Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.Server1 contains a virtual machine named VM1 that runs Windows Server 2012 R2.
You need to ensure that a user named User1 can install Windows features on VM1. The solution must minimize the number of permissions assigned to User1.
To which group should you add User1?
A. Hyper-V Administrators on Server1
B. Administrators on VM1
C. Server Operators on Server1
D. Power Users on VM1
Answer: B
Explanation:
The user has to be an administrator on VM1 to be able to install features.
In Windows Server 2012 R2, the Server Manager console and Windows PowerShell-cmdlets for
Server Manager allow installation of roles and features to local or remote servers, or offline
virtual hard disks (VHDs).
You can install multiple roles and features on a single remote server or offline VHD in a
single Add Roles and Features Wizard or Windows PowerShell session. You must be
logged on to a server as an administrator to install or uninstall roles, role services, and
features. If you are logged on to the local computer with an account that does not have
administrator rights on your target server, right-click the target server in the Servers tile,
and then click Manage As to provide an account that has administrator rights. The server
on which you want to mount an offline VHD must be added to Server Manager, and you
must have Administrator rights on that server.
References:
Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 10:
Implementing Group Policy, p.539
Q2. - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2.
You plan to enable Hyper-V Network Virtualization on Server1.
You need to install the Windows Network Visualization Filter Driver on Server1.
Which Windows PowerShell cmdlet should you run?
A. Set-NetVirtualizationGlobal
B. Enable-NetAdapterBinding
C. Add - WindowsFeature
D. Set-NetAdapterVmq
Answer: B
Explanation:
Hyper-V Network Virtrtualization runs multiple virtual networks on a physical network. And each virtual network operates as if it is running as a physical network. The Set-NetAdaptercmdlet sets the basic properties of a network adapter such as virtual LAN (VLAN) identifier (ID) and MAC address. Thus if you add the binding parameter to the command then you will be able to install the Windows Network Virtualization Filter Driver. Step one: Enable Windows Network Virtualization (WNV). This is a binding that is applied to the NIC that you External Virtual Switch is bound to. This can be a physical NIC, it can be an LBFO NIC team. Either way, it is the network adapter that your External Virtual Switch uses to exit the server. This also means that if you have multiple virtual networks or multiple interfaces that you can pick and choose and it is not some global setting. If you have one External Virtual Switch this is fairly easy: $vSwitch = Get-VMSwitch -SwitchType External # Check if Network Virtualization is bound # This could be done by checking for the binding and seeing if it is enabled ForEach-Object -InputObject $vSwitch { if ((Get-NetAdapterBinding -ComponentID "ms_netwnv" -InterfaceDescription $_.NetAdapterInterfaceDescription).Enabled -eq $false){ # Lets enable it Enable-NetAdapterBinding -InterfaceDescription $_.NetAdapterInterfaceDescription -ComponentID "ms_netwnv"}}
Q3. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a DHCP server named Server1that runs Windows Server 2012 R2.
You create a DHCP scope named Scope1. The scope has a start address of 192168.1.10, an end address of 192.168.1.50, and a subnet mask of 255.255.255.192.
You need to ensure that Scope1 has a subnet mask of 255.255.255.0. What should you do first?
A. From Windows PowerShell, run the Remove-DhcpServerv4PolicyIPRange cmdlet.
B. From the DHCP console, modify the Scope Options of Scope1.
C. From Windows PowerShell, run the Remove-DhcpServerv4Scope cmdlet.
D. From Windows PowerShell, run the Set-DhcpServerv4Scope cmdlet.
Answer: C
Explanation:
. Set-DhcpServerv4Scope Sets the properties of an existing IPv4 scope on the Dynamic Host Configuration Protocol (DHCP) server service.
. Syntax: Parameter Set: WithoutRange Set-DhcpServerv4Scope [-ScopeId] <IPAddress> [-ActivatePolicies <Boolean> ] [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-Delay <UInt16> ] [-Description <String> ] [-LeaseDuration <TimeSpan> ] [-MaxBootpClients <UInt32> ] [-Name <String> ] [-NapEnable <Boolean> ] [-NapProfile <String> ] [-PassThru] [-State <String> ] [-SuperscopeName <String> ] [-ThrottleLimit <Int32> ] [-Type <String> ] [-Confirm] [-WhatIf] [ <CommonParameters>] Parameter Set: WithRange Set-DhcpServerv4Scope [-ScopeId] <IPAddress> -EndRange <IPAddress> -StartRange <IPAddress> [-ActivatePolicies <Boolean> ] [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-Delay <UInt16> ] [-Description <String> ] [-LeaseDuration <TimeSpan> ] [-MaxBootpClients <UInt32> ] [-Name <String> ] [-NapEnable <Boolean> ] [-NapProfile <String> ] [-PassThru] [-State <String> ] [-SuperscopeName <String> ] [-ThrottleLimit <Int32> ] [-Type <String> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Q4. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a server named Server1.
