Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 3)
Your network contains an Active Directory forest named contoso.com. The forest contains a child domain named europe.contoso.com. The europe.contoso.com child domain
contains a server named Server1 that runs Windows Server 2012 R2. You install the DHCP Server server role on Server1. You have access to the administrative accounts shown in the following table.
A. Admin1
B. Admin2
C. Admin3
D. Admin4
Answer: D
Explanation:
A. Local account can’t be used
B. Authorization needs to happen in contoso.com and must be an Ent Admin
C. Authorization needs to happen in contoso.com and must be an Ent Admin
D. Correct domain and is a member of Ent Admin’s
Q2. - (Topic 2)
Your network contains a production Active Directory forest named contoso.com and a test Active Directory forest named contoso.test. A trust relationship does not exist between the forests.
In the contoso.test domain, you create a backup of a Group Policy object (GPO) named GPO1.
You transfer the backup of GPO1 to a domain controller in the contoso.com domain.
You need to create a GPO in contoso.com based on the settings of GPO1.You must achieve this goal by using the minimum amount of Administrative effort.
What should you do?
A. From Windows PowerShell, run the Get- GPO cmdlet and the Copy- GPO cmdlet.
B. From Windows PowerShell, run the New- GPO cmdlet and the Import- GPO cmdlet.
C. From Group Policy Management, create a new starter GPO. Right-click the new starter GPO, and then click Restore from Backup.
D. From Group Policy Management, right-click the Croup Policy Objects container, and then click Manage Backups.
Answer: B
Explanation:
A. Copy-GPO requires domain trust / copy from one domain to another domain within the same forest.
B. The Import-GPO cmdlet imports the settings from a GPO backup into a specified target GPO. The target GPO can be in a different domain or forest than that from which the backup was made and it does not have to exist prior to the operation.
C. This would create a starter GPO, not a GPO.
D: You can also restore GPOs. This operation takes a backed-up GPO and restores it to the same domain from rom the GPO’s original which it was backed up. You cannot restore a GPO from backup into a domain different f domain. The New-GPO cmdlet creates a new GPO with a specified name. By default, the newly created GPO is not linked to a site, domain, or organizational unit (OU). The Import-GPO cmdlet imports the settings from a GPO backup into a specified target GPO. The target GPO can be in a different domain or forest than that from which the backup was made and it does not have to exist prior to the operation. The Restore-GPO cmdlet restores a GPO backup to the original domain from which it was saved. If the original domain is not available, or if the GPO no longer exists in the domain, the cmdlet fails.
Since the GPO’s original domain is different and there is no trust relationship between forests, you should execute the New-GPO command and import the already existing command into the ‘new’ domain.
Q3. - (Topic 1)
Your network contains a server named Server1 that runs Windows Server 2012
R2.Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
You need to ensure that VM1 can use more CPU time than the other virtual machines when the CPUs on Server1 are under a heavy load.
What should you configure?
A. NUMA topology
B. Resource control
C. resource metering
D. virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Answer: B
Explanation:
B. Resource controls provide you with several ways to control the way that Hyper-V allocates resources to virtual machine. Resource control in used in the event where you need to adjust the computing resources of a virtual machine, you can reconfigure the resources to meet the changing needs. You can also specify resource controls to automate how resources are allocated to virtual machines.
References:
http://technet.microsoft.com/en-us/library/cc766320(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh831410.aspx http://technet.microsoft.com/en-us/library/cc742470.aspx Exam Ref 70-410, Installing and Configuring Windows Server 2012 R2, Chapter 3: Configure Hyper-V, Objective 3.1: Create and Configure virtual machine settings, p.144 Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 7: Hyper-V Virtualization, Lesson 2: Deploying and configuring virtual machines, p.335
Q4. - (Topic 3)
You work as a senior administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
You are running a training exercise for junior administrators. You are currently discussing printer pooling.
Which of the following is TRUE with regards to printer pooling? (Choose all that apply.)
A. Printers in a pool must be of the same model, and use the same printer driver.
B. Each printer in the pool must have a different printer driver.
C. Printer ports used in the pool must be of the same type.
D. The types of printer ports used in the pool must be mixed.
E. Pooled printers appear to workstations as a single printer.
F. A minimum of three printers are required to configure a printer pool.
Answer: A,E
Explanation:
You can create a printing pool to automatically distribute print jobs to the next available printer. A printing pool is one logical printer connected to multiple printers through multiple ports of the print server. The printer that is idle receives the next document sent to the logical printer. This is useful in a network with a high volume of printing because it decreases the time users wait for their documents. A printing pool also simplifies administration because multiple printers can be managed from the same logical printer on a server.
