2016.Oct New Microsoft 70-414: Implementing an Advanced Server Infrastructure Exam Questions Updated!
Free Instant Download 70-414 Exam Dumps (PDF & VCE) 252Q&As from Braindump2go.com Today!

100% Real Exam Questions! 100% Exam Pass Guaranteed!

1.| 2016.10 Latest 70-414 Exam Dumps (PDF & VCE) 252Q&As Download:
http://www.braindump2go.com/70-414.html

2.| 2016.10 Latest 70-414 Exam Questions & Answers:
https://drive.google.com/folderview?id=0B75b5xYLjSSNfjFDZEl5S3lVWkV0YXR5RGw2VlI0VndGN3VodlRxZ1NTempJdTQ1emZmTWM&usp=sharing

QUESTION 11
Your network contains an Active Directory domain named contoso.com.
You deploy Microsoft System Center 2012 Virtual Machine Manager (VMM).
The network contains five physical servers.
The servers are configured as shown in the following table.
You plan to use VMM to convert the existing physical servers to virtual machines.
You need to identify which physical servers can be converted to virtual machines.
Which servers should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
 

A.    Server1
B.    Server2
C.    Server3
D.    Server4
E.    Server5

Answer: ADE
Explanation:
http://technet.microsoft.com/en-us/systemcenter/hh278293.aspx

QUESTION 12
Your network contains an Active Directory domain named contoso.com.
You deploy Active Directory Certificate Services (AD CS).
Your company, which is named Contoso, Ltd., has a partner company named Fabrikam, Inc. Fabrikam also deploys AD CS. Contoso and Fabrikam plan to exchange signed and encrypted email messages.
You need to ensure that the client computers in both Contoso and Fabrikam trust each other’s email certificates.
The solution must prevent other certificates from being trusted.
What should you do? More than one answer choice may achieve the goal. Select the BEST answer.

A.    Implement an online responder in each company.
B.    Exchange the root certification authority (CA) certificates of both companies, and then
deploy the certificates to the Trusted Root Certification Authorities store by using Group
Policy objects (GPOs).
C.    Exchange the root certification authority (CA) certificates of both companies, and then
deploy the certificates to the Enterprise Trust store by using Group Policy objects (GPOs).
D.    Implement cross-certification in each company.

Answer: D

QUESTION 13
Your network contains an Active Directory domain named contoso.com.
Your company has an enterprise root certification authority (CA) named CA1.
You plan to deploy Active Directory Federation Services (AD FS) to a server named Serverl.
The company purchases a Microsoft Office 365 subscription.
You plan register the company’s SMTP domain for Office 365 and to configure single sign-on for all users.
You need to identify which certificate or certificates are required for the planned deployment. Which certificate or certificates should you identify? (Each correct answer presents a complete solution. Choose all that apply.)

A.    a server authentication certificate that is issued by a trusted third-party root CA and that
contains the subject name serverl.contoso.com
B.    a server authentication certificate that is issued by CA1 and that contains the subject name Server1
C.    a server authentication certificate that is issued by a trusted third-party root CA and that
contains the subject name Server1
D.    a server authentication certificate that is issued by CA1 and that contains the subject name serverl.contoso.com
E.    self-signed server authentication certificates for serverl.contoso.com

Answer: AE

QUESTION 14
Your network contains an Active Directory domain named contoso.com.
You plan to deploy an Active Directory Federation Services (AD FS) farm that will contain eight federation servers.
You need to identify which technology or technologies must be deployed on the network before you install the federation servers.
Which technology or technologies should you identify? (Each correct answer presents part of the solution. Choose all that apply.)

A.    Network Load Balancing (NLB)
B.    Microsoft Forefront Identity Manager (FIM) 2010
C.    The Windows Internal Database feature
D.    Microsoft SQL Server 2012
E.    The Windows Identity Foundation 3.5 feature

Answer: AD
Explanation:
Best practices for deploying a federation server farm We recommend the following best practices for deploying a federation server in a production environment:
– (A) Use NLB or some other form of clustering to allocate a single IP address for many federation server computers.
– (D) If the AD FS configuration database will be stored in a SQL database, avoid editing the SQL database from multiple federation servers at the same time.
– If you will be deploying multiple federation servers at the same time or you know that you will be adding more servers to the farm over time, consider creating a server image of an existing federation server in the farm and then installing from that image when you need to create additional federation servers quickly.
– Reserve a static IP address for each federation server in the farm and, depending on your Domain Name System (DNS) configuration, insert an exclusion for each IP address in Dynamic Host Configuration Protocol (DHCP). Microsoft NLB technology requires that each server that participates in the NLB cluster be assigned a static IP address.
Reference: When to Create a Federation Server Farm

QUESTION 15
Your network contains an Active Directory domain named contoso.com.
The network contains two servers named Server1 and Server2.
You deploy Active Directory Certificate Services (AD CS).
The certification authority (CA) is configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can issue certificates based on certificate templates.
What should you do?
 

