Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 3)
Your network contains an Active Directory domain named adatum.com. The domain contains a file server named Server2 that runs Windows Server 2012 R2. Server2 contains a shared folder named Home. Home contains the home folder of each user.
All users have the necessary permissions to access only their home folder.
A user named User1 opens the Home share as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that all users see only their own home folder when they access Home.
What should you do from Server2?
A. From Windows Explorer, modify the properties of Home.
B. From Server Manager, modify the properties of the volume that contains Home.
C. From Windows Explorer, modify the properties of the volume that contains Home.
D. From Server Manager, modify the properties of Home.
Answer: D
Explanation:
Access-based Enumeration is a new feature included with Windows Server 2003 Service Pack 1. This feature based file servers to list only the files and folders to which they have allows users of Windows Server 2003 access when browsing content on the file server. This eliminates user confusion that can be caused when users connect to a file server and encounter a large number of files and folders that they cannot access. Access-based Enumeration filters the list of available files and folders on a server to include only those that the requesting user has access to. This change is important because this allows users to see only those files and directories that they have access to and nothing else. This mitigates the scenario where unauthorized users might otherwise be able to see the contents of a directory even though they don’t have access to it.
Q2. - (Topic 3)
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and corp.contoso.com. All domain controllers run Windows Server 2012 R2 and are configured as global catalog servers. The corp.contoso.com domain contains a domain controller named DC1.
You need to disable the global catalog on DC1.
What should you do?
A. From Active Directory Users and Computers, modify the properties of the DC1 computer account.
B. From Active Directory Administrative Center, modify the properties of the DC1 computer account.
C. From Active Directory Sites and Services, modify the NTDS Settings of the DC1 server object.
D. From Active Directory Domains and Trusts, modify the properties of the corp.contoso.com domain.
Answer: C
Explanation:
To add or remove the global catalog
Open Active Directory Sites and Services. To open Active Directory Sites and Services,
click Start, click Administrative Tools, and then click Active Directory Sites and Services.
To open Active Directory Sites and Services in Windows Server. 2012, click Start, type
dssite.msc.
In the console tree, click the server object to which you want to add the global catalog or
from which you want to remove the global catalog.
Where?
Active Directory Sites and Services\Sites\SiteName\Servers
In the details pane, right-click NTDS Settings of the selected server object, and then click
Properties.
Select the Global Catalog check box to add the global catalog, or clear the check box to
remove the global catalog.
Q3. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1. Server1 runs Windows Server 2012 R2.
You plan to create a shared folder. The shared folder will have a quota limit.
You discover that when you run the New Share Wizard, you cannot select the SMB Share Advanced option.
You need to ensure that you can use SMB Share – Advanced to create the new share.
What should you do on Server1 before you run the New Share Wizard?
A. Configure the Advanced system settings.
B. Run the Install-WindowsFeature cmdlet.
C. Run the Set-SmbShare cmdlet.
D. Install the Share and Storage Management tool.
Answer: B
Explanation:
Install-WindowsFeature will install one or more Windows Server roles, role services, or features on either the local or a specified remote server that is running Windows Server 2012 R2. This cmdlet is equivalent to and replaces Add-WindowsFeature, the cmdlet that was used to install roles, role services, and features in Windows Server 2008 R2.
Q4. - (Topic 3)
You have an existing Active Directory site named Site1. You create a new Active Directory site and name it Site2. You need to configure Active Directory replication between Site1 and Site2. You install a new domain controller.
You create the site link between Site1 and Site2.
What should you do next?
A. Use the Active Directory Sites and Services console to configure a new site link bridge object.
B. Use the Active Directory Sites and Services console to decrease the site link cost between Site1 and Site2.
C. Use the Active Directory Sites and Services console to assign a new IP subnet to Site2. Move the new domain controller object to Site2.
D. Use the Active Directory Sites and Services console to configure the new domain controller as a preferred bridgehead server for Site1.
