- (Exam Topic 3)
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the organizational units (OUs) shown in the following table.
In the domain, you create the Group Policy Objects (GPOs) shown in the following table.
You need to implement IPsec authentication to ensure that only authenticated computer accounts can connect to the members in the domain. The solution must minimize administrative effort.
Which GPOs should you apply to the Domain Controllers OU and the Domain Servers OU? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Table Description automatically generated
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/configure-authentication-
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 3)
You have an Azure virtual machine named VM1 that has the Web Server (IIS) server role installed. VM1 hosts a critical line-of-business (LOB) application.
After the security team at your company deploys a new security baseline to VM1, users begin reporting that the application is unresponsive.
You suspect that the security baseline has caused networking issues. You need to perform a network trace on VM1.
What should you do?
Correct Answer:
D
Reference:
https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/performance-diagnostics
- (Exam Topic 3)
Your network contains a single-domain Active Directory Domain Services (AD DS) forest named contoso.com. The functional level of the forest is Windows Server 2012 R2. All domain controllers run Windows Server 2012 R2.
Sysvol replicates by using the File Replication Service (FRS).
You plan to replace the existing domain controllers with new domain controllers that will run Windows Server 2022.
You need to ensure that you can add the first domain controller that runs Windows Server 2022. Solution; You raise the domain and forest functional levels.
Does this meet the goal?
Correct Answer:
B
DRAG DROP
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
The AD DS domain contains a domain controller named DC1. DC1 does NOT have internet access.
You need to configure password security for on-premises users. The solution must meet the following requirements:
Prevent the users from using known weak passwords.
Prevent the users from using the company name in passwords.
What should you do? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Solution:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premisesdeploy
Does this meet the goal?
Correct Answer:
A
DRAG DROP
You have two physical servers named AppSrv1 and AppSrv2 and an unconfigured server named Server1. All the servers run Windows Server.
Only Server1 can access the internet.
You plan to use Azure Site Recovery to replicate AppSrv1 and AppSrv2 to Azure.
You need to deploy the required components to AppSrv1, AppSrv2, and Server1.
Which components should you deploy? To answer, drag the appropriate components to the correct servers. Each component may be used once,
more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Solution:
Reference: https://docs.microsoft.com/en-us/azure/site-recovery/physical-azure-architecture
https://docs.microsoft.com/enus/azure/siterecovery/ physical-azure-set-up-source
Does this meet the goal?
Correct Answer:
A
