T Study Materials & Practical

.70-741.IT Study Materials & Practical QAs 283

T Study Materials & Practical QAs

Vendor: Microsoft

Exam Code: 70-741

Exam Name: Networking with Windows Server 2016

Version: 21

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Exam A

QUESTION 1 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You network contains an Active Directory domain named contoso.com. The domain contains a DHCP server named Server1. T All client computers run Windows 10 and are configured asStudy DHCP clients. Your helpdesk received calls today from users who failed to access the network from their Windows 10 computer. You open the DHCP console as shown in the exhibit. (Click the Exhibit button.) Materials

& Practical

QAs

You need to ensure that all of the Windows a DHCP lease. Solution: You activate the scope.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Does this meet the goal?

A. Yes B. No

Correct Answer: A Section: (none) Explanation T Explanation/Reference: Explanation: Study When a scope is deactivated all statistics display 0. You only can tell if a scope is configured after you click on address pool. Activating the scope will be sufficient.

QUESTION 2 Materials Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.

Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run Windows 10. On Server1, you have the following zone configuration. & Practical

QAs

You have the following subnets defined on Server1.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You need to prevent Server1 from resolving queries fromT DNS clients located on Subnet4. Study Server1 must resolve queries from all other DNS clients. Solution: From Windows Firewall with Advanced Security on Server1, you create an inbound rule. Does this meet the goal? Materials A. Yes B. No

Correct Answer: A Section: (none) Explanation & Explanation/Reference: Explanation: Practical In firewall u can add inbound rule and specify UDP, TCP ports and IP subnet to block list, so the answer is YES. https://technet.microsoft.com/en-us/library/dd421709(v=ws.10).aspx

We can create a firewall rule to block access to the DNS Server service and restrict the rule to remote computers on subnet4.

QUESTION 3 Note: This question is part of a series of questions that present the same scenario. Each questionQAs in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that runs Windows Server 2016 and has the DNS Server role installed. Automatic scavenging of state records is enabled and the scavenging period is set to 10 days. All client computers dynamically register their names in the contoso.com DNS zone on Server1. You discover that the names of multiple client computers that were removed from the network several weeks ago can still be resolved.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You need to configure Server1 to automatically remove the records of the client computers that have been offline for more than 10 days. Solution: You run the dnscmd.exe command and specify the /AgeAllRecords parameter for the zone. Does this meet the goal?

A. Yes B. No

Correct Answer: B Section: (none) T Explanation Study Explanation/Reference: Explanation: https://technet.microsoft.com/en-us/library/cc772069(v=ws.11).aspx Materials Explanaon: The queson states that automac scavenging of stale records is enabled. Automac scavenging of stale records is a server seng. To ensure that zone data is processed by this feature, we have to configure Aging for the zone. Per default Zone Aging is disabled. Dnscmd /ageallrecords sets the current me on a me stamp on resource records at a specified zone or node on a DNS server. The ageallrecords command is for backward compability between the current version of DNS and previous releases of DNS in which aging and scavenging were not supported. It adds a me stamp with the current me to resource records that do not have a me stamp, and it sets the current me on resource records that do have a me stamp. Record scavenging does not occur unless the records are me stamped. & Client computers which dynamically register their names maintain a mestamp per default. Names that are Practicalmanually added are marked as stac.

QUESTION 4 Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question. QAs You have a DHCP server named Server1 that has three network cards. Each network card is configured to use a static IP address. Each network card connects to a different network segment. Server1 has an IPv4 scope named Scope1. You need to ensure that Server1 only uses one network card when leasing IP addresses in Scope1. What should you do?

A. From the properties of Scope1, modify the Conflict detection attempts setting.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs B. From the properties of Scope1, configure Name Protection. C. From the properties of IPv4, configure the bindings. D. From IPv4, create a new filter. E. From the properties of Scope1, create an exclusion range. F. From IPv4, run the DHCP Policy Configuration Wizard. G. From Control Panel, modify the properties of Ethernet. H. From Scope1, create a reservation.

Correct Answer: C T Section: (none) Study Explanation

Explanation/Reference: Explanaon: Materials A computer running a Windows Server operang system can perform as a mulhomed DHCP server. For mulhomed servers, the DHCP service binds to the first IP address stacally configured for each network connecon in use. By default, the service bindings depend on whether the first network connecon is configured dynamically or stacally for TCP/IP. Based on the method of configuraon it uses, reflected by its current se ngs in Internet Protocol (TCP/IP) properes, the DHCP Server service performs default service bindings as follows: If the first network connecon uses a manually specified IP address, the connecon is enabled in server bindings. For this to occur, a value for IP address must be configured and the Use the following IP address& opon selected in Internet Protocol (TCP/IP) properes. In this mode, the DHCP server listens for and provides service to DHCPPractical clients. If the first network connecon uses an IP address configured dynamically, the connecon is disabled in server bindings. This occurs when the Obtain an IP address automacally opon is selected in Internet Protocol (TCP/IP) properes. For computers running Windows Server operang systems, this is the default se ng. In this mode, the DHCP server does not listen for and provide service to DHCP clients unl a stac IP address is configured. The DHCP server will bind to the first stac IP address configured on each adapter. By design, DHCP server bindings are enabled and disabled on a per-connecon, not per-address basis.QAs All bindings are based on the first configured IP address for each connecon appearing in the Network Connecons folder. If addional stac IP addresses (for example, as set in Advanced TCP/IP properes) are configured for the applicable connecon, these addresses are never used by DHCP servers running Windows Server and are inconsequenal for server bindings. DHCP servers running Windows Server never bind to any of the NDISWAN or DHCP-enabled interfaces used on the server. These interfaces are not displayed in the DHCP console under the current server bindings list because they are never used for DHCP service. Only addional network connecons that have a primary stac IP address configured can appear in the server bindings list (or be selecvely enabled or disabled there).

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 5 Note: This queson is part of a series of quesons that present the same scenario. Each queson in the series contains a unique soluon that might meet the stated goals. Some queson sets might have more than one correct soluon, while others might not have a correct soluon.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You network contains an Acve Directory domain named contoso.com. The domain contains a DHCP server named Server1. All client computers run Windows 10 and are configured as DHCP clients. Your helpdesk received calls today from users who failed to access the network from their Windows 10 computer. You open the DHCP console as shown in the following exhibit.

T Study

Materials

& Practical

You need to ensure that all of the Windows 10 computers can receive a DHCP lease. QAs Solution: You start the DHCP Server service. Does this meet the goal?

A. Yes B. No

Correct Answer: B Section: (none) Explanation

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation/Reference: Explanation:

The red down arrow next to the IPv4 address range indicates that the range is disabled. The small window with the statistics for the area indicates that the area contains no addresses for assignment to clients. However, this is only due to the fact that the area is deactivated and does not allow any conclusions about the addresses contained in the address pool of the area. If the area is activated, the addresses of the address pool are available for assignment by the DHCP server.

The blue circle icon with the white exclamation mark indicates that the server has no IPv4 addresses available for assignment.

To ensure that clients can obtain IP addresses from Server1, weT either need to activate the existing scope or create a completely new scope. Study See also: DHCP Console Icons Reference

QUESTION 6 Your network contains an Active Directory forest named contoso.com.Materials The forest contains two domains named contoso.com and litwareinc.com. Your company recently deployed DirectAccess for the members of a group named DA_Computers. All client computers are members of DA_Computers.

You discover that DirectAccess clients can access the resources located in the contoso.com domain only.

The clients can access the resources in the litwareinc.com domain by using an L2TP VPN connection to the network. & You need to ensure that the DirectAccess clients can access the resources in the litwareinc.comPractical domain. What should you do?

A. From a Group Policy object (GPO), modify the Name Resolution Policy Table (NRPT). B. From the properties of the servers in litwareinc.com, configure the delegation settings. C. On an external DNS server, create a zone delegation for litwareinc.com. QAs D. Add the servers in litwareinc.com to the RAS and IAS Servers group.

Correct Answer: A Section: (none) Explanation

Explanation/Reference: Explanation: https://blogs.technet.microsoft.com/tomshinder/2010/04/01/directaccess-client-location-awareness-nrpt-name-resolution/

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanaon: In order for the DirectAccess (DA) client to determine whether to turn on it’s DirectAccess client configuraon (which connects the DA client to the DA server), it must know if it is on the corporate network or not. If the DA client is not on the corporate network, then the DA client components are turned on, and if the DA client is on the corporate network, then the DA client components are not turned on. DA client off the corporate network – DA client components are turned on DA client on the corporate network – DA client components are turned off When the DA client components are turned on, the DA client tries to reach corporate resources though a connecon through the DA server. T If the DA client components are not turned on, then the DA client connects directly to the resources. The DA client uses a Network Locaon Server (NLS) to find out if it is onStudy the corporate network. The NLS is a web server that is accessible only when the client is on the corporate network. That means there must never be a DNS entry on the public Internet that matches the name of your NLS server. For example, if the name of your NLS server is nls.contoso.com, then that name must not be resolvable by any public DNS server. However, that name mustbe resolvable by your internal NLS servers. When the DA client has disabled its DA client components, it resolves names based on the DNS server IP address sengs on its NIC. However, when the DA client has enabled its DA client configuraon, name resoluonMaterials depends on the sengs on the Name Resoluon Policy Table or NRPT. The NRPT provides a form of “DNS server roung” based on the names configured on the NRPT. You configure the NRPT during the setup of the Windows DA server or the UAG DA server. Reference: DirectAccess Client Locaon Awareness – NRPT Name Resoluon

QUESTION 7 Your company has two main offices. The offices are located in London and Seattle. & All servers run Windows Server 2016. Practical In the Seattle office, you have a Distributed File System (DFS) server named FS1. FS1 has a folder named Folder1 that contains large Windows image files. In the London office, you deploy a DFS server named FS2, and you then replicate Folder1 to FS2. After several days, you discover that the replication of certain files failed to complete. You need to ensure that all of the files in Folder1 can replicate to FS2. What should you do? QAs

A. Modify the disk quota of the drive that contains Folder1. B. From a command prompt, run dfsutil /purgemupcache. C. Create a quota for Folder1 by using File Server Resource Manager (FSRM). D. Modify the size of staging area of Folder1.

Correct Answer: D Section: (none) Explanation

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation/Reference:

T Study

Materials

& Practical

QAs

QUESTION 8 Your network contains multiple wireless access points (WAPs) that use WPA2-Personal authentication.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs The network contains an enterprise root certification authority (CA). The security administrator at your company plans to implement WPA2-Enterprise authentication on the WAPs. To support the authentication change, you deploy a server that has Network Policy Server (NPS) installed. You need to configure NPS to authenticate the wireless clients. What should you do on the NPS server?

A. Add RADIUS clients and configure network policies. B. Create a remote RADIUS server group and configure connection request policies. C. Create a remote RADIUS server group and install a server certificate.T D. Add RADIUS clients and configure connection request policies. Study

Correct Answer: A Section: (none) Explanation Materials Explanation/Reference: Explanation: https://ittrainingday.com/2013/12/25/how-to-configure-a-windows-radius-server-for-802-1x-wireless-or-wired-connections/

Explanaon: When users aempt to connect to your network through network access servers (also called RADIUS clients),& such as wireless access points, 802.1X authencang switches, dial-up servers, and virtual private network (VPN) servers, Network PolicyPractical Server (NPS) authencates and authorizes the connecon request before allowing or denying access. See also: Creang a secure 802.1x wireless infrastructure using Microso Windows

QUESTION 9 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this sections, you will NOT be able to return to it. As a result, theseQAs questions will not appear in the review screen.

You network contains an Active Directory domain named contoso.com. The domain contains a DHCP server named Server2 than runs Windows Server 2016. Users report that their client computers fail to obtain an IP address. You open the DHCP console as shown in the Exhibit. (Click the Exhibit button.)

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Scope1 has an address range of 172.16.0.10 to 172.16.0.100 and a prefix length of 23& bits. You need to ensure that all of the client computers on the network can obtain an IP addressPractical from Server2. Solution: You run the Set-DhcpServerv4Scope cmdlet. Does this meet the goal?

A. Yes B. No QAs Correct Answer: A Section: (none) Explanation

Explanation/Reference: Explanation: https://docs.microsoft.com/en-us/powershell/module/dhcpserver/set-dhcpserverv4scope?view=win10-ps

Explanaon: The blue exclamaon mark signals that all IP addresses have been allocated by the DHCP server and are in use. No more clients can obtain IP addresses from the DHCP server because it has no more IP addresses to allocate.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs We need to extend the address space of the exisng scope or add a new scope. See also: DHCP Console Icons Reference

QUESTION 10 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You network contains an Active Directory domain namedT contoso.com. The domain contains a member server named Server1 thatStudy runs Windows Server 2016 and has the DNS Server role installed. Automatic scavenging of state records is enabled and the scavenging period is set to 10 days. All client computers dynamically register their names in the contoso.com DNS zone on Server1. You discover that the names of multiple client computers that were removed from the network several weeks ago can still be resolved. You need to configure Server1 to automatically remove the records ofMaterials the client computers that have been offline for more than 10 days. Solution: You modify the Zone Aging/Scavenging properties of the zone. Does this meet the goal?

A. Yes B. No

Correct Answer: A & Section: (none) Practical Explanation

Explanation/Reference:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 11 Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Your network contains an Active Directory domain named contoso.com. The functional level of the domain is Windows Server 2012. The network uses an address space of 192.168.0.0/16 and contains multiple subnets. The network is not connected to the Internet. The domain contains three servers configured as shown in the following table.

T Study

Client computers obtain TCP/IP settings from Server3. Materials You add a second network adapter to Server2. You connect the new network adapter to the Internet. You install the Routing role service on Server2. Server1 has four DNS zones configured as shown in the following table. & Practical

You need to create a zone to ensure that Server1 can resolve single-label names. QAs What should you name the zone on Server1?

A. . (root) B. WINS C. NetBIOS D. GlobalNames

Correct Answer: D Section: (none)

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation

Explanation/Reference: Explanation:

While Domain Name System (DNS) is the predominant name-resolution technology in TCP/IP networks, Windows Internet Name Service (WINS) is deployed in many networks as an alternative name-resolution protocol. WINS is an older service that uses NetBIOS over TCP/IP (NetBT). WINS and NetBT do not support IP version 6 (IPv6) protocols. Therefore, they will become less useful as enterprises move to IPv6-only networks. WINS continues to be deployed most commonly to provide resolution of single-label host names throughout the enterprise network. T Even without WINS name resolution, a DNS client can resolve a single-labelStudy name by successively querying a DNS server by appending the single-label name with a domain-name suffix from a preconfigured search list. The DNS client continues to query the DNS server with a different name that is derived from the list until the name resolves successfully. While this is suitable for smaller networks, for an enterprise with many domains, managing a suffix search list for all clients can be cumbersome. Also, client query performance is lowered when the client queries for a single-label name with a long list of domains. Finally, relying on the suffix search list does not guarantee that single-label names are global and unique across all the domains in the search list. Materials If you are retiring WINS or are planning on deploying only IPv6 in your environment, all name resolution will depend on DNS. Even after you no longer deploy WINS, your network may continue to require the static, global records with single-label names that WINS currently provides. These single-label names typically are assigned to important, well-known, and widely used servers for the enterprise. These servers are assigned static IP addresses, and they are managed by information technology (IT) administrators.

To help organizations migrate to DNS for all name resolution, the DNS Server role supports a special GlobalNames Zone (GNZ) feature. The GNZ feature is designed to enable DNS resolution of these single-label, static, global names. You can deploy a GNZ in a single forest or across multiple forests. & GNZ is intended to aid the retirement of WINS. It is not a replacement for WINS. GNZ is not intended to support the single-label name resolution of records that are registered dynamically and therefore not managed by IT administrators. GNZ does make it possible for you to provide single-labelPractical name resolution of a fixed set of host computers whose names are guaranteed to be both global and unique.

When a DNS server running receives a query for a single-label host name, it attempts to resolve the name by first checking for the name in the GNZ. If it is not able to resolve the name by using the GNZ, , it then looks in local zone resource records. Only if the GNZ and local query fails does the DNS server fail over the query to WINS, if the zone is configured to use WINS lookup. On the other hand, when a DNS server receives a dynamic update request for a new host, it first checks for the name in GNZ and, if it finds the host name there, it refuses the update request to ensure that the names in the GNZ remain unique throughout the forest or forests where the GNZ QAsis deployed. The GNZ is not a new type of zone, but it is distinguished by its reserved name. The name “GlobalNames” indicates to the DNS Server service that the zone is to be used for single-name resolution. Because it is not a different zone type, it is created and managed much the same as any forward lookup zone, except that normally the only resource records that it contains are the usual start of authority (SOA) and name server (NS) resource records, plus an alias (CNAME) resource record for each single-label name to be resolved by the zone. Also, the GNZ should not be configured to allow dynamic updates to prevent host (A or AAAA) records from being inadvertently registered in the zone.

QUESTION 12 You company has a main office in London. The company has 1,000 users who are located in many countries. You plan to deploy a large remote access solution for the company. The London office has three servers named Server1, Server2, and Server3 that run Windows Server 2016. You plan to use Server1 as a VPN server, Server2 as a RADIUS proxy, and Server3 as a RADIUS server.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You need to configure Server2 to support the planned deployment. Which three actions should you perform on Server2? Each correct answer presents part of the solution.

A. Create a connection request policy. B. Deploy a Windows container. C. Add a RADIUS client. D. Create a network policy. E. Create a remote RADIUS server group. T Correct Answer: ACE Study Section: (none) Explanation

Explanation/Reference: Explanation: Materials https://ittrainingday.wordpress.com/2014/01/03/how-to-configure-radius-proxy-servers/

Explanaon: The following checklist provides the steps required to configure NPS as a RADIUS proxy that forwards connecon requests to other RADIUS servers for authencaon and authorizaon: Checklist: Configure NPS as a RADIUS Proxy & Practical

QAs

QUESTION 13 You have servers named Server1 and DHCP1. Both servers run Windows Server 2016. DHCP1 contains an IPv4 scope named Scope1. You have 1,000 client computers. You need to configure Server1 to lease IP addresses for Scope1. The solution must ensure that Server1 is used to respond to up to 30 percent of the DHCP client requests only.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You install the DHCP Server server role on Server1. What should you do next?

A. From the DHCP console, run the Configure Failover wizard. B. From Server Manager, install the Network Load Balancing feature. C. From Server Manager, install the Failover Clustering feature. D. From the DHCP console, create a superscope.

Correct Answer: A T Section: (none) Study Explanation

Explanation/Reference: Explanation: Explanaon: Materials DHCP failover in Windows Server 2012 and 2016 enables administrators to deploy a highly resilient DHCP service to support a large enterprise without the challenges of the opons discussed earlier. The main goals of the feature are the following: Provide DHCP service availability at all mes on the enterprise network. If a DHCP server is no longer reachable, the DHCP client is able to extend the lease on its current IP address by contacng another DHCP server on the enterprise network. The DHCP server failover feature provides the ability to have two DHCP servers provide& IP addresses and opon configuraon to the same subnet or scope, providing for connuous availability of DHCP service to clients. ThePractical two DHCP servers replicate lease informaon between them, allowing one server to assume responsibility for servicing of clients for the enre subnet when the other server is unavailable. It is also possible to configure failover in a load-balancing configuraon with client requests distributed between the two servers in a failover relaonship. DHCP failover provides support for a maximum of two DHCP servers, and the failover relaonship is limited to IPv4 scopes and subnets. Hot standby mode QAs In hot standby mode, two servers operate in a failover relaonship where an acve server is responsible for leasing IP addresses and configuraon informaon to all clients in a scope or subnet. The secondary server assumes this responsibility if the primary server becomes unavailable. A server is primary or secondary in the context of a subnet. For instance, a server that has the role of a primary for a given subnet could be a secondary server for another subnet. Hot standby mode of operaon is best suited to deployments where a central office or data center server acts as a standby backup server to a server at a remote site, which is local to the DHCP clients (ex: hub and spoke deployment). In such deployments, it is undesirable to have a remote standby server service any clients unless the local DHCP server becomes unavailable. Load sharing mode In a load sharing mode deployment, which is the default mode of operaon, the two servers simultaneously serve IP addresses and

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs opons to clients on a given subnet. The client requests are load balanced and shared between the two servers. The load sharing mode of operaon is best suited to deployments where both servers in a failover relaonship are located at the same physical site. Both servers respond to DHCP client requests based on the load distribuon rao configured by the administrator

QUESTION 14 You have a server named Host1 that runs Windows Server 2016. You configure Host1 as a virtualization host and create 20 new virtual machines on Host1. You need to ensure that all of the virtual machines can connect to the Internet through Host1. Which three actions should you perform? Each correct answer presentsT part of the solution. A. On a virtual machine, install the Remote Access server role. Study B. From the properties of each virtual machine, enable virtual LAN identification. C. From the properties of each virtual machine, connect to the virtual machine switch. D. On Host1, configure the network address translation (NAT) network. E. On Host1, create an internal virtual machine switch and specify an IP address forMaterials the switch.

Correct Answer: CDE Section: (none) Explanation

Explanation/Reference: Explanation: & https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/setup-nat-network https://charbelnemnom.com/2016/05/how-to-configure-hyper-v-virtual-switch-that-supports-nat-network-with-powershell-hyperv-powershell/Practical

QUESTION 15 You have an Active Directory domain that contains several Hyper-V hosts that run Windows Server 2016. You plan to deploy network virtualization and to centrally manage Datacenter Firewall policies. Which component must you install for the planned deployment? QAs A. the Data Center Bridging feature B. the Network Controller server role C. the Routing role service D. the Canary Network Diagnostics feature

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation:

Network Controller is a highly available and scalable server role, and provides one application programming interface (API) that allows Network Controller to communicate with the network, and a second API that allows you to communicate with Network Controller.

You can deploy Network Controller in both domain and non-domain environments. In domain environments, Network Controller authenticates users and network devices by using Kerberos; in non-domain environments, you must deploy certificates for authentication.

Network Controller communicates with network devices, services, and components by using the Southbound API. With the Southbound API, Network Controller can discover network devices, detect service configurations, and gather all of the informationT you need about the network. In addition, the Southbound API gives Network Controller a pathway to send information to the network infrastructure, such as configuration changesStudy that you have made. The Network Controller Northbound API provides you with the ability to gather network information from Network Controller and use it to monitor and configure the network.

The Network Controller Northbound API allows you to configure, monitor, troubleshoot, and deploy new devices on the network by using Windows PowerShell, the Representational State Transfer (REST) API, or a management application with a graphical user interface,Materials such as System Center Virtual Machine Manager.

You can manage your datacenter network with Network Controller by using management applications, such as System Center Virtual Machine Manager (SCVMM), and System Center Operations Manager (SCOM), because Network Controller allows you to configure, monitor, program, and troubleshoot the network infrastructure under its control.

Using Windows PowerShell, the REST API, or a management application, you can use Network Controller to manage the following physical and virtual network infrastructure: Hyper-V VMs and virtual switches & Datacenter Firewall Practical

Remote Access Service (RAS) Multitenant Gateways, Virtual Gateways, and gateway pools

Load Balancers

QUESTION 16 You have an Active Directory domain named Contoso.com. QAs

The domain contains servers named Server1 and Server2 that run Windows Server 2016.

You install the Remote Access server role on Server1.

You install the Network Policy and Access Services server role on Server2.

You need to configure Server1 to use Server2 as a RADIUS server.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs What should you do?

A. From the Connection Manager Administration Kit, create a Connection Manager profile. B. From Routing and Remote Access, configure the authentication provider. C. From Active Directory Users and Computers, modify the Delegation settings of the Server1 computer account. D. From Server Manager, create an Access Policy.

Correct Answer: B Section: (none) T Explanation Study Explanation/Reference: Explanation: http://www.nyazit.com/configure-network-policy-server-2016/ Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 17 Your company owns the public Internet IP address range of 131.107.20.0 to 131.107.20.255. You need to create a subnet that supports four hosts. The solution must minimize the number of addresses available to the subnet. Which subnet should you use?

A. 131.107.20.16/28

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs B. 131.107.20.16/30 C. 131.107.20.0/29 D. 131.107.20.0 with subnet mask 255.255.255.224

Correct Answer: C Section: (none) Explanation Explanation/Reference: T Explanation: Study A 29-bit subnet mask leaves 3 bits for host addressing. This allows 2^3 - 2 = 6 host addresses

QUESTION 18 You have an application named App1. App1 is distributed to multiple MaterialsHyper-V virtual machines in a multitenant environment. You need to ensure that the traffic is distributed evenly among the virtual machines that host App1. What should you include in the environment?

A. Network Controller and Windows Server Network Load Balancing (NLB) nodes B. an RAS Gateway and Windows Server Software Load Balancing (SLB) nodes C. an RAS Gateway and Windows Server Network Load Balancing (NLB) nodes & D. Network Controller and Windows Server Software Load Balancing (SLB) nodes Practical Correct Answer: D Section: (none) Explanation

Explanation/Reference: Explanaon: QAs Cloud Service Providers (CSPs) and Enterprises that are deploying So ware Defined Networking (SDN) in Windows Server 2016 Technical Preview can use So ware Load Balancing (SLB) to evenly distribute tenant and tenant customer network traffic among virtual network resources. The Windows Server SLB enables mulple servers to host the same workload, providing high availability and scalability. Windows Server SLB includes the following capabilies. Layer 4 (L4) load balancing services for “North-South” and “East-West” TCP/UDP traffic. Public and Internal network traffic load balancing. Supports dynamic IP addresses (DIPs) on virtual Local Area Networks (VLANs) and on virtual networks that you create by using Hyper-V Network Virtualizaon.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Health probe support. Ready for cloud scale, including scale-out capability, and scale up capability for mulplexers and Host Agents. So ware Load Balancer are implemented by use of the Network Controller feature. Reference: hps://technet.microso .com/en-us/library/mt632286.aspx

QUESTION 19 Your company has 10 offices. Each office has a local network that contains several Hyper-V hosts that run Windows Server 2016. All of the offices are connected by high speed, low latency WAN links. You need to ensure that you can use QoS policies for LiveT Migration traffic between the offices. Which component should you install? Study

A. the Data Center Bridging feature B. the Routing role service C. the Network Controller server role Materials D. the Multipath I/O feature E. the Canary Network Diagnostics feature

Correct Answer: A Section: (none) Explanation & Explanation/Reference: Practical Explanation: Enable and configure network QoS with Data Center Bridging (DCB) QoS can help manage your network traffic by enabling you to configure rules that can detect congestion or reduced bandwidth, and then to prioritize, or throttle, traffic accordingly. For example, you can use QoS to prioritize voice and video traffic, which is sensitive to latency. DCB provides bandwidth allocation to specific network traffic and helps to improve Ethernet transport reliability by using flow control based on priority. Because DCB is a hardware-based network traffic management technology, when you use DCB to manage QoS rules to control network traffic, you can: * Offload bandwidth management to the physical network adapter. QAs * Enforce QoS on ‘invisible’ protocols, for example, Remote Direct Memory Access (RDMA). https://technet.microsoft.com/en-us/library/jj735302(v=ws.11).aspx

QUESTION 20 You have a server that is configured as a hosted BranchCache server. You discover that a Service Connection Point (SCP) is missing for the BranchCache server. What should you run to register the SCP?

A. setspn.exe B. Reset-BC

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs C. ntdsutil.exe D. Enable-BCHostedServer

Correct Answer: D Section: (none) Explanation

Explanation/Reference: Explanaon: When you register hosted cache servers with an SCP in AD DS, theT SCP allows client computers that are configured correctly to automacally discover hosted cache servers by querying AD DS for the StudySCP. To install the BranchCache feature and configure the hosted cache server 1. On the server computer desktop, in the Taskbar, right-click the Windows PowerShell icon, right-click the words Windows PowerShell, and then click Run as Administrator. 2. Windows PowerShell opens. Type the following command, and then press ENTER. Install-WindowsFeature BranchCache Materials 3. To configure the computer as a hosted cache server a er the BranchCache feature is installed, and to register a Service Connecon Point in AD DS, type the following command in Windows PowerShell, and then press ENTER. Enable-BCHostedServer -RegisterSCP 4. To verify the hosted cache server configuraon, type the following command and press ENTER. Get-BCStatus The results of the command display status for all aspects of your BranchCache installaon. Following are a few of the BranchCache sengs and the correct value for each item: & BranchCacheIsEnabled: True HostedCacheServerIsEnabled: True Practical HostedCacheScpRegistraonEnabled: True 5. To prepare for the step of copying your data packages from your content servers to your hosted cache servers, either idenfy an exisng share on the hosted cache server or create a new folder and share the folder so that it is accessible from your content servers. A er you create your data packages on your content servers, you will copy the data packages to this shared folder on the hosted cache server. 6. If you are deploying more than one hosted cache server, repeat this procedure on each server QAs QUESTION 21 Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

You have a DHCP server named Server1 that has an IPv4 scope named Scope1. Users report that when they turn on their client computers, it takes a long time to access the network. You validate that it takes a long time for the computers to receive an IP address from Server1. You monitor the network traffic and discover that Server1 issues five ping commands on the network before leasing an IP address.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You need to reduce the amount of time it takes for the computers to receive an IP address. What should you do?

A. From the properties of Scope1, modify the Conflict detection attempts setting. B. From the properties of Scope1, configure Name Protection. C. From the properties of IPv4, configure the bindings. D. From IPv4, create a new filter. E. From the properties of Scope1, create an exclusion range. F. From IPv4, run the DHCP Policy Configuration Wizard. T G. From Control Panel, modify the properties of Ethernet. Study H. From Scope1, create a reservation.

Correct Answer: A Section: (none) Materials Explanation

Explanation/Reference: When conflict detecon a empts are set, the DHCP server uses the ping process to test available scope IP addresses before including these addresses in DHCP lease offers to clients. A successful ping means the IP address is in use on the network. Therefore, the DHCP server does not offer to lease the address to a client. If the ping request fails and mes out, the IP address is not in use on the network. In this case, the& DHCP server offers to lease the address to a client. Each addional conflict detecon a empt delays the DHCP server response by a second while waing for thePractical ping request to me out. This increases the load on the server. To change the address conflict detecon value 1. Click Start, point to Administrave Tools and then click DHCP. 2. In the console tree, expand the applicable DHCP server, right click IPv4, right-click the applicable scope and then click Properes. 3. Click Advanced, type 1, 2 or 3 in Conflict detecon aempts: and then click OK. QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical QUESTION 22 Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2012. The forest contains five domain controllers and five VPN servers that run Windows Server 2016. Five hundred users connect to the VPN servers daily. You need to configure a new server named Server1 as a RADIUS server. QAs What should you do first?

A. On Server1, deploy the Remote Access server role. B. On Server1, deploy the Network Policy and Access Services role. C. On a domain controller, set the forest functional level to Windows Server 2016. D. On each VPN server, run the New-NpsRadiusClient cmdlet.

Correct Answer: B Section: (none)

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation

Explanation/Reference: Explanaon: Network Policy Server (NPS) can be used as a Remote Authencaon Dial-In User Service (RADIUS) server to perform authencaon, authorizaon, and accounng for RADIUS clients. A RADIUS client can be an access server, such as a dial-up server or wireless access point, or a RADIUS proxy. When NPS is used as a RADIUS server, it provides the following: A central authencaon and authorizaon service for all access requests that are sent by RADIUS clients. A central accounng recording service for all accounng requests that are sent by RADIUS clients. T Study

Materials

& Practical

QUESTION 23 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. QAs After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Scope1 has an address range of 172.16.0.10 to 172.16.0.100 and a prefix length of 23& bits. You need to ensure that all of the client computers on the network can obtain an IP addressPractical from Server2. Solution: You run the Reconcile-DhcpServerv4IPRecord cmdlet. Does this meet the goal?