Answer: C
Explanation:
Inter-site Replication
The process of creating a custom site link has five basic steps:
1. Create the site link.
2. Configure the site link’s associated attributes.
3. Create site link bridges.
4. Configure connection objects. (This step is optional.)
5. Designate a preferred bridgehead server. (This step is optional)
Q5. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com.
Contoso.com has a server, named ENSUREPASS-SR15, which has Windows Server 2012 R2 installed. Contoso.com also has a server, named ENSUREPASS-SR16, which has Windows Server 2008 R2 SP1 installed.
You have been instructed to make sure that ENSUREPASS-SR16 is able to run Windows PowerShell 3.0.
Which of the following actions should you take? (Choose two.)
A. You should consider making sure that ENSUREPASS-SR16 has a full installation of Microsoft .NET Framework 4 installed.
B. You should consider making sure that ENSUREPASS-SR16 has a full installation of Microsoft .NET Framework 2 installed.
C. You should consider making sure that ENSUREPASS-SR16 has WS-Management 3.0 installed.
D. You should consider making sure that ENSUREPASS-SR16 is upgraded to Windows Server 2012 R2.
Answer: A,C
Explanation:
WS-Management 3.0 – Windows Management Framework 3.0 Includes Windows PowerShell 3.0, WMI, WinRM, Management OData IIS Extension, and Server Manager CIM Provider
Windows Management Framework 3.0 requires Microsoft .NET Framework 4.0.
Q6. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed.
Contoso.com has a domain controller, named ENSUREPASS-DC01.
You have been instructed to make sure that the Group Policy Administrative Templates are available centrally.
Which of the following actions should you take?
A. You should consider copying the policies folder to the PolicyDefinitions folder in the Contoso.com domain’s SYSVOL folder.
B. You should consider copying the PolicyDefinitions folder to the policies folder in the Contoso.com domain’s SYSVOL folder.
C. You should consider copying the PolicyDefinitions folder to the policies folder in the Contoso.com domain’s systemroot folder.
D. You should consider copying the PolicyDefinitions folder to the policies folder in the Contoso.com domain’s logonserver folder.
Answer: B
Explanation:
PolicyDefinitions folder within the SYSVOL folder hierarchy. By placing the ADMX files in this directory, they are replicated to every DC in the domain; by extension, the ADMX-aware Group Policy Management Console in Windows Vista, Windows 7, Windows Server 2008 and R2 can check this folder as an additional source of ADMX files, and will report them accordingly when setting your policies. By default, the folder is not created. Whether you are a single DC or several thousand, I would strongly recommend you create a Central Store and start using it for all your ADMX file storage. It really does work well. The Central Store To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain. To create a Central Store for .admx and .adml files, create a folder that is named PolicyDefinitions in the following location: \\FQDN\SYSVOL\FQDN\policies. Note: FQDN is a fully qualified domain name.
Q7. - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2.
You plan to create an image of Server1.
You need to remove the source files for all server roles that are not installed on Server1.
Which tool should you use?
A. servermanagercmd.exe
B. imagex.exe
C. ocsetup.exe
D. dism.exe
Answer: D
Explanation:
servermanagercmd.exe – The ServerManagerCmd.exe command-line tool has been deprecated in Windows Server 2008 R2. imagex.exe – ImageX is a command-line tool in Windows Vista that you can use to create and manage Windows image (.wim) files. A .wim file contains one or more volume images, disk volumes that contain images of an installed Windows operating system. dism.exe – Deployment Image Servicing and Management (DISM.exe) is a command-line tool that can be used to service a Windows image or to prepare a Windows Preinstallation Environment (Windows PE) image. It replaces Package Manager (Pkgmgr.exe), PEimg, and Intlcfg that were included in Windows Vista. The functionality that was included in these tools is now consolidated in one tool(DISM.exe), and new functionality has been added to improve the experience for offline servicing. DISM can Add, remove, and enumerate packages. ocsetup.exe – The Ocsetup.exe tool is used as a wrapper for Package Manager (Pkgmgr.exe) and for Windows Installer (Msiexec.exe). Ocsetup.exe is a command-line utility that can be used to perform scripted installs and scripted uninstalls of Windows optional components. The Ocsetup.exe tool replaces the Sysocmgr.exe tool that Windows XP and Windows Server 2003i use.
