HOTSPOT -
The Default Domain Policy Group Policy Object (GPO) is shown in the GPO exhibit. (Click the GPO tab.)
The members of a group named Service Accounts are shown in the Group exhibit. (Click the Group tab.)
An organizational unit (OU) named ServiceAccounts is shown in the OU exhibit. (Click the OU tab.)
You create a Password Settings Object (PSO) as shown in the PSO exhibit. (Click the PSO tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Reference:
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/adac/introduction-to-active-directory-administrative-center-enhancements--level-100-
#fine_grained_pswd_policy_mgmt
DRAG DROP -
Your network contains an Active Directory Domain Services (AD DS) domain.
You need to implement a solution that meets the following requirements:
✑ Ensures that the members of the Domain Admins group are allowed to sign in only to domain controllers
✑ Ensures that the lifetime of Kerberos Ticket Granting Ticket (TGT) for the members of the Domain Admins group is limited to one hour
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Answer:
Reference:
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/how-to-configure-protected-accounts
You have an Azure virtual machine named VM1 that runs Windows Server.
You plan to deploy a new line-of-business (LOB) application to VM1.
You need to ensure that the application can create child processes.
What should you configure on VM1?
Answer:
D
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/customize-exploit-protection?view=o365-worldwide
HOTSPOT -
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the organizational units (OUs) shown in the following table.
In the domain, you create the Group Policy Objects (GPOs) shown in the following table.
You need to implement IPsec authentication to ensure that only authenticated computer accounts can connect to the members in the domain. The solution must minimize administrative effort.
Which GPOs should you apply to the Domain Controllers OU and the Domain Servers OU? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/configure-authentication-methods
Your on-premises network contains two subnets. The subnets contain servers that run Windows Server as shown in the following table.
Server4 has the following IP configurations:
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . . :
IPv4 Address . . . . . . . . . . . : 192.168.0.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
From Server4, you can ping Server1 and Server2 successfully. When you ping Server3, you get a Request timed out response.
From Server2, you can ping Server1 and Server3 successfully.
The misconfiguration of which component on Server3 can cause the Request timed out response?
Answer:
C
You have five Azure virtual machines.
You need to collect performance data and Windows Event logs from the virtual machines. The data collected must be sent to an Azure Storage account.
What should you install on the virtual machines?
Answer:
E
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/diagnostics-extension-overview
HOTSPOT -
You have a server named Server1 that runs Windows Server.
On Server1, you create a Data Collector Set named CollectorSet1 based on the Basic template.
You need to configure CollectorSet1 to meet the following requirements:
✑ Older performance counter logs must be overwritten by new ones.
✑ Performance counter logging must stop if there is less than 500 MB of free disk space.
What should you configure for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
You have an Azure virtual machine named VM1.
You install an application on VM1, and then restart the virtual machine.
After the restart, you get the following error message: `Boot failure. Reboot and Select proper Boot Device or Insert Boot Media in selected Boot Device.`
You need to mount the operating system disk offline from VM1 to a temporary virtual machine to troubleshoot the issue.
Which command should you run in Azure CLI?
Answer:
A
Reference:
https://docs.microsoft.com/en-us/cli/azure/vm/repair?view=azure-cli-latest
You have a Site-to-Site VPN between an on-premises network and an Azure VPN gateway. BGP is disabled for the Site-to-Site VPN.
You have an Azure virtual network named Vnet1 that contains a subnet named Subnet1. Subnet1 contains a virtual machine named Server1.
You can connect to Server1 from the on-premises network.
You extend the address space of Vnet1. You add a subnet named Subnet2 to Vnet1. Subnet2 uses the extended address space. You deploy an Azure virtual machine named Server2 to Subnet2.
You cannot connect to Server2 from the on-premises network. Server1 can connect to Server2.
You need to ensure that you can connect to Subnet2 from the on-premises network.
What should you do?
Answer:
D
DRAG DROP -
You have an Azure virtual machine named VM1 that runs Windows Server. VM1 has boot diagnostics configured to use a managed storage account.
You are troubleshooting connectivity issue on VM1.
You need to run a PowerShell cmdlet on VM1 by using the Azure Serial Console.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Answer:
Reference:
https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-overview https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-windows
