Microsoft.Selftestengine.70-412.v2013-10-26.by

Transcription

Microsoft.Selftestengine.70-412.v2013-10-26.by.Spanky.247q
Number: 70-412
Passing Score: 700
Time Limit: 120 min
File Version: 16.5
http://www.gratisexam.com/
Exam Code: 70-412
Exam Name: Configuring Advanced Windows Server 2012 Services
Exam A
QUESTION 1
Your network contains an Active Directory domain named adatum.com. The domain contains two domain
controllers that run Windows Server 2012.
The domain controllers are configured as shown in the following table.
You log on to DC1 by using a user account that is a member of the Domain Admins group, and then you create
a new user account named User1.
You need to prepopulate the password for User1 on DC2. What should you do first?
A.
B.
C.
D.
Connect to DC2 from Active Directory Users and Computers.
Add DC2 to the Allowed RODC Password Replication Policy group.
Add the User1 account to the Allowed RODC Password Replication Policy group.
Run Active Directory Users and Computers as a member of the Enterprise Admins group.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre
QUESTION 2
Your company has offices in Montreal, New York, and Amsterdam. The network contains an Active Directory
forest named contoso.com.
An Active Directory site exists for each office.
All of the sites connect to each other by using the DEFAULTIPSITELINK site link. \
You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicate
the Active Directory changes to the domain controllers in the Amsterdam office.
The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the
Active Directory changes any time of day.
What should you do?
A. Create a new site link that contains Montreal and Amsterdam.
Remove Amsterdam from DEFAULTIPSITELINK.
Modify the schedule of DEFAULTIPSITELINK.
B. Create a new site link that contains Montreal and Amsterdam.
Create a new site link bridge.
Modify the schedule of DEFAU LTIPSITELINK.
C. Create a new site link that contains Montreal and Amsterdam.
Remove Amsterdam from DEFAULTIPSITELINK.
Modify the schedule of the new site link.
D. Create a new site link that contains Montreal and Amsterdam.
Create a new site link bridge.
Modify the schedule of the new site link.
Correct Answer: C
Section: (none)
Explanation
Answer: C
Explanation:
Very Smartly reworded with same 3 offices. In the exam correct answer is "Create a new site link
that contains Newyork to Montreal. Remove Montreal from DEFAULTIPSITELINK.Modify the
schedule of the new site link".
QUESTION 3
Your network contains two Active Directory forests named contoso.com and adatum.com. A twoway forest trust
exists between the forests.
The contoso.com forest contains an enterprise certification authority (CA) named Server1.
You implement cross-forest certificate enrollment between the contoso.com forest and the adatum.com forest.
On Server1, you create a new certificate template named Template1. You need to ensure that users in the
adatum.com forest can request certificates that are based on Template1.
Which tool should you use?
A.
B.
C.
D.
E.
DumpADO.ps1
Repadmin
Add-CATemplate
Certutil
PKISync.ps1
Correct Answer: E
Section: (none)
Explanation
Answer: E
Explanation:
B. Repadmin.exe helps administrators diagnose Active Directory replication problems between
domain controllers running Microsoft Windows operating systems.
C. Adds a certificate template to the CA.
D. use Certutil.exe to dump and display certification authority (CA) configuration information,
configure Certificate Services, backup and restore CA components, and verify certificates, key pairs,
and certificate chains.
E. PKISync.ps1 copies objects in the source forest to the target forest
http://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx#BKMK_Consolidating
http://technet.microsoft.com/en-us/library/hh848372.aspx
http://technet.microsoft.com/library/cc732443.aspx
http://technet.microsoft.com/en-us/library/ff961506(v=ws.10).aspx
QUESTION 4
You have a server named Server1 that runs Windows Server 2012. Server1 has the Windows Deployment
Services server role installed.
You back up Server1 each day by using Windows Server Backup. The disk array on Server1 fails. You replace
the disk array.
You need to restore Server1 as quickly as possible.
What should you do?
A.
B.
C.
D.
Start Server1 from the Windows Server 2012 installation media
Start Server1and press F8.
Start Server1 and press Shift+F8.
Start Server1 by using the PXE.
Correct Answer: A
Section: (none)
Explanation
Recovery of the OS uses the Windows Setup Disc
http://technet.microsoft.com/en-us/library/cc753920.aspx
http://www.windowsnetworking.com/articles_tutorials/Restoring-Windows-Server-BareMetal.html
QUESTION 5
Your network contains two servers named Server1 and Server2 that run Windows Server 2012.
Both servers have the Hyper-V server role installed. Server1 and Server2 are located in different offices.
The offices connect to each other by using a high-latency WAN link. Server2 hosts a virtual machine named
VM1.
You need to ensure that you can start VM1 on Server1 if Server2 fails.
The solution must minimize hardware costs. What should you do?
A. On Server1, install the Multipath I/O (MPIO) feature. Modify the storage location of the VHDs for VM1.
B. From the Hyper-V Settings of Server2, modify the Replication Configuration settings. Enable replication for
VM1.
C. On Server2, install the Multipath I/O (MPIO) feature. Modify the storage location of the VHDs for VM1
D. From the Hyper-V Settings of Server1, modify the Replication Configuration settings. Enable replication for
VM1
Correct Answer: D
Section: (none)
Explanation
Answer: D
Explanation:
You first have to enable replication on the Replica server--Server1--by going to the server and
modifying the "Replication Configuration" settings under Hyper-V settings. You then go to VM1-which presides on Server2-- and run the "Enable Replication" wizard on VM1.
QUESTION 6
You have a server named Server1 that runs Windows Server 2012. You modify the properties of a system
driver and you restart Server1.
You discover that Server1 continuously restarts without starting Windows Server 2012.
You need to start Windows Server 2012 on Server1 in the least amount of time.
The solution must minimize the amount of data loss. Which Advanced Boot Option should you select?
A.
B.
C.
D.
Last Know Good Configuration (advanced)
Repair Your Computer
Disable automatic restart on system failure
Disable Driver Signature Enforcement
Correct Answer: A
Section: (none)
Explanation
http://windows.microsoft.com/en-ph/windows-vista/using-last-known-good-configuration
QUESTION 7
Your network contains an Active Directory domain named contoso.com. The domain contains three servers
named Server1, Server2, and Server3 that run Windows Server 2012.
All three servers have the Hyper-V server role installed and the Failover Clustering feature installed.
Server1 and Server2 are nodes in a failover cluster named Cluster1. Several highly available virtual machines
run on Cluster1.
Cluster1 has the Hyper-V Replica Broker role installed. The Hyper-V Replica Broker currently runs on Server1.
Server3 currently has no virtual machines. You need to configure Cluster1 to be a replica server for Server3
and Server3 to be a replica server for Cluster1.
Which two tools should you use? (Each correct answer presents part of the solution. Choose two.)
A.
B.
C.
D.
E.
The Hyper-V Manager console connected to Server3
The Failover Cluster Manager console connected to Server3
The Failover Cluster Manager console connected to Cluster1
Correct Answer: AD
Section: (none)
Explanation
Answer: AD
Explanation:
http://technet.microsoft.com/en-us/library/jj134240.aspx
QUESTION 8
You have a file server named Server1 that runs Windows Server 2012. The folders on Server1 are configured
as shown in the following table.
A new corporate policy states that backups must use Microsoft Online Backup whenever possible.
You need to identify which technology you must use to back up Server1. The solution must use Microsoft
Online Backup whenever What should you identify?
To answer, drag the appropriate backup type to the correct location or locations. Each backup type may be
used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
Select and Place:
Correct Answer:
Section: (none)
Explanation
Windows Online backup cannot backup systemState.
The question is about Folders!
Windows NTFS compression (and deduplication) is per-volume only. Making long story short: when you move
compressed/deduped file away from parent volume it (file) will be re-hydrated (decompressed/deduped).
But is IS possible to backup the encrypted folders and the compressed folders with online backup, only the
stored data is not compressed anymore and also a restore will be decompressed and needs to be manually
compressed again. Dattebayo!
http://msdn.microsoft.com/en-us/library/jj573031.aspx
QUESTION 9
You have a DNS server named Server1 that runs Windows Server 2012. Server1 has a signed zone for
contoso.com.
You need to configure DNS clients to perform DNSSEC validation for the contoso.com DNS domain.
What should you configure?
A.
B.
C.
D.
The Network Connection settings
A Name Resolution Policy
The Network Location settings
The DNS Client settings
Correct Answer: B
Section: (none)
Explanation
Answer: B
Explanation:
B. In a DNSSEC deployment, validation of DNS queries by client computers is enabled through
configuration of IPSEC & NRPT
http://technet.microsoft.com/en-us/library/ee649182(v=ws.10).aspx
QUESTION 10
Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named DC1 that runs Windows Server 2012. On Dc1, you open DNS Manager:
You need to change the replication scope of the contoso.com zone. What should you do before you change the
replication scope?
A.
B.
C.
D.
Modify the Zone Transfers settings.
Add DC1 to the Name Servers list.
Add your user account to the Security settings of the zone.
Unsign the zone.
Correct Answer: D
Section: (none)
Explanation
Answer: D
Explanation:
D. Lock icon signifies that the Zone has been signed. Changes to the zone are blocked when signed
http://www.microsoft.com/en-us/download/dlx/ThankYou.aspx?id=29018
QUESTION 11
controller named DC1 and a member server named Server1.
Server1 has the IP Address Management (IPAM) Server feature installed.
On Dc1, you configure Windows Firewall to allow all of the necessary inbound ports for IPAM. On Server1, you
open Server Manager:
You need to ensure that you can use IPAM on Server1 to manage DNS on DC1. What should you do?
A.
B.
C.
D.
Modify the outbound firewall rules on Server1.
Modify the inbound firewall rules on Server1.
Add Server1 to the Remote Management Users group.
Add Server1 to the Event Log Readers group.
Correct Answer: D
Section: (none)
Explanation
Answer: D
Explanation:
Since no exhibit, the guess here is it's not using the GPO to manage the Event Log Readers
group-- evidenced by the fact that the firewall was configured manually instead of with the GPO. If
the GPO was being used then the IPAM server would be in the Event Log Readers group due to
restricted group settings in the GPO as shown below:
In the above example, the IPAM server is as member of the VDI\IPAMUG group.
QUESTION 12
Your network contains an Active Directory domain named contoso.com. The domain contains servers named
Server1 and Server2 that run Windows Server 2012.
Server1 has the IP Address Management (IPAM) Server feature installed. You install the IPAM client on
Server2.
You open Server Manager on Server2 as shown in the exhibit.
You need to manage IPAM from Server2. What should you do first?
A.
B.
C.
D.
On Server1, add the Server2 computer account to the IPAM MSM Administrators group.
On Server2, open Computer Management and connect to Server1.
On Server2, add Server1 to Server Manager.
On Server1, add the Server2 computer account to the IPAM ASM Administrators group.
Correct Answer: C
Section: (none)
Explanation
QUESTION 13
controller named Dc1. DC1 has the DNS Server server role installed.
The network has two sites named Site1 and Site2. Site1 uses 10.10.0.0/16 IP addresses and Site2 uses
10.11.0.0/16 IP addresses.
All computers use DC1 as their DNS server. The domain contains four servers named Server1, Server2,
Server3, and Server4. All of the servers run a service named Service1.
DNS host records are configured as shown in the exhibit.
You discover that computers from the 10.10.1.0/24 network always resolve Service1 to the IP address of
Server1.
You need to configure DNS on DC1 to distribute computers in Site1 between Server1 and Server2 when the
computers attempt to resolve Service1. What should run on DC1?
A.
B.
C.
D.
dnscmd /config /bindsecondaries 1
dnscmd /config /localnetpriority 0
dnscmd /config /localnetprioritynetmask 0x0000ffff
dnscmd /config /roundrobin 0
Correct Answer: C
Section: (none)
Explanation
A. Specifies use of fast transfer format used by legacy Berkeley Internet Name Domain (BIND)
servers. 1 enables
B. Disables netmask ordering.
C. You can use the Dnscmd /Config /LocalNetPriorityNetMask 0x0000FFFF command to use class
B ( or 16 bit) for netmask ordering for DNS round robin
D. Disables round robin rotation.
QUESTION 14
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and
a branch office.
An Active Directory site exists for each office.
The domain contains two servers named Server1 and Server2 that run Windows Server 2012. Both servers
have the DHCP Server server role installed.
Server1 is located in the main office site. Server2 is located in the branch office site.
Server1 provides IPv4 addresses to the client computers in the main office site. Server2 provides IPv4
addresses to the client computers in the branch office site.
You need to ensure that if either Server1 or Server2 are offline, the client computers can still obtain IPv4
addresses.
The solution must meet the following requirements:
The storage location of the DHCP databases must not be a single point of failure.
Server1 must provide IPv4 addresses to the client computers in the branch office site only if Server2 is
offline.
Server2 must provide IPv4 addresses to the client computers in the main office site only if Server1 is offline.
Which configuration should you use?
A.
B.
C.
D.
load sharing mode failover partners
a failover cluster
hot standby mode failover partners
a Network Load Balancing (NLB) cluster
Correct Answer: C
Section: (none)
Explanation
A. The load sharing mode of operation is best suited to deployments where both servers in a failover
relationship are located at the same physical site.
B. Hot standby mode of operation is best suited to deployments where a central office or data
center server acts as a standby backup server to a server at a remote site, which is local to the
DHCP clients
C. Needs to be a DHCP Failover option
D. Needs to be a DHCP Failover option
http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failover-hot-standbymode.aspx
QUESTION 15
You have a DHCP server named Server1. Server1 has an IP address 192.168.1.2 is located on a subnet that
has a network ID of 192.168.1.0/24.
On Server1, you create the scopes shown in the following table:
You need to ensure that Server1 can assign IP addresses from both scopes to the DHCP clients on the local
subnet.
What should you create on Server1?
A.
B.
C.
D.
A scope
A superscope
A split-scope
A multicast scope
Correct Answer: B
Section: (none)
Explanation
A. A scope is an administrative grouping of IP addresses for computers on a subnet that use the
Dynamic Host Configuration Protocol (DHCP) service. The administrator first creates a scope for
each physical subnet and then uses the scope to define the parameters used by clients.
B. A superscope is an administrative feature of Dynamic Host Configuration Protocol (DHCP)
servers running Windows Server 2008 that you can create and manage by using the DHCP
Microsoft Management Console (MMC) snap-in. By using a superscope, you can group multiple
scopes as a single administrative entity.
D. Multicasting is the sending of network traffic to a group of endpointsdestination hosts. Only those
members in the group of endpoints hosts that are listening for the multicast traffic (the multicast
group) process the multicast traffic http://technet.microsoft.com/en-us/library/dd759168.aspx
http://technet.microsoft.com/en-us/library/dd759152.aspx
QUESTION 16
Your network contains servers that run Windows Server 2012. The network contains a large number of iSCSI
storage locations and iSCSI clients.
You need to deploy a central repository that can discover and list iSCSI resources on the network
automatically.
Which feature should you deploy?
A.
B.
C.
D.
the Windows Standards-Based Storage Management feature
the iSCSI Target Server role service
the iSCSI Target Storage Provider feature
the iSNS Server service feature
Correct Answer: D
Section: (none)
Explanation
Explanation:
A. Windows Server 2012 enables storage management that is comprehensive and fully scriptable,
and administrators can manage it remotely. A WMI-based interface provides a single mechanism
through which to manage all storage, including non-Microsoft intelligent storage subsystems and
virtualized local storage (known as Storage Spaces). Additionally, management applications can
use a single Windows API to manage different storage types by using standards-based protocols
such as Storage Management Initiative Specification (SMI-S).
B. Targets are created in order to manage the connections between an iSCSI device and the
servers that need to access it. A target defines the portals (IP addresses) that can be used to
connect to the iSCSI device, as well as the security settings (if any) that the iSCSI device requires
in order to authenticate the servers that are requesting access to its resources. C. iSCSI Target
Storage Provider enables applications on a server that is connected to an iSCSI target to perform
volume shadow copies of data on iSCSI virtual disks. It also enables you to manage iSCSI virtual
disks by using older applications that require a Virtual Disk Service (VDS) hardware provider, such
as the Diskraid command.
D. The Internet Storage Name Service (iSNS) protocol is used for interaction between iSNS servers
and iSNS clients. iSNS clients are computers, also known as initiators, that are attempting to
discover storage devices, also known as targets, on an Ethernet network.
QUESTION 17
Your network contains an Active Directory domain named contoso.com. The domain contains a file server
named Server1.
All servers run Windows Server 2012. All domain user accounts have the Division attribute automatically
populated as part of the user provisioning process.
The Support for Dynamic Access Control and Kerberos armoring policy is enabled for the domain.
You need to control access to the file shares on Server1 based on the values in the Division attribute and the
Division resource property.
Which three actions should you perform in sequence?
Select and Place:
Correct Answer:
Section: (none)
Explanation
First create a claim type for the property, then create a reference resource property that points
back to the claim. Finally set the classification value on the folder
QUESTION 18
Your network contains two Active Directory forests named contoso.com and fabrikam.com.
The contoso.com forest contains two domains named corp.contoso.com and contoso.com.
You establish a two-way forest trust between contoso.com and fabrikam.com.
Users from the corp.contoso.com domain report that they cannot log on to client computers in the
fabrikam.com domain by using their corp.contoso.com user account. When they try to log on, they receive the
following error message:
"The computer you are signing into is protected by an authentication firewall. The specified
account is not allowed to authenticate to the computer."
Corp.contoso.com users can log on successfully to client computers in the contoso.com domain by using their
corp.contoso.com user account credentials.
You need to allow users from the corp.contoso.com domain to log on to the client computers in the
fabrikam.com forest. What should you do?
A.
B.
C.
D.
Configure Windows Firewall with Advanced Security.
Enable SID history.
Configure forest-wide authentication.
Instruct the users to log on by using a user principal name (UPN).
Correct Answer: C
Section: (none)
Explanation
The forest-wide authentication setting permits unrestricted access by any users in the trusted
forest to all available shared resources in any of the domains in the trusting forest.
QUESTION 19
Both servers have the Hyper-V server role installed. The servers have the hardware configurations shown in the
following table:
Server1 hosts five virtual machines that run Windows Server 2012. You need to move the virtual machines
from Server1 to Server2. The solution must minimize downtime. What should you do for each virtual machine?
A.
B.
C.
D.
Export the virtual machines from Server1 and import the virtual machines to Server2.
Perform a live migration.
Perform a quick migration.
Perform a storage migration.
Correct Answer: A
Section: (none)
Explanation
Look for the difference in Processor Architecture. when Vendors Differ always export and import. when
manuafacturers are the same you can use live migration.
QUESTION 20
Your network contains an Active Directory domain named contoso.com. The domain contains two servers
named Server1 and Server2.
Both servers have the Hyper-V server role installed. You plan to replicate virtual machines between Server1
and Server2.
The replication will be encrypted by using Secure Sockets Layer (SSL).
You need to request a certificate on Server1 to ensure that the virtual machine replication is encrypted.
Which two intended purposes should the certificate for Server1 contain? (Each correct answer presents part of
the solution. Choose two.)
A.
B.
C.
D.
E.
Client Authentication
Kernel Mode Code Signing
Server Authentication
IP Security end system
KDC Authentication
Correct Answer: AC
Section: (none)
Explanation
http://blogs.technet.com/b/virtualization/archive/2012/03/13/hyper-v-replica-certificaterequirements.
aspx
QUESTION 21
Your network contains an Active Directory domain named contoso.com. The domain contains two member
servers named Server1 and Server2 that run Windows Server 2012. Both servers have the Hyper-V server role
installed.
The network contains an enterprise certification authority (CA). All servers are enrolled automatically for a
certificate-based on the Computer certificate template.
On Server1, you have a virtual machine named VM1. VM1 is replicated to Server2. You need to encrypt the
replication of VM1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A.
B.
C.
D.
E.
F.
On Server1, modify the settings of VM1.
On Server2, modify the settings of VM1.
On Server2, modify the Hyper-V Settings.
On Server1, modify the Hyper-V Settings.
On Server1, modify the settings of the virtual switch to which VM1 is connected.
On Server2, modify the settings of the virtual switch to which VM1 is connected.
Correct Answer: AF
Section: (none)
Explanation
A. Modify replication settings of VM1 after enabling Replica on Server2 F. Enable Server2 as HyperV replica server
Once you change the Hyper-V Settings of Server 2 to encrypt replications with a certificate, you
then need to change the replication information of VM1 to use the secure connection.
QUESTION 22
named Server1 that runs Windows Server 2012.
You create a user account named User1 in the domain.
You need to ensure that User1 can use Windows Server Backup to back up Server1.
The solution must minimize the number of administrative rights assigned to User1.
What should you do?
A.
B.
C.
D.
Add User1 to the Backup Operators group.
Add User1 to the Power Users group.
Assign User1 the Backup files and directories user right and the Restore files and directories user right.
Assign User1 the Backup files and directories user right.
Correct Answer: D
Section: (none)
Explanation
Backup Operators have these permissions by default:
However the question explicitly says we need to minimize administrative rights. Since the
requirement is for backing up the data only--no requirement to restore or shutdown--then
assigning the "Back up files and directories user right" would be the correct answer.
QUESTION 23
You have a server named Server1 that runs Windows Server 2012 and is used for testing.
A developer at your company creates and installs an unsigned kernel-mode driver on Server1.
The developer reports that Server1 will no longer start. You need to ensure that the developer can test the new
driver.
The solution must minimize the amount of data loss.
Which Advanced Boot Option should you select?
A.
B.
C.
D.
Disable Driver Signature Enforcement
Disable automatic restart on system failure
Last Know Good Configuration (advanced)
Repair Your Computer
Correct Answer: A
Section: (none)
Explanation
This is kinda a tricky one.
For the developer to test his driver we need to use option A: disable Signed Drivers Enforcement, but we need
to boot he server first with the least amount of data loss, so C Last known Good.
I also believe C is the answer cuz the developer was already able to install the driver, so unsigned drivers were
already able to install. but i know for a fact Microsoft takes A as the correct answer ;)
Use the F8 Advanced Boot Option
Windows Vista and later versions of Windows support the F8 Advanced Boot Option -- "Disable Driver
Signature Enforcement" -- that disables load-time signature enforcement for a kernel-mode driver only for the
current system session. This setting does not persist across system restarts.
Code Integrity checks each kernel-mode driver for a digital signature when an attempt is made to load the
driver into memory. If the kernel-mode driver is not signed, the operating system might not load it. Whether an
unsigned driver is loaded without a digital signature depends on the platform of the operating system.
For x64-based computers, all kernel-mode drivers must be digitally signed.
For x86-based or Itanium-based computers, the following kernel-mode drivers require a digital signature:
bootvid.dll, ci.dll, clfs.sys, hal.dll, kdcom.dll, ksecdd.sys, ntoskrnl.exe, pshed.dll, spldr.sys, tpm.sys, and
winload.exe.
Note: If a kernel debugger is attached to the computer, Code Integrity still checks for a digital signature on
every kernel-mode driver, but the operating system will load the drivers.
QUESTION 24
servers named Server1 and Server2. All servers run Windows Server 2012.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a
failover cluster named Cluster1. You add two additional nodes to Cluster1.
You need to ensure that Cluster1 stops running if three nodes fail. What should you configure?
A.
B.
C.
D.
E.
F.
G.
H.
I.
J.
K.
L.
Affinity-None
Affinity-Single
The cluster quorum settings
The failover settings
A file server for general use
The Handling priority
The host priority
Live migration
The possible owner
The preferred owner
Quick migration
The Scale-Out File Server
Correct Answer: C
Section: (none)
Explanation
The quorum configuration in a failover cluster determines the number of failures that the cluster can sustain. If
an additional failure occurs, the cluster must stop running. The relevant failures in this context are failures of
nodes or, in some cases, of a disk witness (which contains a copy of the cluster configuration) or file share
witness. It is essential that the cluster stop running if too many failures occur or if there is a problem with
communication between the cluster nodes.
QUESTION 25
servers named Server1 and Server2.
All servers run Windows Server 2012. Server1 and Server2 have the Failover Clustering feature installed.
The servers are configured as nodes in a failover cluster named Cluster1. You add two additional nodes in
Cluster1.
You have a folder named Folder1 on Server1 that hosts application data.
Folder1 is a folder target in a Distributed File System (DFS) namespace. You need to provide highly available
access to Folder1.
The solution must support DFS Replication to Folder1.
A.
B.
C.
D.
E.
F.
G.
H.
I.
J.
K.
L.
Affinity-None
Affinity-Single
The host priority
Live migration
The possible owner
The preferred owner
Quick migration
Correct Answer: E
Section: (none)
Explanation
QUESTION 26
Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as
nodes in an NLB cluster named Cluster1.
Port rules are configured for all clustered applications. You need to ensure that Server2 handles all client
requests to the cluster that are NOT covered by a port rule.
A.
B.
C.
D.
E.
F.
G.
H.
I.
J.
K.
L.
Affinity-None
Affinity-Single
The host priority
Live migration
The possible owner
The preferred owner
Quick migration
Correct Answer: G
Section: (none)
Explanation
http://technet.microsoft.com/en-us/library/bb742455.aspx
QUESTION 27
Your network contains an Active Directory domain named contoso.com. A previous administrator implemented
a Proof of Concept installation of Active Directory Rights Management Services (AD RMS).
After the proof of concept was complete, the Active Directory Rights Management Services server role was
removed.
You attempt to deploy AD RMS. During the configuration of AD RMS, you receive an error message indicating
that an existing AD RMS Service Connection
Point (SCP) was found. You need to remove the existing AD RMS SCP.