A. Yes B. No QAs Correct Answer: B Section: (none) Explanation

Explanation/Reference: Explanation:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs We need to extend the address space of the existing scope or add a new scope.

See also: DHCP Console Icons Reference

QUESTION 28 Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series. Your network contains an Active Directory domain named contoso.com.T The functional level of the domain is Windows Server 2012. Study The network uses an address space of 192.168.0.0/16 and contains multiple subnets. The network is not connected to the Internet. The domain contains three servers configured as shown in the following table. Materials

& Client computers obtain TCP/IP settings from Server3. Practical You add a second network adapter to Server2. You connect the new network adapter to the Internet. You install the Routing role service on Server2. Server1 has four DNS zones configured as shown in the following table. QAs

You need to ensure that when a computer is removed from the network, the associated records are deleted automatically after 15 days. Which two actions should you perform? Each correct answer presents part of the solution.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs A. Create a scheduled task that runs the Remove-Computer cmdlet. B. Modify the Zone Aging/Scavenging Properties of the zone. C. Modify the Time to live (TTL) value of the start of authority (SOA) record. D. Set the Scavenging period of Server1. E. Modify the Expires after value of the start of authority (SOA) record.

Correct Answer: BD Section: (none) Explanation T Study Explanation/Reference: Explanation:

Stale resource records can accumulate in zone data over time. To allow automatic cleanup and removal of stale resource records, you enable aging and scavenging on Windows Server domain controllers running the Domain Name System (DNS) Server service. Materials

Stale resource records can result from performing dynamic updates because that process automatically adds resource records to zones when computers start on the network. In some cases, those resource records are not automatically removed when computers leave the network. For example, if a computer registers its own host (A) resource record at startup, and then is improperly disconnected from the network, its host (A) resource record might not be deleted. If your network has mobile users and computers, this situation can occur frequently.

If they are left unmanaged, the presence of stale resource records in zone data can cause the following problems: & If a large number of stale resource records remain in server zones, they can eventually take up serverPractical disk space and cause unnecessarily long zone transfers. DNS servers that load zones with stale resource records might use outdated information to answer client queries, which can cause the clients to experience name resolution problems on the network.

The accumulation of stale resource records on a DNS server can degrade its performance and responsiveness.

By default, the aging and scavenging mechanism for the DNS Server service is disabled. Enable aging and scavenging only after you understand all parameters. Otherwise, you might unintentionally configure the server to delete resource records that it should not delete. If a required resource recordQAs is deleted, not only will users fail to resolve queries for that resource record, but also any user can create the resource record and take ownership of it, even on zones that are configured for secure dynamic updates. To enable the aging and scavenging features, you perform the following steps to configure the applicable server and any of its zones that are integrated with Active Directory Domain Services (AD DS):

Enable aging and scavenging for the DNS server.

These settings determine the effect of zone-level properties for any zones that are integrated with AD DS and loaded at the server.

Enable aging and scavenging for specified zones on the DNS server.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs When you set zone-level properties for a specified zone, these settings apply only to that zone and its resource records. Unless you otherwise configure these zone-level properties, they inherit their default settings from comparable settings that AD DS maintains in the aging and scavenging properties for the DNS server.

QUESTION 29 You have a server named Server1 that runs Windows Server 2016. Server1 has the following routing table.

T Study

Materials

& Practical

What will occur when Server1 attempts to connect to a host that has an IP address of 172.20.10.50? QAs

A. Server1 will attempt to connect directly to 172.20.10.50. B. Server1 will route the connection to 10.10.0.2. C. Server1 will silently drop the connection attempt. D. Server1 will route the connection to 192.168.2.1.

Correct Answer: A Section: (none) Explanation

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation/Reference: Explanaon: The roung table contains an entry for the desnaon 172.16.0.0 / 255.240.0.0. This network includes the address range 172.16.0.1 to 172.31.255.254. The interface used for the network is "On-link". This means that the network is reachable without using a router.

QUESTION 30 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others mightT not have a correct solution. After you answer a question in this sections, you will NOT be ableStudy to return to it. As a result, these questions will not appear in the review screen. You network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that runs Windows Server 2016 and has the DNS Server role installed. Automatic scavenging of state records is enabled and the scavenging period is set to 10 days. All client computers dynamically register their names in the contoso.comMaterials DNS zone on Server1. You discover that the names of multiple client computers that were removed from the network several weeks ago can still be resolved. You need to configure Server1 to automatically remove the records of the client computers that have been offline for more than 10 days. Solution: You set the Time to live (TTL) value of all of the records in the zone. Does this meet the goal?

A. Yes & B. No Practical Correct Answer: B Section: (none) Explanation

Explanation/Reference: The queson states that automac scavenging of stale records is enabled. Automac scavenging of stale recordsQAs is a server seng. To ensure that zone data is processed by this feature, we have to configure Aging for the zone. By default Zone Aging is disabled. The Time to live (TTL) value of the records in the zone specify how long the client will cache the resolved IP address

QUESTION 31 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T You have the following subnets defined on Server1. Study

Materials

You need to prevent Server1 from resolving queries from DNS clients located on Subnet4. Server1 must resolve queries from all other DNS clients. & Solution: From a Group Policy object (GPO) in the domain, you modify the Network List PracticalManager Policies. Does this meet the goal?

A. Yes B. No

Correct Answer: B Section: (none) QAs Explanation

Explanation/Reference: Explanaon: Network List Manager policies are security sengs that you can use to configure different aspects of how networks are listed and displayed on one device or on many devices. We should create a firewall rule to block access to the DNS Server service from specific subnets.

QUESTION 32

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Materials

& Practical

QAs

Scope1 has an address range of 172.16.0.10 to 172.16.0.100 and a prefix length of 23 bits. You need to ensure that all of the client computers on the network can obtain an IP address from Server2. Solution: You run the Repair-DhcpServerv4IPRecord cmdlet. Does this meet the goal?

A. Yes B. No

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Correct Answer: B Section: (none) Explanation

Explanation/Reference: Explanation:

The blue exclamation mark signals that all IP addresses have been allocated by the DHCP server and are in use. No more clients can obtain IP addresses from the DHCP server because it has no more IP addresses to allocate. T We need to extend the address space of the existing scope or addStudy a new scope. See also: DHCP Console Icons Reference

QUESTION 33 Note: This question is part of a series of questions that use the same scenario.Materials For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Your network contains an Active Directory domain named contoso.com. The functional level of the domain is Windows Server 2012. The network uses an address space of 192.168.0.0/16 and contains multiple subnets. The network is not connected to the Internet. The domain contains three servers configured as shown in the following table. & Practical

QAs Client computers obtain TCP/IP settings from Server3. You add a second network adapter to Server2. You connect the new network adapter to the Internet. You install the Routing role service on Server2. Server1 has four DNS zones configured as shown in the following table.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You need to ensure that when a record is added dynamicallyT to fabrikam.com, only the computer that created the record can modify the record. The solution must allow administrators to modify all of the recordsStudy in fabrikam.com. What should you do?

A. Change fabrikam.com to an Active Directory-integrated zone. B. Raise the functional level of the domain. Materials C. Modify the security settings of the Fabrikam.com.dns file. D. Modify the Start of Authority (SOA) settings of fabrikam.com

Correct Answer: A Section: (none) Explanation & Explanation/Reference: Practical Explanaon: Domain Name System (DNS) client computers can use dynamic update to register and dynamically update their resource records with a DNS server whenever changes occur. This reduces the need for manual administraon of zone records, especially for clients that frequently move or change locaons and use Dynamic Host Configuraon Protocol (DHCP) to obtain an IP address. Dynamic updates can be secure or nonsecure. DNS update security is available only for zones that are integrated into Acve Directory Domain Services (AD DS). A er you directory-integrate a zone, access control list (ACL) eding featuresQAs are available in DNS Manager so that you can add or remove users or groups from the ACL for a specified zone or resource record.

QUESTION 34 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T You have the following subnets defined on Server1. Study

Materials

You need to prevent Server1 from resolving queries from DNS clients located on Subnet4. Server1 must resolve queries from all other DNS clients. & Solution: From Windows PowerShell on Server1, you run the Add- DnsServerQueryResolutionPolicyPractical cmdlet. Does this meet the goal?

A. Yes B. No Correct Answer: A QAs Section: (none) Explanation

Explanation/Reference: The Add-DnsServerQueryResolutionPolicy cmdlet adds a policy for query resolution to a Domain Name System (DNS) server. A policy determines the resolution of queries based on criteria that you specify in the policy. A policy consists of criteria, action, and scopes. The criteria are a logical combination of client subnet, server interface IP address, fully qualified domain name (FQDN), Internet Protocol (IPv4/IPv6), transport protocol (UDP/TCP), time of day, and query type.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 35 Your company has 5,000 users who work remotely. You have 40 VPN servers that host the remote connections for the users. You plan to deploy a RADIUS solution that contains five RADIUS servers. You need to ensure that client authentication requests are distributed evenly between the five RADIUS servers. What should you do?

A. Install the Network Load Balancing role service on all of the RADIUS server. Configure all of the RADIUS clients to connect to a virtual IP address. B. Deploy RAS Gateway to a new server. Configure all ofT the RADIUS clients to connect to RAS Gateway. C. Install the Failover Clustering role service on all of the RADIUSStudy servers. Configure all of the RADIUS clients to connect to the IP address of the cluster. D. Deploy a RADIUS proxy to a new server. Configure all of the RADIUS clients to connect to the RADIUS proxy.

Correct Answer: D Section: (none) Materials Explanation

Explanation/Reference:

& Practical

QAs

QUESTION 36 You have a server named Server1 that runs Windows Server 2016 and is configured as a domain controller.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You install the DNS Server server role on Server1. You plan to store a DNS zone in a custom Active Directory partition. You need to create a new Active Directory partition for the zone. What should you use?

A. Set-DnsServer B. Active Directory Sites and Services C. Dns.exe T D. Dnscmd.exe Study Correct Answer: D Section: (none) Explanation

Explanation/Reference: Materials Explanaon: We can use dnscmd.exe to create a custom Acve Directory paron: dnscmd dc1 /CreateDirectoryParon paron1.contoso.com To enlist an addional domain controller for replicaon of the new parton execute: dnscmd dc2 /EnlistDirectoryParon paron1.contoso.com

QUESTION 37 & You have a server named Server1 that runs Windows Server 2016. Practical Server1 is located on the perimeter network, and only inbound TCP port 443 is allowed to connect Server1 from the Internet. You install the Remote Access server role on Server1. You need to configure Server1 to accept VPN connections over port 443. Which VPN protocol should you use?

A. PPTP QAs B. SSTP C. L2TP D. IKEv2

Correct Answer: B Section: (none) Explanation

Explanation/Reference: Tunneling enables the encapsulaon of a packet from one type of protocol within the datagram of a different protocol. For example,

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs VPN uses Point-to-Point Tunneling Protocol (PPTP) to encapsulate IP packets over a public network, such as the Internet. You can configure a VPN soluon based on PPTP, Layer Two Tunneling Protocol (L2TP), Secure Socket Tunneling Protocol (SSTP), or Internet Protocol security (IPsec) using Internet Key Exchange version 2 (IKEv2).

SSTP Secur e Socket Tunneling Protocol (SSTP) is a tunneling protocol that uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls and Web proxies that might block PPTP and L2TP/IPsec traffic. SSTP provides a mechanism to encapsulate PPP traffic over the Secure Sockets Layer (SSL) channel of the HTTPS protocol. The use of PPP allows support for strong authencaon methods, such as EAP-TLS. SSL provides transport-level security with enhanced key negoaon, encrypon, and integrity checking. T When a client tries to establish a SSTP-based VPN connecon, SSTP firstStudy establishes a bidireconal HTTPS layer with the SSTP server. Over this HTTPS layer, the protocol packets flow as the data payload.

Encapsulaon SSTP encapsula tes PPP frames in IP datagrams for transmission over the network. SSTP uses a TCP connecon (over port 443) for tunnel management as well as PPP data frames. Materials

Encrypon The SSTP m essage is encrypted with the SSL channel of the HTTPS protocol.

QUESTION 38 Note: This question is part of a series of questions that use the same scenario. For your convenience,& the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.Practical Your network contains an Active Directory domain named contoso.com. The functional level of the domain is Windows Server 2012. The network uses an address space of 192.168.0.0/16 and contains multiple subnets. The network is not connected to the Internet. The domain contains three servers configured as shown in the following table. QAs

Client computers obtain TCP/IP settings from Server3. You add a second network adapter to Server2.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You connect the new network adapter to the Internet. You install the Routing role service on Server2. Server1 has four DNS zones configured as shown in the following table.

T Study

What should you do to enable Server2 as a NAT server? Materials A. From Routing and Remote Access, add an interface. B. From Windows PowerShell, run the New-RoutingGroupConnector cmdlet. C. From Routing and Remote Access, add a routing protocol. D. From Windows PowerShell, run the Install-WindowsFeature cmdlet.

Correct Answer: C Section: (none) & Explanation Practical Explanation/Reference: Explanation: Explanaon: Network address translaon (NAT) allows you to share a connecon to the public Internet through a single interface with a single public IP address. The computers on the private network use private, non-routable addresses. NAT mapsQAs the private addresses to the public address. To enable network address translaon addressing 1. In the RRAS MMC snap-in, expand Your Server Name. If you are using Server Manager, expand Roung and Remote Access. 2. Expand IPv4, right-click NAT, and then click Properes. 3. If you do not have a DHCP server on the private network, then you can use the RRAS server to respond to DHCP address requests. To do this, on the Address Assignment tab, select the Automacally assign IP addresses by using the DHCP allocator check box. 4. To allocate addresses to clients on the private network by acng as a DHCP server, in IP address and Mask, configure a subnet address from which the addresses are assigned. For example, if you enter 192.168.0.0and a subnet mask of 255.255.255.0,

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs then the RRAS server responds to DHCP requests with address assignments from 192.168.0.1 through 192.168.0.254. 5. (Oponal) To exclude addresses in the configured network range from being assigned to DHCP clients on the private network, click Exclude, click Add, and then configure the addresses. 6. To add the public interface to the NAT configuraon, right-click NAT, and then click New Interface. Select the interface connected to the public network, and then click OK. 7. On the NAT tab, click Public interface connected to the Internet and Enable NAT on this interface, and then click OK. 8. To add the private interface to the NAT configuraon, right-click NAT, and then click New Interface. Select the interface connected to the private network, and then click OK. T 9. On the NAT tab, click Private interface connected to privateStudy network , and then click OK. QUESTION 39 Your company has a main office in London and a branch office in Seattle. The offices connect to each other by using a WAN link. In the London office, you have a Distributed File System (DFS) server named FS1 that contains a folder named Folder1. In the Seattle office, you have a DFS server named FS2. Materials All servers run Windows Server 2016. You configure replication of Folder1 to FS2. Users in both offices frequently add files in Folder1. You monitor DFS Replication, and you discover excessive replication over the WAN link during business hours. You need to reduce the amount of bandwidth used for replication during business hours. The solution must ensure that the users can continue to save content to Folder1. & What should you do? Practical A. Modify the quota settings on Folder1 on FS2. B. Modify the properties of the replication group. C. Configure the copy of Folder1 on FS2 as read-only. D. Modify the replicated folder properties of Folder1 on FS1. QAs Correct Answer: B Section: (none) Explanation

Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QUESTION 40 QAs You can use Policy-based Quality of Service (QoS) to manage traffic to offer better user experiences, control bandwidth costs, or more finely negotiate service levels with bandwidth providers or business departments. QoS policies can define priority through a Differentiated Services Code Point (DSCP) value. The DSCP applies a value (0-63) within the Type of Service (TOS) field in an IPv4 packet's header and within the Traffic Class field in IPv6. This DSCP value provides classification at the Internet Protocol (IP) level, which routers can use to decide queuing behavior. You can also limit an application's outbound network traffic by specifying a throttle rate. The Wi-Fi Alliance has established a certification for Wireless Multimedia (WMM) that defines four access categories (WMM_AC) for prioritizing network traffic transmitted on a Wi-Fi wireless network. The four groups are shown below. Which group should have the highest DSCP values?

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs A. Video (VI) B. Voice (VO) C. Background (BK) D. Best effort (BE)

Correct Answer: B Section: (none) Explanation T

Explanation/Reference: Study Explanation: The access categories include (in order of highest-to-lowest priority): voice, video, best effort, and background; respectively abbreviated as VO, VI, BE, and BK. Voice (VO) is the highest with a DSCP range of 48-63, whilst Background (BK) is the lowest with a range of 8-23. Materials QUESTION 41 If you chose the Group Policy based provisioning method for IPAM, you must also provide a GPO name prefix in the provisioning wizard. After providing a GPO name prefix, the wizard will display the GPO names that must be created in domains that will be managed by IPAM. How many GPO's are created from the following PowerShell command? Invoke-IpamGpoProvisioning -Domain contoso.com -GpoPrefixName IPAM1 -DelegatedGpoUser user1 -IpamServerFqdn ipam1.contoso.com

A. 1 & B. 3 Practical C. 2 D. 4

Correct Answer: B Section: (none) Explanation QAs Explanation/Reference: Explanation: This example creates three GPOs (IPAM1_DHCP, IPAM1_DNS, IPAM1_DC_NPS) and links them to the contoso.com domain. These GPOs enable access for the server ipam1.contoso.com using the domain administrator account user1. Note: In this example, the hostname of the IPAM server is used as a GPO prefix, however this is not required

QUESTION 42 Complete the missing term: The SLB ______processes inbound network traffic and maps VIPs to DIPs, then forwards the traffic to the correct DIP.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs A. Host Agent B. Northbound API C. SCVMM D. MUX

Correct Answer: D Section: (none) Explanation T Explanation/Reference: The SLB MUX processes inbound network traffic and maps VIPs toStudy DIPs, then forwards the traffic to the correct DIP. Each MUX also uses BGP to publish VIP routes to edge routers. BGP Keep Alive notifies MUXes when a MUX fails, which allows active MUXes to redistribute the load in case of a MUX failure – essentially providing load balancing for the load balancers.

QUESTION 43 Which of the following is NOT a recognized private IP address rangesMaterials are specified by Internet Request for Comments (RFC) 1918?

A. 10.0.0.0 - 10.255.255.255 B. 192.168.0.0 - 192.168.255.255 C. 172.16.0.0 - 172.31.255.255 D. 128.24.0.0 - 128.24.255.255 & Correct Answer: D Section: (none) Practical Explanation

Explanation/Reference:

QUESTION 44 Because the network ID bits must always be chosen in a contiguous fashion from the high order bits, a shorthand way of expressingQAs a subnet mask is to denote the number of bits that define the network ID as a network prefix using the network prefix notation: /<# of bits>. What is the Network Prefix for Class B?

A. /8 B. /64 C. /24 D. /16

Correct Answer: D Section: (none)

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation

Explanation/Reference:

QUESTION 45 This question is regarding DNS Logging and Diagnosis. Which event is logged for a Recursive query timeout?

A. analytic event T B. audit event Study

Correct Answer: B Section: (none) Explanation Materials Explanation/Reference:

QUESTION 46 Software Defined Networking (SDN) provides a method to centrally configure and manage physical and virtual network devices such as routers, switches, and gateways in your datacenter. Virtual network elements such as Hyper-V Virtual Switch,& Hyper-V Network Virtualization, and RAS Gateway are designed to be integral elements of your SDN infrastructure. Software defined networking provides which of the following capabilities? Practical

A. The ability to abstract your applications and workloads from the underlying physical network, which is accomplished by virtualizing the network. B. The ability to implement network policies in a consistent manner at scale, even as you deploy new workloads or move workloads across virtual or physical networks. C. The ability to centrally define and control policies that govern both physical and virtual networks, including traffic flow between these two network types. D. All of these QAs Correct Answer: D Section: (none) Explanation

Explanation/Reference:

QUESTION 47 With client reservations, you can reserve an IP address for permanent use by a DHCP client. Typically, you will need to do this if the client uses an IP address that was assigned using another method for TCP/IP configuration.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs If you are reserving an IP address for a new client, or an address that is different from its current one, you should verify that the address has not already been leased by the DHCP server. Reserving an IP address in a scope does not automatically force a client currently using that address to stop using it. Which ipconfig command would you use if the address is already in use?

A. ipconfig /flushdns B. ipconfig /release C. ipconfig /registerdns D. ipconfig /renew T Correct Answer: B Section: (none) Study Explanation

Explanation/Reference: Explanation: Materials If the address is already in use, the client using the address must first release it by issuing a DHCP release message (DHCPRELEASE). You can do this by typing ipconfig /release at the command prompt of a client computer running Windows XP or Windows Vista. Reserving an IP address at the DHCP server also does not force the new client for which the reservation is made to immediately move to that address. In this case, too, the client must first issue a DHCP request message (DHCPREQUEST). You can do this by typing ipconfig /renew at the command prompt of a client computer.

QUESTION 48 The DNS Server service provides several types of zones. Which zone helps to keep delegated zone information& current, improve name resolution and simplify DNS administration, but is not an alternative for enhancing redundancy and load sharing? Practical A. secondary B. stub C. none of these D. primary QAs Correct Answer: B Section: (none) Explanation

Explanation/Reference: Explanation: When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone. This DNS server must have network access to the remote DNS server to copy the authoritative name server information about the zone. When a DNS server loads a stub zone, such as widgets.thetoycompany.com, it queries the master servers, which can be in different locations, for the necessary

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs resource records of the authoritative servers for the zone widgets.thetoycompany.com. The list of master servers may contain a single server or multiple servers, and it can be changed anytime.

QUESTION 49 The following example displays DNS query results that are performed from a DNS client computer using the Resolve-DnsName cmdlet. resolve-dnsname -name finance.secure.contoso.com -type A -server dns1.contoso.com

You want to include the DO bit in a DNS query, to make the client is DNSSEC-aware, so that it is OK for the DNS server to return DNSSEC data in a response. What extra parameter should you use? T Study A. DnssecCd B. DnssecOk C. LlmnrOnly D. DnsOnly Materials Correct Answer: B Section: (none) Explanation

Explanation/Reference: Explanation: & When DO=1, the client indicates that it is able to receive DNSSEC data if available. Because the secure.contoso.com zone is signed, an RRSIG resource record was included with the DNS response when DO=1. Practical

QUESTION 50 Which mode is being described below? Deploy the RAS Gateway as an edge VPN server, an edge DirectAccess server, or both simultaneously. In this configuration, RAS Gateway provides remote employees with connectivity to your network by usingQAs either VPN or DirectAccess connections. A. Multitenant mode B. Single tenant mode

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 51 DHCP servers centrally manage IP addresses and related information and provide it to clients automatically. This allows you to configure client network settings at a server, instead of configuring them on each client computer. If you want this computer to distribute IP addresses to clients, then configure this computer as a DHCP server. TRUE or FALSE. Can you install the DHCP server role on a Nano server?

A. TRUE B. FALSE T Correct Answer: B Study Section: (none) Explanation Explanation/Reference: Materials

QUESTION 52 Is the following statement TRUE or FALSE? You can use SLB with a VLAN-based network for DIP VMs connected to a SDN Enabled Hyper-V Virtual Switch.

A. FALSE B. TRUE & Practical Correct Answer: B Section: (none) Explanation

Explanation/Reference: QAs QUESTION 53 The socket pool enables a DNS server to use source port randomization when issuing DNS queries. Which command offers the greatest protection?

A. dnscmd /Config /SocketPoolSize 1000 B. dnscmd /Config /SocketPoolSize 0 C. dnscmd /Config /SocketPoolSize 1 D. dnscmd /Config /SocketPoolSize 1000 /SocketPoolExcludedPortRanges 1-65535

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Correct Answer: A Section: (none) Explanation

Explanation/Reference:

QUESTION 54 The following question is difficult, take your time and use a piece ofT paper if you need. What is the network ID of the IP node 129.56.189.41 with a subnet mask of 255.255.240.0? A. 129.56.189.0 Study B. 129.56.176.1 C. 129.56.189.1 D. 129.56.176.0 Materials Correct Answer: D Section: (none) Explanation

Explanation/Reference: Explanation: To obtain the result, turn both numbers into their binary equivalents and line them up. Then perform the AND operation on each bit and write down the result. 10000001 00111000 10111101 00101001 IP Address & 11111111 11111111 11110000 00000000 Subnet Mask 10000001 00111000 10110000 00000000 NetworkPractical ID The result of the bit-wise logical AND of the 32 bits of the IP address and the subnet mask is the network ID 129.56.176.0.

QUESTION 55 Hotspot Question You network contains an Active Directory named contoso.com. The domain contains two servers namedQAs Server1 and Server2 that run Windows Server 2016. Server1 has IP Address Management (IPAM) installed. Server2 has the DHCP Server role installed. The IPAM server retrieves data from Server2. The domain has two users named User1 and User2 and a group named Group1. User1 is the only member of Group1. Server1 has one IPAM access policy. You edit the access policy as shown in the Policy exhibit. (Click the Exhibit button.)

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

The DHCP scopes are configured as shown in the Scopes Exhibit. (Click the Exhibit button.) QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Hot Area:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Correct Answer:

& Practical

QAs

Section: (none) Explanation

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation/Reference: Explanaon: Group1 has "IPAM DHCP scope administrators" role permissions for the access scope Scope2. Address scope Scope2 and address scope Scope3 are within access scope Scope2. The "IPAM DHCP scope administrators" role grants permission to manage DHCP scopes within the given acces scope. The role includes the permissions create DHCP scope, edit DHCP scope and edit DHCP scope opons.

QUESTION 56 Hotspot Question T You have a server named Server1 that runs Windows ServerStudy 2016. Server1 is a Hyper-V host.

You have two network adapter cards on Server1 that are Remote Direct Memory Access (RDMA)-capable. Materials You need to aggregate the bandwidth of the network adapter cards for a virtual machine on Server1.

The solution must ensure that the virtual machine can use the RDMA capabilities of the network adapter cards.

Which command should you run first? To answer, select the appropriate options in the answer area. & Hot Area: Practical

QAs

Correct Answer:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Section: (none) Explanation

Explanation/Reference: Explanation

Virtual Switches based on NIC-teaming are not RDMA capable. We have to create a Switch Embedded Teaming (SET) virtual Switch

QUESTION 57 T Hotspot Question Study Your network contains an Active Directory domain named contoso.com. The domain contains a domain-based Distributed File System (DFS) namespace named Namespace1. Namespace1 has the following configuration. Materials

& Practical

QAs Namespace1 has a folder named Folder1. Folder1 has the targets shown in the following table.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You have the site links shown in the following table.

For each of the following statements, select Yes if the statementT is true. Otherwise, select No. Hot Area: Study

Materials

& Practical

Correct Answer: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) Explanation Explanation/Reference: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 58 Drag and Drop Question

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. You install IP Address Management (IPAM) on Server1. You need to manually start discovery of the servers that IPAM can manage in contoso.com.

Which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order. T Select and Place: Study

Materials

& Practical

QAs

Correct Answer:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical Section: (none) Explanation

Explanation/Reference: Explanation: Step 1: Invoke-IpamServerProvisioning QAs Choose a provisioning method The Invoke-IpamGpoProvisioning cmdlet creates and links three group policies specified in the Domain parameter for provisioning required access settings on the server roles managed by the computer running the IP Address Management (IPAM) server. Step 2: Add-IpamDiscoveryDomain Configure the scope of discovery The Add-IpamDiscoveryDomain cmdlet adds an Active Directory discovery domain for an IP Address Management (IPAM) server. A discovery domain is a domain that IPAM searches to find infrastructure servers. An IPAM server uses the list of discovery domains to determine what type of servers to add. By default, IPAM discovers all domain controllers, Dynamic Host Configuration Protocol (DHCP) servers, and Domain Name System (DNS) servers.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Step 3: Start-ScheduledTask Start server discovery To begin discovering servers on the network, click Start server discovery to launch the IPAM ServerDiscovery task or use the Start-ScheduledTask command.

QUESTION 59 Drag and Drop Question

You have an internal network that contains multiple subnets. You have a Microsoft Azure subscription that contains multipleT virtual networks. You need to deploy a hybrid routing solution between the networkStudy and the Azure subscription. The solution must ensure that the computers on all of the networks can connect to each other. You install RAS Gateway and enable BGP routing on the network and in Azure.

Which three actions should you perform next in sequence? To answer,Materials move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical Correct Answer:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical Section: (none) Explanation

Explanation/Reference: Explanation: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-bgp-resource-manager-ps#enablebgp QAs QUESTION 60 Hotspot Question

You have a network address translation (NAT) server named NAT1 that has an external IP address of 131.107.50.1 and an internal IP address of 10.0.0.1. You deploy a new server named Web1 that has an IP address of 10.0.0.211. A remote server named app.fabrikam.com has an IP address of 131.107.1.232. You need to make Web1 accessible to app.fabrikam.com through NAT1.

What command should you run from NAT1? To answer, select the appropriate options in the answer area.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Hot Area:

T Study

Correct Answer: Materials

& Practical

Section: (none) Explanation

Explanation/Reference: Explanation: QAs https://technet.microsoft.com/en-us/itpro/powershell/windows/nat/add-netnatstaticmapping

Explanaon: The Add-NetNatStacMapping cmdlet adds a stac mapping to a network address translaon (NAT) instance. A stac mapping enables an incoming connecon from an external network to access a host on an internal network through the NAT

QUESTION 61 Hotspot Question

Your network contains an Active Directory domain named contoso.com.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs The domain contains two servers named Server1 and Server2 that run Windows Server 2016.

Server1 has Microsoft System Center 2016 Virtual Machine Manager (VMM) installed.

Server2 has IP Address Management (IPAM) installed.

You create a domain user named User1.

You need to integrate IPAM and VMM. VMM must use theT account of User1 to manage IPAM. The solution must use the principle of least privilege. Study

What should you do on each server? To answer, select the appropriate options in the answer area.

Hot Area: Materials

& Practical

QAs

Correct Answer:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) Explanation

Explanation/Reference: & Explanation: Practical To create the VMM user account 1. On the IPAM server, open an elevated command prompt, type lusrmgr.msc, and press ENTER. The Local Users and Groups console will open. 2. In the console tree, right-click Groups and click New Group. 3. In the New Group dialog box, next to Group name, type a name for the group, for example VMM Users. 4. Click Add, and under Enter the object names to select, type the username of the VMM user account,QAs for example vmmuser, and then click OK. 5. Confirm that the user account was added to the VMM Users group, and then click Create. 6. Click Close to close the New Group dialog box. 7. Leave the Local Users and Groups console open for the following procedure. To assign permissions to the VMM user account 1. In the IPAM server console, in the upper navigaon pane, click ACCESS CONTROL, right-click Access Policies in the lower navigaon pane, and then click Add Access Policy. 2. On the Add Access Policy page, click Add, type the name of the VMM Users group that was created in the previous procedure, for example VMM Users, and then click OK.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs 3. Click Access Sengs, click New, and then choose IPAM ASM Administrator Role from the drop-down list under Select role. 4. Verify that the Global access scope is selected, click Add Seng, and then click OK. 5. In the Local Users and Groups console, right-click Remote Management Users and click Add to Group. 6. Click Add, and under Enter the object names to select, type the username of the VMM user account, for example vmmuser, and then click OK. 7. Click OK to close Remote Management Users Properes. VMM must be granted permission to view and modify IP address space in IPAM, and to perform remote management of the IPAM server. VMM uses a “Run As” account to provide these Tpermissions to the IPAM network service plugin. The “Run As” account must be configured with appropriate permission on the IPAM server.Study QUESTION 62 Hotspot Question

Your network contains an Active Directory domain named contoso.com.Materials The domain contains four servers named Server1, Server2, Server3, and Server4 than run Windows Server 2016. Server1 has IP Address Management (IPAM) installed. Server2, Server3, and Server4 have the DHCP Server role installed. IPAM manages Server2, Server3, and Server4. A domain user named User1 is a member of the groups shown in the following table. & Practical

QAs Which actions can User1 perform? To answer, select the appropriate options in the answer area.

