application Gateway

C. Azure Relay

D. Web Application Proxy

Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the domain controllers shown in the following table.
 
You need to ensure that if an attacker compromises the computer account of RODC1, the attacker cannot view the Employee-Number AD DS attribute.
Which partition should you modify?

A. configuration

B. global catalog

C. domain

D. schema

SIMULATION
-
You need to ensure that a DHCP scope named scope1 on SRV1 can service client requests.
To complete this task, sign in the required computer or computers.

HOTSPOT -
Your network contains a two-domain on-premises Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains the domain controllers shown in the following table.
 
All domain controllers are backed up by using Azure Backup.
You create an Active Directory site named Site3. Site1, Site2, and Site3 each has a dedicated site link to the Hub site.
In Site3, you install a new server named Server1.
You need to promote Server1 to an RODC in child.contoso.com by using the Install from Media (IFM) option. The solution must minimize network traffic.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have an Azure subscription that contains the virtual networks shown in the following table.
 
You deploy a virtual machine named VM1 that runs Windows Server. VM1 is connected to Subnet11.
You plan to add an additional network interface named NIC1 to VM1.
To which subnets can NIC1 be attached?

A. Subnet11 only

B. Subnet12 only

C. Subnet11 and Subnetl2 only

D. Submet12 and Subnet21 only

E. Subnet11, Subnet12, Subnet21, and Subnet31

SIMULATION
-
You need to enable nested virtualization for a virtual machine named VM1 on SRV1.
To complete this task, sign in the required computer or computers.

HOTSPOT -
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
The network contains the servers shown in the following table.
 
You plan to implement IP Address Management (IPAM).
You need to use the Group Policy based provisioning method for managed servers. The solution must support server discovery.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are planning the deployment of DNS to a new network.
You have three internal DNS servers as shown in the following table.
 
The contoso.local zone contains zone delegations for east.conloso.local and west.contoso.local. All the DNS servers use root hints.
You need to ensure that all the DNS servers can resolve the names of all the internal namespaces and internet hosts.
Solution: On Server2 and Server3, you configure a conditional forwarder for contoso.local.
Does this meet the goal?

A. Yes

B. No

You need to meet the technical requirements for User1. The solution must use the principle of least privilege.
What should you do?

A. Add Users1 to the Server Operators group in contoso.com.

B. Create a delegation on contoso.com.

C. Add Users1 to the Account Operators group in contoso.com.

D. Create a delegation on OU3.

SIMULATION
-
You plan to promote a domain controller named DC3 in a site in Seattle.
You need to ensure that DC3 only replicates with DC1 and DC2 between 8 PM and 6 AM.
To complete this task, sign in the required computer or computers.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to Site1.
Does this meet the goal?

A. Yes

B. No

SIMULATION
-
You need to ensure that SRV1 only leases IP addresses from the range of 192.168.1.190 to 192.168.1.200 to computers that have a MAC address that starts with aabb.
To complete this task, sign in the required computer or computers.

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the servers shown in the following table.
 
You need to create a Distributed File System (DFS) namespace that will contain the following:
•	A domain-based namespace named contoso.comPublic
•	A folder named Finance
Which servers can you configure as folder targets for the Finance folder?

A. Server3 only

B. Server2 and Server3 only

C. Server1 and Server3 only

D. Server1, Server2, and Server3 only

E. Server1, Server2, Server3, and Server4

You have an Active Directory Domain Services (AD DS) domain. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server.
You sign in to Server1 by using a domain account and start a remote PowerShell session to Server2. From the remote PowerShell session, you attempt to access a resource on Server3, but access to the resource is denied.
You need to ensure that your credentials are passed from Server1 to Server3. The solution must minimize administrative effort.
What should you do?

A. Configure Kerberos constrained delegation.

B. Configure Just Enough Administration (JEA).

C. Configure selective authentication for the domain.

D. Disable the Enforce user logon restrictions policy setting for the domain.

HOTSPOT -
You have an Azure subscription named sub1 and 500 on-premises virtual machines that run Windows Server.
You plan to onboard the on-premises virtual machines to Azure Arc by running the Azure Arc deployment script.
You need to create an identity that will be used by the script to authenticate access to sub1. The solution must use the principle of least privilege.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three domains. Each domain contains 10 domain controllers.
You plan to store a DNS zone in a custom Active Directory partition.
You need to create the Active Directory partition for the zone. The partition must replicate to only four of the domain controllers.
What should you use?

A. Active Directory Administrative Center

B. Set-DnsServer

C. New-ADObject

D. ntdsutil.exe

You have an on-premises server named Server1 that runs Windows Server.
You have an Azure virtual network that contains an Azure virtual network gateway.
You need to connect only Server1 to the Azure virtual network.
What should you use?

A. a Site-to-Site VPN

B. Azure Network Adapter

C. an ExpressRoute circuit

D. Azure Extended Network

HOTSPOT
-
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
The domain contains the users shown in the following table.
 
The domain has the Group Policy Objects (GPOs) shown in the following table.
 
The GPOs are configured as shown in the following table.
 
For each of the following statements, select Yes if the statement is true, Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

SIMULATION
-
You need to make the shares named Marketing and Sales from SRV1 available on the network by using the following UNC paths:
•	contoso.comdocumentsmarketing
•	contoso.comdocumentssales
To complete this task, sign in to the required computer or computers.

Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the objects shown in the following table.
 
You plan to sync contoso.com with an Azure Active Directory (Azure AD) tenant by using Azure AD Connect.
You need to ensure that all the objects can be used in Conditional Access policies.
What should you do?

A. Select the Configure Hybrid Azure AD join option.

B. Change the scope of Group1 and Group2 to Global.

C. Clear the Configure device writeback option.

D. Change the scope of Group2 to Universal.