What should you deploy?

A company has Active Directory Domain Services (AD DS) domain controllers that run on Windows Server
2012 R2 servers. There are two forests, and each has a single domain. There is a two-way forest trust between
the forests. The company uses Hyper-V for server visualization. The Hyper-V environment contains the HyperV host servers as shown in the following table:

You prepare to deploy System Center 2012 R2 Data Protection Manager (DPM) to back up the Hyper-V
environment. The deployment must meet the followingrequirements:
ensure that all Hyper-V servers can be backed up byusing DPM Hyper-v hosts in the perimeter network must
use certificate-based authentication Hyper-V hosts in the internal network must use Kerberos authentication
minimize the total number of DPM servers
You need to deploy DPM to the environment.
What should you deploy?

A company has Active Directory Domain Services (AD DS) domain controllers that run on Windows Server
2012 R2 servers. There are two forests, and each has a single domain. There is a two-way forest trust between
the forests. The company uses Hyper-V for server visualization. The Hyper-V environment contains the HyperV host servers as shown in the following table:

You prepare to deploy System Center 2012 R2 Data Protection Manager (DPM) to back up the Hyper-V
environment. The deployment must meet the followingrequirements:
ensure that all Hyper-V servers can be backed up byusing DPM Hyper-v hosts in the perimeter network must
use certificate-based authentication Hyper-V hosts in the internal network must use Kerberos authentication
minimize the total number of DPM servers
You need to deploy DPM to the environment.
What should you deploy?

A.
four DPM servers in the internal network and two DPM servers in the perimeter network

B.
two DPM servers in the internal network only

C.
two DPM servers in the internal network and two DPM servers in the perimeter network

D.
two DPM servers in the internal network and one DPM server in the per meter network



Leave a Reply 21

Your email address will not be published. Required fields are marked *


Yip kc

Yip kc

is it B two DPM servers in the internal network only?

JB

JB

Answer D for me
2 in the Internal due to Kerberos authentication (1 for each domain)
1 in the Permiter

Siddhant Pansari

Siddhant Pansari

Answer should be A

Plesho

Plesho

Vote for Answer D.
..”minimize the total number of DPM servers”. One DPM for the perimetar network is enough.

Ahmed

Ahmed

I think C is correct Answer we need two server on each location for redundancy purpose

See the following note

DPM 2012 brings certificate-based authentication to bear on the following workloads: File Server, Hyper-V and SQL Server in both standalone and clustered configurations. You can also use certificate-based authentication on a secondary DPM 2012 server for disaster recovery to protect data sources in a non-trusted domain when the primary DPM 2012 server fails. The two DPM 2012 servers need to be in the same or trusted domains. The only data sources that support certificate-based protection that are missing from this lineup are Exchange, SharePoint and Bare-Metal Recovery/System State.

tvojahlava

tvojahlava

B is enough servers for backing up all

Scorpio

Scorpio

I agree with tvojahlava
Key – Hyper-v hosts in the perimeter network must use certificate-based authentication
DPM 2012 R2 can do certificate based authentication so 2 DPM servers are more than enough to back up entire environment

Does anyone else have better explanation?

nitefire

nitefire

2 DPM servers is enough for all.

koka

koka

there is 2 type of this question: first this one with at least 1 DPM

answers:
A. four DPM servers in the internal network and two DPM servers in the perimeter network
B.two DPM servers in the internal network only
C.two DPM servers in the internal network and two DPM servers in the perimeter network
D.two DPM servers in the internal network and one DPM server in the per meter network

second question with minimum of 2 DPM each host, so:
A.four DPM servers in the internal network and two DPM servers in the perimeter network
B.two DPM servers in the internal network and one DPM server in the perimeter network
C.two DPM servers in the internal network only
D.two DPM servers in the internal network and two DPM servers in the perimeter network

logicaly, onlu
D and A makes sense?

Bill

Bill

Is it my opinion that neither of the suggested answers are correct!