Q5. - (Topic 3)
Your network contains an Active Directory forest that contains three domains. A group named Group1 is configured as a domain local distribution group in the forest root domain. You plan to grant Group1 read-only access to a shared folder named Share1. Share1 is located in a child domain.
You need to ensure that the members of Group1 can access Share1.
What should you do first?
A. Convert Group1 to a global distribution group.
B. Convert Group1 to a universal security group.
C. Convert Group1 to a universal distribution group.
D. Convert Group1 to a domain local security group
Answer: B
Q6. - (Topic 3)
You have a server named Server2 that runs Windows Server 2012 R2. Server2 has the Hyper-V server role installed.
The disks on Server2 are configured as shown in the exhibit. (Click the Exhibit button.)
You create a virtual machine on Server2 named VM1.
You need to ensure that you can configure a pass-through disk for VM1.
What should you do?
A. Convert Disk 1 to a basic disk.
B. Take Disk 1 offline.
C. Create a partition on Disk 1.
D. Convert Disk 1 to a MBR disk.
Answer: B
Explanation:
Pass-through Disk Configuration Hyper-V allows virtual machines to access storage mapped directly to the Hyper-V server without requiring the volume be configured. The storage can either be a physical disk internal to the Hyper-V server or it can be a Storage Area Network (SAN) Logical Unit (LUN) mapped to the Hyper-V server. To ensure the Guest has exclusive access to the storage, it must be placed in an Offline state from the Hyper-V server perspective
Q7. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
A user named User1 attempts to log on to DC1, but receives the error message shown in the exhibit. (Click the Exhibit button.)
You need to ensure that User1 can log on to DC1. What should you do?
A. Add User1 to the Remote Management Users group.
B. Grant User1 the Allow log on locally user right.
C. Modify the Logon Workstations setting of the User1 account.
D. Modify the Account is sensitive and cannot be delegated setting of the User1 account.
Answer: B
Explanation:
Domain controllers, by default, restrict the types of user accounts that have the ability to log on locally.
References: Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2, Chapter 6: Create and Manage Group Policy, Objective 6.2: Configure Security Policies, p. 321 Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2, Chapter 2: Configure server roles and features, Objective 2.3: Configure servers for remote management, p. 114
http://technet.microsoft.com/en-us/library/ee957044(v=ws.10).aspx
Q8. - (Topic 1)
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and three global security groups named Group1, Group2 and, Group3.
You need to add User1 to Group1, Group2, and Group3.
Which cmdlet should you run?
A. Add-AdPrincipalGroupMembership
B. Install-AddsDomainController
C. Install-WindowsFeature
D. Install-AddsDomain
E. Rename-AdObject
F. Set-AdAccountControl
G. Set-AdGroup
H. Set-User
Answer: A
Explanation:
The Add-ADPrincipalGroupMembershipcmdlet adds a user, group, service account, or computer as a new member to one or more Active Directory groups.
References:
http://technet.microsoft.com/en-us/library/ee617203.aspx http://technet.microsoft.com/en-us/library/hh974723.aspx
Q9. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
Server2 establishes an IPSec connection to Server1.
You need to view which authentication method was used to establish the initial IPSec connection.
What should you do?
A. From Windows Firewall with Advanced Security, view the quick mode security association.
B. From Event Viewer, search the Application Log for events that have an ID of 1704.
C. From Event Viewer, search the Security Log for events that have an ID of 4672.
D. From Windows Firewall with Advanced Security, view the main mode security association.
Answer: D
Explanation:
Main mode negotiation establishes a secure channel between two computers by determining a set of cryptographic protection suites, exchanging keying material to establish a shared secret key, and authenticating computer and user identities. A security association (SA) is the information maintained about that secure channel on the local computer so that it can use the information for future network traffic to the remote computer. You can monitor main mode SAs for information like which peers are currently connected to this computer and which protection suite was used to form the SA. To get to this view In the Windows Firewall with Advanced Security MMC snap-in, expand Monitoring, expand Security Associations, and then click Main Mode. The following information is available in the table view of all main mode SAs. To see the information for a single main mode SA, double-click the SA in the list. Main mode SA information You can add, remove, reorder, and sort by these columns in the Results pane: Local Address: The local computer IP address. Remote Address: The remote computer or peer IP address. 1st Authentication Method: The authentication method used to create the SA. 1st Authentication Local ID: The authenticated identity of the local computer used in first authentication. 1st Authentication Remote ID: The authenticated identity of the remote computer used in first authentication.