Hot Area:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Correct Answer: Materials

& Practical

QAs Section: (none) Explanation

Explanation/Reference: Explanation: IPAM Users: IPAM users can view information in IPAM, but cannot manage IPAM features or view IP address tracking data. DHCP Users group Members of the DHCP Users group have read-only access to the server by using the DHCP Microsoft Management Console (MMC) snap-in, which allows them to view, but not to modify, server data, including DHCP server configuration, registry keys, DHCP log files, and the DHCP database. DHCP Users cannot create scopes,

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs modify option values, create reservations or exclusion ranges, or modify the DHCP server configuration in any other way.

QUESTION 63 Hotspot Question

Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server 2016. Server1 has IP Address Management (IPAM) installed. Server2 and Server3 have the DHCP Server role installed and have several DHCP scopes configured. The IPAM server retrieves data from Server2 and Server3.T A domain user named User1 is a member of the groups shownStudy in the following table.

Materials

On Server1, you create a security policy for User1. The policy grants the IPAM DHCP Scope Administrator Role with the \Global access scope to the user. Which actions can User1 perform? To answer, select the appropriate options in the answer& area. Hot Area: Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Correct Answer: & Practical

QAs

Section: (none) Explanation

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation/Reference: Explanaon: Members of the DHCP Administrators group have administrave access to the Dynamic Host Configuraon Protocol (DHCP) Server service. This group provides a way to assign limited administrave access to the DHCP server only, while not providing full access to the server. Members of this group can administer DHCP on a server using the DHCP console or the Netsh command, but are not able to perform other administrave acons on the server. Members of the DHCP Users group have read-only access to the DHCP Server service. This allows members to view informaon and properes stored at a specified DHCP server. This informaon is useful to support staff when they need to obtain DHCP status reports. Both the DHCP Administrators group and DHCP Users Tgroup are created automacally when the DHCP server role is installed using Server Manager. . Study The "IPAM DHCP scope administrators" role grants permission to manage DHCP scopes within the given acces scope. The role includes the permissions create DHCP scope, edit DHCP scope and edit DHCP scope opons. QUESTION 64 Materials Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com. The forest has three sites located in London, Paris and Berlin. & The London site contains a web server named Web1 that runs Windows Server 2016. Practical You need to configure Web1 as an HTTP content server for the hosted cache servers located in the Paris and Berlin sites.

Solution: You install the DFS Replication role service, and then you start the Network Connections service. Does this meet the goal?

A. Yes QAs B. No

Correct Answer: B Section: (none) Explanation

Explanation/Reference: Explanaon: To enable BranchCache acceleraon of content served by a Web server or applicaon server using the BITS protocol, you must install

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs the BranchCache feature and ensure that the BranchCache service has started. No other steps are necessary. Reference: Branch Cache Server Configuraon

QUESTION 65 You have 2000 devices, One hundred of the devices are mobile devices that have physical addresses beginning with 98-5F. You have a DHCP server named Server1. You need to ensure that the mobile devices register their host name by using a DNS suffix of mobile.contoso.com

A. From the properties of Scopte1, Modify the Conflict detectionT attempts setting. B. From the properties of Scope1, Configure Name Protection.Study C. From the Properties of IPV4, configure the bindings. D. From IPV4, create a new filter. E. From the properties of Scope1, create an exclusion range. Materials F. From IPv4, run the DHCP Policy Configuration Wizard. G. From Control Panel, modify the properties of Ethernet. H. From Scope1, create a reservation

Correct Answer: F Section: (none) & Explanation Practical Explanation/Reference:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 66 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com You need to create a Nano Server image named Nano1T that will be used as a virtualization host. The windows server 2016 source files are located in drive D.Study

Solution: You run the following cmdlet.

New-NanoServerImage –Edion Datacenter –DeploymentType Host –MediaPathMaterials D:\ –TargetPath C:\Nano1\Nano1.wim –Package Microsoft-NanoServer-Containers-Package -Compute –Computername Nano1 –DomainName contoso.com

Does this meet the goal?

A. Yes B. NO & Correct Answer: A Practical Section: (none) Explanation

Explanation/Reference: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 67 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com. The forest has three sites located in London, Paris and Berlin.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs The London site contains a web server named Web1 that runs Windows Server 2016.

You need to configure Web1 as an HTTP content server for the hosted cache servers located in the Paris and Berlin sites.

Solution: You install the Deployment Server role service, and then you restart the World Wide Web Publishing Service.

Does this meet the goal?

A. Yes T B. No Study

Correct Answer: B Section: (none) Explanation Materials Explanation/Reference: Explanaon: To enable BranchCache acceleraon of content served by a Web server or applicaon server using the BITS protocol, you must install the BranchCache feature and ensure that the BranchCache service has started. No other steps are necessary. Reference: Branch Cache Server Configuraon & QUESTION 68 Practical You have multiple servers that run Windows Server 2016 and are configured as VPN servers. You deploy a server named NPS1 that has Network Policy Server (NPS) installed. You need to configure NPS1 to accept authentication requests from the VPN servers. What should you configure on NPS1? A. From RADIUS Clients and Servers, add a remote RADIUS server group. QAs B. From Policies, add a connection request policy. C. From Policies, add a network policy. D. From RADIUS Clients and Servers, add RADIUS clients.

Correct Answer: D Section: (none) Explanation

Explanation/Reference: Explanaon:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs When you configure a network access server (NAS) as a RADIUS client in the Network Policy Server (NPS) Microso Management Console (MMC) snap-in, the RADIUS client forwards connecon requests from access clients to the NPS server for authencaon, authorizaon, and accounng. In addion to configuring a new RADIUS client, you must also configure the network access server so that it can communicate with NPS. On NPS1 we need to add the VPN servers as RADIUS clients

T Study

Materials

& Practical

QAs

QUESTION 69 Your network contains an Active Directory domain named contoso.com. The domain contains a Hyper-V host named Server1 that runs Windows Server 2016. Server1 hosts four machines that are members of the domains. The virtual machines are configured as sown in the following table.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Which virtual machines can you manage by using PowerShell Direct? Materials A. Only VM2 B. VM1, VM2, and VM4 C. only VM4 D. VM1, VM2, and VM3 Correct Answer: B & Section: (none) Explanation Practical

Explanation/Reference:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 70 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a server named Server1 that runs Windows Server 2016. Server1 is configured as a VPN server. T Server1 is configured to allow domain users to establish VPNStudy connections from 06:00 to 18:00 everyday of the week.

You need to ensure that domain users can establish VPN connectionsMaterials only between Monday and Friday. Solution: From Routing and Remote Access, you configure the Properties of Server1.

Does this meet the goal?

A. Yes B. No &

Correct Answer: B Practical Section: (none) Explanation

Explanation/Reference: Explanaon: The properes of the VPN server do not allow to configure me based rescons for user connecons. We should use Network PolicyQAs (NPS) to create a Network Access Policy.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 71 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Your network contains an Active Directory domain named contoso.com. You need to create a Nano Server image named Nano1 that will be used as a virtualization host. The windows server 2016 source files are located in drive D.

Solution: You run the following cmdlet.

New-NanoServerImage –Edion Datacenter –DeploymentType Host –Package Microsoft-NanoServerSCVMM-Package –MediaPath D:\–TargetPath C:\Nano1 \Nano1.wim –Computername Nano1 –DomainName contoso.comT Does this meet your goal? Study

A. Yes Materials B. NO

Correct Answer: B Section: (none) Explanation

Explanation/Reference: & Explanaon: Practical The New-NanoServerImage cmdlet makes a local copy of the necessary files from the installaon media and converts the included Nano Server Windows image (.wim) file into a VHD or VHDX image, or reuses the exisng .wim file. You can subsequently perform the following operaons: Add packages. Add drivers. Add servicing packages (updates). QAs Add an una ended setup file (una end.xml). Add files. Add setup scripts. Set the computer name. Set the administrator password. Configure network se ngs. Join a domain. Enable debugging. Enable Emergency Management Services (EMS).

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Enable remote management. Enable development opons. In order to add the Compute package, whichincludes Hyper-V and NetQoS we can specify the -Computer parameter orwe can use the -Package parameter and specify the package name Microso -NanoServer-Compute-Package

QUESTION 72 You need to implement network virtualization. On which object should you configure the virtual subnet TID? A. Virtual switch Study B. Hyper-V server C. VM D. Virtual network adapter Materials Correct Answer: D Section: (none) Explanation

Explanation/Reference: Explanaon: In Hyper-V Network Virtualiza on (HNV), a customer or tenant is defined as the “owner”& of a set of IP subnets that are deployed in an enterprise or datacenter. A customer can be a corpora on or enterprise with mul ple departmentsPractical or business units in a private datacenter which require network isola on, or a tenant in a public data center which is hosted by a service provider. Each customer can have one or more Virtual networks in the datacenter, and each virtual network consists of one or more Virtual subnets. There are two HNV implementa ons which will be available in Windows Server 2016: HNVv1 and HNVv2. HNVv1 HNVv1 is compa ble with Windows Server 2012 R2 and System Center 2012 R2 Virtual Machine Manager (VMM). Configura on for HNVv1 relies on WMI management and Windows PowerShell cmdlets (facilitated through System CenterQAs VMM) to define isola on sengs and Customer Address (CA) – virtual network – to Physical Address (PA) mappings and rou ng. No addi onal features have been added to HNVv1 in Windows Server 2016 and no new features are planned. HNVv2 A significant number of new features are included in HNVv2 which is implemented using the Azure Virtual Filtering Pla orm (VFP) forwarding extension in the Hyper-V Switch. HNVv2 is fully integrated with Microso Azure Stack which includes the new Network Controller in the So ware Defined Networking (SDN) Stack. Virtual network policy is defined through the Microso Network Controller using a RESTful NorthBound (NB) API and plumbed to a Host Agent via mul ple SouthBound Intefaces (SBI) including OVSDB. The Host Agent programs policy in the VFP extension of the Hyper-V Switch where it is enforced. Virtual network

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Each virtual network consists of one or more virtual subnets. A virtual network forms an isola on boundary where the virtual machines within a virtual network can only communicate with each other. Tradi onally, this isola on was enforced using VLANs with a segregated IP address range and 802.1q Tag or VLAN ID. But with HNV, isola on is enforced using either NVGRE or VXLAN encapsula on to create overlay networks with the possibility of overlapping IP subnets between customers or tenants. Each virtual network has a unique Rou ng Domain ID (RDID) on the host. This RDID roughly maps to a Resource ID to iden fy the virtual network REST resource in the Network Controller. The virtual network REST resource is referenced using a Uniform Resource Iden fier (URI) namespace with the appended Resource ID. Virtual subnets A virtual subnet implements the Layer 3 IP subnet seman cs for theT virtual machines in the same virtual subnet. The virtual subnet forms a broadcast domain (similar to a VLAN) and isola on is enforcedStudy by using either the NVGRE Tenant Network ID (TNI) or VXLAN Network Iden fier (VNI) field. Each virtual subnet belongs to a single virtual network (RDID), and it is assigned a unique Virtual Subnet ID (VSID) using either the TNI or VNI key in the encapsulated packet header. The VSID must be unique within the datacenter and is in the range 4096 to 2^24-2 Reference: Hyper-V Network Virtualiza on Technical Details in Windows Server Materials

QUESTION 73 You plan to deploy several Hyper-V hosts that run Windows Server 2016. The deployment will use Software defined Networking (SDN) and VXLAN. Which server role should you install on the network to support the planned deployment?& A. Network Controller Practical B. Network Policy and Access Services C. Remote Access D. Host Guardian Service

Correct Answer: A Section: (none) QAs Explanation

Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 74 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Hyper-V host named Server1 that hosts a virtual machine named VM1. Server1 and VM1 run Windows Server 2016. The settings for VM1 are configured as shown in the exhibitT below. Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You need to ensure that you can use the Copy-VMFile cmdlet on Server1 to copy files from VM1. Solution: You start the Hyper-V Guest Service Interface service on VM1. Does this meet the goal?

A. YES B. NO

Correct Answer: B T Section: (none) Study Explanation

Explanation/Reference: Explanaon: With Windows Server 2012 R2, the Hyper-V product team introducedMaterials a new cmdlet called Copy-VMFile. This, as the name implies, help you copy a file into a Hyper-V Virtual Machine (VM). Similiar to PowerShell Direct, the VM does not need to connect to the network. As a requirement we need to ensure that the Guest Service component is enabled and that the Hyper-V Guest Service Interface service on the VM is running. If we enable the Guest Service component, the corresponding service on the VM is started automacally. Starng the service does not enable the Guest Service component. Reference: Using Copy-VMFile cmdlet in Windows Server 2012 R2 Hyper-V/ & Practical QUESTION 75 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Hyper-V host named Server1 that hosts a virtual machine named VM1. QAs Server1 and VM1 run Windows Server 2016. The settings for VM1 are configured as shown in the exhibit below.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You need to ensure that you can use the Copy-VMFile cmdlet on Server1 to copy files from VM1. Solution: You need to enable the Data Exchange integration service for VM1. Does this meet the goal?

A. YES B. NO

Correct Answer: B T Section: (none) Study Explanation

Explanation/Reference: Explanation: The Hyper-V Guest Service Interface is required but not the Hyper-V MaterialsData Exchange Service (KVP). https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/integration-services#hyper-v-data-exchange-service-kvp

QUESTION 76 You have a Scale-Out File Server that has a share named Share1. Share1 contains a virtual disk file named Disk1.vhd. You plan to create a guest failover cluster. & You need to ensure that you can use the virtual disk as a shared virtual disk for the gustPractical failover cluster. Which cmdlet should you use?

A. Optimize VHD B. Optimize VHDSet C. Convert-VHD D. Set-VHD QAs Correct Answer: C Section: (none) Explanation

Explanation/Reference: Explanaon: Shared virtual disks were introduced in Windows Server 2012 R2. Shared virtual disk funconality in guest failover clusters exclusively uses the .vhdx file format. We have to convert the .vhd disk file into .vhdx file format using the Convert-VHD cmdl

QUESTION 77

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You are deploying a small network that has 30 client computers. The network uses the 192.168.1.0/24 address space. All computers obtain IP configurations from a DHCP server named Server1.

You install a server named Server2 that runs Windows Server 2016. Server2 has two network adapters named internal and Internet. Internet connects to an Internet service provider (ISP) and obtains the 131.107.0.10 IP address. Internal connects to the internal network and is configured to use the 192.168.1.250 IP address.

You need to provide Internet connectivity for the client computers. What should you do? T A. On Server2, select the Internet and Internal network adapters and bridgeStudy the connections. From the DHCP console on Server1, authorize Server2. B. On Server1, stop the DHCP server. On the Internal network adapter on Server 2, enable Internet Connection Sharing (ICS). C. On Server2 run the New-NetNat Name NAT1 -InternalIPInterfaceAddressPrefix 192.168.1.0/24 cmdlet. Configure Server1 to provide the 003 Router option of 131.107.0.10. D. Install the Routing role service on Server2 and configure the NAT routing protocol.Materials Configure Server1 to provide the 003 Router option of 192.168.1.250. Correct Answer: D Section: (none) Explanation

Explanation/Reference: Explanaon: Network address translaon (NAT) provides a method for translang the Internet Protocol version 4 (IPv4)& addresses of computers on one network into IPv4 addresses of computers on a different network. A NAT-enabled IP router deployed at the boundary where a private network, such as a corporate network, meets a public network, such as the Internet, allows computersPractical on the private network to access computers on the public network by providing this translaon service. Note: Internet Connecon Sharing (ICS) supports a maximum of 10 concurrent client connecons. Therefore we should use the Roung role service. Internet Connecon Sharing (ICS) With Internet Connecon Sharing ( ICS), users can share a public Internet connecon with a private home or small business network. In an ICS network, a single computer is chosen to be the ICS host. The ICS host has at least two network adapters: one connected to the Internet and one or more connected to the private network. All Internet-desned traffic flows through the ICS host. ICS uses DynamicQAs Host Configuraon Protocol (DHCP) to assign private IP addresses on the network, and it uses Network Address Translaon (NAT) to allow mulple computers on the private network to connect to the public network through the ICS host. Only the ICS host is visible from the Internet. The private network is "hidden." Also, NAT blocks any network traffic that did not originate from the private network or is a response to traffic originang from the private network. In addion, ICS provides name resoluon to the home network through a DNS proxy. Internet Connecon Sharing is acvated in the properes of the internal network adapter

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs QUESTION 78 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Hyper-V host named Server1 that hosts a virtual machine named VM1. Server1 and VM1 run Windows Server 2016. The settings for VM1 are configured as shown in the exhibit below.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

Solution: You enable the Guest Service integration service for VM1. Does this meet the goal?

A. YES B. NO T Correct Answer: B Study Section: (none) Explanation

Explanation/Reference: With Windows Server 2012 R2, the Hyper-V product team introduced a new cmdletMaterials called Copy-VMFile. This, as the name implies, help you copy a file into a Hyper-V Virtual Machine (VM). Similiar to PowerShell Direct, the VM does not need to connect to the network.

As a requirement we need to ensure that the Guest Service component is enabled and that the Hyper-V Guest Service Interface service on the VM is running. If we enable the Guest Service component, the corresponding service on the VM is started automatically. Starting the service does not enable the Guest Service component.

Note: Copy-VMFile allows you to push files from the host into the guest VM only and not vice versa. The FileSource parameter has only Host as an option. & Reference: Using Copy-VMFile cmdlet in Windows Server 2012 R2 Hyper-V/ Practical Answer is NO!

Weather you enable the Guest Services component for the VM1, it still won't give you abillity to copy files FROM VM1 to Server01! Copy-VMFile cmdlet only allows you to push files into the guest VM only, and not vice versa, Period.

QUESTION 79 You have two Hyper-V hosts named Server1 and Server2 that run windows server 2012 R2. QAs The servers are nodes in a failover cluster named Cluster1. You perform a rolling upgrade of the cluster nodes to Windows Server 2016. You need to ensure that you can implement the Virtual Machine Load Balancing feature. Which cmdlet should you use?

A. Update-ClusterFunctionalLevel B. SetCauClusterRole C. Update-ClusterNetWorkNameResource D. Set-ClusterGroupSet

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Correct Answer: A Section: (none) Explanation

Explanation/Reference:

T Study

Materials

& Practical

QAs

QUESTION 80

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Your network contains an Active Directory domain named contoso.com. The domain contains a domain-based Distributed file System (DFS) namespace named Namespace1 that has access-based enumeration enabled. Namespace1 has a folder named folder1. Folder1 has a target of \\Server1\Folder1. The Permission for folder1 are configured as shown in the following table.

T Study

Materials

Access-based enumeration is disabled for the share of Folder1. You need to ensure that both User1 and User2 can see Folder1 when they access \\Contoso.com\NameSpace1 What should you do? & Practical A. Enable access-based enumeration for Folder1. B. Disable access-based enumeration for Namespace1. C. Assign User1 the read NTFS permission to folder1 D. Deny User1 the read DFS permission to Folder1.

Correct Answer: B QAs Section: (none) Explanation

Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

QUESTION 81 Scenario: You are a network administrator for a company named Contoso,Ltd. The network is configured& as shown in the exhibit. Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

You install the Remote Access server role on Server2. Server2 has the following configured. QAs * Network address translation (NAT) * The DHCP Server server role

The Security Policy of Contoso states that only TCP ports 80 and 443 are allowed from the internet to server2 You identify the following requirements:

* Add 28 devices to subnet2 for a temporary project. * Configure Server2 to accept VPN connections from the internet. * Ensure that devices on Subnet2 obtain TCP/IP settings from DHCP on Server2.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs End of Scenario: What should you do to meet the DHCP connectivity requirement for Subnet2?

A. Install the Routing role service on Server2. B. Install the IP address Management (IPAM) Server feature on Server2. C. Install the Routing role service on Server1. D. Install the DHCP Server server role on Server1. T Correct Answer: C Study Section: (none) Explanation Explanation/Reference: Materials

& Practical

QUESTION 82 You have a DHCP server named Server1 that runs Windows Server 2016. QAs You have a single IP subnet. Server1 has an IPv4 scope named Scope1. Scope1 has an IP address range of 10.0.1.10 to 10.0.1.200 and a length of 24 bits. You need to create a second logical IP network on the subnet. The subnet will use an IP address range of 10.0.2.10 to 10.0.2.200 and a length of 24 bits. What should you do?

A. Create a second scope, and then create a superscope. B. Create a superscope, and then configure an exclusion range in Scope1. C. Create a new scope, and then modify the IPv4 bindings.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs D. Create a second scope, and then run the DHCP Split-Scope Configuration Wizard.

Correct Answer: A Section: (none) Explanation

Explanation/Reference: T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 83 Scenario: You are a network administrator for a company named Contoso,Ltd. The network is configured as shown in the exhibit.

T Study

Materials

& Practical

QAs

You install the Remote Access server role on Server2. Server2 has the following configured.

* Network address translation (NAT) * The DHCP Server server role

The Security Policy of Contoso states that only TCP ports 80 and 443 are allowed from the internet to server2 You identify the following requirements:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs * Add 28 devices to subnet2 for a temporary project. * Configure Server2 to accept VPN connections from the internet. * Ensure that devices on Subnet2 obtain TCP/IP settings from DHCP on Server2.

End of Scenario:

You add a computer to subnet1. The computer has an IP address of 10.10.0.129 Web1 receives a request from the new computer and sendsT a response. What should you do? Study

A. 10.10.0.129 B. 10.10.0.224 C. 131.107.0.223 Materials D. 172.16.128.222

Correct Answer: C Section: (none) Explanation

Explanation/Reference: & Practical QUESTION 84 A company named Contoso, Ltd has five Hyper-V hosts that are configured as shown in the following table.

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

What are two valid live migration scenarios for virtual machines in your environment?

A. from Sever1 to server5 B. from Server4 to Server 5 C. from Server2 to Server3 & D. from Server3 to Server4 Practical Correct Answer: AC Section: (none) Explanation

Explanation/Reference: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

QUESTION 85 & Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solutions,Practical while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a server named Server1 that runs Windows Server 2016. Server1 is configured as a VPN server. Server1 is configured to allow domain users to establish VPN connections from 06:00 to 18:00 everyday of the week. QAs You need to ensure that domain users can establish VPN connections only between Monday and Friday.

Solution: From Active Directory Users and Computers, you modify the Dial-in Properties of the user accounts. Does this meet the goal?

A. Yes B. No

Correct Answer: B

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Section: (none) Explanation

Explanation/Reference:

T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 86 You have a server named Server1 that runs Windows Server 2016. Server1 has two network cards. One network card connects to your internal network and the other network card connects to the Internet.

You plan to use Server1 to provide Internet connectivity for client computers on the internal network.

You need to configure Server1 as a network address translation (NAT) server. Which server role or role service should you install on Server1T first? Study A. Network Controller B. Web Application Proxy C. Routing D. DirectAccess and VPN (RAS) Materials

Correct Answer: C Section: (none) Explanation

Explanation/Reference: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 87 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Solution: You run the following cmdlet.

New-NanoServerImage Edition Datacenter DeploymentType Host PackageMaterials Mictosoft- NanoServer-SCVMM-Package MediaPath `D:\ -TargetPath C:\nano1 \Nano1.wim ComputerName Nano1 Domaintiame Contoso.com

Does this meet the goal?

A. Yes B. NO & Correct Answer: B Practical Section: (none) Explanation

Explanation/Reference: Explanaon: The New-NanoServerImage cmdlet makes a local copy of the necessary files from the installaon mediaQAs and converts the included Nano Server Windows image (.wim) file into a VHD or VHDX image, or reuses the exisng .wim file. You can subsequently perform the following operaons: Add packages. Add drivers. Add servicing packages (updates). Add an una ended setup file (una end.xml). Add files. Add setup scripts. Set the computer name.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Set the administrator password. Configure network se ngs. Join a domain. Enable debugging. Enable Emergency Management Services (EMS). Enable remote management. Enable development opons. In order to add the Compute package, whichincludes Hyper-VT and NetQoS we can specify the -Computer parameter orwe can use the -Package parameter and specify the package name Microso -NanoServer-Compute-PackageStudy QUESTION 88 Your network contains an Active directory forest named contoso.com. The forest has a Distributed File System (DFS) namespace named \\contoso.com\namespace1. The domain contains a file server named Server1 that runs Windows MaterialsServer 2016. You create a folder named Folder1 on Server1. Which two cmdlets should you use? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. New-DfsnFolderTarget B. Install-WindowsFeature & C. Grant-DfsnAccess D. New-DfsnFolder Practical E. New-SmbShare

Correct Answer: AE Section: (none) Explanation QAs Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QUESTION 89 You have a virtual machine named VM1 that runs Windows Server 2016, VM1 hosts a service that requires high network throughput. VM1 has a virtual network adapter that connects to a Hyper-V switch named vSwitch1. vSwitch1 has one network adapter. QAs The network adapter supports Remote Direct Memory Access (RDMA), the single root I/O virtualization (SR-IOV) interface, Quality of Service? (QoS), and Receive Side Scaling (RSS).

You need to ensure that the traffic from VM1 can be processed by multiple networking processors. Which Windows PowerShell command should you run on the host of VM1?

A. Set-NetAdapterRss B. Set-NetAdapterRdma C. Set-NetAdapterQos

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs D. Set-NetAdapterSriov

Correct Answer: A Section: (none) Explanation

Explanation/Reference: T Study

Materials

QUESTION 90 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. & You have a server named Server1 that runs Windows Server 2016. Server1 is configured as a VPN server. Server1 is configured to allow domain users to establish VPN connections from 06:00 toPractical 18:00 everyday of the week.

You need to ensure that domain users can establish VPN connections only between Monday and Friday.

Solution: From Server Manager, You modify the Access Policies on Server1. Does this meet the goal? QAs

A. Yes B. No

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 91 Your network contains three subnets, a production subnet that contains production servers, a development network that contains development servers, and a client network that contains client computers.

The development network is used to test applications and reproduces servers that are located on the production network. The development network and the production network use the same IP address range.

A developer has a client computer on the client network. The developer reports that when he attempts to connect to the IP address 10.10.1.6 from his computer, he connects to a server on the production network. T Study You need to ensure that when the developer connects to 10.10.1.6, he connects to a sever on the development network Which cmdlet should you use?

A. New-NetNeighbor Materials B. New-NetRoute C. Set-NetTcpSetting D. Set-NetNeighbir

Correct Answer: B Section: (none) & Explanation Practical Explanation/Reference:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 92 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs The forest has three sites located in London, Paris and Berlin.

The London site contains a web server named Web1 that runs Windows Server 2016.

You need to configure Web1 as an HTTP content server for the hosted cache servers located in the Paris and Berlin sites.

Solution: You install the BranchCache feature, and then you start the BranchCache service. Does this meet the goal? T A. Yes Study B. No

Correct Answer: A Section: (none) Materials Explanation

Explanation/Reference: Explanaon: To enable BranchCache acceleraon of content served by a Web server or applicaon server using the BITS protocol, you must install the BranchCache feature and ensure that the BranchCache service has started. No other steps are necessary. Reference: Branch Cache Server Configuraon & QUESTION 93 Practical Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains Windows and non-Windows devices. You have a DHCP server named Server1 that has an IPv4 scope named Scope1. QAs You need to prevent a client computer that uses the same name as an existing registration from updating the registration. What should you do?

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs G. From Control Panel, modify the properties of Ethernet. H. From Scope1, create a reservation.

Correct Answer: B Section: (none) Explanation

Explanation/Reference: T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 94 Hotspot Question You have a RADIUS server named RADIUS1. RADIUS1 is configured to use an IP address of 172.23.100.101. You add a wireless access point (wap) named WAP-Secure to your network. You configure WAP-Secure to use an IP address of 10.0.100.101. You need to ensure that WAP-Secure can authenticate to RADIUS1 by using a shared secret key.

What command should you run? To answer, select the appropriateT options in answer area. Study

Materials

Hot Area: & Practical

QAs

Correct Answer:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study Section: (none) Explanation Explanation/Reference: Materials

& Practical

QUESTION 95 Hotspot Question Your network is configured as shown in the network diagram. QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

Hot Area: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical Correct Answer:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical Section: (none) Explanation

Explanation/Reference: QAs QUESTION 96 Hotspot Question You have a virtual machine named VM1 that runs Windows Server 2016.

VM1 is a Remote Desktop Services (RDS) server.

You need to ensure that only TCP port 3389 can be used to connect to VM1 over the network.

Which command should you run on the Hyper-V host? To answer, select the appropriate options in the answer area.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Hot Area:

T Study

Correct Answer: Materials

& Practical

Section: (none) Explanation

Explanation/Reference: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 97 Hotspot Question

Your network contains an Active Directory domain named contoso.com.

The domain contains a domain-based Distributed File System (DFS) namespace named Namespace1.

You need to view the shares to which users will be redirectedT when the users attempt to connect to a folder named Folder1 in the DFS namespace. Study What cmdlet should you run? To answer, select the appropriate options in the answer area.

Hot Area: Materials

& Practical

Correct Answer: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials Section: (none) Explanation

Explanation/Reference: Explanaon: The Get-DfsnFolderTarget cmdlet gets se ngs for targets of a Distributed File System (DFS) namespace folder. You can specify a DFS namespace folder path to see all the targets for that path. You can specify a namespace path and a target& path to see se ngs for a parcular target. Practical

QAs

QUESTION 98 Hotspot Question

You have a DNS server named Server1.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs The forwarders are configured as shown in the Forwarders exhibit. (Click the Exhibit button.)

T Study

Materials

& Practical

QAs

The Advanced Settings are configured as shown in the Advanced exhibit. (Click the Exhibit button.)

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

The Root Hints are configured as shown in the Root Hints exhibit. (Click the Exhibit button.)

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

Server1 does not contain any DNS zones. For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Hot Area:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Correct Answer:

& Practical

QAs

Section: (none) Explanation

Explanation/Reference: Explanation: Explanaon:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs The opon D isable recursion (also disables forwarders) on the Advanced tab, is acvated. Therefore recursive queries and forwarding are not possible. There are no zones created. This also means that no root zone has been created.

QUESTION 99 Hotspot Question Your network contains an Active Directory forest named contoso.com. The forest has three sites named Site1, Site2 and Site3. Distributed File System (DFS) for the forest is configuredT as shown in the exhibit. Study

Materials

& Practical

QAs

The forest contains a server named Server2 that hosts the DFS namespace.

\\Contoso.com\Namespace1\Folder2 has the following configuration.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

\\Contoso\Namespace1\Folder2 has the targets configured as shown in the following table.

& Practical

For each of the following statement, Select Yes if Statement is true. Otherwise , select No.

Hot Area: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Correct Answer:

& Practical

QAs

Section: (none) Explanation

Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 100 Hotspot Question You have a Hyper-V host named Server1 that runs Windows Server 2016. Server 1 has a virtual switch Switch1. Server1 hosts the virtual machines configured as shown in the following table.

T Study

Windows firewall on VM1 and VM2 is configured to allow ICMP traffic. VM1 and VM2 connect to Switch1. Materials You fail to ping VM1 from VM2. You need to view the VirtualSubnetid to which VM1 connects. Which cmdlet should you run on Server1.

