Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
Contoso.com has a server, named ENSUREPASS-SR13, which is configured as the primary DNS server in the Contoso.com domain. Contoso.com has another server, named ENSUREPASS-SR14, which makes use of ENSUREPASSSR13 for DNS queries.
You want to make sure that running nslookup.exe from ENSUREPASS-SR14 produces a result that shows the proper name of the default server.
Which of the following actions should you take?
A. You should consider creating a reverse lookup zone on ENSUREPASS-SR14.
B. You should consider creating a forward lookup zone on ENSUREPASS-SR14.
C. You should consider creating a reverse lookup zone on ENSUREPASS-SR13.
D. You should consider creating a forward lookup zone on ENSUREPASS-SR13.
Answer: C
Explanation:
When you start Nslookup from a command line, the following error message may be displayed: DNS request timed out timeout was x seconds Can’t find server name for address xxx.xxx.xxx.xxx: Timed out Default servers are not available Default Server: UnKnown Address: xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is the Internet Protocol (IP) address of the host on which you are attempting to start Nslookup. CAUSE When Nslookup starts, it attempts to resolve the IP address of its host’s DNS server to its fully qualified domain name (FQDN). If the DNS server does not respond or if the DNS server’s reverse lookup zones do not contain a PTR record for the DNS server’s IP address, the error message is displayed.
Q2. - (Topic 2)
You have a server named Server1 that runs Windows Server 2012 R2. You add a 4-TB disk named Disk 5 to Server1.
You need to ensure that you can create a 3-TB volume on Disk 5.
What should you do?
A. Create a storage pool.
B. Convert the disk to a dynamic disk
C. Create a VHD, and then attach the VHD.
D. Convert the disk to a GPT disk.
Answer: D
Explanation:
MBR max is 2TB, the disk must be GPT For any hard drive over 2TB, we need to use GPT partition. If you have a disk larger than 2TB size, the rest of the disk space will not be used unless you convert it to GPT. An existing MBR partition can’t be converted to GPT unless it is completely empty; you must either delete everything and convert or create the partition as GPT. It is not possible to boot to a GPT partition, impossible to convert MBR to GPT without data loss.
Q3. - (Topic 2)
Your network contains a Hyper-V host named Server1 that runs Windows Server 2012 R2.
Server1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
You create a checkpoint of VM1, and then you install an application on VM1. You verify
that the application runs properly.
You need to ensure that the current state of VM1 is contained in a single virtual hard disk
file.
The solution must minimize the amount of downtime on VM1.
What should you do?
A. From a command prompt, run dism.exe and specify the /delete-image parameter.
B. From a command prompt, run dism.exe and specify the /commit-image parameter.
C. From Hyper-V Manager, delete the checkpoint.
D. From Hyper-V Manager, inspect the virtual hard disk.
Answer: C
Q4. - (Topic 1)
Your network contains a server named Server1 that runs Windows Server 2012
R2.Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
VM2 sends and receives large amounts of data over the network.
You need to ensure that the network traffic of VM2 bypasses the virtual switches of the parent partition.
What should you configure?
A. NUMA topology
B. Resource control
C. resource metering
D. virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Answer: K
Explanation:
Single-root I/O virtualization -capable network adapters can be assigned directly to a virtual machine to maximize network throughput while minimizing network latency and the CPU overhead required for processing network traffic.
References:
http://technet.microsoft.com/en-us/library/cc766320(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh831410.aspx
Exam Ref 70-410, Installing and Configuring Windows Server 2012 R2, Chapter 3: Configure Hyper-V, Objective 3.1: Create and Configure virtual machine settings, p.144 Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 7: Hyper-V Virtualization, Lesson 2: Deploying and configuring virtual machines, p.335
Q5. HOTSPOT - (Topic 3)
You have a DNS server named Server 1. Server1 runs Windows Server 2012 R2.
The network ID is 10.1.1.0/24.
An administrator creates several reverse lookup zones.
You need to identify which reverse lookup zone is configured correctly.
Which zone should you identify?
To answer, select the appropriate zone in the answer area.
Answer:
Q6. - (Topic 3)
You have a server named Server1 that runs a Server Core installation of Windows Server 2012 R2. Server1 is configured to obtain an IPv4 address by using DHCP. You need to configure the IPv4 settings of the network connection on Server1 as follows:
IP address: 10.1.1.1
Subnet mask: 255.255.240.0
Default gateway: 10.1.1.254
What should you run?
