Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 1)
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1.
You need to add a new domain controller to the domain.
You install Windows Server 2012 R2 on a new server named DC3.
Which cmdlet should you run next?
A. Add-AdPrincipalGroupMembership
B. Install-AddsDomainController
C. Install WindowsFeature
D. Install AddsDomain
E. Rename-AdObject
F. Set-AdAccountControl
G. Set-AdGroup
H. Set-User
Answer: C
Explanation:
It is the 2nd step when installing a DC by powershell on a fresh server.
Q2. - (Topic 3)
You have a DNS server named DNS1 that runs windows server 2012 R2.
DNS1 is used to resolve the names of internet resources by using several DNS forwarders.
You need to prevent DNS1 from performing iterative queries if the DNS forwarders are unable to reslove the queries.
Which cmdlet should you use?
A. Remove-DNSServerRootHint
B. Set-DNSServerPrimaryZone
C. Ser-DNSServerGlobalNameZone
D. Unregister-DNSserverDrirectoryPartition
Answer: A
Q3. DRAG DROP - (Topic 3)
You have a print server named Server1Server1 runs Windows Server 2008 R2. You have a file server named Server2. Server2 runs Windows Server 2012 R2.
You need to migrate all of the printers on Server1 to Server2.
Which actions should you perform on the servers?
To answer, drag the appropriate action to the correct servers in the answer area. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q4. - (Topic 1)
Your network contains an Active Directory domain named contoso.com.
All client computers run Windows 8.
You deploy a server named Server1 that runs Windows Server 2012 R2.
You install a new client-server application named App1 on Server1 and on the client
computers. The client computers must use TCP port 6444 to connect to App1 on Server1.Server1 publishes the information of App1 to an intranet server named Server2 by using TCP port 3080.
You need to ensure that all of the client computers can connect to App1. The solution must
ensure that the application can connect to Server2.
Which Windows Firewall rule should you create on Server1?
A. an inbound rule to allow a connection to TCP port 3080
B. an outbound rule to allow a connection to TCP port 3080
C. an outbound rule to allow a connection to TCP port 6444
D. an inbound rule to allow a connection to TCP port 6444
Answer: D
Explanation:
A. Server2 needs inbound on 3080.
B. All ports outbound allowed by default.
D. Server1 gets request from Client PC’s it needs an inbound rule for 6444. By default, Windows Firewall with Advanced Security blocks all unsolicited inbound network traffic, and allows all outbound network traffic. For unsolicited inbound network traffic to reach your computer, you must create an allow rule to permit that type of network traffic. If a network program cannot get access, verify that in the Windows Firewall with Advanced Security snap-in there is an active allow rule for the current profile. To verify that there is an active allow rule, double-click Monitoring and then click Firewall. If there is no active allow rule for the program, go to the Inbound Rules node and create a new rule for that program. Create either a program rule, or a service rule, or search for a group that applies to the feature and make sure all the rules in the group are enabled. To permit the traffic, you must create a rule for the program that needs to listen for that traffic. If you know the TCP or UDP port numbers required by the program, you can additionally restrict the rule to only those ports, reducing the vulnerability of opening up all ports for the program.
Q5. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains 100 user accounts that reside in an organizational unit (OU) named 0U1. You need to ensure that a user named User1 can link and unlink Group Policy objects (GPOs) to OU1. The solution must minimize the number of permissions assigned to User1.
What should you do?
A. Modify the permissions on OU1.
B. Run the Set-GPPermission cmdlet.
C. Add User1 to the Group Policy Creator Owners group.
D. Modify the permissions on the User1 account.
Answer: A
Explanation:
Q6. - (Topic 2)
Your network contains an Active Directory domain named contoso.com.
All of the AppLocker policy settings for the member servers are configured in a Group Policy object (GPO) named GPO1.
A member server named Server1 runs Windows Server 2012 R2.
On Server1, you test a new set of AppLocker policy settings by using a local computer policy.
You need to merge the local AppLocker policy settings from Server1 into the AppLocker policy settings of GPO1.
What should you do?
A. From Local Group Policy Editor on Server1, export an .inf file. Import the .inf file by using Group Policy Management Editor.
B. From Server1, run the Set-ApplockerPolicy cmdlet.
C. From Local Group Policy Editor on Server1, export an .xml file. Import the .xml file by using Group Policy Management Editor.