Explanation:

DPM can protect servers and workstations across domains within a forest that has a two way trust relationship with the domain that has the DPM server.
Since, in the question it states that there is a two-way trust relationship between the forests “contoso.com” and “fabrikam.com”, only 1 DPM server installed in either domain would be enough.
http://technet.microsoft.com/en-us/library/hh758203.aspx

Also, since, you can manually install a DPM agent to an untrusted domain or workgroup (aka in a perimeter network/DMZ) with the option “-IsNonDomainServer”, you do not need to install DPM on “ext.contoso.com”.
http://technet.microsoft.com/en-us/library/hh757942.aspx

Thus, only 1 DPM server would suffice!

But since this is obviously a trick question, I would go with either B or D.

RR

RR

I think you are right Bill, one DPM server would be enough to backup all systems, but “one is none” in MS’ strategy so always use 2 (answer B)

mark86

mark86

I think that the best answer is D and I explain why:

1) here http://technet.microsoft.com/en-us/library/hh916530.aspx it is written that

“DPM supports protecting DPM SERVERS THAT ARE IN UNTRUSTED DOMAINS if the primary and secondary DPM servers are in domains that trust each other or if they are in the same domain”.

So there must be at least one DPM Server in the untrusted domain in order for the two DPM servers in the internal network to protect it.

2) here http://technet.microsoft.com/en-us/library/hh757954.aspx it is written that

“Restrictions: Protection of perimeter network (DMZ) machines is not supported in DPM.”

So there must be another DPM Server in the untrusted domain in order for the two DPM servers in the internal network to protect it.

Arie

Arie

Agreed, the correct answer is D.

Since at least one DPM server is required in the perimeter network, answer B is not correct. Since one of the requirements is to minimize the total number of DPM servers, answer A and C are not correct. Answer D fulfills all the requirements.

Anсhor

Anсhor

Answer C is correct

quest protein Bars

quest protein Bars

each time i used to read smaller articles or reviews that also clear their motive,
and that is also happening with this paragraph which I am reading at this time.
Quest Bars blogesaurus

Stefan

Stefan

The question explains there is a 2-way forest trust, but doesn’t talk about a 2-way domain trust. So you would need 2 DPM servers in the internal network.

https://technet.microsoft.com/en-us/library/hh758179.aspx

“A DPM server can resources in a domain, or across domains within a forest that has a two-way trust relationship with the domain that the DPM server is located in. If there is not a two-way trust across domains, you need a separate DPM server for each domain. A DPM server can protect data across forest if there’s a forest-level two-way trust between the forests.”

Cribb

Cribb

I was thinking B at first but after reading this:

https://technet.microsoft.com/en-us/magazine/jj554308.aspx

where it states:

“While most machines in an enterprise are joined to a domain, there are often situations where you have to protect computers in untrusted domains or workgroup situations (perimeter network). DPM 2010 protected these workloads with local accounts and Windows NT LAN Manager (NTLM) authentication. Due to weaknesses in NTLM and the hassle of local account management and auditing, this wasn’t a great solution.

DPM 2012 brings certificate-based authentication to bear on the following workloads: File Server, Hyper-V and SQL Server in both standalone and clustered configurations. You can also use certificate-based authentication on a secondary DPM 2012 server for disaster recovery to protect data sources in a non-trusted domain when the primary DPM 2012 server fails. The two DPM 2012 servers need to be in the same or trusted domains. The only data sources that support certificate-based protection that are missing from this lineup are Exchange, SharePoint and Bare-Metal Recovery/System State.”

I am now thinking D

I have been known to mis-read or mis-understand things before…someone correct me if you think I am wrong

Remzo

Remzo

Answer B

“DPM can protect servers and workstations across domains within a forest that has a two-way trust relationship with the domain that the DPM server is located in. If there is not a two-way trust across domains, you can protect the computers using DPM’s support for computers in workgroups or untrusted domains. For more information, see Managing Protected Computers in Workgroups and Untrusted Domains.”

https://technet.microsoft.com/en-us/library/hh757757(v=sc.12).aspx

So, one DPM can backup all, but since that’s not an answer. Next best is 2 DPM’s

Google

Google

Every once in a although we decide on blogs that we read. Listed below are the most up-to-date internet sites that we choose.