Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has 2 dual-
core processors and 16 GB of RAM.
You install the Hyper-V server role in Server1.
You plan to create two virtual machines on Server1.
You need to ensure that both virtual machines can use up to 8 GB of memory. The solution
must ensure that both virtual machines can be started simultaneously.
What should you configure on each virtual machine?
A. Dynamic Memory
B. NUMA topology
C. Memory weight
D. Resource Control
Answer: A
Q2. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
You create a new inbound rule by using Windows Firewall with Advanced Security.
You need to configure the rule to allow Server1 to accept unsolicited inbound packets that are received through a network address translation (NAT) device on the network.
Which setting in the rule should you configure?
A. Interface types
B. Authorized computers
C. Remote IP address
D. Edge traversal
Answer: D
Explanation:
Edge traversal – This indicates whether edge traversal is enabled (Yes) or disabled (No). When edge traversal is enabled, the application, service, or port to which the rule applies is globally addressable and accessible from outside a network address translation (NAT) or edge device.
Select one of the following options from the list: Block edge traversal (default) – Prevent applications from receiving unsolicited traffic from the Internet through a NAT edge device. Allow edge traversal – Allow applications to receive unsolicited traffic directly from the Internet through a NAT edge device. Defer to user – Let the user decide whether to allow unsolicited traffic from the Internet through a NAT edge device when an application requests it. Defer to application – Let each application determine whether to allow unsolicited traffic from the Internet through a NAT edge device.
: http://technet.microsoft.com/en-us/library/cc731927.aspx
Q3. - (Topic 3)
Your network contains one Active Directory domain named contoso.com. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01.
The domain contains an administrator account named Admin1.
You need to prevent Admin1 from creating more than 100 objects in the domain partition.
Which tool should you use?
A. the ntdsutil command
B. the Set-ADDomain cmdlet
C. the Install-ADDSDomain cmdlet
D. the dsadd command
E. the dsamain command
F. the dsmgmt command
G. the net user command
H. the Set-ADForest cmdlet
Answer: D
Explanation:
Active Directory quotas are limits on the number of objects that a security principal (that has been delegated the Create Child Objects or Delete Child Objects permission) can own and create. To assign a quota to a security principal, you must use the directory services tools. The command and required parameters for assigning a quota to a security principal are as follows:
dsadd quota –part <partition distinguished name> –qlimit <quotalimit> –acct <security prinicipal>
Reference: Active Directory Quotas
https://technet.microsoft.com/en-us/library/cc904295(v=ws.10).aspx
Q4. HOTSPOT - (Topic 3)
Your network contains a domain controller named dc5.adatum.com that runs Windows
Server 2012 R2.
You discover that you can connect successfully to DC5 over the network, but you receive a
request timed out message when you attempt to ping DC5.
You need to configure DC5 to respond to ping request.
Which firewall rule should you modify on DC5? To answer, select the appropriate rule in
the answer area.
Answer:
Q5. - (Topic 3)
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and corp.contoso.com. All domain controllers run Windows Server 2012 R2 and are configured as global catalog servers. The corp.contoso.com domain contains a domain controller named DC1.
You need to disable the global catalog on DC1.
What should you do?
A. From Active Directory Users and Computers, modify the properties of the DC1 computer account.
B. From Active Directory Administrative Center, modify the properties of the DC1 computer account.
C. From Active Directory Sites and Services, modify the NTDS Settings of the DC1 server object.
D. From Active Directory Domains and Trusts, modify the properties of the corp.contoso.com domain.
Answer: C
Explanation:
To add or remove the global catalog
Open Active Directory Sites and Services. To open Active Directory Sites and Services,
click Start, click Administrative Tools, and then click Active Directory Sites and Services.
To open Active Directory Sites and Services in Windows Server. 2012, click Start, type
dssite.msc.
In the console tree, click the server object to which you want to add the global catalog or
from which you want to remove the global catalog.
Where?
Active Directory Sites and Services\Sites\SiteName\Servers
In the details pane, right-click NTDS Settings of the selected server object, and then click
Properties.
Select the Global Catalog check box to add the global catalog, or clear the check box to
remove the global catalog.
Q6. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1. Server1 runs Windows Server 2012 R2.
You need to create a 3-TB virtual hard disk (VHD) on Server1.
Which tool should you use?
A. New-StoragePool
B. Diskpart
C. File Server Resource Manager (FSRM)
D. New-StorageSubsytemVirtualDisk
Answer: B
Explanation:
You can create a VHD from either the Disk Management snap-in or the command line (diskpart). From the DiskPart command-line tool at an elevated command prompt, run the create vdisk command and specify the file (to name the file) and maximum (to set the maximum size in megabytes) parameters. The following code demonstrates how to create a VHD file at C:\vdisks\disk1.vdh with a maximum file size of 16 GB (or 16,000 MB). DiskPart Microsoft DiskPart version 6.1.7100 Copyright (C) 1999-2008 Microsoft Corporation. On computer: WIN7 DISKPART> create vdisk file="C:\vdisks\disk1.vhd" maximum=16000
Q7. - (Topic 1)
Your network contains an Active Directory forest named contoso.com.
The forest contains two domains named contoso.com and child.contoso.com and two sites named Site1 and Site2. The domains and the sites are configured as shown in following table.
When the link between Site1 and Site2 fails, users fail to log on to Site2.
You need to identify what prevents the users in Site2 from logging on to the child.contoso.com domain.
What should you identify?
A. The placement of the global catalog server
B. The placement of the infrastructure master
C. The placement of the domain naming master
D. The placement of the PDC emulator
Answer: D
Explanation:
The exhibit shows that Site2 does not have a PDC emulator. This is important because of the close interaction between the RID operations master role and the PDC emulator role. The PDC emulator processes password changes from earlier-version clients and other domain controllers on a best-effort basis; handles password authentication requests involving passwords that have recently changed and not yet been replicated throughout the domain; and, by default, synchronizes time. If this domain controller cannot connect to the PDC emulator, this domain controller cannot process authentication requests, it may not be able to synchronize time, and password updates cannot be replicated to it. The PDC emulator master processes password changes from client computers and replicates these updates to all domain controllers throughout the domain. At any time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.
Q8. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a member server named Server1. Server1 has the File Server server role installed.
On Server1, you create a share named Documents. The Documents share will contain the files and folders of all users.
You need to ensure that when the users connect to Documents, they only see the files to which they have access.
What should you do?
A. Enable access-based enumeration.
B. Configure Dynamic Access Control.
C. Modify the Share permissions.
D. Modify the NTFS permissions.
Answer: A
Explanation:
Access-based Enumeration is a new feature included with Windows Server 2003 Service
Pack 1. This feature allows users of Windows Server 2003-Based file servers to list only
the files and folders to which they have access when browsing content on the file server.
This eliminates user confusion that can be caused when users connect to a file server and
encounter a large number of files and folders that they cannot access. Access-based
Enumeration filters the list of available files and folders on a server to include only those
that the requesting user has access to. This change is important because this allows users
to see only those files and directories that they have access to and nothing else. This
mitigates the scenario where unauthorized users might otherwise be able to see the
contents of a directory even though they don’t have access to it.
Access-Based Enumeration (ABE) can be enabled at the Share properties through Server
Manager
References:
Exam Ref 70-410: Installing and configuring Windows Server 2012 R2, Chapter 2:
Configure server roles and features, Objective 2.1: Configure file and share access, p. 75-
Q9. - (Topic 3)
You have a file server named Server1 that runs Windows Server 2012 R2. Server1 contains a folder named Folder1.
You share Folder1 as Share1 by using Advanced Sharing. Access-based enumeration is
enabled.
Share1 contains an application named Appl.exe.
You configure the NTFS permissions on Folder1 as shown in the following table.
The members of Group2 report that they cannot make changes to the files in Share1. The
members of Group1 and Group2 run Appl.exe successfully.
You need to ensure that the members of Group2 can edit the files in Share1.
What should you do?
A. Replace the NTFS permissions on all of the child objects.
B. Edit the Share permissions.
C. Edit the NTFS permissions.
D. Disable access-based enumeration.
Answer: C
Explanation:
Share permissions and NTFS permissions are independent in the sense that neither changes the other. The final access permissions on a shared folder are determined by taking into consideration both the share permission and the NTFS permission entries. The more restrictive permissions are then applied.
References: Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter8: File Services and Storage, Lesson 2: Provisioning and Managing Shared Storage, p.388
Q10. - (Topic 3)
Your network contains two subnets. The subnets are configured as shown in the following table.
You have a server named Server2 that runs Windows Server 2012 R2. Server2 is connected to LAN1. You run the route print command as shown in the exhibit.
