Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains 20 computer accounts that reside in an organizational unit (OU) named OU1.
A Group Policy object (GPO) named GPO1 is linked to OU1. GPO1 is used to assign several user rights to a user named User1.
In the Users container, you create a new user named User2.
You need to ensure that User2 is assigned the same user rights as User1 on all of the client computers in OU1.
What should you do?
A. Modify the settings in GPO1.
B. Modify the link of GPO1.
C. Link a WMI filter to GPO1.
D. Move User2 to OU1.
Answer: D
Explanation:
The GPO is linked to OU1. By moving User2 to OU1 the GPO will be applied to this user.
Q2. Your network contains an Active Directory forest. The forest contains two domains named contoso.com and corp.contoso.com. The forest contains four domain controllers. The domain controllers are configured as shown in the following table.
All domain controllers are DNS servers. In the corp.contoso.com domain, you plan to deploy a new domain controller named DC5.
You need to identify which domain controller must be online to ensure that DC5 can be promoted successfully to a domain controller.
Which domain controller should you identify?
A. DC1
B. DC2
C. DC3
D. DC4
Answer: C
Q3. - (Topic 1)
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
On a server named Core1, you perform a Server Core Installation of Windows Server 2012 R2. You join Core1 to the adatum.com domain.
You need to ensure that you can use Event Viewer on Server1 to view the event logs on Core1.
What should you do on Core1?
A. Run the Disable NetFirewallRule cmdlet.
B. Install Remote Server Administration Tools (RSAT).
C. Install Windows Management Framework.
D. Run the Enable-Com + Network Access Firewall Rule.
Answer: D
Explanation:
Information regarding IPsec policy changes, etc. can be found in the Event Viewer. Thus you need to enable the NetFirewallRule command. This will allow you to view the event logs.
Q4. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
You create a security template named Template1 by using the security template snap-in.
You need to apply Template1 to Server2.
Which tool should you use?
A. Security Templates
B. Computer Management
C. Security Configuration and Analysis
D. System Configuration
Answer: C
Explanation:
A security policy is a combination of security settings that affect the security on a computer. You can use your local security policy to edit account policies and local policies on your local computer.
A. Template was already created – Provide standard security option to use in security policies
B. Needs to be applied at the GP level
C. Security templates are inactive until imported into a Group Policy object or the SecurityConfiguration and Analysis
D. Tool to ID windows problems
Q5. - (Topic 2)
You have a server named Corel that has a Server Core Installation of Windows Server 2012 R2.
Corel has the Hyper-V server role installed. Corel has two network adapters from different third-party hardware vendors.
You need to configure network traffic failover to prevent connectivity loss if a network adapter fails.
What should you use?
A. New-NetSwitchTeam
B. Install-Feature
C. Add-NetSwitchTeamMember
D. Netsh.exe
Answer: A
Q6. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed.
You have been instructed to make sure that Contoso.com users are not able to install a Windows Store application. You then create a rule for packaged apps.
Which of the following is the rule based on? (Choose all that apply.)
A. The publisher of the package.
B. The publisher of the application.
C. The name of the package
D. The name of the application
E. The package version.
F. The application version.
Answer: A,C,E
Explanation:
Packaged apps (also known as Windows 8 apps) are new to Windows Server 2012 R2 and Windows 8. They are based on the new app model that ensures that all the files within an app package share the same identity. Therefore, it is possible to control the entire application using a single AppLocker rule as opposed to the non-packaged apps where each file within the app could have a unique identity. Windows does not support unsigned packaged apps which implies all packaged apps must be signed. AppLocker supports only publisher rules for Packaged apps. A publisher rule for a Packaged app is based on the following information: Publisher of the package Package name Package version All the files within a package as well as the package installer share these attributes. Therefore, an AppLocker rule for a Packaged app controls both the installation as well as the running of the app. Otherwise, the publisher rules for Packaged apps are no different than the rest of the rule collections; they support exceptions, can be increased or decreased in scope, and can be assigned to users and groups.