A.
B.
C.
D.
E.
F.
G.
H.
ADSI Edit
Active Directory Users and Computers
Active Directory Domains and Trusts
Active Directory Sites and Services
Services
Authorization Manager
TPM Management
Certification Authority
Correct Answer: AD
Section: (none)
Explanation
http://technet.microsoft.com/en-us/library/jj835767(v=ws.10).aspx
QUESTION 28
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and
fabrikam.com.
The functional level of the forest is Windows Server 2003. You have a domain outside the forest named
adatum.com.
You need to configure an access solution to meet the following requirements:
- Users in adatum.com must be able to access resources in contoso.com.
- Users in adatum.com must be prevented from accessing resources in fabrikam.com.
- Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com.
What should you create?
A. a one-way realm trust from contoso.com to adatum.com
B. a one-way realm trust from adatum.com to contoso.com
C. a one-way external trust from contoso.com to adatum.com
D. a one-way external trust from adatum.com to contoso.com
Correct Answer: C
Section: (none)
Explanation
Just read it in reverse. you need users from domain A to be able to read domain B. create a trust from domain
B to trust domain A.
QUESTION 29
a branch office. An Active Directory site exists for each office.
All domain controllers run Windows Server 2012. The domain contains two domain controllers. DC1 hosts an
Active Directory- integrated zone for contoso.com.
You add the DNS Server server role to DC2. You discover that the contoso.com DNS zone fails to replicate to
DC2.
You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need
to ensure that DC2 replicates the contoso.com zone by using Active Directory replication.
A.
B.
C.
D.
E.
F.
G.
H.
Dnscmd
Dnslint
Repadmin
Ntdsutil
DNS Manager
Correct Answer: C
Section: (none)
Explanation
Since everything is syncing fine except the DNS zone use REPadmin, you usualy have hints in the eventvwr as
wel. look for the event id's.
Troubleshooting : http://technet.microsoft.com/en-us/library/bb727057.aspx
QUESTION 30
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012.
The domain contains a domain controller named DC1 that is configured as an enterprise root certification
authority (CA).
All users in the domain are issued a smart card and are required to log on to their domain-joined client
computer by using their smart card.
A user named User1 resigned and started to work for a competing company.
You need to prevent User1 immediately from logging on to any computer in the domain.
The solution must not prevent other users from logging on to the domain. Which tool should you use?
A.
B.
C.
D.
E.
F.
G.
H.
Active Directory Administrative Center
the Certification Authority console
the Certificates snap-in
Certificate Templates
Server Manager
the Security Configuration Wizard
Correct Answer: AC
Section: (none)
Explanation
A. ADAC - Active Directory Administrative Center used to manage users/computers C. ADUC Active Directory Users and Computers used to manage users/Computers.
http://technet.microsoft.com/en-us/library/dd560651(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/aa997340(v=exchg.65).aspx
QUESTION 31
Your network contains three Active Directory forests. Each forest contains an Active Directory Rights
Management Services (AD RMS) root cluster.
All of the users in all of the forests must be able to access protected content from any of the forests.
You need to identify the minimum number of AD RMS trusts required. How many trusts should you identify?
A.
B.
C.
D.
2
3
4
6
Correct Answer: D
Section: (none)
Explanation
1 in 1 out per forest.
QUESTION 32
authority (CA).
A user named User1 resigned and started to work for a competing company.
A.
B.
C.
D.
Server Manager
Correct Answer: B
Section: (none)
Explanation
QUESTION 33
controller named DC1 that runs Windows Server 2012.
DC1 has the DHCP Server server role installed. DHCP is configured as shown in the exhibit.
You discover that client computers cannot obtain IPv4 addresses from DC1. You need to ensure that the client
computers can obtain IPv4 addresses from DC1. What should you do?
A.
B.
C.
D.
Activate the scope.
Authorize DC1.
Disable the Allow filters.
Disable the Deny filters.
Correct Answer: C
Section: (none)
Explanation
There is no items in the deny List. So it means that client computers MAC addresses is not listed
in the allow list. So we have to disable the "Allow Filters" http://technet.microsoft.com/enus/
library/ee956897(v=ws.10).aspx
QUESTION 34
named Server1 and a domain controller named DC1.
All servers run Windows Server 2012. A Group Policy object (GPO) named GPO1 is linked to the domain.
Server1 contains a folder named Folder1. Folder1 is shared as Share1.
You need to ensure that authenticated users can request assistance when they are denied access to the
resources on Server1.
A.
B.
C.
D.
E.
Assign the Read Attributes NTFS permission on Folder1 to the Authenticated Users group
Install the File Server Resource Manager role service on Server1
Configure the Customize message for Access Denied errors policy setting of GPO1.
Enable the Enable access-denied assistance on client for all file types policy setting for GPO1.
Install the File Server Resource Manager role service on DC1.
Correct Answer: BD
Section: (none)
Explanation
http://technet.microsoft.com/en-us/library/hh831402.aspx#BKMK_1
QUESTION 35
Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows
Server 2008 R2.
The domain contains a file server named Server6 that runs Windows Server 2012. Server6 contains a folder
named Folder1.
Folder1 is shared as Share1. The NTFS permissions on Folder1 are shown in the exhibit.
The domain contains two global groups named Group1 and Group2. You need to ensure that only users who
are members of both Group1 and Group2 are denied access to Folder1.
A.
B.
C.
D.
E.
F.
Remove the Deny permission for Group1 from Folder1.
Deny Group2 permission to Folder1.
Install a domain controller that runs Windows Server 2012.
Create a conditional expression.
Deny Group2 permission to Share1.
Deny Group1 permission to Share1.
Correct Answer: CD
Section: (none)
Explanation
Expressions
Conditional expressions are an enhancement to access control management in Windows Server 2012 and
Windows 8 that allow or deny access to resources only when certain conditions are met, for example, group
membership, location, or the security state of the device. Expressions are managed through the Advanced
Security Settings dialog box of the ACL Editor or the Central Access Rule Editor in the Active Directory
Administrative Center (ADAC).
What value does this change add?
Expressions help administrators manage access to sensitive resources with flexible conditions in increasingly
complex business environments.
What works differently?
The ability to implement conditional expressions through claims was not available in earlier versions of
Windows.
QUESTION 36
Your network contains an Active Directory forest. The forest contains a single domain named contoso.com.
The forest contains two Active Directory sites named Main and Branch1. The sites connect to each other by
using a site link named Main-Branch1. There are no other site links.
Each site contains several domain controllers. All domain controllers run Windows Server 2012.
Your company plans to open a new branch site named Branch2. The new site will have a WAN link that
connects to the Main site only. The site will contain two domain controllers that run Windows Server 2012.
You need to create a new site and a new site link for Branch2. The solution must ensure that the domain
controllers in Branch2 only replicate to the domain controllers in Branch1 if all of the domain controllers in Main
are unavailable.
Which three actions should you perform? To answer, move the three appropriate actions from the list of actions
to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 37
controller named DC1 that runs Windows Server 2012. DC1 has the DNS Server server role installed.
The network contains client computers that run either Linux, Windows 7, or Windows 8.
You have a standard primary zone named adatum.com as shown in the exhibit.
You plan to configure Name Protection on all of the DHCP servers. You need to configure the adatum.com
zone to support Name Protection.
Which two configurations should you perform from DNS Manager? (Each correct answer presents part of the
solution. Choose two.)
A.
B.
C.
D.
Sign the zone.
Store the zone in Active Directory.
Modify the Security settings of the zone.
Configure Dynamic updates.
Correct Answer:
Section: (none)
Explanation
QUESTION 38
Server1 and Server2 have the Hyper-V server role installed. Server1 and Server2 are configured as Hyper-V
replicas of each other. Server1 hosts a virtual machine named VM1.
VM1 is replicated to Server2. You need to verify whether the replica of VM1 on Server2 is functional. The
solution must ensure that VM1 remains accessible to clients.
What should you do from Hyper-V Manager?
A.
B.
C.
D.
On Server1, execute a Planned Failover.
On Server1, execute a Test Failover.
On Server2, execute a Planned Failover.
On Server2, execute a Test Failover.
Correct Answer: D
Section: (none)
Explanation
A. Server 1 is houses VM1 and it is replicated to Server2 - wrong server to failover and this is not
a planned fail over case
B. Wrong server correct failover type
C. Wrong server, wrong failover type
D. Right server and failover type
http://blogs.technet.com/b/virtualization/archive/2012/07/31/types-of-failover-operations-inhypervreplica-partii-planned-failover.aspx
http://blogs.technet.com/b/virtualization/archive/2012/07/26/types-of-failover-operations-inhypervreplica.aspx
QUESTION 39
You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server
2012.
You need to force every node in Cluster1 to contact immediately the Windows Server Update Services (WSUS)
server on your network for updates.
A.
B.
C.
D.
The Add-CauClusterRole cmdlet
The Wuauclt command
The Wusa command
The Invoke-CauScan cmdlet
Correct Answer: D
Section: (none)
Explanation
A. Adds the Cluster-Aware Updating (CAU) clustered role that provides the self-updating
functionality to the specified cluster.
B. the wuauclt utility allows you some control over the functioning of the Windows Update Agent C.
The Wusa.exe file is in the %windir%\System32 folder. The Windows Update Standalone Installer
uses the Windows Update Agent API to install update packages. Update packages have an .msu
file name extension. The .msu file name extension is associated with the Windows Update
Standalone Installer.
D. Performs a scan of cluster nodes for applicable updates and returns a list of the initial set of
updates that would be applied to each node in a specified cluster. http://technet.microsoft.com/enus/
library/hh847235(v=wps.620).aspx http://technet.microsoft.com/enus/
library/cc720477(v=ws.10).aspx http://support.microsoft.com/kb/934307
http://technet.microsoft.com/en-us/library/hh847228(v=wps.620).aspx
QUESTION 40
Your network contains an Active Directory domain named contoso.com. The network contains a file server
You are configuring a central access policy for temporary employees.
You enable the Department resource property and assign the property a suggested value of Temp.
You need to configure a target resource condition for the central access rule that is scoped to resources
assigned to Temp only.
Which condition should you use?
A.
B.
C.
D.
(Temp.Resource Equals "Department")
(Resource.Department Equals "Temp")
(Department.Value Equals "Temp")
(Resource.Temp Equals "Department")
Correct Answer: B
Section: (none)
Explanation
http://technet.microsoft.com/fr-fr/library/hh846167.aspx
QUESTION 41
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Active
Directory Certificate Services server role installed and is configured as a standalone certification authority (CA).
You install a second server named Server2. You install the Online Responder role service on Server2.
You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signing
certificate to Server2. What should you do?
A.
B.
C.
D.
On Server1, run the certutil.exe command and specify the -setreg parameter.
On Server2, run the certutil.exe command and specify the -policy parameter.
On Server1, configure Security for the OCSP Response Signing certificate template.
On Server2, configure Issuance Requirements for the OCSP Response Signing certificate template.
Correct Answer: C
Section: (none)
Explanation
QUESTION 42
Your network contains an Active Directory domain named adatum.com. The domain contains a server named
CA1 that runs Windows Server 2012.
CA1 has the Active Directory Certificate Services server role installed and is configured to support key archival
and recovery.
You need to ensure that a user named User1 can decrypt private keys archived in the Active Directory
Certificate Services (AD CS) database.
The solution must prevent User1 from retrieving the private keys from the AD CS database.
What should you do?
A.
B.
C.
D.
Assign User1 the Issue and Manage Certificates permission to Server1.
Assign User1 the Read permission and the Write permission to all certificate templates.
Provide User1 with access to a Key Recovery Agent certificate and a private key.
Assign User1 the Manage CA permission to Server1.
Correct Answer: C
Section: (none)
Explanation
QUESTION 43
Your network contains an Active Directory domain named contoso.com. The domain contains two sites named
Site1 and Site2 and two domain controllers named DC1 and DC2. Both domain controllers are located in Site1.
You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2. A technician
connects DC3 to Site2.
You discover that users in Site2 are authenticated by all three domain controllers. You need to ensure that the
users in Site2 are authenticated by DC1 or DC2 only if DC3 is unavailable.
What should you do?
A.
B.
C.
D.
From Network Connections, modify the IP address of DC3.
In Active Directory Sites and Services, modify the Query Policy of DC3.
From Active Directory Sites and Services, move DC3.
In Active Directory Users and Computers, configure the insDS-PrimaryComputer attribute for the users in
Site2.
Correct Answer: C
Section: (none)
Explanation
http://social.technet.microsoft.com/wiki/contents/articles/7573.active-directory-certificateservicespkikeyarchival-and-anagement.aspx#Protecting_Key_Recovery_Agent_Keys
QUESTION 44
Your network contains two Active Directory forests named contoso.com and adatum.com. Contoso.com
contains one domain. Adatum.com contains a child domain named child.adatum.com.
Contoso.com has a one-way forest trust to adatum.com. Selective authentication is enabled on the forest trust.
Several user accounts are migrated from child.adatum.com to adatum.com.
Users report that after the migration, they fail to access resources in contoso.com. The users successfully
accessed the resources in contoso.com before the accounts were migrated.
You need to ensure that the migrated users can access the resources in contoso.com.
What should you do?
A.
B.
C.
D.
Replace the existing forest trust with an external trust.
Run netdom and specify the /quarantine attribute.
Disable SID filtering on the existing forest trust.
Disable selective authentication on the existing forest trust.
Correct Answer: C
Section: (none)
Explanation
B. Enables administrators to manage Active Directory domains and trust relationships from the
command prompT, /quarantine Sets or clears the domain quarantine C. Need to gran access to the
resources in contoso.com
D. Selective authentication over a forest trust restricts access to only those users in a trusted forest
who have been explicitly given authentication permissions to computer objects (resource
computers) that reside in the trusting forest
QUESTION 45
You have four servers that run Windows Server 2012. The servers have the Failover Clustering feature
installed.
You deploy a new cluster named Cluster1. Cluster1 is configured as shown in the following table:
Site2 is a disaster recovery site. Server1, Server2, and Server3 are configured as the preferred owners of the
cluster roles.
Dynamic quorum management is disabled. You plan to perform hardware maintenance on Server3.
You need to ensure that if the WAN link between Site1 and Site2 fails while you are performing maintenance on
Server3, the cluster resource will remain available in Site1.
What should you do?
A.
B.
C.
D.
Enable dynamic quorum management.
Remove the node vote for Server3.
Add a file share witness in Site1.
Remove the node vote for [C1] Server4 and Server5.
Correct Answer: D
Section: (none)
Explanation
QUESTION 46
Your network contains an Active Directory domain named contoso.com. The domain contains a server named
Server2 that runs Windows Server 2012.
You are a member of the local Administrators group on Server2. You install an Active Directory Rights
Management Services (AD RMS) root cluster on Server2.
You need to ensure that the AD RMS cluster is discoverable automatically by the AD RMS client computers and
the users in contoso.com. Which additional configuration settings should you configure?
To answer, select the appropriate tab in the answer area:
Point and Shoot:
Correct Answer:
Section: (none)
Explanation
QUESTION 47
You plan to deploy a failover cluster that will contain two nodes that run Windows Server 2012.
You need to configure a witness disk for the failover cluster. How should you configure the witness disk?
To answer, drag the appropriate configurations to the correct location or locations.
Each configuration may be used once, more than once, or not at all.
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 48
You have a test server named Server1 that is configured to dual-boot between Windows Server 2008 R2 and
Windows Server 2012.
You start Server1 and you discover that the boot entry for Windows Server 2008 R2 no longer appears on the
boot menu.
You start Windows Server 2012 on Server1 and you discover the disk configurations shown in the following
table:
You need to restore the Windows Server 2008 R2 boot entry on Server1. What should you do?
A.
B.
C.
D.
Run bcdedit.exe and specify the /createstore parameter.
Run bootrec.exe and specify the /scanos parameter.
Run bcdboot.exe d:\windows.
Run bootrec.exe and specify the /rebuildbcd parameter.
Correct Answer: D
Section: (none)
Explanation
A. BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including
creating new stores, modifying existing stores, adding boot menu options, /Createstore Creates a new empty
boot configuration data store.
The created store is not a system store.
B. Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks for
installations that are c mpatible with Windows Vista or Windows 7. Additionally, this option displays the entries
that are currently not in the BCD store.
Use this option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not
list.
D. Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks for
installations that are compatible with Windows Vista or Windows 7. Additionally, this option displays the entries
that are currently not in the BCD store.
Use this option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not
list.
http://support.microsoft.com/kb/927392/en-us
QUESTION 49
You have a DHCP server named Server1. Server1 has one network adapter. Server1 is located on a subnet
named Subnet1. Server1 has scope named Scope1.
Scope1 contains IP addresses for the 192.168.1.0/24 network. Your company is migrating the IP addresses on
Subnet1 to use a network ID of 10.10.0.0/16.
On Server11 you create a scope named Scope2. Scope2 contains IP addresses for the 10.10.0.0/16 network.
You need to ensure that clients on Subnet1 can receive IP addresses from either scope. What should you
create on Server1?
A.
B.
C.
D.
A multicast scope
A scope
A superscope
A split-scope
Correct Answer: C
Section: (none)
Explanation
A. Multicasting is the sending of network traffic to a group of endpointsdestination hosts. Only those
members in the group of endpoints hosts that are listening for the multicast traffic (the multicast
group) process the multicast traffic
B. A scope is an administrative grouping of IP addresses for computers on a subnet that use the
Dynamic Host Configuration Protocol (DHCP) service. The administrator first creates a scope for
each physical subnet and then uses the scope to define the parameters used by clients.
C. A superscope is an administrative feature of Dynamic Host Configuration Protocol (DHCP) servers
running Windows Server 2008 that you can create and manage by using the DHCP Microsoft
Management Console (MMC) snap-in. By using a superscope, you can group multiple scopes as
a single administrative entity.
D.
http://technet.microsoft.com/en-us/library/dd759152.aspx http://technet.microsoft.com/enus/
library/dd759218.aspx http://technet.microsoft.com/en-us/library/dd759168.aspx
QUESTION 50
Your network contains an Active Directory domain named adatum.com. The domain contains a domain
controller named DC1 that runs Windows Server 2012.
On Dc1, you open DNS Manager as shown in the exhibit.
You need to change the zone type of the contoso.com zone from an Active Directory-integrated zone to a
standard primary zone.
What should you do before you change the zone type?
A.
B.
C.
D.
Unsign the zone.
Modify the Zone Signing Key (ZSK).
Modify the Key Signing Key (KSK).
Change the Key Master.
Correct Answer: A
Section: (none)
Explanation
A. Lock icon indicating that it is currently signed with DNSSEC, zone must be unsignes B. An
authentication key that corresponds to a private key used to sign a zone. C. The KSK is an
authentication key that corresponds to a private key used to sign one or more other signing keys
for a given zone. Typically, the private key corresponding to a KSK will sign a ZSK, which in turn
has a corresponding private key that will sign other zone data.
D.
http://technet.microsoft.com/en-us/library/hh831411.aspx http://technet.microsoft.com/enus/
QUESTION 51
You have a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role
installed.
You need to configure Server1 to resolve queries for single-label DNS names. Which two actions should you
perform? (Each correct answer presents part of the solution. Choose two.)
A.
B.
C.
D.
E.
F.
Run the Set-DNSServerGlobalNameZone cmdlet.
Modify the DNS suffix search list setting.
Modify the Primary DNS Suffix Devolution setting.
Create a zone named ".".
Create a zone named GlobalNames.
Run the Set-DNSServerRootHint cmdlet.
Correct Answer: AE
Section: (none)
Explanation
The answer in my practice exams is different then the PDF where the state E and F as the answer.
A: Detailed Description
The Set-DnsServerGlobalNameZone cmdlet enables or disables single-label Domain Name System (DNS)
queries. It also changes configuration settings for a GlobalNames zone.
The GlobalNames zone supports short, easy-to-use names instead of fully qualified domain names (FQDNs)
without using Windows Internet Name Service (WINS) technology. For instance, DNS can query
SarahJonesDesktop instead of SarahJonesDesktop.contoso.com.
E: http://technet.microsoft.com/en-us/library/cc731744.aspx
QUESTION 52
named Server1 and Server2 that run Windows Server 2012. Server1 has the IP Address Management (IPAM)
Server feature installed.
Server2 has the DHCP Server server role installed.
A user named User1 is a member of the IPAM Users group on Server1. You need to ensure that User1 can use
IPAM to modify the DHCP scopes on Server2.
The solution must minimize the number of permissions assigned to User1.
To which group should you add User1?
A.
B.
C.
D.
DHCP Administrators on Server2
IPAM ASM Administrators on Server1
IPAMUG in Active Directory
IPAM MSM Administrators on Server1
Correct Answer: A
Section: (none)
Explanation
The user need rights to change DHCP not IPAM
Members of the DHCP Administrators group can view and modify any data at the DHCP server.
QUESTION 53
You have a server named DC2 that runs Windows Server 2012. DC2 contains a DNS zone named
adatum.com. The adatum.com zone is shown in the exhibit.
You need to configure DNS clients to perform DNSSEC validation for the adatum.com DNS domain.
A.
B.
C.
D.
The Network Location settings
A Name Resolution Policy
The DNS Client settings
The Network Connection settings
Correct Answer: B
Section: (none)
Explanation
B. The Name Resolution Policy Table (NRPT) is a table that contains rules you can configure to
specify DNS settings or special behavior for names or namespaces. The NRPT can be configured
using Group Policy or by using the Windows Registry.
C. client component that resolves and caches Domain Name System (DNS) domain names. When
the DNS Client service receives a request to resolve a DNS name that it does not contain in its
cache, it queries an assigned DNS server for an IP address for the name D. Network connections
make it possible for computers to access resources on the network and the internet
http://technet.microsoft.com/en-us/library/hh831411.aspx#config_client1
QUESTION 54
named Server1 and Server2 that run Windows Server 2012.
Server1 has the DHCP Server server role installed.
Server2 has the Hyper-V server role installed. Server2 has an IP address of 192.168.10.50. Server1 has a
scope named Scope1 for the 192.168.10.0/24 network.
You plan to deploy 20 virtual machines on Server2 that will be connected to the external network.
The MAC addresses for the virtual machines will begin with 00-15-SD-83-03.
You need to configure Server1 to offer the virtual machines IP addresses from 192.168.10.200 to
192.168.10.21g.
Physical computers on the network must be offered IP addresses outside this range.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do from the DHCP console?
A.
B.
C.
D.
Create reservations.
Create a policy.
Delete Scope1 and create two new scopes.
Configure Allow filters and Deny filters.
Correct Answer: B
Section: (none)
Explanation
A. With client reservations, it is possible to reserve a specific IP address for permanent use by a
DHCP client. A new feature in Windows Server 2012 called policy based assignment allows for
even greater flexibility.
B. Policy based assignment allows the policy to be scoped to a MAC address and IP range
C.
D. A DHCP server offers its services to the DHCP clients based on the availability of MAC address
filtering. Once the Allow filter is set, all DHCP operations are based on the access controls
(allow/deny).
http://blogs.technet.com/b/teamdhcp/archive/2012/08/22/granular-dhcp-serveradministrationusingdhcppolicies-in-windows-server-2012.aspx
QUESTION 55
named Server1 and Server2.
Both servers have the IP Address Management (IPAM) Server feature installed.
You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1
and Server2.
You need to ensure that Tech 1 can use Server Manager on Server1 to manage IPAM on Server2.
To which group on Server2 should you add Tech1.
A.
B.
C.
D.
Remote Management Users
IPAM MSM Administrators
IPAM Administrators
WinRM Remote WM1 Users
Correct Answer: D
Section: (none)
Explanation
QUESTION 56
Your network contains two Active Directory forests named contoso.com and adatum.com. All of the domain
controllers in both of the forests run Windows Server 2012. The adatum.com domain contains a file server
named Servers.
Adatum.com has a one-way forest trust to contoso.com.
A contoso.com user name User10 attempts to access a shared folder on Servers and receives the error
message shown in the exhibit.
You verify that the Authenticated Users group has Read permissions to the Data folder. You need to ensure
that User10 can read the contents of the Data folder on Server5 in the adatum.com domain.
What should you do?
A.
B.
C.
D.
Grant the Other Organization group Read permissions to the Data folder.
Modify the list of logon workstations of the contoso\User10 user account.
Enable the Netlogon Service (NP-In) firewall rule on Server5
Modify the permissions on the Server5 computer object in Active Directory
Correct Answer: D
Section: (none)
Explanation
To resolve the issue, I had to open up AD Users and Computers --> enable Advanced Features - -> Select the
Computer Object --> Properties --> Security --> Add the Group I want to allow access to the computer
(in this case, DomainA\Domain users) and allow "Allowed to Authenticate". Once I did that, everything worked:
QUESTION 57
Your network contains an Active Directory domain named contoso.com.
The domain contains two Active Directory sites named Site1 and Site2. You discover that when the account of
a user in Site1 is locked out, the user can still log on to the servers in Site2 for up to 15 minutes by using
Remote Desktop Services (RDS).
You need to reduce the amount of time it takes to synchronize account lockout information across the domain.
Which attribute should you modify? To answer, select the appropriate attribute in the answer area.
Point and Shoot:
Correct Answer:
Section: (none)
Explanation
QUESTION 58
fabrikam.com. The functional level of the forest is Windows Server 2003.
You have a domain outside the forest named adatum.com.
You need to configure an access solution to meet the following requirements:
What would you configure?
A.
B.
C.
