windows server 2012 70-413认证释疑

简介:

Question 7

You need to recommend which changes must be implemented to the network before you can deploy the new web application.

What should you include in the recommendation?

A.Change the forest functional level to Windows Server 2008 R2

B.Upgrade the DNS servers to windows server 2012.

C.Change the functional level of both the domains to windows server 2008 R2

D.Upgrade the domain controllers to windows server 2012.

此题的意思是,执行跨域的受限制委派,需要在现有的环境中做怎样的改变。

题库中的答案选择A,但据technet上资料,此题应该选择D。

Resource-based constrained delegation can only be configured on a domain controller running Windows Server 2012 R2 and Windows Server 2012, but can be applied within a mixed-mode forest.

参考链接:

http://technet.microsoft.com/en-us/library/jj553400.aspx



wKioL1N03aTBDYixAAKxPiP61PQ572.jpg


该答案正确,虽然在父域中的GPO,无法在子域中获得,但父域中的GPO可以通过链接到站点,来把该GPO应用的子域中。我们可以使用gpresult /v命令查看到子域中组策略应用的结果。



QUESTION 11

Your network contains an Active Directory forest named adatum.com. All domain controllers run Windows Server 2008 R2. The functional level of the
domain and the forest is Windows Server 2008.
You deploy a new Active Directory forest named contoso.com. All domain controllers run Windows Server 2012 R2. The functional level of the domain
and the forest is Windows Server 2012 R2.
You establish a two-way, forest trust between the forests. Both networks contain member servers that run either Windows Server 2012 R2, Windows
Server 2012, Windows Server 2008 R2 or Windows Server 2008.
You plan to use the Active Directory Migration Tool 3.2 (ADMT 3.2) to migrate user accounts from adatum.com to contoso.com. SID history will be used
in contoso.com and passwords will be migrated by using a Password Export Server (PES).
You need to recommend which changes must be implemented to support the planned migration. Which two changes should you recommend? Each
correct answer presents part of the solution.
A. In the contoso.com forest, deploy a domain controller that runs Windows Server 2008 R2.
B. In the adatum.com forest, upgrade the functional level of the forest and the domain.

C. In the contoso.com forest, downgrade the functional level of the forest and the domain.
D. In the adatum.com forest, deploy a domain controller that runs Windows Server 2012 R2.


释疑:

之所以答案选择AC,一个很重要的原因是AMDT3.2版本,只能安装在windows server 2008上。



QUESTION 33
Your company, which is named Contoso, Ltd., has a main office and two branch offices. The main office is located in North America. The branch offices
are located in Asia and Europe.
You plan to design an Active Directory forest and domain infrastructure.
You need to recommend an Active Directory design to meet the following requirements:
The contact information of all the users in the Europe office must not be visible to the users in the other offices.
The administrators in each office must be able to control the user settings and the computer settings of the users in their respective office.
The solution must use the least amount of administrative effort.
What should you include in the recommendation?
A. One forest that contains three domains
B. Three forests that each contain one domain
C. Two forests that each contain one domain
D. One forest that contains one domain
Correct Answer: C


释疑:

因为每个用户的Contract Information信息,属于域架构中用户对象的属性。如若要使该属性不被复制(也就是题目中要求的Europe中用户contract information对其他办公室不可见)。那么必须更改该属性的SearchFlags属性。架构属于林的范畴,所以这里要创建两个林。


参考链接:

http://technet.microsoft.com/en-us/library/cc784826(v=WS.10).aspx


其中说明架构中对象属性属于林级别范畴的一段如下:

The Active Directory installation process that creates the forest also generates the default schema. Thereafter, the default schema replicates to each new domain controller during the installation of the directory on that new domain controller. The default schema contains all the standard object definitions that are necessary for Active Directory to function in a standard deployment.

Active Directory uses a multimaster replication topology, which means that any domain controller in a forest can write a change to the directory database and then replicate that change to other domain controllers in the same forest. For a domain controller to create a new object and write it to the directory, the domain controller must have access to the object definition that is needed to create the new object. Every domain controller in a forest maintains a copy of the schema, which makes it possible for domain controllers to have access to the object definitions that they need to store and retrieve information in the directory.

