Your network contains an Active Directory forest named contoso.com. The forest contains a System Center
2012 Operations Manager infrastructure.
Your company, named Contoso Ltd., has a partner company named A. Datum Corporation. The A. Datum
network contains an Active Directory forest named adatum.com. Adatum.com does not have any trusts. A
firewaII exists between the A. Datum network and the Contoso network. You configure conditional forwarding
on all of the DNS servers to resolve names across the forests.
You plan to configure Operations Manager to monitor client computers in both of the forests. You need to
recommend changes to the infrastructure to monitor the client computers in both of the forests.
What should you include in the recommendation? (Each correct answer presents part of the solution. Choose
two.)
A.
Allow TCP port 5723 on the firewall.
B.
Deploy a gateway server to adatum.com.
C.
Create a DNS zone replica of adatum.com.
D.
Allow TCP port 5986 on the firewall.
E.
Create a DNS zone replica of contoso.com.
F.
Deploy a gateway server to contoso.com.
Explanation:
A: Gateway, System Center Management service, 5723/TCP
B: if there is a firewall between the agents and management servers, multiple authorized endpoints must be
defined and maintained in the firewall rules to allow communication between them.
To reduce this administrative overhead, Operations Manager has a server role called the gateway server.
Gateway servers are located within the trust boundary of the agents and can participate in the mandatorymutual authentication. Because they lie within the same trust boundary as the agents, the Kerberos V5 protocol
for Active Directory is used between the agents and the gateway server. Each agent then communicates only
with the gateway servers that it is aware of. The gateway servers communicate with the management servers.
http://technet.microsoft.com/en-us/library/hh212823.aspx
http://technet.microsoft.com/en-us/library/hh298610.aspx