Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 3)
Your network contains one Active Directory domain named contoso.com. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01.
The domain contains an administrator account named Admin1.
You need to prevent Admin1 from creating more than 100 objects in the domain partition.
Which tool should you use?
A. the ntdsutil command
B. the Set-ADDomain cmdlet
C. the Install-ADDSDomain cmdlet
D. the dsadd command
E. the dsamain command
F. the dsmgmt command
G. the net user command
H. the Set-ADForest cmdlet
Answer: D
Explanation:
Active Directory quotas are limits on the number of objects that a security principal (that has been delegated the Create Child Objects or Delete Child Objects permission) can own and create. To assign a quota to a security principal, you must use the directory services tools. The command and required parameters for assigning a quota to a security principal are as follows:
dsadd quota –part <partition distinguished name> –qlimit <quotalimit> –acct <security prinicipal>
Reference: Active Directory Quotas
https://technet.microsoft.com/en-us/library/cc904295(v=ws.10).aspx
Q2. - (Topic 3)
Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2012 R2.
An application named Appl.exe is installed on all client computers. Multiple versions of Appl.exe are installed on different client computers. Appl.exe is digitally signed.
You need to ensure that only the latest version of Appl.exe can run on the client computers.
What should you create?
A. An application control policy packaged app rule
B. A software restriction policy certificate rule
C. An application control policy Windows Installer rule
D. An application control policy executable rule
Answer: D
Explanation:
A. A publisher rule for a Packaged app is based on publisher, name and version B. You can create a certificate rule that identifies software and then allows or does not allow the software torun, depending on the security level.
C. For .msi or .msp
D. Executable Rules, for .exe and can be based on Publisher, Product name, filename and version. Use Certificate Rules on Windows Executables for Software Restriction Policies This security setting determines if digital certificates are processed when a user or process attempts to run software with an .exe file name extension. This security settings is used to enable or disable certificate rules, a type of software restriction policies rule. With software restriction policies, you can create a certificate rule that will allow or disallow software that is signed by Authenticode to run, based on the digital certificate that is associated with the software. In order for certificate rules to take effect, you must enable this security setting. When certificate rules are enabled, software restriction policies will check a certificate revocation list (CRL) to make sure the software’s certificate and signature are valid. This may decrease performance when start signed programs. You can disable this feature. On Trusted Publishers Properties, clear the Publisher and Timestampcheck boxes.
Q3. HOTSPOT - (Topic 2)
You deploy a Server with a GUI installation of Windows Server 2012 R2 Datacenter.
From Windows PowerShell, you run the following command:
Remove-WindowsFeature ServerGui-Shell.
In the table below, identify which tools are available on Server1 and which tools are
unavailable on Server1.
Make only one selection in each row. Each correct selection is worth one point.
Answer:
Q4. - (Topic 3)
Your network contains an Active Directory domain named contoso.com.
An organizational unit (OU) named OU1 contains the user accounts and the computer accounts for laptops and desktop computers. A Group Policy object (GPO) named GP1 is linked to OU1. You need to ensure that the configuration settings in GP1 are applied only to the laptops in OU1. The solution must ensure that GP1 is applied automatically to new laptops that are added to OU1.
What should you do?
A. Modify the GPO Status of GP1.
B. Configure the WMI Filter of GP1.
C. Modify the security settings of GP1.
D. Modify the security settings of OU1.
Answer: B
Q5. - (Topic 2)
You have a server that runs Windows Server 2012 R2.
The disks on the server are configured as shown in the exhibit. (Click the Exhibit button.)
You need to create a storage pool that contains Disk 1 and Disk 2. What should you do first?
A. Delete volume E
B. Convert Disk 1 and Disk 2 to dynamic disks
C. Convert Disk 1 and Disk 2 to GPT disks
D. Create a volume on Disk 2
Answer: A
Explanation:
A. Storage Pools use unallocated space There is no way to create a storage pool with existing data. Storage pools are only a collection of drives that are managed by windows.
Q6. HOTSPOT - (Topic 1)
You have a server named Server1 that runs Windows Server 2012 R2.
You need to switch Server1 to a Server Core installation of Windows Server 2012 R2.
What command should you run?
To answer, select the appropriate options in the answer area.
Answer:
Q7. - (Topic 3)
You only want to share a printer with Group1, administrators, central owner and operators (pick 2 answers).
A. Add permissions to Group1
B. Remove permissions from administrators
C. Add permissions to operators
D. Add permissions to Central Owner
E. Remove permissions from everyone.
Answer: A
Q8. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The network contains 500 client computers that run Windows 8. All of the client computers connect to the Internet by using a web proxy.
You deploy a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed.
You configure all of the client computers to use Server1 as their primary DNS server.
You need to prevent Server1 from attempting to resolve Internet host names for the client computers.
What should you do on Server1?
A. Create a primary zone named “root”.
B. Create a primary zone named "GlobalNames".
C. Create a forwarder that points to 169.254.0.1.
D. Create a primary zone named “.”.
Answer: A
Q9. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
You have received instructions to convert a basic disk to a GPT disk.
Which of the following is TRUE with regards to GPT disks? (Choose all that apply.)
A. To convert a basic disk to a GPT disk, the disk must not contain any partitions or volumes.
B. You can convert a basic disk to a GPT disk, regardless of partitions or volumes.
C. GPT is required for disks larger than 2 TB.
D. GPT is required for disks smaller than 2 TB.
E. The GPT partition style can be used on removable media.
F. GPT disks make use of the standard BIOS partition table.
Answer: A,C
Explanation:
A. For a drive to be eligible for conversion to dynamic, all basic data partitions on the drive must be contiguous.
C. GPT allows a much larger partition size greater than 2 terabytes (TB) D. 2 terabytes is the limit for MBR disks.
E. Dynamic disks are not supported on portable computers, removable disks, detachable disks that use USB or IEEE 1394 interfaces.