D. From Server1, run the New-ApplockerPolicy cmdlet.
Answer: B
Explanation:
The Set-AppLockerPolicy cmdlet sets the specified Group Policy Object (GPO) to contain the specified AppLocker policy. If no Lightweight Directory Access Protocol (LDAP) is specified, the local GPO is the default. When the Merge parameter is used, rules in the specified AppLocker policy will be merged with the AppLocker rules in the target GPO specified in the LDAP path. The merging of policies will remove rules with duplicate rule IDs, and the enforcement setting specified by
the AppLocker policy in the target GPO will be preserved. If the Merge parameter is not
specified, then the new policy will overwrite the existing policy.
References:
http://technet.microsoft.com/en-us/library/ee791816(v=ws.10).aspx
Exam Ref 70-410: Installing and configuring Windows Server 2012 R2, Chapter 10:
Implementing Group Policy, Lesson1: Planning, Implementing and managing Group Policy,
p. 479
Q7. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a DHCP server named Server1 that runs Windows Server 2012 R2.
You create a DHCP scope named Scope1. The scope has a start address of 192.168.1.10, an end address of 192.168.1.50, and a subnet mask of 255.255.255.192.
You need to ensure that Scope1 has a subnet mask of 255.255.255.0.
What should you do first?
A. From the DHCP console, reconcile Scope1.
B. From the DHCP console, delete Scope1.
C. From the DHCP console, modify the Scope Options of Scope1.
D. From Windows PowerShell, run the Set-DhcpServerv4Scope cmdlet.
Answer: B
Explanation:
You cannot change the subnet mask of a DHCP scope without deleting the scope and
recreating it with the new subnet mask.
Set-DhcpServerv4Scope does not include a parameter for the subnet mask.
Q8. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed. You need to log the amount of system resources used by each virtual machine. What should you do?
A. From Windows PowerShell, run the Enable-VMResourceMetering cmdlet.
B. From Windows System Resource Manager, enable Accounting.
C. From Windows System Resource Manager, add a resource allocation policy.
D. From Windows PowerShell, run the Measure-VM cmdlet.
Answer: A
Explanation:
Enable-VMResourceMetering – The Enable-VMResourceMeteringcmdlet starts collecting
resourceutilization data for a virtual machine or resource pool.
Measure-VM – The Measure-VM cmdlet reports data on processor usage, memory usage,
network traffic, and disk capacity for one or more virtual machines.
Q9. - (Topic 1)
Your network contains an Active Directory domain named adatum.com. The domain contains several thousand member servers that run Windows Server 2012 R2.All of the computer accounts for the member servers are in an organizational unit (OU) named ServersAccounts.
Servers are restarted only occasionally.
You need to identify which servers were restarted during the last two days.
What should you do?
A. Run dsquery computer and specify the –staiepwd parameter.
B. Run Get-ADComputer and specify the SearchScope parameter.
C. Run Get-ADComputer and specify the IastLogon property.
D. Run dsquery server and specify the –o parameter
Answer: C
Q10. - (Topic 3)
In a domain running at the Windows Server 2012 R2 domain functional level, which of the following security principals can be members of a global group? (Choose all answers that are correct.)
A. Users
B. Computers
C. Universal groups
D. Global groups
Answer: A,B,D
Explanation:
A. Correct: Users can be security principals in a global group.
B. Correct: Computers can be security principals in a global group.
C. Incorrect: Universal groups cannot be security principals in a global group.
D. Correct: Global group can be security principals in a global group.
Q11. - (Topic 2)
Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains one domain. A two-way forest trust exists between the forests.
The forests use the address spaces shown in the following table.
From a computer in the contoso.com domain, you can perform reverse lookups for the servers in the contoso.com domain, but you cannot perform reverse lookups for the servers in the adatum.com domain.
From a computer in the adatum.com domain, you can perform reverse lookups for the servers in both domains.
You need to ensure that you can perform reverse lookups for the servers in the adatum.com domain from the computers in the contoso.com domain.
What should you create?
A. A trust point
B. A GlobalNames zone
C. A delegation
D. A conditional forwarder
Answer: D
Explanation:
Conditional forwarders are DNS servers that only forward queries for specific domain names. Instead of forwarding all queries it cannot resolve locally to a forwarder, a conditional forwarder is configured to forward a query to specific forwarders based on the domain name contained in the query. Forwarding according to domain names improves conventional forwarding by adding a name-based condition to the forwarding process. The conditional forwarder setting for a DNS server consists of the following: The domain names for which the DNS server will forward queries. One or more DNS server IP addresses for each domain name specified. When a DNS client or server performs a query operation against a DNS server, the DNS server looks to see if the query can be resolved using its own zone data or the data stored in its cache. If the DNS server is configured to forward for the domain name designated in the query, then the query is forwarded to the IP address of a forwarder associated with the domain name. For example, in the following figure, each of the queries for the domain names is forwarded to a DNS server associated with the domain name.