The Dism utility can be used to create and mount an image of Server1.
References:
http://technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd744382(v=ws.10).aspx
Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 2: Deploying Servers, p. 44 Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2: Chapter 1: Installing and Configuring Servers, p. 19-22
Q8. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
You create a new inbound rule by using Windows Firewall with Advanced Security.
You need to configure the rule to allow Server1 to accept unsolicited inbound packets that are received through a network address translation (NAT) device on the network.
Which setting in the rule should you configure?
A. Interface types
B. Authorized computers
C. Remote IP address
D. Edge traversal
Answer: D
Explanation:
Edge traversal – This indicates whether edge traversal is enabled (Yes) or disabled (No). When edge traversal is enabled, the application, service, or port to which the rule applies is globally addressable and accessible from outside a network address translation (NAT) or edge device.
Select one of the following options from the list: Block edge traversal (default) – Prevent applications from receiving unsolicited traffic from the Internet through a NAT edge device. Allow edge traversal – Allow applications to receive unsolicited traffic directly from the Internet through a NAT edge device. Defer to user – Let the user decide whether to allow unsolicited traffic from the Internet through a NAT edge device when an application requests it. Defer to application – Let each application determine whether to allow unsolicited traffic from the Internet through a NAT edge device.
: http://technet.microsoft.com/en-us/library/cc731927.aspx
Q9. - (Topic 3)
A company has a forest with 4 sites. Subnets are as follows:
MainOffice 172.16.1.0 Subnet: 255.255.255.0 Gateway 172.16.1.254 Site1 192.168.12.0 Subnet: 255.255.255.0 Site 2 192.168.13.0 Subnet: 255.255.255.0 Site 3 192.168.14.0 Subnet: 255.255.255.0 Site 4 192.168.15.0 Subnet: 255.255.255.0
You add a new server to the MainOffice and it needs to be able to communicate to all sites.
Which route command would you run?
A. route add -p 192.168.8.0 netmask 255.255.252.0 172.16.1.254
B. route add -p 192.168.0.0 netmask 255.255.248.0 172.16.1.254
C. route add -p 192.168.12.0 netmask 255.255.252.0 172.16.1.254
D. route add -p 192.168.12.0 netmask 255.255.240.0 172.16.1.254
Answer: C
Q10. - (Topic 3)
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 is a DHCP server that is configured to have a scope named Scope1. Server2 is configured to obtain an IP address automatically.
In Scope1, you create a reservation named Res_Server2 for Server2.
A technician replaces the network adapter on Server2.
You need to ensure that Server2 can obtain the same IP address.
What should you modify on Server1?
A. The Name Protection settings of Scope1
B. The MAC address of Res_Server2
C. The Advanced settings of Res_Server2
D. The Network Access Protection Settings of Scope1
Answer: B
Explanation:
DHCP reservations are given based upon MAC address (at least on IPv4/DHCPv4). For clients that require a constant IP address, you can either manually configure a static IP address, or assign a reservation on the DHCP server. Reservations are permanent lease assignments that are used to ensure that a specified client on a subnet can always use the same IP address. You can use DHCP reservations for hosts that require a consistent IP address, but do not need to be statically configured. DHCP reservations provide a mechanism by which IP addresses may be permanently assigned to a specific client based on the MAC address of that client. The MAC address of a Windows client can be found running the ipconfig /all command. For Linux systems the corresponding command is ifconfig -a. Once the MAC address has been identified, the reservation may be configured using either the DHCP console or at the command prompt using the netsh tool.
Media access control (MAC) address authorization functions in the same way as automatic number identification (ANI) authorization, but it is used for wireless clients and clients connecting to your network by using an 802.1X authenticating switch. Since the network adapter was replaced, you need to modify the MAC address on Server1 to ensure that Server2 can obtain the same IP address.
