Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 2)
Your network contains an Active Directory domain named contoso.com.
An administrator provides you with a file that contains the information to create user accounts for 200 temporary employees. The file is shown in the exhibit. (Click the Exhibit button.)
You need to automate the creation of the user accounts. You must achieve this goal by using the minimum amount of administrative effort.
Which tool should you use?
A. Ldifde
B. csvde
C. Dsadd
D. Net user
Answer: B
Explanation:
csvde – Imports and exports data from Active Directory Domain Services (AD DS) using files that store data in the comma-separated value (CSV) format. You can also support batch operations based on the CSV file format standard. Net user – Adds or modifies user accounts, or displays user account information. Ldifde – Creates, modifies, and deletes directory objects. You can also use ldifde to extend the schema, export Active Directory user and group information to other applications or services, and populate Active Directory Domain Services (AD DS) with data from other directory services. Dsadd – Adds specific types of objects to the directory.
csvde.exe is the best option to add multiple users. As you just need to export the excel
spreadsheet as a .csv file and make sure the parameters are correct.
You can use Csvde to import and export Active Directory data that uses the comma-
separated value format.
Use a spreadsheet program such as Microsoft Excel to open this .csv file and view the
header and value information.
References:
Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2: Chapter 5: Install
and administer Active Directory, Objective 5.2: Create and Manage Active Directory Users
and Computers, p. 269
Q2. - (Topic 3)
You have a server named Server1 that runs a Server Core installation of Windows Server 2012 R2 Standard. You establish a Remote Desktop session to Server1.
You need to identify which task can be performed on Server1 from within the Remote Desktop session.
What should you identify?
A. Install a feature by using Server Manager.
B. Modify the network settings by using Sconfig.
C. Disable services by using Msconfig.
D. Join a domain by using the System Properties.
Answer: B
Explanation:
In Windows Server 2012 R2, you can use the Server Configuration tool (Sconfig.cmd) to configure and manage several common aspects of Server Core installations. You must be a member of the Administrators group to use the tool. Sconfig.cmd is available in the Minimal Server Interface and in Server with a GUI mode.
References: http://technet.microsoft.com/en-us/library/jj647766.aspx Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 2: Deploying servers, p. 80
Q3. - (Topic 3)
You perform a Server Core Installation of window Server 2012 R2 on server named Server1.
You need to add a graphical user interface (GUI) to server1. Which tool should you use?
A. the Add-WindowsFeature cmdlet
B. the Install-Module cmdlet
C. the setup.exe command
D. the Add-WindowsPackage cmdlet
Answer: A
Q4. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the File and Storage Services server role installed.
On Server1, you create a share named Documents.
You need to ensure that users can recover files that they accidently delete from Documents.
What should you do?
A. Enable shadow copies by using Computer Management.
B. Create a storage pool that contains a two-way mirrored volume by using Server Manager.
C. Modify the Startup type of the Volume Shadow Copy Service (VSS) by using the Services console.
D. Create a recovery partition by using Windows Assessment and Deployment Kit (Windows ADK).
Answer: A
Explanation:
If you enable Shadow Copies of Shared Folders on a volume using the default values, a task will be scheduled to create shadow copies at 7:00 A.M of next business day. The default storage area will be on the same volume, and its size will be 10 percent of the available space. You can only enable Shadow Copies of Shared Folders on a per-volume basis–that is, you cannot select specific shared folders and files on a volume to be copied or not copied.
To enable and configure Shadow Copies of Shared Folders:
1. Click Start, point to Administrative Tools, and then click Computer Management.
2. In the console tree, right-click Shared Folders, click All Tasks, and then click Configure Shadow Copies.
3. In Select a volume, click the volume that you want to enable Shadow Copies of Shared Folders for, and then click Enable.
4. You will see an alert that Windows will create a shadow copy now with the current settings and that the settings might not be appropriate for servers with high I/O loads. Click Yes if you want to continue or No if you want to select a different volume or settings.
5. To make changes to the default schedule and storage area, click Settings.
Shadow copies - a feature that provides point-in-time copies of files stored on file shares on file servers. Shadow Copies of Shared Folders allows users to view and access shadow copies, which are shared files and folders as they existed at different points of time in the past. By accessing previous versions of files and folders, users can compare versions of a file while working and recover files that were accidentally deleted or overwritten.
References: Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter
7: Hyper-V virtualization, Lesson 1: Deploying and configuring Hyper-V- hosts, p. 302
Q5. - (Topic 3)
Your network contains an Active Directory domain named contoso.com.
You have a starter Group Policy object (GPO) named GPO1 that contains more than 100
settings.
You need to create a new starter GPO based on the settings in GPO1.
You must achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Run the New-GPStarterGPO cmdlet and the Copy-GPO cmdlet.
B. Create a new starter GPO and manually configure the policy settings of the starter GPO.
C. Right-click GPO1, and then click Back Up. Create a new starter GPO. Right-click the new GPO, and then click Restore from Backup.
D. Right-click GPO1, and then click Copy. Right-click Starter GPOs, and then click Paste.
Answer: B
Explanation:
Although GPOs and Starter GPOs can both be copied, and a Starter GPO can be used to create a new GPO (as that is their purpose), an existing GPO cannot be copied to a new Starter GPO (unfortunately).
Q6. DRAG DROP - (Topic 2)
You have a server named Server1 that runs Windows Server 2012 R2.
You add a new internal SAS disk to Server1.
You need to ensure that the new disk is available to store files.
Which three cmdlets should you run in sequence?
To answer, move the appropriate three cmdlets from the list of cmdlets to the answer area
and arrange them in the correct order.