Hot Area: & Practical

QAs

Correct Answer:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials Section: (none) Explanation

Explanation/Reference: Explanaon: The Get-VMNetworkAdapter cmdlet gets the virtual network adapters of the specified virtual machine, snapshot, or management operang system. & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QUESTION 101 Hotspot Question QAs Scenario: You are a network administrator for a company named Contoso,Ltd. The network is configured as shown in the exhibit.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

You install the Remote Access server role on Server2. Server2 has the following configured. QAs * Network address translation (NAT) * The DHCP Server server role

The Security Policy of Contoso states that only TCP ports 80 and 443 are allowed from the internet to server2 You identify the following requirements:

* Add 28 devices to subnet2 for a temporary project. * Configure Server2 to accept VPN connections from the internet. * Ensure that devices on Subnet2 obtain TCP/IP settings from DHCP on Server2.

End of Scenario:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You need to identify which subnet mask you must use for subnet2. The solution must minimize the number of available IP addresses on Subnet2. What subnet mask should you identify? To answer, select the appropriate options in the answer area.

Hot Area:

T Study

Materials

& Practical

Correct Answer:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) & Explanation Practical Explanation/Reference: Explanation: The question specifies that the solution must minimize the number of available IP addresses so the correct answer is 255.255.255.224 which allows for 32 hosts.

QUESTION 102 Hotspot Question QAs

You have a DirectAccess Server that is accessible by using the name directaccess.fabrikam.com On the DirectAccess server, you install a new server certificate that has a subject name of directaccess.contoso.com, and then you configure DNS records for directaccess.contoso.com

You need to change the endpoint name for DirectAccess to directaccess.contoso.com

What command should you run? To answer, select the appropriate options in the answer area.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Hot Area:

T Study

Materials Correct Answer:

& Practical

QAs

Section: (none) Explanation

Explanation/Reference: Explanation: Set-DaClient-ComputerName directaccess.contoso.com https://social.technet.microsoft.com/Forums/ie/en-US/474f8be8-e2b3-4877-860e-e51a0866ca60/directaccess-installation-errors-involving-security-group?forum=forefrontedgeiag

QUESTION 103

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Hotspot Question You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 connects to your corporate network. The Corporate network uses the 10.10.0.0/16 address space.

Server1 hosts a virtual machine named VM1, VM1 is configured to have an IP addresses of 172.16.1.54/16.

You need to ensure that VM1 can access the resources on the corporate network. What should you do? To answer, select the appropriate Toptions in the answer area. Hot Area: Study

Materials

& Practical

QAs

Correct Answer:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) & Explanation Practical Explanation/Reference: Explanation:

Windows Server 2016 Hyper-V and Windows 10 Hyper-V allow native network address translation (NAT) for a virtual network.

NAT gives a virtual machine access to network resources using the host computer's IP address and a portQAs through an internal Hyper-V Virtual Switch.

Network Address Translation (NAT) is a networking mode designed to conserve IP addresses by mapping an external IP address and port to a much larger set of internal IP addresses. Basically, a NAT uses a flow table to route traffic from an external (host) IP Address and port number to the correct internal IP address associated with an endpoint on the network (virtual machine, computer, container, etc.)

Additionally, NAT allows multiple virtual machines to host applications that require identical (internal) communication ports by mapping these to unique external ports.

In order to create a NAT switch you have to create an internal switch first and use the New-NetNat cmdlet to enable Network Address Translation.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Reference: Set up a NAT network

QUESTION 104 Drag and Drop Question You have a server named Server1 that runs Windows Server 2016. You need to deploy the first cluster node of a Network Controller cluster. Which four cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order. T Select and Place: Study

Materials

& Practical Correct Answer:

QAs

Section: (none)

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation

Explanation/Reference: Explanation: Deploy Network Controller using Windows PowerShell Step 1: Install-WindowsFeature Install the Network Controller server role To install Network Controller by using Windows PowerShell, type the following commands at a Windows PowerShell prompt, and then press ENTER. Install-WindowsFeature -Name NetworkController - IncludeManagementTools T Step 2: New-NetworkControllerNodeObject You can create a Network Controller cluster by creating a node object andthenStudy configuring the cluster. You need to create a node object for each computer or VM that is a member of the Network Controller cluster. Tocreate a node object, type the following command at the Windows PowerShell command prompt, and then press ENTER. Ensure that you add values for each parameter that are appropriate for your deployment. New-NetworkControllerNodeObject Name -Server -FaultDomain -RestInteMaterials Step 3: Install-NetworkControllerCluster To configure the cluster, typethe following command at the Windows PowerShell command prompt, and then press ENTER. Ensure that you add values for each parameter that are appropriate for your deployment. Install-NetworkControllerCluster Node ClusterAuthentication ...

Step 4: Install-NetworkController To configure the Network Controller application, type the following command at the Windows PowerShell& command prompt, and then press ENTER. Ensure that you add values for each parameter that are appropriate for your deployment. Install-NetworkController Node ClientAuthenticationPractical References: https://technet.microsoft.com/en-us/library/mt282165.aspx

QUESTION 105 Hotspot Question Your network contains an Active Directory domain named contoso.com. The Functional level of the forest and the domain is Windows Server 2008 R2. All servers in the domain run Windows server 2016 standard. The domain contains 100 client computers that run eitherQAs Windows 8.1 or Windows 10. The domain contains nine servers that are configured as shown in the following table.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

Hot Area: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

Correct Answer:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

Section: (none) Explanation Explanation/Reference: QAs

QUESTION 106 Hotspot Question Your network contains an Active Directory domain named adatum.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016.

The domain contains three users named User1, User 2 and User 3.

Server 1 has a share named Share1 that has the following configurations.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& The Share permissions for Share1 are configured as shown in Share1 Exhibit. Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

Share1 contains a file named File1.txt. The Advanced Security settings for File1.txt are configured as shown in the File1.txt QAsexhibit.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

Select the appropriate statement from below. Select Yes if the state is true , otherwise no. Hot Area: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials Correct Answer:

& Practical

QAs

Section: (none) Explanation

Explanation/Reference: Explanaon: User1 has full controll NTFS permissions on File1.txt. He could take ownership of File1.txt if he would access the file locally. If he accesses the share over the network this permissions are restricted by the share permissions. Access-based enumeraon displays only the files and folders that a user has permissions to access. If a user does not have Read (or

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs equivalent) permissions for a folder, Windows hides the folder from the user’s view. This feature is acve only when viewing files and folders in a shared folder; it is not acve when viewing files and folders in the local file system

QUESTION 107 Hotspot Question You have an Active Directory domain named Contoso.com. The domain contains Hyper-V hosts named Server1 and Server2 that run Windows Server 2016. The Hyper-V hosts are configured to use NVGRE for network virtualization. You have six virtual machines that are connected to an external switch. The virtual machines are configured as shown. T Study

Materials

To which virtual machine or virtual machines can VM1 and VM3 connect? To answer, select the appropriate options in the answer area. Hot Area: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Correct Answer: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) Explanation & Practical Explanation/Reference:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

QUESTION 108 Hotspot Question & You have a network policy server (NPS) server named NPS1. One network policy is enabled on NPS1. ThePractical policy is configured as shown in the following exhibit.

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

Use the drop-down menus to select the answer choice that completes each statement based on the information in the graphic.

Hot Area:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Correct Answer: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) & Explanation Practical Explanation/Reference:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 109 Hotspot Question

Scenario:

You are a network administrator for a company named Contoso,Ltd. The network is configured as shown in the exhibit. T Study

Materials

& Practical

QAs

You install the Remote Access server role on Server2. Server2 has the following configured.

* Network address translation (NAT)

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs * The DHCP Server server role

The Security Policy of Contoso states that only TCP ports 80 and 443 are allowed from the internet to server2 You identify the following requirements:

* Add 28 devices to subnet2 for a temporary project. * Configure Server2 to accept VPN connections from the internet. * Ensure that devices on Subnet2 obtain TCP/IP settings from DHCPT on Server2. End of Scenario: Study You deploy a computer named Computer8 to subnet4. Computer8 has an IP address of 192.168.10.230 and a subnet mask of 255.255.255.240 What is the broadcast address for Subnet4? To answer, select the appropriate options in the answer area.

Hot Area: Materials

& Practical

Correct Answer: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Section: (none) Materials Explanation

Explanation/Reference: Explanaon: The broadcast address is always the last IP address of a subnet. Packets sent to the broadcast address are received by all clients within the subnet. The subnet with the network ID 192.168.10.224/28 includes the host addresses 192.168.10.225 through& 192.168.10.238 and has the broadcast address 192.168.10.239. Practical QUESTION 110 Hotspot Question You install the DHCP Server role on a server1. You create a new scope on Server1. The scope properties are configured as shown in the following exhibit. QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

Use the drop down menus to select the answer choice that completes each statement based on the information presented in the graphics.

Hot Area:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Correct Answer: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) & Explanation Practical Explanation/Reference:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QUESTION 111 Drag and Drop Question You are deploying Direct Access to a server named DA1. DA1 will be located behind a firewall and will have a single network adapter. The intermediary network will be IPv4. QAs

You need to configure the firewall to support DirectAccess.

Which firewall rules should you create for each type of traffic. To answer, drag the appropriate ports and protocols to the correct traffic types.

Select and Place:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials Correct Answer:

& Practical

QAs

Section: (none) Explanation

Explanation/Reference: Explanaon: “Most organizaons use an Internet firewall between the Internet and the computers on their perimeter network. The firewall is typically configured with packet filters that allow specific types of traffic to and from the perimeter network computers. When you add a Forefront UAG DirectAccess server to your perimeter network, you must configure addional packet filters, to allow the traffic to and

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs from the Forefront UAG DirectAccess server for all the traffic that a DirectAccess client uses to obtain IPv6 connecvity to the Forefront UAG DirectAccess server. The following describes the type of traffic you can configure on your Internet firewall depending on whether the Forefront UAG DirectAccess server is on an IPv4 or IPv6 Internet. When the Forefront UAG DirectAccess server is on the IPv4 Internet Configure packet filters on your Internet firewall to allow the following types of IPv4 traffic for the Forefront UAG DirectAccess server: Protocol 41 inbound and outbound—For DirectAccess clients that use the 6to4 IPv6 transion technology to encapsulate IPv6 packets with an IPv4 header. In the IPv4 header, the Protocol field is set to 41 to indicate an IPv6 packet payload. UDP desnaon port 3544 inbound and UDP source port 3544 outbound—For DirectAccess clients that use the Teredo IPv6 transion technology to encapsulate IPv6 packets with an IPv4 and UDPT header. The Forefront UAG DirectAccess server is listening on UDP port 3544 for traffic from Teredo-based DirectAccess clients. TCP desnaon port 443 inbound and TCP source port 443 outboundStudy—For DirectAccess clients that use IP-HTTPS to encapsulate IPv6 packets within an IPv4-based HTTPS session. The Forefront UAG DirectAccess server is listening on TCP port 443 for traffic from IP-HTTPS-based DirectAccess clients. Reference: hps://blogs.technet.microso .com/tomshinder/2010/05/06/directaccess-and-firewalls-and-nat/ Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 112 You have an IP Address Management (IPAM) server named IPAM1 that runs Windows Server 2016.

IPAM1 manages 10 DHCP servers.

You need to provide a user with the ability to track which clients receive which IP addresses from DHCP.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs The solution must minimize administrative privileges.

A. IPAM MSM Administrators B. IPAM ASM Administrators C. IPAM IP Audit Administrators D. IPAM User

Correct Answer: C Section: (none) T Explanation Study Explanation/Reference: Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 113 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.

Materials

& Practical You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com namespace.

Solution: From Windows PowerShell on Server1, you run the Add-DnsServertrustAnchor cmdlet. Does this meet the goal? QAs A. Yes B. No

Correct Answer: B Section: (none) Explanation

Explanation/Reference: Explanaon: The Add-DnsServerTrustAnchor cmdlet adds a trust anchor (DNSKEY record or DS record) to a DNS server. A trust anchor (or trust “point”) is a public cryptographic key for a signed zone. Trust anchors must be configured on every non-authoritave DNS server that

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs will aempt to validate DNS data. Trust anchors do not ensure that client computers perform DNSSEC validaon.

QUESTION 114 You are implementing a new network. The network contains a DHCP server named

DHCP1 that runs Windows Server 2016. DHCP1 contains a scope named Scope1 for the 192.168.0/24 subnet. Your company has the following policy for allocating IP addresses: T

- All server addresses must be excluded from DHCP scopes. Study - All client computer must receive IP addresses from Scope1. - All Windows servers must have IP addresses in the range of 192.168.0.200 to 192.168.0.240 - All other network devices must have IP addresses in the range of 192.168.0.180 toMaterials 192.168.0.199. You deploy a print device named Print1.

You need to ensure that Print1 adheres to the policy for allocating IP addresses. Which command should you use?

A. Add-DhcpServerv4Lease & B. Add-DhcpServerv4ExclusionRange Practical C. Add-DhcpServerv4Filter D. Add-DhcpServerv4Reservation

Correct Answer: D Section: (none) Explanation QAs Explanation/Reference: Explanation:

Network devices such as printers must have IP addresses in the range of 192.168.0.180 to 192.168.0.199.

The Add-DhcpServerv4Reservation cmdlet reserves the specified IPv4 address in the scope for a client. Once reserved, the IP address will be leased only to the client identified by the specific client identifier (ID).

QUESTION 115 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs whether the solution meets the stated goals.

T Study

Materials You have the following subnets defined on Server1.

& Practical

You need to prevent Server1 from resolving queries from DNS clients located on Subnet4. Server1 must resolve queries from all other DNS clients.

Solution: From the Security Setting of each zone on Server1, you modify the permissions. Does this meet the goal? QAs

A. Yes B. No

Correct Answer: B Section: (none) Explanation

Explanation/Reference: Explanaon:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Modify the permissions of the zones will affect all clients. We should create a firewall rule to block access to the DNS Server service from specific subnets.

QUESTION 116 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.

Server1 has two virtual machines named VM1 and VM that run Windows Server 2016. VM1 connects to Private VM2 has two network adapters. T Study

Materials

You need to ensure that VM1 connects to the corporate network by using NAT.

Solution: You connect VM2 to private1 and External1. You install the Remote Access Server role on VM2, and you configure NAT in & the Routing and Remote Access console. You configure VM1 to use VM2 as the default gateway. Practical

Does this meet the goal?

A. Yes B. No QAs Correct Answer: A Section: (none) Explanation

Explanation/Reference: Explanation:

Private virtual networks are used where you want to allow communications between virtual machine to virtual machine on the same physical server.

External virtual networks are used where you want to allow communications between a VM and the rest of the world.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Configuring VM2 for network translation between the private and the external network is a valid solution.

QUESTION 117 You have an Active Directory forest that contains 30 servers and 6,000 Client computers.

You deploy a new DHCP server that runs Windows Server 2016.

You need to retrieve the list of the authorized DHCP servers. T

Which command should you run? Study

A. Get-ADResourceProperty -Filter DHCP B. Netsh DHCP show serve C. Netsh DHCP server iniate auth Materials D. Get-DHCPServerSeng

Correct Answer: B Section: (none) Explanation & Explanation/Reference: Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& QUESTION 118 You have a DHCP server named Server1. Practical Server1 has an IPv4 scope that contains 100 addresses for a subnet named Subnet! Subnet1 provides guest access to the Internet.

There are never more than 20 client computers on Subnet1 simultaneously; however, the computers that connect to Subnet 1 are rarely the same computers.

You discover that some client computers are unable to access the network. The computers that have the issue have IP addresses in the range of 169.254.0.0/16. QAs

You need to ensure that all of the computers can connect successfully to the network to access the Internet. What should you do?

A. Create a new scope that uses IP addresses in the range of 169.254.0.0/16. B. Modify the scope options. C. Modify the lease duration. D. Configure Network Access Protection (NAP) integration on the existing scope.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Correct Answer: C Section: (none) Explanation

Explanation/Reference: Explanaon: By default, the lease me for DHCP clients is 8 days. A once assigned address is therefore blocked for 8 days and excluded from the assignment to another client. By reducing the lease duraon, enough IP addresses can be provided even with frequently changing clients. T QUESTION 119 Study Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.

Refer to exhibit, Server1 has two virtual machines named VM1 and VM that run WindowsMaterials Server 2016. VM1 connects to Private VM2 has two network adapters.

& Practical You need to ensure that VM1 connects to the corporate network by using NAT.

Solution: You connect VM1 to Internal1. You run the New-NetNatIpAddress and the New- NetNat cmdlets on Server1.

You configure VM1 to use the NAT gateway as the default gateway. QAs Does this meet the goal?

A. Yes B. No

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials QUESTION 120 You have a Hyper-V server named Server1 that runs Windows Server 2016.

Server1 has an IP address of 192.168.1.78.

Server1 has a container named Container1 that hosts a web application on port 84. & Practical Container1 has an IP address of 172.16.5.6. Container1 has a port mapping from port 80 on Server1 to port 84 on Container1.

You have a server named Server2 that has an IP address of 192.168.1.79. You need to connect to the web application from Server2. To which IP address and port should you connect?

A. 172.16.5.6:80 QAs B. 192.168.1.78:80 C. 172.16.5.6:84 D. 192.168.1.78:84

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

QUESTION 121 Practical You have a remote access server named Server1 that runs Windows Server 2016.

Server1 has DirectAccess enabled. You have a proxy server named Server2. All computers on the internal network connect to the Internet by using the proxy. QAs On Server1, you run the command Set-DAClient -forceTunnel Enabled.

You need to ensure that when a DirectAccess client connects to the network, the client accesses all the Internet resources through the proxy.

What should you run on Server1?

A. Set-DnsClientGlobalSetting B. Set-DAEntryPoint

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs C. Set-DnsClientNrptRule D. Set-DnsClientNrptGlobal

Correct Answer: C Section: (none) Explanation

Explanation/Reference: T Study

Materials

& Practical

QAs

QUESTION 122 You have an IP Address Management (IPAM) deployment that is used to manage all of the DNS servers on your network.

IPAM is configured to use Group Policy provisioning.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You discover that a user adds a new mail exchanger (MX) record to one of the DNS zones.

You want to identify which user added the record.

You open Event Catalog on an IPAM server, and you discover that the most recent event occurred yesterday. You need to ensure that the operational events in the event catalogT are never older than one hour. What should you do? Study A. From the properties on the DNS zone, modify the refresh interval. B. From an IPAM_DNS Group Policy object (GPO), modify the Group Policy refresh interval. C. From Task Scheduler, modify the Microsoft\Windows\IPAM\Audit task. D. From Task Scheduler, create a scheduled task that runs the Update-IpamServerMaterials cmdlet.

Correct Answer: C Section: (none) Explanation

Explanation/Reference: Explanaon: & IPAM launches the following tasks upon installaon with the specified periodicity. These tasks can be viewedPractical in Task Scheduler by navigang to Microso > Windows > IPAM

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 123 You have a DHCP server named Server1.

Server1 has an IPv4 scope that serves 75 client computers that run Windows 10.

When you review the address leases in the DHCP console, you discover several leases for devices that you do not recognize.

You need to ensure that only the 75 Windows 10 computers can obtainT a lease from the scope. What should you do? Study

A. Run the Add-DhcpServerv4ExclusionRange cmdlet. B. Create and enable a DHCP filter. C. Create a DHCP policy for the scope. Materials D. Run the Add-DhcpServerv4OptionDefinition cmdlet.

Correct Answer: C Section: (none) Explanation

Explanation/Reference: & Practical

QAs

QUESTION 124 You have a server named Server1 that runs Windows Server 2016.

Server1 has the DHCP Server and the Windows Deployment Service server roles installed.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Server1 is located on the same subnet as client computers.

You need to ensure that clients can perform a PXE boot from Server1.

Which two IPv4 options should you configure in DHCP? Each correct answer presents part of the solution.

A. 003 Router B. 066 Boot Server Host Name T C. 015 DNS Domain Name Study D. 006 DNS Servers E. 060 Option 60

Correct Answer: BE Materials Section: (none) Explanation

Explanation/Reference: Explanation:

A network boot program (NBP) is the first file that is downloaded and executed as part of the network boot& process and it controls the beginning of the boot experience (for example, whether or not the user must press F12 to initiate a network boot). NBPs are specific to bothPractical the architecture and firmware of the client.

You specify the default NBP for each architecture on the Boot tab of the server’s properties (right-click the server in the MMC snap-in, and click Properties). You can also override the default NBP on a per-client basis by running WDSUTIL /Set-Device /Device: /BootProgram:. For example, you may want to configure an NBP so that prestaged (or known) clients receive the default NBP (most commonly a NBP that requires users to press F12) and unknown clients receive a NBP that will cause them to perform a network boot automatically (without F12). This configuration is particularly useful in a lab environment where you want to deploy images to new computers, but you do not want existing computers to automatically boot to the network. QAs

There are two methods that you can use to direct a client computer to the correct NBP:

Configuring Your Router to Forward Broadcasts (recommended). The client contacts the server directly for this information.

Using DHCP Options 60, 66, and 67. A DHCP server relays this information to the client.

You can use the following DHCP options to direct PXE clients to an appropriate NBP to download:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Option 60 = client identifier. You should set this to the string PXEClient. Note that this only applies if DHCP is on the same server as Windows Deployment Services.

Option 66 = boot server host name

Option 67 = boot file name

QUESTION 125 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals. T Your network contains an Active Directory domain named contoso.com.Study The domain contains a DNS server named Server1. All client computers run Windows 10. On Server1, you have the following zone configuration.

Materials

& Practical

You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com namespace.QAs

Solution: From a Group Policy object (GPO) in the domain, you add a rule to the Name Resolution Policy Table (NRPT). Does this meet the goal?

A. Yes B. No

Correct Answer: A Section: (none) Explanation

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation/Reference: Explanation: The NRPT stores configurations and settings that are used to deploy DNS Security Extensions (DNSSEC), and also stores information related to DirectAccess, a remote access technology. Note: The Name Resolution Policy Table (NRPT) is a new feature available in Windows Server 2008 R2. The NRPT is a table that contains rules you can configure to specify DNS settings or special behavior for names or namespaces. When performing DNS name resolution, the DNS Client service checks the NRPT before sending a DNS query. If a DNS query or response matches an entry in the NRPT, it is handled according to settings in the policy. Queries and responses that do not match an NRPT entry are processed normally. T References: https://technet.microsoft.com/en-us/library/ee649207(v=ws.10).aspxStudy

QUESTION 126 Refer to Exhibit, you plan to implement a VPN. FabRA1 will use the RADIUS proxy for authentication. Materials You need to ensure that VPN clients can be authenticated and can access internal resources.

The solution must ensure that FabRS1 is used as a RADIUS server and FabRPl is used as a RADIUS proxy.

& Practical

QAs Which two actions should you perform? Each correct answer presents part of the solution.

A. Create a connection request policy on FabRSl. B. Create a connection request policy on FabRPl. C. Create a network policy on FabRSl. D. Delete the default connection request policy on FabRSl. E. Create a network policv on FabRPl.

Correct Answer: BC

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Section: (none) Explanation

Explanation/Reference:

T Study

QUESTION 127 Note: This question is part of a series of questions that present theMaterials same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that runs Windows Server 2016 and has the DNS Server role installed. Automatic scavenging of state records is enabled and the scavenging period is . & All client computers dynamically register their names in the contoso.com DNS zone on Server1. Practical You discover that the names of multiple client computers that were removed from the network several weeks ago can still be resolved.

You need to configure Server1 to automatically remove the records of the client computers that have been offline for more than 10 days.

Solution: You set the Expires after value of the zone. Does this meet the goal? QAs

A. Yes B. No

Correct Answer: B Section: (none) Explanation

Explanation/Reference: Explanaon:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs The queson states that automac scavenging of stale records is enabled. Automac scavenging of stale records is a server seng. To ensure that zone data is processed by this feature, we have to configure Aging for the zone. By default Zone Aging is disabled. Expires A er specifies the period of me for which zone informaon is valid on the secondary server. If the secondary server can't download data from a primary server within this period, the secondary server lets the data in its cache expire and stops responding to DNS queries. Seng Expires A er to seven days allows the data on a secondary server to be valid for seven days.

QUESTION 128 Hotspot Question T Server1 provides DNS name resolution to both internal and external clients.Study

Server1 hosts the primary zone for contoso.com.

You need to configure Server1 to meet the following requirements: Materials

* Internal clients must be able to use Server 1 to resolve internal-based DNS names. * External clients must not be able to use Server1 to resolve Internal-based DNS names. * External clients must able to use Server1 to resolve names in the contoso.com zone. Which commands should you run on Server1? To answer select the appropriate option in answer area.& Hot Area: Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

Correct Answer: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

Section: (none) QAs Explanation

Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 129 Hotspot Question

Refer to Exhibit:

T Study

Materials

& Practical

QAs

\\Server1.adatum.com\namespace1 has a folder target named Folder1. A user named User1 has Full Control share and NTFS permissions to Folder1. Folder1 contains a file named Filel.doc User1 has only Write NTFS permissions to Filel.doc Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Hot Area:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Correct Answer: & Practical

QAs

Section: (none) Explanation

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation/Reference:

QUESTION 130 Hotspot Question T You have a Hyper-V host named Server1 that runs Windows Server 2016.Study Server1 has two network adaptors named NK1 and NIC2. Server2 has two virtual switches named vSwitch1 and vSwitch2. N1C1 connects to vSwitch1. NIC2 connects to vSwitch2

Server1 hosts a virtual machine named VM1. VM1 has two network adapters named vmNIC1 and vmNIC1. VmNIC1 connects to vSwitch1. VmNIC2 connects to vSwitch2. Materials

You need to create a NIC team on VM1.

What should you run on VM1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. & Hot Area: Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Correct Answer: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) Explanation & Practical Explanation/Reference:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs HyperVPort: Distributes network traffic based on the source virtual machine Hyper-V switch port idenfier. When you specify this algorithm with the TeamingMode parameter and the SwitchIndependent value, inbound traffic is routed to the same team member as the switch port’s outgoing traffic.

QUESTION 131 Hotspot Question

Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. T Server1 configured to use a forwarder named server2.contoso.com thatStudy has an IP address of 10.0.0.10. You need to prevent Server1 from using root hints if the forwarder is unavailable. What command should you run? To answer, select the appropriate options in the answer area.

Hot Area: Materials

& Practical Correct Answer:

QAs

Section: (none) Explanation

Explanation/Reference: Explanaon: The Add-DnsServerRecursionScope cmdlet adds a recursion scope on a Domain Name System (DNS) server. Recursion scopes are unique instances of a group of sengs that control recursion on a DNS server. A recursion scope contains a list of forwarders and specifies whether recursion is enabled. A DNS server can have many recursion scopes.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs DNS server recursion policies allow you to choose a recursion scope for a set of queries. If the DNS server is not authoritave for certain queries, DNS server recursion policies allow you to control how to resolve those queries. You can specify which forwarders to use and whether to use recursion. The legacy recursion seng and list of forwarders are now referred as the default recursion scope. You cannot add or remove the default recursion scope, idenfied by name as dot (.). The Add-DnsServerQueryResoluonPolicy cmdlet adds a policy for query resoluon to a Domain Name System (DNS) server. A policy determines the resoluon of queries based on criteria that you specify in the policy. Example: Allow recursion for internal clients The first command creates a recursion scope called InternalClients.T Recursion is enabled for this scope. The second command modifies the default recursion scope by using theStudy Set-DnsServerRecursionScope cmdlet. The default scope, idenfied by a dot (.), has recursion disabled. The final command creates a policy that uses the InternalClients scope. For that scope, on the specified server interface address, the policy allows recursion. Add-DnsServerRecursionScope -Name "InternalClients" -EnableRecursion $True Materials Set-DnsServerRecursionScope -Name . -EnableRecursion $False Add-DnsServerQueryResolutionPolicy -Name "SplitBrainPolicy" -Action ALLOW - ApplyOnRecursion -RecursionScope "InternalClients" -ServerInterfaceIP "EQ,10.0.0.34" - PassThru Reference: Add-DnsServerRecursionScope & Add-DnsServerQueryResoluonPolicy Practical Selecve Recursion Control Using DNS Server Policies

QUESTION 132 Hotspot Question On a DNS server that runs Windows Server 2016, you plan to create two new primary zones named adatum.com and contoso.com.QAs You have the following requirements for the zones:

- Ensure that computers on your network can register records automatically in the adatum.com zone. - Ensure that records that are stale for two weeks are purged automatically from the contoso.com zone.

What should you configure for each zone? To answer, select the appropriate options in the answer area.

Hot Area:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Correct Answer: Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) & Explanation Practical

Explanation/Reference: Explanaon: In order to ensure that computers on your network can register records automacally in the adatum.com zone we need to configure dynamic updates for the zone. In order to ensure that records that are stale for two weeks are purged automacally from the contoso.com zone we need to configure the Zone Aging/Scavenging Properes. QAs

QUESTION 133 Hotspot Question

Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1.

You enable Response Rate Limiting on Server1.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You need to prevent Response Rate Limiting from applying to hosts that reside on the network of 10.0.0.0/24. Which cmdlets should you run? To answer, select the appropriate options in the answer area.

Hot Area:

T Study

Materials

& Practical

Correct Answer:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) & Explanation Practical Explanation/Reference: Explanation: The RRL is working (You enable Response Rate Limiting on Server1.) So no need to enable it anyway. What is needed to a subnet and then the subnet is used in exception definition. QUESTION 134 QAs Hotspot Question

You are configuring internal virtual networks to support multitenancy communication between tenant virtual machine networks and remote sites. You have a tenant named Tenant1. You need to enable Border Gateway Protocol (BGP) for Tenant1. Which commands should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Hot Area:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials Correct Answer:

& Practical

QAs

Section: (none) Explanation

Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 135 Hotspot Question

You have two servers named Server1 and Server2 that run Windows Server 2016. Server1 has the DNS Server role installed. The advanced DNS properties for Server1 are shown in the Advanced DNS exhibit. (Click the Exhibit button.) Server2 is configured to use Server1 as a DNS server. Server2 has the following IP configuration. T Study

Materials

& Practical

Advanced DNS QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

DNS Manager

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Select the appropriate selection if statement is "Yes" or No.

Hot Area: & Practical

QAs

Correct Answer:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) Explanation

Explanation/Reference: & Explanaon: The DNS server has Enable round robin and Enable netmask ordering enabled. Enable netmask orderingPractical is used to priorize local resources for DNS clients. Windows 2003 and newer Operang Systems Subnet Priorzaon Feature Defaults to a Class C Subnet. Host2 is an alias name for a ressource record in the same DNS zone. Since the zone does not contain a host (A) record for Server1, queries for host1.adatum.com can´t be resolved. Reference: DNS and Subnet Priorzaon & DNS Round Robin

QUESTION 136 You have a test environment that includes two servers named Server1 and Server2. The servers run Windows Server 2016.QAs You need to ensure that you can implement SMB Direct between the servers. Which feature should the servers support?

A. Remote Direct Memory Access (RDMA) B. Multipath I/O (MPIO) C. Virtual Machine queue (VMQ) D. Single root I/O virtualization (SR-IOV)

Correct Answer: A

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Section: (none) Explanation

Explanation/Reference:

T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 137 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.

Refer to exhibit. Server1 has two virtual machines named VM1 and VM that run Windows Server 2016. VM1 connects to Private1. VM2 has two network adapters.

T Study You need to ensure that VM1 connects to the corporate network by using NAT. Solution: You connect VM2 to Private1 and External1. You run the New-NetNatIpAddressMaterials and the New-NetNat cmdlets on VM2. You configure VM1 to use VM2 as the default gateway.

Does this meet the goal?