D.
a one-way external trust from adatum.com to fabrikam.com
a one-way realm trust from fabrikam.com to adatum.com
a one-way realm trust from adatum.com to fabrikam.com
a one-way external trust from fabrikam.com to adatum.com
Correct Answer: D
Section: (none)
Explanation
A. A one-way trust is a unidirectional authentication path that is created between two domains. This
means that in a one-way trust between Domain A and Domain B, users in Domain A can access
resources in Domain B. However, users in Domain B cannot access resources in Domain A. This
would allow adatum.com users access to contoso which is desired B. This would allow contoso.com
users access to adatum which must be prevented and used for non windows realm to AD C. This
would allow adatum.com users access to contoso which is desired but realm trust types are used
for non windows realm to AD D. This would allow adatum users access to contoso which must be
prevented and You need to make trust relationship where domain contoso.com trusts adatum.com.
NOTE: On exam the domain names were changed, so understand the question well
QUESTION 59
a branch office.
An Active Directory site exists for each office. All domain controllers run Windows Server 2012. The domain
contains two domain controllers.
The domain controllers are configured as shown in the following table:
DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server role to DC2.
You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema, and
configuration naming contexts replicate from DC1 to DC2.
You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication.
A.
B.
C.
D.
Ntdsutil
DNS Manager
Correct Answer: A
Section: (none)
Explanation
A. To control replication between two sites, you can use the Active Directory Sites and Services
snap- in to configure settings on the site link object to which the sites are added. By configuring
settings on a site link, you can control when replication occurs between two or more sites, and how
often
B. Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory
Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). You can
use the ntdsutil commands to perform database maintenance of AD DS, manage and control single
master operations, and remove metadata left behind by domain controllers that were removed from
the network without being properly uninstalled.
C. DNS Manager is the tool you'll use to manage local and remote DNS Servers D. Active Directory
Domains and Trusts is the Microsoft Management Console (MMC) snap-in that you can use to
administer domain trusts, domain and forest functional levels, and user principal name (UPN)
suffixes.
NOTE: If you see question about AD Replication, First preference is AD sites and services, then
Repadmin and then DNSLINT.
http://technet.microsoft.com/en-us/library/cc731862.aspx http://technet.microsoft.com/enus/
library/cc753343(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc722541.aspx
Note: If you see question about AD Replication, First preference is AD sites and services, then
QUESTION 60
fabrikam.com.
The functional level of the forest is Windows Server 2003. The contoso.com domain contains domain
controllers that run either Windows Server 2008 or Windows Server 2008 R2.
The functional level of the domain is Windows Server 2008.
The fabrikam.com domain contains domain controllers that run either Windows Server 2003 or Windows
Server 2008.
The functional level of the domain is Windows Server 2003.
The contoso.com domain contains a member server named Server1 that runs Windows Server 2012.
You install the Active Directory Domain Services server role on Server1.
You need to add Server1 as a new domain controller in the contoso.com domain. What should you do?
A.
B.
C.
D.
Run the Active Directory Domain Services Configuration Wizard.
Run adprep.exe /domainprep, and then run dcpromo.exe.
Raise the functional level of the forest, and then run dcprorno.exe.
Modify the Computer Name/Domain Changes properties.
Correct Answer: A
Section: (none)
Explanation
Windows Server 2012 requires a Windows Server 2003 forest functional level. That is, before you can add a
domain controller that runs Windows Server 2012 to an existing Active Directory forest, the forest functional
level must be Windows Server 2003 or higher.
http://blogs.technet.com/b/askpfeplat/archive/2012/09/03/introducing-the-first-windowsserver-2012domaincontroller.aspx
Exam B
QUESTION 1
fabrikam.com.
The forest functional level is Windows 2000.
The contoso.com domain contains domain controllers that run either Windows Server 2008 or Windows Server
2008 R2.
The domain functional level is Windows Server 2008.
The fabrikam.com domain contains domain controllers that run either Windows 2000 Server or Windows
Server 2003.
The domain functional level is Windows 2000 native. The contoso.com domain contains a member server
You need to add Server1 as a new domain controller in the contoso.com domain. What should you do first?
A.
B.
C.
D.
E.
Raise the functional level of the contoso.com domain to Windows Server 2008 R2.
Upgrade the domain controllers that run Windows Server 2008 to Windows Server 2008 R2.
Raise the functional level of the fabrikam.com domain to Windows Server 2003.
Decommission the domain controllers that run Windows 2000.
Raise the forest functional level to Windows Server 2003.
Correct Answer: D
Section: (none)
Explanation
D. Server 2003 is the minimum Domain Functional level for any domain in the forest Windows Server 2012
requires a Windows Server 2003 forest functional level.
That is, before you can add a domain controller that runs Windows Server 2012 to an existing Active Directory
forest, the forest functional level must be Windows Server 2003 or higher.
QUESTION 2
Your network contains an Active Directory domain named adatum.com. The domain contains four servers.
The servers are configured as shown in the following table.
You plan to deploy an enterprise certification authority (CA) on a server named Server5. Server5 will be used to
issue certificates to domain-joined computers and workgroup computers.
You need to identify which server you must use as the certificate revocation list (CRL) distribution point for
Server5. Which server should you identify?
A.
B.
C.
D.
Server3
Server2
Server4
Server 1
Correct Answer: A
Section: (none)
Explanation
A. We cannot use AD DS because workgroup computers must access CRL distribution point
B. We cannot use File Share because workgroup computers must access CRL distribution point
C. Public facing web server can be used
D. AD DS, Web & File Share only
QUESTION 3
You have a server named Server1 that has the Active Directory Certificate Services server role installed.
Server1 uses a hardware security module (HSM) to protect the private key of Server1.
You need to ensure that the Active Directory Certificate Services (AD CS) database, log files, and private key
are backed up. You perform regular backups of the HSM module by using a backup utility provided by the HSM
manufacturer.
What else should you do?
A.
B.
C.
D.
Run the certutil.exe command and specify the -backupkey parameter.
Run the certutil.exe command and specify the -backupdb parameter.
Run the certutil.exe command and specify the -backup parameter.
Run the certutil.exe command and specify the -dump parameter.
Correct Answer: B
Section: (none)
Explanation
A. Backup the Active Directory Certificate Services certificate and private key
B. Backup the Active Directory Certificate Services database
C. Backup Active Directory Certificate Services
D. Dump configuration information or files
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupKey
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupDB
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backup
http://technet.microsoft.com/library/cc732443.aspx#BKMK_dump
QUESTION 4
Server1 has the Active Directory Federation Services (AD FS) server role installed. Adatum.com is a partner
organization.
You are helping the administrator of adatum.com set up a federated trust between adatum.com and
contoso.com.
The administrator of adatum.com asks you to provide a file containing the federation metadata of contoso.com.
You need to identify the location of the federation metadata file. Which node in the AD FS console should you
select?
To answer, select the appropriate node in the answer area.
Point and Shoot:
Correct Answer:
Section: (none)
Explanation
http://blogs.msdn.com/b/card/archive/2010/06/25/using-federation-metadata-to-establish-a-relying-party-trustin-ad-fs-2-0.aspx
QUESTION 5
Your network contains three Active Directory forests. Each forest contains an Active Directory Rights
Management Services (AD RMS) root cluster.
All of the users in all of the forests must be able to access protected content from any of the forests. You need
to identify the minimum number of AD RMS trusts required. How many trusts should you identify?
A.
B.
C.
D.
2
3
4
6
Correct Answer: D
Section: (none)
Explanation
3 Forests. Bi Direcrional test needed means each forest needs 2 other forests TUD file. 3 x 2 =6
QUESTION 6
authority (CA).
A user named User1 resigned and started to work for a competing company. You need to prevent User1
immediately from logging on to any computer in the domain.
A.
B.
C.
D.
Server Manager
Correct Answer: B
Section: (none)
Explanation
B. Disable user1 from ADAC
QUESTION 7
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-V
server role installed.
Server1 hosts 10 virtual machines that run Windows Server 2012. You add a new server named Server2.
Server2 has faster hard disk drives, more RAM, and a different processor manufacturer than Server1.
You need to move all of the virtual machines from Server1 to Server2. The solution must minimize downtime.
What should you do for each virtual machine?
A.
B.
C.
D.
Export the virtual machines from Server1 and import the virtual machines to Server2.
Correct Answer: C
Section: (none)
Explanation
look at the bold text!
C. Other options require same CPU family and cluster
library/hh848495.aspx http://technet.microsoft.com/en-us/library/jj628158.aspx The different
processor manufacturer is the key here. Storage, Live, and Quick all require same manufacturer.
QUESTION 8
You have a datacenter that contains six servers. Each server has the Hyper-V server role installed and runs
The servers are configured as shown in the following table:
Host4 and Host5 are part of a cluster named Cluster1. Cluster1 hosts a virtual machine named VM1. You need
to move VM1 to another Hyper-V host.
The solution must minimize the downtime of VM1.
To which server and by which method should you move VM1?
A.
B.
C.
D.
To Host3 by using a storage migration
To Host6 by using a storage migration
To Host2 by using a live migration
To Host1 by using a quick migration
Correct Answer: A
Section: (none)
Explanation
A. Host3 is the only option to allow minimum downtime and has same processor manufacturers
B. Live Storage Migration requires same processor manufacturers
C. Live migration requires same same processor manufacturers
D. Quick migration has downtime
NOTE: Exam may have more options but same answer
library/jj628158.aspx
QUESTION 9
Server1 and Server2 have the Failover Clustering feature installed.
The servers are configured as nodes in a failover cluster named Cluster1.
Cluster1 hosts an application named App1. You need to ensure that Server2 handles all of the client requests
to the cluster for App1.
The solution must ensure that if Server2 fails, Server1 becomes the active node for Appl. What should you
configure?
A.
B.
C.
D.
E.
F.
G.
H.
I.
J.
K.
L.
Affinity-None
Affinity-Single
The host priority
Live migration
The possible owner
The preferred owner
Quick migration
the Scale-Out File Server
Correct Answer: J
Section: (none)
Explanation
http://blogs.msdn.com/b/clustering/archive/2008/10/14/9000092.aspx
The preferred owner in a 2 server cluster will always be the active node unless it is down.
QUESTION 10
Your network contains an Active Directory domain named contoso.com.
The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012.
failover cluster named Cluster1.
You add two additional nodes to Cluster1. You need to ensure that Cluster1 stops running if three nodes fail.
A.
B.
C.
D.
E.
F.
G.
H.
I.
J.
K.
L.
Affinity-None
Affinity-Single
The host priority
Live migration
The possible owner
The preferred owner
Quick migration
Correct Answer: C
Section: (none)
Explanation
C. The quorum configuration in a failover cluster determines the number of failures that the cluster
can sustain.
QUESTION 11
You configure File Services and DHCP as clustered resources for Cluster1. Server1 is the active node for both
clustered resources.
You need to ensure that if two consecutive heartbeat messages are missed between Server1 and Server2,
Server2 will begin responding to DHCP requests.
The solution must ensure that Server1 remains the active node for the File Services clustered resource for up
to five missed heartbeat messages. What should you configure?
A.
B.
C.
D.
E.
F.
G.
H.
I.
J.
K.
L.
Affinity-None
Affinity-Single
The host priority
Live migration
The possible owner
The preferred owner
Quick migration
Correct Answer: D
Section: (none)
Explanation
The number of heartbeats that can be missed before failover occurs is known as the heartbeat
threshold
http://technet.microsoft.com/en-us/library/dn265972.aspx http://technet.microsoft.com/enus/
library/dd197562(v=ws.10).aspx
http://blogs.msdn.com/b/clustering/archive/2012/11/21/10370765.aspx
QUESTION 12
servers named Server1 and Server2 that run Windows Server 2012.
You configure a new failover cluster named Cluster1. Server1 and Server2 are nodes in Cluster1.
You need to configure the disk that will be used as a witness disk for Cluster1.
How should you configure the witness disk?
To answer, drag the appropriate configurations to the correct location or locations. Each configuration may be
used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view
content.
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 13
Your network contains an Active Directory forest named contoso.com that contains a single domain.
The forest contains three sites named Site1, Site2, and Site3. Domain controllers run either Windows Server
2008 R2 or Windows Server 2012. Each site contains two domain controllers.
Site1 and Site2 contain a global catalog server. You need to create a new site link between Site1 and Site2.
The solution must ensure that the site link supports the replication of all the naming contexts. From which node
should you create the site link?
To answer, select the appropriate node in the answer area.
Point and Shoot:
Correct Answer:
Section: (none)
Explanation
QUESTION 14
Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2012.
All domain controllers have the DNS Server server role installed.
You have a domain controller named DC1. On DC1, you create an Active Directory-integrated zone named
adatum.com and you sign the zone by using DNSSEC.
You deploy a new read-only domain controller (RODC) named R0DC1. You need to ensure that the
contoso.com zone replicates to R0DC1. What should you configure on DC1?
To answer, select the appropriate tab in the answer area.
Point and Shoot:
Correct Answer:
Section: (none)
Explanation
QUESTION 15
You have a server named Server1 that runs Windows Server 2012. Server1 has a single volume that is
encrypted by using BitLocker Drive Encryption (BitLocker).
BitLocker is configured to save encryption keys to a Trusted Platform Module (TPM). Server1 is configured to
perform a daily system image backup.
The motherboard on Server1 is upgraded. After the upgrade, Windows Server 2012 on Server1 fails to start.
You need to start the operating system on Server1 as soon as possible.
What should you do?
A. Start Server1 from the installation media. Run startrec.exe.
B. Move the disk to a server that has a model of the old motherboard.Start the server from the installation
media. Run bcdboot.exe.
C. Move the disk to a server that has a model of the old motherboard. Start the server. Run tpm.msc.
D. Start Server1 from the installation media. Perform a system image recovery.
Correct Answer: D
Section: (none)
Explanation
Encryption keys are lost. Nothing mentioned about password/keys recovery.
My point is that the only way is to restore the server from a backup.
http://social.technet.microsoft.com/Forums/windows/en-US/6b34b4da-b1e2-40388d6d192f973cadea/usingsystem-image-with-a-bitlocker-system-drive
QUESTION 16
You have a test server named Server1 that is configured to dual-boot between Windows Server 2008 R2 and
You start Server1 and you discover that the boot entry for Windows Server 2008 R2 no longer appears on the
boot menu.
You start Windows Server 2012 on Server1 and you discover the disk configurations shown in the following
table.
You need to restore the Windows Server 2008 R2 boot entry on Server1. What should you do?
A.
B.
C.
D.
Run bootrec.exe and specify the /scanos parameter.
Run bcdedit.exe and specify the /create store parameter.
Run bootcfg.exe and specify the /copy parameter.
Run bootrec.exe and specify the /rebuildbcd parameter.
Correct Answer: D
Section: (none)
Explanation
QUESTION 17
You have 3 server named LON-DC1 that runs Windows Server 2012. An iSCSI virtual disk named
VirtualiSCSIl.vhd exists on LON-DC1 as shown in the exhibit:
You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target.
VirtualiSCSIl.vhd is removed from LON-DC1. You need to assign VirtualiSCSI2.vhd a logical unit value of 0.
What should you do?
A.
B.
C.
D.
Modify the properties of the VirtualiSCSI2.vhd iSCSI virtual disk.
Run the Add-IscsiVirtualDiskTargetMapping cmdlet and specify the -Lun parameter.
Run the iscsicli command and specify the reportluns parameter.
Run the iscsicpl command and specify the virtualdisklun parameter.
Correct Answer: B
Section: (none)
Explanation
http://technet.microsoft.com/en-us/library/jj612800(v=wps.620).aspx
QUESTION 18
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain.
The forest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domain
controllers.
An IP site link exits between each site. You discover that the users in SiteC are authenticated by the domain
controllers in SiteA and SiteB.
You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the
domain controllers in SiteB are unavailable.
What should you do?
A.
B.
C.
D.
Create a site link bridge.
Create additional connection objects for DC3 and DC4.
Increase the cost of the site link between SiteA and SiteC.
Correct Answer: D
Section: (none)
Explanation
http://technet.microsoft.com/en-us/library/dd277430.aspx#XSLTsection126121120120
QUESTION 19
You have a file server named Server1 that runs Windows Server 2012. The folders on Server1 are configured
A new corporate policy states that backups must use Microsoft Online (Azure) Backup whenever possible.
You need to identify which technology you must use to back up Server1. The solution must use Microsoft
Online Backup whenever What should you identify?
To answer, drag the appropriate backup type to the correct location or locations. Each backup type may be
used once, more than once, or not at all.
Select and Place:
Correct Answer:
Section: (none)
Explanation
Windows Online backup cannot backup systemState.
The question is about Folders!
Windows NTFS compression (and deduplication) is per-volume only. Making long story short: when you move
compressed/deduped file away from parent volume it (file) will be re-hydrated (decompressed/deduped).
But is IS possible to backup the encrypted folders and the compressed folders with online backup, only the
stored data is not compressed anymore and also a restore will be decompressed an needs to be manually
compressed again. Dattebayo!
http://msdn.microsoft.com/en-us/library/jj573031.aspx
QUESTION 20
You have a server named File1 that runs Windows Server 2012. File1 has the File Server role service installed.
You plan to back up all shared folders by using Windows Azure Online Backup.
You download and install the Windows Azure Online Backup Service Agent on File1. You need to ensure that
you use Windows Server Backup to back up data to Windows Azure Online Backup.
What should you do?
A. From Computer Management, add the File1 computer account to the Backup Operators group
B. From the Services console, modify the Log On settings of the Windows Azure Online Backup Service
Agent.
C. From Windows Server Backup, run the Register Server Wizard.
D. From a command prompt, run wbadmin.exe enable backup.
Correct Answer: C
Section: (none)
Explanation
http://blogs.technet.com/b/windowsserver/archive/2012/03/28/microsoft-onlinebackupservice.
aspx
QUESTION 21
removed. You attempt to deploy AD RMS.
During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service
Connection Point (SCP) was found.
You need to remove the existing AD RMS SCP.
A.
B.
C.
D.
TPM Management
Services
Correct Answer: C
Section: (none)
Explanation
QUESTION 22
Your network contains an Active Directory domain named contoso.com. The domain contains a
main office and a branch office. An Active Directory site exists for each office. All domain
controllers run Windows Server 2012. The domain contains two domain controllers. The domain
controllers are configured as shown in the following table.
DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server
role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify
that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You
need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication.
A.
B.
C.
D.
Ntdsutil
Repadmin
Dnslint
Correct Answer: B
Section: (none)
Explanation
If you see question about AD Replication, First preference is AD sites and services, then
Repadmin.exe helps administrators diagnose Active Directory replication problems between domain controllers
running Microsoft Windows operating systems.
To use Repadmin.exe, you must run the ntdsutil command from an elevated command prompt. To open an
elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.
You can use Repadmin.exe to view the replication topology, as seen from the perspective of each domain
controller. In addition, you can use Repadmin.exe to manually create the replication topology, to force
replication events between domain controllers, and to view both the replication metadata and up-to-dateness
vectors (UTDVECs). You can also use Repadmin.exe to monitor the relative health of an Active Directory
Domain Services (AD DS) forest.
QUESTION 23
You have a server named Server1 that runs Windows Server 2012. Windows Server 2012 is
installed on volume C. You need to ensure that Safe Mode with Networking loads the next time
Server1 restarts. Which tool should you use?
A. The Msconfig command
B. The Restart-Server cmdlet
C. The Restart-Computer cmdlet
D. The Bootcfg command
Correct Answer: A
Section: (none)
Explanation
A. Use system config to configure boot options
B. Not a valid cmdlet
C. Restarts ("reboots") the operating system on local and remote computers. No boot options D.
modifies the Boot.ini file no option for safe mode/networking for win8/2012
http://technet.microsoft.com/en-us/library/hh849837.aspx http://support.microsoft.com/kb/317521
QUESTION 24
You have a file server named FS1 that runs Windows Server 2012. Data Deduplication is enabled on
FS1. You need to configure Data Deduplication to run at a normal priority from 20:00 to 06:00
daily. What should you configure?
A.
B.
C.
D.
File and Storage Services in Server Manager
The Data Deduplication process in Task Manager
Disk Management in Computer Management
The properties of drive C
Correct Answer: A
Section: (none)
Explanation
In Windows Server 2012, deduplication can be enabled locally or remotely by using Windows
PowerShell or Server Manager.
QUESTION 25
Your network contains an Active Directory domain named contoso.com. All client computers run
Windows 8 Enterprise. You have a remote site that only contains client computers. All of the
client computer accounts are located in an organizational unit (CU) named Remote1. A Group
Policy object (GPO) named GPO1 is linked to the Remote1 CU. You need to configure
BranchCache for the remote site. Which two settings should you configure in GPO1? To answer,
select the two appropriate settings in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 26
Your company has a main office and a branch office. An Active Directory site exists for each
office. The network contains an Active Directory forest named contoso.com. The contoso.com
domain contains three member servers named Server1, Server2, and Server3. All servers run
Windows Server 2012. In the main office, you configure Server1 as a file server that uses
BranchCache. In the branch office, you configure Server2 and Server3 as BranchCache hosted
cache servers. You are creating a Group Policy for the branch office site. In the branch office, you
need to configure the client computers that run Windows B to use Server2 and Server3 as
BranchCache.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 27
Your network contains two Active Directory forests named contoso.com and fabrikam.com. A twoway
forest trust exists between the forests. The contoso.com forest contains an enterprise
certification authority (CA) named CAl. You implement cross-forest certificate enrollment between
the contoso.com forest and the fabrikam.com forest. On CA1, you create a new certificate
template named Template1. You need to ensure that users in the fabrikam.com forest can
request certificates that are based on Template1. Which tool should you use?
A.
B.
C.
D.
E.
Sync-ADObject
Pkiview.msc
CertificateServices.ps1
Certutil
PKISync.ps1
Correct Answer: E
Section: (none)
Explanation
A. Replicates a single object between any two domain controllers that have partitions in common.
B. Monitoring and troubleshooting the health of all certification authorities (CAs) in a public key
infrastructure (PKI) are essential administrative tasks facilitated by the Enterprise PKI snap-in.
D. use Certutil.exe to dump and display certification authority (CA) configuration information,
configure Certificate Services, backup and restore CA components, and verify certificates, key pairs,
and certificate chains.
E. PKISync.ps1 copies objects in the source forest to the target forest
QUESTION 28
Your network contains an Active Directory domain named contoso.com. The domain contains an
enterprise certification authority (CA). The domain contains a server named Server1 that runs
Windows Server 2012. You install the Active Directory Federation Services server role on
Server1. You plan to configure Server1 as an Active Directory Federation Services (AD FS)
server. The Federation Service name will be set to adfs1.contoso.com. You need to identify which
type of certificate template you must use to request a certificate for AD FS.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 29
Your network contains an Active Directory domain named contoso.com. A previous administrator
implemented a Proof of Concept installation of Active Directory Rights Management Services (AD
RMS). After the proof of concept was complete, the Active Directory Rights Management
Services server role was removed. You attempt to deploy AD RMS. During the configuration of
AD RMS, you receive an error message indicating that an existing AD RMS Service Connection
Point (SCP) was found. You need to remove the existing AD RMS SCP.
A.
B.
C.
D.
ADSI Edit
Correct Answer: C
Section: (none)
Explanation
QUESTION 30
server named Server1 that runs Windows Server 2012. Server1 has the Active Directory
Certificate Services server role installed and is configured as an enterprise certification authority
(CA). You need to ensure that all of the users in the domain are issued a certificate that can be
used for the following purposes:
- Email security
- Client authentication
- Encrypting File System (EFS)
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
From a Group Policy, configure the Certificate Services Client ?Auto-Enrollment settings.
From a Group Policy, configure the Certificate Services Client ?Certificate Enrollment Policy settings.
Modify the properties of the User certificate template, and then publish the template.
Duplicate the User certificate template, and then publish the template.
E. From a Group Policy, configure the Automatic Certificate Request Settings settings.
Correct Answer: AD
Section: (none)
Explanation
The default user template supports all of the requirements EXCEPT auto enroll as shown below
However a duplicated template from users has the ability to autoenroll
The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.
QUESTION 31
Your network contains an Active Directory domain named contoso.com. The domain contains two
Active Directory sites named Site1 and Site2. You need to configure the replication between the
sites to occur by using change notification. Which attribute should you modify?
Point and Shoot:
Correct Answer:
Section: (none)
Explanation
QUESTION 32
main office and a branch office. An Active Directory site exists for each office. All domain
controllers run Windows Server 2012. The domain contains two domain controllers. The domain
DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server
role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify
that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You
need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication.
A.
B.
C.
D.
Dnslint
A DNS Manager
Dnscmd
Correct Answer: A
Section: (none)
Explanation
http://support.microsoft.com/kb/321045/
QUESTION 33
Your network contains an Active Directory forest named adatum.com. The forest contains a
single domain. The domain contains four servers. The servers are configured as shown in the
following table.
You need to update the schema to support a domain controller that will run Windows Server 2012.
On which server should you run adprep.exe?
A.
B.
C.
D.
Server1
DC3
DC2
DC1
Correct Answer: B
Section: (none)
Explanation
DC3 is the only server that could be assumed to be 64bit http://technet.microsoft.com/enus/
library/dd464018(v=ws.10).aspx#BKMK_WS2012
QUESTION 34
Your network contains an Active Directory domain named contoso.com. The domain contains
domain controllers that run either Windows Server 2003, Windows Server 2008 R2, or Windows
Server 2012. You plan to implement a new Active Directory forest. The new forest will be used for
testing and will be isolated from the production network. In the test network, you deploy a server
named Server1 that runs Windows Server 2012. You need to configure Server1 as a new domain
controller in a new forest named contoso.test. The solution must meet the following.
A.
B.
C.
D.
E.
F.
