You have an Azure virtual machine named VM1 that runs Windows Server and has the following configurations:
Size: D2s_v4
Operating system disk: 127-GiB standard SSD
Data disk 128-GiB standard SSD
Virtual machine generation: Gen 2
You plan to perform the following changes to VM1:
Change the virtual machine size to D4s_v4.
Detach the data disk.
Add a new standard SSD.
Which changes require downtime for VM1?

Your network contains an on-premises Active Directory Domain Services (AD DS) domain. The domain contains a user named User1 and the servers shown in the following table.

User1 is a member of the Protected Users security group.
User1 performs the following actions:
- From Server1, establishes a remote PowerShell session on Server2
- From the PowerShell session on Server2, attempts to access a resource on Backup1 The request to access the resource on Backup1 is denied.
You need to ensure that User1 can access the resources on Backup1 by using the PowerShell session on Server2. The solution must follow the principle of least privilege and minimize administrative effort.
What should you configure?

Drag and Drop Question
You have a server named Server1 that runs Windows Server and has the Active Directory Federation Services role installed.
You plan to deploy Web Application Proxy to a server named Server2.
You export the Active Directory Federation Services (AD FS) certificate from Server1.
Which actions should you perform on Server2 in sequence? To answer, drag the appropriate actions to the correct order. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Case Study 2 - Contoso, Ltd
Overview
Contoso, Ltd. is a company that has a main office in Seattle and two branch offices in Los Angeles and Montreal.
Existing Environment
AD DS Environment
The network contains an on premises Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains two domains named contoso.com and canada.contoso.com.
The forest contains the domain controllers shown in the following table.

All the domain controllers are global catalog servers.
Server infrastructure
The network contains the servers shown in the following table.

A server named Server4 runs Windows Server and is in a workgroup. Windows Firewall on Server4 uses the private profile.
Server2 hosts three virtual machines named VM1, VM2, and VM3.
VM3 is a file server that stores data in the volumes shown in the following table.

Group Policies
The contoso.com domain has the Group Policies Objects (GPOs) shown in the following table.

Existing Identities
The forest contains the users shown in the following table.

The forest contains the groups shown in the following table.

Current Problems
When an administrator signs in to the console of VM2 by using Virtual Machine Connection, and then disconnects from the session without signing out, another administrator can connect to the console session as the currently signed in user.
Requirements
Technical Requirements
Contoso identifies the following technical requirements:
Change the replication schedule for all site links to 30 minutes.
Promote Server1 to a domain controller in canada.contoso.com.
Install and authorize Server3 as a DHCP server.
Ensure that User1 can manage the membership of all the groups in Contoso\OU3.
Ensure that you can manage Server4 from Server1 by using PowerShell remoting.
Ensure that you can run virtual machines on VM1.
Force users to provide credentials when they connect to VM2.
On VM3, ensure that Data Deduplication on all volumes is possible.
Question
You need to meet the technical requirements for VM3.
On which volumes can you enable Data Deduplication?

Case Study 1 - Fabrikam, Inc
Overview
Fabrikam, Inc is a manufacturing company that has a main office in New York and a branch office in Seattle.
Existing Environment
On-premises Servers
The on-premises network contains servers that run Windows Server as shown in the following table.

DC1 hosts all the operation master roles.
WEB1 and WEB2 run an Internet Information Services (IIS) web app named Webapp1.
On-premises Network
The New York and Seattle offices are connected by using redundant WAN links.
The client computers in each office get IP addresses from their local DHCP server.
DHCP1 contains a scope named Scope1 that has addresses for the New York office, DHCP2 contains a scope named Scope2 that has addresses for the Seattle office.
Identity Infrastructure
The network contains a single on-premises Active Directory Domain Services (AD DS) domain named corp.falbrikam.com. Currently, all the service accounts use individual domain user accounts.
All domain controllers have the DNS Server role installed and host a copy of the Active Directory integrated DNS zone of corp.fabrikam.com.
The corp.fabrikam.com AD DS domain syncs with an Azure Active Directory (Azure AD) tenant.
Group Policy Objects (GPOs)
The corp.fabrikam.com domain contains the organizational units (OUs) and custom Group Policy Objects (GPOs) shown in the following table.

Requirements
Planned Changes
Fabrikam identifies the following planned changes:
* Create a single Azure subscription named Sub1 that will contain a single Azure virtual network named Vnet1.
* Replace the WAN links between the Seattle and New York offices by using Azure Virtual WAN and FxpressRoute. Both on premises offices will be connected to Vnet1 by using ExpressRoute.
* Create three Azure file shares named newyorkhiles, seattlefiles, and companyfiles.
* Create a domain controller named dc3.corp.fabrikam.com in Vnet1.
* Deploy an Azure Virtual Desktop host pool to Vnet1. The Azure Virtual Desktop session hosts will be hybrid Azure AD-joined.
* License all servers for Microsoft Defender for servers.
* Use Azure Policy to enforce configuration management policies on the servers in Azure and on- premises.
Networking Requirements
Fabrikam identifies the following networking requirements:
* Implement Virtual WAN and ensure that all the network traffic between the sites uses Virtual WAN. All communications must occur over ExpressRoute.
* If a DHCP server fails, ensure that the client computers can continue to receive their dynamic IP address and renew their existing lease.
* Ensure that the resources in Vnet1 can resolve the names of the on-premises servers in the corp.fabrikam.com domain.
Security Requirements
Fabrikam identifies the following security requirements:
* Apply GPO4 to the Azure Virtual Desktop session hosts. Ensure that Azure Virtual Desktop user sessions lock after being idle for 10 minutes. Users must be able to control the lockout time manually from their client computer.
* Ensure that server administrators request approval before they can establish a Remote Desktop connection to an Azure virtual machine. If the request is approved, the connection must be established within two hours.
* Prevent user passwords from containing all or part of words that are based on the company name, such as Fab, f@br1kAm or fabr!|.
* Ensure that all instances of Webapp1 use the same service account. The password of the service account must change automatically every 30 days.
* Prevent domain controllers from directly contacting hosts on the internet.
File Sharing Requirements
You need to configure the synchronization of Azure files to meet the following requirements:
* Ensure that seattlefiles syncs to FS2.
* Ensure that newyorkfiles syncs to FS1.
* Ensure that companyfiles syncs to both FS1 and FS2.
Question
Hotspot Question
You need to configure Azure File Sync to meet the file sharing requirements.
What should you do? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.