You install the Windows PowerShell Web Access gateway on Server1.
You need to provide administrators with the ability to manage the servers in the domain by using the Windows PowerShell Web Access gateway.
Which two cmdlets should you run on Server1? (Each correct answer presents part of the solution. Choose two.)
A. Set-WSManQuickConfig
B. Set-WSManInstance
C. Add-PswaAuthorizationRule
D. Set-BCAuthentication
E. Install-PswaWebApplication
Answer: C,E
Explanation:
A. Configures the local computer for remote management.
B. Modifies the management information that is related to a resource.
C. Adds a new authorization rule to the Windows PowerShell Web Access authorization rule set.
D. Specifies the BranchCache computer authentication mode.
E. Configures the Windows PowerShell . Web Access web Application in IIS.
Q5. - (Topic 2)
Your network contains an Active Directory domain named contoso.com.
You log on to a domain controller by using an account named Admin1. Admin1 is a member of the Domain Admins group.
You view the properties of a group named Group1 as shown in the exhibit. (Click the Exhibit button.)
Group1 is located in an organizational unit (OU) named OU1.
You need to ensure that you can modify the Security settings of Group1 by using Active Directory Users and Computers.
What should you do from Active Directory Users and Computers?
A. From the View menu, select Users, Contacts, Groups, and Computers as containers.
B. Right-click OU1 and select Delegate Control
C. From the View menu, select Advanced Features
D. Right-click contoso.com and select Delegate Control.
Answer: C
Explanation:
From ADUC select view toolbar then select advanced features. When you open up the ADUC in a default installation of Active Directory, you are only presented with the basic containers. These basic containers include the only organizational unit (OU), which is the Domain Controllers OU, as wellas the other containers such as Users and Computers. To see more in-depth containers, you need to configure the ADUC by going to the View option on the toolbar, then selecting Advanced Features. This will refresh the view within the ADUC and add some new containers. There are no hidden (or Advanced) OUs that will show up when you configure the ADUC in this way.
Q6. - (Topic 1)
You have a print server named Server1 that runs Windows Server 2012 R2.
You discover that when there are many pending print jobs, the system drive occasionally
runs out of free space.
You add a new hard disk to Server1.You create a new NTFS volume.
You need to prevent the print jobs from consuming disk space on the system volume.
What should you modify?
A. The properties on the new volume
B. The properties of the Print Spooler service
C. The Print Server Properties
D. The properties of each shared printer
Answer: C
Explanation:
Windows spools print jobs by default to the following directory as they are processed:
%SystemRoot%\SYSTEM32\SPOOL\PRINTERS.
It is possible for the administrator of a Windows print server to manually instruct Windows
the location for placing the spool files, if for example there is a concern for disk space.
Q7. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. The domain contains a virtual machine named VM1.
A developer wants to attach a debugger to VM1.
You need to ensure that the developer can connect to VM1 by using a named pipe.
Which virtual machine setting should you configure?
A. BIOS
B. Network Adapter
C. COM 1
D. Processor
Answer: C
Explanation:
Named pipe. This option connects the virtual serial port to a Windows named pipe on the host operating system or a computer on the network. A named pipe is a portion of memory that can be used by one process to pass information to another process, so that the output of one is the input of the other. The second process can be local (on the same computer as the first) or remote (on a networked computer). For example, a local named pipe path could be \\.\pipe\mypipename. Named pipes can be used to create a virtual null modem cable between two virtual machines, or between a virtual machine and a debugging program on the host operating system that supports the use of named pipes. By connecting two virtual serial ports to the same named pipe, you can create a virtual null modem cable connection. Named pipes are useful for debugging or for any program that requires a null modem connection.
Named pipes can be used to connect to a virtual machine by configuring COM 1.
References: http://support.microsoft.com/kb/819036 http://support.microsoft.com/kb/141709
Q8. DRAG DROP - (Topic 2)
You are configuring a test network. The test network contains a subnet named LAN1. LAN1 uses the network ID of 10.10.1.0/27.
You plan to add a new subnet named LAN2 to the test network.
LAN1 and LAN2 will be connected by a router.
You need to identify a valid network ID for LAN2 that meets the following requirements: Ensures that hosts on LAN2 can communicate with hosts on LAN1. Supports at least 100 IPv4 hosts. Uses only private IP addresses. Which network ID should you use?
To answer, drag the appropriate network ID and subnet mask to the correct location in the answer area.
Answer:
Q9. - (Topic 2)
Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Server1 and a domain controller named DC2.All servers run Windows Server 2012 R2.
On DC2, you open Server Manager and you add Server1 as another server to manage.
From Server Manager on DC2, you right-click Server1 as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that when you right-click Server1, you see the option to run the DHCP console.
What should you do?
A. In the domain, add DC2 to the DHCP Administrators group.
B. On Server1, install the Feature Administration Tools
C. On DC2 and Server1, run winrmquickconfig.
D. On DC2, install the Role Administration Tools.
Answer: D
Reference: http://technet.microsoft.com/en-us/library/ee441255(v=ws.10).aspx
Q10. - (Topic 1)
You have a server named Server1 that runs Windows Server 2012 R2.Server1 has six network adapters. Two of the network adapters are connected to a network named LAN1, two of the network adapters are connected to a network named LAN2, and two of the network adapters are connected to a network named LAN3.
You create a network adapter team named Team1 from the two adapters connected to LAN1. You create a network adapter team named Team2 from the two adapters connected to LAN2.
A company policy states that all server IP addresses must be assigned by using a reserved address in DHCP.
You need to identify how many DHCP reservations you must create for Server1.
How many reservations should you identify?
A. 3
B. 4
C. 6
D. 8
Answer: B
Explanation:
1 for each NIC Team (2 total) and 1 for each non-teamed NIC (2 total) -> 4 total IP addresses are required.
Q11. HOTSPOT - (Topic 1)
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008 R2 or Windows Server 2012 R2. All client computers run Windows 8.
All computer accounts are located in an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) that contains several AppLocker rules. You link
the GPO to OU1.
You need to ensure that the AppLocker rules apply to all of the client computers.
What should you configure in the GPO?
To answer, select the appropriate service in the answer area.
Answer:
Q12. - (Topic 3)
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and corp.contoso.com. All domain controllers run Windows Server 2012 R2 and are configured as global catalog servers. The corp.contoso.com domain contains a domain controller named DC1.
You need to disable the global catalog on DC1.
What should you do?
A. From Active Directory Users and Computers, modify the properties of the DC1 computer account.
B. From Active Directory Administrative Center, modify the properties of the DC1 computer account.
C. From Active Directory Sites and Services, modify the NTDS Settings of the DC1 server object.
D. From Active Directory Domains and Trusts, modify the properties of the corp.contoso.com domain.
Answer: C
Explanation:
To add or remove the global catalog
Open Active Directory Sites and Services. To open Active Directory Sites and Services,
click Start, click Administrative Tools, and then click Active Directory Sites and Services.
To open Active Directory Sites and Services in Windows Server. 2012, click Start, type
dssite.msc.
In the console tree, click the server object to which you want to add the global catalog or
from which you want to remove the global catalog.
Where?
Active Directory Sites and Services\Sites\SiteName\Servers
In the details pane, right-click NTDS Settings of the selected server object, and then click
Properties.
Select the Global Catalog check box to add the global catalog, or clear the check box to
remove the global catalog.
Q13. - (Topic 3)
On Server1, you plan to create an inbound firewall rule that contains the following settings:
Allows inbound connections to an application named App1.exe
Applies to the domain profile
Overrides any block rules
You need to identify the minimum information required to create the rule.
Which two pieces of information should you identify? Each correct answer presents part of the solution.
A. the list of computers that are authorized to use the application
B. the list of Active Directory users who are authorized to use the application
C. the hash of the application
D. the name of the IPSec policies that apply to Server1
E. the local path of the application
Answer: A,E
Q14. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.Client computers run either Windows 7 or Windows 8.
All of the computer accounts of the client computers reside in an organizational unit (OU) named Clients. A Group Policy object (GPO) named GPO1 is linked to the Clients OU. All of the client computers use a DNS server named Server1.
You configure a server named Server2 as an ISATAP router. You add a host (A) record for ISATAP to the contoso.com DNS zone.
You need to ensure that the client computers locate the ISATAP router.
What should you do?
