Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 3)
You have a server named Server1. Server1 runs Windows Server 2012 R2 and has the File and Storage Services server role installed. You attach four 500-GB disks to Server1. You need to configure the storage to meet the following requirements:
. Storage for an application named Application1 must be provided. Application1 requires 20 GB and will require a maximum of 800 GB in three years. . Storage for an application named Application2 must be provided. Application2 requires 20 GB and will require a maximum of 900 GB in three years. . The solution must provide the ability to dynamically add storage without requiring configuration changes to the applications. . The storage must be available if a single disk fails.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From File and Storage Services, create virtual disks by using fixed provisioning.
B. From File and Storage Services, create a storage pool that uses all four disks.
C. From Disk Management, create two new mirror volumes that use two disks each.
D. From Disk Management, create a new RAID-5 volume that uses all four disks.
E. From File and Storage Services, create virtual disks by using thin provisioning.
Answer: B,E
Q2. - (Topic 3)
Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2012 R2.
An application named Appl.exe is installed on all client computers. Multiple versions of Appl.exe are installed on different client computers. Appl.exe is digitally signed.
You need to ensure that only the latest version of Appl.exe can run on the client computers.
What should you create?
A. An application control policy packaged app rule
B. A software restriction policy certificate rule
C. An application control policy Windows Installer rule
D. An application control policy executable rule
Answer: D
Explanation:
A. A publisher rule for a Packaged app is based on publisher, name and version B. You can create a certificate rule that identifies software and then allows or does not allow the software torun, depending on the security level.
C. For .msi or .msp
D. Executable Rules, for .exe and can be based on Publisher, Product name, filename and version. Use Certificate Rules on Windows Executables for Software Restriction Policies This security setting determines if digital certificates are processed when a user or process attempts to run software with an .exe file name extension. This security settings is used to enable or disable certificate rules, a type of software restriction policies rule. With software restriction policies, you can create a certificate rule that will allow or disallow software that is signed by Authenticode to run, based on the digital certificate that is associated with the software. In order for certificate rules to take effect, you must enable this security setting. When certificate rules are enabled, software restriction policies will check a certificate revocation list (CRL) to make sure the software’s certificate and signature are valid. This may decrease performance when start signed programs. You can disable this feature. On Trusted Publishers Properties, clear the Publisher and Timestampcheck boxes.
Q3. - (Topic 1)
Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Host1. Host1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
Host1 hosts two virtual machines named VM5 and VM6. Both virtual machines connect to a virtual switch named Virtual1.
On VM5, you install a network monitoring application named Monitor1.
You need to capture all of the inbound and outbound traffic to VM6 by using Monitor1.
Which two commands should you run from Windows PowerShell? (Each correct answer presents part of the solution. Choose two.)
A. Get-VM “VM6 | Set-VMNetworkAdapter-IovWeight 1
B. Get-VM “VM5 I Set-VMNetworkAdapter -IovWeight 0
C. Get-VM “VM5 | Set-VMNetworkAdapter -PortMirroring Source
D. Get-VM “VM6 | Set-VMNetworkAdapter -AllowTeaming On
E. Get-VM “VM6 | Set-VMNetworkAdapter -PortMirroring Destination
F. Get-VM “VM5 | Set-VMNetworkAdapter -AllowTeaming On
Answer: C,E
Explanation:
-PortMirroring specifies the port mirroring mode for the network adapter. This can be set to None, Source, and Destination. . If set to Source, a copy of every network packet it sends or receives is forwarded to a virtual network adapter configured to receive the packets. . If set to Destination, it receives copied packets from the source virtual network adapter.
In this scenario, VM5 is the destination which must receive a copy of the network packets from VM6, which s the source.
Reference: http://technet.microsoft.com/en-us/library/hh848457.aspx
Q4. - (Topic 3)
A network technician installs Windows Server 2012 R2 Standard on a server named
Server1.
A corporate policy states that all servers must run Windows Server 2012 R2 Enterprise.
You need to ensure that Server1 complies with the corporate policy.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you perform?
A. a clean installation of Windows Server 2012 R2
B. an upgrade installation of Windows Server 2012 R2
C. online servicing by using Dism
D. offline servicing by using Dism
Answer: C
Explanation:
A. Not least effort
B. Not least effort
C. dism /online /set-edition
D. offline would be less ideal and more workex: DISM /online /Set-Edition:ServerEnterprise/ProductKey:489J6-VHDMP-X63PK-3K798-CPX3YWindows Server 2008 R2/2012 contains a command-line utility called DISM (Deployment Image Servicing and Management tool). This tool has many features, but one of those features is the ability to upgrade the edition of Windows in use. Note that this process is for upgrades only and is irreversible. You cannot set a Windows image to a lower edition. The lowest edition will not appear when you run the /Get- TargetEditions option. If the server is running an evaluation version of Windows Server 2012 R2 Standard or Windows Server 2012 R2 Datacenter, you can convert it to a retail version as follows: If the server is a domain controller, you cannot convert it to a retail version. In this case, install an additional domain controller on a server that runs a retail version and remove AD DS from the domain controller that runs on the evaluation version. From an elevated command prompt, determine the current edition name with the command DISM /online /Get-CurrentEdition. Make note of the edition ID, an abbreviated form of the edition name. Then run DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXXXXXXX-XXXXX-XXXXXXXXXX/AcceptEula, providing the edition ID and a retail product key. The server will restart twice.