G.
H.
I.
J.
There is no need to set the Forest Functional Level.
Set Forest Functional Level to Windows 2003.
Set Forest Functional Level to Windows 2008
Set Forest Functional Level to Windows 2008 R2.
Set Forest Functional Level to Windows 2012
There is no need to set the Domain Functional Level.
Set Domain Functional Level to Windows 2003
Set Domain Functional Level to Windows 2008 R2
Correct Answer: BG
Section: (none)
Explanation
When you deploy AD DS, set the domain and forest functional levels to the highest value that
your environment can support. This way, you can use as many AD DS features as possible. For
example, if you are sure that you will never add domain controllers that run Windows Server 2003
to the domain or forest, select the Windows Server 2008 functional level during the deployment
process. However, if you might retain or add domain controllers that run Windows Server 2003,
select the Windows Server 2003 functional level. When you deploy a new forest, you are
prompted to set the forest functional level and then set the domain functional level. You cannot
set the domain functional level to a value that is lower than the forest functional level. Reference:
Understanding Active Directory Domain Services (AD DS) Functional Levels
REWORDED
Very smartly reworded that you need to configure server 1 as new DC in a new forest named
contoso.test and "also do name resolution". In the answer you will have to select Windows 2003
as domain and forest functional level and you should also check "Domain name system(DNS)
server....
This is not in any dumps
* When you deploy AD DS, set the domain and forest functional levels to the highest value that
your environment can support. This way, you can use as many AD DS features as possible. For
example, if you are sure that you will never add domain controllers that run Windows Server 2003
to the domain or forest, select the Windows Server 2008 functional level during the deployment
process. However, if you might retain or add domain controllers that run Windows Server 2003,
select the Windows Server 2003 functional level. When you deploy a new forest, you are prompted
to set the forest functional level and then set the domain functional level. You cannot set the domain
functional level to a value that is lower than the forest functional level.
http://technet.microsoft.com/en-us/library/understanding-active-directoryfunctionallevels(
v=ws.10).aspx
QUESTION 35
Your network contains an Active Directory domain named contoso.com. Domain controllers run
either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012. You have a
Password Settings object (PSOs) named PSO1. You need to view the settings of PSO1. Which
tool should you use?
A.
B.
C.
D.
Get-ADDomainControllerPasswordReplicationPolicy
Get-ADDefaultDomainPasswordPolicy
Server Manager
Get-ADFineGrainedPasswordPolicy
Correct Answer: D
Section: (none)
Explanation
Gets one or more Active Directory fine grained password policies.
http://technet.microsoft.com/en-us/library/ee617207.aspx
QUESTION 36
servers named Server1 and Server2. Both servers have the IP Address Management (IPAM)
Server feature installed. You have a support technician named Tech1. Tech1 is a member of the
IPAM Administrators group on Server1 and Server2. You need to ensure that Tech1 can use
Server Manager on Server1 to manage IPAM on Server2. To which group on Server2 should you
add Tech1? To answer, select the appropriate group in the answer area.
Point and Shoot:
Correct Answer:
Section: (none)
Explanation
http://www.microsoft.com/en-us/download/dlx/ThankYou.aspx?id=29012
Both WinRMRemoteWMIUsers_ and Remote Management Users have the exact same
description. As such, I tested connecting with server manager remotely with a non-administrative
account. I tried before adding to either group and got this error:
I then added to Remote Management Users and got this error:
Note that this is due to access to the event log only.
Next I removed from Remote Management Users and added to WinRMRemoteWMIUsers_ and
got this error:
The error is exactly the same and the explanation is due to event log. In summary, Either one of
these answers is correct, however since the document explicitly says use the
"WinRMRemoteWMIUsers_" group, then that's what we got to do.
QUESTION 37
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 38
servers named Server1 and Server2 Both servers have the IP Address Management (IPAM)
Server feature installed. You have a support technician named Tech1. Tech1 is a member of the
IPAM Administrators group on Server1 and Server2. You need to ensure that Tech1 can use
Server Manager on Server1 to manage IPAM on Server2. To which group on Server2 should you
add Tech1.
A.
B.
C.
D.
IPAM MSM Administrators
IPAM Administrators
winRMRemoteWMIUsers_
Remote Management Users
Correct Answer: C
Section: (none)
Explanation
A. IPAM MSM Administrators can't access remotely
B. IPAM Administrators can't access remotely
C. If you are accessing the IPAM server remotely using Server Manager IPAM client RSAT, then
you must be a member of the WinRMRemoteWMIUsers group on the IPAM server, in addition to
being a member of the appropriate IPAM security group (or local Administrators group).
http://msdn.microsoft.com/en-us/library/windows/desktop/aa384295(v=vs.85).aspx
http://www.microsoft.com/en-us/download/details.aspx?id=29012
QUESTION 39
Your network contains two Active Directory forests named contoso.com and adatum.com. Both
forests contain multiple domains. All domain controllers run Windows Server 2012. Contoso.com
has a one-way forest trust to adatum.com. A domain named paris.eu.contoso.com hosts several
legacy applications that use NTLM authentication. Users in a domain named
london.europe.adatum.com report that it takes a long time to be authenticated when they attempt
to access the legacy applications hosted in paris.eu.contoso.com. You need to reduce how long it
takes for the london.europe.adatum.com users to be authenticated in paris.eu.contoso.com. What
should you do?
A.
B.
C.
D.
Create a shortcut trust.
Create an external trust between the forest root domains.
Disable SID filtering on the existing trust.
Create an external trust.
Correct Answer: A
Section: (none)
Explanation
A. Shortcut trusts are one-way or two-way, transitive trusts that can be used when administrators
need to optimize the authentication process. Authentication requests must first travel a trust path
between domain trees, and in a complex forest this can take time, which can be reduced with
shortcut trusts.
B. Use external trusts to provide access to resources located on a Windows NT 4.0 domain or a
domain located in a separate forest that is not joined by a forest trust.
C. Filters users or SIDs from one domain
D. Use external trusts to provide access to resources located on a Windows NT 4.0 domain or a
domain located in a separate forest that is not joined by a forest trust
QUESTION 40
Your network contains an Active Directory domain named contoso.com. All servers run Windows
Server 2012. You are creating a central access rule named TestFinance that will be used to audit
members of the Authenticated Users group for access failure to shared folders in the finance
department. You need to ensure that access requests are unaffected when the rule is published.
What should you do?
A.
B.
C.
D.
Add a User condition to the current permissions entry for the Authenticated Users principal
Set the Permissions to Use the following permissions as proposed permissions.
Add a Resource condition to the current permissions entry for the Authenticated Users principal
Set the Permissions to Use following permissions as current permissions
Correct Answer: B
Section: (none)
Explanation
QUESTION 41
You have a server named Server1 that runs Windows Server 2012. Windows Server 2012 is
installed on volume C. You need to ensure that Safe Mode with Command Prompt loads the next
time Server1 restarts. Which tool should you use?
A.
B.
C.
D.
The Restart-Server cmdlet
The Bootcfg command
The Restart-Computer cmdlet
The Bcdedit command
Correct Answer: D
Section: (none)
Explanation
A. Restart-Server is not a CMDLET
B. modifies the Boot.ini file
C. Restarts computer
D. Boot Configuration Data (BCD) files provide a store that is used to describe boot applications
and boot application settings.
http://support.microsoft.com/kb/317521
library/cc731662(v=ws.10).aspx
You can see with msconfig tool that boot options have changed as follows:
NOTE: Alternate Shell may be used
(also see this in Q 23)
After reboot you should remove the safeboot option using bcdedit:
- bcdedit /deletevalue safeboot
QUESTION 42
You have a server named Server1 that runs a Server Core Installation of Windows Server 2012.
Shadows copies are enabled on all volumes. You need to delete a specific shadow copy. The
solution must minimize server downtime. Which tool should you use?
A.
B.
C.
D.
Vssadmin
Diskpart
Wbadmin
Shadow
Correct Answer: A
Section: (none)
Explanation
QUESTION 43
Your network contains two Web servers named Server1 and Server2. Server1 and Server2 are
nodes in a Network Load Balancing (NLB) cluster. You configure the nodes to use the port rule
shown in the exhibit.
You need to configure the NLB cluster to meet the following requirements:
- HTTPS connections must be directed to Server1 if Server1 is available.
- HTTP connections must be load balanced between the two nodes.
Which three actions should you perform? (Each correct answer presents part of the solution.
Choose three.)
A.
B.
C.
D.
E.
F.
From the host properties of Server1, set the Handling priority of the existing port rule to 2.
From the host properties of Server2, set the Priority (Unique host ID) value to 1.
Create a port rule for TCP port 80. Set the Filtering mode to Multiple host and set the Affinity to None.
Create an additional port rule for TCP port 443. Set the Filtering mode to Multiple host and set the Affinity
to Single.
Correct Answer: BDE
Section: (none)
Explanation
Handling priority: When Single host filtering mode is being used, this parameter specifies the local
host's priority for handling the networking traffic for the associated port rule. The host with the
highest handling priority (lowest numerical value) for this rule among the current members of the
cluster will handle all of the traffic for this rule. The allowed values range from 1, the highest priority,
to the maximum number of hosts allowed (32). This value must be unique for all hosts in the cluster.
E (not C): Lower priority (2) for Server 2.
D: HTTP is port 80.
Multiple hosts. This parameter specifies that multiple hosts in the cluster handle network traffic for
the associated port rule. This filtering mode provides scaled performance in addition to fault
tolerance by distributing the network load among multiple hosts. You can specify that the load be
equally distributed among the hosts or that each host handle a specified load weight. Reference:
Network Load Balancing parameters
QUESTION 44
Your network contains two Active Directory forests named contoso.com and litwareinc.com. A
two- way forest trusts exists between the forest. Selective authentication is enabled on the trust.
The contoso.com forest contains a server named Server1. You need to ensure that users in
litwareinc.com can access resources on Server1. What should you do?
A.
B.
C.
D.
Install Active Directory Rights Management Services on a domain controller in contoso.com.
Modify the permission on the Server1 computer account
Install Active Directory Rights Management Services on a domain controller in litwareinc.com.
Configure SID filtering on the trust.
Correct Answer: B
Section: (none)
Explanation
QUESTION 45
You add two additional nodes to Cluster1. You have a folder named Folder1 on Server1 that contains
application data.
You plan to provide continuously available access to Folder1. You need to ensure that all of the nodes in
Cluster1 can actively respond to the client requests for Folder1.
A.
B.
C.
D.
E.
F.
G.
H.
I.
J.
K.
L.
Affinity-None
Affinity-Single
The host priority
Live migration
The possible owner
The preferred owner
Quick migration
Correct Answer: L
Section: (none)
Explanation
Scale-Out File Server for application data (Scale-Out File Server) This clustered file server is
introduced in Windows Server 2012 and lets you store server application data, such as Hyper-V
virtual machine files, on file shares, and obtain a similar level of reliability, availability,
manageability, and high performance that you would expect from a storage area network. All file
shares are online on all nodes simultaneously. File shares associated with this type of clustered
file server are called scale-out file shares. This is sometimes referred to as active-active.
QUESTION 46
All servers run Windows Server 2012. Server1 and Server2 have the Network Load Balancing (NLB) feature
installed.
The servers are configured as nodes in an NLB cluster named Cluster1. Cluster1 hosts a secure web
application named WebApp1.
WebApp1 saves user state information locally on each node. You need to ensure that when users connect to
WebApp1, their session state is maintained.
A.
B.
C.
D.
E.
Affinity-None
Affinity-Single
F.
G.
H.
I.
J.
K.
L.
The host priority
Live migration
The possible owner
The preferred owner
Quick migration
Correct Answer: B
Section: (none)
Explanation
QUESTION 47
removed.
You attempt to deploy AD RMS. During the configuration of AD RMS, you receive an error message indicating
that an existing AD RMS Service Connection Point (SCP) was found.
You need to remove the existing AD RMS SCP.
A.
B.
C.
D.
E.
F.
G.
H.
ADSI Edit
Services
TPM Management
Correct Answer: AD
Section: (none)
Explanation
QUESTION 48
Your network contains an Active Directory forest. The forest contains two domains named
contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003. You
have a domain outside the forest named adatum.com. You need to configure an access solution
to meet the following requirements:
What should you create?
A.
B.
C.
D.
a one-way realm trust from contoso.com to adatum.com
a one-way realm trust from adatum.com to contoso.com
a one-way external trust from contoso.com to adatum.com
a one-way external trust from adatum.com to contoso.com
Correct Answer: C
Section: (none)
Explanation
Answer C (original stated A) why?
A:
http://technet.microsoft.com/nl-nl/library/cc816912(v=ws.10).aspx
A one-way, incoming realm trust allows users in your Windows Server 2008 domain or Windows Server 2003
domain (the domain that you are logged on to at the time that you run the New Trust Wizard) to access
resources in a Kerberos realm. For example, if you are the administrator of the sales.wingtiptoys.com domain
and users in that domain need access to resources in the PRODUCTS.TAILSPINTOYS.com Kerberos realm,
you can use this procedure to establish a relationship so that users in the sales.wingtiptoys.com domain have
access to resources in the Kerberos realm.
C:
When to create an external trust
You can create an external trust to form a one-way or two-way, nontransitive trust with domains outside of your
forest. External trusts are sometimes necessary when users need access to resources located in a Windows
NT 4.0 domain or in a domain located within a separate forest that is not joined by a forest trust, as shown in
the figure.
QUESTION 49
Your network contains an Active Directory domain named contoso.com. All file servers in the
domain run Windows Server 2012. The computer accounts of the file servers are in an
organizational unit (OU) named OU1. A Group Policy object (GPO) named GPO1 is linked to
OU1. You plan to modify the NTFS permissions for many folders on the file servers by using
central access policies. You need to identify any users who will be denied access to resources
that they can currently access once the new permissions are implemented. In which order should
you Perform the five actions?
Select and Place:
Correct Answer:
Section: (none)
Explanation
I hate steps like this because you can create a rule first and then the policy, or you can create the
policy and create the rule during the creation of the policy. Either way I'm going to go with
creating the policy first, and then the rule.
QUESTION 50
You have a file server named Server1 that runs Windows Server 2012. Data Deduplication is
enabled on drive D of Server1. You need to exclude D:\Folder1 from Data Deduplication. What
should you configure?
A.
B.
C.
D.
Disk Management in Computer Management
File and Storage Services in Server Manager
the classification rules in File Server Resource Manager (FSRM)
the properties of D:\Folder1
Correct Answer: B
Section: (none)
Explanation
B. Data deduplication exclusion on a Volume are set from File & Storage Services, Server Manager
or PowerShell
QUESTION 51
You manage an environment that has many servers. The servers run Windows Server 2012 and
use iSCSI storage. Administrators report that it is difficult to locate available iSCSI resources on
the network. You need to ensure that the administrators can locate iSCSI resources on the
network by using a central repository. Which feature should you deploy?
A.
B.
C.
D.
The iSCSI Target Server role service
The iSNS Server service feature
The Windows Standards-Based Storage Management feature
The iSCSI Target Storage Provider feature
Correct Answer: B
Section: (none)
Explanation
iSNS Server Overview
Applies To: Windows Server 2008 R2, Windows Server 2012
Internet iStorage Name Service Server
The Internet Storage Name Service (iSNS) protocol is used for interaction between iSNS servers and iSNS
clients. iSNS clients are computers, also known as initiators, that are attempting to discover storage devices,
also known as targets, on an Ethernet network. iSNS facilitates automated discovery, management, and
configuration of iSCSI and Fibre Channel devices (using iFCP gateways) on a TCP/IP network.
http://technet.microsoft.com/en-en/library/cc772568.aspx
QUESTION 52
Your network contains an Active Directory domain named contoso.com. The network contains a
file server named Server1 that runs Windows Server 2012. You create a folder named Folder1.
You share Folder1 as Share1. The NTFS permissions on Folder1 are shown in the Folder1 exhibit.
The Everyone group has the Full control Share permission to Folder1. You configure a central
access policy as shown in the Central Access Policy exhibit. (Click the Exhibit button.)
Members of the IT group report that they cannot modify the files in Folder1. You need to ensure
that the IT group members can modify the files in Folder1. The solution must use central access
policies to control the permissions. Which two actions should you perform? (Each correct answer
presents part of the solution. Choose two.)
A. On the Classification tab of Folder1, set the classification to Information Technology.
B. On the Security tab of Folder1, add a conditional expression to the existing permission entry for the IT
group.
C. On Share1, assign the Change Share permission to the IT group.
D. On the Security tab of Folder1, remove the permission entry for the IT group.
E. On the Security tab of Folder1, assign the Modify permission to the Authenticated Users group.
Correct Answer: AE
Section: (none)
Explanation
Central access policies for files enable organizations to centrally deploy and manage authorization
policies that include conditional expressions that use user groups, user claims, device claims, and
resource properties. (Claims are assertions about the attributes of the object with which they are
associated). For example, to access high-business-impact (HBI) data, a user must be a full-time
employee, obtain access from a managed device, and log on with a smart card. These policies are
defined and hosted in Active Directory Domain Services (AD DS). http://technet.microsoft.com/enus/
library/hh846167.aspx
QUESTION 53
You have a server named File1 that runs Windows Server 2012. Fuel has the File Server role
service installed. You plan to back up all shared folders by using Microsoft Online Backup. You
download and install the Microsoft Online Backup Service Agent on File1. You need to ensure
that you use Windows Server Backup to back up data to Microsoft Online Backup. What should
you do?
A.
B.
C.
D.
From
From
From
From
Computer Management, add the File1 computer account to the Backup Operators group.
Windows Server Backup, run the Register Server Wizard.
a command prompt, run wbadmin.exe enable backup.
the Services console, modify the Log On settings of the Microsoft Online Backup Service Agent.
Correct Answer: B
Section: (none)
Explanation
To register a server for use with Windows Azure Backup you must run the register server wizard
QUESTION 54
Your network contains an Active Directory domain named contoso.com. You are creating a
custom Windows Recovery Environment (Windows RE) image. You need to ensure that when a
server starts from the custom Windows RE image, a drive is mapped automatically to a network
share. What should you modify in the image?
A.
B.
C.
D.
startnet.cmd
Xsl-mApp1ngs.xml
Win.ini
smb.types.ps1xml
Correct Answer:
Section: (none)
Explanation
The best way to define what to start is using starnet.cmd http://technet.microsoft.com/enus/library/cc766521
(v=ws.10).aspx
QUESTION 55
You have a file server named Server1 that runs a Server Core Installation of Windows Server
2012. You need to ensure that users can access previous versions of files that are shared on
Server1 by using the Previous Versions tab. Which tool should you use?
A.
B.
C.
D.
Diskpart
Wbadmin
Vssadmin
Storrept
Correct Answer: C
Section: (none)
Explanation
To turn on Shadow Copies for a volume:
vssadmin add shadowstorage /for=c: /on=c: /maxsize=1gb
/for= which volume you want to enable Shadow Copies on
/on= which volume you want to store Shadow Copies on
/maxsize= this is how much space you are going to use for Shadow Copies (300MB min and KB, MB, GB, TB,
PB and EB can all be used)
To create a manual snapshot:
vssadmin create shadow /for=c:
To remove Shadow Copies for a volume:
vssadmin delete shadowstorage /for=c: /on=c:
If you need to schedule this type of event (and you really should) you will want to create a new task in Server
Core. To do so you must use the schtasks command. I’m by no means an expert in using that command but
below I have a sample command that I use to schedule a daily snapshot to occur at 13:30 every day.
schtasks /create /SC daily /TN Afternoon_Snapshot /TR “c:vssadmin create shadow /for=c” /ST 13:30
QUESTION 56
Your company has a main office and a branch office. The main office contains a file server
named Server1. Server1 has the BranchCache for Network Files role service installed. The
branch office contains a server named Server2. Server2 is configured as a BranchCache hosted
cache server. You need to preload the data from the file shares on Server1 to the cache on
Server2. You generate hashes for the file shares on Server1. Which cmdlet should you run next?
A.
B.
C.
D.
Add-BCDataCacheExtension
Set-BCCache
Publish-BCFileContent
Export-BCCachePackage
Correct Answer: D
Section: (none)
Explanation
Exports a cache package
http://technet.microsoft.com/enus/library/hh848413.aspx
QUESTION 57
a branch office.
An Active Directory site exists for each office. The domain contains two servers named Server1 and Server2
that run Windows Server 2012.
Both servers have the DHCP Server server role installed. Server1 is located in the main office site. Server2 is
located in the branch office site.
Server1 provides IPv4 addresses to the client computers in the main office site. Server2 provides IPv4
addresses to the client computers in the branch office site.
You need to ensure that if either Server1 or Server2 are offline, the client computers can still obtain IPv4
addresses.
The solution must meet the following requirements:
The storage location of the DHCP databases must not be a single point of failure.
Server1 must provide IPv4 addresses to the client computers in the branch office site only if Server2 is
offline.
Server2 must provide IPv4 addresses to the client computers in the main office site only if Server1 is offline.
A.
B.
C.
D.
load sharing mode failover partners
a failover cluster
hot standby mode failover partners
a Network Load Balancing (NLB) cluster
Correct Answer: C
Section: (none)
Explanation
Hot-Standby mode is more suited for multi-site deployment topologies. Each site would have a local DHCP
server which is configured to provide the DHCP service to the clients on the local network and DHCP server at
a remote site would be standby server. In a normal state of operation, computers and devices on a given site
receive IP addresses and other network configuration from the DHCP server located at the same site as the
clients. However, in the event of the local DHCP server being down, the DHCP server from the remote site
would provide the service to the clients.
QUESTION 58
Your company has a main office and a branch office. The main office is located in Detroit. The branch office is
located in Seattle.
The network contains an Active Directory domain named adatum.com. Client computers run either Windows 7
Enterprise or Windows 8 Enterprise.
The main office contains 1,000 client computers and 50 servers. The branch office contains 20 client
computers.
All computer accounts for the branch office are located in an organizational unit (OU) named
SeattleComputers.
A Group Policy object (GPO) named GPO1 is linked to the SeattleComputers OU.
You need to configure BranchCache for the branch office.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 59
You have a server named Server 1 that runs Windows Server 2012. Server1 has five network adapters.
Three of the network adapters are connected to a network named LAN1. The two other network adapters are
connected to a network named LAN2.
You create a network adapter team named Team1 from two of the adapters connected to LAN1.
You create a network adapter team named Team2 from the two adapters connected to LAN2.
A company policy states that all server IP addresses must be assigned by using a reserved address in DHCP.
You need to identify how many DHCP reservations you must create for Server1.
How many reservations should you identify?
A.
B.
C.
D.
2
3
5
7
Correct Answer: B
Section: (none)
Explanation
3 adapter on LAN 1
2 adapters on LAN 2
2 adapters on LAN 1 used in a team, so that's 3 - 2 leaving 1. 2 adapaters on LAN 2 used in a
team, so that's 2 - 2 leaving 0. 1 team on LAN 1 + 1 team on LAN 2 + remaining adapter on LAN
1 = 3.
QUESTION 60
Server1 has the IP Address Management (IPAM) Server feature installed. IPAM is configured currently for
Group Policy-based provisioning.
You need to change the IPAM provisioning method on Server1. What should you do?
A.
B.
C.
D.
Run the ipamgc.exe command.
Run the Set-IPAMConfiguration cmdlet.
Reinstall the IP Address Management (IPAM) Server feature.
Delete IPAM Group Policy objects (GPOs) from the domain.
Correct Answer: C
Section: (none)
Explanation
You cannot change the provisioning method after completing the initial setup!
Exam C
QUESTION 1
you are employee as a network administrator at abc.com. ABC.com has an active directory domain named
ABC.com
All servers on the abc.com network have windows server 2012 installed and all workstations have windows 8
enterprise installed.
ABC.com has established a remote Active directory site that only host workstations.
The Computer accounts for these workstations have been placed in an organizational unit (OU),named
ABCADRemote,which has a group policy object(GPO)
associated with it. You are in the process of configuration Branchcahce for the remote Active directory site.
You have Already turned Branchcache on. Which of the following actions should you take next?
A.
B.
C.
D.
You Should consider having the set Branchcache HostedServer Cache mode setting configured
You Should consider having the set Branchcache Hostedclient Cache mode settting configured
You Should consider having the set Branchcache distributed cache mode setting configured
You should consider having the set BranchCache disabled cache mode settings configured
Correct Answer: C
Section: (none)
Explanation
QUESTION 2
You are employed as a network administrator at ABC.com. ABC.com has an active directory domain named
ABC.com.
ALL servers on the ABC.com network have windows server 2012. ABC.com has a server,named server 1,
which runs the windows deployment services server role.
You make use of windows server backup to back up server 1. Subsequent to a disk array on server 1 becoming
corrupt,you swap the disk array with new hardware.
You now need to recover server1 in the shortest time conceivable.
Which of the following actions should you take?
A.
B.
C.
D.
you should consider making use of the windows server 2012 installation media to start server1
you should consider restoring server1 from a snapshot backup
you should consider restoring server 1 from an incremental backup
you should consider restoring server 1 from a differential backup
Correct Answer: A
Section: (none)
Explanation
QUESTION 3
You are employed as a senior network administrator at ABC.com. ABC.com has an active directory domain
named ABC.com. all servers on the abc.com network windows server2012 installed.
You are currently running a training exercise for junior network administrators.
You are discussing the PKISync.ps1 tool.
Which of the following is true with regards to The PKISync.ps1?