In some situations, the default attributes and object definitions in the schema are insufficient to create new object types that are required by some applications or services that interoperate with the directory. In these situations, it is possible to customize the schema by adding new object definitions to it. The process of adding definitions to the schema is referred to as “extending the schema.”

It is important to plan the deployment of schema extensions carefully. The directory stores the schema and replicates schema changes to every domain controller throughout the forest. Therefore, extending the schema creates replication traffic, which can briefly affect network traffic. For more information about extending the schema, see “How the Active Directory Schema Works.”



DFS与branchcache的区别

http://social.technet.microsoft.com/Forums/windowsserver/en-US/efabcbe4-bb90-4aec-ba67-a3780d242e4b/branchcache-or-dfsdfsr?forum=windowsserver2008r2branchoffice




可以在cmd命令提示符中,使用set logon命令来查询客户端登陆的是哪台域控制器。



QUESTION 26

Your company has three offices. The offices are located in Montreal, Toronto, and Vancouver.

The network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com

forest contains one domain. The adatum.com forest contains two domains. All of the servers in adatum.com

are located in the Toronto office. The servers in contoso.com are located in the Montreal and Vancouver

offices. All of the servers in both of the forests run Windows Server 2012 R2.

A two-way, forest trusts exists between the forests.

Each office contains DHCP servers and DNS servers.

You are designing an IP Address Management (IPAM) solution to manage the network.

You need to recommend a solution for the placement of IPAM servers to manage all of the DHCP servers and

all of the DNS servers in both of the forests. The solution must minimize the number of IPAM servers deployed.

What should you recommend?

A. One IPAM server in each office

B. One IPAM server in the Montreal office and one IPAM server in the Toronto office

C. One IPAM server in the Toronto office

D. Two IPAM servers in the Toronto office and one IPAM server in the Montreal office

E. Two IPAM servers in the Toronto office, one IPAM server in the Montreal office, and one IPAM server in the

Vancouver office

Correct Answer: B

释疑:

IPAM 服务器发现的作用域仅限一个 Active Directory 林。该林本身可能包含多个信任的以及不信任的域。IPAM 要求 Active Directory 域的成员身份,并且依赖于某个功能网络基础结构环境,以与 AD 林上的其他服务器安装集成。

参考链接:

http://ycrsjxy.blog.51cto.com/618627/1052360




部署WDS服务AD DS服务角色不是必须的,而DNS和DHCP是必须的。


参考链接:

http://technet.microsoft.com/en-us/library/hh831764.aspx




QUESTION 49

Your company has a main office, ten regional datacenters. and 100 branch offices.

You are designing the site topology for an Active Directory forest named contoso.com.

The forest will contain the following servers:

In each regional datacenter and in the main office, a domain controller that runs Windows Server 2012

In each branch office, a file server that runs Windows Server 2012

You have a shared folder that is accessed by using the path \\contoso.com\shares\software. The folder will be

replicated to a local file server in each branch office by using Distributed File System (DFS) replication.

You need to recommend an Active Directory site design to meet the following requirements:

Ensure that users in the branch offices will be authenticated by a domain controller in the closest regional

datacenter.

Ensure that users automatically connect to the closest file server when they access \\contoso.com\shares

\software.

How many Active Directory sites should you recommend?

A. 1

B. 10

C. 11

D. 111

Correct Answer: D

Explanation

Explanation/Reference:

DFS needs a site


释疑:

Folder targets. A folder target is a UNC path of a shared folder or another namespace that is associated with a folder in a namespace. In the previous figure, the folder named Tools has two folder targets, one in London and one in New York, and the folder named Training Guides has a single folder target in New York. A user who browses to \\Contoso\Public\Software\Tools is transparently redirected to the shared folder \\LDN-SVR-01\Tools or \\NYC-SVR-01\Tools, depending on which site the user is in.


参考链接:

http://technet.microsoft.com/en-us/library/cc732863(v=WS.10).aspx



QUESTION 78

Your network contains an Active Directory forest named contoso.com. The forest is managed by using

Microsoft System Center 2012.

You plan to create virtual machine templates to deploy servers by using the Virtual Machine Manager

Selfservice

Portal (VMMSSP).

