Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 3)
Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Server1 and a domain controller named DC2. All servers run Windows Server 2012 R2. On DC2, you open Server Manager and you add Server1 as another server to manage. From Server Manager on DC2, you right-click Server1 as shown in the exhibit. You need to ensure that when you right-click Server1, you see the option to run the DHCP console.
What should you do?
A. On Server1, install the Feature Administration Tools.
B. In the domain, add DC1 to the DHCP Administrators group.
C. On DC2 and Server1, run winrm quickconfig.
D. On DC2, install the Role Administration Tools.
Answer: D
Q2. - (Topic 1)
Your network contains an Active Directory domain named contoso.com.
You log on to a domain controller by using an account named Admin1.Admin1 is a member of the Domain Admins group.
You view the properties of a group named Group1 as shown in the exhibit. (Click the Exhibit button.)
Group1 is located in an organizational unit (OU) named OU1.
You need to ensure that users from Group1 can modify the Security settings of OU1 only.
What should you do from Active Directory Users and Computers?
A. Modify the Managed By settings on OU1.
B. Right-click contoso.com and select Delegate Control.
C. Right-click OU1 and select Delegate Control.
D. Modify the Security settings of Group1.
Answer: C
Explanation:
Delegating control to only the OU will allow the users of Group1 to modify the security settings.
Q3. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed.
You have just executed the Uninstall-WindowsFeature Server-Gui-Shell Contoso.com server, named ENSUREPASS-SR13.
Which of the following is the reason for doing this?
A. To only remove Windows Explorer from ENSUREPASS-SR13.
B. To only remove the Windows Internet Explorer from ENSUREPASS-SR13.
C. To only remove the components and files related to Windows Explorer from ENSUREPASSSR13.
D. To remove Windows Explorer, Windows Internet Explorer, and all associated components and files from ENSUREPASS-SR13.
Answer: D
Explanation:
Minimal Server Interface If the server has a full installation of Windows Server, and I need to bring the server down to minimal server interface, I only need to remove the Server-GUI-Shell. The command is shown here. Get-WindowsFeature Server-Gui-Shell | Uninstall-WindowsFeature – restart Minimal Server Interface is situated between the Server Core and Server with a GUI modes, you can either install features on Server Core or remove features from Server with a GUI to reach the Minimal Server Interface installation state.
Q4. HOTSPOT - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 is a member of a workgroup.
You need to ensure that only members of the Administrators group and members of a group named Group1 can log on locally to Server1.
Which settings should you modify from the Local Security Policy? To answer, select the appropriate settings in the answer area.
Answer:
Q5. HOTSPOT - (Topic 3)
Your network contains an Active Directory domain named contoso.com.
Technicians use Windows Deployment Services (WDS) to deploy Windows Server 2012 R2.
The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed.
You need to ensure that you can use WDS to deploy Windows Server 2012 R2 to a virtual machine named VM1.
Which settings should you configure?
To answer, select the appropriate settings in the answer area.
Answer:
Q6. - (Topic 3)
Your network contains an active directory domain named contoso.com. The domain consists 20
member Servers and 5 domain controllers. All servers run Windows Server 2012 R2. The domain contains 500 client computers.
You plan to deploy a domain controller for contoso.com in Microsoft Azure.
You need to prepare the conversation for planned deployment. The solution should ensure that the domain controller hosted in Azure always have the same IP address.
Witch two actions should you perform? Each correct answer is a part of the solution.
A. From an Azure virtual machine run the Set-AzureStaticVNetIP cmdlet
B. Deploy a Side by side virtual private network (VPN)
C. From Azure virtual machine run the Set –NetIPAuthentication cmdlet
D. From an domain controller run the Set-NetIPAdresses cmdlet
E. From an domain controller run adprep.exe
Answer: A
Explanation:
Set the static VNet IP address information to a VM object.
Q7. HOTSPOT - (Topic 2)
Your network contains an Active Directory forest. The forest contains two domains named Domain1 and Domain2.
Domain1 contains a file server named Server1. Server1 has a shared folder named Share1.
Domain2 contains 50 users who require access to Share1.
You need to create groups in each domain to meet the following requirements:
. In Domain1, create a group named Group1. Group1 must be granted access to Share1. . In Domain2, create a group named Group2. Group2 must contain the user accounts of the 50 users. . Permission to Share1 must only be assigned directly to Group1.
Which type of groups should you create and which group nesting strategy should you use?
To answer, select the appropriate configuration in the answer area.
Answer:
Q8. - (Topic 3)
You work as a senior administrator at Lead2pass.com. The Lead2pass.com network consists of a single domain named Lead2pass.com. All servers on the Lead2pass.com network have Windows Server 2012 R2 installed.
You are running a training exercise for junior administrators. You are currently discussing storage pools.
Which of the following are TRUE with regards to storage pools?
A. It allows you to group physical disks into one or more containers.
B. It prevents you from grouping physical disks into one or more containers.
C. It allows you to easily add storage with minor impact on users.
D. It allows you to easily add storage without impacting users.
Answer: A,D
Q9. - (Topic 3)
Your network contains one Active Directory domain named contoso.com. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01.
You plan to deploy a child domain for contoso.com in Microsoft Azure.
To the Azure subscription, you add several virtual machines that have a Server Core installation of Windows Server 2012 R2.
You need to create the new domain on one of the virtual machines.
Which tool should you use?
A. the ntdsutil command
B. the Set-ADDomain cmdlet
C. the Install-ADDSDomain cmdlet
D. the dsadd command
E. the dsamain command
F. the dsmgmt command
G. the net user command
H. the Set-ADForest cmdlet
Answer: C
Explanation: The Install-ADDSDomain cmdlet installs a new Active Directory domain configuration.
https://technet.microsoft.com/en-us/library/hh974722(v=wps.630).aspx
Q10. - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2.
You apply a security policy to server1 by using the Security Configuration Wizard (CWM). You plan to roll back the security policy.
You need to identify the settings that are prevented from rolling back running the CWM Witch settings should you identify.
A. The secure startup order
B. The outbound authentication methods
C. The network security rules
D. The system access control list
Answer: D
Q11. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed. On Server1, you create and start a virtual machine named VM1. VM1 is configured as shown in the following table.
You plan to create a snapshot of VM1. You need to recommend a solution to minimize the amount of disk space used for the snapshot of VM1. What should you do before you create the snapshot?
A. Run the Stop-VM cmdlet.
B. Run the Convert-VHD cmdlet.
C. Decrease the Maximum RAM
D. Decrease the Minimum RAM.
Answer: A
Explanation:
What are virtual machine snapshots?
Virtual machine snapshots capture the state, data, and hardware configuration of a running
virtual machine.
What are snapshots used for?
Snapshots provide a fast and easy way to revert the virtual machine to a previous state.
For this reason, virtual machine snapshots are intended mainly for use in development and
test environments. Having an easy way to revert a virtual machine can be very useful if you
need to recreate a specific state or condition so that you can troubleshoot a problem.
There are certain circumstances in which it may make sense to use snapshots in a
production environment.
For example, you can use snapshots to provide a way to revert a potentially risky operation
in a production environment, such as applying an update to the software running in the
virtual machine.
How are snapshots stored?
Snapshot data files are stored as .avhd files. Taking multiple snapshots can quickly
consume storage space. In the first release version of Hyper-V (KB950050) and in Hyper-V
in Windows Server 2008 Service Pack 2, snapshot, snapshot data files usually are located
in the same folder as the virtual machine by default. In Hyper- V in Windows Server 2008
R2, the files usually are located in the same folder as the virtual hard disk. The following
exceptions affect the location of the snapshot data files: If the virtual machine was imported
with snapshots, they are stored in their own folder. If the virtual machine has no snapshots
and you configure the virtual machine snapshot setting, all snapshots you take afterwards
will be stored in the folder you specify.
http://technet.microsoft.com/pt-pt/library/dd560637%28v=ws.10%29.aspx
Reducing the available RAM for the VM would reduce the size of the snapshot, what better
than have the machine turn off, not using any memory.
Q12. - (Topic 3)
You have an Active Directory domain named contoso.com. You have a domain controller named Server1 that is configured as a DNS server. Server1 hosts a standard primary zone for contoso.com. The DNS configuration of Server1 is shown in the exhibit.
You discover that stale resource records are not automatically removed from the contoso.com zone.
You need to ensure that the stale resource records are automatically removed from the contoso.com zone.
What should you do?
A. Set the scavenging period of Server1 to 0 days.
B. Modify the Server Aging/Scavenging properties.
C. Configure the aging properties for the contoso.com zone.
D. Convert the contoso.com zone to an Active Directory-integrated zone.
Answer: C
Explanation:
Scavenging or aging as it is also known as automates the deletion of old records. When scavenging is disabled, these records must be deleted manually or the size of the DNS database can become large and have an adverse effect on performance. In the exhibit it shows that scavenging is enabled on Server1, thus you should configure the aging properties for the zone.
Q13. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. Subsequent to deploying a Server Core Installation of Windows Server 2012 on a new Contoso.com server, you are instructed to add a graphical user interface (GUI) to the server.