A. it adds a certificate template to the CA
B. it asssists administrators in diagnosing replication problems between windows domain controllers
C. it is used to display information about the digital certificates that are installed on a directAccess client,
DirectAcces server,or intranet resource
D. it copies objects in the source forest to the target forest
Correct Answer: D
Section: (none)
Explanation
PKISync.ps1 copies objects in the source forest to the target forest.
In cross-forest AD CS deployments, use PKISync.ps1 during initial deployment and to keep resource and
account forest PKI objects synchronized.
QUESTION 4
You are employed as a network administrator ABC.com.
ABC.com has an active directory domain named ABC.com. All servers on the ABC.com network have windows
server 2012 installed.
ABC.com has a server named server1 which is configured as a DHCP server.
You have created a superscope on server1.
Which of the following describes reason for creating a superscope?(choose all that apply.)
A.
B.
C.
D.
To support DHCP clients on a single physical network segment where multiple logical ip networks are used.
To allow for the sending of network traffic to a group of endpoints destination hosts.
To support remote DHCP clients located on the far side of DHCP and BOOTP relay agents.
To provide fault tolerance
Correct Answer: AC
Section: (none)
Explanation
QUESTION 5
You are employed as a network administrator at ABC.com. ABC.com has an active directory domain named
ABC.com all servers including domain controllers on the ABC.com network have windows server 2012
installed.
ABC.com has its headquarters in London and an office in paris. The London Office has a domain controller
named server1,which is configured as a writeable domain controller that servers as a Global catalog server and
a DNS server.
Server1 is configured to host an Active Directory-integrated zone for ABC.com
The Paris office has a Read-Only domain controller (RODC) named server2 which servers as a
Global catalog server. After installing the DNS server role on server2, you want to make sure that the ABC.com
zone is replicated to server2 via active directory replication.
A.
B.
C.
D.
You should consider making use of Active Directory Sites and Services to Configured replication
You should consider making use of replmon.exe to configure replication
You should consider making use of repadmin.exe to configure replication
You should consider making use of Active Directory Schema To configure replication
Correct Answer: A
Section: (none)
Explanation
QUESTION 6
You are employed as a network administrator at ABC.com. ABC.com has an Active Directory domain named.
Abc.com all servers on the ABC.com network have windows server 2012.
You are running a training exercise for junior network administrators.
You are currently discussing DHCP failover architecture.
You have informed the trainees that DHCP servers can be deployed as fail over partners in either
hot standby mode or load sharing mode.
Which of the following is TRUE with regards to hot standby mode? (Choose all that apply)
A. It is when two servers function in a fail over relationship where an active server is responsible for
leasing IP address and configuration data to all clients in a scope or subnet
B. It when two servers in a fail over relationship server IP addresses and options to clients on a given
subnet at the same time
C. It is best suited to deployments where a data center server acts as a standby backup server to a
server at a remote site
D. It is best suited deployments where both servers in a fail over relationship are located at the same
physical site
Correct Answer: AC
Section: (none)
Explanation
http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failove r-hot-standby-mode.aspx
QUESTION 7
You are emloyed as a network administrator at ABC.com Abc.com has an Active directory domain named
ABC.com all servers on the ABC.com network have windows server 2012.
The ABC.com domain has two Active Directory sites configured.
You want to make use of change notification configure replication between these Active Directory Sites.
You have opened DEFAULTIPSITELINK Properties to configure the necessary attribute.
Which of the following is the attribute that needs to be configured?
A.
B.
C.
D.
The revisiobn attribute
The Options attribute
The schedule attribute
The proxyAddresses attribute
Correct Answer: B
Section: (none)
Explanation
QUESTION 8
You are employed as a network administrator at ABC.com.
ABC.com has an Active Directory domain named ABC.com all servers on the ABC.com network have Windows
server 2012 installed.
ABC.com has a server named SERVER1 which has been configured to run the HYPER-V server role Server1
is configures to host multiple vitrual mahines.
When ABC.com acquires a server with a better hardware configuration to SERVER1 you are instructed to
relocate the vitrual machines to the new server with as little interruptions as possible.
Which of the following actions should you take ? (Choose all that apply.)
A.
B.
C.
D.
You should consider exporting the vitrual machines from Server1.
You should consider running a snapshot backup of the SERVER1.
You should consider importing the vitrual machine from Server1 to the new server.
You shoul consider restoring the snapshot backup on the hard drives of the new server.
Correct Answer: AC
Section: (none)
Explanation
QUESTION 9
You are employed as a network administrator at consoto.com. Contoso.com has in an Active Directory domain
named contoso.com.
All Servers on the contoso.com network have windows server 2012 installed.
A contoso.com server ,named Server1,hosts the Active Directory Certificate Services Server role and utilizes a
hardware security module(HSM) to safeguard its private key.
You have beed instructed to backup the Active Directory Certificate Services (ADCS) database,log files,and
private key regularly.
You should not use a utility supplied by the hardware security module (HSM) creator.
A.
B.
C.
D.
You should consider scheduling an incremental backup
You Should consider making use of the certutil.exe command.
You should consider schedulling a differential backup
You should consider schedulling a copy backup
Correct Answer: B
Section: (none)
Explanation
-Backup, -backupdb, -backupKey: You can use Certutil.exe to dump and display certification authority (CA)
configuration information, configure Certificate Services, backup and restore CA
components, and verify certificates, key pairs, and certificate chains.
QUESTION 10
You are employed as a senior network administrator at contoso.com contoso.com has an active directory
domain named contoso.com.
All servers on the contoso.com network have windows server 2012 installed.
You are currently running at training exercise for junior network administrators.
You are discussing the DNSSEC NRPT rule properly.
Which of the following describes the purpose of this rule property?
A.
B.
C.
D.
It is used to indicate the namespace to which the policy applies.
It is used to indicate whether the DNS client should check for DNSSEC validation in the response
It is used to indicate DNSSEC must be used to protect DNS traffic for queries belonging to the namespace
It is used to whether DNS connections over DNSSEC will use encryption
Correct Answer: B
Section: (none)
Explanation
The DNS client's behavior is controlled by a policy(GPO) that determines whether the client
should check for validation results for names within a given namespace.
QUESTION 11
You are employed as a network administrator at contoso.com . Contoso.com has an active directory
domain named contoso.com All servers on the contoso.com network have windows server 2012 installed.
Contoso.com has a server named server1,which is configured as a file server.
You have been instructed to enabled a feature that discovers and eradicates duplication within data without
compromising its reliability or accuracy.
A.
B.
C.
D.
You should consider having the Data Deduplication feature enabled.
You should consider having the Storage Spaces feature enabled.
You should consider having the Storage Management feature enabled
You should consider having the folder redirection feature enabled
Correct Answer: A
Section: (none)
Explanation
Data deduplication involves finding and removing duplication within data without compromising
its fidelity or integrity
QUESTION 12
You are employed as a network administrator at contoso.com. contoso.com has a single Active Directory
domain named contoso.com.
All servers on the Contoso.com network have Windows server 2012 installed.
Contoso.com has two servers,named server1 and server2 which are configured in a two-node failover cluster.
You are currently configuration the quorum settings for the cluster.
You want to make use of a quorum mode that allows each node to vote if it is available and in communication.
Which of the following is the mode you should use?
A.
B.
C.
D.
Node Majority
Node and Disk Majority
Node and File Share Majority
No Majority:Disk Only
Correct Answer: A
Section: (none)
Explanation
QUESTION 13
You are employed as a network administrator at contoso.com. Contoso.com has a single Active
Directory domain named contoso.com. All servers on the contoso.com network have windows server 2012
installed.
You are preparing to install a third-party application on a contoso.com server,named SERVER1.
You find that the application is unable to install completely due to its driver not being digitally signed.
You want to make sure that the application can be installed succesfully.
Which of the following actions should you take_?
A. You should consider downloading a signed driver
B. You should consider having SERVER1 is restored to an earlier date
C. You should consider making use of the Disable Driver Signature Enforcement option from the
Advanced Boot Option
D. You should consider restarting SERVER1 in safe Mode
Correct Answer: C
Section: (none)
Explanation
C
Remember the question about he self written driver by the developer? this one is different cause this time the
user isn't allowed to install the driver BEFORE the reboot.
So the Disable Driver Signature Enforcement option is not yet enabled.
QUESTION 14
You are employed as a senior network administrator at contoso.com. Contoso.com has a single
Active Directory Domain named contoso.com. All servers on the contoso.com network have windows server
2012 installed.
You are running a training exercise for junior network administrator.
You are currently discussing the Dnslint.exe tool.
Which of the following should this tool be used for ? (Choose all that apply)
A.
B.
C.
D.
E.
F.
To help diagnose common DNS name resolution issues
For developing scripts for configuring a DNS server
To administer the DNS server Service.
To look for specific DNS record set and sure that they are consistent across multiple DNS servers.
To verify that DNS records used specifially for Active Directory replication are correct
To Create and delete zones and resource records.
Correct Answer: ADE
Section: (none)
Explanation
QUESTION 15
You work as an administrator at contoso.com. Contoso.com network consists of a single domain named
contoso.com.
All servers on the contoso.com network have Windows server 2012 installed.
Contoso.com has a server,named SERVER1,which has the AD DS,DHCP and DNS server roles
installed.Contoso.com also has a server named SERVER2,which has the DHCP and Remote Access Server
Role installed.
You have configured a server,which has the File and Storage Services
Server role installed.to automatically acquire an IP address.The server is named Server3
You then create a filter on SERVER1 Which of the following is a reason for this configuration?
A.
B.
C.
D.
To make sure that SERVER1 issues Server3 an IP address
To make sure that SERVER1 does not issue SERVER3 an IP address
To make sure that SERVER3 acquires a constant IP address from SERVER2 only
To make sure that SERVER3 is configured with a static IP address
Correct Answer: B
Section: (none)
Explanation
Deny Filter would not allow SERVER1 to issue SERVER3 an IP
QUESTION 16
You are employed as a network administrator at ABC.com. ABC.com has an Active Directory domain named
ABC.com.
All servers on the ABC.com network have Windows server 2012 installed.
You have been instructed to configure a custom Windows Recovery Environmen(Windows RE) image that
should allow for a drive is mapped automatically to a network share in the event that a server is started using
the image
A.
B.
C.
D.
You should consider configuring the startnet.cmd in the image
You should consider configuring the startup.exe command included in the image.
You should consider configuring the ntdsutil command included in the image
You should consider configuring the certutil.exe command included in the image
Correct Answer: A
Section: (none)
Explanation
QUESTION 17
You are employed as a senior network administrator at ABC.com. ABC.com has an Active Directory domain
named ABC.com.
All servers on the ABC.com network have windows server 2012 installed.
You are currently running a training exercise for junior network administrators.You are discussing the endpoint
types supported by Active Directory Federation Services(AD FS) Which of the following are supported types?
(Choose all that apply)
A.
B.
C.
D.
E.
SAML WebSSO
Anonymous
WS-Federation Passive
Client Certicate
WS-Trust
Correct Answer: ACE
Section: (none)
Explanation
http://technet.microsoft.com/en-us/library/adfs2-help-endpoints(v=ws.10).aspx
QUESTION 18
named ABC.com. All servers on the ABC.com network have windows server 2012 installed
The ABC.com domain has an Active Directory site configured in London,and an Active Directory site in New
york.
You have been instructed to make sure that the synchronization of account lockout data happens quicker.
A.
B.
C.
D.
You should consider editing the options attribute from WANLINK properties
You should consider editing the options attribute from LANLIK properties
You should consider editing the options attribute from the DEFAULTSITELINK properties
You should consider editing the proxyAddressess attribute from the DEFAULTIPSITELINK properties
Correct Answer: C
Section: (none)
Explanation
QUESTION 19
named ABC.com. All servers on the ABC.com network have windows server 2012 installed.
ABC.com has two servers,named SERVER1 and SERVER2 which are configured in a two-node failover
cluster. Server1 includes a folder,named ABCAppData,which is configured as a Distributed File System (DFS)
name space folder target.
After configuring another two nodes in the failover cluster, you are instructed to make sure that access to ABC
AppData is highly available.
You also have to make sure that application data is replicated to ABCAppData via DFS replication.
Which following actions should you take ?
A.
B.
C.
D.
You should consider configuring a scale-out File Server
You should consider configuring the replication settings for the cluster
You should consider configuring a file server for general use
You should consider configuring the Quorum settings
Correct Answer: A
Section: (none)
Explanation
QUESTION 20
Server1 that runs Windows Server 2012 and has the DHCP Server server role installed.
You need to create an IPv6 scope on Server1. The scope must use an address space that is reserved for
private networks. The addresses must be routable.
Which IPV6 scope prefix should you use?
A.
B.
C.
D.
FF00::
2001::
FD00:123:4567::
FE80::
Correct Answer: C
Section: (none)
Explanation
Prefixes in the fd00::/8 range have similar properties as those of the IPv4 private address ranges:
* They are not allocated by an address registry and may be used in networks by anyone without
outside involvement.
* They are not guaranteed to be globally unique.
* Reverse Domain Name System (DNS) entries (under ip6.arpa) for fd00::/8 ULAs cannot be
delegated in the global DNS.
As fd00::/8 ULAs are not meant to be routed outside their administrative domain (site or
organization), administrators of interconnecting networks normally do not need to worry about the
uniqueness of ULA prefixes.
QUESTION 21
Your network contains an Active Directory forest named contoso.com. The forest contains a single
domain. The domain contains three domain controllers. The domain controllers are configured as
shown in the following table
You discover that when you run Group Policy Results from Group Policy Management, the settings
from site-linked Group Policy objects (GPOs) fail to appear in the results. You need to ensure that
the settings from site-linked GPOs appear in the results. What should you do first?
A.
B.
C.
D.
Run adprep on DC3 by using Windows Server 2012 installation media.
Transfer the infrastructure master role to DC3.
Upgrade DC2 to Windows Server 2012.
Run adprep on DC1 by using Windows Server 2003 installation media.
Correct Answer: A
Section: (none)
Explanation
In this scenario a Windows 2012 server has been added to a Windows 2003 network.
Note:
* Before adding your new Windows 2012 Domain Controller, or attempting to perform an inplace
upgrade of an existing Windows 2008 or 2008 R2 DC, you must make sure that the Schema is
upgraded to support your new Windows 2012 DC, and that you prepare each domain where you
plan to install Windows 2012 DCs. To do this we can use the ADPREP.exe tool found in the
support\adprep folder on your installation media.
* Starting with Windows 2012 there is only one version of ADPREP available, and that is a 64-bit
version.
* Adprep is the utility--included in the OS installation media--that performs several crucial functions
to upgrade AD to support that OS. The utility has three major options: /forestprep, /domainprep,
and /rodcprep. The /forestprep option runs first, extending the AD schema with new object and
attribute classes that the new AD version needs. The /domainprep option creates new well-known
objects in AD, App1ies security changes, and miscellaneous other bits. Finally, /rodcprep makes
forest-wide security changes to allow read-only domain controller (RODC) functionality. The
Windows Server 2012 version of adprep.exe can run on any server that runs a 64- bit version of
Windows Server 2008 or later. Reference: How to add a Windows Server 2012 domain controller
to an existing Windows 2008 domain
http://www.ipuptime.net/Multicast.aspx
http://technet.microsoft.com/en-us/library/gg144561(v=exchg.141).aspx
http://en.wikipedia.org/wiki/Unique_local_address
QUESTION 22
Server1 that runs Windows Server 2012 and has the DNS Server server role installed.
Server1 is configured to use a DNS server from an Internet Service Provider (ISP) as a forwarder.
Corporate management requires that client computers only resolve names of contoso.com computers.
You need to configure Server1 to resolve names in the contoso.com zone only.
What should you do on Server1?
A. From DNS Manager, modify the root hints of Server1.
B. From Windows PowerShell, run the Remove-DnsServerForwarder cmdlet.
C. From Windows PowerShell, run the Set-NetDnsTransitionConfiguration cmdlet.
D. From DNS Manager, modify the Advanced properties of Server1
Correct Answer: A
Section: (none)
Explanation
If the DNS server does not know the address of the requested site, then it will forward the request
to another DNS server. In order to do so, the DNS server must know of the IP address of another
DNS server that it can forward the request to. This is the job of root hints. Root hints provides a list
of IP addresses of DNS servers that are considered to be authoritative at the root level of the DNS
hierarchy(also known as root name server).
QUESTION 23
You have a server named Server1 that runs Windows Server 2012. Each day, Server1 is backed
up fully to an external disk. On Server1, the disk that contains the operating system fails. You
replace the failed disk. You need to perform a bare-metal recovery of Server1 by using the Windows
Recovery Environment (Windows RE). What should you use?
A.
B.
C.
D.
The Wbadmin.exe command
The Repair-bde.exe command
The Get-WBBareMetalRecovery cmdlet
The Start-WBVolumeRecovery cmdlet
Correct Answer: A
Section: (none)
Explanation
Enables you to back up and restore your operating system, volumes, files, folders, and applications from a
command prompt.
QUESTION 24
You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012.
Server1 has a volume named D that contains user data. Server1 has a volume named E that is empty.
Server1 is configured to create a shadow copy of volume D every hour. You need to configure the shadow
copies of volume D to be stored on volume E. What should you run?
A.
B.
C.
D.
The Set-Volume cmdlet with the -driveletter parameter
The Set-Volume cmdlet with the -path parameter
The vssadmin.exe add shadowstorage command
The vssadmin.exe create shadow command
Correct Answer: D
Section: (none)
Explanation
Displays current volume shadow copy backups and all installed shadow copy writers and providers. To view the
command syntax for any of the commands in the following table, click the command name.
QUESTION 25
Your network contains an Active Directory forest named contoso.com. All servers run Windows
Server 2012.
The domain contains four servers.
You need to deploy IP Address Management (IPAM) to manage DNS and DHCP. On which server
should you install IPAM?
A.
B.
C.
D.
DC1
DC2
DC3
Server1
Correct Answer: D
Section: (none)
Explanation
You cannot install IPAM on a Domain Controller.
QUESTION 26
You have a server named Server1 that runs Windows Server 2012.
Server1 is backed up by using Windows Server Backup. The backup configuration is shown in the
exhibit.
You discover that only the last copy of the backup is maintained. You need to ensure that multiple
backup copies are maintained. What should you do?
A.
B.
C.
D.
Modify the backup destination.
Configure the Optimize Backup Performance settings.
Modify the Volume Shadow Copy Service (VSS) settings.
Modify the backup times.
Correct Answer: A
Section: (none)
Explanation
The destination in the exhibit shows a network share is used. If a network share is being used
only the latest copy will be saved
http://windows.microsoft.com/en-us/windows7/where-should-i-save-my-backup
QUESTION 27
You have a server named Server1 that runs Windows Server 2012. Server1 is located in the
perimeter network and has the DNS Server server role installed. Server1 has a zone named
contoso.com. You apply a security template to Server1. After you apply the template, users report
that they can no longer resolve names from contoso.com. On Server1, you open DNS Manager as
shown in the DNS exhibit. (Click the Exhibit button.)
On Server1, you open Windows Firewall with Advanced Security as shown in the Firewall exhibit.
(Click the Exhibit button.)
You need to ensure that users can resolve contoso.com names. What should you do?
A. From Windows Firewall with Advanced Security, disable the DNS (TCP, Incoming) rule and the
DNS (UDP, Incoming) rule.
B. From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.
C. From DNS Manager, unsign the contoso.com zone.
D. From DNS Manager, modify the Start of Authority (SOA) of the contoso.com zone.
E. From Windows Firewall with Advanced Security, modify the profiles of the DNS (TCP, Incoming) rule
and the DNS (UDP, Incoming) rule.
Correct Answer: E
Section: (none)
Explanation
QUESTION 28
Your network contains an Active Directory domain named corp.contoso.com. You deploy Active Directory
Rights Management Services (AD RMS).
You have a rights policy template named Template1.
Revocation is disabled for the template. A user named User1 can open content that is protected by Template1
while the user is connected to the corporate network.
When User1 is disconnected from the corporate network, the user cannot open the protected content even if
the user previously opened the content.
You need to ensure that the content protected by Template1 can be opened by users who are disconnected
from the corporate network.
What should you modify?
A.
B.
C.
D.
The User Rights settings of Template1
The templates file location of the AD RMS cluster
The Extended Policy settings of Template1
The exclusion policies of the AD RMS cluster
Correct Answer: C
Section: (none)
Explanation
You can add trust policies so that AD RMS can process licensing requests for content that was
rights protected
QUESTION 29
Your company recently deployed a new Active Directory forest named contoso.com. The forest contains two
Active Directory sites named Site1 and Site2. The first domain controller in the forest runs Windows Server
2012.
You need to force the replication of the SYSVOL folder from Site1 to Site2.
A.
B.
C.
D.
DFS Management
Repadmin
Dfsrdiag
Correct Answer: D
Section: (none)
Explanation
In Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008, you can force
replication immediately by using DFS Management, as described in Edit Replication Schedules.
You can also force replication by using the Dfsrdiag SyncNow command. You can force polling by
using the Dfsrdiag PollAD command.
http://technet.microsoft.com/en-us/library/cc773238(v=ws.10).aspx#BKMK_072
QUESTION 30
You have 30 servers that run Windows Server 2012. All of the servers are backed up daily by using
Windows Azure Online Backup. You need to perform an immediate backup of all the servers to
Windows Azure Online Backup. Which Windows PowerShell cmdlets should you run on each
server?
A.
B.
C.
D.
Get-OBPolicy | StartOBBackup
Start-OBRegistration | StartOBBackup
Get-WBPolicy | Start-WBBackup
Get-WBBackupTarget | Start-WBBackup
Correct Answer: A
Section: (none)
Explanation
starts a backup job using a policy
QUESTION 31
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012. The domain contains two domain controllers. The domain controllers are
configured as shown in the following table.
The Branch site contains a member server named Server1 that runs Windows Server 2012.
You need to identify which domain controller authenticated the computer account of Server1. What
should you do?
A.
B.
C.
D.
Verify the value of the %LOGONSERVER% environment variable.
Run nltest /sc_query.
Verify the value of the %SESSIONNAME% environment variable.
Run nltest /dsgetsite.
Correct Answer: A
Section: (none)
Explanation
%LOGONSERVER% is the domain controller that authenticated the current user. B. Reports on
the state of the secure channel the last time that you used it. (The secure channel is the one that
the NetLogon service established.) This parameter lists the name of the domain controller that you
queried on the secure channel, also.
QUESTION 32
Server1 is a file server that has the Hyper-V server role installed. Server1 hosts several virtual machines.
The virtual machine configuration files are stored on drive D and the VHD files are stored on drive E.
You plan to replace drive E with a larger volume. You need to ensure that the virtual machines on Server1
remain available while drive E is being replaced. What should you do?
A.
B.
C.
D.
Add Server1 and Server2 as nodes in a failover cluster.
Correct Answer: D
Section: (none)
Explanation
Hyper-V in Windows Server 2012 introduces support for moving virtual machine storage without
downtime by making it possible to move the storage while the virtual machine remains running.
QUESTION 33
Your network contains an Active Directory domain named contoso.com. The domain contains a file
server named File1 that runs a Server Core Installation of Windows Server 2012. File1 has a
volume named D that contains home folders. File1 creates a shadow copy of volume D twice a day.
You discover that volume D is almost full. You add a new volume named H to File1. You need to
ensure that the shadow copies of volume D are stored on volume H. Which command should you
run?
A.
B.
C.
D.
The Set-Volume cmdlet with the -driveletter parameter
The vssadmin.exe create shadow command
The Set-Volume cmdlet with the -path parameter
The vssadmin.exe add shadowstorage command
Correct Answer: D
Section: (none)
Explanation
Displays current volume shadow copy backups and all installed shadow copy writers and
providers.
AddShadowStroage Adds a shadow copy storage association for a specified volume.
QUESTION 34
Your network contains a perimeter network and an internal network. The internal network contains an Active
Directory Federation Services (AD FS) 2.1 infrastructure.
The infrastructure uses Active Directory as the attribute store. You plan to deploy a federation server proxy to a
server named Server2 in the perimeter network.
You need to identify which value must be included in the certificate that is deployed to Server2.
What should you identify?
A.
B.
C.
D.
The FQDN of the AD FS server
The name of the Federation Service
The name of the Active Directory domain
The public IP address of Server2
Correct Answer: A
Section: (none)
Explanation
It must contain the FQDN
QUESTION 35
You have a server named Server1 that runs Windows Server 2012. Server1 has the File Server
Resource Manager role service installed.
You are creating a file management task as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that the Include all folders that store the following kinds of data list displays an
entry named Corporate Data.
What should you do?
A.
B.
C.
D.
Modify the properties of the System Files file group
Create a new classification property.
Create a new file group.
Modify the Folder Usage classification property.
Correct Answer: B
Section: (none)
Explanation
Classification properties are used to assign values to files. http://technet.microsoft.com/enus/
library/dd758765(v=WS.10).aspx
QUESTION 36
Your network contains an Active Directory forest named adatum.com. The forest contains an Active Directory
Rights Management Services (AD RMS) cluster.
A partner company has an Active Directory forest named litwareinc.com. The partner company does not have
AD RMS deployed.
You need to ensure that users in litwareinc.com can consume rights-protected content from adatum.com.
Which type of trust policy should you create?
A.
B.
C.
D.
At federated trust
A trusted user domain
A trusted publishing domain
Windows Live ID
Correct Answer: A
Section: (none)
Explanation
In AD RMS rights can be assigned to users who have a federated trust with Active Directory
Federation Services (AD FS). This enables an organization to share access to rights-protected
content with another organization without having to establish a separate Active Directory trust or
Active Directory Rights Management Services (AD RMS) infrastructure.
http://technet.microsoft.com/en-us/library/dd772651(v=WS.10).aspx
http://technet.microsoft.com/en-us/library/cc738707(v=WS.10).aspx
QUESTION 37
The Branch site contains a perimeter network.