Q5. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named HVServer1. HVServer1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
HVServer1 hosts 10 generation 1 virtual machines. All of the virtual machines connect to a virtual switch named Switch1. Switch1 is configured as a private network. All of the virtual machines have the DHCP guard and the router guard settings enabled.
You install the DHCP server role on a virtual machine named Server1. You authorize Server1 as a DHCP server in contoso.com. You create an IP scope.
You discover that the virtual machines connected to Switch1 do not receive IP settings from Server1.
You need to ensure that the virtual machines can use Server1 as a DHCP server.
What should you do?
A. Enable MAC address spoofing on Server1.
B. Enable single-root I/O visualization (SR-IOV) on Server1.
C. Disable the DHCP guard on Server1.
D. Disable the DHCP guard on all of the virtual machines that are DHCP clients.
Answer: C
Explanation:
DHCP guard setting
This setting stops the virtual machine from making DHCP offers over this network interface.
To be clear – this does not affect the ability to receive a DHCP offer (i.e. if you need to use
DHCP to acquire an IP address that will work) it only blocks the ability for the virtual
machine to act as a DHCP server.
Q6. - (Topic 3)
Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Server1 and a domain controller named DC2. All servers run Windows Server 2012 R2. On DC2, you open Server Manager and you add Server1 as another server to manage. From Server Manager on DC2, you right-click Server1 as shown in the exhibit. You need to ensure that when you right-click Server1, you see the option to run the DHCP console.
What should you do?
A. On Server1, install the Feature Administration Tools.
B. In the domain, add DC1 to the DHCP Administrators group.
C. On DC2 and Server1, run winrm quickconfig.
D. On DC2, install the Role Administration Tools.
Answer: D
Q7. - (Topic 2)
Your network contains an Active Directory domain named contoso.com.
An organizational unit (OU) named OU1 contains user accounts and computer accounts.
A Group Policy object (GPO) named GP1 is linked to the domain.GP1 contains Computer Configuration settings and User Configuration settings.
You need to prevent the User Configuration settings in GP1 from being applied to users. The solution must ensure that the Computer Configuration settings in GP1 are applied to all client computers.
What should you configure?
A. The GPO Status
B. The Block Inheritance feature
C. The Group Policy loopback processing mode
D. The Enforced setting
Answer: C
Explanation:
A loopback with merge option needs to be used.
Q8. - (Topic 2)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has following storage spaces:
....
Data
Users
Backups
Primordial
You add an additional hard disk to Server1.
You need to identify which storage space contains the new hard disk.
Which storage space contains the new disk?
A. Primordial
B. Data
C. Users
D. Backups
Answer: A
Explanation:
All storage that meets acceptable criteria for Storage Spaces will be placed in the Primordial Pool. This can be considered the default pool for devices from which any other pools will be created. Notice that there are no other virtual disks or pools at this point. The Primordial Pool will only consist of physical storage devices that do not belong to any other pools.
Q9. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 and a domain controller named DC2.All servers run Windows Server 2012 R2.All domain controllers are configured as DNS servers.
On Server1, you open Server Manager and you add DC2 as another server to manage.
From Server Manager on Server1, you right-click DC2 as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that when you right-click DC2, you see the option to run DNS Manager.
What should you do?
A. On Server1, install the Role Administration Tools.
B. In the domain, add Server1 to the DNS Admins group.
C. On DC2 and Server1, run winrmquickconfig.
D. On DC2, install the Feature Administration Tools.
Answer: A
Explanation:
The Domain Name System (DNS) role is a role that provides a standard method for associating names with numeric Internet addresses. This lets users refer to network computers by using easy-to-remember names instead of a long series of numbers. Windows DNS services can be integrated with DHCP services, eliminating the need to add DNS records as computers are added to the network.
Q10. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2.
You need to create 3-TB virtual hard disk (VHD) on Server1.
Which tool should you use?
A. New-StorageSubsytemVirtualDisk
B. File Server Resource Manager (FSRM)
C. Server Manager
D. Computer Management
Answer: A
Explanation:
For other questions to create a VHD (file) you can use computer management.
-Share and storage management (2008 only)
-New-storagesubsystemVirtualDisk (this is a virtual disk, NOT a virtual hard disk)
-Server Manager (you would use this to create virtual disks, not virtual hard disks)
Q11. - (Topic 1)
Your company has a main office and two branch offices. The offices connect to each other by using a WAN link.
In the main office, you have a server named Server1 that runs Windows Server 2012 R2.
Server1 is configured to use an IPv4 address only.