A.    On Server1, install the Network Device Enrollment Service role service.
B.    Configure Server1 as a standalone root CA.
C.    Configure Server2 as an Enterprise CA.
D.    On Server1, run the Add-CertificateEnrollmentPolicyServer cmdlet.

Answer: C
Explanation:
In a typical CA infrastructure the Stand-alone CAs are primarily intended to be used as Trusted Offline RootCAs in a CA hierarchy or when extranets and the Internet are involved.
In a stand-alone CA Certificatetemplates are not used.
An enterprise CA uses certificate types, which are based on a certificate template

QUESTION 16
Your network contains an Active Directory domain named contoso.com.
The network contains a server named Server1 that runs Windows Server 2012.
Server1 has the Active Directory Certificate Services server role installed.
Serve1l is configured as an offline standalone root certification authority (CA).
You install the Active Directory Certificate Services server role on Server2 and configure the server as an enterprise subordinate CA.
You need to ensure that the certificate issued to Server2 is valid for 10 years.
What should you do first?

A.    Modify the registry on Server1.
B.    Modify the registry on Server2.
C.    Modify the CAPolicy.inf file on Server2.
D.    Modify the subordinate CA certificate template.
E.    Modify the CAPolicy.inf file on Server1.

Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/hh831348.aspx
http://marckean.wordpress.com/2010/07/28/build-an-offline-root-ca-with-a-subordinate-ca/
Point 4. Setup the root CA to issue certificates with an expiry date of 10 years (will issue to the Sub CA for 10 years)
Change the following registry path on the Root CA -HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\Root-CA\ValidityPeriodUnits
Change the REG_DWORD decimal value to 10.
This changes it to 10 years, so when the Sub CA gets a certificate, it won’t expire for another 10 years.

QUESTION 17
Your company has an office in New York.
Many users connect to the office from home by using the Internet.
You deploy an Active Directory Certificate Services (AD CS) infrastructure that contains an enterprise certification authority (CA) named CA1.
CA1 is only available from hosts on the internal network.
You need to ensure that the certificate revocation list (CRL) is available to all of the users.
What should you do? (Each correct answer presents part of the solution. Choose all that apply.)

A.    Create a scheduled task that copies the CRL files to a Web server.
B.    Run the Install-ADCSWebEnrollment cmdlet.
C.    Run the Install-EnrollmentPolicyWebService cmdlet.
D.    Deploy a Web server that is accessible from the Internet and the internal network.
E.    Modify the location of the Authority Information Access (AIA).
F.    Modify the location of the CRL distribution point (CDP).

Answer: ADF
Explanation:
D: access to CRLs for the ‘Internet scenario’ is fully supported and includes the following features:
CRLs will be located on Web servers which are Internet facing.
CRLs will be accessed using the HTTP retrieval protocol.
CRLs will be accessed using an external URL of
http://dp1.pki.contoso.com/pk
F: To successfully authenticate an Internet Protocol over Secure Hypertext Transfer Protocol (IP-HTTPS)-based connection, DirectAccess clients must be able to check for certificate revocation of the secure sockets layer (SSL) certificate submitted by the DirectAccess server.
To successfully perform intranet detection, DirectAccess clients must be able to check for certificate revocation of the SSL certificate submitted by the network location server.
This procedure describes how to do the following:
Create a Web-based certificate revocation list (CRL) distribution point using Internet Information Services (IIS)
Configure permissions on the CRL distribution shared folder Publish the CRL in the CRL distribution shared folder
Reference: Configure a CRL Distribution Point for Certificates


!!!RECOMMEND!!!

1.| 2016.10 Latest 70-414 Exam Dumps (PDF & VCE) 252Q&As Download:
http://www.braindump2go.com/70-414.html

2.| 2016.10 Latest 70-414 Exam Questions & Answers:
https://drive.google.com/folderview?id=0B75b5xYLjSSNfjFDZEl5S3lVWkV0YXR5RGw2VlI0VndGN3VodlRxZ1NTempJdTQ1emZmTWM&usp=sharing