A. Yes & B. No Practical

Correct Answer: B Section: (none) Explanation

Explanation/Reference: Explanation: QAs

Internal virtual networks are used where you want to allow communications between: Virtual machine to virtual machine on the same physical server. Virtual machine to parent partition (and visa-versa). Windows Server 2016 Hyper-V and Windows 10 Hyper-V allow native network address translation (NAT) for a virtual network. Configuring native NAT involves an internal switch and the two cmdlets mentioned in the solution. But each VM must use the configured NAT gateway as default gateway in order to access external ressources. VM2 is not configured as NAT-Router.

Reference: Set up a NAT network

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 138 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.

Refer to exhibit. Server1 has two virtual machines named VM1 and VM that run Windows Server 2016. VM1 connects to Private1. VM2 has two network adapters.

T Study

You need to ensure that VM1 connects to the corporate network by using NAT. Solution: You connect VM1 to Inernal1. You run the New-NetNatIpAddress and the MaterialsNew-NetNat cmdlets on Server1. You configure VM1 to use Server1 as the default gateway. Does this meet the goal?

A. Yes B. No

Correct Answer: B & Section: (none) Explanation Practical

Explanation/Reference: Explanation:

Internal virtual networks are used where you want to allow communications between: Virtual machine to virtual machine on the same physical server. QAs Virtual machine to parent partition (and visa-versa). Windows Server 2016 Hyper-V and Windows 10 Hyper-V allow native network address translation (NAT) for a virtual network. Configuring native NAT involves an internal switch and the two cmdlets mentioned in the solution. But each VM must use the configured NAT gateway as default gateway in order to access external ressources. VM2 is not configured as NAT-Router.

Reference: Set up a NAT network

QUESTION 139 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs stated goals.

Refer to exhibit. Server1 has two virtual machines named VM1 and VM that run Windows Server 2016. VM1 connects to Private1. VM2 has two network adapters.

T You need to ensure that VM1 connects to the corporate network by usingStudy NAT. Solution: You connect VM2 to Private1 and External1. You install the Remote Access server role on VM2, and you configure NAT in the Routing and Remote Access console. You configure VM1 to use VM2 as the default gateway. Does this meet the goal? Materials A. Yes B. No

Correct Answer: A Section: (none) Explanation &

Explanation/Reference: Practical Explanation:

Private virtual networks are used where you want to allow communications between virtual machine to virtual machine on the same physical server. External virtual networks are used where you want to allow communications between a VM and the rest of the world. QAs Configuring VM2 for network translation between the private and the external network is a valid solution.

QUESTION 140 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named adatum.com. The domain contains two DHCP servers named Server1 and Server2.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Server1 has the following IP configuration.

T Study

Materials

& Practical Server2 has the following IP configuration.

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Some users report that sometimes they cannot access the network because of conflicting IP addresses. You need to configure DHCP to avoid leasing addresses that are in use already. & Solution: On Server1, you modify the ActivatePolicies setting of the scope. Practical

Does this meet the goal?

A. Yes B. No QAs Correct Answer: B Section: (none) Explanation

Explanation/Reference: Explanaon: The IP address ranges on Server1 and Server2 overlap. Therefore, in some cases, Server1 and Server2 will issue the same IP addresses. The number of conflict detecon a empts is set to 0 on Server1. This means that Server1 does not check whether an IP is already in use on the network before issuing.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs To avoid IP address conflicts, we must either change the address ranges so that there is no overlap or set the number of conflict detecon a empts on Server1 to a value greater than 0.

QUESTION 141 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you willT NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory domain named adatum.com.Study The domain contains two DHCP servers named Server1 and Server2.

Server1 has the following IP configuration. Materials

& Practical

QAs

Server2 has the following IP configuration.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Does this meet the goal?

A. Yes B. No QAs Correct Answer: A Section: (none) Explanation

Explanation/Reference: Explanation:

The IP address ranges on Server1 and Server2 overlap. Therefore, in some cases, Server1 and Server2 will issue the same IP addresses.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs The number of conflict detection attempts is set to 0 on Server1. This means that Server1 does not check whether an IP is already in use on the network before issuing.

To avoid IP address conflicts, we must either change the address ranges so that there is no overlap or set the number of conflict detection attempts on Server1 to a value greater than 0.

QUESTION 142 Note: This question is part of a series of questions thatT present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more Studythan one correct solution, while others might not have a correct solution. After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory domain named adatum.com. The domainMaterials contains two DHCP servers named Server1 and Server2.

Server1 has the following IP configuration.

& Practical

QAs

Server2 has the following IP configuration.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Some users report that sometimes they cannot access the network because of conflicting IP addresses.

You need to configure DHCP to avoid leasing addresses that are in use already. &

Solution: On Server2, you modify the ConflictDetectionAttempts value for IPv4. Practical

Does this meet the goal?

A. Yes B. No QAs Correct Answer: A Section: (none) Explanation

Explanation/Reference: Explanaon: The IP address ranges on Server1 and Server2 overlap. Therefore, in some cases, Server1 and Server2 will issue the same IP addresses. The number of conflict detecon aempts is set to 0 on Server1. This means that Server1 does not check whether an IP is already in use on the network before issuing. To avoid IP address conflicts, we must either change the address ranges so that there is no overlap or set the number of conflict

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs detecon aempts on Server1 to a value greater than 0.

QUESTION 143 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com. The forest has three sites located in London, Paris, and Berlin. T The London site contains a web server named Web1 that runs WindowsStudy Server 2016.

You need to configure Web1 as an HTTP content server for the hosted cache servers located in the Paris and Berlin sites.

Solution: You install the Static Content role service, and then you restart the IIS AdminMaterials Service.

Does this meet the goal?

A. Yes B. No

Correct Answer: B & Section: (none) Practical Explanation

Explanation/Reference: Explanaon: To deploy content servers that are Secure Hypertext Transfer Protocol (HTTPS) Web servers, Hypertext Transfer Protocol (HTTP) Web servers, and Background Intelligent Transfer service (BITS)-based applicaon servers, such as Windows Server Update Services (WSUS) and System Center Configuraon Manager branch distribuon site system servers, you must install the BranchCache feature, QAsstart the BranchCache service, and (for WSUS servers only) perform addional configuraon steps.

QUESTION 144 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that runs Windows Server 2016 and

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs has the DNS Server server role installed. Automatic scavenging of stale records is enabled and the scavenging period is set to 10 days.

All client computers dynamically register their names in the contoso.com DNS zone on Server1.

You discover that the names of multiple client computers that were removed from the network several weeks ago can still be resolved.

You need to configure Server1 to automatically remove the records of the client computers that have been offline for more than 10 days. T Solution: You set the Expires after value of the zone. Study Does this meet the goal?

A. Yes B. No Materials

Correct Answer: B Section: (none) Explanation

Explanation/Reference: Explanation: & Practical The question states that automatic scavenging of stale records is enabled. Automatic scavenging of stale records is a server setting. To ensure that zone data is processed by this feature, we have to configure Aging for the zone. By default Zone Aging is disabled.

The expires after value of the zone spedifies the time at which a secondary nameserver becomes no longer authoritative for the zone if the server has been unable to contact the primary . QAs QUESTION 145 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a server named Server1 that has the Network Policy and Access Services server role installed.

You create a Shared Secret Network Policy Server (NPS) template named Template1.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You need to view the shared secret string used for Template1.

Solution: From Windows PowerShell, you run Get-NpsSharedSecretTemplate -Name Template1.

Does this meet the goal? A. Yes T B. No Study Correct Answer: A Section: (none) Explanation

Explanation/Reference: Materials Explanation: The Get-NpsSharedSecretTemplate cmdlet returns a list of available shared secret templates. Network Policy Server (NPS) includes a template type that you can use to assign a shared secret when you configure a Remote Authentication Dial-In User Service (RADIUS) client or server. A shared secret is a text string that serves as a password between a RADIUS client and a RADIUS server, a RADIUS client and a RADIUS proxy, or a RADIUS proxy and a RADIUS server. RADIUS clients, servers, and proxies use shared secrets to verify that the RADIUS messages they receive originate with a RADIUS-enabled device that is configured with the same shared secret. Examples Example 1: Get shared secrets templates from a Network Policy Server & PowerShellCopy PS C:\>Get-NPSSharedSecretTemplate Practical This command gets the shared secrets templates from an NPS. Optional Parameters -Name Specifies the name of the shared secret template to return. If you do not specify this parameter, the cmdlet returns all shared secret templates. Type: String QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

QUESTION 146 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. & After you answer a question in this sections, you will NOT be able to return to it. AsPractical a result, these questions will not appear in the review screen. You have a server named Server1 that has the Network Policy and Access Services server role installed.

You create a Shared Secret Network Policy Server (NPS) template named Template1. You need to view the shared secret string used for Template1. QAs Solution: From the Network Policy Server console, you export the configuration, and you view the exported XML file.

Does this meet the goal?

A. Yes B. No

Correct Answer: B Section: (none)

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation

Explanation/Reference:

T Study

Materials

& Practical

QAs

QUESTION 147 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You have a server named Server1 that has the Network Policy and Access Services server role installed.

You create a Shared Secret Network Policy Server (NPS) template named Template1.

You need to view the shared secret string used for Template1. Solution: From the Network Policy Server console, you view the properties of Template1.

Does this meet the goal?

A. Yes T B. No Study

Correct Answer: B Section: (none) Explanation Materials Explanation/Reference:

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QUESTION 148 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. QAs After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com. The domain contains a DHCP server named Server2 than runs Windows Server 2016.

Users report that their client computers fail to obtain an IP address.

You open the DHCP console as shown in the Exhibit. (Click the Exhibit button.)

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Scope1 has an address range of 172.16.0.10 to 172.16.0.100 and a prefix length of 23 bits.

You need to ensure that all of the client computers on the network can obtain an IP address from Server2.&

Solution: You run the Set-DhcpServerv4MulticastScope cmdlet. Practical

Does this meet the goal?

A. Yes B. No QAs Correct Answer: B Section: (none) Explanation

Explanation/Reference: Explanaon: The blue exclamaon mark signals that all IP addresses have been allocated by the DHCP server and are in use. No more clients can obtain IP addresses from the DHCP server because it has no more IP addresses to allocate. We need to extend the address space of the exisng scope or add a new scope. See also: DHCP Console Icons Reference

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 149 You manage a Windows Server 2016 software-defined network.

Network Controller is installed on a three-node domain-joined cluster of virtual machines.

You need to add a new access control list (ACL) for the network controller to the network interface on a tenant virtual machine. The ACL will have only one rule that prevents only outbound traffic from the 10.10.10.0/24 subnet. T You plan to run the following Windows PowerShell commands. Study

$ruleproperties = new-object Microsoft.Windows.NetworkController.AclRuleProperties $ruleproperties.SourcePortRange = "0-65535" Materials $ruleproperties.DestinationPortRange = "0-65535" $ruleproperties.Action = "Deny" $ruleproperties.Priority = "100" $ruleproperties.Type = "Outbound" $ruleproperties.Logging = "Enabled"

Which three remaining properties should you add to the rule? Each correct answer presents part of the& solution. (Choose three.) Practical NOTE: Each correct selection is worth one point.

A. $ruleproperties.SourceAddressPrefix = "10.10.10.0/24" B. $ruleproperties.DestinationAddressPrefix = "10.10.10.0/24" C. $ruleproperties.Protocol = "ALL" D. $ruleproperties.Protocol = "TCP" QAs E. $ruleproperties.SourceAddressPrefix = "*" F. $ruleproperties.DestinationAddressPrefix = "*"

Correct Answer: ACF Section: (none) Explanation

Explanation/Reference: Explanaon: You can enable and configure Datacenter Firewall by creang ACLs that are applied to a virtual subnet or a network interface.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs The following arcle demonstrates how to use Windows PowerShell to create these ACLs. Use Access Control Lists (ACLs) to Manage Datacenter Network Traffic Flow

QUESTION 150 Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

You have multiple servers that run Windows Server 2016. You haveT a server named Server1 that is configured as a domain controller and a DNS server. Study You need to create an Active Directory-integrated zone on Server1.

What should you run?

A. dism.exe Materials B. dns.exe C. dnscmd.exe D. netsh.exe E. Set-DhcpServerDatabase F. Set-DhcpServerv4DnsSetting & G. Set-DhcpServerv6DnsSetting H. Set-DNSServerSetting Practical

Correct Answer: C Section: (none) Explanation Explanation/Reference: QAs Explanation:

You can create forward lookup zones from the command-line by using the dnscmd command.

The following example creates a forward lookup AD DS–integrated primary zone named contoso.com on a DNS server named Server1 that is also a domain controller and stores the zone information in the domain DNS partition within AD DS: dnscmd server1 /zoneadd contoso.com /dsprimary

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Additional Answer Choices: A: dism.exe B: dns.exe C: dnscmd.exe D: netsh.exe E: Set-DhcpServerDatabase F: Set-DhcpServerv4DnsSetting G: Set-DhcpServerv6DnsSetting T H: Set-DNSServerSetting Study QUESTION 151 Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question. Materials

Your network contains an Active Directory domain named contoso.com. The domain contains a DHCP server named Server2 that runs Windows Server 2016.

Server2 has 10 IPv4 scopes. You need to ensure that the scopes are backed up every 30 minutes to the folder D:\DHCPBackup.

What should you run? &

A. dism.exe Practical B. dns.exe C. dnscmd.exe D. netsh.exe E. Set-DhcpServerDatabase F. Set-DhcpServerv4DnsSetting QAs G. Set-DhcpServerv6DnsSetting H. Set-DNSServerSetting

Correct Answer: E Section: (none) Explanation

Explanation/Reference: Explanaon: The Set-DhcpServerDatabase cmdlet modifies one or more configuraon parameters of the database of the Dynamic Host

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Configuraon Protocol (DHCP) server service. The BackupInterval parameter specifies the interval of me between automac database backups, in minutes. The BackupPath parameter specifies the path of the directory where the database should be backed up. The following example sets the backup file name to D:\NewDhcpPath\dhcp.mdb and the backup path to D:\NewDhcpPath\backup. This cmdlet also sets the periodicity of the database backup to 30 minutes and the periodic cleanup of the database to 120 minutes. Set-DhcpServerDatabase -ComputerName dhcpserver.contoso.com -FileName D:\NewDhcpPath\dhcp.mdb -BackupPath D:\NewDhcpPath\backup -BackupInterval 30 -CleanupInterval 120 Addional Answer Choices: A: dism.exe B: dns.exe T C: dnscmd.exe D: dsamain.exe Study E: Set-DhcpServerDatabase F: Set-DhcpServerv4DnsSeng G: Set-DhcpServerv6DnsSeng H: Set-DNSServerSeng Materials QUESTION 152 Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

You have multiple servers that run Windows Server 2016. & Practical The DNS Server server role is installed on a server named Server1.

You need to configure Server1 to use a DNS forwarder that has an IP address of 192.168.10.15.

What should you run? QAs A. dism.exe B. dns.exe C. dnscmd.exe D. netsh.exe E. Set-DhcpServerDatabase F. Set-DhcpServerv4DnsSetting G. Set-DhcpServerv6DnsSetting H. Set-DNSServerSetting

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

The following command sets the DNS forwarders on Server1 to theT Google DNS servers: dnscmd server1 /ResetForwarders 8.8.8.8 8.8.4.4 /timeout 3 /noslave Study

Notes:

Separate the DNS IP addresses by a space. Materials You cannot add individual entries one after the other, you must add all forwarders at the same time in one command. But you can add or change existing entries from DNS Manager. The /timeout switch specifies the amount of time that your DNS server waits for the forwarder to respond. The /slave switch indicates that the DNS server will not attempt to perform its own iterative queries if the forwarder fails to resolve the query. The /noslave switch means that the DNS server will use its root hints file if no forwarders are available to resolve the query. Alternate you can use the Set-DnsServerForwarder cmdlet. & Practical Additional Answer Choices: A: dism.exe B: dns.exe C: dnscmd.exe D: netsh.exe E: Set-DhcpServerDatabase QAs F: Set-DhcpServerv4DnsSetting G: Set-DhcpServerv6DnsSetting H: Set-DNSServerSetting

QUESTION 153 Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You have a server named Server1 that runs Windows Server 2016.

You install the DHCP Server server role on Server1. You need to authorize DHCP on Server1.

What should you run?

A. dism.exe B. dns.exe T C. dnscmd.exe Study D. netsh.exe E. Set-DhcpServerDatabase F. Set-DhcpServerv4DnsSetting G. Set-DhcpServerv6DnsSetting Materials H. Set-DNSServerSetting

Correct Answer: D Section: (none) Explanation

Explanation/Reference: & Explanaon: Practical You can use the Netsh command to authorize a DHCP server from the command line. In an Acve Directory environment, you must first authorize your DHCP server before it can lease addresses to clients. For example, to authorize a DHCP server named Server1 in the contoso.com domain and which has IP address 10.10.20.51, type the following command: netsh dhcp add server Server1.contoso.com 10.10.20.51 To verify the result, type this command: netsh dhcp show server QAs If you decide later to remove the server from your network, you can unauthorized it by typing: netsh dhcp delete server Server1.contoso.com 10.10.20.51 Addional Answer Choices: A: dism.exe B: dns.exe C: dnscmd.exe D: netsh.exe E: Set-DhcpServerDatabase F: Set-DhcpServerv4DnsSeng G: Set-DhcpServerv6DnsSeng H: Set-DNSServerSeng

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 154 Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

You have multiple servers that run Windows Server 2016.

You need to install the DNS Server server role on one of the servers. T What should you run? Study

A. dism.exe B. dns.exe C. dnscmd.exe Materials D. netsh.exe E. Set-DhcpServerDatabase F. Set-DhcpServerv4DnsSetting G. Set-DhcpServerv6DnsSetting H. Set-DNSServerSetting & Correct Answer: A Section: (none) Practical Explanation

Explanation/Reference: Explanaon: Use the following command line to install the DNS Server server role using DISM.exe: Dism.exe /online /enable-feature /featurename:DNS-Server-Full-Role /featurename:DNS-Server-Tools Addional Answer Choices: QAs A: dism.exe B: dns.exe C: dnscmd.exe D: netsh.exe E: Set-DhcpServerDatabase F: Set-DhcpServerv4DnsSeng G: Set-DhcpServerv6DnsSeng H: Set-DNSServerSeng

QUESTION 155

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You have a server named Server1 that runs Windows Server 2016.

You need to configure Server1 as a multitenant RAS Gateway.

What should you install on Server1?

A. the Network Controller server role B. the Data Center Bridging feature C. the Remote Access server role T D. the Network Policy and Access Services server role Study

Correct Answer: C Section: (none) Explanation Materials Explanation/Reference: Explanation:

RAS Gateway is a software router and gateway that you can use in either single tenant mode or multitenant mode.

Single tenant mode allows organizations of any size to deploy the gateway as an exterior, or Internet-facing& edge virtual private network (VPN) and DirectAccess server. In single tenant mode, you can deploy RAS Gateway on a physical server or virtual machine (VM) Practicalrunning Windows Server 2016.

Multitenant mode allows Cloud Service Providers (CSPs) and Enterprises to use RAS Gateway to enable datacenter and cloud network traffic routing between virtual and physical networks, including the Internet. For multitenant mode, it is recommended that you deploy RAS Gateway on VMs that are running Windows Server 2016.

RAS Gateway includes the following deployment modes. QAs Single tenant mode

For most organizations, using RAS Gateway in single tenant mode is the typical configuration.In single tenant mode, you can deploy RAS Gateway as an edge VPN server, an edge DirectAccess server, or both simultaneously. In this configuration, RAS Gateway provides remote employees with connectivity to your network by using either VPN or DirectAccess connections. In addition, single tenant mode allows you to connect offices at different physical locations across the Internet.

Multitenant mode

If your organization is a CSP or an Enterprise with multiple tenants, you can deploy RAS Gateway in multitenant mode to provide network traffic routing to and from

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs virtual and physical networks.

Multitenancy is the ability of a cloud infrastructure to support the virtual machine workloads of multiple tenants, yet isolate them from each other, while all of the workloads run on the same infrastructure. The multiple workloads of an individual tenant can interconnect and be managed remotely, but these systems do not interconnect with the workloads of other tenants, nor can other tenants remotely manage them.

For example, an Enterprise might have many different virtual subnets, each of which is dedicated to servicing a specific department, such as Research and Development or Accounting. In another example, a CSP has many Ttenants with isolated virtual subnets existing in the same physical datacenter. In both cases, RAS Gateway can route traffic to and from each tenant while maintaining theStudy designed isolation of each tenant. This capability makes the RAS Gateway multitenant-aware. Virtual networks are created by using Hyper-V Network Virtualization, which is a technology that was introduced in Windows Server 2012, and is improved in Windows Server 2016. RAS Gateway is integrated with Hyper-V Network Virtualization, and is able to route network traffic effectively in circumstances where there are many different customers - or tenants - who have isolated virtual networks in the same datacenter.Materials Hyper-V Network Virtualization provides you with the ability to deploy a virtual machine (VM) network that is independent of the underlying physical network. With VM networks, which are composed of one or more virtual subnets, the exact physical location of an IP subnet is decoupled from the virtual network topology. As a result, you can easily move your on premises subnets to the cloud - while preserving your existing IP addresses and topology in the cloud. This ability to preserve infrastructure allows existing services to continue to work, unaware of the physical location of the subnets. That is, Hyper-V Network Virtualization enables a seamless hybrid cloud. & QUESTION 156 You have a server named Server1 that runs Windows Server 2016. You install the Hyper-V server role on PracticalServer1. Server1 has eight network adapters that are dedicated to virtual machines. The network adapters are Remote Direct Memory Access (RDMA)-enabled. You plan to use Software Defined Networking (SDN). You will host the virtual machines for multiple tenants on the Hyper-V host.

You need to ensure that the network connections for the virtual machines are resilient if one or more physical network adapters fail. QAs What should you implement?

A. single root I/O virtualization (SR-IOV) B. NIC Teaming on the Hyper-V host C. virtual Receive-side Scaling (vRSS) D. Switch Embedded Teaming (SET)

Correct Answer: D Section: (none) Explanation

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation/Reference: Explanaon: SET is an alternave NIC Teaming soluon that you can use in environments that include Hyper-V and the So ware Defined Networking (SDN) stack in Windows Server 2016. SET integrates some NIC Teaming funconality into the Hyper-V Virtual Switch. SET allows you to group between one and eight physical Ethernet network adapters into one or more so ware-based virtual network adapters. These virtual network adapters provide fast performance and fault tolerance in the event of a network adapter failure. Reference: Remote Direct Memory Access (RDMA) and Switch Embedded Teaming (SET) T QUESTION 157 Study You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 has two network adapters that are Remote Direct Memory Access (RDMA)- enabled. You need to verify whether Switch Embedded Teaming (SET) is enabled. Materials Which cmdlet should you use?

A. Get-NetworkSwitchFeature B. Get-VMNetworkAdapter C. Get-VMSwitch & D. Get-VMNetworkAdapterFailoverConfiguration Practical Correct Answer: C Section: (none) Explanation

Explanation/Reference: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs QUESTION 158 You have three servers named Server1, Server2, and Server3 that run Windows Server 2016.

On all three servers, Windows Firewall is configured to allow ICMP traffic.

Server2 has two network adapters named NIC1 and NIC2.

Your network is configured as shown in the exhibit. (Click the Exhibit button.)

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials The parameters for NIC2 on Server1 are shown in the following output.

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

Which ping request will result in a reply from the destination host?

A. From Server2, ping 192.168.15.1 B. From Server3, ping 192.168.15.1 C. From Server1, ping 172.16.0.1

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs D. From Server1, ping 172.16.0.35

Correct Answer: A Section: (none) Explanation

Explanation/Reference: Explanaon: Server2 and Server3 have no entry for the default gateway and basically can only reach hosts within their local network segment. Server1 can not reach Server2 because the Forwarding parameter Tis set to disabled. Forwarding specifies the packet forwarding value for the IP interface. This value determines if this IP interface forwards packetsStudy that arrive on this interface to other interfaces. Set-NetIPInterface

QUESTION 159 Your network contains an Active Directory domain named contoso.com. The domain contains a DHCP server named Server1 that runs Windows Server 2016. Materials You have a DHCP scope for the 10.0.0.0/24 IP subnet. One hundred and fifty clients reside in the subnet. Fifty of the DHCP clients are NOT domain-joined.

You need to ensure that DHCP clients without a configured DNS suffix register automatically in a DNS zone named workgroup.contoso.com. The other DHCP clients must register in the DNS zone of their respective domain. & What should you do? Practical

A. Configure the 015 DNS Domain Name scope option in the 10.0.0.0/24 DHCP scope. B. Configure the DNS properties of the 10.0.0.0/24 DHCP scope. C. Create a DHCP policy that has a condition based on the fully qualified domain name (FQDN) criterion. Configure the IP address range properties of the policy. D. Create a DHCP policy that has a condition based on the fully qualified domain name (FQDN) criterion. QAs Configure the DNS properties of the policy.

Correct Answer: D Section: (none) Explanation

Explanation/Reference: Explanaon: We should create a DHCP policy that has a condion based on the fully qualified domain name (FQDN) criterion like “Fully Qualified Domain Name” Not Equals “*.contoso.com” and configure the DNS properes of the policy.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QUESTION 160 You have two DNS servers named Server1 and Server2.

All client computers run Windows 10 and are configured to use Server1 for DNS name resolution. QAs

Server2 hosts a primary zone named contoso.com.

Your network recently experienced several DNS spoofing attacks on the contoso.com zone.

You need to prevent further attacks from succeeding.

What should you do on Server2?

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs A.Sign the contoso.com zone. B. Configure Response Rate Limiting (RRL). C. Configure DNS-based Authentication of Named Entities (DANE) for the contoso.com zone. D. Configure the contoso.com zone to be Active Directory-integrated.

Correct Answer: A Section: (none) Explanation T Explanation/Reference: Explanaon: Study DNS spoofing is the pracce of assuming the DNS name of another system either by corrupng a name service cache or by compromising a DNS server for a valid domain. When a DNS resolver sends a remote query, it tags the query with a 16-bit XID (transacon ID) value in the DNS packet header and expects that the remote DNS server will respond on the same port with the same XID value. The query is typically sent over UDP, which is more vulnerable to aacks Materialsthan TCP because of TCP’s three step "handshake". Generally, TCP is only used a er a UDP response has been truncated. When the resolver receives a UDP DNS response, it can only weakly verify that the response is authenc. In environments that do not employ security technologies such as IPsec or HTTPS, the DNS protocol can be vulnerable to aack due to an inherent lack of authencaon and integrity checking of data that is exchanged between DNS servers or is sent to DNS clients. As originally designed, DNS itself does not offer any form of security and is vulnerable to spoofing and man-in-the-middle aacks. An aacker that has compromised a DNS server can gain access to all network communicaons that are sent& by a targeted host. If DNS servers are vulnerable to aack, it can be crical to secure them with DNSSEC. Practical DNSSEC includes changes to client and server DNS components that enable DNS data to be cryptographically signed and to enforce name validaon policies that protect DNS communicaons. With DNSSEC, a DNS server can validate responses that it receives as genuine. By validang DNS responses, DNS servers and clients are protected against the single greatest vulnerability in DNS: DNS spoofing. Why DNSSEC QAs QUESTION 161 You have a Microsoft Azure subscription and an on-premises network.

To the on-premises network, you deploy a new server named Server1 that runs Windows Server 2016. In Azure, you configure a virtual gateway on an Azure virtual network.

You need to ensure that the computers on the on-premises network can access virtual machines on the Azure virtual network.

What should you do on Server1?

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs A. Install the Remote Access server role. From the Routing and Remote Access Server Setup Wizard, select Secure connection between two private networks. B. Install the Data Center Bridging (DCB) feature, and then run the Install-RemoteAccess cmdlet. C. Install the Remote Access server role. From the Routing and Remote Access Server Setup Wizard, select Virtual private network (VPN) access and NAT. D. Install the Data Center Bridging (DCB) feature, and then run the Enable- RemoteAccessRoutingDomain cmdlet.

Correct Answer: A Section: (none) Explanation T

Explanation/Reference: Study Explanaon: A cross-premises Azure virtual network is connected to your on-premises network, extending your network to include subnets and virtual machines hosted in Azure infrastructure services. This connecon allows computers on your on-premises network to directly access virtual machines in Azure and vice versa. Materials To set up the VPN connecon between your Azure virtual network and your on-premises network, do the following steps: 1. On-premises: Define and create an on-premises network route for the address space of the Azure virtual network that points to your on-premises VPN device. 2. Microso Azure: Create an Azure virtual network with a site-to-site VPN connecon. 3. On premises: Configure your on-premises hardware or so ware VPN device to terminate the VPN connecon, which uses Internet Protocol security (IPsec). & A er you establish the site-to-site VPN connecon, you add Azure virtual machines to the subnets of the virtualPractical network. You can use the Roung and Remote Access Service (RRAS) in Windows Server 2016 or Windows Server 2012 to establish an IPsec siteto- site VPN connecon between the on-premises network and the Azure virtual network. You can also use other opons, such as Cisco or Juniper Networks VPN devices.

QUESTION 162 Your network contains an Active Directory domain. The domain contains a certification authority (CA) and a Network Policy QAsServer (NPS) server.

You plan to deploy Remote Access Always On VPN.

Which authentication method should you use?

A. Microsoft: EAP-TTLS B. Microsoft: Secured password C. Microsoft: Protected EAP D. Microsoft: EAP-AKA

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Correct Answer: C Section: (none) Explanation

Explanation/Reference: Explanaon: The Remote Access Always On VPN configuraon requires an Acve Directory–based public key infrastructure (PKI). The CA enrolls cerficates that are used for PEAP client–server authencaon. See also: Remote Access Always On VPN Deployment Overview T

QUESTION 163 Study You have a DNS server named Server1 that runs Windows Server 2016. Server1 has an Active Directory- integrated zone named adatum.com.

All client computers run Windows 10. Materials You recently encountered unexpected responses to DNS client queries in the adatum.com zone.

You need to log all the records written to the zone.

Which cmdlet should you run? & A. Add-DnsServerQueryResolutionPolicy Practical B. Set-DnsServerDsSetting C. Set-DnsServerDiagnostics D. Set-DnsServer

Correct Answer: C Section: (none) QAs Explanation

Explanation/Reference: Explanaon: The Set-DnsServerDiagnoscs cmdlet sets debugging and logging parameters on a Domain Name System (DNS) server. Reference: Set-DnsServerDiagnoscs

QUESTION 164 You have a DHCP server named Server1 that runs Windows Server 2016.

You plan to implement IPv6 on your network.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You need to configure Server1 for stateless DHCPv6.

What should you do from the DHCP console?

A. Configure the Advanced Properties for Server1 B. Configure the IPv6 Server Options C. Create an IPv6 scope T D. Configure the General IPv6 Properties Study Correct Answer: B Section: (none) Explanation

Explanation/Reference: Materials Explanaon: A DHCP Client can configure itself with an IPv6 address to be used on the network. Address configuraon can be performed in a stateful or a stateless mode. A host can use both stateless and stateful address configuraon completely independent of each other. The router adversement messages with the appropriate flags set would indicate the precise method to be used. The stateless mechanism allows a host to generate its own IPv6 addresses using a combinaon of locally available informaon and informaon adversed by routers. Other configuraons such as DNS Server addresses are configured by &DHCP. The stateless approach is used when a site is not parcularly concerned with the exact addresses hosts use, so long as they are uniquePractical and properly routable. In the stateful address auto-configuraon model, hosts obtain interface addresses and configuraon informaon and parameters from a server. The stateful approach is used when a site requires ghter control over exact address assignments.