Q7. - (Topic 3)
Server1 runs Windows Server 2012 R2 and is installed as an FTP server. Client uses App1 to connect to Server1 for FTP. App1 uses TCP port 21 for control and a dynamic port for data. You have allowed port 21 in firewall. What should you do next in order to allow clients to use App1 to connect to server1 using ftp.
A. At Server1 allow firewall rule of outbound
B. At Server1 allow firewall rule of inbound
C. Netsh advfirewall domainprofile state off
D. Netsh advfirewall set global StatefulFtp enable
Answer: D
Explanation:
Set global statefulftp Configures how Windows Firewall with Advanced Security handles FTP traffic that uses an initial connection on one port to request a data connection on a different port. This affects both active and passive FTP.
Q8. - (Topic 1)
Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Host1. Host1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
Host1 hosts two virtual machines named VM5 and VM6. Both virtual machines connect to a virtual switch named Virtual1.
On VM5, you install a network monitoring application named Monitor1.
You need to capture all of the inbound and outbound traffic to VM6 by using Monitor1.
Which two commands should you run from Windows PowerShell? (Each correct answer presents part of the solution. Choose two.)
A. Get-VM “VM6 | Set-VMNetworkAdapter-IovWeight 1
B. Get-VM “VM5 I Set-VMNetworkAdapter -IovWeight 0
C. Get-VM “VM5 | Set-VMNetworkAdapter -PortMirroring Source
D. Get-VM “VM6 | Set-VMNetworkAdapter -AllowTeaming On
E. Get-VM “VM6 | Set-VMNetworkAdapter -PortMirroring Destination
F. Get-VM “VM5 | Set-VMNetworkAdapter -AllowTeaming On
Answer: C,E
Explanation:
-PortMirroring specifies the port mirroring mode for the network adapter. This can be set to None, Source, and Destination. . If set to Source, a copy of every network packet it sends or receives is forwarded to a virtual network adapter configured to receive the packets. . If set to Destination, it receives copied packets from the source virtual network adapter.
In this scenario, VM5 is the destination which must receive a copy of the network packets from VM6, which s the source.
Reference: http://technet.microsoft.com/en-us/library/hh848457.aspx
Q9. DRAG DROP - (Topic 1)
You have a server named Server1 that runs Windows Server 2012 R2.
You need to perform the following storage configuration tasks on Server1:
Bring a disk named Disk1 online.
Defragment a volume named Volume1.
Remove a disk named Disk2 from a storage pool named Pool1.
Which cmdlet should you use to perform each task?
To answer, drag the appropriate cmdlets to the correct tasks. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q10. - (Topic 3)
Your network contains an Active Directory domain named adatum.com. The computer accounts for all member servers are located in an organizational unit (OU) named Servers. You link a Group Policy object (GPO) to the Servers OU.
You need to ensure that the domain’s Backup Operators group is a member of the local Backup Operators group on each member server. The solution must not remove any groups from the local Backup Operators groups.
What should you do?
A. Add a restricted group named adatum\Backup Operators. Add Backup Operators to the This group is a member of list.
B. Add a restricted group named adatum\Backup Operators. Add Backup Operators to the Members of this group list.
C. Add a restricted group named Backup Operators. Add adatum\Backup Operators to the This group is a member of list.
D. Add a restricted group named Backup Operators. Add adatum\Backup Operators to the Members of this group list.
Answer: A
Q11. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
Contoso.com has a server, named ENSUREPASS-SR13, which is configured as the primary DNS server in the Contoso.com domain. Contoso.com has another server, named ENSUREPASS-SR14, which makes use of ENSUREPASSSR13 for DNS queries.
You want to make sure that running nslookup.exe from ENSUREPASS-SR14 produces a result that shows the proper name of the default server.
Which of the following actions should you take?
