Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 3)
Your company has a remote office that contains 1,600 client computers on a single subnet. You need to select a subnet mask for the network that will support all of the client
computers. The solution must minimize the number of unused addresses. Which subnet mask should you select?
A. 255.255.248.0
B. 255.255.252.0
C. 255.255.254.0
D. 255.255.240.0
Answer: A
Q2. - (Topic 2)
Your network contains an Active Directory domain named contoso.com.
An organizational unit (OU) named OU1 contains user accounts and computer accounts.
A Group Policy object (GPO) named GP1 is linked to the domain.GP1 contains Computer Configuration settings and User Configuration settings.
You need to prevent the User Configuration settings in GP1 from being applied to users. The solution must ensure that the Computer Configuration settings in GP1 are applied to all client computers.
What should you configure?
A. The GPO Status
B. The Block Inheritance feature
C. The Group Policy loopback processing mode
D. The Enforced setting
Answer: C
Explanation:
A loopback with merge option needs to be used.
Q3. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains 500 servers that run Windows Server 2012 R2.
You have a written security policy that states the following:
Only required ports must be open on the servers.
All of the servers must have Windows Firewall enabled.
Client computers used by administrators must be allowed to access all of the ports
on all of the servers.
Client computers used by the administrators must be authenticated before the
client computers can access the servers.
You have a client computer named Computer1 that runs Windows 8.
... .
You need to ensure that you can use Computer1 to access all of the ports on all of the servers successfully. The solution must adhere to the security policy.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. On Computer1, create a connection security rule.
B. On all of the servers, create an outbound rule and select the Allow the connection if it is secure option.
C. On all of the servers, create an inbound rule and select the Allow the connection if it is secure option.
D. On Computer1, create an inbound rule and select the Allow the connection if it is secure option.
E. On Computer1, create an outbound rule and select the Allow the connection if it is secure option.
F. On all of the servers, create a connection security rule.
Answer: A,C,F
Explanation:
Unlike firewall rules, which operate unilaterally, connection security rules require that both
communicating computers have a policy with connection security rules or another
compatible IPsec policy.
Traffic that matches a firewall rule that uses the Allow connection if it is secure setting
bypasses Windows Firewall. The rule can filter the traffic by IP address, port, or protocol.
This method is supported on Windows Vista or Windows Server 2008.
References:
http://technet.microsoft.com/en-us/library/cc772021.aspx
http://technet.microsoft.com/en-us/library/cc753463.aspx
Q4. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server 1. Server1 runs Windows Server 2012 R2 and has the DHCP Server server role installed.
You create two IPv4 scopes on Server1. The scopes are configured as shown in the following table.
The DHCP clients in Subnet_Tor can connect to the client computers in Subnet_Mtl by using an IP address or a FQDN. You discover that the DHCP clients in Subnet_Mtl can connect to client computers in Subnet_Tor by using an IP address only.
You need to ensure that the DHCP clients in both subnets can connect to any other DHCP client by using a FQDN.
What should you add?
A. The 006 DNS Servers option to Subnet_Mtl
B. The 006 DNS Servers option to Subnet_Tor
C. The 015 DNS Domain Name option to Subnet_Mtl
D. The 015 DNS Domain Name option to Subnet_Tor
Answer: A
Q5. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
Contoso.com has a server, named ENSUREPASS-SR13. ENSUREPASS-SR13 hosts a shared folder, named ENSUREPASSShare, which has been shared as ENSUREPASSShare$.
Which of the following is TRUE with regards to sharing the folder in this manner?
A. It allows all users to view ENSUREPASSShare when browsing the network.
B. It prevents users from viewing ENSUREPASSShare when browsing the network.
C. It only allows ENSUREPASS-SR13’s users to view ENSUREPASSShare.
D. It removes the permissions configured for ENSUREPASSShare.
Answer: B
Q6. - (Topic 2)
Your company has a main office and four branch offices. The main office contains a server named Server1 that runs Windows Server 2012 R2.
The IP configuration of each office is configured as shown in the following table.
You need to add a single static route on Server1 to ensure that Server1 can communicate with the hosts on all of the subnets.
Which command should you run?
A. route.exe add -p 10.10.0.0 mask 255.255.252.0 10.10.0.1
B. route.exe add -p 172.16.16.0 mask 255.255.252.0 10.10.0.1
C. route.exe add -p 10.10.0.0 mask 255.255.252.0 172.16.0.0
D. route.exe add -p 172.16.18.0 mask 255.255.252.0 10.10.0.1
Answer: B
Explanation:
These parameters will allow communication with all the hosts.
References:
Exam Ref: 70-410: Installing and Configuring Windows Server 2012 R2, Chapter4:
Deploying and configuring core network services, Objective 4.1: Configure IPv4 and IPv6
addressing, p.192, 196
Q7. - (Topic 3)
Your infrastructure divided in 2 sites. You have a forest root domain and child domain. There is only one DC on site 2 with no FSMO roles. The link goes down to site 2 and no users can log on. What FSMO roles you need on to restore the access?
A. Infrastructure master
B. RID master
C. Domain Naming master
D. PDC Emulator
Answer: D
Explanation:
D. The PDC emulator is used as a reference DC to double-check incorrect passwords and it also receives new password changes. PDC Emulator is the most complicated and least understood role, for it runs a diverse range of critical tasks. It is a domain-specific role, so exists in the forest root domain and every child domain. Password changes and account lockouts are immediately processed at the PDC Emulator for a domain, to ensure such changes do not prevent a user logging on as a result of multi-master replication delays, such as across Active Directory sites.
Q8. - (Topic 3)
Your network contains an Active Directory domain named contoso.com.
You have a Group Policy object (GPO) named GPO1 that contains several user settings.
GPO1 is linked to an organizational unit (OU) named OU1.
The help desk reports that GPO1 applies to only some of the users in OU1.
You open Group Policy Management as shown in the exhibit. (Click the Exhibit button.)
You need to configure GPO1 to apply to all of the users in OU1.
What should you do?
A. Modify the Security settings of GPO1.
B. Disable Block Inheritance on OU1.
C. Modify the GPO status of GPO1.
D. Enforce GPO1.
Answer: A
Explanation:
Inheritance is blocked, but that would only affect policies applied ABOVE the given OU, not
the one applied directly to it (as is the case with GPO1). Also Enforcing a policy is only going to cause it to be applied even when inheritance is blocked (which, as mentioned, does not make a difference on policies which are directly linked to the OU as a child). That means that there must be something in the security settings (such as a Security Group which does not have the “read” or “Apply group policy” permission) preventing ALL of the users in OU1 from having the policy applied. (GPO status is the status of its replication within the forest, so it is not relevant here.)
Q9. - (Topic 3)
You are attempting to delete a global security group in the Active Directory Users and Computers console, and the console will not let you complete the task.
Which of the following could possibly be causes for the failure? (Choose all answers that are correct.)
A. There are still members in the group.
B. One of the group’s members has the group set as its primary group.
C. You do not have the proper permissions for the container in which the group is located.
D. You cannot delete global groups from the Active Directory Users and Computers console.
Answer: B,C
Explanation:
A. Incorrect: It is possible to delete a group that has members.
B. Correct: If any member sets the group as its primary group, then the system does not permit the group to be deleted.
C. Correct: You must have the appropriate Active Directory permissions for the container in which the group is located to delete it.
D. Incorrect: It is possible to delete groups using the Active Directory Users and Groups console.