You need to ensure that Server2 can communicate with the client computers on LAN2.
What should you do?
A. Change the metric of the 10.10.1.0 route.
B. Set the state of the Teredo interface to disable.
C. Set the state of the Microsoft ISATAP Adapter #2 interface to disable.
D. Run route delete 172.23.2.0.
Answer: D
Explanation:
You should delete the route 172.23.2.0 to allow communication between the client computers and Server2. The route is used to identify PIv6 /IPv4 packets that are being sent.
Q11. - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2.
You plan to create an image of Server1.
You need to remove the source files for all server roles that are not installed on Server1.
Which tool should you use?
A. servermanagercmd.exe
B. imagex.exe
C. ocsetup.exe
D. dism.exe
Answer: D
Explanation:
servermanagercmd.exe – The ServerManagerCmd.exe command-line tool has been deprecated in Windows Server 2008 R2. imagex.exe – ImageX is a command-line tool in Windows Vista that you can use to create and manage Windows image (.wim) files. A .wim file contains one or more volume images, disk volumes that contain images of an installed Windows operating system. dism.exe – Deployment Image Servicing and Management (DISM.exe) is a command-line tool that can be used to service a Windows image or to prepare a Windows Preinstallation Environment (Windows PE) image. It replaces Package Manager (Pkgmgr.exe), PEimg, and Intlcfg that were included in Windows Vista. The functionality that was included in these tools is now consolidated in one tool(DISM.exe), and new functionality has been added to improve the experience for offline servicing. DISM can Add, remove, and enumerate packages. ocsetup.exe – The Ocsetup.exe tool is used as a wrapper for Package Manager (Pkgmgr.exe) and for Windows Installer (Msiexec.exe). Ocsetup.exe is a command-line utility that can be used to perform scripted installs and scripted uninstalls of Windows optional components. The Ocsetup.exe tool replaces the Sysocmgr.exe tool that Windows XP and Windows Server 2003i use.
The Dism utility can be used to create and mount an image of Server1.
References:
http://technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd744382(v=ws.10).aspx
Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 2: Deploying Servers, p. 44 Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2: Chapter 1: Installing and Configuring Servers, p. 19-22
Q12. HOTSPOT - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains 25 servers. All servers run Windows Server 2012 R2.
You need to create a Windows Firewall rule to prevent administrators from using Internet Explorer to access the Internet while they are logged on interactively to the servers. The solution must not prevent administrators from accessing websites on the internal network.
How should you configure the rule?
To answer, select the appropriate options in the answer area.
Answer:
Q13. - (Topic 3)
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
On a server named Core1, you perform a Server Core Installation of Windows Server 2012 R2.You join Core1 to the adatum.com domain.
You need to ensure that you can use Event Viewer on Server1 to view the event logs on Core1.
What should you do on Core1?
A. Run the Enable-NetFirewallRule cmdlet.
B. Run the Disable-NetFirewallRule cmdlet.
C. Install Windows Management Framework.
D. Install Remote Server Administration Tools (RSAT).
Answer: A
Explanation:
Event Viewer is a DCOM service which you can enable by either using sconfig to configure remote management or, if you only wish to change the firewall rule for DCOM, enabling the DCOM inbound firewall rule via PowerShell or Windows Firewall with Advanced Security.
Q14. HOTSPOT - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
From Server2, you attempt to connect to Server1 by using Computer Management and you receive the following error message: "Computer\ \Server1 cannot be found. The network path was not found."
From Server1, you successfully connect to Server2 by using Server Manager.
You need to ensure that you can manage Server1 remotely from Server2 by using Computer Management.
What should you configure? To answer, select the appropriate option in the answer area.
Answer:
Q15. - (Topic 2)
Your network contains several servers that run Windows Server 2012 R2 and client computers that run Windows 8.1.
You download several signed Windows PowerShell scripts from the Internet.
You need to run the PowerShell scripts on all of the servers and all of the client computers.
What should you modify first?
A. The environment variables on all of the servers
B. The execution policy on all of the servers
C. The execution policy on all of the client computers
D. The environment variables on all client computers
Answer: C
Explanation:
The default execution policy of Windows Server 2012 is RemoteSigned meaning that as long as a valid signature is used on the scripts, they will run. However, the client computers have a default execution policy of restricted meaning that no scripts will run in PowerShell whatsoever, so this would have to be changed before the scripts could be executed on the client computers.