To the Virtual Machine Manager (VMM) library, you add a VHD that has a generalized image of Windows

Server 2012.

You need to identify which VMM components must be associated with the image.

Which components should you identify?

(Each correct answer presents part of the solution. Choose all that apply.)

A. A guest OS profile

B. A hardware profile

C. A capability profile

D. A host profile

Correct Answer: AB

释疑:

Explanation/Reference:

http://technet.microsoft.com/en-us/library/jj860424.aspx

VMM provides the following profiles:

Hardware profile--A hardware profile defines hardware configuration settings such as CPU, memory,

network adapters, a video adapter, a DVD drive, a floppy drive, COM ports, and the priority given the virtual

machine when allocating resources on a virtual machine host. Guest operating system profile--A guest

operating system profile defines operating system configured settings which will be applied to a virtual

machine created from the template. It defines common operating system settings such as the type of

operating system, the computer name, administrator password, domain name, product key, and time zone,

answer file and run once file.

NOTE: VMM also includes host profiles. Host profiles are not used for virtual machine creation. They are

used during the conversion of a bare-metal computer to a Hyper-V


      本文转自daniel8294 51CTO博客,原文链接:http://blog.51cto.com/acadia627/1409379,如需转载请自行联系原作者










相关文章
|
1月前
|
网络安全 Windows
Windows server 2012R2系统安装远程桌面服务后无法多用户同时登录是什么原因?
【11月更文挑战第15天】本文介绍了在Windows Server 2012 R2中遇到的多用户无法同时登录远程桌面的问题及其解决方法,包括许可模式限制、组策略配置问题、远程桌面服务配置错误以及网络和防火墙问题四个方面的原因分析及对应的解决方案。
|
1月前
|
监控 安全 网络安全
使用EventLog Analyzer日志分析工具监测 Windows Server 安全威胁
Windows服务器面临多重威胁,包括勒索软件、DoS攻击、内部威胁、恶意软件感染、网络钓鱼、暴力破解、漏洞利用、Web应用攻击及配置错误等。这些威胁严重威胁服务器安全与业务连续性。EventLog Analyzer通过日志管理和威胁分析,有效检测并应对上述威胁,提升服务器安全性,确保服务稳定运行。
|
1月前
|
监控 安全 网络安全
Windows Server管理:配置与管理技巧
Windows Server管理:配置与管理技巧
87 3
|
1月前
|
存储 安全 网络安全
Windows Server 本地安全策略
由于广泛使用及历史上存在的漏洞,Windows服务器成为黑客和恶意行为者的主要攻击目标。这些系统通常存储敏感数据并支持关键服务,因此组织需优先缓解风险,保障业务的完整性和连续性。常见的威胁包括勒索软件、拒绝服务攻击、内部威胁、恶意软件感染等。本地安全策略是Windows操作系统中用于管理计算机本地安全性设置的工具,主要包括用户账户策略、安全选项、安全设置等。实施强大的安全措施,如定期补丁更新、网络分段、入侵检测系统、数据加密等,对于加固Windows服务器至关重要。
|
2月前
|
边缘计算 安全 网络安全
|
2月前
|
人工智能 JavaScript 网络安全
ToB项目身份认证AD集成(三完):利用ldap.js实现与windows AD对接实现用户搜索、认证、密码修改等功能 - 以及针对中文转义问题的补丁方法
本文详细介绍了如何使用 `ldapjs` 库在 Node.js 中实现与 Windows AD 的交互,包括用户搜索、身份验证、密码修改和重置等功能。通过创建 `LdapService` 类,提供了与 AD 服务器通信的完整解决方案,同时解决了中文字段在 LDAP 操作中被转义的问题。
|
2月前
|
数据安全/隐私保护 Windows
安装 Windows Server 2019
安装 Windows Server 2019
|
2月前
|
网络协议 Windows
Windows Server 2019 DHCP服务器搭建
Windows Server 2019 DHCP服务器搭建
|
2月前
|
网络协议 定位技术 Windows
Windows Server 2019 DNS服务器搭建
Windows Server 2019 DNS服务器搭建
|
2月前
|
安全 网络协议 数据安全/隐私保护
Windows Server 2019 搭建并加入域
Windows Server 2019 搭建并加入域