For security reasons, client computers in the perimeter network can communicate with client
computers in the Branch site only. You plan to deploy a new RODC to the perimeter network in the
Branch site. You need to ensure that the new RODC will be able to replicate from DC10. What
should you do first on DC10?
A. Run the Add-ADDSReadOnlyDomainControllerAccount cmdlet.
B. Create an Active Directory site.
C. Run the Active Directory Domain Services Configuration Wizard.
D. Create an Active Directory subnet.
Correct Answer: A
Section: (none)
Explanation
Add-ADDSReadOnlyDomainControllerAccount Creates a read-only domain controller (RODC)
account that can be used to install an RODC in Active Directory.
Note:
* Notes
Once you have added the RODC account, you can add an RODC to a server computer by using
the Install-ADDSDomainController cmdlet with the -ReadOnlyReplica switch parameter.
* Example
Adds a new read-only domain controller (RODC) account to the corp.contoso.com domain using
the North America site as the source site for the replication source domain controller.
C:\PS>Add-ADDSReadOnlyDomainControllerAccount -DomainControllerAccountName RODC1 DomainName corp.contoso.com -SiteName NorthAmerica Incorrect:
Not B: There already is a branch site.
Reference: Add-ADDSReadOnlyDomainControllerAccount
QUESTION 38
configured as shown in the following table
You configure a user named User1 as a delegated administrator of DC10.
You need to ensure that User1 can log on to DC10 if the network link between the Main site and
the Branch site fails.
What should you do?
A.
B.
C.
D.
Add User1 to the Domain Admins group.
Modify the properties of the DC10 computer account.
Run repadmin and specify /replsingleobject parameter
On DC10, modify the User Rights Assignment in Local Policies
Correct Answer: D
Section: (none)
Explanation
Modify the following policy:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights
Assignment\Allow log on locally
Note:
* User Rights Assignment policies determines which users or groups have logon rights or privileges
on the computer.
* Delegated administrator accounts gain local administrative permissions to the RODC. These
users can operate with privileges equivalent to the local computer's Administrators group. They are
not members of the Domain Admins or the domain built-in Administrators groups. This option is
useful for delegating branch office administration without giving out domain administrative
permissions. Configuring delegation of administration is not required.
QUESTION 39
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The
forest functional level is Windows Server 2012.
You have a domain controller named DC1. On DC1, you create a new Group Policy object (GPO) named
GPO1.
You need to verify that GPO1 was replicated to all of the domain controllers.
A.
B.
C.
D.
Group Policy Management
DFS Management
Correct Answer: A
Section: (none)
Explanation
The GPMC domain status tab (added in Windows Server 2012) displays individual pieces of information that
indicate the health of the Group Policy infrastructure with regards to domain controllers, GPO replication, and
GPO versioning. This Group Policy infrastructure health status can help you find inconsistencies and anticipate
issues.
QUESTION 40
Your network contains two DNS servers named DNS1 and DNS2 that run Windows Server 2012.
DNS1 has a primary zone named contoso.com. DNS2 has a secondary copy of the contoso.com zone.
You need to log the zone transfer packets sent between DNS1 and DNS2. What should you configure?
A.
B.
C.
D.
Monitoring from DNS Manager
Logging from Windows Firewall with Advanced Security
A Data Collector Set (DCS) from Performance Monitor
Debug logging from DNS Manager
Correct Answer: D
Section: (none)
Explanation
QUESTION 41
Your network contains an Active Directory forest.
The forest contains one domain named contoso.com. The domain contains three domain
controllers. The domain controllers are configured as shown in the following table.
DC1 has all of the operations master roles installed. You transfer all of the operations master roles
to DC2, and then you uninstall Active Directory from DC1. You need to ensure that you can use
Password Settings objects (PSOs) in the domain.
What should you do?
A.
B.
C.
D.
Change the domain functional level.
Upgrade DC2.
Run the dcgpofix.exe command.
Transfer the schema master role.
Correct Answer: A
Section: (none)
Explanation
The domain functional level must be Windows Server 2008 to use PSO's
http://technet.microsoft.com/en-us/library/cc770394
QUESTION 42
DHCP is configured as shown in the exhibit.
You need to ensure that only Scope1, Scope3, and Scope5 assign the same DNS servers to DHCP clients.
The solution must minimize administrative effort.
What should you do?
A.
B.
C.
D.
Create a superscope and scope-level policies.
Configure the Scope Options.
Create a superscope and a filter.
Configure the Server Options.
Correct Answer: B
Section: (none)
Explanation
B. Any DHCP scope options configured for assignment to DHCP clients
QUESTION 43
You have a server named Server1 that runs Windows Server 2012. Server1 fails. You identify that the master
boot record (MBR) is corrupt.
You need to repair the MBR. Which tool should you use:?
A.
B.
C.
D.
Bcdedit
Bcdboot
Bootrec
Fixmbr
Correct Answer: C
Section: (none)
Explanation
BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including
creating new stores, modifying existing stores, adding boot menu options, and
so on. BCDEdit serves essentially the same purpose as Bootcfg.exe on earlier versions of Windows
B. The BCDboot tool is a command-line tool that enables you to manage system partition files
C. Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks for
installations that are compatible with Windows Vista or Windows 7. Additionally, this option
displays the entries that are currently not in the BCD store. Use this option when there are Windows
Vista or Windows 7 installations that the Boot Manager menu does not list.
D. Repairs the master
boot record of the boot disk. The fixmbr command is only available when you are using the
Recovery Console. Fixmbr option in Server 2008 and 2012 is a bootrec option
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/enus/bootcons_fix
mbr.mspx?mfr=true
http://www.youtube.com/watch?v=kFU8kngy6O0
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/bbf4f440-50ce4ea2a3eaa96dc2500352
QUESTION 44
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows
Server 2012.
The domain contains two domain controllers. The domain controllers are configured as shown in the following
table.
You configure a user named User1 as a delegated administrator of DC10.
You need to ensure that User1 can log on to DC10 if the network link between the Main site and the Branch site
fails. What should you do?
A.
B.
C.
D.
Add User1 to the Domain Admins group.
On DC10, run ntdsutil and configure the settings in the Roles context
Run repadmin and specify the /prp parameter
On DC1, modify the User Rights Assignment in Default Domain Controllers Group Policy object (GPO).
Correct Answer: D
Section: (none)
Explanation
Modify the following policy:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log
on locally
Note:
* User Rights Assignment policies determines which users or groups have logon rights or privileges on the
computer.
* Delegated administrator accounts gain local administrative permissions to the RODC.
These users can operate with privileges equivalent to the local computer's Administrators group. They are not
members of the Domain Admins or the domain built-in Administrators groups.
This option is useful for delegating branch office administration without giving out domain administrative
QUESTION 45
You perform a full installation of Windows Server 2012 on a virtual machine named Server1. You plan to use
Server1 as a reference image.
You need to minimize the amount of storage space used by the Windows Server 2012 installation. Which
cmdlet should you use?
A.
B.
C.
D.
Remove-Module
Optimize-VHD
Optimize-Volume
Uninstall-WindowsFeature
Correct Answer: B
Section: (none)
Explanation
The Optimize-VHD cmdlet optimizes the allocation of space in or more virtual hard disk files, except for fixed
virtual hard disks.
The Compact operation is used to optimize the files. This operation reclaims unused blocks as well as
rearranges the blocks to be more efficiently packed, which reduces the size of a virtual hard disk file.
Reference: Optimize-VHD
QUESTION 46
Server1 has a scope named Scope1. A policy named Policy1 is configured for Scope1. Policy1 is configured to
provide Hyper-V virtual machines a one-day lease.
All other computers receive an eight-day lease.
You implement an additional DHCP server named Server2 that runs Windows Server 2012.
On Server1, you configure Scopel for DHCP failover.
You discover that virtual machines that receive IP addresses from Server2 have a lease duration of eight days.
You need to ensure that when Server2 assigns IP addresses to the Hyper-V virtual machines, the lease
duration is one day.
The solution must ensure that other computers that receive IP addresses from Server2 have a lease duration of
eight days.
What should you do?
A.
B.
C.
D.
On Server2, right-click Scope1, and then click Reconcile.
On Server1, right-click Scope1, and then click Replicate Scope.
On Server2, create a new DHCP policy.
On Server1, delete Policy1, and then recreate the policy.
Correct Answer: B
Section: (none)
Explanation
Scope 1 has been set up for DHCP failover. Now we need to replicate it from Server1 to Server2.
QUESTION 47
You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active
Directory as the attribute store.
Some users report that they fail to authenticate to the AD FS infrastructure.
You discover that only users who run third-party web browsers experience issues.
You need to ensure that all of the users can authenticate to the AD FS infrastructure successfully. Which
Windows PowerShell command should you run?
A.
B.
C.
D.
Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00
Set-ADFSProperties -AddProxyAuthenticationRules None
Set-ADFSProperties -SSOLifetime 1:00:00
Set-ADFSProperties -ExtendedProtectionTokenCheck None
Correct Answer: A
Section: (none)
Explanation
Sets the valid token lifetime for proxy trust tokens (in minutes). This value is used by the federation server proxy
to authenticate with its associated federation server.
B. Specifies a policy rule set that can be used to establish authorization permissions for setting up trust
proxies.
The default value allows the AD FS 2.0 service user account or any member of BUILTIN\Administrators to
register a federation server proxy with the Federation Service.
C. Specifies the duration of the single sign-on (SSO) experience for Web browser clients (in minutes).
D. pecifies the level of extended protection for authentication supported by the federation server. Extended
Protection for Authentication helps protect against man-in-the-middle (MITM) attacks, in which an attacker
intercepts a client's credentials and forwards them to a server.
http://technet.microsoft.com/zh-cn/library/ee892317.aspx
QUESTION 48
The domain contains a file server named Server1. The domain contains a domain controller named DC1.
Server1 contains three shared folders. The folders are configured as shown in the following table.
Folder2 has a conditional expression of User.Department= = MMarketing". You discover that a user named
User1 cannot access \\Server1\folder2. User1 can access \\Server1\folderl and \\Server1\folder3. You verify the
group membership of User1 as shown in the Member Of exhibit. (Click the Exhibit button.)
You verify the general properties of User1 as shown in the General exhibit. (Click the Exhibit button.)
You need to ensure that User1 can access the contents of \\Server1\folder2. What should you do?
A. From a Group Policy object (GPO), set the Support for Dynamic Access Control and Kerberos armoring
setting to Always provide claims.
B. Change the department attribute of User1.
C. Grant the Full Control NTFS permissions on Folder2 to User1.
D. Remove Userl1from the Accounting global group
Correct Answer: B
Section: (none)
Explanation
Conditional Expression and users Department must match http://technet.microsoft.com/enus/library/
jj134043.aspx
QUESTION 49
Windows Server 2012. The domain contains two domain controllers. The domain controllers are configured as
shown in the following table.
The Branch site contains a perimeter network.
For security reasons, client computers in the perimeter network can communicate with client computers in the
Branch site only.
You plan to deploy a new RODC to the perimeter network in the Branch site.
You need to ensure that the new RODC will be able to replicate from DC10. What should you do first on DC10?
A.
B.
C.
D.
Enable the Bridge all site links setting.
Create an Active Directory site link bridge.
Create an Active Directory site.
Correct Answer: C
Section: (none)
Explanation
If you cannot place a writable Windows Server 2008 domain controller in the nearest site to the
RODC, RODC replication depends on a site link bridge between the site links that contain the site
of the RODC and the site of the writable Windows Server 2008 domain controller.
AD Site not readed for RODC
http://technet.microsoft.com/en-us/library/dd736189(v=WS.10).aspx
QUESTION 50
Server1 has Microsoft SQL Server 2012 installed.
You install the Active Directory Federation Services server role on Server2. You need to configure Server2 as
the first Active Directory Federation Services (AD FS) server in the domain.
The solution must ensure that the AD FS database is stored in a SQL Server database on Server1.
A.
B.
C.
D.
From
From
From
From
a command prompt, run fsutil.exe.
Windows PowerShell, run Install-ADFSFarm.
Server Manager, install the Federation Service Proxy.
Server Manager, install the AD FS Web Agents.
Correct Answer: B
Section: (none)
Explanation
Creates the first node of a new federation server farm
QUESTION 51
Server1 and Server2 have the Network Load Balancing (NLB) feature installed.
The servers are configured as nodes in an NLB cluster named Cluster1. Both servers connect to the same
switch.
Cluster1 hosts a secure web application named WebApp1. WebApp1 saves user state information in a central
database.
You need to ensure that the connections to WebApp1 are distributed evenly between the nodes.
The solution must minimize port flooding.
To answer, configure the appropriate affinity and the appropriate mode for Cluster1 in the answer
area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
When you use the unicast method, all cluster hosts share an identical unicast MAC address. Network Load
Balancing overwrites the original MAC address of the cluster adapter with the unicast MAC address that is
assigned to all the cluster hosts.
When you use the multicast method, each cluster host retains the original MAC address of the adapter. In
addition to the original MAC address of the adapter, the adapter is assigned a multicast MAC address, which is
shared by all cluster hosts. The incoming client requests are sent to all cluster hosts by using the multicast
MAC address.
Select the unicast method for distributing client requests, unless only one network adapter is installed in each
cluster host and the cluster hosts must communicate with each other. Because Network Load Balancing
modifies the MAC address of all cluster hosts to be identical, cluster hosts cannot communicate directly with
one another when using unicast. When peer-to-peer communication is required between cluster hosts, include
an additional network adapter or select multicast mode. When the unicast method is inappropriate, select the
multicast method.
In addition, you can select one of three options for client affinity: None, Single, and Class C. Single and Class C
are used to ensure that all network traffic from a particular client be directed to the same cluster host. In order
to allow Network Load Balancing to properly handle IP fragments, you should avoid using None when selecting
UDP or Both for your protocol setting.
http://technet.microsoft.com/nl-nl/library/cc782694(v=ws.10).aspx
QUESTION 52
You have 3 server named Server1 that runs Windows Server 2012.
You are asked to test Windows Azure Online Backup to back up Server1.
You need to back up Server1 by using Windows Azure Online Backup. Which four actions should you perform
in sequence?
To answer, move the appropriate four actions from the list of actions to the answer area and arrange them in
the correct order.
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 53
Your company has a primary data center and a disaster recovery data center. The network contains
an Active Directory domain named contoso.com. The domain contains a server named Server1
runs Windows Server 2012. Server1 is located in the primary data center. Server1 has an enterprise
root certification authority (CA) for contoso.com.
You deploy another server named Server2 to the disaster recovery data center.
You plan to configure Server2 as a secondary certificate revocation list (CRL) distribution point.
You need to configure Server2 as a CRL distribution point (CDP).
Which tab should you use to configure the required CDP entry?
To answer, select the appropriate tab in the answer area.
Point and Shoot:
Correct Answer:
Section: (none)
Explanation
configure the CDP settings on the certificate authority
1. On Server2, click Start, Administrative Tools, and click Certification Authority.
2. In the details pane, right-click the name of the CA. For example, Server2-CA, then click Properties.
3. Click the Extensions tab.
4. On the Extensions tab, click Add. In Location, type http://crl.<the domainname>/crld/ For example, http://
crl.server2.contoso.com/crld/
5. In Variable name, click <CaName>, click Insert; click <CRLNameSuffix>, click Insert; click
<DeltaCRLAllowed>, click Insert.
6. In Location, type .crl at the end of the Location string and then click OK.
7. Select Include in CRLs. Clients use this to find Delta CRL locations. And Include in the CDP extension of
issued certificates, then click Apply. Click No in the dialog box asking you to restart the ADCS.
QUESTION 54
Server1 has the Active Directory Federation Services server role installed.
You need to make configuration changes to the Windows Token-based Agent role service.
To answer, select the appropriate tool in the answer area.
Point and Shoot:
Correct Answer:
Section: (none)
Explanation
Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
In the console tree, click YourComputerName(local computer).
In the center pane, double-click Federation Services URL, type the URL of the federation server in the resource
partner organization name, and then click Apply.
For example, if the federation server in the resource partner organization is named fedsrv1 and it is located in
the treyresearch.net forest, type https://fedsrv1.treyresearch.net/adfs/fs/FederationServerService.asmx.
noteNote
The Federation Services URL in Active Directory Federation Services (AD FS) defines the URL that is used for
all Web sites and Windows NT token–based applications on a Web server where the AD FS Web Agent is
enabled.
In the console tree, double-click Sites, and then click YourWebSiteName.
In the center pane, double-click Authentication, highlight AD FS Windows Token-Based Agent, and then in the
Actions pane click Edit.
In the ADFS Windows Token-Based Agent dialog box, select the Enable AD FS Web Agent check box.
noteNote
This action will enable anonymous access to this Web site.
Modify the following values as necessary, and then click OK.
Cookie path
Cookie domain
Return URL
QUESTION 55
All servers run Windows Server 2012. Server1 and Server2 have the Hyper-V server role installed.
You add a third server named Server3 to the network. Server3 has Intel processors. You need to
move VM3 and VM6 to Server3.
The solution must minimize downtime on the virtual machines.
Which method should you use to move each virtual machine? To answer, select the appropriate
method for each virtual machine in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Import and Export when hardware vendors differ for the CPU
Live migration has no downtime (in real life there is some though) and only supported on same CPU make.
QUESTION 56
Your network contains an Active Directory domain named contoso.com. The domain contains two DHCP
servers named DHCP1 and DHCP2 that run Windows Server 2012.
You install the IP Address Management (IPAM) Server feature on a member server named Server1 and you
run the Run Invoke-IpamGpoProvisioning cmdlet.
You need to manage the DHCP servers by using IPAM on Server1. Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in
the correct order.
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 57
All servers run Windows Server 2012. Server1 and Server2 have the Hyper-V server role and the Failover
Clustering feature installed.
Server1 and Server2 are members of a cluster named Cluster1. Cluster1 hosts 10 virtual machines.
When you try to migrate a running virtual machine from one server to another, you receive the following error
message:
"There was an error checking for virtual machine compatibility on the target node."
You need to ensure that the virtual machines can be migrated from one node to another.
From which node should you perform the configuration? To answer, select the appropriate node in the answer
area.
Point and Shoot:
Correct Answer:
Section: (none)
Explanation
QUESTION 58
Your network contains two servers named Server1 and Server2 that run Windows Server 2012. Server1 and
Server2 have the Hyper-V server role installed.
Server1 and Server2 have different processor models from the same manufacturer.
On Server1, you plan to create a virtual machine named VM1. Eventually, VM1 will be exported to Server2.
You need to ensure that when you import VM1 to Server2, you can start VM1 from saved snapshots.
What should you configure on VM1? To answer, select the appropriate node in the answer area
Point and Shoot:
Correct Answer:
Section: (none)
Explanation
As Virtualization penetration continues to broaden, customers are expecting to deploy and run virtual machines
across a diverse set of servers running different virtualization capable processors. When a running virtual
machine is moved to a server running different processor, the virtualization platform needs to provide
necessary support to ensure applications running inside virtual machines continue to run on the destination
processor. Windows Server 2008 R2 Hyper-V introduces a capability called processor compatibility mode to
allow moving a running virtual machine across Hyper-V supported processors.
QUESTION 59
named Server1. Server1 is a BranchCache hosted cache server that is located in a branch office.
The network contains client computers that run either Windows 7 or Windows 8.
For the branch office, all of the user accounts and the client computer accounts are located in an organizational
unit (OU) named Branch1.
A Group Policy object (GPO) named GPO1 is linked to Branch 1. GPO1 contains the BranchCache settings.
You discover that users in the branch office who have client computers that run Windows 7 do not access
cached content from Server1.
Users in the branch office who have Windows 8 computers access cached content from Server1.
You need to configure the Windows 7 computers to use BranchCache on Server1. Which setting should you
configure in GPO1?
To answer, select the appropriate setting in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
http://technet.microsoft.com/en-us/network/dd425028.aspx
QUESTION 60
Your network contains two DHCP servers named Server1 and Server2. Server1 fails. You discover that DHCP
clients can no longer receive IP address leases.
You need to ensure that the DHCP clients receive IP addresses immediately.
What should you configure from the View/Edit Failover Relationship settings? To answer, select the appropriate
setting in the answer area.
Point and Shoot:
Correct Answer:
Section: (none)
Explanation
Exam D
QUESTION 1
Server1 has the Active Directory Certificate Services server role installed and configured. For all users, you are
deploying smart cards for logon.
You are using an enrollment agent to enroll the smart card certificates for the users. You need to configure the
Contoso Smartcard Logon certificate template to support the use of the enrollment agent.
Which setting should you modify? To answer, select the appropriate setting in the answer area.
Point and Shoot:
Correct Answer:
Section: (none)
Explanation
QUESTION 2
Your network contains an Active Directory domain named contoso.com. The domain contains the two servers.
You investigate a report about the potential compromise of a private key for a certificate issued to Server2.
You need to revoke the certificate issued to Server2. The solution must ensure that the revocation can be
reverted.
Which reason code should you select? To answer, select the appropriate reason code in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 3
Your network contains two Active Directory forests named contoso.com and adatum.com. All domain
controllers run Windows Server 2012.
A federated trust exists between adatum.com and contoso.com. The trust provides adatum.com users with
access to contoso.com resources.
You need to configure Active Directory Federation Services (AD FS) claim rules for the federated trust.
The solution must meet the following requirements: In contoso.com, replace an incoming claim type named
Group with an outgoing claim type named Role.
In adatum.com, allow users to receive their tokens for the relying party by using their Active Directory group
membership as the claim type.
The AD FS claim rules must use predefined templates.
Which rule types should you configure on each side of the federated trust?
To answer, drag the appropriate rule types to the correct location or locations. Each rule type may be used
once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 4
Drag and Drop QuestionYour network contains four servers that run Windows Server 2012. Each server has
the Failover Clustering feature installed. Each server has three network adapters installed. An iSCSI SAN is
available on the network.
You create a failover cluster named Cluster1.
You add the servers to the cluster.
You plan to configure the network settings of each server node as shown in the following table.
You need to configure the network settings for Cluster1.
What should you do?
To answer, drag the appropriate network communication setting to the correct cluster network. Each
network communication setting may be used once, more than once, or not at all.
Select and Place:
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 5
You have a server named Server1 that runs Windows Server 2012. The volumes on Server1 are
A new corporate policy states that backups must use Windows Azure Online Backup whenever possible.
You need to identify which backup methods you must use to back up Server1. The solution must use Windows
Azure Online Backup whenever possible.
Which backup type should you identify for each volume? To answer, select the appropriate backup type for
each volume in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
the original answer in the PDF was false in my opinion cuz:
BitLocker-protected volume :Yes, but the volume must be unlocked before the backup can occur. so it IS
possible and can be automated.
http://msdn.microsoft.com/en-us/library/jj573031.aspx#BKMK_faq_4
QUESTION 6
Your network contains an Active Directory domain named contoso.com. The domain contains four member
servers named Server1, Server2, Servers, and Server4.
All servers run Windows Server 2012. Server1 and Server2 are located in a site named Site1.
Server3 and Server4 are located in a site named Site2.
The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 is configured to use the
Node Majority quorum configuration.
You need to ensure that Server1 is the only server in Site1 that can vote to maintain quorum.
What should you run from Windows PowerShell? To answer, drag the appropriate commands to the correct
location. Each command may be used once, more than once, or not at all. You may
need to drag the split bar between panes or scroll to view content.
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 7
domain contains three domain controllers. The domain controllers are configured as shown in the following
table.
You plan to test an application on a server named Server1. Server1 is currently located in Site1.
After the test, Server1 will be moved to Site2. You need to ensure that Server1 attempts to authenticate to DC3
first, while you test the application. What should you do?
A.
B.
C.
D.
Create a new site and associate the site to an existing site link object.
Modify the priority of site-specific service location (SRV) DNS records for Site2.
Create a new subnet object and associate the subnet object to an existing site.
Modify the weight of site-specific service location (SRV) DNS records Site1.
Correct Answer: B
Section: (none)
Explanation
Service Location (SRV) Resource Record Priority A number between 0 and 65535 that indicates the priority or
level of preference given for this record to the host that is specified in Host offering this service.
Priority indicates this host's priority with respect to the other hosts in this domain that offer the same service and
are specified by different service location (SRV) resource records.
Incorrect:
Not D:
Weight: A number between 1 and 65535 to be used as a load-balancing mechanism. When you
select among more than one target SRV host for the type of service (specified in Service) that use
the same Priority number, you can use this field to weight preference toward specific hosts. Where
several hosts share equal priority, SRV-specified hosts with higher weight values that are entered
here should be returned first to resolver clients in SRV query results. Reference: Service Location
(SRV) Resource Record Dialog Box
QUESTION 8
Your network contains an Active Directory domain named contoso.com. The domain contains a fileserver
named Server1.
The File Server Resource Manager role service is installed on Server1. All servers run Windows Server 2012. A
Group Policy object (GPO) named GPO1 is linked to the organizational unit (OU) that contains Server1.
The following graphic shows the configured settings in GPO1.
Server1 contains a folder named Folder1. Folder1 is shared as Share1.
You attempt to configure access-denied assistance on Server1, but the Enable access-denied assistance
option cannot be selected from File Server Resource Manager.
You need to ensure that you can configure access-denied assistance on Server1 manually by using File Server
Resource Manager. Which two actions should you perform?
A.
B.
C.
D.
Set the Enable access-denied assistance on client for all file types policy setting to Disabled for GPO1.