A. You should consider creating a reverse lookup zone on ENSUREPASS-SR14.
B. You should consider creating a forward lookup zone on ENSUREPASS-SR14.
C. You should consider creating a reverse lookup zone on ENSUREPASS-SR13.
D. You should consider creating a forward lookup zone on ENSUREPASS-SR13.
Answer: C
Explanation:
When you start Nslookup from a command line, the following error message may be displayed: DNS request timed out timeout was x seconds Can’t find server name for address xxx.xxx.xxx.xxx: Timed out Default servers are not available Default Server: UnKnown Address: xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is the Internet Protocol (IP) address of the host on which you are attempting to start Nslookup. CAUSE When Nslookup starts, it attempts to resolve the IP address of its host’s DNS server to its fully qualified domain name (FQDN). If the DNS server does not respond or if the DNS server’s reverse lookup zones do not contain a PTR record for the DNS server’s IP address, the error message is displayed.
Q12. - (Topic 2)
You have a server named Server1 that runs Windows Server 2012 R2. You add an additional disk to Server1 as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that users can access the additional disk from drive C.
What should you do?
A. Convert Disk 0 to a dynamic disk and add a mirror.
B. Create a simple volume on Disk 1 and mount the volume to a folder.
C. Convert Disk 0 and Disk 1 to dynamic disks and extend a volume.
D. Convert Disk 1 to a dynamic disk and create a spanned volume.
Answer: B
Q13. - (Topic 3)
Catalog Servers. Your domain structure contains one root domain and one child domain. You modify the folder permissions on a file server that is in the child domain. You discover that some Access Control entries start with S-1-5-21 and that no account name is listed.
You need to list the account names. What should you do?
A. Move the RID master role in the child domain to a domain controller that holds the Global Catalog.
B. Modify the schema to enable replication of the friendly names attribute to the Global Catalog.
C. Move the RID master role in the child domain to a domain controller that does not hold the Global Catalog.
D. Move the infrastructure master role in the child domain to a domain controller that does not hold the Global Catalog.
Answer: D
Explanation:
If the IM Flexible Single Master Operation (FSMO) role holder is also a global catalog server, the phantom indexes are never created or updated on that domain controller. (The FSMO is also known as the operations master.) This behavior occurs because a global catalog server contains a partial replica of every object in Active Directory. The IM does not store phantom versions of the foreign objects because it already has a partial replica of the object in the local global catalog.
For this process to work correctly in a multidomain environment, the infrastructure FSMO role holder cannot be a global catalog server. Be aware that the first domain in the forest holds all five FSMO roles and is also a global catalog. Therefore, you must transfer either role to another computer as soon as another domain controller is installed in the domain if you plan to have multiple domains.
Q14. - (Topic 1)
Your network contains a server named Server1 that runs Windows Server 2012
R2.Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
VM2 sends and receives large amounts of data over the network.
You need to ensure that the network traffic of VM2 bypasses the virtual switches of the parent partition.
What should you configure?
A. NUMA topology
B. Resource control
C. resource metering
D. virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Answer: K
Explanation:
Single-root I/O virtualization -capable network adapters can be assigned directly to a virtual machine to maximize network throughput while minimizing network latency and the CPU overhead required for processing network traffic.
References:
http://technet.microsoft.com/en-us/library/cc766320(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh831410.aspx
Exam Ref 70-410, Installing and Configuring Windows Server 2012 R2, Chapter 3: Configure Hyper-V, Objective 3.1: Create and Configure virtual machine settings, p.144 Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 7: Hyper-V Virtualization, Lesson 2: Deploying and configuring virtual machines, p.335
Q15. HOTSPOT - (Topic 2)
Your network contains a subnet named Subnet1. Subnet1 contains a DHCP server named
Server1.
You deploy a new subnet named Subnet2. On Subnet2, you deploy a new server named
Server2 that runs Windows Server 2012 R2.
You need to configure Server2 to route DHCP broadcast from Subnet2 to Server1.
Which server role should you install on Server2?
To answer, select the appropriate role in the answer area.
Answer: