Q30. You have an onpremises DNS server named Server1 that runs Windows Server. Server 1 hosts a DNS zone named fabrikam.com You have an Azure subscription that contains the resources shown in the following table.

Q31. Your network contains a single-domain Active Directory Domain Services (AD DS) forest named conto.com. The forest contains the servers shown in the following exhibit table.

You plan to install a line-of-business (LOB) application on Server1. The application will install a custom windows services.
A new corporate security policy states that all custom Windows services must run under the context of a group managed service account (gMSA). You deploy a root key.
You need to create, configure, and install the gMSA that will be used by the new application.
您应该执行哪两个操作？每个正确答案都给出了部分解决方案。
注意：每个正确选项得一分。

Q32. You have a server that runs Windows Server and contains a shared folder named UserData.
You need to limit the amount of storage space that each user can consume in UserData.
您应该使用什么？

Q33. Case Study 1 – Fabrikam, Inc
概述
Fabrikam, Inc is a manufacturing company that has a main office in New York and a branch office in Seattle.
现有环境
内部服务器
内部网络包含运行 Windows Server 的服务器，如下表所示。

DC1 承载所有操作主控角色。
WEB1 和 WEB2 运行一个名为 Webapp1 的 Internet 信息服务（IIS）网络应用程序。
内部网络
纽约和西雅图办事处通过冗余广域网链路连接。
每个办公室的客户计算机都从本地 DHCP 服务器获取 IP 地址。
DHCP1 contains a scope named Scope1 that has addresses for the New York office, DHCP2 contains a scope named Scope2 that has addresses for the Seattle office.
Identity Infrastructure
The network contains a single on-premises Active Directory Domain Services (AD DS) domain named corp.falbrikam.com. Currently, all the service accounts use individual domain user accounts.
All domain controllers have the DNS Server role installed and host a copy of the Active Directory integrated DNS zone of corp.fabrikam.com.
The corp.fabrikam.com AD DS domain syncs with an Azure Active Directory (Azure AD) tenant.
Group Policy Objects (GPOs)
The corp.fabrikam.com domain contains the organizational units (OUs) and custom Group Policy Objects (GPOs) shown in the following table.

要求
计划中的变更
Fabrikam identifies the following planned changes:
Create a single Azure subscription named Sub1 that will contain a single Azure virtual network named Vnet1.
Replace the WAN links between the Seattle and New York offices by using Azure Virtual WAN and FxpressRoute. Both on premises offices will be connected to Vnet1 by using ExpressRoute.
Create three Azure file shares named newyorkhiles, seattlefiles, and companyfiles.
Create a domain controller named dc3.corp.fabrikam.com in Vnet1.
Deploy an Azure Virtual Desktop host pool to Vnet1. The Azure Virtual Desktop session hosts will be hybrid Azure AD-joined.
License all servers for Microsoft Defender for servers.
Use Azure Policy to enforce configuration management policies on the servers in Azure and on- premises.
联网要求
Fabrikam identifies the following networking requirements:
Implement Virtual WAN and ensure that all the network traffic between the sites uses Virtual WAN. All communications must occur over ExpressRoute.
If a DHCP server fails, ensure that the client computers can continue to receive their dynamic IP address and renew their existing lease.
Ensure that the resources in Vnet1 can resolve the names of the on-premises servers in the corp.fabrikam.com domain.
Security Requirements
Fabrikam 确定了以下安全要求：
Apply GPO4 to the Azure Virtual Desktop session hosts. Ensure that Azure Virtual Desktop user sessions lock after being idle for 10 minutes. Users must be able to control the lockout time manually from their client computer.
Ensure that server administrators request approval before they can establish a Remote Desktop connection to an Azure virtual machine. If the request is approved, the connection must be established within two hours.
Prevent user passwords from containing all or part of words that are based on the company name, such as Fab, f@br1kAm or fabr!|.
Ensure that all instances of Webapp1 use the same service account. The password of the service account must change automatically every 30 days.
Prevent domain controllers from directly contacting hosts on the internet.
文件共享要求
您需要配置 Azure 文件的同步，以满足以下要求：
Ensure that seattlefiles syncs to FS2.
Ensure that newyorkfiles syncs to FS1.
Ensure that companyfiles syncs to both FS1 and FS2.
Question
热点问题
You need to configure Azure File Sync to meet the file sharing requirements.
What should you do? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

Q34. Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
该网络包含下表所示的服务器。

You plan to implement IP Address Management (IPAM).
You need to use the Group Policy based provisioning method for managed servers. The solution must support server discovery.
您应该怎么做？要回答问题，请在答案区域选择适当的选项。
注意：每个正确选项得一分。

Q35. Your network contains two Active Directory forests and a domain trust as shown in the following exhibit.

The domain trust has the following configurations:
* Name: adatum.com
* Type: External
* Direction: One-way. outgoing
* Outgoing trust authentication level: Domain-wide authentication

The forests contain the network shares shown in the following table.

对于下列每项陈述，如果为真，请选择 "是"。注意：每个正确选项得一分。

Q36. Your network contains a single domain Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a single Active Directory site.
You plan to deploy a read only domain controller (RODC) to a new datacenter on a server named Server1. A user named User1 is a member of the local Administrators group on Server1.
You need to recommend a deployment plan that meets the following requirements:
Ensures that a user named User1 can perform the RODC installation on Server1 Ensures that you can control the AD DS replication schedule to the Server1 Ensures that Server1 is in a new site named RemoteSite1 Uses the principle of least privilege Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Q37. You create an Azure virtual machine named Server1 that runs Windows Server.
Server1 has the disk configuration shown in the following exhibit.

Q38. You have an on-premises network that is connected to an Azure virtual network by using a Site-to-Site VPN.
Each network contains a subnet that has the same IP address space. The on-premises subnet contains a virtual machine.
You plan to migrate the virtual machine to the Azure subnet.
You need to migrate the on premises virtual machine to Azure without modifying the IP address. The solution must minim administrative effort.
What should you implement before you perform the migration?

Q39. You have an Azure Active Directory Domain Services (Azure AD DS) domain named contoso.com.
You need to provide an administrator with the ability to manage Group Policy Objects (GPOs). The solution must use the principle of least privilege.
To which group should you add the administrator?

Q40. 拖放问题
您有一台名为 Server1 的服务器，它运行 Windows Server 并安装了 Hyper-V 服务器角色。服务器 1 承载着名为 VM1 的虚拟机。
服务器 1 有一个 NVMe 存储设备，通过使用离散设备分配将其分配给 VM1。
您需要向主机提供设备。
您应该依次执行哪四个操作？要回答问题，请将适当的操作从操作列表移到答案区域，并按正确顺序排列。

Q41. You need to meet the technical requirements for the site links. Which users can perform the required tasks?

Q42. 您可以添加 lo Group3 和 Groups 中的哪些组？要回答问题，请在答案中选择适当的选项。

Q43. 您部署了一个名为 contoso.com 的新 Active Directory 域服务 (AD DS) 林。该域包含名为 DC1、DC2 和 DC3 的三个域控制器。
将 Default-First-Site-Name 重命名为 Site1。
您计划将 DC1、DC2 和 DC3 发送到不同地点的数据中心。
您需要在 DC1、DC2 和 DC3 之间配置复制，以满足以下要求：
每个域控制器必须位于自己的 Active Directory 站点中。
每个站点之间的复制计划必须独立控制。
必须尽量减少复制中断。
您应该在 Active Directory 站点和服务控制台中依次执行哪三个操作？要回答问题，请将适当的操作从操作列表移动到答案区域，并按正确的顺序排列。

Q44. 您有一个名为 VM1 的 Azure 虚拟机，运行 Windows Server。
You perform the following actions on VM1:
Create a folder named Folder1 on volume C.
Create a folder named Folder2 on volume D.
Add a new data disk to VM1 and create a new volume that is assigned drive letter E.
Install an app named App1 on volume E.
You plan to resize VM1.
Which objects will present after you resize VM1?

Q45. You have two on-premises servers named Server1 and Servet2 that run Windows Server.
You have an Azure Storage account named storage1 that contains a file share named share’. Server1 syncs with share1 by using Azure File Sync You need to configure Server2 to sync with share1.
您应该依次执行哪三个操作？要回答问题，请将适当的操作从操作列表移到答案区域，并按正确顺序排列。