Set the Customize message for Access Denied errors policy setting to Not Configured for GPO1.
Set the Enable access-denied assistance on client for all file types policy setting to Enabled for GPO1.
Set the Customize message for Access Denied errors policy setting to Enabled for GPO1.
Correct Answer: D
Section: (none)
Explanation
ensure that you can configure access-denied assistance
http://technet.microsoft.com/en-us/library/hh831402.aspx#BKMK_1
QUESTION 9
Your company has a main office and a remote office. The remote office is used for disaster recovery.
The network contains an Active Directory domain named contoso.com. The domain contains member servers
named Server1, Server2, Server3, and Server4. All servers run Windows Server 2012.
Server1 and Server2 are located in the main office. Server3 and Server4 are located in the remote office.
All servers have the Failover Clustering feature installed. The servers are configured as nodes in a failover
cluster named Cluster1.
Storage is replicated between the main office and the remote site.
You need to ensure that Cluster1 is available if two nodes in the same office fail. What are two possible quorum
configurations that achieve the goal? (Each correct answer presents a complete solution. Choose two.)
A.
B.
C.
D.
Node Majority
No Majority: Disk Only
Node and File Share Majority
Node and Disk Majority
Correct Answer: AB
Section: (none)
Explanation
Depending on the quorum configuration option that you choose and your specific settings, the
cluster will be configured in one of the following quorum modes:
* (A) Node majority (no witness) Only nodes have votes. No quorum witness is configured. The
cluster quorum is the majority of voting nodes in the active cluster membership.
* (B) No majority (disk witness only) No nodes have votes. Only a disk witness has a vote. The
cluster quorum is determined by the state of the disk witness. The cluster has quorum if one node
is available and communicating with a specific disk in the cluster storage. Generally, this mode is
not recommended, and it should not be selected because it creates a single point of failure for the
cluster.
* Node majority with witness (disk or file share)
Nodes have votes. In addition, a quorum witness has a vote. The cluster quorum is the majority of
voting nodes in the active cluster membership plus a witness vote. A quorum witness can be a
designated disk witness or a designated file share witness.
Note:
* Quorum in Windows 2008 R2 referred to a consensus , that is, a majority of votes is required in
order to reach quorum and maintain stability of the cluster. A new option created in Windows Server
2012 which was also back ported to Windows Server 2008 R2 SP1 was the ability to stop a node
being able to participate in the voting process.
* Dynamic quorum is the ability of the cluster to recalculate quorum on the fly and still maintain a
working cluster. This is a huge improvement as we are now able to continue to run a cluster even
if the number of nodes remaining in the cluster is less than 50%. This was not possible before but
the dynamic quorum concept now allows us to do this. In fact we can reduce the cluster down to
the last node (known as last man standing) and still maintain quorum. Reference: Configure and
Manage the Quorum in a Windows Server 2012 Failover Cluster
QUESTION 10
Your network contains an Active Directory domain named contoso.com. The domain contains four servers
named Server1, Server2, Server3, and Server4 that run Windows Server 2012.
All servers have the Hyper-V server role and the Failover Clustering feature installed.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A.
B.
C.
D.
E.
From
From
From
From
From
Hyper-V Manager on a node in Cluster2, create three virtual machines.
Hyper-V Manager on a node in Cluster2, modify the Hyper-V settings.
Failover Cluster Manager on Cluster1, configure each virtual machine for replication.
Cluster1, add and configure the Hyper-V Replica Broker role.
Cluster2, add and configure the Hyper-V Replica Broker role.
Correct Answer: ACE
Section: (none)
Explanation
A: Need to have same number of replicated VMs in the replicated site.
C: Once the hosting server is configured for Replica, you can enable replication for each virtual
machine that you want to be replicated.
E: The Hyper-V Replica Broker is placed in the replicated cluster Note:
* Each node of the failover cluster that is involved in Replica must have the Hyper-V server role
installed.
* Windows Server 2012 Hyper-V Replica is a built-in mechanism for replicating Virtual Machines
(VMs). It can replicate selected VMs in real-time or asynchronously from a primary site to a
designated replica site across LAN/WAN. Here a replica site hosts a replicated VM while an
associated primary site is where the source VM runs. And either a replica site or a primary site can
be a Windows Server 2012 Hyper-V host or a Windows Server 2012 Failover Cluster.
QUESTION 11
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named
contoso.com and child1.contoso.com.
The domains contain three domain controllers.
You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting
is enforced in the child1.contoso.com domain.
A.
B.
C.
D.
E.
Raise the domain functional level ofchildl.contoso.com,
Raise the domain functional level of contoso.com.
Raise the forest functional level of contoso.com
Correct Answer: BD
Section: (none)
Explanation
QUESTION 12
You have a server named Server1 that runs Windows Server 2012. The storage on Server1 is configured as
shown in the following table.
You plan to implement Data Deduplication on Server1. You need to identify on which drives you can enable
Data Deduplication. Which three drives should you identify? (Each correct answer presents part of the solution.
Choose three.)
A.
B.
C.
D.
E.
C
D
E
F
G
Correct Answer: BDE
Section: (none)
Explanation
Volumes that are candidates for deduplication must conform to the following requirements:
* (not A) Must not be a system or boot volume. Deduplication is not supported on operating system
volumes.
* Can be partitioned as a master boot record (MBR) or a GUID Partition Table (GPT), and must be
formatted using the NTFS file system.
* Can reside on shared storage, such as storage that uses a Fibre Channel or an SAS array, or
when an iSCSI SAN and Windows Failover Clustering is fully supported.
* Do not rely on Cluster Shared Volumes (CSVs). You can access data if a deduplicationenabled
volume is converted to a CSV, but you cannot continue to process files for deduplication.
* (not C) Do not rely on the Microsoft Resilient File System (ReFS).
* Must be exposed to the operating system as non-removable drives. Remotely-mapped drives are
not supported.
QUESTION 13
You have 20 servers that run Windows Server 2012.
You need to create a Windows PowerShell script that registers each server in Windows Azure Online Backup
and sets an encryption passphrase.
Which two PowerShell cmdlets should you run in the script? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
E.
New-OBPolicy
New-OBRetentionPolicy
Add-OBFileSpec
Start-OBRegistration
Set OBMachineSetting
Correct Answer: DE
Section: (none)
Explanation
Start-OBRegistration Registers the current computer with Windows Azure Online Backup using the credentials
(username and password) created during enrollment.
The Set-OBMachineSetting cmdlet sets a OBMachineSetting object for the server that includes proxy server
settings for accessing the internet, network bandwidth throttling settings, and the encryption passphrase that is
required to decrypt the files during recovery to another server.
QUESTION 14
You need to ensure that a WIM file that is located on a network share is used as the installation source when
installing server roles and features on Server1.
A. Run the dism.exe command and specify the /remove-package parameter.
B. Run the Remove-WindowsFeature cmdlet.
C. Enable and configure the Specify settings for optional component installation and component repair policy
setting by using a Group Policy object (GPO).
D. Enable the Enforce upgrade component rules policy setting by using a Group Policy object (GPO).
E. Run the Remove-WindowsPackage cmdlet.
Correct Answer: AC
Section: (none)
Explanation
To configure a default alternate source path in Group Policy
In Local Group Policy Editor or Group Policy Management Console, open the following policy setting.
Computer Configuration\Administrative Templates\System\Specify settings for optional component installation
and component repair
Select Enabled to enable the policy setting, if it is not already enabled.
In the Alternate source file path text box in the Options area, specify a fully qualified path to a shared folder or a
WIM file. To specify a WIM file as an alternate source file location, add the prefix WIM: to the path, and add the
index of the image to use in the WIM file as a suffix. The following are examples of values that you can specify.
Path to a shared folder: \\server_name\share\folder_name
Path to a WIM file, in which 3 represents the index of the image in which the feature files are found: WIM:\
\server_name\share\install.wim:3
If you do not want computers that are controlled by this policy setting to search for missing feature files in
Windows Update, select Never attempt to download payload from Windows Update.
If the computers that are controlled by this policy setting typically receive updates through WSUS, but you
prefer to go through Windows Update and not WSUS to find missing feature files, select Contact Windows
Update directly to download repair content instead of Windows Server Update Services (WSUS).
Click OK when you are finished changing this policy setting, and then close the Group Policy editor.
QUESTION 15
fabrikam.com. The functional level of the forest is Windows Server 2003.
You have a domain outside the forest named litwareinc.com. You need to configure an access solution to meet
the following requirements:
* Users in litwareinc.com must be able to access resources on a server named Server1 in contoso.com.
* Users in the contoso.com forest must be prevented from accessing any resources in litwareinc.com.
* Users in litwareinc.com must be prevented from accessing any other resources in the contoso.com forest.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A.
B.
C.
D.
E.
F.
Configure SID filtering on the trust.
Configure forest-wide authentication on the trust.
Create a one-way forest trust.
Create a one-way external trust
Modify the permission on the Server1 object.
Configure selective authentication on the trust.
Correct Answer: DEF
Section: (none)
Explanation
D (not C): litwareinc.com is outside the forest so we need an external trust (not a forest trust).
E: Must grant the required permissions on Server1.
F(not B): For external trust we must either select Domain-Wide or Selective Authentication (forstwide
authentication is not an option)
BCE
Note:
* You can create an external trust to form a one-way or two-way, nontransitive trust with domains
that are outside your forest. External trusts are sometimes necessary when users need access to
resources in a Windows NT 4.0 domain or in a domain that is located in a separate forest that is
not joined by a forest trust.
/ To select the scope of authentication for users that are authenticating through a forest trust, click
the forest trust that you want to administer, and then click Properties . On the Authentication tab,
click either Forest-wide authentication or Selective authentication . / To select the scope of
authentication for users that are authenticating through an external trust, click the external trust that
you want to administer, and then click Properties . On the Authentication tab, click either Domainwide
authentication or Selective authentication .
* The forest-wide authentication setting permits unrestricted access by any users in the trusted
forest to all available shared resources in any of the domains in the trusting forest.
* Forest-wide authentication is generally recommended for users within the same organization.
Reference: Select the Scope of Authentication for Users
QUESTION 16
named Server1 that runs Windows Server 2012. All client computers run Windows 8.
You need to configure a custom Access Denied message that will be displayed to users when they are denied
access to folders or files on Server1.
A.
B.
C.
D.
A classification property
The File Server Resource Manager Options
A file management task
A file screen template
Correct Answer: B
Section: (none)
Explanation
QUESTION 17
forest contains three Active Directory sites named SiteA, SiteB, and SiteC.
The sites contain four domain controllers. The domain controllers are configured as shown in the following
table.
You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB.
You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB,
unless all of the domain controllers in SiteB are unavailable. What should you do?
A.
B.
C.
D.
Decrease the cost of the site link between SiteB and SiteC.
Create a site link bridge
Disable site link bridging.
Correct Answer: B
Section: (none)
Explanation
By decreasing the cost between SiteB and SiteC, the SiteC users will be authenticated by SiteB
domain controllers.
Note:
* A site link bridge connects two or more site links and enables transitivity between site links. Each
site link in a bridge must have a site in common with another site link in the bridge.
* By default, all site links are transitive.
QUESTION 18
Your network contains an Active Directory domain named contoso.com. The domain contains a.
DC2 has the DHCP Server server role installed. DHCP is configured as shown in the exhibit.
You discover that client computers cannot obtain IPv4 addresses from DC2. You need to ensure
that the client computers can obtain IPv4 addresses from DC2. What should you do?
A.
B.
C.
D.
Disable the Deny filters.
Enable the Allow filters.
Authorize DC2.
Restart the DHCP Server service
Correct Answer: C
Section: (none)
Explanation
watch out for this tricky one! the allow filter is disabled end you see the server not being enabled.
there is another question according this screen but without the disabled allow filter and IPv4.
QUESTION 19
Your network contains an Active Directory forest named adatum.com. All servers run Windows
Server 2012. The domain contains four servers. The servers are configured as shown in the
following table.
You need to deploy IP Address Management (IPAM) to manage DNS and DHCP. On which server
should you install IPAM?
A.
B.
C.
D.
Server1
Server2
Server3
Server4
Correct Answer: D
Section: (none)
Explanation
IPAM cannot be installed on Domain Controllers. All other servers have the DC role
QUESTION 20
authority (CA).
computer by using their smart card. A user named User1 resigned and started to work for a competing
company. You need to prevent User1
immediately from logging on to any computer in the domain. The solution must not prevent other users from
logging on to the domain. Which tool should you use?
A. Active Directory Users and Computers
B. Server Manager
C. The Certificates snap-in
D. The Certification Authority console
Correct Answer: D
Section: (none)
Explanation
You can use the Certification Authority console to configure CAs. This includes the following tasks:
(D) Scheduling certificate revocation list publication. Installing the CA certificate when necessary.
Configuring exit module settings. Configuring policy module settings. Modifying security
permissions and delegate control of CAs. Enabling optional Netscape-compatible Web-based
revocation checking. Reference: Configure Certification Authorities
QUESTION 21
You have a server named Server1 that runs Windows Server 2012. When you install a custom Application on
Server1 and restart the server, you receive the following error message:
"The Boot Configuration Data file is missing some required information.
File: \Boot\BCD
Error code: 0x0000034."
You start Server1 by using Windows PE. You need to ensure that you can start Windows Server 2012 on
Server1.
A.
B.
C.
D.
Bootsect
Bootim
Bootrec
Bootcfg
Correct Answer: C
Section: (none)
Explanation
bootrec /rebuildbcd
QUESTION 22
Server1 has the Active Directory Rights Management Services server role installed.
Your company works with a partner organization that does not have its own Active Directory Rights
Management Services (AD RMS) implementation.
You need to create a trust policy for the partner organization. The solution must meet the following
requirements:
Grant users in the partner organization access to protected content. Provide users in the partner
organization with the ability to create protected content.
Which type of trust policy should you create?
A. a federated trust
B. Windows Live ID
C. a trusted publishing domain
D. a trusted user domain
Correct Answer: A
Section: (none)
Explanation
You can use Active Directory Federation Services (ADFS) to enable efficient and secure online transactions
between Partner organizations that are joined by federation trust relationships. In other words, a federation trust
is the embodiment of a business-level agreement or partnership between two organizations.
QUESTION 23
table.
On DC1, you create an Active Directory-integrated zone named Zone1. You verify that Zone1 replicates to DC2.
You use DNSSEC to sign Zone1.
You discover that the updates to Zone1 fail to replicate to DC2.
You need to ensure that Zone1 replicates to DC2.
What should you configure on DC1? To answer, select the appropriate tab in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 24
Your network contains two Hyper-V hosts that are configured as shown in the following table.
You create a virtual machine on Server1 named VM1.
You plan to export VM1 from Server1 and import VM1 to Server2. You need to ensure that you can start the
imported copy of VM1 from snapshots.
What should you configure on VM1? To answer, select the appropriate node in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
If the CPUs are from the same manufacturer but not from the same type, you may need to use Processor
Compatibility.
QUESTION 25
Server 2012. The domain contains two domain controllers. The domain controllers are configured as shown in
the following table.
You configure a user named User1 as a delegated administrator of DC10. You need to ensure that User1 can
log on to DC10 if the network link between the Main site and the Branch site fails.
What should you do?
A.
B.
C.
D.
On DC10, run ntdsutil and configure the settings in the Roles context
On DC10, run ntdsutil and configure the settings in the Local Roles context
Modify the properties of the DCIO computer account.
Run repadmin and specify /replsingleobject parameter
Correct Answer: B
Section: (none)
Explanation
Modify the following policy: Computer Configuration\Windows Settings\Security Settings\Local Policies\User
Rights Assignment\Allow log on locally
Note:
* User Rights Assignment policies determines which users or groups have logon rights or privileges
on the computer.
* Delegated administrator accounts gain local administrative permissions to the RODC. These
users can operate with privileges equivalent to the local computer's Administrators group. They are
not members of the Domain Admins or the domain built-in Administrators groups. This option is
useful for delegating branch office administration without giving out domain administrative
QUESTION 26
You have a server named Server1 that runs Windows Server 2012. You install the File and Storage Services
server role on Server1.
From Windows Explorer, you view the properties of a folder named Folder1 and you discover that the
Classification tab is missing. You need to ensure that you can assign classifications to Folder1 from Windows
Explorer manually.
What should you do?
A.
B.
C.
D.
From Folder Options, clear Hide protected operating system files (Recommended).
Install the File Server Resource Manager role service.
From Folder Options, select the Always show menus.
Install the Share and Storage Management Tools.
Correct Answer: B
Section: (none)
Explanation
Classification Management is a feature of FSRM
http://technet.microsoft.com/enus/library/dd758759(v=WS.10).aspx
QUESTION 27
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain.
The forest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domain
An IP site link exits between each site.
You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB.
You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB,
unless all of the domain controllers in SiteB are unavailable.
What should you do?
A.
B.
C.
D.
Create an SMTP site link between SiteB and SiteC
Create additional connection objects for DC3 and DC4
Decrease the cost of the site link between SiteB and SiteC.
Correct Answer: C
Section: (none)
Explanation
By decreasing the site link cost between SiteB and SiteC the SiteC users would be authenticated
by SiteB rather than by SiteA
QUESTION 28
Your network contains two servers named Server1 and Server2 that run Windows Server 2012. Server1 and
Server2 have the Hyper-V server role installed.
Server1 and Server2 are configured as Hyper-V replicas of each other. Server2 hosts a virtual machine named
VM5. VM5 is replicated to Server1.
You need to verify whether the replica of VM5 on Server1 is functional. The solution must ensure that VM5
remains accessible to clients.
What should you do from Hyper-V Manager?
A.
B.
C.
D.
On a server in Cluster2, click Migrate Roles.
On a server in Cluster2, configure Cluster-Aware Updating
On a server in Cluster1, click Move Core Cluster Resources, and then click Select Node
Correct Answer: B
Section: (none)
Explanation
Cluster-Aware Updating (CAU) is an automated feature that allows you to update clustered servers with little or
no loss in availability during the update process.
During an Updating Run, CAU transparently performs the following tasks:
Puts each node of the cluster into node maintenance mode Moves the clustered roles off the node
Installs the updates and any dependent updates
Performs a restart if necessary
Brings the node out of maintenance mode
Restores the clustered roles on the node
Moves to update the next node
For many clustered roles (formerly called clustered applications and services) in the cluster, the automatic
update process triggers a planned failover, and it can cause a transient service interruption for connected
clients.
However, in the case of continuously available workloads in Windows Server 2012, such as Hyper-V with live
migration or file server with SMB Transparent Failover, CAU can coordinate cluster updates with no impact to
the service availability.
QUESTION 29
The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 has access to four physical
disks. The disks are configured as shown in the following table.
You need to ensure that all of the disks can be added to a Cluster Shared Volume (CSV).
A.
B.
C.
D.
Enable BitLocker on Disk4.
Format Disk3 to use NTFS.
Format Disk2 to use NTFS.
Disable BitLocker on Disk1
Correct Answer: BC
Section: (none)
Explanation
You cannot use a disk for a CSV that is formatted with FAT, FAT32, or Resilient File System (ReFS).
QUESTION 30
Your network contains an Active Directory forest named contoso.com. The contoso.com domain only contains
domain controllers that run Windows Server 2012.
The forest contains a child domain named child.contoso.com.
The child.contoso.com domain only contains domain controllers that run Windows Server 2008 R2.
The child.contoso.com domain contains a member server named Server1 that runs Windows Server 2012. You
have access to four administrative user accounts in the forest. The administrative user accounts are configured
You need to ensure that you can add a domain controller that runs Windows Server 2012 to the
child.contoso.com domain. Which account should you use to run adprep.exe?
A.
B.
C.
D.
Admin1
Admin2
Admin3
Admin4
Correct Answer: C
Section: (none)
Explanation
http://msmvps.com/blogs/mweber/archive/2012/07/27/upgrading-an-active-directory-domain-from-windowsserver-2008-or-windows-server-2008-r2-to-windows-server-2012.aspx
QUESTION 31
named Node1 and Node2. Node1 and Node2 run Windows Server 2012. Node1 and Node2 are configured as
a two-node failover cluster named Cluster2.
The computer accounts for all of the servers reside in an organizational unit (OU) named Servers.
A user named User1 is a member of the local Administrators group on Node1 and Node2. User1 creates a new
clustered File Server role named File1 by using the File Server for general use option. A report is generated
during the creation of File1 as shown in the exhibit
File1 fails to start.
You need to ensure that you can start File1. What should you do?
A. Log on to the domain by using the built-in Administrator for the domain, and then recreate the clustered File
Server role by using the File Server for general use option.
B. Recreate the clustered File Server role by using the File Server for scale-out Application data option.
C. Assign the computer account permissions of Cluster2 to the Servers OU.
D. Assign the user account permissions of User1 to the Servers OU.
E. Increase the value of the ms-DS-MachineAccountQuota attribute of the domain.
Correct Answer: C
Section: (none)
Explanation
incorrect in previous dumps!
When using the failover cluster manager changes you make are not being done as the user but as the cluster
machine account.
You have created a Windows Server 2012 Scale-Out File Server. The cluster, including the network and
storage, pass the cluster validation test. Everything looks and is good. You create a File Server role for
application data (SOFS) but it fails to start:
The fix is in:
1) Open Active Directory Users And Computers.
2) Enable Advanced view if not enabled.
3) Edit the properties of the OU containing the cluster computer object
4) Open the Security tab and click Advanced
5) Click Add (opens Permission Entry dialog), click Select A Principal, Click Object Types and select
Computers. Enter the name of the cluster computer object.
6) Back in the Permission Entry dialog, scroll down, and select Create Computer Objects.
7) OK everything, (you might need to wait for your DCs to replicate if you have site links to deal with) return to
Failover Cluster Manager, right-click on the SOFS role, and click Start Role. It should now start up.
http://www.aidanfinn.com/?p=14142
QUESTION 32
Your network contains two servers named Server1 and Server 2. Both servers run Windows Server 2012 and
have the Hyper-V server role installed. Server1 hosts a virtual machine named VM1.
The virtual machine configuration files and the virtual hard disks for VM1 are stored in D: \VM1.
You shut down VM1 on Server1.
You copy D:\VM1 to D:\VM1 on Server2.
You need to start VM1 on Server2. You want to achieve this goal by using the minimum amount of
administrative effort.
What should you do?
A.
B.
C.
D.
Run the Import-VMIntialReplication cmdlet
Create a new virtual machine on Server2 and attach the VHD from VM1 to the new virtual machine
From Hyper-V Manager, run the Import Virtual Machine wizard.
Run the Import-IscsiVirtualDisk cmdlet
Correct Answer: C
Section: (none)
Explanation
QUESTION 33
Your network contains an Active Directory forest. The forest contains one domain named adatum.com. The
domain contains three domain controllers. The domain controllers are configured as shown in the following
table.
DC2 has all of the domain-wide operations master roles. DC3 has all of the forest-wide operation master roles.
You need to ensure that you can use Password Settings objects (PSOs) in the domain. What should you do
first?
A.
B.
C.
D.
Uninstall Active Directory from DC1
Change the domain functional level
Transfer the domain-wide operations master roles
Transfer the forest-wide operations master roles
Correct Answer: A
Section: (none)
Explanation
QUESTION 34
Your network contains an Active Directory forest named contoso.com. The forest contains three domains.
All domain controllers run Windows Server 2012. The forest has a two-way realm trust to a Kerberos realm
named adatum.com.
You discover that users in adatum.com can only access resources in the root domain of contoso.com.
You need to ensure that the adatum.com users can access the resources in all of the domains in the forest.
What should you do in the forest?
A.
B.
C.
D.
Delete the realm trust and create a forest trust.
Delete the realm trust and create three external trusts.
Modify the incoming realm trust
Modify the outgoing realm trust
Correct Answer: D
Section: (none)
Explanation
QUESTION 35
Your network contains an Active Directory domain named contoso.com. The domain contains two domain
controllers named DC1 and DC2 that run Windows Server 2012. DC1 and DC2 fail to replicate Active Directory
information.
You confirm that DC1 and DC2 have network connectivity. The NTDS Settings of DC2 are configured as shown
in the NTDS Settings exhibit. (Click tie Exhibit button.)
DNS is configured as shown in the DNS exhibit.
You need to ensure that DC1 and DC2 can replicate immediately. Which two actions should you
A.
B.
C.
D.
E.
F.
From
From
From
From
From
From
DC1, restart the Netlogon service.
DC2, run nltest.exe /sync.
DC1, run ipconfig /flushdns
DO, run repadmin /syncall
DC2, run ipconfig /registerdns
DC2, restart the Netlogon service
Correct Answer: DE
Section: (none)
Explanation
The DC2 name/alias is not available in DNS.
First we register the DC2 name from DC with the ipcpnfig /registerdns. (E) Then we synchronizes
a specified domain controller DC1 (DC2 would also work) with all of its replication partners with
repadmin /syncall. (D)
QUESTION 36
failover cluster named Cluster1. Cluster1 contains a Clustered Shared Volume (CSV). A developer creates an
Application named App1.
App1 is NOT a cluster-aware Application. App1 stores data in the file system. You need to ensure that App1
runs in Cluster1. The solution must minimize development effort.
Which cmdlet should you run?
A.
B.
C.
D.
Add-ClusterGenericServiceRole
Add-ClusterServerRole
Add-ClusterGenericApplicationRole
Add-ClusterScaleOutFileServerRole
Correct Answer: C
Section: (none)
Explanation
Configure high availability for an application that was not originally designed to run in a failover
cluster.
* If you run an application as a Generic Application, the cluster software will start the application,
then periodically query the operating system to see whether the application appears to be running.