QUESTION 165 Your company has three offices. The offices are located in Seattle, Chicago, and Montreal. QAs You are configuring a new WAN link between the three offices by using the Remote Access server role in Windows Server 2016.

You will use Border Gateway Protocol (DGP) as a routing protocol between the sites.

You need to configure the server in the Seattle office for BGP routing.

What should you do first?

A. From Routing and Remote Access, add a new IPv4 routing protocol

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs B. From Windows PowerShell, run the Add-BgpPeer cmdlet and specify the -LocalASN parameter C. From Routing and Remote Access, add a new IPv6 routing protocol D. From Windows PowerShell, run the Add-BgpRouter cmdlet and specify the -LocalASN parameter

Correct Answer: D Section: (none) Explanation Explanation/Reference: T Explanaon: When configured on a Windows Server 2016 Remote Access Service (RAS)Study Gateway in multenant mode, Border Gateway Protocol (BGP) provides you with the ability to manage the roung of network traffic between your tenants’ VM networks and their remote sites. You can also use BGP for single tenant RAS Gateway deployments, and when you deploy Remote Access as a Local Area Network (LAN) router. BGP reduces the need for manual route configuraon on routers because it is a dynamicMaterials roung protocol, and automacally learns routes between sites that are connected by using site-to-site VPN connecons. To use BGP roung, you must install the Remote Access Service (RAS) and/or the Roung role service of the Remote Access server role on a computer or virtual machine (VM) – the type of system you use depends on whether or not you have a multenant deployment: For a multenant deployment, it is recommended that you install the RAS Gateway on one or more VMs. Use of mulple VMs provides high availability. The RAS Gateway is capable of handling mulple connecons from mulple tenants,& and consists of a Hyper-V host and a virtual machine (VM) that is actually configured as the gateway. This gateway is configuredPractical with site-to-site VPN connecons as a multenant BGP router to exchange tenant and Cloud Service Provider (CSP) subnet routes. For a single tenant edge gateway deployment or a LAN router deployment, you can install the RAS Gateway on either a physical computer or a VM. The Add-BgpRouter cmdlet adds a BGP router for the specified Tenant ID. BGP Windows PowerShell Command Reference QAs QUESTION 166 You have two servers named Server1 and Server2 that run Windows Server 2016. Both servers have the DHCP Server server role installed.

Server1 has a DHCP scope named Scope1. Server2 has a DHCP scope named Scope2.

You need to ensure that client computers can get an IP address if a single DHCP server fails.

You must be able to control the percentage of requests to which each DHCP server responds during normal network operations.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs What should you do?

A. Add Server1 and Server2 as nodes in a failover cluster, and then configure the DHCP Server server role. B. Add Server1 and Server2 as nodes in a failover cluster, and then configure the quorum mode. C. On Server1 and Server2, configure DHCP failover for Scope1 and Scope2. D. Add Server1 and Server2 as nodes in a failover cluster, and then configure port rules for UDP 67 and UDP 68.

Correct Answer: C Section: (none) T Explanation Study Explanation/Reference: Explanaon: DHCP failover is a new feature that enables two Microso DHCP servers to share service availability informaon with each other, providing DHCP high availability. DHCP failover works by replicang IP address leasesMaterials and sengs in one or more DHCP scopes from a primary DHCP server to a failover partner server. All scope informaon is shared between the two DHCP servers, including acve leases. This enables either DHCP server to assume responsibility for DHCP clients if the other server becomes unavailable. Two DHCP failover modes are available to use when you create a DHCP failover relaonship: Hot standby mode: This mode provides redundancy for DHCP services. Load balance mode: This mode allocates DHCP client leases across two servers. & See also: Understand and Deploy DHCP Failover Practical

QUESTION 167 Your network contains an Active Directory domain named contoso.com that contains a domain controller named DC1. All DNS servers for the network run BIND 10.

Your perimeter network contains a DHCP server named DHCP1 that runs Windows Server 2016. DHCP1 is a member of a workgroup named WORKGROUP. DHCP1 provides IP address leases to guests accessing the Wi-Fi network. QAs

Several engineers access the network remotely by using a VPN connection to a remote access server that runs Windows Server 2016.

All of the VPN connections use certificate-based authentication and are subject to access policies in Network Policy Server (NPS). Certificates are issued by an enterprise certification authority (CA) named CA1.

All Windows computers on the network are activated by using Key Management Service (KMS). On- premises users use Remote Desktop Services (RDS).

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You plan to deploy IP Address Management (IPAM) to the network.

Which action can you perform on the network by using IPAM?

A. Manage the DNS zones on the DNS servers. B. Audit logon events on the RDS server. C. Audit authentication events from DC1. T D. Manage activations on the KMS server. Study Correct Answer: C Section: (none) Explanation

Explanation/Reference: Materials Explanation:

IPAM manages Microsoft DHCP Servers, Microsoft DNS Servers and Active Directory Domain Controllers. Since the network uses BIND DNS Servers (Berkeley Internet Name Domain Server), we can´t manage them using IPAM. & QUESTION 168 You have a server named Server1 that runs Windows Server 2016. Practical

Server1 is an IP Address Management (IPAM) server that collects DHCP and DNS logs and events for your entire network.

You need to get the IP addresses that were assigned to a client computer named Computer1 during the last week. QAs What should you do on Server1?

A. From the IPAM node in Server Manager, click IP Address Space, and then review the IP Address Inventory. B. Open Event Viewer and click Windows Logs. Filter the Security log for Computer1. C. Run the Get-IpamDhcpConfigurationEvent cmdlet. D. Run the Get-IpamIpAddressAuditEvent cmdlet.

Correct Answer: D Section: (none) Explanation

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation/Reference: Explanaon: The Get-IpamIpAddressAuditEvent cmdlet gets all IP address audit events from an IP Address management (IPAM) server over a me interval. IPAM enables IP address tracking through correlaon of Dynamic Host Configuraon Protocol (DHCP) lease events on managed DHCP servers with user and computer authencaon events on managed domain controllers and Network Policy Server (NPS) servers. You can search correlated events by IP address, client ID, hostname, or username. Use DCHP events between a start date and an end date to correlate data. The data returned includes data for both the start date and the end date. The cmdlet returns only the top 10,000 rows if the query results exceedT more than 10,000 rows. The cmdlet will display a warning if this occurs. You can avoid this situaon if you narrow the search criteria Studyto limit the results. Example: Get all IP address audit events $Today = Get-Date $LastMonth = $Tod ay.AddDays(-30) $IpamIpAddressAuditEvents = Get-I pamIpAuditEvent -StartDate $LastMonth -EndDateMaterials $Today

QUESTION 169 Drag and Drop Question

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario& is exactly the same in each question in this series. Your network contains an Active Directory domain named contoso.com. The functional level of the domainPractical is Windows Server 2012.

The network uses an address space of 192.168.0.0/16 and contains multiple subnets.

The network is not connected to the Internet.

The domain contains three servers configured as shown in the following table. QAs

Client computers obtain TCP/IP setting from Server3.

You add a second network adapter to Server2. You connect the new network adapter to the Internet. You install the Routing role service on Server2.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Server1 has four DNS zones configured as shown in the following table.

T Study You need to ensure that computers in the domain can resolve the following: The name server2.contoso.com to the name nat.contoso.com The 192.168.10.50 IP address to the name host7.fabrikam.com The name server7.tailspintoys.com to the 192.168.100.101 IP address Materials Which types of DNS records should you use? To answer, drag the appropriate DNS record types to the correct requirements. Each DNS record type may be used once, more than one, or not at all. You may need to drag the split bar between panes or scroll to view content.

Select and Place: & Practical

QAs

Correct Answer:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) Explanation

Explanation/Reference: Explanaon: An Alias record indicates an alternate or alias DNS domain name for a name already specified in other& resource record types used in this zone. The record is also known as the canonical name (CNAME) record type. Practical A Pointer (PTR) record points to a locaon in the domain name space. PTR records are typically used in special domains to perform reverse lookups of address-to-name mappings. Each record provides simple data that points to some other locaon in the domain name space (usually a forward lookup zone). Where PTR records are used, no addional secon processing is implied or caused by their presence. A Host address (A or AAAA) record maps a DNS domain name to a 32-bit IP version 4 address or a 128-bit IP version 6 address. Reference: List of DNS record types QAs QUESTION 170 Drag and Drop Question

You have a server named Server1 that runs Windows Server 2016.

You need to deploy the first node cluster of a Network Controller cluster.

Which four cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to answer area and arrange them in the correct order.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Select and Place:

T Study

Materials

& Practical

Correct Answer: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

Section: (none) Explanation

Explanation/Reference: Explanation: QAs Deploy Network Controller using Windows PowerShell Step 1: Install-WindowsFeature Install the Network Controller server role To install Network Controller by using Windows PowerShell, type the following commands at a Windows PowerShell prompt, and then press ENTER. Install-WindowsFeature -Name NetworkController -IncludeManagementTools

Step 2: New-NetworkControllerNodeObject You can create a Network Controller cluster by creating a node object and then configuring the cluster. You need to create a node object for each computer or VM that is a member of the Network Controller cluster.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs To create a node object, type the following command at the Windows PowerShell command prompt, and then press ENTER. Ensure that you add values for each parameter that are appropriate for your deployment. New-NetworkControllerNodeObject -Name -Server -FaultDomain -RestInte

Step 3: Install-NetworkControllerCluster To configure the cluster, typethe following command at the Windows PowerShell command prompt, and then press ENTER. Ensure that you add values for each parameter that are appropriate for your deployment. Install-NetworkControllerCluster -Node T-ClusterAuthentication … Step 4: Install-NetworkController Study To configure the Network Controller application, type the following command at the Windows PowerShell command prompt, and then press ENTER. Ensure that you add values for each parameter that are appropriate for your deployment. Install-NetworkController -Node -ClientAuthentication Materials References: https://technet.microsoft.com/en-us/library/mt282165.aspx

QUESTION 171 Hotspot Question

You are implementing IPv6 addressing for your company by using the following specifications: &

- The global address space is 2001:db8:1234. Practical - The company has 100 locations worldwide. - Each location has up to 300 subnets. - 64 bits will be used for hosts. You need to identify how many bits to use for the locations and the subnets. QAs How many bits should you identify? To answer, drag the appropriate amounts to the correct targets. Each amount may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Hot Area:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Correct Answer: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) & Explanation Practical Explanation/Reference: Explanaon: The company has 100 locaons (branches). In order to provide a separate address range for each branch, at least 7 bits (2 ^ 7 = 128) are required. Each branch has up to 300 subnets. To provide a separate address space for each subnet within a branch, at least 9 bits (2 ^ 9 = 512) are required. QAs

QUESTION 172 You are an administrator for your company. Your network contains a server named Server1 that runs Windows Server 2016. You run Get-NetIPAddress –AddressFamily ipv4 and receive the output shown in the following exhibit:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Hot Area:

T Study

Materials

& Practical

Correct Answer: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

Section: (none) Explanation

Explanation/Reference: Explanaon: QAs The network card that has an interface index of 20 has a PrefixLength of 24 bit (255.255.255.0). The network card that has an interface index of 10 has a PrefixLength of 8 bit (255.0.0.0). This means that there are 24 bits le for host addressing. Calculaon 2 ^ 24 - 2 addresses for network and broadcast = 16777214 addresses for hosts.

QUESTION 173 Hotspot Question

You have an IP Filters Network Policy Server (NPS) template that is used by an NPS policy. The IP filters are configured as shown in the following exhibit.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: each correct selection is worth one point.

Hot Area:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Correct Answer: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Section: (none) Explanation

Explanation/Reference: Explanaon: Input filters control which desnaons can be contacted by NAP client computers. Output filters control which computers can send traffic to noncompliant NAP clients.

QUESTION 174 Hotspot Question T Study Your network contains an Active Directory forest named contoso.com. The forest contains a Network Policy Server (NPS) server named Radius1 that runs Windows Server 2016.

You need to create a new connection request policy that will allow only Secure SocketMaterials Tunneling Protocol (SSTP) connections. Radius1 will manage all authentication requests.

Which NAS port type and which authentication method should you configure in the connection request policy? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. & Hot Area: Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Correct Answer: Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Section: (none) Explanation Practical

Explanation/Reference:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 175 Hotspot Question

Your company has a branch office that has three floors. The office currently uses a different subnet on each floor. The subnets are configured as shown in the following table.

T Study

You have been asked to use reconfigure the network to use one subnet that encompassesMaterials all three floors. The new subnet will come from the 192.168.0.0/16 address space. You need to identify which IP address and which subnet mask to use for the default gateway. The solution must meet the following requirements:

- Use the first available subnet - Use a single subnet for all three floors - Use the first available IP address on the segment for the default gateway - Minimize the number of unused IP addresses & Which IP address and which subnet mask should you identify? To answer, select the appropriate options inPractical the answer area.

NOTE: Each correct selection is worth one point.

Hot Area: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Correct Answer: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) & Explanation Practical Explanation/Reference: Explanaon: The network contains a total of 45 computers. This means 45 IP addresses are required for host addressing. The subnet mask 255.255.255.192 (26 bits) provides 6 bits for host addressing. This results in 2 ^ 6-2 = 62 IP addresses for hosts and 4 possible subnets. The first subnet has the network ID 192.168.0.0 and the broadcast address 192.168.0.63. The addresses from 192.168.0.1 to 192.168.0.62 are available for host addressing QAs QUESTION 176 Hotspot Question

You have a DHCP server named Server1 that runs Windows Server 2016.

You run Get-DhcpServerv4Scope, and you receive the following results.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You run Get-DhcpServerv4FilterList, and you receive the following results.

T Study

You run Get-DhcpServerv4Filter, and you receive the following results. Materials

For each of the following statements, select Yes if the statement is true. Otherwise, select No. & Practical NOTE: Each selection is worth one point.

Hot Area:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Correct Answer: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Section: (none) Explanation

Explanation/Reference: Explanaon: Allow filters are deacvated and do not apply. Deny filters are acvated and prevent the device that has a MAC address of BBCCDDEEFFAA to obtain an IP address from Server1.

QUESTION 177 Hotspot Question T Study Your company has a testing environment that contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. Server1 has IP Address Management (IPAM) installed. IPAM has the following configuration. Materials

& The IPAM Overview page from Server Manager is shown in the IPAM Overview exhibit. (Click the Exhibit button.)Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

The group policy configurations are shown in the GPO exhibit. (Click the Exhibit button.) QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Hot Area:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Correct Answer: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Section: (none) Explanation

Explanation/Reference: Explanaon: IP Address Management (IPAM) has been provisioned using the group policy based mode. The IPAM GPOs has been created and linked using the Invoke-IpamGpoProvisioning cmdlet, but the server discovery is not configured yet. So the automac discovery doesn´t work. T QUESTION 178 Hotspot Question Study

Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that runs Windows Server 2016.

Server1 has IP Address Management (IPAM) installed. IPAM users a Windows InternalMaterials Database.

You install Microsoft SQL Server on Server1.

You plan to move the IPAM database to SQL Server.

You need to create a SQL server login for the IPAM service account. & Practical For which user should you create the login? To answer, select the appropriate options in the answer area.

Hot Area:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials Correct Answer:

& Practical

QAs

Section: (none) Explanation

Explanation/Reference: Explanaon: The IPAM service is running as "NT AUTHORITY\NETWORK SERVICE". We need to create a SQL Server logon with the required permissions for this account. Reference: Moving IPAM Database from Windows Internal Database (WID) to SQL server located on the same server

QUESTION 179

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Hotspot Question

Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1.

Server1 is configured to use a forwarder named Server2 that has an IP address of 10.0.0.10. Server2 can resolve names hosted on the Internet successfully. Server2 hosts a primary DNS zone named adatum.com. On Server1, you have the following zone configuration. T Study

Materials

The “.” zone contains the following records. & Practical

For each of the following statements, select Yes if the statement is true. Otherwise, select No. QAs

Hot Area:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Correct Answer:

& Practical

QAs

Section: (none) Explanation

Explanation/Reference: Explanaon:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs The DNS server Server1 hosts the root zone represented as a dot ( . ). This will prevent Server1 from using forwarders and root hints. Server1 caon only resolve hostnames within the zones contoso.com and fabrikam.com.

QUESTION 180 Drag and Drop Question

Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2. All servers in the domain run Windows Server 2016 Standard. The domain contains 300 client computers that run either Windows 8.1 or Windows 10. The domain contains nine servers that are configured as shown in the following table. T Study

Materials

& Practical

QAs The virtual machines are configured as follows:

- Each virtual machine has one virtual network adapter. - VM1 and VM2 are part of a Network Load Balancing (NLB) cluster. - All of the servers on the network can communicate with all of the virtual machines.

You need to install the correct edition of Windows Server 2016 to support the planned changes for Server2, Server3, Server4, and Server6.

Which edition or editions should you choose for each server? To answer, drag the appropriate editions to the correct servers. Each edition may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Select and Place:

T Study

Materials

& Correct Answer: Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) Explanation & Explanation/Reference: Practical Explanaon: Support for Storage Spaces Direct (S2D) requires Windows Server 2016 Datacenter. S2D is not available in Windows Server 2016 Standard. Support for shielded virtual machines requires the Host Guardian Service (HGS) server role. The role is included in both Windows Server 2016 Standard and Windows Server 2016 Datacenter but shieled VMs require Windows Server 2016 Datacenter. The Acve Directory Federaon Services (AD FS) server role is included in both Windows Server 2016 Standard and Windows Server 2016 Datacenter. QAs

QUESTION 181 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named adatum.com. The domain contains two DHCP servers named Server1 and Server2.

Server1 has the following IP configuration.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Server2 has the following IP configuration. & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Some users report that sometimes they cannot access the network because of conflicting IP addresses.& Practical You need to configure DHCP to avoid leasing addresses that are in use already.

Solution: On Server2, you modify the StartRange IP address of the scope.

Does this meet the goal? QAs A. Yes B. No

Correct Answer: A Section: (none) Explanation

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs use on the network before issuing. To avoid IP address conflicts, we must either change the address ranges so that there is no overlap or set the number of conflict detecon aempts on Server1 to a value greater than 0.

QUESTION 182 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. T After you answer a question in this section, you will NOTStudy be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run Windows 10. On Server1, you have the following zone configuration. Materials

& Practical

QAs

You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com namespace.

Solution: From Windows PowerShell on Server1, you run the Export-DnsServerDnsSecPublicKey cmdlet.

Does this meet the goal?

A. Yes

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs B. No

Correct Answer: B Section: (none) Explanation

Explanation/Reference: Explanaon: The Export-DnsServerDnsSecPublicKey cmdlet exports delegaon signer (DS) or Domain Name System public key (DNSKEY) informaon for a Domain Name System Security Extensions (DNSSEC)-signedT zone.. Exporng these informaon does not ensure that client computers performStudy DNSSEC validaon. QUESTION 183 You have a server named Server1 that runs Windows Server 2016. Server1 will be used as a VPN server. You need to configure Server1 to support VPN Reconnect.

Which VPN protocol should you use? Materials

A. SSTP B. IKEv2 C. PPTP D. L2TP & Correct Answer: B Practical Section: (none) Explanation

Explanation/Reference: Explanaon: VPN Reconnect refers to the support in Roung and Remote Access service (RRAS) for IPsec Tunnel Mode with Internet Key Exchange version 2 (IKEv2), which is described in RFC 4306. With the funconality provided by the IKEv2 Mobility and Mulhoming protocolQAs (MOBIKE), which is described in RFC 4555, this tunneling protocol offers inherent advantages in scenarios where the client moves from one IP network to another (for example, from WLAN to WWAN). Specifically, for mobile phones and other mobility scenarios, this tunneling method enables the VPN tunnel to stay alive even when the client moves from one access point or locaon to another. When using other VPN protocols, and the network connecon is interrupted for any reason, the user typically loses the VPN tunnel completely and must manually reestablish the VPN tunnel. VPN Reconnect allows the underlying network connecon to be interrupted for a configurable amount of me, without losing the tunnel. As soon as network connecvity is reestablished, even through a different network interface, the tunnel is automacally restored with no interacon required from the user. For example, this permits a user with an acve IKEv2 VPN tunnel to disconnect a laptop from a wired connecon, walk down the hall to a conference room, connect to a wireless network, and have the IKEv2 VPN tunnel automacally reconnected with no noceable

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs interrupon to the user.

QUESTION 184 You have Hyper-V host named Server1. Serve1 has a network adapter that has virtual machine queue (VMQ) enabled.

The network adapter connects at 10 Gbps and has an Ipv4 address.

Server1 hosts a virtual machine named VM1. VM1 has a single network adapter and four processors. T You need to distribute the network processing load across the VM1 processors.Study

What should you do?

A. From Device Manager on Server1, configure TCP Checksum Offload (IPv4). Materials B. From Windows PowerShell on VM1, run the Enable-NetAdapterRSS cmdlet. C. From Windows PowerShell on Server1, run the Enable-NetAdapterPacketDirect cmdlet. D. From Windows PowerShell on VM1, run the Enable-NetAdapterPacketDirect cmdlet.

Correct Answer: B Section: (none) Explanation & Practical Explanation/Reference: Explanation:Explanaon: The Enable-NetAdapterRss cmdlet enables receive side scaling (RSS) on a network adapter. RSS is a scalability technology that distributes the receive network traffic among mulple processors by hashing the header of the incoming packet. Without RSS in firstref_longhorn and later, network traffic is received on the first processor which can quickly reach full ulizaon liming receive network throughput. QAs This command enables RSS on the network adapter named MyAdapter and restarts the network adapter. Enable-NetAdapterRss -Name "MyAdapter" Enable-NetAdapterRss

QUESTION 185 Your network contains an Active Directory domain named contoso.com. The domain contains a Hyper-V host.

You are deploying Software Defined Network (SDN) by using Windows Server 2016.

You deploy a virtual machine that runs Windows Server 2016, and you install the Network Controller server role.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You need to configure the virtual machine as the network controller.

What should you do?

A. Run the Install-NetworkControllerCluster cmdlet and set ClientAuthentication to X509. B. Run the Install-NetworkController cmdlet and set ClientAuthentication to None. C. Run the Install-NetworkControllerCluster cmdlet and set ClientAuthenticationT to None. D. Run the Install-NetworkController cmdlet and set ClientAuthenticationStudy to Kerberos. Correct Answer: D Section: (none) Explanation

Explanation/Reference: Materials Explanaon: To configure the Network Controller applicaon, type the following command at the Windows PowerShell command prompt, and then press ENTER. Ensure that you add values for each parameter that are appropriate for your deployment. Install-NetworkController –Node –ClientAuthencaon [- ClientCerficateThumbprint ] [-ClientSecurityGroup ] -ServerCerficate [-RESTIPAddress ] [-RESTName ] [-Credenal ][-CerficateThumbprint ] [-UseSSL]& The ClientAuthencaon parameter specifies the authencaon type that is used for securing the communicaonPractical between REST and Network Controller. The supported values are Kerberos, X509 and None. Kerberos authencaon uses domain accounts and can only be used if the Network Controller nodes are domain joined. If you specify X509-based authencaon, you must provide a cerficate in the NetworkControllerNode object. In addion, you must manually provision the cerficate before you run this command. Reference: Configure the Network Controller applicaon QUESTION 186 QAs Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your company has five departments, including a web research department.

You have a DHCP server named Server1 and two DNS servers named DNS1 and DNS2.

Server1 has an Ipv4 scope named Scope1. All client computers are configured to use DNS1 for name resolution.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You need to ensure that users in the web research department use DNS2 for name resolution.

What should you do on Server1?

A. From the properties of Scope1, modify the Conflict detection attempts setting. B. From the properties of Scope1, configure Name Protection. C. From the properties of IPv4, configure the bindings. D. From IPv4, create a new filter. T E. From the properties of Scope1, create an exclusion range. Study F. From IPv4, run the DHCP Policy Configuration Wizard. G. From Control Panel, modify the properties of Ethernet. H. From Scope1, create a reservation. Materials Correct Answer: F Section: (none) Explanation

Explanation/Reference: Explanaon: The DHCP server role in Windows Server 2012 introduces DHCP Policies also referred as Policy Based& Assignment (PBA), a feature that enables users to create policies at scope or server level for assigning IPv4 addresses and opons to DHCP clients based on a ributes like Vendor Class, User Class, MAC Address etc. Practical Addional Answer Choices: A: From the properes of IPv4, modify the Conflict detecon a empts se ng. B: From the properes of Scope1, configure Name Protecon. C: From the properes of IPv4, configure the bindings. D: From IPv4, create a new filter. E: From the properes of Scope1, create an exclusion range. QAs F: From IPv4, run the DHCP Policy Configuraon Wizard. G: From Control Panel, modify the properes of Ethernet. H: From Scope1, create a reservaon.

QUESTION 187 You have a DNS server named Server1 that runs Windows Server 2016. Server 1 has a forward lookup scope for Contoso.com. The records in the zone are shown in the exhibit. (Click the Exhibit button.)

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

You run the following commands on Server1. & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical What are two results of the configuration? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

A. When a client computer that has an IP address of 172.16.0.10 attempts to resolve host1.contoso.com, host1.contoso.com resolves to 172.16.99.99. B. When a client computer that has an IP address of 172.16.0.10 attempts to resolve host1.contoso.com, the name resolution fails to return an IP address. C. When a client computer that has an IP address of 172.16.1.56 attempts to resolve host1.contoso.com, host1.contoso.comQAs resolves to 172.16.99.99. D. When a client computer that has an IP address of 172.16.1.56 attempts to resolve host1.contoso.com, host1.contoso.com resolves to 172.16.0.100. E. When a client computer that has an IP address of 172.16.1.56 aempts to resolve host1.contoso.com, the name resoluon fails to return an IP address. F. When a client computer that has an IP address of 172.16.0.10 attempts to resolve host1.contoso.com, host1.contoso.com resolves to 172.16.0.100.

Correct Answer: BD Section: (none) Explanation

Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation: https://docs.microsoft.com/en-us/powershell/module/dnsserver/add-dnsserverqueryresolutionpolicy?view=win10-ps

QUESTION 188 Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario. T Your network contains an Active Directory domain named contoso.com.Study The functional level of the domain is Windows Server 2012. The network uses an address space of 192.168.0.0/16 and contains multiple subnets. The network is not connected to the Internet. Materials The domain contains three servers configured as shown in the following table.

& Practical

Client computers obtain TCP/IP settings from Server3.

You add a second network adapter to Server2. You connect the new network adapter to the Internet. You install the RoutingQAs role service on Server2.

Server1 has four DNS zones configured as shown in the following table.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs End of repeated scenario.

You need to ensure that when computers query for records in tailspintoys.com, the query results are based on the subnet of the computer that generates the query.

What should you do?

A. Modify the Priority settings of each resource record. B. Configure DNS policies. T C. Create zone delegation records. Study D. Enable DNS round robin.

Correct Answer: B Section: (none) Materials Explanation

Explanation/Reference: Explanaon: You can use DNS Policy for Geo-Locaon based traffic management, intelligent DNS responses based on the me of day, to manage a single DNS server configured for split-brain deployment, applying filters on DNS queries, and more. The following items provide more detail about these capabilies. Applicaon Load Balancing. When you have deployed mulple instances of an applicaon at different locaons,& you can use DNS policy to balance the traffic load between the different applicaon instances, dynamically allocang the Practicaltraffic load for the applicaon. Geo-Locaon Based Traffic Management. You can use DNS Policy to allow primary and secondary DNS servers to respond to DNS client queries based on the geographical locaon of both the client and the resource to which the client is a empng to connect, providing the client with the IP address of the closest resource. Split Brain DNS. With split-brain DNS, DNS records are split into different Zone Scopes on the same DNS server, and DNS clients receive a response based on whether the clients are internal or external clients. You can configure split-brain DNS for Acve Directory integrated zones or for zones on standalone DNS servers. QAs Filtering. You can configure DNS policy to create query filters that are based on criteria that you supply. Query filters in DNS policy allow you to configure the DNS server to respond in a custom manner based on the DNS query and DNS client that sends the DNS query. Forensics. You can use DNS policy to redirect malicious DNS clients to a non-existent IP address instead of direcng them to the computer they are trying to reach. Time of day based redirecon. You can use DNS policy to distribute applicaon traffic across different geographically distributed instances of an applicaon by using DNS policies that are based on the me of day. In order to create policies to support the scenarios listed above, it is necessary to be able to idenfy groups of records in a zone, groups of clients on a network, among other elements. These elements are represented by the following new DNS objects: Client subnet: a client subnet object represents an IPv4 or IPv6 subnet from which queries are submi ed to a DNS server. You can create subnets to later define policies to be applied based on what subnet the requests come from. For instance, in a split

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs brain DNS scenario, the request for resoluon for a name such as www.microso.com can be answered with an internal IP address to clients from internal subnets, and a different IP address to clients in external subnets. Recursion scope: recursion scopes are unique instances of a group of se ngs that control recursion on a DNS server. A recursion scope contains a list of forwarders and specifies whether recursion is enabled. A DNS server can have many recursion scopes. DNS server recursion policies allow you to choose a recursion scope for a set of queries. If the DNS server is not authoritave for certain queries, DNS server recursion policies allow you to control how to resolve those queries. You can specify which forwarders to use and whether to use recursion. Zone scopes: a DNS zone can have mulple zone scopes, with each zone scope containing their own set of DNS records. The same record can be present in mulple scopes, with different IP addresses. Also, zone transfers are done at the zone scope level. That means that records from a zone scope in a primary zone will beT transferred to the same zone scope in a secondary zone. Reference: DNS Policies Overview Study QUESTION 189 You have an IP Address Management (IPAM) server named Server1 that runs Windows Server 2016. You have five DHCP servers. Server1 manages all of the DHCP servers. Materials On Server1, an administrator uses Purge Event Catalog Data to remove all of the events from the last 30 days.

You need to view all of these lease requests that were denied during the last two days.

What should you do? & A. On each DHCP server, run the \Microsoft\Windows\Server Manager\CleanUpOldPerfLogs scheduled task, and then review the event catalog on Server1. B. On Server1, run the Purge Event Catalog Data action and then open Event Viewer on Server1. Practical C. Review the log data in C:\Windows\System32\ipam\Database on Server1. D. On each DHCP server, review the DHCP Server operational event log.

Correct Answer: D Section: (none) Explanation QAs

Explanation/Reference: Explanaon: The Purge Event Catalog Data acon deletes the collected events on the IPAM-Server only. You can sll view the events on the corresponding DHCP servers

QUESTION 190 You have a server named Server1 that runs Windows Server 2016. Server1 is an IP Address Management (IPAM) server that collects DHCP and DNS logs and events for your entire network.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You need to get the IP addresses that were assigned to a client computer named Computer1 during the last week.

What should you do on Server1?

A. Open Event Viewer and click Windows Logs. Filter the Forwarded Events log for Computer1. B. Open Event Viewer and click Windows Logs. Filter the Security log for Computer1. C. Run the Get-IpamAddress cmdlet. T D. Run the Get-IpamIpAddressAuditEvent cmdlet. Study Correct Answer: D Section: (none) Explanation

Explanation/Reference: Materials Explanaon: The Get-IpamIpAddressAuditEvent cmdlet gets all IP address audit events from an IP Address management (IPAM) server over a me interval. IPAM enables IP address tracking through correlaon of Dynamic Host Configuraon Protocol (DHCP) lease events on managed DHCP servers with user and computer authencaon events on managed domain controllers and Network Policy Server (NPS) servers. You can search correlated events by IP address, client ID, hostname, or username. Use DCHP events between a start date and an end date to correlate data. The data returned includes data for both the start date and the end date. The cmdlet returns only the top 10,000 rows if the query results exceed more than 10,000 rows. The cmdlet& will display a warning if this occurs. You can avoid this situaon if you narrow the search criteria to limit the results. Example: Get all IP address audit events Practical $Today = Get-Date $LastMonth = $Tod ay.AddDays(-30) $IpamIpAddressAuditEvents = Get-I pamIpAuditEvent -StartDate $LastMonth -EndDate $Today

QUESTION 191 Note: This question is part of a series of questions that present the same scenario. Each questionQAs in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are implementing a secure network. The network contains a DHCP server named Server1 that runs Windows Server 2016.