You need to assign an IPv6 address to Server1. The IP address must be private and routable.
Which IPv6 address should you assign to Server1?
A. fe80:ab32:145c::32cc:401b
B. ff00:3fff:65df:145c:dca8::82a4
C. 2001:ab32:145c::32cc:401b
D. fd00:ab32:14:ad88:ac:58:abc2:4
Answer: D
Explanation:
Unique local addresses are IPv6 addresses that are private to an organization in the same way that private addresses–such as 10.x.x.x, 192.168.x.x, or 172.16.0.0 172.31.255.255–can be used on an IPv4 network. Unique local addresses, therefore, are not routable on the IPv6 Internet in the same way that an address like 10.20.100.55 is not routable on the IPv4 Internet. A unique local address is always structured as follows: The first 8 bits are always 11111101 in binary format. This means that a unique local address always begins with FD and has a prefix identifier of FD00::/8.
Q12. - (Topic 3)
You have a file server named Server1 that runs Windows Server 2012 R2. Server1 contains a folder named Folder1.
You share Folder1 as Share1 by using Advanced Sharing. Access-based enumeration is
enabled.
Share1 contains an application named Appl.exe.
You configure the NTFS permissions on Folder1 as shown in the following table.
The members of Group2 report that they cannot make changes to the files in Share1. The
members of Group1 and Group2 run Appl.exe successfully.
You need to ensure that the members of Group2 can edit the files in Share1.
What should you do?
A. Replace the NTFS permissions on all of the child objects.
B. Edit the Share permissions.
C. Edit the NTFS permissions.
D. Disable access-based enumeration.
Answer: C
Explanation:
Share permissions and NTFS permissions are independent in the sense that neither changes the other. The final access permissions on a shared folder are determined by taking into consideration both the share permission and the NTFS permission entries. The more restrictive permissions are then applied.
References: Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter8: File Services and Storage, Lesson 2: Provisioning and Managing Shared Storage, p.388
Q13. - (Topic 2)
You perform a Server Core Installation of Windows Server 2012 R2 on a server named Server1.
You need to add a graphical user interface (GUI) to Server1.
Which tool should you use?
A. The setup.exe command
B. The dism.exe command
C. The imagex.exe command
D. The Add-WindowsPackage cmdlet
Answer: B
Explanation:
The DISM command is called by the Add-WindowsFeature command. Here is the systax for DISM:
Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:ServerGui-Shell /featurename:Server-Gui-Mgmt
Q14. - (Topic 2)
Your network contains an Active Directory domain named contoso.com.
All of the AppLocker policy settings for the member servers are configured in a Group Policy object (GPO) named GPO1.
A member server named Server1 runs Windows Server 2012 R2.
On Server1, you test a new set of AppLocker policy settings by using a local computer policy.
You need to merge the local AppLocker policy settings from Server1 into the AppLocker policy settings of GPO1.
What should you do?
A. From Local Group Policy Editor on Server1, export an .inf file. Import the .inf file by using Group Policy Management Editor.
B. From Server1, run the Set-ApplockerPolicy cmdlet.
C. From Local Group Policy Editor on Server1, export an .xml file. Import the .xml file by using Group Policy Management Editor.
D. From Server1, run the New-ApplockerPolicy cmdlet.
Answer: B
Explanation:
The Set-AppLockerPolicy cmdlet sets the specified Group Policy Object (GPO) to contain the specified AppLocker policy. If no Lightweight Directory Access Protocol (LDAP) is specified, the local GPO is the default. When the Merge parameter is used, rules in the specified AppLocker policy will be merged with the AppLocker rules in the target GPO specified in the LDAP path. The merging of policies will remove rules with duplicate rule IDs, and the enforcement setting specified by
the AppLocker policy in the target GPO will be preserved. If the Merge parameter is not
specified, then the new policy will overwrite the existing policy.
References:
http://technet.microsoft.com/en-us/library/ee791816(v=ws.10).aspx
Exam Ref 70-410: Installing and configuring Windows Server 2012 R2, Chapter 10:
Implementing Group Policy, Lesson1: Planning, Implementing and managing Group Policy,
p. 479
Q15. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 installed.
Contoso.com has a server, named ENSUREPASS-SR07, which has the AD DS, DHCP, and DNS server roles installed. Contoso.com also has a server, named ENSUREPASS-SR08, which has the DHCP, and Remote Access server roles installed. You have configured a server, which has the File and Storage Services server role installed, to automatically acquire an IP address.
The server is named ENSUREPASS-SR09. You then create a filter on ENSUREPASS-SR07.
Which of the following is a reason for this configuration?
A. To make sure that ENSUREPASS-SR07 issues ENSUREPASS-SR09 an IP address.
B. To make sure that ENSUREPASS-SR07 does not issue ENSUREPASS-SR09 an IP address.
C. To make sure that ENSUREPASS-SR09 acquires a constant IP address from ENSUREPASS-SR08 only.
D. To make sure that ENSUREPASS-SR09 is configured with a static IP address.
Answer: B