If so, it is presumed to be online, and will not be restarted or failed over.
QUESTION 37
You have a server named Server1 that runs Windows Server 2012.
You start Server1 by using Windows PE.
You need to repair the Boot Configuration Data (BCD) store on Server1.
A.
B.
C.
D.
Bootim
Bootsect
Bootrec
Bootcfg
Correct Answer: C
Section: (none)
Explanation
bootrec /rebuildbcd
QUESTION 38
servers named Server1 and Server2. All servers run Windows Server 2012. Server1 and Server2 have the
Failover Clustering feature installed.
The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a Clustered
Shared Volume (CSV). A developer creates an application named Appl.
App1 is NOT a cluster-aware application. App1 stores data in the file system.
You need to ensure that App1 runs in Cluster1. The solution must minimize development effort. Which cmdlet
should you run?
A.
B.
C.
D.
Add-ClusterServerRole
Add ClusterScaleOutFileServerRole
Add ClusterGenericApplicationRole
Correct Answer: D
Section: (none)
Explanation
Add-ClusterGenericApplicationRole Configure high availability for an application that was not originally designed
to run in a failover cluster.
* If you run an application as a Generic Application, the cluster software will start the application, then
periodically query the operating system to see whether the application appears to be running.
If so, it is presumed to be online, and will not be restarted or failed over.
QUESTION 39
Your network contains three Application servers that run Windows Server 2012. The Application servers have
the Network Load Balancing (NLB) feature installed.
You create an NLB cluster that contains the three servers. You plan to deploy an Application named App1 to
the nodes in the cluster. App1 uses TCP port 8080 and TCP port 8081.
Clients will connect to App1 by using HTTP and HTTPS. When clients connect to App1 by using HTTPS,
session state information will be retained locally by the cluster node that responds to the client request.
You need to configure a port rule for App1. Which port rule should you use? To answer, select the appropriate
rule in the answer area:
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 40
The servers have the Hyper-V server role installed.
A certification authority (CA) is available on the network. A virtual machine named vml.contoso.com is
replicated from Server1 to Server2. A virtual machine named vm2.contoso.com is replicated from Server2 to
Server1.
You need to configure Hyper-V to encrypt the replication of the virtual machines. Which common name should
you use for the certificates on each server? To answer, configure the appropriate common name for the
certificate on each server in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 41
The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a file server role
named FS1 and a generic service role named SVC1.
Server1 is the preferred node for FS1. Server2 is the preferred node for SVC1.
You plan to run a disk maintenance tool on the physical disk used by FS1. You need to ensure that running the
disk maintenance tool does not cause a failover to occur. What should you do before you run the tool?
A.
B.
C.
D.
Run cluster.exe and specify the pause parameter
Run cluster.exe and specify the offline parameter
Run Suspend-ClusterResource
Run Suspend-ClusterNode.
Correct Answer: B
Section: (none)
Explanation
QUESTION 42
All servers run Windows Server 2012. Server1 and Server2 have the Failover Clustering feature installed. The
servers are configured as nodes in a failover cluster named Cluster1.
Cluster1 contains a Clustered Shared Volume (CSV). A developer creates an Application named App1.
App1 is NOT a cluster-aware Application. App1 stores data in the file system. You need to ensure that App1
runs in Cluster1. The solution must minimize development effort.
Which cmdlet should you run?
A.
B.
C.
D.
Add ClusterServerRole
Add-ClusterScaleOutFileServerRole
Correct Answer: A
Section: (none)
Explanation
QUESTION 43
Server1 that runs Windows Server 2012. Server1 is an enterprise root certification authority (CA) for
contoso.com.
Your user account is assigned the certificate manager role and the auditor role on the contoso.com CA. Your
account is a member of the local Administrators group on Server1.
You enable CA role separation on Server1. You need to ensure that you can manage the certificates on the CA.
What should you do?
A.
B.
C.
D.
Remove your user account from the local Administrators group.
Assign the CA administrator role to your user account.
Assign your user account the Bypass traverse checking user right.
Remove your user account from the Manage auditing and security log user right.
Correct Answer: D
Section: (none)
Explanation
QUESTION 44
An administrator installs the IP Address Management (IPAM) Server feature on a server named Server2.
The administrator configures IPAM by using Group Policy based provisioning and starts server discovery.
You plan to create Group Policies for IPAM provisioning. You need to identify which Group Policy object (GPO)
name prefix must be used for IPAM Group Policies.
A.
B.
C.
D.
From Server Manager, review the IPAM overview.
Run the ipamgc.exe tool.
From Task Scheduler, review the IPAM tasks.
Run the Get-IpamConfiguration cmdlet.
Correct Answer: A
Section: (none)
Explanation
QUESTION 45
Server1 that runs Windows Server 2012. The system properties of Server1 are shown in the exhibit.
You need to configure Server1 as an enterprise subordinate certification authority (CA). What should you do
first?
A.
B.
C.
D.
Add RAM to the server.
Set the Startup Type of the Certificate Propagation service to Automatic
Install the Certification Authority Web Enrollment role service.
Join Server1 to the contoso.com domain
Correct Answer: D
Section: (none)
Explanation
Server must be a member of the domain to read the AD.
The image states the machine is member of a workgroup
QUESTION 46
Your network contains an Active Directory domain named contoso.com. The domain contains four member
servers named Server1, Server2, Server3, and Server4.
Server1 and 5erver2 run Windows Server 2008 R2. Server1 and Server2 have the Hyper-V server role and the
Failover Clustering is configured to provide highly available virtual machines by using a cluster named Cluster1.
Cluster1 hosts 10 virtual machines.
Server3 and Server4 run Windows Server 2012.
You install the Hyper-V server role and the Failover Clustering feature on Server3 and Server4.
You create a cluster named Cluster2.
You need to migrate cluster resources from Cluster1 to Cluster2. The solution must minimize downtime on the
virtual machines.
Which five actions should you perform?
To answer, move the appropriate five actions from the list of actions to the answer area and arrange them in
the correct order.
Select and Place:
Correct Answer:
Section: (none)
Explanation
Migrate a Cluster Wizard
Box 1: Shut down all of the virtual machines in Cluster1.
Box 2: Unmask the shared storage to present the storage to Cluster2.
Box 3: Mask the shared storage to prevent the storage from being accessed by Cluster1.
Box 4: Start the virtual machines in Cluster2.
Box 5: From the Failover Cluster Manager in Cluster1, run the Migrate a Cluster Wizard.
Note:
* The new cluster roles are always created offline - when VMs and users are ready, the following
steps should be used during a maintenance window:
i. The source VMs should be shut down and turned off.
ii. The source cluster CSV volumes that have been migrated should be off-lined. iii. The storage
that is common to both clusters (LUNS) should be masked (hidden) from the source cluster, to
prevent accidental usage by both clusters.
iv. The storage that is common to both clusters (LUNS) should be presented to the new cluster. v.
The CSV volumes on the target cluster should be on-lined.
vi. The VMs on the target cluster should be on-lined.
vii. VMs are migrated and ready for use!
* Now that the target cluster has been pre-staged, use the following steps during a maintenance
window to cut over to the new Windows Server 2012 cluster:
1. Shutdown all VMs on the source Windows Server 2008 R2 cluster that have been migrated.
2. Configure the storage:
a. Unmask the common shared storage (LUNs) so that they are not presented to the Windows
Server 2008 R2source cluster
Note: Data could become corrupt if they are presented to multiple clusters at the same time.
b. Mask the common shared storage (LUNs) to the Windows Server 2012 target cluster.
QUESTION 47
servers named Server1 and Server2. All servers run Windows Server 2012. Server1 and Server2 have the
The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 has access to four physical
disks. The disks are configured as shown in the following table.
You need to identify which disk can be added to a Clustered Storage Space in Cluster1. Which disk should you
identify?
A.
B.
C.
D.
Disk1
Disk2
Disk3
Disk4
Correct Answer: B
Section: (none)
Explanation
SAS is a direct SCSI device.
What types of storage arrays can I use with Storage Spaces?
Storage arrays that provide direct connectivity to the physical disks they house and do not layer RAID
implementations or abstract the disks in any way are compatible with Storage Spaces. Such arrays are also
known as Just a Bunch of Disks (JBOD).
For Storage Spaces to identify disks by slot and leverage the array’s failure and identify/locate lights, the array
must support SCSI Enclosure Services (SES) version 3. For a list of compatible arrays, see the Windows
Server Hardware Catalog This link is external to TechNet Wiki. It will open in a new window. .
Enclosure Awareness Support - Tolerating an Entire Enclosure Failing
To support deployments that require an added level of fault tolerance, Storage Spaces supports associating
each copy of data with a particular JBOD enclosure. This capability is known as enclosure awareness. With
enclosure awareness, if one enclosure fails or goes offline, the data remains available in one or more alternate
enclosures.
To use enclosure awareness with Storage Spaces, your environment must meet the following requirements:
JBOD storage enclosures must support SCSI Enclosure Services (SES).
Storage spaces must use the mirror resiliency type if you're using Windows Server 2012:
To tolerate one failed enclosure with two-way mirrors, you need three compatible storage enclosures.
To tolerate two failed enclosures with three-way mirrors, you need five compatible storage enclosures.
QUESTION 48
You have a server named Server1 that runs Windows Server 2012. Server1 has the File Server Resource
Manager role service installed.
You attempt to delete a classification property and you receive the error message as shown in the exhibit.
You need to delete the is Confidential classification property. What should you do?
A.
B.
C.
D.
Delete the classification rule that is assigned the isConfidential classification property
Disable the classification rule that is assigned the isConfidential classification property.
Set files that have an isConfidential classification property value of Yes to No
Clear the isConfidential classification property value of all files.
Correct Answer: A
Section: (none)
Explanation
QUESTION 49
You have a server named Server1 that runs Windows Server 2012. Windows Server 2012 is installed on
volume C.
You need to ensure that Safe Mode with Command Prompt loads the next time Server1 restarts. Which tool
should you use?
A.
B.
C.
D.
The Restart-Server cmdlet
The Bootcfg command
The Restart-Computer cmdlet
The Bcdedit command
Correct Answer: D
Section: (none)
Explanation
QUESTION 50
You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server
2012.
You need to schedule the installation of Windows updates on the cluster nodes. Which tool should you use?
A.
B.
C.
D.
The Wusa command
The Invoke-CauScan cmdlet
The Add-CauClusterRole cmdlet
The Wuauclt command
Correct Answer: C
Section: (none)
Explanation
The Add-CauClusterRole cmdlet adds the Cluster-Aware Updating (CAU) clustered role that provides the selfupdating functionality to the specified cluster. When the CAU clustered role has been added to a cluster, the
failover cluster can update itself on the schedule that is specified by the user, without requiring an external
computer to coordinate the cluster updating process.
QUESTION 51
You have a server named Server1 that runs Windows Server 2012. You download and install the Windows
Azure Online Backup Service Agent on Server1.
You need to ensure that you can configure an online backup from Windows Server Backup. What should you
do first?
A.
B.
C.
D.
From Windows Server Backup, run the Register Server Wizard.
From Computer Management, add the Server1 computer account to the Backup Operators group.
From a command prompt, run wbadmin.exe enable backup.
From the Services console, modify the Log On settings of the Windows Azure Online Backup Service
Agent.
Correct Answer: A
Section: (none)
Explanation
QUESTION 52
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named
contoso.com and childl.contoso.com. The domains contain three domain
You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting
is enforced in the child1.contoso.com domain.
A.
B.
C.
D.
E.
Raise the domain functional level ofchildl.contoso.com.
Raise the domain functional level of contoso.com.
Raise the forest functional level of contoso.com.
Correct Answer: BD
Section: (none)
Explanation
If you want to create access control based on claims and compound authentication, you need to deploy
Dynamic Access Control. This requires that you upgrade to Kerberos clients and use the KDC, which support
these new authorization types.
With Windows Server 2012, you do not have to wait until all the domain controllers and the domain functional
level are upgraded to take advantage of new access control options
http://technet.microsoft.com/en-us/library/hh831747.aspx.
QUESTION 53
a branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012.
table.
You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which tool
should you use?
A.
B.
C.
D.
Repadmin
Ntdsutil
Correct Answer: C
Section: (none)
Explanation
Repadmin.exe is a command line tool that is designed to assist administrators in diagnosing,monitoring, and
troubleshooting Active Directory replication problems.
QUESTION 54
a branch office. An Active Directory site exists for each office.
All domain controllers run Windows Server 2012. The domain contains two domain controllers. The domain
You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which tool
should you use?
A.
B.
C.
D.
Ntdsutil
DNS Manager
Correct Answer: C
Section: (none)
Explanation
The primary tool that you use to manage DNS servers is DNS Manager, the DNS snap-in in
Microsoft Management Console (MMC), which appears as DNS in Administrative Tools on the Start
menu. You can use DNS Manager along with other snapins in MMC, further integrating DNS
administration into your total network management. It is also available in Server Manager on
computers with the DNS Server role installed. You can use DNS Manager to perform the following
basic administrative server tasks:
*
Performing initial configuration of a new DNS server.
*
Connecting to and managing a local DNS server on the same computer or remote DNS servers on
other computers.
*
Adding and removing forward and reverse lookup zones, as necessary.
*
Adding, removing, and updating resource records in zones.
*
Modifying how zones are stored and replicated between servers.
*
Modifying how servers process queries and handle dynamic updates.
Modifying
security for specific zones or resource records.
In addition, you can also use DNS Manager to perform the following tasks:
*
Perform maintenance on the server. You can start, stop, pause, or resume the server or manually
update server data files.
*
Monitor the contents of the server cache and, as necessary, clear it.
*
Tune advanced server options.
Configure and perform aging and scavenging of stale resource records that are stored by the server.
Reference: DNS Tools
QUESTION 55
Server 2012. The domain contains two domain controllers.
The Branch site contains a perimeter network. For security reasons, client computers in the perimeter network
can communicate with client computers in the Branch site only.
You plan to deploy a new RODC to the perimeter network in the Branch site. You need to ensure that the new
RODC will be able to replicate from DC10. What should you do first on DC10?
A.
B.
C.
D.
Run dcpromo and specify the /createdcaccount parameter.
Run the Add-ADDSReadOnlyDomainControllerAccount cmdlet.
Enable the Bridge all site links setting.
Correct Answer: C
Section: (none)
Explanation
Creates a read-only domain controller (RODC) account that can be used to install an RODC in
Active Directory.
Note:
* Notes
Once you have added the RODC account, you can add an RODC to a server computer by using
the Install-ADDSDomainController cmdlet with the -ReadOnlyReplica switch parameter.
* Example
Adds a new read-only domain controller (RODC) account to the corp.contoso.com domain using
the North America site as the source site for the replication source domain controller.
C:\PS>Add-ADDSReadOnlyDomainControllerAccount -DomainControllerAccountName RODC1 DomainName corp.contoso.com -SiteName NorthAmerica
Reference: Add-ADDSReadOnlyDomainControllerAccount
QUESTION 56
authority (CA).
All users in the domain are issued a smart card and are required to log on to their domainjoined client computer
by using their smart card. A user named User1 resigned and started to work for a competing company.
A.
B.
C.
D.
The Security Configuration Wizard
The Certification Authority console
Correct Answer: B
Section: (none)
Explanation
You can use the Certification Authority console to configure CAs. This includes the following tasks:
Scheduling certificate revocation list publication.
Installing the CA certificate when necessary.
Configuring exit module settings.
Configuring policy module settings.
Modifying security permissions and delegate control of CAs.
Enabling optional Netscapecompatible
Web-based revocation checking.
Reference: Configure Certification Authorities
QUESTION 57
You have a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server
server role installed. You need to store the contents of all the DNS queries received by Server1.
A.
B.
C.
D.
Logging from Windows Firewall with Advanced Security
Debug logging from DNS Manager
A Data Collector Set (DCS) from Performance Monitor
Monitoring from DNS Manager
Correct Answer: D
Section: (none)
Explanation
The following DNS debug logging options are available:
* Direction of packets
Send Packets sent by the DNS server are logged in the DNS server log file. Receive Packets
received by the DNS server are logged in the log file.
* Content of packets
(D) Standard queries Specifies that packets containing standard queries (per RFC 1034) are logged
in the DNS server log file.
Updates Specifies that packets containing dynamic updates (per RFC 2136) are logged in the DNS
server log file.
Notifies Specifies that packets containing notifications (per RFC 1996) are logged in the DNS server
log file.
Etc.
QUESTION 58
You have a server named LON-DC1 that runs Windows Server 2012. An iSCSI virtual disk named
VirtuahSCSIl.vhd exists on LON-DC1 as shown in the exhibit.
You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI
target.VirtuahSCSI1.vhd is removed from LON-DC1.
You need to assign VirtualiSCSI2.vhd a logical unit value of 0.
What should you do?
A.
B.
C.
D.
Run the Set-IscsiVirtualDisk cmdlet and specify the -DevicePath parameter
Run the iscsicpl command and specify the virtualdisklun parameter
Modify the properties of the itgt ISCSI target
Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter
Correct Answer: D
Section: (none)
Explanation
Set-VirtualDisk
Modifies the attributes of an existing virtual disk.
Applies To: Windows Server 2012
-UniqueId<String>
Specifies an ID used to uniquely identify a Disk object in the system. The ID persists through
restarts. Note: Logical unit numbers (LUNs) created on an iSCSI disk storage subsystem are not
directly assigned to a server. For iSCSI, LUNs are assigned to logical entities called targets.
QUESTION 59
You have a Hyper-V host named Server1 that runs Windows Server 2012. Server1 contains a virtual machine
named VM1 that runs Windows Server 2012.
You fail to start VM1 and you suspect that the boot files on VM1 are corrupt. On Server1, you attach the virtual
hard disk (VHD) of VM1 and you assign the VHD a drive letter of F.
You need to repair the corrupt boot files on VM1. What should you run?
A.
B.
C.
D.
bootrec.exe /rebuildbcd
bootrec.exe /scanos
bcdboot.exe f:\windows /s c:
bcdboot.exe c:\windows /s f:
Correct Answer: D
Section: (none)
Explanation
QUESTION 60
Server1 that runs Windows Server 2012 and has the DNS Server server role installed.
Server1 has a zone named contoso.com. The zone is configured as shown in the exhibit.
You need to assign a user named User1 permission to add and delete records from the contoso.com zone
only.
What should you do first?
A.
B.
C.
D.
Enable the Advanced view from DNS Manager.
Add User1 to the DnsUpdateProxy group.
Run the New Delegation Wizard.
Configure the zone to be Active Directory-integrated.
Correct Answer: D
Section: (none)
Explanation
Extra Questions
QUESTION 1
Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1
and Server2 are nodes in a failover cluster named Cluster1.
The network contains two servers named Server3 and Server4 that run Windows Server 2012.
Server3 and Server4 are nodes in a failover cluster named Cluster2.
You need to move all of the applications and the services from Cluster1 to Cluster2.
What should you do first from Failover Cluster Manager?
A.
B.
C.
D.
On a server in Cluster1, click Move Core Cluster Resources, and then click Select Node
On a server in Cluster2, click Migrate Roles
Correct Answer: A
Section: (none)
Explanation
QUESTION 2
Your network contains two servers named HV1 and HV2. Both servers run Windows Server 2012 and have the
Hyper-V server role installed. HV1 hosts 25 virtual machines.
The virtual machine configuration files and the virtual hard disks are stored in D:\VM. You shut down all of the
virtual machines on HV1.
You copy D:\VM to D:\VM on HV2. You need to start all of the virtual machines on HV2.
You want to achieve this goal by using the minimum amount of administrative effort. What should you do?
A. Run the Import-VMInitialReplication cmdlet.
B. From HV1, export all virtual machines to D:\VM.
Copy D:\VM to D:\VM on HV2 and overwrite the existing files.
On HV2, run the Import Virtual Machine wizard.
C. From HV1, export all virtual machines to D:\VM.
Copy D:\VM to D:\VM on HV2 and overwrite the existing files.
On HV2, run the New Virtual Machine wizard.
D. Run the Import-VM cmdlet.
Correct Answer: D
Section: (none)
Explanation
Import-VM
Imports a virtual machine from a file.
QUESTION 3
Your company recently deployed a new Active Directory forest named contoso.com. The first domain controller
in the forest runs Windows Server 2012.
You need to identify the time-to-live (TTL) value for domain referrals to the NETLOGON and SYSVOL shared
folders. Which tool should you use?
A.
B.
C.
D.
Ultrasound
Replmon
Dfsdiag
Frsutil
Correct Answer: C
Section: (none)
Explanation
http://blogs.technet.com/b/filecab/archive/2008/10/24/what-does-dfsdiag-do.aspx
QUESTION 4
Server1 has Microsoft SQL Server 2012 installed. You install the Active Directory Federation Services server
role on Server2. You need to configure Server2 as the first Active Directory Federation Services (AD FS) server
in the domain.
The solution must ensure that the AD FS database is stored in a SQL Server database on Server1. What
should you do on Server2?
A. From the AD FS console, run the AD FS Federation Server Configuration Wizard and select the Standalone federation server option.
B. From Server Manager, install the Federation Service Proxy
C. From Windows PowerShell, run Install-ADFSFarm
D. From Server Manager, install the AD FS Web Agents
Correct Answer: A
Section: (none)
Explanation
To create the first federation server in a federation server farm There are two ways to start the AD
FS Federation Server Configuration Wizard. On the Welcome page, verify that Create a new
Federation Service is selected, and then click Next. On the Select Stand-Alone or Farm
Deployment page, click New federation server farm, and then click Next.
On the Specify the Federation Service Name page, verify that the SSL certificate that is showing is
correct. If this is not the correct certificate, select the appropriate certificate from the SSL certificate
list.
Etc.
Note:
After you install the Federation Service role service and configure the required certificates on a
computer, you are ready to configure the computer to become a federation server. You can use the
following procedure to set up the computer to become the first federation server in a new federation
server farm using the AD FS Federation Server Configuration Wizard. The act of creating the first
federation server in a farm also creates a new Federation Service and makes this computer the
primary federation server. This means that this computer will be configured with a read/write copy
of the AD FS configuration database. All other federation servers in this farm must replicate any
changes that are made on the primary federation server to their read-only copies of the AD FS
configuration database that they store locally. Reference: To create the first federation server in a
federation server farm
QUESTION 5
Your network contains two servers that run Windows Server 2012 named Server1 and Server2. Both servers
have the File Server role service installed.
On Server2, you create a share named Backups. From Windows Server Backup on Server1, you schedule a
full backup to run every night.
You set the backup destination to \\Server2 \Backups.
After several weeks, you discover that \\Server2\Backups only contains the last backup that completed on
Server1. You need to ensure that multiple backups of Server1 are maintained.
What should you do?
A.
B.
C.
D.
Modify the Volume Shadow Copy Service (VSS) settings
Modify the properties of the Windows Store Service (WSService) service
Change the backup destination
Configure the permission of the Backups share
Correct Answer: C
Section: (none)
Explanation
backup destination in the question is a UNC path.
for previous backups to be saved you need a 'local" disk, however iscsi is also supported.
QUESTION 6
Server1 has an enterprise root certification authority (CA) for contoso.com.
You deploy another member server named Server2 that runs Windows Server 2012 and has the Web Server
(IIS) server role installed.
You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point for the C
A.
The solution must ensure that CRLs are published automatically to Server2. Which two actions should you
A.
B.
C.
D.
E.
Create an http:// CRL distribution point (CDP) entry.
Configure a CA exit module
Create a file:// CRL distribution point (CDP) entry
Configure an enrollment agent
Configure a CA policy module
Correct Answer: AE
Section: (none)
Explanation
To specify CRL distribution points in issued certificates Open the Certification Authority snap-in.
In the console tree, click the name of the CA.
On the Action menu, click Properties , and then click the Extensions tab. Confirm that Select
extension is set to CRL Distribution Point (CDP) .
Do one or more of the following. (The list of CRL distribution points is in the Specify locations from
which users can obtain a certificate revocation list (CRL) box.) / To indicate that you want to use a
URL as a CRL distribution point Click the CRL distribution point, select the Include in the CDP
extension of issued certificates check box, and then click OK .
Click Yes to stop and restart Active Directory Certificate Services (AD CS).
E: You can specify CRL Distribution Points (CDPs) in CAPolicy.inf. Note that any CDP in
CAPolicy.inf will take precedence for certificate verifiers over the CDP's specified in the CA policy
module.
Note:
CRLDistributionPoint
You can specify CRL Distribution Points (CDPs) for a root CA certificate in the CAPolicy.inf. This
section does not configure the CDP for the CA itself. After the CA has been installed you can
configure the CDP URLs that the CA will include in each certificate that it issues. The URLs
specified in this section of the CAPolicy.inf file are included in the root CA certificate itself.
Example:
[CRLDistributionPoint]
URL=http://pki.wingtiptoys.com/cdp/WingtipToysRootCA.crl
QUESTION 7
Your network contains an Active Directory domain named adatum.com. You create a new Group Policy object
(GPO) named GPO1.
You need to verify that GPO1 was replicated to all of the domain controllers. Which tool should you use?
A.
B.
C.
D.
Gpupdate
Gpresult
Group Policy Management
Correct Answer: D
Section: (none)
Explanation

Microsoft.Selftestengine.70-412.v2013-10-26.by

Transcription

Similar documents

AIRMAN`S INFORMATiON MANUAL

Media Pack - The Directory Group

dalrev_vol51_iss3_pp332_336

F-Root-ICANN55 Jeff Markup.key

The 2015 CALED Member Directory will be a stand

the cybex trazer

NFL Game Pass Walkthrough

Xsigo Presentation