You create a DHCP allow filter that contains all of the computers on the network that are authorized to receive IP addresses.

You discover that unauthorized computers can receive an IP address from Server1.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You need to ensure that only authorized computers can receive an IP address from Server1.

Solution: You run the following command.

Set-DhcpServerv4FilterList –ComputerName Server1 –Allow False –Deny True Does this meet the goal? T A. Yes Study B. No

Correct Answer: B Section: (none) Materials Explanation

Explanation/Reference:

& Practical

QAs

Explanation:

QUESTION 192 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are implementing a secure network. The network contains a DHCP server named Server1 that runs Windows Server 2016.

You create a DHCP allow filter that contains all of the computers on the network that are authorized to receive IP addresses.

You discover that unauthorized computers can receive an IP address from Server1. T You need to ensure that only authorized computers can receive an IP addressStudy from Server1. Solution: You run the following command.

Add-DHCPServer4Filter –ComputerName Server1 –MacAddress * -List Allow Materials Does this meet the goal?

A. Yes B. No Correct Answer: B & Section: (none) Explanation Practical

Explanation/Reference:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

QUESTION 193 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,& while others might not have a correct solution. After you answer a question in this sections, you will NOT be able to return to it. AsPractical a result, these questions will not appear in the review screen.

You are implementing a secure network. The network contains a DHCP server named Server1 that runs Windows Server 2016.

You create a DHCP allow filter that contains all of the computers on the network that are authorized to receive IP addresses.

You discover that unauthorized computers can receive an IP address from Server1. QAs

You need to ensure that only authorized computers can receive an IP address from Server1.

Solution: You run the following command.

Add-DHCPServer4Filter –ComputerName Server1 –MacAddress * -List Deny

Does this meet the goal?

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs A. Yes B. No

Correct Answer: B Section: (none) Explanation

Explanation/Reference: T Study

Materials

& Practical

QUESTION 194 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others mightQAs not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an IP Address Management (IPAM) server named IPAM1 that runs Windows Server 2016. IPAM1 manages all of the DHCP servers on your network.

You are troubleshooting an issue for a client that fails to receive an IP address from DHCP.

You need to ensure that from IPAM1, you can view all of the event data for the DHCP leases from the last 24 hours.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Solution: From Windows PowerShell, you run the Invoke-IpamServerProvisioning cmdlet.

Does this meet the goal?

A. Yes B. No

Correct Answer: B Section: (none) T Explanation Study Explanation/Reference: Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 195 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an IP Address Management (IPAM) server named IPAM1 that runs Windows Server 2016. IPAM1 manages all of the DHCP servers on your network.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You are troubleshooting an issue for a client that fails to receive an IP address from DHCP.

You need to ensure that from IPAM1, you can view all of the event data for the DHCP leases from the last 24 hours.

Solution: From Windows PowerShell, you run the Set-IpamDHCPServer cmdlet. Does this meet the goal? T A. Yes Study B. No

Correct Answer: B Section: (none) Materials Explanation

Explanation/Reference:

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 196 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an IP Address Management (IPAM) server named IPAM1 that runs Windows Server 2016. IPAM1 manages all of the DHCP servers on your network.

You need to ensure that from IPAM1, you can view all of the event data for the DHCP leases from the last 24 hours.

Solution: From Server Manager, you run Retrieve Event Catalog Data. Does this meet the goal? T A. Yes Study B. No

Correct Answer: A Section: (none) Materials Explanation

Explanation/Reference:

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 197 You implement Software Defined Networking (SDN) by using the Network Controller server role.

You have a virtual network named VNET1 that contains servers used by developers.

You need to ensure that only devices from the 192.168.0.0/24 subnet can access the virtual machine in VNET1.

What should you configure?

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs A. a network security group (NSG) B. role-based access control C. a universal security group D. Dynamic Access Control

Correct Answer: A Section: (none) Explanation T

Explanation/Reference: Study

Materials

& QUESTION 198 Practical Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Hyper-V host named Server1. Server1 connects to your corporate network. QAs

Server1 has the virtual switches configured as shown in the following table.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Server1 has two virtual machines named VM1 and VM that run Windows Server 2016. VM1 connects to Private1. VM2 has two network adapters.

You need to ensure that VM1 connects to the corporate network by using NAT.

Solution: You connect VM1 to External1. You install the Remote Access server role on Server1, and you configure NAT in the Routing and Remote Access console. Does this meet the goal? T A. Yes Study B. No

Correct Answer: B Section: (none) Materials Explanation

Explanation/Reference:

& Practical

QAs

QUESTION 199 You have a Hyper-V host names Server1 that runs Windows Server 2016. Server1 has multiple network adapters that have virtual machine queue (VMQ) enabled.

On Server1, you create a virtual machine named VM1 as shown in the exhibit. (Click the Exhibit button.)

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You need to ensure that you can use virtual Receive-side Scaling (vRSS) on VM1.

What should you do?

A. Add additional memory. B. Add additional processors. C. Add additional network adapters. T D. Enable the Data Exchange integration service. Study Correct Answer: B Section: (none) Explanation

Explanation/Reference: Materials

& Practical

QAs

QUESTION 200

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com. The domain contains a DHCP server named Server1. All client computers run Windows 10 and are configured as DHCP clients. T Your helpdesk received calls today from users who failed to access theStudy network from their Windows 10 computer. You open the DHCP console as shown in the exhibit. (Click the Exhibit button.)

Materials

& Practical

QAs

You need to ensure that all of the Windows 10 computers can receive a DHCP lease.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Solution: You authorize the server.

Does this meet the goal?

A. Yes B. No

Correct Answer: B T Section: (none) Study Explanation

Explanation/Reference: Materials QUESTION 201 You have a virtual machine named Server1 that runs Windows Server 2016.

You plan to use Server1 as part of a Software Defined Networking (SDN) solution. You need to implement the Border Gateway Protocol (BGP) on Server1. & What should you install? Practical

A. the Peer Name Resolution Protocol (PNRP) feature B. the Routing role service C. the Network Device Enrollment Service role service D. the Network Policy and Access Services server role QAs Correct Answer: B Section: (none) Explanation

Explanation/Reference: Explanation:

When configured on a Windows Server 2016 Remote Access Service (RAS) Gateway in multitenant mode, Border Gateway Protocol (BGP) provides you with the ability to manage the routing of network traffic between your tenants' VM networks and their remote sites. You can also use BGP for single tenant RAS Gateway deployments, and when you deploy Remote Access as a Local Area Network (LAN) router.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs BGP reduces the need for manual route configuration on routers because it is a dynamic routing protocol, and automatically learns routes between sites that are connected by using site-to-site VPN connections.

To use BGP routing, you must install the Remote Access Service (RAS) and/or the Routing role service of the Remote Access server role on a computer or virtual machine (VM) - the type of system you use depends on whether or not you have a multitenant deployment:

For a multitenant deployment, it is recommended that you install the RAS Gateway on one or more VMs. Use of multiple VMs provides high availability. The RAS Gateway is capable of handling multiple connections from multiple tenants, and consists of a Hyper-V host and a VM that is actually configured as the gateway. This gateway is configured with site-to-site VPN connections as a multitenant BGP router to exchange tenant and Cloud Service Provider (CSP) subnetT routes. For a single tenant edge gateway deployment or a LAN router deployment,Study you can install the RAS Gateway on either a physical computer or a VM.

Reference: Border Gateway Protocol (BGP)

QUESTION 202 Hotspot Question Materials

Your network contains an Active Directory forest named contoso.com. The forest contains the VPN servers configured as shown in the following table.

& Practical

You are configuring a Network Policy Server (NPS) server named Server1. Server1 has the following RADIUS clients. QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs All three VPN servers are configured to use Server1 for RADIUS authentication. All of the users in comtoso.com are allowed to establish a VPN connection. For each of the following statements, select YES if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area: T Study

Materials

& Practical

QAs

Correct Answer:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

Section: (none) Explanation

Explanation/Reference: Explanaon: The output of the Get-NpsRadiusClient cmdlet shows that on Server1, only the VPN server with the P-address 172.16.1.254QAs (VPN2) has a valid and enabled RADUS client configured.

QUESTION 203 Hotspot Question

You have a Nano Server that has one network interface. The server is configured to obtain an IP address automatically.

You need to configure the server to have the following IP configurations:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs - IP address: 172.16.3.100 - Default gateway: 172.16.3.1 - Subnet mask: 255.255.255.0

What command should you run? To answer, select the appropriate options in the answer area.

Hot Area: T Study

Materials

& Practical

Correct Answer: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) & Explanation Practical Explanation/Reference: https://docs.microsoft.com/en-us/powershell/module/nettcpip/new-netipaddress?view=win10-ps

Explanaon: The New-NetIPAddress cmdlet creates and configures an IP address. To create a specific IP address object, specify either an IPv4 address or an IPv6 address, and an interface index or interface alias. We recommend that you define the prefix length, also QAsknown as a subnet mask, and a default gateway. If you run this cmdlet to add an IP address to an interface on which DHCP is already enabled, then DHCP is automacally disabled. If Duplicate Address Detecon (DAD) is enabled on the interface, the new IP address is not usable unl DAD successfully finishes, which confirms the uniqueness of the IP address on the link. Reference: New-NetIPAddress

QUESTION 204 Hotspot Question

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You have a server named Server1 that runs Windows Server 2016.

Server1 has the following IP configuration.

T Study

Materials

& Practical

QAs

You need to configure the default gateway on Server1 to allow for connectivity to other subnets via IPv6.

Which command should you run? To answer, select the appropriate options in the answer area.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs NOTE: Each correct selection is worth one point.

Hot Area:

T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Correct Answer:

T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Section: (none) Explanation

Explanation/Reference: Explanaon: The New-NetRoute cmdlet creates an IP route in the IP roung table. Specify the desnaon prefix, and specify an interface by using the interface alias or the interface index. -DesnaonPrefix T Specifies a desnaon prefi x of an IP route. A desnaon prefix consists of an IP address prefix and a prefix length, separated by a slash (/). A value of 0.0.0.0/0 for IPv4 or ::/0 for IPv6 indicates that the valueStudy of the NextHop parameter is a default gateway. The prefix length of the local host must match the prefix specified in this parameter, with all remaining address fields set to zero. -InterfaceIndex Specifies the index of a ne twork interface. The cmdlet adds a route for the interfaceMaterials located at the index that you specify. -NextHop Specifies a next ho p for the IP roung table entry. The NextHop is the IP address of the next hop in the route. A NextHop of 0.0.0.0 for IPv4 or :: for IPv6 would indicate that the route is on-link. When the new roung table entry is created, the next hop IP address is also added as a neighbor cache entry. Reference: New-NetRoute & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QUESTION 205 Hotspot Question QAs You have two servers named Server1 and Server2. Server1 is a DNS server. Server2 is configured to use Server1 as the primary DNS server. You run ipconfig / displaydns on Server2 and receive the following output.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

An administrator modifies the records in adatum.com as shown in the Adatum.com Zone exhibit. (Click the Exhibit button.) & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs The properties of the DNS record for ComputerA are shown in the ComputerA exhibit. (Click the Exhibit button.)

T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

T Study

Materials

& Correct Answer: Practical

QAs

Section: (none) Explanation

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation/Reference: Explanaon: The ipconfig /displaydns command shows the conten of the local DNS resolver cache. The DNS client checks the chache first. If the cache does not contain relevant informaon, the DNS resolver queries the configured DNS Server.

QUESTION 206 Hotspot Question T You have two servers named Server1 and Server2 that run Windows ServerStudy 2016. Server1 and Server2 have the Network Policy Server role service installed. Server1 is configured to forward connection requests to Server2. Incoming connection requests to Server1 contain the User Name attribute. The UserMaterials Name attribute does not contain the domain name suffix. You need to ensure that the User Name attribute will be replaced by using a format of [email protected].

How should you configure the attribute manipulation role on Server1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. & Hot Area: Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Correct Answer: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Section: (none) Explanation

Explanation/Reference:

T Study

Materials

QUESTION 207 Hotspot Question &

You have multiple subnets. Practical

On one of the subnets, you install a server named Server1 that runs Windows Server 2016.

Server1 has the following IPv6 addresses: QAs ff00:e378:8000::63bf:3fff:fdd2 fe80::200:5aee:feaa:20a2 fc00:fdf8:f53b:82e4::53 2000:1516::6c:2348

Which IPv6 address is used when Server1 communicates with different hosts? To answer, select the appropriate options in the answer area.

Hot Area:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

Correct Answer:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

Section: (none) Explanation

Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 208 You are deploying Software Defined Networking (SDN) by using Windows Server 2016.

You plan to deploy a three-node Network Controller cluster. You plan to use virtual machines for the network controller and the management client. The virtual machines will NOT be domain-joined.

You need to configure authentication for the cluster. T Which command should you run? Study

A. Install-NetworkController -Node @{Node1, Node2, Node3} -ClientAuthentication X509 B. Install-NetworkControllerCluster -Node @{Node1, Node1, Node3} -ClientAuthentication Kerberos C. Install-NetworkControllerCluster -Node @{Node1, Node1, Node3} -ClientAuthenticationMaterials X509 D. Install-NetworkControllerCluster -Node @{Node1, Node1, Node3} -ClientAuthentication None E. Install-NetworkController -Node @{Node1, Node2, Node3} -ClientAuthentication Kerberos

Correct Answer: A Section: (none) Explanation & Explanation/Reference: Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QUESTION 209 Note: This question is part of a series of questions that present the same scenario. Each questionQAs in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an IP Address Management (IPAM) server named IPAM1 that runs Windows Server 2016. IPAM1 manages all of the DHCP servers on your network.

You are troubleshooting an issue for a client that fails to receive an IP address from DHCP.

You need to ensure that from IPAM1, you can view all of the event data for the DHCP leases from the last 24 hours.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Solution: From Task Scheduler, you run the Microsoft\Windows\IPAM\Audit task.

Does this meet the goal?

A. Yes B. No

Correct Answer: A T Section: (none) Study Explanation

Explanation/Reference: Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 210 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You need to ensure that domain users can establish VPN connections only between Monday and Friday. T Solution: From Network Policy Server, you modify the Network PoliciesStudy on Server1. Does this meet the goal?

A. Yes B. No Materials

Correct Answer: A Section: (none) Explanation Explanation/Reference: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 211

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Your company owns the public Internet IP address range of 131.107.20.0 to 131.107.20.255.

You need to create a subnet that supports four hosts. The solution must minimize the number of addresses available to the subnet.

Which subnet should you use?

A. 131.107.20.16 with subnet mask 255.255.255.248 B. 131.107.20.16/28 C. 131.107.20.0/27 T D. 131.107.20.16/30 Study

Correct Answer: A Section: (none) Explanation Materials Explanation/Reference: Explanaon: The subnet mask 255.255.255.248 has 29 bits. A 29-bit subnet mask leaves 3 bits for host addressing. This allows 2^3 - 2 = 6 host addresses.

QUESTION 212 You have Hyper-V host named Server1. & Practical Server1 has a network adapter that has virtual machine queue (VMQ) enabled. The network adapter connects at 10 Gbps and has an IPV4 address.

Server1 hosts a virtual machine named VM1. VM1 has a single network adapter and four processors.

You need to distribute the network processing load across the VM1 processors. QAs What should you do?

A. From Windows PowerShell on Server1, run the Enable-NetAdapterPacketDirect cmdlet. B. From Windows PowerShell on VM1, run the Enable-NetAdapterPacketDirect cmdlet. C. From Device Manager on VM1, configure Receive Side Scaling. D. From Windows PowerShell on Server1, run the Enable-NetAdapterRSS cmdlet.

Correct Answer: C Section: (none)

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation

Explanation/Reference:

T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 213 You have a server named Server1 that runs Windows Server 2016. Server1 is an IP Address Management (IPAM) server that collects DHCP and DNS logs and events for your entire network.

You need to get the IP addresses that were assigned to a client computer named Computer1 during the last week.

What should you do on Server1?

A. From the IPAM node in Server Manager, click Event Catalog, andT then review the IP Address Tracking. B. Open Event Viewer and click Windows Logs. Filter the Security log Studyfor Computer1. C. Run the Export-IpamAddress cmdlet. D. From the IPAM node in Server Manager, click IP Address Space, and then review the IP Address Inventory. E. Run the Get-IpamDhcpConfigurationEvent cmdlet. Materials Correct Answer: A Section: (none) Explanation

Explanation/Reference: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 214 Hotspot Question

Your network contains an Active Directory domain named contoso.com. The functional level of the domain is Windows Server 2012. T The network uses an address space of 192.168.0.0/16 and contains multipleStudy subnets.

The network is not connected to the Internet.

The domain contains three servers configured as shown in the following table. Materials

& Practical Client computers obtain TCP/IP setting from Server3.

You add a second network adapter to Server2. You connect the new network adapter to the Internet. You install the Routing role service on Server2.

Server1 has four DNS zones configured as shown in the following table. QAs

You need to configure an administrator named [email protected] as the contact person for the fabrikam.com zone.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs What should you modify? To answer, select the appropriate options in the answer area.

Hot Area:

T Study

Materials

& Practical

Correct Answer:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) & Explanation Practical Explanation/Reference:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs QUESTION 215 Hotspot Question

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016.

Server1 has IP Address Management (IPAM) installed. Server2 has the DHCP Server role installed. The IPAM server retrieves data from Server2.

You create a domain user account named User1.

You need to ensure that User1 can use IPAM to manage DHCP.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Which command should you run on Server1? To answer, select the appropriate options in the answer area.

Hot Area:

T Study

Materials

Correct Answer: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Section: (none) Explanation

Explanation/Reference:

T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 216 Hotspot Question

Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server1, Server4, and Server5 that run Windows Server 2016.

Distributed File System (DFS) is deployed as shown in the DFS Configuration exhibit. (Click the Exhibit button.) T Study

Materials

& Practical

QAs You configure the replication schedule for \\Contoso.com\Namespace1\Folder1 as shown in the Replication Schedule exhibit. (Click the Exhibit button.)

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Use the drop-down menus to select the answer choice that completes each statement based on the informationPractical presented in the graphics.

Hot Area:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical Correct Answer:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical Section: (none) Explanation

Explanation/Reference: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 217 You have a remote access server named Server1 that runs Windows Server 2016. Server1 has DirectAccess enabled.

You have a proxy server named Server2. All computers on the internet connect to the Internet by using the proxy.

On Server1, you run the command Set-DAClient -ForceTunnel Enabled.

You need to ensure that when a Direct Access client connects to theT network, the client accesses all the Internet resources through the proxy. What should you run on Server1? Study

A. Set-DAClient B. Set-DnsClientGlobalSeng C. Set-DAClientDNSConfiguraon Materials D. Set-DAEntryPoint

Correct Answer: C Section: (none) Explanation

Explanation/Reference: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QUESTION 218 You have a server named Server1 that runs Windows Server 2016 and is configured as a domain controller.

You install the DNS Server server role on Server1. QAs

You plan to store a DNS zone in a custom Active Directory partition.

You need to create a new Active Directory partition for the zone.

What should you use?

A. Set-DnsServer B. Dns.exe

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs C. New-ADObject D. Ntdsutil.exe E. Acve Directory Administrave Center

Correct Answer: D Section: (none) Explanation Explanation/Reference: T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 219 You have a DNS server named Server1 that runs Windows Server 2016. Server1 has two Active Directory-integrated zones named contoso.com and adatum.com.

All client computers run Windows 10.

Server1 recently experienced millions of erroneous DNS queries causing a denial of service. T You need to reduce the likelihood that a similar attack will cause a denialStudy of service.

The solution must ensure that Server1 continuous to resolve names for clients.

What should you do? Materials A. Implement DNS-based Authentication of Named Entities (DANE) B. Enable Response Rate Limiting (RRL) on Server1 C. Configure DNS policies on Server1 D. Sign both adatum.com and contoso.com zones

Correct Answer: B & Section: (none) Practical Explanation

Explanation/Reference:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 220 Your network contains an Active Directory domain named contoso.com that contains a domain controller named DC1. All DNS servers for the network run BIND 10.

Several engineers access the network remotely by using a VPN connection to a remote access server that runs Windows Server 2016. All of the VPN connections use certificate-based authentication and are subject to access policies in Network Policy Server (NPS). Certificates are issued by an enterprise certification authority (CA) named CA1. T Study All Windows computers on the network are activated by using Key Management Service (KMS). On-premises users use Remote Desktop Services (RDS).

You plan to deploy IP Address Management (IPAM) to the network. Materials Which action can you perform on the network by using IPAM?

A. Audit user and device logon event from NPS. B. Audit logon events on the RDS server. C. Audit configuration changes to the remote access server. D. Audit certificate enrollment requests on CA1. &

Correct Answer: A Practical Section: (none) Explanation

Explanation/Reference: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 221 Your network contains an Active Directory forest named contoso.com.

The forest contains five domains. You manage DNS for the contoso.com domain only.

You are not responsible for managing DNS for the child domains.

The DNS servers in a child domain named research.contoso.com are reconfigured often.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You need to ensure that clients in contoso.com can resolve addresses in research.contoso.com. The solution must minimize zone replication traffic.

What should you do?

A. Create a primary zone for research.contoso.com on the DNS servers of contoso.com B. Create a secondary zone for research.contoso.com on the DNS servers of contoso.com C. Create a stub zone for research.contoso.com on the DNS serversT of contoso.com D. Create a delegation for research.contoso.com Study Correct Answer: C Section: (none) Explanation

Explanation/Reference: Materials

& Practical

QAs

QUESTION 222 You have a server named Server1 that runs Windows Server 2016.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Server1 is in a workgroup and has the DNS Server role installed.

You need to enable DNS analytical diagnostic logging on Server1.

What should you do?

A. From Local Group Policy Editor, configure Audit Policy. B. From DNS Manager, configure Monitoring. T C. From Windows PowerShell, run the Enable-DnsServerPolicy cmdlet.Study D. From DNS Manager, configure Event Logging. E. From Event Viewer, configure DNS-Server Applications and Services Logs.

Correct Answer: E Materials Section: (none) Explanation

Explanation/Reference: Explanation: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 223 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.

Server1 has IP Address Management (IPAM) installed. IPAM is configured to use the Group Policy based provisioning method.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs The prefix for the IPAM Group Policy objects (GPOs) is IP.

From Group Policy Management, you manually rename the IPAM GPOs to have a prefix of IPAM.

You need to modify the GPO prefix used by IPAM.

What should you do?

A. Click Configure server discovery in Server Manager. T B. Run the Set-IpamConfiguration cmdlet. Study C. Click Provision the IPAM server in Server Manager. D. Run the Invoke-IpamGpoProvisioning cmdlet.

Correct Answer: B Materials Section: (none) Explanation

Explanation/Reference: Explanaon: If you have chosen the Group Policy based provisioning method, you must also provide a GPO name prefix in the provisioning wizard. A er providing a GPO name prefix, the wizard will display the GPO names that must be created in domains& that will be managed by IPAM. The following GPOs are not created by the provisioning wizard and must be created in each domain that will be managed by the IPAM server: Practical _DHCP: For managed DHCP servers. _DNS: For managed DNS servers. _DC_NPS: For managed domain controllers and NPS servers. You must create GPOs with these names in order for them to be automacally applied by IPAM when a server in the server inventory is marked as managed. GPOs are also removed automacally when a server is marked as unmanaged. Addion and removal of these GPOs is accomplished by modifying security filtering for the GPO. Server names are added when they are marked as managed, or removed if they are marked as unmanaged QAs The Set-IpamConfiguraon cmdlet modifies the IP Address Management (IPAM) server configuraon, including the TCP port over which the computer that runs the IPAM Remote Server Administraon Tools (RSAT) client connects and communicates with the computer that runs the IPAM server. The GpoPrefix parameter specifies the unique Group Policy object (GPO) prefix name that IPAM uses to create the group policy objects. Use this parameter only when the value of the ProvisioningMethod parameter is set to

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

QUESTION 224 You have an IP Address Management (IPAM) server named IPAM1 that runs Windows Server 2016. IPAM1 manages 10 DHCP servers. & You need to provide a user with the ability to track which clients receive which IP addresses from DHCP. ThePractical solution must minimize administrative privileges.

To which group should you add the user?

A. IPAM IP Audit Administrators B. IPAM ASM Administrators C. IPAM MSM Administrators QAs D. IPAM User

Correct Answer: A Section: (none) Explanation

Explanation/Reference: Explanation:Explanaon: When you install IPAM, local security groups are created on the IPAM server to provide role-based access control for different sets of IPAM administrators and users. IPAM uses these role-based access controls to determine what informaon is displayed in the IPAM

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs client console. For example, viewing of IP address lease data can be restricted to a specific set of administrators by adding their user account to the IPAM IP Audit Administrators or IPAM Administrators group. The following local user groups are created when you install IPAM:

T Study

Materials

& Practical

QAs

QUESTION 225 Your network contains an Active directory forest named contoso.com. The forest has a Distributed File System (DFS) namespace named \\contoso.com\namespace1/

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs The domain contains a file server named Server1 that runs Windows Server 2016.

You create a folder named Folder1 on Server1.

You need to use Folder1 as a target for Namespace1.

Which two cmdlets should you use? Each correct answer presents part of the solution. T NOTE: Each correct selection is worth one point. Study A. Grant-DfsnAccess B. New-DfsnFolder C. New-DfsReplicatedFolder D. New-DfsnFolderTarget Materials E. New-SmbShare F. Install-WindowsFeature

Correct Answer: DE Section: (none) Explanation & Explanation/Reference: Practical

QUESTION 226 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. QAs After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are a network administrator for a company named Contoso, Ltd. The network is configured as shown in the exhibit.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

You install the Remote Access server role on Server2.

Server2 has the following configured: QAs

- Network address translation (NAT) - The DHCP Server server role

The Security Policy of Contoso states that only TCP ports 80 and 443 are allowed from the internet to Server2.

You identify the following requirements:

- Add 28 devices to subnet2 for a temporary project.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs - Configure Server2 to accept VPN connections from the internet. - Ensure that devices on Subnet2 obtain TCP/IP settings from DHCP on Server2.

Which VPN protocol should you configure on Server2?

A. L2TP B. IKEv2 C. PPTP D. SSTP T Study Correct Answer: D Section: (none) Explanation

Explanation/Reference: Materials Explanaon: The Security Policy of Contoso states that only TCP ports 80 and 443 are allowed from the internet to server2. Therefore we have to use SSTP as VPN protocol

QUESTION 227 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,& while others might not have a correct solution. Practical After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are a network administrator for a company named Contoso, Ltd. The network is configured as shown in the exhibit.

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

You install the Remote Access server role on Server2.

Server2 has the following configured: QAs

- Network address translation (NAT) - The DHCP Server server role

The Security Policy of Contoso states that only TCP ports 80 and 443 are allowed from the internet to Server2.

You identify the following requirements:

- Add 28 devices to subnet2 for a temporary project.

You deploy a computer named ComputerA to Subnet1. ComputerA has an IP address of 10.10.0.129 and a subnet mask of 255.255.255.0.

You plan to use ComputerA to access the resources on Web1.

Which IP address should you use as the default gateway on ComputerA?T A. 10.10.1.1 Study B. 10.10.0.224 C. 131.107.0.223 D. 172.16.128.193 Materials Correct Answer: B Section: (none) Explanation

Explanation/Reference: Explanaon: The router for Subnet1 is Server1. The network interface of the router connected to Subnet1 is configured& with the IP address 10.10.0.224. Practical QUESTION 228 Drag and Drop Question

You have the servers configured as shown in the following table. QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Your network uses an internal address space of 10.10.0.0/24. Client computers are allocated addresses from 10.10.0.60 to 10.10.0.199.

Server4 has the IPv4 configuration shown in the following table.

T You need to configure Server4 to provide Internet access to the computersStudy on the network.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Materials Select and Place:

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

Correct Answer:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

Section: (none) Explanation

Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 229 Drag and Drop Question

You have a Hyper-V host named Host1 that runs Windows Server 2016 Datacenter. Host1 has eight network adapters that support Remote Direct Memory Access

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs (RDMA).

You plan to configure Host1 as part of a four-node Hyper-V converged solution.

You enable the Data Center Bridging (DCB) feature.

You need to enable Switch Embedded Teaming (SET) and RDMA.

Which three cmdlets should you run in sequence? To answer moveT the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order. Study

Select and Place: Materials

& Practical

QAs

Correct Answer:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical Section: (none) Explanation

Explanation/Reference: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 230 Drag and Drop Question

You have a remote access server named Server1 that runs Windows Server 2016. Server1 has DirectAccess enabled. A firewall connects Server1 to the Internet.

You need to configure the firewall to ensure that DirectAccess clients can connect to Server1 by using Teredo, 6to4, and IP-HTTPS.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Which inbound port should be open on the firewall for each transition technology?

To answer, drag the appropriate ports and protocols to the correct transition technologies. Each port and protocol may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Select and Place: T Study

Materials

& Practical

Correct Answer:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials Section: (none) Explanation

Explanation/Reference: & Practical

QAs

QUESTION 231 Hotspot Question

You have a server named Server1 that runs Windows Server 2016. Server1 is a Hyper-V host.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You run the commands shown in the following graphic:

T Study

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Hot Area: Materials

& Practical

QAs

Correct Answer:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical Section: (none) Explanation

Explanation/Reference: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 232 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Hyper-V host named Server 1. The network adapters onT Server1 have single root I/O virtualization (SR-IOV) enabled. Server1 hosts a virtual machine named VM1 that runs Windows ServerStudy 2016.

You need to identify whether SR-IOV is used by VM1.

Solution: You sign in to VM1. You run the Get-NetAdapterSriov cmdlet. Materials

Does this meet the goal?

A. Yes B. No & Correct Answer: A Section: (none) Practical Explanation

Explanation/Reference:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

QUESTION 233 Note: This question is part of a series of questions that present the same scenario.& Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, whilePractical others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Hyper-V host named Server 1. The network adapters on Server1 have single root I/O virtualization (SR-IOV) enabled.

Server1 hosts a virtual machine named VM1 that runs Windows Server 2016. QAs

You need to identify whether SR-IOV is used by VM1.

Solution: You sign in to VM1. You view the properties of the network connections.

Does this meet the goal?

A. Yes B. No

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Correct Answer: B Section: (none) Explanation

Explanation/Reference:

T Study

Materials

QUESTION 234 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,& while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. AsPractical a result, these questions will not appear in the review screen.

You have a Hyper-V host named Server 1. The network adapters on Server1 have single root I/O virtualization (SR-IOV) enabled.

Server1 hosts a virtual machine named VM1 that runs Windows Server 2016.

You need to identify whether SR-IOV is used by VM1. QAs

Solution: On Server1, you open Hyper-V Manager and view the Integration Services settings of VM1.

Does this meet the goal?

A. Yes B. No

Correct Answer: B

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Section: (none) Explanation

Explanation/Reference: Explanaon: Viewing integraon services can not determine if a virtual machine is using Single Root I/O Virtualizaon. You could use the Get-NetAdapterSriov cmdlet or the Network tab in Hyper-V-Manager. The following Technet Blog arcle discusses several ways to determine the status of SR-IOV for a VM: Everything you wanted to know about SR-IOV in Hyper-V Part 8 T QUESTION 235 You have a DHCP server named Server1 that runs Windows Server 2016.Study Server1 has the scopes configured as shown in the following table.

Materials

All other scope settings are set to the default values. There is no available address space for another scope to be created.

Your network has 150 desktop computers that have access to the corporate network. Your company also provides visitors with WI-FI access to the network. There can be up to 200 visitors each day. & Practical You discover that some visitors fail to access the WI-FI network because there are no available addresses to allocate to the visitors.

You need to prevent this issue from reoccurring.

What should you do? QAs A. For the Visitors scope, run the Dhcp Split Configuration Wizard. B. Run Set-DhcpServerv4Scope -ActivatePolicies $True -Name Visitors -MaxBootPClients 200. C. Configure a superscope that contains the Visitors scope. D. Run Set-DhcpServerv4Scope -Name Visitors -LeaseDuration 0.02:00:00.

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanaon: The default IP address lease duraon for DHCP clients is 8 days. An assigned IP address is reserved for the respecve client for 8 days by the DHCP server. Also, if the client is connected to the Wi-Fi network for only one hour, the address can not be assigned to another client during these 8 days. By reducing the lease duraon, assigned IP addresses are available to the DHCP server more quickly and can be reassigned to other clients.

QUESTION 236 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have moreT than one correct solution, while others might not have a correct solution. Study After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Hyper-V host named Server 1. The network adapters on Server1 have single root I/O virtualization (SR-IOV) enabled. Materials Server1 hosts a virtual machine named VM1 that runs Windows Server 2016.

You need to identify whether SR-IOV is used by VM1.

Solution: You sign in to VM1. You open Device Manager and view the properties of the network adapters. & Does this meet the goal? Practical A. Yes B. No

Correct Answer: B Section: (none) Explanation QAs

Explanation/Reference: Explanaon: Viewing the properes of the network adapters in Device Manager can not determine if a virtual machine is using Single Root I/O Virtualizaon. You could use the Get-NetAdapterSriov cmdlet or the Network tab in Hyper-V-Manager. The following Technet Blog arcle discusses several ways to determine the status of SR-IOV for a VM: Everything you wanted to know about SR-IOV in Hyper-V Part 8

QUESTION 237 You are deploying a small network that has 30 client computers. The network uses the 192.168.1.0/24 address space. All computers obtain IP configurations from a

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs DHCP server named Server1.

You install a server named Server2 that runs Windows Server 2016. Server2 has two network adapters named Internal and Internet. Internet connects to an Internet Service Provider (ISP) and obtains the 131.107.0.10 IP address. Internal connects to the internal network and is configured to use the 192.168.1.250 IP address.

You need to provide Internet connectivity for the client computers. What should you do? T A. On Server2, select the Internet and Internal network adapters and bridgeStudy the connecons. From the DHCP console on Server1, authorize Server2. B. On Server1, stop the DHCP server. On the Internal network adapter on Server 2, enable Internet Connecon Sharing (ICS). C. On Server2 run the New-NetNat -Name NAT1 -InternalIPInterfaceAddressPrefixMaterials 192.168.1.0/24 cmdlet. Configure Server1 to provide the 003 Router opon of 131.107.0.10. D. Install the Roung role service on Server2 and configure the NAT roung protocol. Configure Server1 to provide the 003 Router opon of 192.168.1.250.

Correct Answer: D Section: (none) Explanation & Explanation/Reference: Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 238 Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2016.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs The DHCP Server server role is installed on Server2. The DNS server role is installed on a server named Server3.

The network contains 500 non-Windows devices that are registered in the DNS zone of contoso.com.

You configure Server2 to lease IP addresses to the non-Windows devices. You need to prevent Server2 from overwriting the host (A) records forT the non-Windows devices. What should you run? Study

Explanation/Reference: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

Addional Answer Choices: A: dism.exe B: dns.exe C: dnscmd.exe

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs D: netsh.exe E: Set-DhcpServerDatabase F: Set-DhcpServerv4DnsSeng G: Set-DhcpServerv6DnsSeng H: Set-DNSServerSeng

QUESTION 239 You are configuring the network for a small branch office. Currently, the branch office does not connect directly to the Internet.

In the branch office, you deploy a new server named Server1 that hasT a server Core installation of Windows Server 2016. Server1 has two network adapters configured as shown in the following table. Study

Materials

You plan to use Server1 to provide Internet connectivity for the branch office.

Routing and Remote Access (RRAS) in installed and configured for VPN remote access on Server1. & You need to configure RRAS on Server1 to provide network address translation (NAT). Practical

Which command or cmdlet should you use first?

A. netsh.exe routing ip nat install B. New-NetNat NAT1 -ExternalIPInterfaceAddressPrefix 131.107.10.1/29 C. route.exe add 192.168.1.1 255.255.255.0 131.107.10.1 metric 1 QAs D. Enable-NetNatTranstionConfiguration

Correct Answer: A Section: (none) Explanation

Explanation/Reference: Explanaon: The Netsh.exe routing ip nat install command adds the NAT protocol to the configuraon of the Roung and Remote Access service. A er the protocol is installed, the network address translaon can be configured.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 240 You have a server named Server1 that runs Windows Server 2016.

Server1 is an IP Address Management (IPAM) server that collects DHCP and DNS logs and events for your entire network.

You need to enable a user named TECH1 to create pointer (PTR), host (A) and service location (SRV) records on all of the DNS servers on the network.

What should you do on Server1? T A. Run the Set-IpamRange cmdlet, and then run the Set-IpamAddressSpaceStudy cmdlet. B. Run the Set-IpamCustomField cmdlet, and then run the Set-IpamAccessScope cmdlet. C. From the IPAM node in Server Manager, assign the IPAM DNS Administrator Role to TECH1 and create a new access policy. D. From the IPAM node in Server Manager, assign the IPAM DNS Administrator Role to TECH1 and create a new access scope. Materials Correct Answer: C Section: (none) Explanation

Explanation/Reference: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 241 Your network contains an Active Directory forest. The forest contains a domain named contoso.com.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs All of the DHCP servers and the DNS servers in the forest are managed by using an IP Address Management (IPAM) server named Cont_IPAM1.

You acquire a new company that has an Active Directory forest. The forest contains a domain named fabrikam.com.

You have six servers that are configured as shown in the following table.

T Study

Materials

& Practical

You need to ensure that all of the DHCP and DNS servers in both of the forest can be managed by using Cont-IPAM1. The solution must use the principle of least privileges.

Which two actions should you perform? Each correct answer presents part of the solution. QAs

A. Create an outgoing forest trust from contoso.com to fabrikam.com B. Upgrade Fabr_DNS1 to Windows Server 2016 C. Upgrade Cont_IPAM1 to Windows Server 2016 D. Upgrade Fabr_DHCP1 to Windows Server 2016 E. Create a two-way forest trust between contoso.com and fabrikam.com

Correct Answer: CE Section: (none)

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation

Explanation/Reference: Explanation: https://github.com/MicrosoftDocs/windowsserverdocs/blob/master/WindowsServerDocs/networking/ technologies/ipam/Manage-Resources-in-Multiple-Active-Directory-Forests.md

QUESTION 242 You have a server named Server1 that has a Server Core installation of Windows Server 2016. Server1 is configured to obtain an IP address automatically.

You need to configure the IPv4 address, netmask, and default gatewayT manually for a network interface named Ethernet on Server1. Study What should you run?

A. ipconfig.exe B. New-NetIPAddress Materials C. Set-NetAdapter D. Set-NetIPv4Protocol

Correct Answer: B Section: (none) Explanation & Explanation/Reference: Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 243 You have a server named Server1 that runs Windows Server 2016 and is configured as a domain controller.

You install the DNS Server server role on Server1.

You plan to store a DNS zone in a custom Active Directory partition.

You need to create a new Active Directory partition for the zone. T What should you use? Study

A. Set-DnsServer B. Dns.exe C. Dnscmd.exe Materials D. Active Directory Administrative Center

Correct Answer: C Section: (none) Explanation

Explanation/Reference: & Explanaon: Practical We can use dnscmd.exe to create a custom Acve Directory paron: dnscmd dc1 /CreateDirectoryParon paron1.contoso.com To enlist an addional domain controller for replicaon of the new parton execute: dnscmd dc2 /EnlistDirectoryParon paron1.contoso.com

QUESTION 244 You are deploying a small network that has 30 client computers. The network uses the 192.168.1.0/24 address space. All computersQAs obtain IP configurations from a DHCP server named Server1.

You install a server named Server2 that runs Windows Server 2016.

Server2 has two network adapters named Internal and Internet. Internet connects to an Internet Service Provider (ISP) and obtains the 131.107.0.10 IP address. Internal connects to the internal network and is configured to use the 192.168.1.250 IP address.

You need to provide Internet connectivity for the client computers.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs What should you do?

A. On Server2, select the Internet and Internal network adapters and bridge the connections. From the DHCP console on Server1, authorize Server2. B. On Server2 run the New-NetNat -Name NAT1 -InternalIPInterfaceAddressPrefix 192.168.1.0/24 cmdlet. Configure Server1 to provide the 003 Router option of 131.107.0.10. C. On Server1, stop the DHCP server. On the Internet adapter on Server2, enable internet Connection Sharing (ICS). D. Install the Roung role service on Server2 and configure the NAT roung protocol. Configure Server1 to provide the 003 Router opon of 192.168.1.250. T Correct Answer: D Study Section: (none) Explanation Explanation/Reference: Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 245 You have an Active Directory forest that contains 30 servers and 6,000 client computers.

You deploy a new DHCP server that runs Windows Server 2016.

You need to retrieve the list of the authorized DHCP servers.

Which command should you run? T Study A. Get-DHCPServerDatabase B. Netstat -p IP -s -a C. Get-DHCPServerInDc D. Show-ADAuthencaonPolicyExpression -AllowedToAuthencateTo Materials

Correct Answer: C Section: (none) Explanation

Explanation/Reference: Explanaon: & The Get-DhcpServerInDC cmdlet retrieves the list of authorized computers running the Dynamic Host Configuraon Protocol (DHCP) server service from Acve Directory (AD). Only a computer running a DHCP server service that is authorizedPractical in AD can lease IP addresses on the network

QUESTION 246 Drag and Drop Question

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 andQAs Server2 that run Windows Server 2016.

Server1 has IP Address Management (IPAM) installed. Server2 has Microsoft System Center 2016 Virtual Machine Manager (VMM) installed.

You need to integrate IPAM and VMM.

Which types of objects should you create on each server? To answer, drag the appropriate object types to the correct servers. Each object type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Select and Place:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Correct Answer: & Practical

QAs

Section: (none) Explanation

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation/Reference: Explanaon: To enable IPAM and Virtual Machine Manager (VMM) integraon, you must first configure a user account for VMM on the IPAM server and then configure the IPAM network service plugin in VMM. Reference: hps://msdn.microso .com/en-gb/library/dn783349(v=ws.11).aspx

QUESTION 247 Hotspot Question

You use a Network Policy Server (NPS) server named NPS1 to authenticateT VPN connections and connections to wireless access points (WAPs). Study You plan to add a new WAP named WAP1.

What should you do on WAP1 and NPS1? To answer, select the appropriate options in the answer area. Materials NOTE: Each correct selection is worth one point.

Hot Area:

& Practical

QAs

Correct Answer:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) Explanation & Explanation/Reference: Explanaon: Practical We need to configure WAP1 to forward authencaon requests to the Network Policy Server (RADIUS server). To do this, the Network Policy Server is configured as a RADIUS server on the wireless access point. On the Network Policy Server, the wireless access point must be registered as a RADIUS client. Otherwise, the forwarded authencaon requests would not be accepted by NPS1.

QUESTION 248 QAs Hotspot Question

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Server1 and a member server named Server2.

Server1 has the DNS Server role installed. Server2 has IP Address Management (IPAM) installed. The IPAM server retrieves zones from Server1 as shown in the following table.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs The IPAM server has one access policy configured as shown in theT exhibit. (Click the Exhibit tab.) Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

Hot Area:

T Study

Materials

& Correct Answer: Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Section: (none) Explanation

Explanation/Reference:

T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 249 Hotspot Question

Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that runs Windows Server 2016.

You install IP Address Management (IPAM) on Server1. You select the automatic provisioning method, and then you specify a prefix of IPAM1.

You need to configure the environment for automatic IPAM provisioning.T Which cmdlet should you run? To answer, select the appropriate optionsStudy in the answer area.

Hot Area: Materials

& Practical

QAs Correct Answer:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Section: (none) Explanation

Explanation/Reference: Explanation: & Practical The Invoke-IpamGpoProvisioning cmdlet creates and links three group policies specified in the Domain parameter for provisioning required access settings on the server roles managed by the computer running the IP Address Management (IPAM) server. The GpoPrefixName parameter specified should be the same as the prefix configured in the IPAM provisioning wizard. The three Group Policy Objects (GPOs) are created with the suffixes _DHCP, _DNS, and _DC_NPS appended to the GpoPrefixName parameter value. These suffixes signify the three different types of access settings that are propagated by them depending on the type of server role managed by the computer running the IPAM server.

QUESTION 250 QUESTION 250 QAs Because the network ID bits must always be chosen in a contiguous fashion from the high order bits, a shorthand way of expressing a subnet mask is to denote the number of bits that define the network ID as a network prefix using the network prefix notation: /. What is the Network Prefix for Class B?

A. /8 B. /64 C. /24 D. /16

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs A. B. C. D.

Correct Answer: D Section: (none) Explanation T Explanation/Reference: Study

QUESTION 251 QUESTION 251 Materials This question is regarding DNS Logging and Diagnosis. Which event is logged for a Recursive query timeout?

A. analytic event B. audit event A. & B. Practical Correct Answer: A Section: (none) Explanation

Explanation/Reference: QAs QUESTION 252 QUESTION 252 Software Defined Networking (SDN) provides a method to centrally configure and manage physical and virtual network devices such as routers, switches, and gateways in your datacenter. Virtual network elements such as Hyper-V Virtual Switch, Hyper-V Network Virtualization, and RAS Gateway are designed to be integral elements of your SDN infrastructure. Software defined networking provides which of the following capabilities?

A. The ability to abstract your applications and workloads from the underlying physical network, which is accomplished by virtualizing the network

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs B.The ability to implement network policies in a consistent manner at scale, even as you deploy new workloads or move workloads across virtual or physical networks.

C.The ability to centrally define and control policies that govern both physical and virtual networks, including traffic flow between these two network types

D.All of these

A. B. C. T D. Study Correct Answer: D Section: (none) Explanation Materials Explanation/Reference:

QUESTION 253 QUESTION 253 With client reservations, you can reserve an IP address for permanent use by a DHCP client. Typically, you will need to do this if the client uses an IP address that was assigned using another method for TCP/IP configuration. If you are reserving an IP address for a new client, or an address that is different from its current one, &you should verify that the address has not already been leased by the DHCP server. Reserving an IP address in a scope does not automatically force a client currently using that address to stop using it. Practical Which ipconfig command would you use if the address is already in use?

A ipconfig /flushdns B. ipconfig /release C. ipconfig /registerdns D.ipconfig /renew QAs

A. B. C. D.

Correct Answer: B Section: (none)

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Explanation

Explanation/Reference: Explanation: If the address is already in use, the client using the address must first release it by issuing a DHCP release message (DHCPRELEASE). You can do this by typing ipconfig /release at the command prompt of a client computer running Windows XP or Windows Vista. Reserving an IP address at the DHCP server also does not force the new client for which the reservation is made to immediately move to that address. In this case, too, the client must first issue a DHCP request message (DHCPREQUEST). You can do this by typing ipconfig /renew at the command prompt of a client compute T QUESTION 254 QUESTION 254 Study The DNS Server service provides several types of zones. Which zone helps to keep delegated zone information current, improve name resolution and simplify DNS administration, but is not an alternative for enhancing redundancy and load sharing? A. secondary Materials B. stub C. none of these D. primary

A. B. C. & D. Practical Correct Answer: B Section: (none) Explanation

Explanation/Reference: Explanation: QAs When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone. This DNS server must have network access to the remote DNS server to copy the authoritative name server information about the zone. When a DNS server loads a stub zone, such as widgets.thetoycompany.com, it queries the master servers, which can be in different locations, for the necessary resource records of the authoritative servers for the zone widgets.thetoycompany.com. The list of master servers may contain a single server or multiple servers, and it can be changed anytime.

QUESTION 255 Question 255

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs The following example displays DNS query results that are performed from a DNS client computer using the Resolve-DnsName cmdlet. resolve-dnsname -name finance.secure.contoso.com -type A -server dns1.contoso.com You want to include the DO bit in a DNS query, to make the client is DNSSEC-aware, so that it is OK for the DNS server to return DNSSEC data in a response. What extra parameter should you use?

A. DnssecCd B. T DnssecOk Study C. LlmnrOnly D. DnsOnly Materials

A. B. C. D. & Correct Answer: B Section: (none) Practical Explanation

Explanation/Reference: Explanation: When DO=1, the client indicates that it is able to receive DNSSEC data if available. Because the secure.contoso.com zone is signed, an RRSIG resource record was included with the DNS response when DO=1. QAs QUESTION 256 QUESTION 256 Which mode is being described below? Deploy the RAS Gateway as an edge VPN server, an edge DirectAccess server, or both simultaneously. In this configuration, RAS Gateway provides remote employees with connectivity to your network by using either VPN or DirectAccess connections.

A. Multitenant mode B.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Single tenant mode

A. B.

Correct Answer: B Section: (none) Explanation T Explanation/Reference: Study

QUESTION 257 QUESTION 257 DHCP servers centrally manage IP addresses and related information and provide Materialsit to clients automatically. This allows you to configure client network settings at a server, instead of configuring them on each client computer. If you want this computer to distribute IP addresses to clients, then configure this computer as a DHCP server. TRUE or FALSE. Can you install the DHCP server role on a Nano server?

A. TRUE & B. FALSE Practical

A. B.

Correct Answer: B Section: (none) QAs Explanation

Explanation/Reference:

QUESTION 258 QUESTION 258 Is the following statement TRUE or FALSE? You can use SLB with a VLAN-based network for DIP VMs connected to a SDN Enabled Hyper-V Virtual Switch.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs FALSE B. TRUE

A. B.

Correct Answer: A Section: (none) Explanation T Study Explanation/Reference:

QUESTION 259 QUESTION 259 Materials The socket pool enables a DNS server to use source port randomization when issuing DNS queries. Which command offers the greatest protection?

A. dnscmd /Config /SocketPoolSize 1000 B. dnscmd /Config /SocketPoolSize 0 & C. dnscmd /Config /SocketPoolSize 1 Practical D. dnscmd /Config /SocketPoolSize 1000 /SocketPoolExcludedPortRanges 1-65535

A. B. C. QAs D.

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

QUESTION 260

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 260 The following question is difficult, take your time and use a piece of paper if you need. What is the network ID of the IP node 129.56.189.41 with a subnet mask of 255.255.240.0?

A. 129.56.189.0 B. 129.56.176.1 C. T 129.56.189.1 Study D. 129.56.176.0

A. Materials B. C. D.

Correct Answer: D Section: (none) & Explanation Practical Explanation/Reference: Explanation: To obtain the result, turn both numbers into their binary equivalents and line them up. Then perform the AND operation on each bit and write down the result. 10000001 00111000 10111101 00101001 IP Address 11111111 11111111 11110000 00000000 Subnet Mask 10000001 00111000 10110000 00000000 Network ID The result of the bit-wise logical AND of the 32 bits of the IP address and the subnet mask is the network ID 129.56.176.0. QAs

QUESTION 261

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

A. Create an outgoing forest trust from contoso.com to fabrikam.com.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs B. Upgrade Fabr_DNS1 to Windows Server 2016. C. Upgrade Cont_IPAM1 to Windows Server 2016. D. Upgrade Fabr_DHCP1 to Windows Server 2016. E. Create a two-way forest trust between contoso.com and fabrikam.com.

Correct Answer: CE Section: (none) Explanation T Explanation/Reference: Study

Materials

& Practical

QAs

QUESTION 262

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs You are the administrator for your company. Your Network contains an Acve Directory domain named contoso.com. You pilot DirectAccess on the network

During the pilot deployment, you enable DirectAccess only for a group named Contoso\Test Computers. Ones the pilot is complete, you need to enable DirectAccess for all the client computers in the domain

What should you do?

T A. From Windows PowerShell, run the Set-DAClient cmdlet. B. From Windows PowerShell, run the Set-DirectAccess cmdlet Study C. From Acve Directory Users and Computers, modify the membership of the Windows Authorizaon Access Group D. From Group Policy Management, modify the security filtering of an object named Direct Access Client Seng Group Policy. Materials Correct Answer: D Section: (none) Explanation

Explanation/Reference: & QUESTION 263 Practical You have two Windows Server Update Services (WSUS) Server named Server1 and Server2. Server1 downloads updates from Microso update. You need to ensure that Server2 syncronizes updates from Server1. Which port should to open on the Firewall between Server1 and Server2?

A. 80 B. 443 QAs C. 3389 D. 8530

Correct Answer: Section: (none) Explanation

Explanation/Reference: Explanaon: WSUS upstream and downstream servers will synchronize on the port configured by the WSUS Administrator. By default, these ports

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs are configured as follows: On WSUS 3.2 and earlier, port 80 for HTTP and 443 for HTTPS On WSUS 6.2 and later (at least Windows Server 2012), port 8530 for HTTP and 8531 for HTTPS The firewall on the WSUS server must be configured to allow inbound traffic on these ports.

QUESTION 264 Note: This queson is part of a series of quesons that present the same scenario. Each queson in the series contains a unique soluon. Determine whether the soluon meets the stated goals. Your network contains an Acve Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run Windows 10. T On Server1, you have the following zone configuraon. Study

Materials

& Practical

QAs

You need to prevent Server1 from resolving queries from DNS clients located on Subnet4. Server1 must resolve queries from all other DNS clients. Soluon: From a Group Policy object (GPO) in the domain, you modify the Name Resoluon Policy. Does this meet the goal?

A. Yes B. No

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Correct Answer: B Section: (none) Explanation

Explanation/Reference:

QUESTION 265 You install a new Nano Server named Nano1. Nano1 is a member of a workgroup and has an IP address of 192 1698 1.10. You have a server named Server1 that runs Windows Server 2016.T From Server1, you need to establish a Windows PowerShell session toStudy Nano1. How should you complete the PowerShell script? (To answer, drag the appropriate cmdlets to the correct targets Each cmdlet may be used once, more than once, or not at all.) Materials

& Practical

QAs

Select and Place:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

Correct Answer: & Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs Section: (none) Explanation

Explanation/Reference:

T Study

Materials

& Practical

QUESTION 266 QAs Note: This queson is part of a series of quesons that present the same scenario. Each queson in the series contains a unique soluon. Determine whether the soluon meets the stated goals. You have an Acve Directory domain named contoso com. The domain contains a VPN server named VPN1 that runs Windows Server 2016. Users can establish a VPN connecon with VPN1 at any me on seven days of the week. You must ensure that users can only connect to VPN1 from Monday to Friday. Soluon: You configure the settings on the Dial-in tab in the users properties Does this meet the goal?

A. Yes

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs B. NO

Correct Answer: B Section: (none) Explanation

Explanation/Reference: T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 267

T Study

Materials

A. Yes & B. No Practical

Correct Answer: B Section: (none) Explanation

Explanation/Reference: Explanaon: QAs The properes of the RAS server do not provide a way to restrict the mes for VPN dial-in.

QUESTION 268

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

A. YES B. NO & Correct Answer: A Practical Section: (none) Explanation

Explanation/Reference:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 269

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs A. Yes B. NO

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

QUESTION 270

& Practical

QAs

A. YES

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs B. NO

Correct Answer: B Section: (none) Explanation

Explanation/Reference: T Study

Materials

& Practical

QAs QUESTION 271

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

A. Configure the NAT network (Network Address Translaon) on Host1. B. Configure the server role Remote Access on a virtual computer. Materials C. Create an internal switch for virtual computers on Host1 and assign an IP address tot he switch. D. Connect each virtual computer to the virtual switch. E. Configure the sengs of each virtual computer and enable the virtual LAN idenficaon

Correct Answer: ACE Section: (none) Explanation &

Explanation/Reference: Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical QUESTION 272

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

A. YES & B. NO Practical

Correct Answer: B Section: (none) Explanation Explanation/Reference: QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 273

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs A. yes B. no

Correct Answer: B Section: (none) Explanation Explanation/Reference: T Study QUESTION 274 Note: This queson is part of a series of quesons that use the same scenario. For your convenience, the scenario is repeated in each queson. Each queson presents a different goal and answer choices, but the text of the scenario is exactly the same in each queson in this series. Start of repeated scenario. Materials You are a network administrator for a company named Contoso,Ltd. The network is configured as shown in the exhibit

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs End of repeated scenario. You add a computer to subnet1. The computer has an IP address of 10.10.0.129 Web1 receives a request from the new computer and sends a response. The computer on subnet1 does not receive the response from Web1..

You need to add a new roung entry for subnet1 on Web1. What gateway do you specify for the new route? T A. 10.10.0.129 Study B. 10.10.0.224 C. 131.107.0.223 D. 172.16.128.222 Materials

Correct Answer: C Section: (none) Explanation Explanation/Reference: &

QUESTION 275 Practical

QAs

A. From Windows PowerShell, run the Add-Member cmdlet B. From Server Manager, create an access policy. C. From Windows PowerShell, run the Set-IpamConfiguraon cmdlet.

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs D. From Server Manager, create an access scope.

Correct Answer: B Section: (none) Explanation

Explanation/Reference: T Study

Materials

& QUESTION 276 You are an administrator for your company. You need to verify whether a DNS response from a DNS serverPractical is signed by DNSSEC. What should you run?

A. Nslookup.exe B. Dnscmd.exe C. Get-NetIPAddress D. Resolve-DNSName QAs

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

QUESTION 277

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

A. Create a reverse lookup zone named 0.in-addr.arpa. B. Create a forward lookup zone named globalnames. Materials C. From DNS Manager, modify the advanced properes of server1 D. From DNS Manager, modify the forwarders properes of Server1. E. Create a forward lookup zone named ".". F. Run dnscmd.exe and specify the /config parameter.

Correct Answer: CEF & Section: (none) Explanation Practical

Explanation/Reference:

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs QUESTION 278

T Study

Materials

A. Run ipconfig and specify the FlushDns parameter. & B. Run ipconfig and specify the Renew parameter Practical C. Run dnscmd and specify the ClearCache parameter D. Run Set-DnsServerResourceRecordAging.

Correct Answer: C Section: (none) Explanation QAs

Explanation/Reference: Explanaon: We can clear the DNS cache on the DNS server with either Dnscmd /ClearCache from command prompt or with Clear-DnsServerCache from Windows PowerShell.

QUESTION 279

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs A. YES B. NO

Correct Answer: A Section: (none) Explanation Explanation/Reference: T Study

Materials

& Practical

QUESTION 280 Note: This queson is part of a series of quesons that present the same scenario. Each quesons in the series contains a unique soluon that might meet the stated goals. Some quesons sets might have more than one correct soluon, while others might notQAs have a correct soluon. Determine whether the soluon meets the stated goals. Your network contains a Windows Server 2016 Hyper-V host named Server1. Server1 has two virtual machines named VM1 and VM2 that run Windows Server 2016. Server1 has the following virtual switches configured:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs VM1 connects to Private1. VM2 has two network adapters. T You need to ensure that VM1 connects to the corporate network by usingStudy NAT. Soluon: You connect VM1 to Internal1. You run the New-NetIpAddress and the New-NetNat cmdlets on Server1. You configure VM1 to use Server1 as the default gateway. Does this meet the goal? Materials A. yes B. no

Correct Answer: B Section: (none) Explanation & Explanation/Reference: Practical

QUESTION 281 Note: This queson is part of a series of quesons that present the same scenario. Each queson in the series contains a unique soluon. Determine whether the soluon meets the stated goals. You are implemenng a secure network. The network contains a DHCP server named Server1 that runs Windows Server 2016.QAs You create a DHCP allow filter that contains all of the computers on the network that are authorized to receive IP addresses. You discover that unauthorized computers can receive an IP address from Server1. You need to ensure that only authorized computers can receive an IP address from Server1.

Soluon: You run the following command. Set-DhcpServerv4FilterList –ComputerName DC1 –Allow $False –Deny $True Does this meet the goal?

A. Yes

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs B. NO

Correct Answer: B Section: (none) Explanation

Explanation/Reference: Explanaon: Windows Server 2016 includes the ability to explicitly Allow or Deny DHCP requests to defined MAC addresses. This allows you to prevent unknown devices from obtaining DHCP access to the networkT by creang a Block List and/or an Allow list. Enable the Allow list will cause DCHP to operate on a "Whilelist" which Studyrequire you to create an Allow List entry for every MAC address that should be given an IP address. By default, DHCP operates ona "Blacklist" which allows all MAC addresses to be given an IP except for ones expecitly defined on the Deny List. The Cmdlet shown in the soluon disables the allow filter and enables the deny filter. Since the allow filter is disabled the authorized computers cannot receive an IP address from Server1. Reference: Set-DhcpServerv4FilterList Materials QUESTION 282 Note: This queson is part of a series of quesons that present the same scenario. Each queson in the series contains a unique soluon. Determine whether the soluon meets the stated goals.

You have an IP Address Management (IPAM) server named IPAM1 that runs Windows Server 2016. IPAM1 manages all of the DHCP servers on your network & Practical You are troubleshoong an issue for a client that fails to receive an IP address from DHCP.

You need to ensure that from IPAM1, you can view all of the event data for the DHCP leases from the last 24 hours.

Soluon: From Windows PowerShell, you run the Get-IpamIpAddressAuditEvent cmdlet. Does this meet the goal? QAs

A. YES B. NO

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

QUESTION 283 You have a DNS server named Server1 that runs Windows Server 2016. Server 1 has a forward lookup zone for Contoso.com. The records in the zone are shown below:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs A. When a client computer that has an IP address of 172.16.0.10 aempts to resolve host1.contoso.com, host1.contoso.com resolves to 172.16.99.99. B. When a client computer that has an IP address of 172.16.0.10 aempts to resolve host1.contoso.com, the name resoluon fails to return an IP address C. When a client computer that has an IP address of 172.16.1.56 aempts to resolve host1.contoso.com, host1.contoso.com resolves to 172.16.99.99. D. When a client computer that has an IP address of 172.16.1.56 aempts to resolve host1.contoso.com, host1.contoso.com resolves to 172.16.0.100. E. When a client computer that has an IP address of 172.16.1.56 aemptsT to resolve host1.contoso.com, the name resoluon fails to return an IP address. F. When a client computer that has an IP address of 172.16.0.10 aemptsStudy to resolve host1.contoso.com, host1.contoso.com resolves to 172.16.0.100.

Correct Answer: BD Section: (none) Materials Explanation

Explanation/Reference:

QUESTION 284 Note: This queson is part of a series of quesons that present the same scenario. Each queson in the& series contains a unique soluon. Determine whether the soluon meets the stated goals. You have an Acve Directory domain named contoso com. The domain contains a VPN server named VPN1Practical that runs Windows Server 2016. Users can establish a VPN connecon with VPN1 at any me on seven days of the week. You must ensure that users can only connect to VPN1 from Monday to Friday. Soluon: You configure the sengs on the Dial-in tab in the users properes. Does this meet the goal? QAs

A. YES B. NO

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs T Study

Materials

& Practical

QAs

T Study Materials & Practical QAs .70-741.IT Study Materials & Practical QAs284 T Study Materials & Practical QAs