You need to recommend a communication solution that meets the following requirements:

Your network contains a System Center 2012 Configuration Manager environment.
The environment contains a single primary site.
The primary site has a distribution point and a management point.
You need to recommend a communication solution that meets the following requirements:
Communication between the client computes in the research department and the management
point must use HTTPS.
Communication between all of the other client computers and the management point must be able
to use HTTP.
Minimize the number of site system.
What should you do?

Your network contains a System Center 2012 Configuration Manager environment.
The environment contains a single primary site.
The primary site has a distribution point and a management point.
You need to recommend a communication solution that meets the following requirements:
Communication between the client computes in the research department and the management
point must use HTTPS.
Communication between all of the other client computers and the management point must be able
to use HTTP.
Minimize the number of site system.
What should you do?

A.
Configure the existing management point to use HTTPS.
Configure the research department computers always to use HTTPS.

B.
Create a new primary child site and configure the site to use native mode.
Assign all of the research department computers to the new site.

C.
Install a new management point and configure the management point always to use HTTPS.
Configure the research department computers always to use HTTPS.

D.
Install a new management point and configure Windows Firewall to block abound TCP port 80.
Configure the research department computes always to use HTTPS.

Explanation:
http://technet.microsoft.com/en-us/library/gg712282.aspx#BKMK_Site_System_Roles
Planning for Site Systems in Configuration Manager
Optional Site System Roles
Optional site system roles are site system roles that are not required for the core operation of a
Configuration Manager site. However, by default, the management point and distribution point,

which are optional site system roles, are installed on the site server when you install a primary or
secondary site. Although these two site system roles are not required for the core operation of the
site, you must have at least one management point to support clients at those locations. After you
install a site, you can move the default location of the management point or distribution point to
another server, install additional instances of each site system role, and install other optional site
system roles to meet your business requirements. The optional site system roles are described in the
following table:
A site system role that provides policy and service location information to clients and receives
configuration data from clients.
You must install at least one management point at each primary site that manages clients, and at
each secondary site where you want to provide a local point of contact for clients to obtain
computer and user polices.
http://technet.microsoft.com/en-us/library/gg682060.aspx
How to Assign Clients to a Site in Configuration Manager
Locating Management Points
After a client is successfully assigned to a site, it locates a management point in the site.
Client computers download a list of management points in the site that they can connect to. This
process happens whenever the client restarts, every 25 hours, and if the client detects a network
change, such as the computer disconnects and reconnects on the network or it receives a new IP
address. The list includes management points on the intranet and whether they accept client
connections over HTTP or HTTPS. When the client computer is on the Internet and the client doesn’t
yet have a list of management points, it connects to the specified Internet-based management point
to obtain a list of management points. When the client has a list of management points for its
assigned site, it then selects one to connect to:
When the client is on the intranet and it has a valid PKI certificate that it can use, the client chooses
HTTPS management points before HTTP management points. It then locates the closest
management point, based on its forest membership.
When the client is on the Internet, it non-deterministically chooses one of the Internet-based
management points.
Personal comment:
From my point of view, the correct answer would have been:
Configure the existing management point to use HTTPS or HTTP.
Configure the Research Department client computers to use PKI certificates; considering the fact
that the client chooses HTTPS management points before HTTP management points, that would
have ensured the requirements.
However, if there is a dedicated Management Point for the Research Department, that guarantees
the requirements and makes the above answer the only correct one.
Further information 1:

Further information 2:
http://blogs.technet.com/b/configmgrteam/archive/2012/05/25/system-center-2012-configurationmanager-r-i-pnative-mode.aspx
System Center 2012 Configuration Manager: R.I.P. Native Mode
efore System Center Configuration Manager 2012, Configuration Manager 2007 had concepts called
native mode and mixed mode: The philosophy behind native mode was to secure the site server and
all its site systems, in addition to securing all site-to-site communication. This involved configuring a
site signing certificate on all installed sites, plus there was an added restriction that a native mode
site must always report to a native mode site.
During the planning phase for System Center 2012 Configuration Manager, we listened to customer
feedback and revisited this native and mixed mode model, and debated our previous concept of
securing the site. The result was client computer communication.
Key concepts for client computer communication:
Client computer communication is about securing end points. The two end points in this case are the
client and the site system roles that the client talks to.

A client can communicate by using either the HTTP or HTTPS protocol. HTTPS requires the client and
site system roles to be configured with valid PKI certificates for mutual authentication.
Intelligent client behavior: This enables the client to select the most secure communication option
available:
1. If the client is configured with a valid PKI certificate and there are HTTPS site system roles
available, the client uses HTTPS.
2. If the client is configured with a valid PKI certificate and there are NO HTTPS site system roles
available and the client is configured to use HTTP, the client uses HTTP to communicate with site
system roles.



Leave a Reply 0

Your email address will not be published. Required fields are marked *