A. Set-NetlPInterface
B. netcfg.exe
C. New-NetlPAddress
D. msconfig.exe
Answer: C
Q7. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 installed.
Contoso.com has its headquarters in London, and several widespread satellite offices. When Contoso.com releases a new written policy stating that the graphical user interface (GUI) should not be installed on any servers deployed to Contoso.com’s satellite offices.
It is reported that a server in one of the satellite offices are not compliant with the new written policy.
You are required to remedy the situation, while using the least amount of user interaction.
Which of the following actions should you take?
A. You should consider uninstalling the User Interfaces and Infrastructure feature using a PowerShell cmdlet.
B. You should consider uninstalling the User Interfaces and Infrastructure feature via TS Manager.
C. You should consider uninstalling the User Interfaces and Infrastructure feature via Server Manager.
D. You should consider uninstalling the User Interfaces and Infrastructure feature using the Dsrm.exe command from the command prompt.
Answer: C
Explanation:
Although you could utilize a PowerShell cmdlet, it would require you to either log on to the remote machine to enable PowerShell remoting first (or to use the local PowerShell console). Using Server Manager, you could just add the server (if it wasn't already added) and use the "Remove Roles and Features" applet.
Q8. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains an Application server named Server1. Server1 runs Windows Server 2012 R2.
Server1 is configured as an FTP server.
Client computers use an FTP Application named App1.exe. App1.exe uses TCP port 21 as
the control port and dynamically requests a data port.
On Server1, you create a firewall rule to allow connections on TCP port 21. You need to configure Server1 to support the client connections from App1.exe. What should you do?
A. Run netshadvfirewall set global statefulftp enable.
B. Create an inbound firewall rule to allow App1.exe.
C. Create a tunnel connection security rule.
D. Run Set-NetFirewallRule -DisplayName DynamicFTP -Profile Domain
Answer: A
Explanation:
The netsh firewall context is supplied only for backward compatibility. We recommend that you do not use this context on a computer that is running Windows Vista or a later version of Windows. In the netsh advfirewall firewall context, the add command only has one variation, the add rule command. Netsh advfirewall set global statefulftp: Configures how Windows Firewall with Advanced Security handles FTP traffic that uses an initial connection on one port to request a data connection on a different port. When statefulftp is enabled, the firewall examines the PORT and PASV requests for these other port numbers and then allows the corresponding data connection to the port number that was requested. Syntax set global statefulftp { enable | disable | notconfigured } Parameters statefulftp can be set to one of the following values: enable The firewall tracks the port numbers specified in PORT command requests and in the responses to PASV requests, and then allows the incoming FTP data traffic entering on the requested port number. disable This is the default value. The firewall does not track outgoing PORT commands or PASV responses, and so incoming data connections on the PORT or PASV requested port is blocked as an unsolicited incoming connection. notconfigured Valid only when netsh is configuring a GPO by using the set store command.
Q9. - (Topic 3)
Your network contains an Active Directory domain named contoso.com.
You create a software restriction policy to allow an application named App1 by using a certificate rule.
You need to prevent the software restriction policy from applying to users that are members of the local Administrators group.
What should you do?
A. Modify the rule for App1
B. Modify the Enforcement Properties
C. Modify the Security Levels.
D. Modify the Trusted Publishers Properties
Answer: B
Q10. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
On Server1, an administrator creates a virtual machine named VM1.
A user named User1 is the member of the local Administrators group on Server1.
User1 attempts to modify the settings of VM1 as shown in the following exhibit. (Click the
Exhibit button.)
You need to ensure that User1 can modify the settings of VM1 by running the Set-Vm cmdlet.
What should you instruct User1 to do?
A. Import the Hyper-V module.
B. Install the Integration Services on VM1.
C. Run Windows PowerShell with elevated privileges.
D. Modify the membership of the local Hyper-V Administrators group.
Answer: C
Explanation:
You can only use the PowerShell snap-in to modify the VM settings with the vm cmdlets
when you are an Administrator.
Thus best practices dictate that User1 run the PowerShell with elevated privileges.
Reference: http://technet.microsoft.com/en-us/library/jj713439.aspx
Q11. - (Topic 2)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has following storage spaces:
....
Data
Users
Backups
Primordial
You add an additional hard disk to Server1.
You need to identify which storage space contains the new hard disk.
Which storage space contains the new disk?
