Microsoft 70-346 Exam

HOTSPOT

HOTSPOT –

Case Study –
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other question on this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next sections of the exam. After you begin a new section, you cannot return to this section.

To start the case study –
To display the first question on this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an
All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Background –
Contoso, Ltd. is a global manufacturing company with headquarters in Dallas. All sales users are located at the headquarters. Currently all Contoso, Ltd. users use the following on-premises services:
✑ Microsoft Exchange Server 2016
✑ Microsoft Skype for Business Server 2015
✑ Active Directory Domain Services (AD DS) domain for contoso.com
Many temporary workers are hired and terminated on a regular basis at the Dallas location, Contoso, Ltd. purchases two other manufacturing companies,
Fabrikam, Inc. and A. Datum Corporation. Fabrikam, Inc. is based in London. Fabrikam, Inc. has an on-premises third-party email system that uses
@fabrikam.com for all email addresses. Fabrikam, Inc. does not have an Active Directory domain.
ADatum Corporation is based in Paris. The company is in the process of migrating users to Exchange Online. They plan to migrate users to Microsoft OneDrive for
Business for file storage and sharing. All A. Datum Corporation account identities will be cloud based.
You deploy Microsoft Office 2016 client apps to all corporate devices.
In preparation for the deployment of Office 365 services, you set up the latest version of Azure Active Directory (Azure AD) Connect for the contoso.com domain.
The application runs on Server1.contoso.com and uses a Microsoft SQL Server database instance that runs on Server2.contoso.com. The sync schedule is configured to synchronize every two hours.
You purchase the following four servers for future needs: Server3, Server4, Server5, and Server6. All new servers for the contoso.com domain must run Windows
Server 2012 R2.

Business Requirements –
Contoso, Ltd. users must be able to store and share personal documents that are accessible from any web browser or mobile device. Fabrikam, Inc. users must be able to send individual instant messages as well as use group chat workspaces.

Office 365 –
New services should be implemented in Office 365 when possible. There is also a strong push to move existing services to Office 365, but there is currently no money in the budget for data migration. The least expensive Office 365 plan must be used whenever possible.

Password policies –
You must implement the following password policies for ADatum Corporation users.Contoso Sync –
You receive reports that new users are not granted access to Office 365 resources fast enough. You must ensure that new accounts are provisioned as quickly as possible.
You observe that the accounts for many temporary workers have not been deprovisioned correctly. You need to ensure terminated users have their access and accounts removed. You must ensure that up to 1,000 accounts can be deleted correctly during each Azure AD Connect sync cycle. You must ensure that deletions of over 1,000 accounts at a time cannot occur.

Single Sign-On –
Contoso.com users need to start using sign-on (SSO) for Office 365 resources so they can authenticate against the on-premises Active Directory. Any solution needs to be redundant. Any Internet-facing servers need to reside in the perimeter network.

Problem Statements –

Authentication Fallback –
Sales users report that they were not able to access any Office 365 resources. Contoso.com users must be able to access Office 365 resources if the on-premises authentication resources are down or unavailable. You also need to quickly resume SSO authentication when on-premises servers are available again.
ADatum Corporation users report issues sending and receiving emails. Some business partners report that emails from ADatum Corporation are rejected because the receiving server cannot validate that emails come from an authorized messaging server.
You need to configure DNS and certificates for the environment.
Which certificate type and DNS entry should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer
Explanation: 

Box 1: self-signed SSL –

Box 2: sts.contoso.com –

The token-signing certificate must contain a private key that chains to a trusted root in the FS. AD FS creates a self-signed certificate by default.
It is recommended that the self-signed token-signing certificate generated by AD FS is used.
Microsoft best practices recommends that you use the host name, STS (secure token service). ie. sts.domain.com.
References:
https://www.digicert.com/csr-creation-microsoft-office-365.htm https://support.office.com/en-us/article/Plan-for-third-party-SSL-certificates-for-Office-365-b48cdf63-07e0-4cda-8c12-4871590f59ce?ui=en-US&rs=en-US&ad=US

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker
error: Alert: Content is protected !!