70-745 Free Practice Test

- (Exam Topic 3)
You administer the virtualization environment for an organization. You manage all Microsoft Hyper-V hosts locally. You plan to deploy Microsoft system center virtual machine manager (SCVMM).
(SCVMM) administrators must have full administrative permissions over the SCVMM fabric but no permission to other organizational fabrics. Administrators in the domain environment must not have any permission to the SCVMM infrastructure.
You need to deploy the SCVMM environment. What should you include?

1. A. Local installation of the SCVMM agent
2. B. Bit locker encrypted VHDX file
3. C. Host guardian service a trusted domain
4. D. Host guardian service in an isolated forest

Correct Answer: D
When setting up HGS, you are given the option of creating an isolated Active Directory forest just for HGS or to join HGS to an existing, trusted domain. This decision, as well as the roles you assign the admins in your organization, determine the trust boundary for HGS. Whoever has access to HGS, whether directly as an admin or indirectly as an admin of something else (e.g. Active Directory) that can influence HGS, has control over your guarded fabric. HGS admins choose which Hyper-V hosts are authorized to run shielded VMs and manage the certificates necessary to start up shielded VMs. An attacker or malicious admin who has access to HGS can use this power to authorize compromised hosts to run shielded VMs, initiate a denial-of-service attack by removing key material, and more.
To avoid this risk, it is strongly recommended that you limit the overlap between the admins of your HGS (including the domain to which HGS is joined) and Hyper-V environments. By ensuring no one admin has access to both systems, an attacker would need to compromise 2 different accounts from 2 individuals to complete his mission to change the HGS policies. This also means that the domain and enterprise admins for the two Active Directory environments should not be the same person, nor should HGS use the same Active Directory forest as your Hyper-V hosts. Anyone who can grant themselves access to more resources poses a security risk.
References:
https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-manageh

- (Exam Topic 1)
You need to ensure that Network1 can communicate with other virtual networks. What should you do?

1. A. Configure logical switches for the VMs on Network1.
2. B. Create an IP address pool for Network1.
3. C. Create port profiles for the VMs on Network1.
4. D. Configure a gateway in SCVMM.

Correct Answer: D