A. Primordial
B. Data
C. Users
D. Backups
Answer: A
Explanation:
All storage that meets acceptable criteria for Storage Spaces will be placed in the Primordial Pool. This can be considered the default pool for devices from which any other pools will be created. Notice that there are no other virtual disks or pools at this point. The Primordial Pool will only consist of physical storage devices that do not belong to any other pools.
Q12. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 installed.
You have been instructed to modify the name of the local Administrator account on all Contoso.com workstations. You want to achieve this using as little administrative effort as possible.
Which of the following actions should you take?
A. You should consider configuring the Security Options settings via the Group Policy Management Console (GPMC).
B. You should consider navigating to Local Users and Groups via Computer
C. You should consider configuring the replication settings.
D. You should consider navigating to Local Users and Groups via Computer Management on each workstation.
Answer: A
Explanation:
Rename administrator account policy setting determines whether a different account name is associated with the security identifier (SID) for the Administrator account. Because the Administrator account exists on all Windows server versions, renaming the account makes it slightly more difficult for attackers to guess this user name and password combination. By default, the built-in Administrator account cannot be locked out no matter how many times a malicious user might use a bad password. This makes the Administrator account a popular target for brute-force password-guessing attacks. The value of this countermeasure is lessened because this account has a well-known SID and there are non-Microsoft tools that allow you to initiate a brute-force attack over the network by specifying the SID rather than the account name. This means that even if you have renamed the Administrator account, a malicious user could start a brute-force attack by using the SID. Rename the Administrator account by specifying a value for the Accounts: Rename administrator account policy setting. Location: GPO_name\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Q13. - (Topic 3)
You work as a senior administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
You are running a training exercise for junior administrators. You are currently discussing the use of Non-Uniform Memory Architecture (NUMA).
Which of the following is TRUE with regards to Non-Uniform Memory Architecture (NUMA)? (Choose two.)
A. It is a computer architecture used in multiprocessor systems.
B. It is a computer architecture used in single processor systems.
C. It allows a processor to access local memory faster than it can access remote memory.
D. It allows a processor to access remote memory faster than it can access local memory.
Answer: A,C
Explanation:
NUMA is a hardware design feature that divides CPUs and memory in a physical server into NUMA nodes. You get the best performance when a process uses memory and CPU from within the same NUMA node. de is full, then it’ll get memory from When a process requires more memory, but the current NUMA no another NUMA node and that comes at a performance cost to that process, and possibly all other processes on that physical server. And that’s why virtualization engineers need to be aware of this. In Hyper-V we have Dynamic Memory. Non-Uniform Memory Access or Non-Uniform Memory Architecture (NUMA) is a computer memory design used in multiprocessors, where the memory access time depends on the memory location relative to a processor. Under ccNUMA, a processor can access its own local memory faster than non-local memory, that is, memory local to another processor or memory shared between processors. NUMA architectures logically follow in scaling from symmetric multiprocessing (SMP) architectures.
Q14. - (Topic 3)
You work as a senior administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
You are running a training exercise for junior administrators. You are currently discussing connection security rules.
Which of the following is TRUE with regards to connection security rules? (Choose all that apply.)
A. Connection security rules allows for traffic to be secured via IPsec.
B. Connection security rules do not allow the traffic through the firewall.
C. Connection security rules are applied to programs or services.
D. Connection security rules are applied between two computers.
Answer: A,B,D
Explanation:
Connection security involves the authentication of two computers before they begin communications and the securing of information sent between two computers. Windows Firewall with Advanced Security uses Internet Protocol security (IPsec) to achieve connection security by using key exchange, authentication, data integrity, and, optionally, data encryption. How firewall rules and connection security rules are related Firewall rules allow traffic through the firewall, but do not secure that traffic. To secure traffic with IPsec, you can create Computer Connection Security rules. However, the creation of a connection security rule does not allow the traffic through the firewall. You must create a firewall rule to do this, if the traffic is not allowed by the default behavior of the firewall. Connection security rules are not applied to programs or services; they are applied between the computers that make up the two endpoints.
Q15. HOTSPOT - (Topic 3)
Your network contains an Active Directory domain. The domain contains a server named Server28.
The computer account of Server 28 is located in an organizational unit (OU) named OU1. A Group Policy object (GPO) named Application Restriction Policy is linked to OU1.
The settings of the GPO are configured as shown in the GPO Settings exhibit. (Click the Exhibit button.)
The Services console on Server28 is shown in the Services exhibit. (Click the Exhibit
button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise select No. Each correct selection is worth one point.
Answer: