You have a server named Server1.
You install the IP Address Management (IPAM) Serverfeature on Server1.
You need to provide a user named User1 with the ability to set the access scope of all the DHCP servers that
are managed by IPAM. The solution must use the principle of least privilege.
Which user role should you assign to User1?
A.
IP Address Record Administrator Role
B.
IPAM Administrator Role
C.
IPAM MSM Administrator Role
D.
IPAM DHCP Scope Administrator Role
Explanation:
IPAM ASM
IPAM Administrators: IPAM administrators can view all IPAM data and manage all IPAM features.
IPAM ASM Administrators: IPAM address space management (ASM) administrators can manage IP address blocks, ranges, and addresses.
IPAM IP Audit Administrators: IPAM IP audit administrators can view IP address tracking data.
IPAM MSM Administrators: IPAM multi-server management (MSM) administrators can manage DNS and DHCP servers.
IPAM Users: IPAM users can view information in IPAM, but cannot manage IPAM features or view IP address tracking data.
B.
IPAM Administrator Role This built-in role provides all permissions that are provided
by the IPAM ASM Administrator Role and IPAM MSM Administrator Role in addition to
permissions to manage access scopes, access policies, and logical groups.
First of all, the actual answer is IPAM ASM administrator role (which is not even an option)
the next best answer would be IPAM MSM Administrator role because the principle os least privilege would deem that the IPAM MSM admin would only be able to manage the DNS and DHCP servers through the IPAM role.
Second of all, of the four answer possibilities only two of them are default installation administrator roles, (IPAM Admin and IPAM MSM administrator roles)
that leaves us with two choices B or C.
IPAM Administrator will grant us all administrator privileges pertaining to the IPAM server roles and
IPAM MSM (multi-server) admin will grant us permissions to manage the DNS and DHCP servers only.
the correct answer being. . . . . .
C. IPAM MSM Administrator
*side note*
If you ever see this question and one of your choices are IPAM ASM Administrator, choose that option because that would actually be the correct answer with the fewest privileges.
answer is correct its A
http://technet.microsoft.com/en-us/library/dn268500.aspx
The Question is to set the access scopes, which is related to configure the Access Based Control in IPAM of all the DHCP servers. This can only be done by an IPAM Administrator, member of the local IPAM Administrator Group, IPAM DHCP Administrator, or IPAM MSM administrator.
Correct answer is C. IPAM MSM administrator because B. IPAM administrator will give many unnecessary permissions, although C. IPAM MSM administrator will give unnecessary permissions such as manages DNS servers but it is lower permissions than manages all settings and objects in IPAM.
Another correct answer and more suitable answer is “IPAM DHCP administrator” but it is not an option in this question but it is an option for other version of the same question I have seen.
Agreed. It is asking for “set the access scope of all the DHCP servers”. that is server management, not address management.
yes the correct answer is C, this is the most restrictive permission
Role Description
DNS record administrator Is able to manage DNS resource records through IPAM
IP address record administrator Is able to manage IP addresses, but cannot manage IP address spaces, ranges, blocks, or subnets
IPAM administrator Is able to manage all settings and objects in IPAM
IPAM ASM administrator Is able to manage all IP addresses, address spaces, ranges, blocks, and subnets
IPAM DHCP administrator Is able to manage DHCP servers configured through IPAM
IPAM DHCP reservations administrator Is able to mange DHCP reservations through IPAM
IPAM DHCP scope administrator Is able to manage DHCP scopes through IPAM
IPAM MSM administrator Is able to manage DHCP and DNS servers through IPAM
Correct Answer is : D i guess
IPAM DHCP scope administrator is correct….so D
This is a R2 question
https://technet.microsoft.com/en-us/library/dn268500.aspx#BKMK_IPAM2012R2
The answer is IPAM MSM
because in the new exam version they replaced the answer A: with DNS Record Aministrator Role instead of IP Address Record Administrator Role
as per usual the comments are useless and the question is just a joke! this exam and study has been a joke from start to finish, this is THE last Microsoft exam I am touching, I simply DO NOT have time to mess around and try to decipher what Microsoft actually want as an answer! its a joke.
How useful is your comment?!
Learn to fight, we are all here to learn more
PREUM SAYS ANSWER IS IPAM DHCP Administrator Role
I am 100 percent sure it is D.
Because it list it in the complete study guide server 2012R2
Least priv with scope access is Answer D.
I agree with you.
D:
IPAM DHCP scope administrator —- Manages DHCP scopes
I agree that it is D.
IPAM DHCP Administrator manages DHCP _only_.
IPAM MSM Administrator manages DHS _and_ DHCP.
The question specifically asks for “least privilege”. Also IPAM DHCP Administrators is not Windows 2012 R2 specific. It also applies to Windows 2012. More info here: https://technet.microsoft.com/en-us/library/dn268500.aspx
**Note: Answers A and B don’t even belong as part of the answers to the question, and the explanation this answer gives also doesn’t fulfil the requirements of the question.
^typo up there…I meant IPAM MSM Administrators manages DNS _and_ DHCP
Beware: “Setting access scope on DHCP server” and “setting access scope on DHCP Scope” are two different things in IPAM.
To do the first you need IPAM MSM Administrator Role. For the second it’s enough to have IPAM DHCP Scope Administrator Role.
Questions asks “the ability to set the access scope of all the DHCP servers”
So IPAM MSM Administrator Role is correct (C). D is wrong.
If you install IPAM in your lab you can check the detailed rights of every role under “Access Control” / Roles
I think it is B.
Why?
Under IPAM>Access Control.
Under ROLES you have all roles listed with description.
Only IPAM ADMINISTRATOR ROLE has right to change ACCESS SCOPE.
Question is not about DHCP SCOPES but ACCESS SCOPES