Answer: A 

Explanation: 

NAP enforcement for DHCP DHCP enforcement is deployed with a DHCP Network Access Protection (NAP) enforcement server component, a DHCP enforcement client component, and Network Policy Server (NPS). Using DHCP enforcement, DHCP servers and NPS can enforce health policy when a computer attempts to lease or renew an IP version 4 (IPv4) address. However, if client computers are configured with a static IP address or are otherwise configured to circumvent the use of DHCP, this enforcement method is not effective. 

Note: The NAP health policy server can use a health requirement server to validate the health state of the NAP client or to determine the current version of software or updates that need to be installed on the NAP client. 

Reference: NAP Enforcement for DHCP 

http://technet.microsoft.com/en-us/library/cc733020(v=ws.10).aspx 

Answer:  

Answer: B 

Explanation: 

Scenario: 

A server that runs Windows Server 2012 will perform RADIUS authentication for all of the 

VPN connections. 

Ensure that NAP with IPSec enforcement can be configured. 

Network Policy Server 

Network Policy Server (NPS) allows you to create and enforce organization-wide network 

access policies for client health, connection request authentication, and connection request 

authorization. In addition, you can use NPS as a Remote Authentication Dial-In User 

Service 

(RADIUS) proxy to forward connection requests to a server running NPS or other RADIUS 

servers that you configure in remote RADIUS server groups. 

NPS allows you to centrally configure and manage network access authentication, 

authorization, are client health policies with the following three features: RADIUS server. 

NPS performs centralized authorization, authorization, and accounting for wireless, 

authenticating switch, remote access dial-up and virtual private network (VNP) 

connections. When you use NPS as a RADIUS server, you configure network access 

servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. You 

also configure network policies that NPS uses to authorize connection requests, and you 

can configure RADIUS accounting so that NPS logs accounting information to log files on 

the local hard disk or in a Microsoft SQL Server database. 

Reference: Network Policy Server 

Answer: B 

Reference: How to integrate IPAM with SCVMM 2012 R2 

Answer: B 

Explanation: * Scenario: A central log of the IP address leases and the users associated to those leases must be created. 

* Feature description IPAM in Windows Server 2012 is a new built-in framework for discovering, monitoring, auditing, and managing the IP address space used on a corporate network. IPAM provides for administration and monitoring of servers running Dynamic Host Configuration Protocol (DHCP) and Domain Name Service (DNS). IPAM includes components for: 

. Automatic IP address infrastructure discover)': IPAM discovers domain controllers, DHCP servers, and DNS servers in the domains you choose. You can enable or disable management of these servers by IPAM. 

. Custom IP address space display, reporting, and management: The display of IP addresses is highly customizable and detailed tracking and utilization data is available. IPv4 and IPv6 address space is organized into IP address blocks, IP address ranges, and individual IP addresses. IP addresses are assigned built-in or user-defined fields that can be used to further organize IP address space into hierarchical, logical groups. 

. Audit of server configuration changes and tracking of IP address usage: Operational events are displayed for the IPAM server and managed DHCP servers. IPAM also enables IP address tracking using DHCP lease events and user logon events collected from Network Policy Server (NPS), domain controllers, and DHCP servers. Tracking is available by IP address, client ID, host name, or user name. 

. Monitoring and management of DHCP and DNS services: IPAM enables automated service availability monitoring for Microsoft DHCP and DNS servers across the forest. DNS zone health is displayed, and detailed DHCP server and scope management is available using the IPAM console. 

Reference: IP Address Management (IPAM) Overview 

Answer: C 

Explanation: 

Distribution point groups provide a logical grouping of distribution points and collections for content distribution. A Distribution point group is not limited to distribution points from a single site, and can contain one or more distribution points from any site in the hierarchy. When you distribute content to a distribution point group, all distribution points that are members of the 

distribution point group receive the content. 

Reference: Configuring Distribution Point Groups in Configuration Manager 

Answer: B 

Explanation: Ldifde Creates, modifies, and deletes directory objects. You can also use ldifde to extend the schema, export Active Directory user and group information to other applications or services, and populate Active Directory Domain Services (AD DS) with data from other directory services. Ldifde -l <LDAPAttributeList> Sets the list of attributes to return in the results of an export query. If you do not specify this parameter, the search returns all attributes. 

Incorrect: 

Not C: 

Optional feature: A non-default behavior that modifies the Active Directory state model. 

Answer: B 

Explanation: * Scenario: / Main office: One physical DHCP server that runs Windows Server 2008 R2 / each branch office: One physical DHCP server that runs Windows Server 2008 R2 / The IPAM server in the main office gathers data from the DNS servers and the DHCP servers in all of the offices. 

* Example: 

Command Prompt: C:\PS> 

Export-SmigServerSetting -Feature "DHCP" -User All -Group -Path "c:\temp\store" -Verbose 

This sample command exports the Dynamic Host Configuration Protocol (DHCP) Server and all other Windows features that are required by DHCP Server. 

Answer:  

Answer: A 

Explanation: DirectAccess by default enables split tunneling. All traffic destined to the corpnet is sent over the DA IPsec tunnels, and all traffic destined for the Internet is sent directly to the Internet over the local interface. This prevents DA clients from bringing the corporate Internet connection to its knees. 

is DA split tunneling really a problem? The answer is no. 

Why? Because the risks that exist with VPNs, where the machine can act as a router between the Internet and the corporate network is not valid with DirectAccess. IPsec rules on the UAG server require that traffic be from an authenticated source, and all traffic between the DA client and server is protected with IPsec. 

Thus, in the scenario where the DA client might be configured as a router, the source of the traffic isn’t going to be the DA client, and authentication will fail – hence preventing the type of routing that VPN admins are concerned about. 

Reference: Why Split Tunneling is Not a Security Issue with DirectAccess