You want to achieve this goal from the command prompt. Which of the following actions should you take?
A. You should consider making use of the dism.exe command.
B. You should consider making use of the dsquery.exe command.
C. You should consider making use of the dsadd.exe command.
D. You should consider making use of the dsrm.exe command.
Answer: A
Explanation:
A. Deployment Image Servicing and Management (DISM)
B. dsquery Queries the directory by using search criteria that you specify.
C. dsadd Adds specific types of objects to the directory.
D. dsrm Deletes an object of a specific type or any general object from the directory.
The Deployment Image Servicing and Management (DISM) tool replaces the pkgmgr, PEImg, and IntlConfg tools that are being retired in Windows 7. DISM provides a single centralized tool for performing all of the functions of these three tools in a more efficient and standardized way, eliminating the source of many of the frustrations experienced by current users of these tools. Dism /online /enable-feature /featurename:Server-Gui-Mgmt /featurename:Server-Gui-Shell /featurename:ServerCore-FullServer
Q14. - (Topic 1)
Your network contains an Active Directory forest. The forest contains a single domain named contoso.com. The domain contains four domain controllers. The domain controllers are configured as shown in the following table.
All domain controllers are DNS servers.
You plan to deploy a new domain controller named DC5 in the contoso.com domain.
You need to identify which domain controller must be online to ensure that DC5 can be promoted successfully to a domain controller.
Which domain controller should you identify?
A. DC1
B. DC2
C. DC3
D. DC4
Answer: D
Explanation:
Relative ID (RID) Master: Allocates active and standby RID pools to replica domain controllers in the same domain. (corp.contoso.com). Must be online for newly promoted domain controllers to obtain a local RID pool that is required to advertise or when existing domain controllers have to update their current or standby RID pool allocation. The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. When a DC creates a security principal object such as a user or group, it attaches a unique Security ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs created in a domain), and a relative ID (RID) that is unique for each security principal SID created in a domain. Each DC in a domain is allocated a pool of RIDs that it is allowed to assign to the security principals it creates. When a DC’s allocated RID pool falls below a threshold, that DC issues a request for additional RIDs to the domain’s RID master. The domain RID master responds to the request by retrieving RIDs from the domain’s unallocated RID pool and assigns them to the pool of the requesting DC At any one time, there can be only one domain controller acting as the RID master in the domain.
The Infrastructure Master – The purpose of this role is to ensure that cross-domain object references are correctly handled. For example, if you add a user from one domain to a security group from a different domain, the Infrastructure Master makes sure this is done properly. As you can guess however, if your Active Directory deployment has only a single domain, then the Infrastructure Master role does no work at all, and even in a multi-domain environment it is rarely used except when complex user administration tasks are performed, so the machine holding this role doesn’t need to have much horsepower at all.
Q15. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. One of the domain controllers is named DC1.
The network contains a member server named Server1 that runs Windows Server 2012 R2.
You need to promote Server1 to a domain controller by using install from media (IFM).
What should you do first?
A. Create a system state backup of DC1.
B. Create IFM media on DC1.
C. Upgrade DC1 to Windows Server 2012 R2.
D. Run the Active Directory Domain Services Configuration Wizard on Server1.
E. Run the Active Directory Domain Services Installation Wizard on DC1.
Answer: C
Explanation:
A. Backs up system state data to be restored
C. Only valid option. You could install ADDS role on Server 1 and run ADDS configuration wizard and add DC to existing domain
D. Need to add ADDS role first
E. Wrong server Installation from media does not work across different operating system versions. In other words, you must use a Windows Server 2012 R2 domain controller to generate installation media to use for another Windows Server 2012 R2 domain controller installation. We can use the Install from media (IFM) option to install an Additional Domain Controller in an existing domain is the best option such as a branch office scenario where network is slow, unreliable and costly. IFM will minimize replication traffic during the installation because it uses restored backup files to populate the AD DS database. This will significantly reduce the amount of traffic copied over the WAN link. Things to remember: If you are deploying your first Domain Controller in the domain, you cannot use IFM. The OS will need to match the IFM media. (If you create a 2008 R2 IFM, promote a 2008 R2 DC) If you are creating a DC that will be a Global Catalog Server, create your IFM on a Global Catalog Server.
If you are creating a DC that will be a DNS Server, create your IFM on a DNS Server. If you want to copy the SYSVOL, the DC on which you generate the installation media and the new DC must be at least running Windows Server 2008 with Service Pack 2 or Windows Server 2008 R2. Membership of the Domain Admins group is the minimum required to complete IFM.