Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
Server1 has the Group Policy Management feature installed. Server2 has the Print and Document Services server role installed.
On Server2, you open Print Management and you deploy a printer named Printer1 by using a Group Policy object (GPO) named GPO1.When you open GPO1 on Server1, you discover that the Deployed Printers node does not appear.
You need to view the Deployed Printers node in GPO1.
What should you do?
A. On Server1, modify the Group Policy filtering options of GPO1.
B. On a domain controller, create a Group Policy central store.
C. On Server2, install the Group Policy Management feature.
D. On Server1, configure the security filtering of GPO1.
Answer: C
Explanation:
Pre-Requisites To use Group Policy for printer deployment you will need to have a Windows Active Directory domain, and this article assumes that your Domain Controller is a Windows 2008 R2 Server. You will also need the Print Services role installed on a server (can be on your DC), and you will be using the Print Management and Group Policy Management consoles to configure the various settings. It’s assumed that you have already followed Part One and have one or more printers shared on your server with the necessary drivers, ready to deploy to your client computers.
Q2. - (Topic 1)
Your network contains an Active Directory forest. The forest functional level is Windows Server 2012 R2. The forest contains a single domain. The domain contains a member server named Server1. Server1 runs windows Server 2012 R2.
You purchase a network scanner named Scanner1 that supports Web Services on Devices (WSD).
You need to share the network scanner on Server1.
Which server role should you install on Server1?
A. Web Server (IIS)
B. Fax Server
C. Print and Document Services
D. File and Storage Services
Answer: C
Explanation:
The Print and Document Services role allows for the configuration to share printers,
scanners and fax devices.
References:
Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2, Chapter 1:
Installing and Configuring servers, Objective 1.2: Configure servers, p. 8
http://technet.microsoft.com/en-us/library/hh831468.aspx
Q3. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The DNS zone for contoso.com is Active-Directory integrated.
The domain contains 500 client computers. There are an additional 20 computers in a workgroup.
You discover that every client computer on the network can add its record to the contoso.com zone.
You need to ensure that only the client computers in the Active Directory domain can register records in the contoso.com zone.
What should you do?
A. Sign the contoso.com zone by using DNSSEC.
B. Configure the Dynamic updates settings of the contoso.com zone.
C. Configure the Security settings of the contoso.com zone.
D. Move the contoso.com zone to a domain controller that is configured as a DNS server.
Answer: B
Q4. - (Topic 2)
Your network contains a server named Server1 and 10 Web servers. All servers run
Windows Server 2012 R2.
You create a Windows PowerShell Desired State Configuration (DSC) to push the settings
from Server1 to all of the Web servers.
On Server1, you modify the file set for the Web servers.
You need to ensure that all of the Web servers have the latest configurations.
Which cmdlet should you run on Server1?
A. Get-DcsConfiguration
B. Restore-DcsConfiguration
C. Set-DcsLocalConfigurationManager
D. Start-DcsConfiguration
Answer: D
Q5. - (Topic 3)
You work as a senior administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed, and all workstations have Windows 8 installed.
You are running a training exercise for junior administrators. You are currently discussing a Windows PowerShell cmdlet that activates previously de-activated firewall rules.
Which of the following is the cmdlet being discussed?
A. Set-NetFirewallRule
B. Enable-NetFirewallRule
C. Set-NetIPsecRule
D. Enable-NetIPsecRule
Answer: B
Explanation:
Enable-NetFirewallRule – Enables a previously disabled firewall rule.
Q6. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1.Server1 runs Windows Server 2012 R2.
You create a group Managed Service Account named gservice1.
You need to configure a service named Service1 to run as the gservice1 account.
How should you configure Service1?
A. From Services Console configure the recovery settings
B. From a command prompt, run sc.exe and specify the config parameter
C. From Windows PowerShell, run Set-Service and specify the -PassThrough parameter
D. From a command prompt, run sc.exe and specify the sdset parameter
Answer: B
Explanation:
Sc config, Modifies the value of a service’s entries in the registry and in the Service Control
Manager database.
obj= {<AccountName> | <ObjectName>}
Specifies a name of an account in which a service will run, or specifies a name of the
Windows driver object in
which the driver will run. The default setting is LocalSystem.
password= <Password>
Specifies a password. This is required if an account other than the LocalSystem account is
used.