: http://technet.microsoft.com/en-us/library/cc757172(v=ws.10).aspx
Q12. - (Topic 1)
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1.
You need to prevent User1 from changing his password. The solution must minimize administrative effort.
Which cmdlet should you run?
A. Add-AdPrincipalGroupMembership
B. Install-AddsDomainController
C. Install-WindowsFeature
D. Install-AddsDomain
E. Rename-AdObject
F. Set-AdAccountControl
G. Set-AdGroup
H. Set-User
Answer: F
Explanation:
The Set-ADAccountControlcmdlet modifies the user account control (UAC) values for an Active Directory user or computer account. UAC values are represented by cmdlet parameters. CannotChangePassword Modifies the ability of an account to change its password. To disallow password change by the account set this to $true. This parameter changes the Boolean value of the CannotChangePassword property of an account. The following example shows how to specify the PasswordCannotChange parameter. -CannotChangePassword $false
References:
http://technet.microsoft.com/en-us/library/ee617249.aspx http://technet.microsoft.com/en-us/library/hh974723.aspx http://technet.microsoft.com/en-us/library/hh974722.aspx
Q13. - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 has 8 GB of RAM.
Server1 hosts five virtual machines that run Windows Server 2012 R2.
The settings of a virtual machine named Server3 are configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that when Server1 restarts, Server3 automatically resumes without intervention. The solution must prevent data loss.
Which settings should you modify?
A. BIOS
B. Automatic Start Action
C. Automatic Stop Action
D. Integration Services
Answer: C
Explanation:
The Automatic Stop Action setting should be modified because it will allow you to configure: “Save the virtual machine state” option instructs Hyper-V Virtual Machine Management Service to save the virtual machine state on the local disk when the Hyper-V Server shuts down. OR “Turn Off the virtual machine” is used by the Hyper-V Management Service (VMMS.exe) to gracefully turn off the virtual machine. OR “Shut down the guest operating system” is successful only if the “Hyper-V Shutdown” guest service is running in the virtual machine. The guest service is required to be running in the virtual machine as the Hyper-V VMMS.EXE process will trigger Windows Exit message which is received by the service. Once the message is received by the guest service, it takes the necessary actions to shut down the virtual machine.
: http://www.altaro.com/hyper-v/hyper-v-automatic-start-and-stop-action/
Q14. - (Topic 3)
You have a server named Server1 that has the Print and Document Services server role installed.
You need to provide users with the ability to manage print jobs on Server1 by using a web browser.
What should you do?
A. Start the Printer Extensions and Notifications service and set the service to start automatically.
B. Install the LPD Service role service.
C. Start the Computer Browser service and set the service to start automatically.
D. Install the Internet Printing role service.
Answer: D
Explanation:
References: Internet printing makes it possible for computers running Windows Server 2008 to use printers located anywhere in the world by sending print jobs using Hypertext Transfer Protocol (HTTP). http://technet.microsoft.com/en-us/library/cc731368(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc731857.aspx
Q15. - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2.
You try to install the Microsoft .NET Framework 3.5 Features feature on Server1, but the
installation fails repeatedly.
You need to ensure that the feature can be installed on Server1.
What should you do?
A. Run the Add-AppxProvisionedPackage cmdlet.
B. Remove the .NET Framework 4.5 Features feature.
C. Connect Server1 to the Internet.
D. Install the Web Server (IIS) server role.
Answer: C
Explanation:
The files needed are no longer available on the local Hard drive. We need to connect the server to the Internet. Important to note that when starting with Windows Server 2012 R2 and Windows 8, the feature files for .NET Framework 3.5 (which includes .NET Framework 2.0 and .NET Framework 3.0) are not available on the local computer by default. The files have been removed. Files for features that have been removed in a Features on Demand configuration, along with feature files for .NET Framework 3.5, are available through Windows Update. By default, if feature files are not available on the destination server that is running Windows Server 2012 R2 R2 Preview or Windows Server 2012 R2, the installation process searches for the missing files by connecting to Windows Update. You can override the default behavior by configuring a Group Policy setting or specifying an alternate source path during installation, whether you are installing by using the Add Roles and Features Wizard GUI or a command line.
References: Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2, Chapter 2: Configure server roles and Features, p. 117 Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 2: Deploying servers, p. 80