F. Windows only supports booting from a GPT disk on systems that contain Unified Extensible Firmware Interface (UEFI) boot firmware. Master boot record (MBR) disks use the standard BIOS partition table. GUID partition table (GPT) disks use unified extensible firmware interface (UEFI). One advantage of GPT disks is that you can have more than four partitions on each disk. GPT is also required for disks larger than 2 terabytes. Portable computers and removable media. Dynamic disks are not supported on portable computers, removable disks, detachable disks that use Universal Serial Bus (USB) or IEEE 1394 (also called FireWire) interfaces, or on disks connected to shared SCSI buses. If you are using a portable computer and right-click a disk in the graphical or list view in Disk Management, you will not see the option to convert the disk to dynamic. Dynamic disks are a separate form of volume management that allows volumes to have noncontiguous extents on one or more physical disks. Dynamic disks and volumes rely on the Logical Disk Manager (LDM) and Virtual Disk Service (VDS) and their associated features. These features enable you to perform tasks such as converting basic disks into dynamic disks, and creating fault-tolerant volumes. To encourage the use of dynamic disks, multi-partition volume support was removed from basic disks, and is now exclusively supported on dynamic disks. GPT disks can be converted to MBR disks only if all existing partitioning is first deleted, with associated loss of data.
Q. What happens when a basic disk is converted to dynamic?
A. For a drive to be eligible for conversion to dynamic, all basic data partitions on the drive must be contiguous. If other unrecognized partitions separate basic data partitions, the disk cannot be converted. This is one of the reasons that the MSR must be created before any basic data partitions. The first step in conversion is to separate a portion of the MSR to create the configuration database partition. All non-bootable basic partitions are then combined into a single data container partition. Boot partitions are retained as separate data container partitions. This is analogous to conversion of primary partitions. Windows XP and later versions of the Windows operating system differs from Windows 2000 in that basic and extended partitions are preferentially converted to a single 0x42 partition, rather than being retained as multiple distinct 0x42 partitions as on Windows 2000.
Q10. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. You install Windows Server 2012 on a new computer named DC3. You need to manually configure DC3 as a domain controller. Which tool should you use?
A. Server Manager
B. winrm.exe
C. Active Directory Domains and Trusts
D. dcpromo.exe
Answer: A
Q11. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed.
You have been instructed to add a new domain controller to Contoso.com’s existing environment.
Which of the following actions should you take?
A. You should consider making use of Server Manager.
B. You should consider making use of Authorization Manager.
C. You should consider making use of Remote Desktop Gateway Manager.
D. You should consider making use of Network Load Balancing Manager.
Answer: A
Q12. - (Topic 3)
You install Windows Server 2012 R2 on a standalone server named Server1. You configure Server1 as a VPN server.
You need to ensure that client computers can establish PPTP connections to Server1.
Which two firewall rules should you create? (Each correct answer presents part of the solution. Choose two.)
A. An inbound rule for protocol 47
B. An outbound rule for protocol 47
C. An inbound rule for TCP port 1723
D. An inbound rule for TCP port 1701
E. An outbound rule for TCP port 1723
F. An outbound rule for TCP port 1701
Answer: A,C
Explanation:
The following is a list of firewall ports which need to be opened for the various VPN tunnel
protocols:
For PPTP:
IP Protocol=TCP, TCP Port number=1723 <- Used by PPTP control path
IP Protocol=GRE (value 47) <- Used by PPTP data path
For L2TP:
IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv1 (IPSec control path)
IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv1 (IPSec control path)
IP Protocol Type=ESP (value 50) <- Used by IPSec data path
For SSTP:
IP Protocol=TCP, TCP Port number=443 <- Used by SSTP control and data path
For IKEv2:
IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv2 (IPSec control path)
IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv2 (IPSec control path)
IP Protocol Type=ESP (value 50) <- Used by IPSec data path
Q13. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1. Server1 runs Windows Server 2012 R2.
An administrator creates a security template named Template1.
You need to apply Template1 to Server1.
Which snap-in should you use?
A. Resultant Set of Policy
B. Security Configuration and Analysis
C. Authorization Manager
D. Security Templates
Answer: B
Explanation:
The Security Configuration and Analysis tool contains the Local Security Policy snap-in that is used to apply templates.
References:
http://technet.microsoft.com/en-us/library/bb742512.aspx http://technet.microsoft.com/en-us/library/cc739442%28v=WS.10%29.aspx
Q14. HOTSPOT - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server that runs Windows Server 2012 R2.
You perform a Server Core Installation of Windows Server 2012 R2 on a new server.
You need to ensure that you can add the new server to Server Manager on Server1.
What should you configure on the new server? To answer, select the appropriate setting in
the answer area.
Answer:
Q15. - (Topic 2)
You have a server named Server1 that runs Windows Server 2012 R2.Server1 has the Hyper-V server role installed.
The disks on Server1 are configured as shown in the exhibit. (Click the Exhibit button.)
You create a virtual machine on Server1.
You need to ensure that you can configure a pass-through disk for the virtual machine.
What should you do?
A. Convert Disk 1 to a GPT disk.
B. Delete partition E.
C. Convert Disk 1 to a dynamic disk.
D. Take Disk 1 offline.
Answer: D
Explanation:
References: Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2: Objective 3.2: Create and Configure virtual machine storage, Chapter 3: p. 159 Exam Ref 70-410: Installing and Configuring Server 2012: Objective 1.3: Installing and Configuring servers, Chapter 1: p. 42-43 http://blogs.technet.com/b/askcore/archive/2008/10/24/configuring-pass-through-disks-in-hyper-v.aspx