Q7. DRAG DROP - (Topic 2)
You have a server named Server1 that runs Windows Server 2012 R2.
You add a new internal SAS disk to Server1.
You need to ensure that the new disk is available to store files.
Which three cmdlets should you run in sequence?
To answer, move the appropriate three cmdlets from the list of cmdlets to the answer area
and arrange them in the correct order.
Answer:
Q8. - (Topic 3)
You have a Hyper-V host named Hyper1 that runs Windows Server 2012 R2.
Hyper1 hosts several virtual machines that run Windows 8.1.
Several developers connect to the virtual machines by using the Virtual Machine Connection tool.
You need to ensure that the devlopers can print to their local printers from within virtual machine sessions.
What should you configure?
A. a virtual switch on Hyper1
B. Remote Desktop Services (RDS) on Hyper1
C. enhanced session mode on Hyper1
D. a virtual network adapter on the virtual machines
Answer: C
Explanation: To be able to use a computer’s local resources on a virtual machine:
* The Hyper-V host must have Enhanced session mode policy and Enhanced session mode settings turned on.
* The computer that you use to connect to the virtual machine with VMConnect must run Windows 8, Windows 8.1, Windows Server 2012, or Windows Server 2012 R2.
* The virtual machine must have Remote Desktop Services enabled and run Windows Server 2012 R2 or Windows 8.1 as the guest operating system.
Reference: Use local resources on Hyper-V virtual machine with VMConnect
https://technet.microsoft.com/en-us/library/dn282274.aspx
Q9. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
Contoso.com has a server, named ENSUREPASS-SR13. ENSUREPASS-SR13 hosts a shared folder, named ENSUREPASSShare, which has been shared as ENSUREPASSShare$.
Which of the following is TRUE with regards to sharing the folder in this manner?
A. It allows all users to view ENSUREPASSShare when browsing the network.
B. It prevents users from viewing ENSUREPASSShare when browsing the network.
C. It only allows ENSUREPASS-SR13’s users to view ENSUREPASSShare.
D. It removes the permissions configured for ENSUREPASSShare.
Answer: B
Q10. - (Topic 3)
Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2012 R2.
An application named Appl.exe is installed on all client computers. Multiple versions of Appl.exe are installed on different client computers. Appl.exe is digitally signed.
You need to ensure that only the latest version of Appl.exe can run on the client computers.
What should you create?
A. An application control policy packaged app rule
B. A software restriction policy certificate rule
C. An application control policy Windows Installer rule
D. An application control policy executable rule
Answer: D
Explanation:
A. A publisher rule for a Packaged app is based on publisher, name and version B. You can create a certificate rule that identifies software and then allows or does not allow the software torun, depending on the security level.
C. For .msi or .msp
D. Executable Rules, for .exe and can be based on Publisher, Product name, filename and version. Use Certificate Rules on Windows Executables for Software Restriction Policies This security setting determines if digital certificates are processed when a user or process attempts to run software with an .exe file name extension. This security settings is used to enable or disable certificate rules, a type of software restriction policies rule. With software restriction policies, you can create a certificate rule that will allow or disallow software that is signed by Authenticode to run, based on the digital certificate that is associated with the software. In order for certificate rules to take effect, you must enable this security setting. When certificate rules are enabled, software restriction policies will check a certificate revocation list (CRL) to make sure the software’s certificate and signature are valid. This may decrease performance when start signed programs. You can disable this feature. On Trusted Publishers Properties, clear the Publisher and Timestampcheck boxes.
Q11. - (Topic 3)
Your company has an Active Directory domain. You log on to the domain controller. The Active Directory Schema snap-in is not available in the Microsoft Management Console (MMC).
You need to access the Active Directory Schema snap-in. What should you do?
A. Register Schmmgmt.dll.
B. Log off and log on again by using an account that is a member of the Schema Admins group.
C. Use the Ntdsutil.exe command to connect to the schema master operations master and open the schema for writing.
D. Add the Active Directory Lightweight Directory Services (AD/LDS) role to the domain controller by using Server Manager.