Reference: http://technet.microsoft.com/en-us/library/dd197535%28v=WS.10%29.aspx
Q11. - (Topic 1)
Your network contains an Active Directory forest that contains three domains.
A group named Group1 is configured as a domain local distribution group in the forest root domain. You plan to grant Group1 read-only access to a shared folder named Share1.Share1 is
located in a child domain.
You need to ensure that the members of Group1 can access Share1.
What should you do first?
A. Convert Group1 to a universal security group.
B. Convert Group1 to a global distribution group.
C. Convert Group1 to a universal distribution group.
D. Convert Group1 to a domain local security group.
Answer: A
Explanation:
Universal can be used for any domain or forest. Furthermore a Universal group can span multiple domains, even the entire forest.
References: Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2: Chapter 5: Install and Administer Active Directory, Objective 5.3 Create and manage Active Directory groups and Organization units, p. 289-291, 293
http://technet.microsoft.com/en-us/library/cc781446(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc755692(v=ws.10).aspx
Q12. HOTSPOT - (Topic 1)
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008 R2 or Windows Server 2012 R2. All client computers run Windows 8.
All computer accounts are located in an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) that contains several AppLocker rules. You link
the GPO to OU1.
You need to ensure that the AppLocker rules apply to all of the client computers.
What should you configure in the GPO?
To answer, select the appropriate service in the answer area.
Answer:
Q13. - (Topic 1)
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1.
You need to add a new domain controller to the domain.
You install Windows Server 2012 R2 on a new server named DC3.
Which cmdlet should you run next?
A. Add-AdPrincipalGroupMembership
B. Install-AddsDomainController
C. Install WindowsFeature
D. Install AddsDomain
E. Rename-AdObject
F. Set-AdAccountControl
G. Set-AdGroup
H. Set-User
Answer: C
Explanation:
It is the 2nd step when installing a DC by powershell on a fresh server.
Q14. - (Topic 3)
Which of the following groups do you use to consolidate groups and accounts that either span multiple domains or the entire forest?
A. Global
B. Domain local
C. Built-in
D. Universal
Answer: D
Explanation:
A. Incorrect: Global groups cannot contain users from other domains.
B. Incorrect: Domain local groups cannot have permissions for resources in other domains.
C. Incorrect: Built-in groups have no inherent cross-domain qualities.
D. Correct: Universal groups, like global groups, are used to organize users according to their resource access needs. You can use them to organize users to facilitate access to any resource located in any domain in the forest through the use of domain local groups. Universal groups are used to consolidate groups and accounts that either span multiple domains or the entire forest.
Q15. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a member server named Server1. Server1 has the File Server server role installed.
On Server1, you create a share named Documents. The Documents share will contain the files and folders of all users.
You need to ensure that when the users connect to Documents, they only see the files to which they have access.
What should you do?
A. Enable access-based enumeration.
B. Configure Dynamic Access Control.
C. Modify the Share permissions.
D. Modify the NTFS permissions.
Answer: A
Explanation:
Access-based Enumeration is a new feature included with Windows Server 2003 Service
Pack 1. This feature allows users of Windows Server 2003-Based file servers to list only
the files and folders to which they have access when browsing content on the file server.
This eliminates user confusion that can be caused when users connect to a file server and
encounter a large number of files and folders that they cannot access. Access-based
Enumeration filters the list of available files and folders on a server to include only those
that the requesting user has access to. This change is important because this allows users
to see only those files and directories that they have access to and nothing else. This
mitigates the scenario where unauthorized users might otherwise be able to see the
contents of a directory even though they don’t have access to it.
Access-Based Enumeration (ABE) can be enabled at the Share properties through Server
Manager
References:
Exam Ref 70-410: Installing and configuring Windows Server 2012 R2, Chapter 2:
Configure server roles and features, Objective 2.1: Configure file and share access, p. 75-