A. Run the Set-DnsServerGlobalQueryBlockList cmdlet on Server1.
B. Configure the Network Options Group Policy preference of GPO1.
C. Run the Add-DnsServerResourceRecord cmdlet on Server1.
D. Configure the DNS Client Group Policy setting of GPO1.
Answer: A
Explanation:
The Set-DnsServerGlobalQueryBlockList command will change the settings of a global query block list which you can use to ensure that client computers locate the ISATAP router.
Windows Server 2008 introduced a new feature, called “Global Query Block list”, which prevents some arbitrary machine from registering the DNS name of WPAD. This is a good security feature, as it prevents someone from just joining your network, and setting himself up as a proxy. The dynamic update feature of Domain Name System (DNS) makes it possible for DNS client computers to register and dynamically update their resource records with a DNS server whenever a client changes its network address or host name. This reduces the need for manual administration of zone records. This convenience comes at a cost, however, because any authorized client can register any unused host name, even a host name that might have special significance for certain Applications. This can allow a malicious user to take over a special name and divert certain types of network traffic to that user’s computer. Two commonly deployed protocols are particularly vulnerable to this type of takeover: the Web Proxy Automatic Discovery Protocol (WPAD) and the Intra-site Automatic Tunnel Addressing Protocol (ISATAP). Even if a network does not deploy these protocols, clients that are configured to use them are vulnerable to the takeover that DNS dynamic update enables. Most commonly, ISATAP hosts construct their PRLs by using DNS to locate a host named isatap on the local domain. For example, if the local domain is corp.contoso.com, an ISATAP-enabled host queries DNS to obtain the IPv4 address of a host named isatap.corp.contoso.com. In its default configuration, the Windows Server 2008 DNS Server service maintains a list of names that, in effect, it ignores when it receives a query to resolve the name in any zone for which the server is authoritative. Consequently, a malicious user can spoof an ISATAP router in much the same way as a malicious user can spoof a WPAD server: A malicious user can use dynamic update to register the user’s own computer as a counterfeit ISATAP router and then divert traffic between ISATAP-enabled computers on the network. The initial contents of the block list depend on whether WPAD or ISATAP is already deployed when you add the DNS server role to an existing Windows Server 2008 deployment or when you upgrade an earlier version of Windows Server running the DNS Server service. Add-DnsServerResourceRecord – The Add-DnsServerResourceRecordcmdlet adds a resource record for a Domain Name System (DNS) zone on a DNS server. You can add different types of resource records. Use different switches for different record types. By using this cmdlet, you can change a value for a record, configure whether a record has a time stamp, whether any authenticated user can update a record with the same owner name, and change lookup timeout values, Windows Internet Name Service (WINS) cache settings, and replication settings. Set-DnsServerGlobalQueryBlockList – The Set-DnsServerGlobalQueryBlockListcmdlet changes settings of a global query block list on a Domain Name System (DNS) server. This cmdlet replaces all names in the list of names that the DNS server does not resolve with the names that you specify. If you need the DNS server to resolve names such as ISATAP and WPAD, remove these names from the list. Web Proxy Automatic Discovery Protocol (WPAD) and Intra-site Automatic Tunnel Addressing Protocol (ISATAP) are two commonly deployed protocols that are particularly vulnerable to hijacking.
References: Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 4: Deploying domain controllers, Lesson 4: Configuring IPv6/IPv4 Interoperability, p. 254-256 http://technet.microsoft.com/en-us/library/jj649942(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649876(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649874.aspx http://technet.microsoft.com/en-us/library/jj649909.aspx
Q15. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of two Active Directory forests, named Contoso.com and test.com. There is no trust relationship configured between the forests.
A backup of Group Policy object (GPO) from the test.com domain is stored on a domain controller in the Contoso.com domain.
You are informed that a GPO must be created in the Contoso.com domain, and must be based on the settings of the GPO in the test.com domain.
You start by creating the new GPO using the New-GPO Windows PowerShell cmdlet. You want to complete the task via a Windows PowerShell cmdlet.
Which of the following actions should you take?
A. You should consider making use of the Invoke-GPUpdate Windows PowerShell cmdlet.
B. You should consider making use of the Copy-GPO Windows PowerShell cmdlet.
C. You should consider making use of the New-GPLink Windows PowerShell cmdlet.
D. You should consider making use of the Import-GPO Windows PowerShell cmdlet.
Answer: D
Explanation:
Import-GPO -Imports the Group Policy settings from a backed-up GPO into a specified GPO.