100% Pass 70-414 Real Test is not a dream! Braindump2go Latest Released 70-414 Exam Practice Exam Dumps will help you pass 70-414 Exam one time easiluy! Free Sample Exam QAuestions and Answers are offered for free download now! Quickly having a try today! Never loose this valuable chance!
Vendor: Microsoft
Exam Code: 70-414
Exam Name: Implementing an Advanced Server Infrastructure Exam
QUESTION 61
Your network contains the following roles and applications:
– Microsoft SQL Server 2012
– Distributed File System (DFS) Replication
– Active Directory Domain Services (AD DS)
– Active Directory Rights Management Services (AD RMS)
– Active Directory Lightweight Directory Services (AD LDS)
You plan to deploy Active Directory Federation Services (AD FS).
You need to identify which deployed services or applications can be used as attribute stores for the planned AD FS deployment.
What should you identify? (Each correct answer presents a complete solution. Choose all that apply.)
A. DFS
B. AD RMS
C. Microsoft SQL Server 2012
D. AD LDS
E. AD DS
Answer: CDE
Explanation:
http://technet.microsoft.com/library/dd807092(v=ws.10).aspx
QUESTION 62
Your network contains an Active Directory domain named contoso.com.
The network contains 15,000 client computers.
You plan to deploy an Active Directory Certificate Services (AD CS) infrastructure and issue certificates to all of the network devices.
You need to recommend a solution to minimize the amount of network utilization caused by certificate revocation list (CRL) checking.
What should you include in the recommendation? More than one answer choice may achieve the goal. Select the BEST answer.
A. The Network Device Enrollment Service role service
B. An increase of the CRL validity period
C. A reduction of the CRL validity period
D. The Online Responder role service
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc753468.aspx
QUESTION 63
Your network contains an Active Directory domain named contoso.com.
You deploy Active Directory Certificate Services (AD CS).
You plan to deploy 100 external Web servers that will be publicly accessible and will require Secure Sockets Layer (SSL) certificates.
You also plan to deploy 50,000 certificates for secure email exchanges with Internet-based recipients.
You need to recommend a certificate services solution for the planned deployment.
What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.
A. Deploy a certification authority (CA) that is subordinate to an external root CA.
B. Purchase 50,100 certificates from a trusted third-party root certification authority (CA).
C. Distribute a copy of the root certification authority (CA) certificate to external relying parties.
D. Instruct each user to request a Secure Email certificate from a trusted third-party root CA,
and then purchase 100 Web server certificates.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc772192(v=ws.10).aspx
QUESTION 64
Your company, which is named Contoso, Ltd., has offices only in North America.
The company has 2,000 users.
The network contains an Active Directory domain named contoso.com.
You plan to deploy an Active Directory Certificate Services (AD CS) infrastructure and assign certificates to all client computers.
You need to recommend a PKI solution to protect the private key of the root certification authority (CA) from being accessed by external users.
What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.
A. An offline standalone root CA and an online enterprise issuing CA
B. An online enterprise root CA and an online enterprise issuing CA
C. An offline standalone root CA and an offline enterprise issuing CA
D. An online enterprise root CA, an online enterprise policy CA, and an online enterprise issuing
CA
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc737481(v=ws.10).aspx
QUESTION 65
Your network contains an Active Directory domain named contoso.com.
The network has an Active Directory Certificate Services (AD CS) infrastructure.
You need to issue a certificate to users to meet the following requirements:
– Ensure that the users can encrypt files by using Encrypting File System (EFS).
– Ensure that all of the users reenroll for their certificate every six months.
What should you do first?
A. From the properties of the User certificate template, assign the Allow-Enroll permission to
the Authenticated Users group.
B. From the properties of the Basic EFS template, assign the Allow-Enroll permission to the Authenticated Users group.
C. Create a copy of the User certificate template, and then modify the extensions of the copy.
D. Create a copy of the Basic EFS certificate template, and then modify the validity period of
the copy.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc786499(v=ws.10).aspx
QUESTION 66
Your network contains an Active Directory domain named contoso.com.
The network has an Active Directory Certificate Services (AD CS) infrastructure.
You deploy Active Directory Rights Management Services (AD RMS) on the network.
You provide several users on the network with the ability to protect content by using AD RMS. You need to recommend a solution to provide the members of a group named Audit with the ability to read and modify all of the AD RMS-protected content.
What should you recommend?
A. Issue a CEP Encryption certificate to the members of the Audit group.
B. Issue a key recovery agent certificate to the members of the Audit group.
C. Add the Audit group as a member of the super users group.
D. Add the Audit group as a member of the Domain Admins group.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/ee424431.aspx
QUESTION 67
Your network contains an Active Directory domain named contoso.com.
The network contains a perimeter network.
The perimeter network and the internal network are separated by a firewall.
On the perimeter network, you deploy a server named Server1 that runs Windows Server 2012. You deploy Active Directory Certificate Services (AD CS).
Each user is issued a smart card. Users report that when they work remotely, they are unable to renew their smart card certificate.
You need to recommend a solution to ensure that the users can renew their smart card certificate from the Internet.
What should you recommend implementing on Server1? More than one answer choice may achieve the goal. Select the BEST answer.
A. The Certification Authority Web Enrollment role service and the Online Responder role
service
B. The Active Directory Federation Services server role
C. The Certificate Enrollment Policy Web Service role service and the Certificate Enrollment
Web Service role service
D. An additional certification authority (CA) and the Online Responder role service
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/dd759230.aspx
QUESTION 68
Your network contains an Active Directory domain named contoso.com.
The network has an Active Directory Certificate Services (AD CS) infrastructure.
You publish the certificate revocation list (CRL) to a farm of Web servers.
You are creating a disaster recovery plan for the AD CS infrastructure.
You need to recommend which actions must be performed to restore certificate revocation checking if a certification authority (CA) is offline for an extended period of time.
Which three actions should you recommend? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
http://technet.microsoft.com/en-us/library/cc732443(v=ws.10).aspx
QUESTION 69
Your network contains an Active Directory domain named contoso.com.
The domain contains four servers named Server1, Server2, Server3, and Server4 that run Windows Server 2012. Server1 and 5erver2 are configured as file servers and are part of a failover cluster named Cluster1.
Server3 and Server4 have Microsoft SQL Server 2012 installed and are part of a failover cluster named Cluster2.
You add a disk named Disk1 to the nodes in Cluster1.
Disk1 will be used to store the data files and log files used by SQL Server 2012.
You need to configure the environment so that access to Disk1 remains available when a node on Cluster1 fails over or fails back.
Which three actions should you perform? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
QUESTION 70
Your network contains an Active Directory domain.
The domain contains a site named Site1.
All of the client computers in Site1 use static IPv4 addresses on a single subnet.
Site1 contains a Storage Area Network (SAN) device and two servers named Server1 and Server2 that run Windows Server 2012.
You plan to implement a DHCP infrastructure that will contain Server1 and Server2.
The infrastructure will contain several IP address reservations.
You need to recommend a solution for the DHCP infrastructure to ensure that clients can receive IP addresses from a DHCP server if either Server1 or Server2 fails.
What should you recommend? (Each correct answer is a complete solution. Choose all that apply.)
A. Configure all of the client computers to use IPv6 addresses, and then configure Server1
and Server2 to run DHCP in stateless mode.
B. Configure Server1 and Server2 as members of a failover cluster, and then configure DHCP
as a clustered resource.
C. Configure a DHCP failover relationship that contains Server1 and Server2.
D. Create a scope for each server, and then configure each scope to contain half of the IP addresses.
Answer: BCD
Explanation:
Braindump2go New Released 70-414 Dumps PDF are Now For Free Download, 162 Latest Questions, Download It Right Now and Pass Your Exam 100%: