Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview -
Contoso, Ltd. is a manufacturing company that has a main office in Seattle and branch offices in Los Angeles and Montreal.
Existing Environment -
Active Directory Environment -
Contoso has an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with an Azure Active Directory (Azure AD) tenant.
The AD DS domain contains the domain controllers shown in the following table.
Contoso recently purchased an Azure subscription.
The functional level of the forest is Windows Server 2012 R2. The functional level of the domain is Windows Server 2012. The forest has the Active Directory
Recycle Bin enabled.
The contoso.com domain contains the users shown in the following table.
The contoso.com domain has the Group Policy Objects (GPOs) shown in the following table.
The contoso.com domain has the Password Settings Objects (PSOs) shown in the following table.
Server Infrastructure -
The contoso.com domain contains servers that run Windows Server 2022 as shown in the following table.
By using Windows Firewall with Advanced Security, the servers have isolation connection security rules configured as shown in the following table.
Server4 has no connection security rules.
Server4 Configurations -
Server4 has the effective Group Policy settings for user rights as shown in the following table.
Server4 has the disk configurations shown in the following exhibit.
Virtualization Infrastructure -
The contoso.com domain has the Hyper-V failover clusters shown in the following table.
Technical Requirements -
Contoso identifies the following technical requirements:
Promote a new server named DC4 that runs to Windows Server 2022 to a domain controller.
Replicate the virtual machines from Cluster2 to an Azure Recovery Services vault.
Centrally manage performance alerts in Azure for all the domain controllers.
Ensure that User1 can recover objects from the Active Directory Recycle Bin.
Migrate Share1 to Server2, including all the share and folder permissions.
Back up Server4 and all data to an Azure Recovery Services vault.
Use Hyper-V Replica to protect the virtual machines in Cluster3.
Implement BitLocker Drive Encryption (BitLocker) on Server4.
Whenever possible, use the principle of least privilege.
HOTSPOT -
What is the effective minimum password length for User1 and Admin1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Introductory Info
Question
Box 1: 9 -
When multiple PSOs apply to a user, the PSO with the highest precedence (lowest precedence number) applies which in this case is PSO1.
Box 2: 8 -
There are no PSOs applied to Admin1 so the password policy from the Default Domain GPO applies.
The Minimum password length setting in GPO1 would only apply to local user accounts on computers in OU1. It does not apply to domain user accounts.