2nd Authentication Method: The authentication method used in the SA.
2nd Authentication Local ID: The authenticated identity of the local computer used in
second authentication.
2nd Authentication Remote ID: The authenticated identity of the remote computer used in
second authentication.
Encryption: The encryption method used by the SA to secure quick mode key exchanges.
Integrity: The data integrity method used by the SA to secure quick mode key exchanges.
Key Exchange: The Diffie-Hellman group used to create the main mode SA.
: http://technet.microsoft.com/en-us/library/dd448497(v=ws.10).aspx
Q10. - (Topic 3)
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
On a server named Core1, you perform a Server Core Installation of Windows Server 2012 R2.You join Core1 to the adatum.com domain.
You need to ensure that you can use Event Viewer on Server1 to view the event logs on Core1.
What should you do on Core1?
A. Run the Enable-NetFirewallRule cmdlet.
B. Run the Disable-NetFirewallRule cmdlet.
C. Install Windows Management Framework.
D. Install Remote Server Administration Tools (RSAT).
Answer: A
Explanation:
Event Viewer is a DCOM service which you can enable by either using sconfig to configure remote management or, if you only wish to change the firewall rule for DCOM, enabling the DCOM inbound firewall rule via PowerShell or Windows Firewall with Advanced Security.
Q11. DRAG DROP - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs a Server Core installation of Windows Server 2012 R2.
You install the DNS Server server role on Server1.
You need to perform the following configurations on Server1:
. Create an Active Directory-integrated zone named adatum.com. . Send unresolved DNS client queries for other domain suffixes to the DNS server of your company's Internet Service Provider (ISP).
Which Windows PowerShell cmdlets should you use?
To answer, drag the appropriate cmdlet to the correct configuration in the answer area. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q12. HOTSPOT - (Topic 3)
Your network contains a server named Server1 that runs Windows Server 2012 R2. App1
has the Print and Document Services server role installed.
All client computers run Windows 8.
The network contains a network-attached print device named Printer1.
From App1, you share Printer1.
You need to ensure that users who have connected to Printer1 previously can print to
Printer1 if App1 fails.
What should you configure? To answer, select the appropriate option in the answer area.
Answer:
Q13. - (Topic 3)
Your network contains an Active Directory forest named contoso.com. The forest contains a child domain named corp.contoso.com.
The network has Microsoft Exchange Server 2010 deployed.
You need to create a mail-enabled distribution group.
Which type of group should you create?
A. Global
B. Local
C. Domain local
D. Universal
Answer: D
Explanation:
Universal groups Groups that are used to grant permissions on a wide scale throughout a
domain tree or forest. Members of global groups include accounts and groups from any
domain in the domain tree or forest.
Microsoft Exchange Server 2007: Implementation and Administration. By Jim McBee,
Benjamin Craig page 248: Only universal groups should be used as mail-enabled groups.
Q14. - (Topic 2)
You have a server named Server1 that runs Windows Server 2012 R2.
You connect three new hard disks to Server1.
You need to create a storage space that contains the three disks.
The solution must meet the following requirements:
. Provide fault tolerance if a single disk fails.
. Maximize the amount of files that can be stored in the storage space.
What should you create?
A. A simple space
B. A spanned volume
C. A mirrored space
D. A parity space
Answer: D
Explanation:
A. Stripes data across a set of pool disks, and is not resilient to any disk failures.
B. A spanned volume is a dynamic volume consisting of disk space on more than one physical disk and not fault tolerant
C. Fault tolerant but Not max space
D. Fault tolerant and better space ratio Parity spaces are designed for capacity efficiency and increased resiliency. Parity spaces are best suited for archival data and streaming media, such as music and videos.
Q15. - (Topic 3)
You work as an administrator at ABC.com. The ABC.com network consists of a single domain named ABC.com. All servers in the ABC.com domain, including domain controllers, have Windows Server 2012 R2 installed.
You have installed the DNS Server Role on an ABC.com server, named ABC-SR13. ABC.com’s workstations make use of a web proxy to access the Internet, and refer to ABC-SR13 as a primary DNS server.
You have been instructed to make sure that Internet host names for ABC.com’s workstations are not resolved by ABC-SR13.
Which of the following actions should you take?
A. You should consider configuring a primary zone on ENSUREPASS-SR13.
B. You should consider configuring a secondary zone on ENSUREPASS-SR13.
C. You should consider configuring a reverse lookup zone on ENSUREPASS-SR13.
D. You should consider configuring a forward lookup zone on ENSUREPASS-SR13.
Answer: A