Exam 70-741 topic 1 question 117 discussion

NO NO NO

On an IPAM server Tasks step 3 is incomplete (Domain is not added)

I would think that the critical omission here is whether or not Server3 is joined to AD. The option doesn't say that it is and with Microsoft exam questions, inferring things can be make or break.

The Answers are - No, Yes, Yes without a doubt. 1. No - server discovery is not configured, therefore answer is no. 2. Yes - go read the Microsoft documentation, it clearly states this: "If the automatic, GPO-based provisioning method is used, a manageability status of Managed means that the server will automatically be added to security filtering in the appropriate IPAM GPO". Based on that, the answer is Yes, because the provisioning method in the question is set to Automatic (GPO). 3. No - domain controllers, dns and dhcp servers are all discoverable by IPAM, but - the important factor here is that server discovery has not been configured, so clicking 'Start Server Discovery' will achieve nothing. You need to complete Step 3 before clicking Step 4.

I think NO.2 is Yes. "set the Manageability status to Managed" means that after you manually add a DHCP server named Serve3, you start server discovery and operate "Select add servers to manage and verify IPAM access". Then you finish that operation and IPAM will apply IPAM_DHCP automatically. http://www.trainingtech.net/how-to-configure-ipam-on-windows-server-2012/

The right answer is NO-YES-NO This is how I see it: *If server3 is domain joined: NO-YES-NO : Because the GPO's name is <GPO-prefix>_DHCP: with these name the gpo is AUTOMATICALLY APPLIED by IPAM when a server in the server inventory is marked as managed URL: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj878306(v=ws.11) *If server3 is not part of domain: NO-YES-NO A domain ist not neccessary to add servers manually because you provide the FQDN and the server forest name. Also you choose the server type and set the manageability status (for example: Managed) If you have chosen the manual provisioning method, you can also create IPAM provisioning GPOs and use them to apply access settings to MANAGED SERVERS. In this case, specific GPO names are NOT REQUIRED. URL: https://protechgurus.com/configure-ipam-windows-server-2016/

I agree with 1 and 2 being no, but I would disagree with 2 being no based on the information we have here. We cannot see the delegation tab for the GPO, this is where the security for the GPO is set and not in the security filtering. We cannot answer question 2 correctly unless we see the delegation tab. This is a huge oversight that everyone who has commented so far (That 2 is no) has made. Security filtering is for appying the policy, delegation is for access to the policy. It says this right under Security Filtering. It does not matter that nothing is in security filtering, this is expected.

Got this in a exam

No, No, No - for question 2, security filtering needs to be set in the GPO. IPAM will not do this for you.

Based on my tests second answer should be true

Server Discovery Domain is not set so no server (DNS or DC will be discovered). On top of this, the DHCP server is not on the domain, so GPO will not apply on it.

I think is something else, from the "Security Filtering" of Group Policy none of the groups are specified to be applied. So even we do group policy updated they will filter out (in second option).

after you add a server you need to run the comandlet Invoke-IpamGpoprovisioning, then you need to go tho that server to authorize the IPam server collect information from that server, so Coleman is right the asnwer is NO, NO, NO

If you launch server discovery, in a domain where GPO provisioning is automatic, I believe it will discover domain controllers. It may require a gpupdate /force first, is that why the answer to the last one is no?

A DNS isn't inventoried automatically. You need to use server discovery manually. The security filtering needs to be changed for the DHCP server to be manageable. I am pretty sure DCs are shown even though the group policy needs to be adjusted so it is not filtered out because of the security filtering.