Answer: A
Explanation:
Install the Active Directory Schema Snap-In You can use this procedure to first register the dynamic-link library (DLL) that is required for the Active Directory Schema snap-in. You can then add the snap-in to Microsoft Management Console (MMC).
To install the Active Directory Schema snap-in:
1. To open an elevated command prompt, click Start, type command prompt and then right-click Command Prompt when it appears in the Start menu. Next, click Run as administrator
and then click OK.
To open an elevated command prompt in Windows Server 2012 R2, click Start, type cmd,
right-click cmd and then click Run as administrator.
2. Type the following command, and then press ENTER: regsvr32 schmmgmt.dll
3. Click Start, click Run, type mmc and then click OK.
4. On the File menu, click Add/Remove Snap-in.
5. Under Available snap-ins, click Active Directory Schema, click Add and then click OK.
6. To save this console, on the File menu, click Save.
7. In the Save As dialog box, do one of the following:
* To place the snap-in in the Administrative Tools folder, in File name, type a name for the snap-in, and then click Save.
* To save the snap-in to a location other than the Administrative Tools folder, in Save in , navigate to a location for the snap-in. In File name, type a name for the snap-in, and then click Save.
Q12. - (Topic 3)
Your network contains three servers that run Windows Server 2012 R2. The servers are configured as shown in the following table. Server3 is configured to obtain an IP address automatically.
You need to ensure that Server3 only receives an IP address from Server1. The IP address must always be the same.
Which two tasks should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. Create an exclusion on Server1.
B. Create a filter on Server1.
C. Create a reservation on Server2
D. Create a reservation on Server1
E. Create a filter on Server2.
Answer: D,E
Q13. - (Topic 3)
In a domain running at the Windows Server 2012 R2 domain functional level, which of the following security principals can be members of a global group? (Choose all answers that are correct.)
A. Users
B. Computers
C. Universal groups
D. Global groups
Answer: A,B,D
Explanation:
A. Correct: Users can be security principals in a global group.
B. Correct: Computers can be security principals in a global group.
C. Incorrect: Universal groups cannot be security principals in a global group.
D. Correct: Global group can be security principals in a global group.
Q14. - (Topic 2)
You have a server that runs a Server Core installation of Windows Server 2012 R2.
You need to change the DNS server used by IPv6.
What should you do?
A. From Sconfig, configure the Network Settings.
B. Run the sc.exe command and specify the config parameter.
C. From Windows PowerShell, run the Set-NetIpv6Protocol cmdlet.
D. From Windows PowerShell, run the Set-DnsClientServerAddress cmdlet.
Answer: D
Explanation:
The Set-DnsClientServerAddresscmdlet sets one or more IP addresses for DNS servers associated with an interface. This cmdlet statically adds DNS server addresses to the interface. If this cmdlet is used to add DNS servers to the interface, then the DNS servers will override any DHCP configuration for that interface. PS C:\> Set-DnsClientServerAddress -InterfaceIndex 12 -ServerAddresses "10.0.0.1","10.0.0.2")
References: http://technet.microsoft.com/en-us/library/jj592692.aspx
http://technet.microsoft.com/en-us/library/jj590768.aspx
Q15. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of an Active Directory forest that contains a root domain, named Contoso.com, and two child domains, named us.Contoso.com and uk.Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
The root domain hosts a domain local distribution group, named ENSUREPASSGroup. You are preparing to issue ENSUREPASSGroup read-only access to a shared folder hosted by the us.Contoso.com domain.
You want to make sure that ENSUREPASSGroup is able to access the shared folder in the us.Contoso.com domain.
Which of the following actions should you take?
A. You should consider re-configuring ENSUREPASSGroup as a universal Admins group.
B. You should consider re-configuring ENSUREPASSGroup as a universal security group.
C. You should consider re-configuring ENSUREPASSGroup as a global administrators group.
D. You should consider re-configuring ENSUREPASSGroup as a local administrators group.
Answer: B