Answer:
Q7. - (Topic 2)
Your network contains a production Active Directory forest named contoso.com and a test Active Directory forest named contoso.test. A trust relationship does not exist between the forests.
In the contoso.test domain, you create a backup of a Group Policy object (GPO) named GPO1.
You transfer the backup of GPO1 to a domain controller in the contoso.com domain.
You need to create a GPO in contoso.com based on the settings of GPO1.You must achieve this goal by using the minimum amount of Administrative effort.
What should you do?
A. From Windows PowerShell, run the Get- GPO cmdlet and the Copy- GPO cmdlet.
B. From Windows PowerShell, run the New- GPO cmdlet and the Import- GPO cmdlet.
C. From Group Policy Management, create a new starter GPO. Right-click the new starter GPO, and then click Restore from Backup.
D. From Group Policy Management, right-click the Croup Policy Objects container, and then click Manage Backups.
Answer: B
Explanation:
A. Copy-GPO requires domain trust / copy from one domain to another domain within the same forest.
B. The Import-GPO cmdlet imports the settings from a GPO backup into a specified target GPO. The target GPO can be in a different domain or forest than that from which the backup was made and it does not have to exist prior to the operation.
C. This would create a starter GPO, not a GPO.
D: You can also restore GPOs. This operation takes a backed-up GPO and restores it to the same domain from rom the GPO’s original which it was backed up. You cannot restore a GPO from backup into a domain different f domain. The New-GPO cmdlet creates a new GPO with a specified name. By default, the newly created GPO is not linked to a site, domain, or organizational unit (OU). The Import-GPO cmdlet imports the settings from a GPO backup into a specified target GPO. The target GPO can be in a different domain or forest than that from which the backup was made and it does not have to exist prior to the operation. The Restore-GPO cmdlet restores a GPO backup to the original domain from which it was saved. If the original domain is not available, or if the GPO no longer exists in the domain, the cmdlet fails.
Since the GPO’s original domain is different and there is no trust relationship between forests, you should execute the New-GPO command and import the already existing command into the ‘new’ domain.
Q8. - (Topic 3)
You have a server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. You attach a 4-TB disk to Server1.
The disk is configured as an MBR disk. You need to ensure that you can create a 4-TB volume on the disk.
Which Diskpart command should you use?
A. Expand
B. Attach
C. Automount
D. Convert
Answer: D
Explanation:
Explanation: You can use Diskpart to convert a basic disk to a dynamic disk. The basic disk can either be empty or contain either primary partitions or logical drives. The basic disk can be a data disk or system or boot drive. A MBR file structure is only capable of 2TB maximum. The disk will have to be converted to a GPT file structure. GPT is capable of 18 exabytes volumes. Convert gpt – Converts an empty basic disk with the master boot record (MBR) partition style into a basic disk with the GUID partition table (GPT) partition style. The disk may be a basic or a dynamic disk but it must not contain any valid data partitions or volumes.
Q9. - (Topic 2)
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1.
You need to ensure that User1 can manage the group membership of Group1. The solution must minimize the number of permissions assigned to User1.
Which cmdlet should you run?
A. Add-AdPrincipalGroupMembership
B. Install-AddsDomainController
C. Install-WindowsFeature
D. Install-AddsDomain
E. Rename-AdObject
F. Set-AdAccountControl
G. Set-AdGroup
H. Set-User
Answer: G
Explanation:
The Set-ADGroup cmdlet modifies the properties of an Active Directory group. You can modify commonly used property values by using the cmdlet parameters. For example, the –ManagedBy parameter allows you to specify a user or group of users who can manage the specified AD group.
Q10. - (Topic 2)
Your network contains an Active Directory domain named adatum.com. The domain contains a member server named L0N-DC1. L0N-DC1 runs Windows Server 2012 R2 and has the DHCP Server server role installed.
The network contains 100 client computers and 50 IP phones. The computers and the phones are from the same vendor.
You create an IPv4 scope that contains addresses from 172.16.0.1 to 172.16.1.254.
You need to ensure that the IP phones receive IP addresses in the range of 172.16.1.100 to 172.16.1.200. The solution must minimize administrative effort.
What should you create?
A. Server level policies
B. Reservations
C. Filters
D. Scope level policies
Answer: D
Explanation:
The scope is already in place.
Scope level policies are typically settings that only apply to that scope. They can also
overwrite a setting that was set at the server level.
When a client matches the conditions of a policy, the DHCP server responds to the clients
based on the settings of a policy.
Settings associated to a policy can be an IP address range and/or options.
An administrator could configure the policy to provide an IP address from a specified sub-range within the overall IP address range of the scope.
You can also provide different option values for clients satisfying this policy.
Policies can be defined server wide or for a specific scope.
A server wide policy – on the same lines as server wide option values – is applicable to all
scopes on the DHCP server.
A server wide policy however cannot have an IP address range associated with it.
There a couple of ways to segregate clients based on the type of device. One way to do
this is by using vendor class/identifier.
This string sent in option 60 by most DHCP clients identify the vendor and thereby the type
of the device.
Another way to segregate clients based on device type is by using the MAC address prefix.
The first three bytes of a MAC address is called OUI and identify the vendor or
manufacturer of the device.
By creating DHCP policies with conditions based on Vendor Class or MAC address prefix,
you can now segregate the clients in your subnet in such a way, that devices of a specific
type get an IP address only from a specified IP address range within the scope. You can
also give different set of options to these clients.
In conclusion, DHCP policies in Windows Server 2012 R2 enables grouping of
clients/devices using the different criteria and delivering targeted network configuration to
them.
Policy based assignment in Windows Server 2012 R2 DHCP allows you to create simple
yet powerful rules to administer DHCP on your network.
References: Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 6: Network Administration, p.253
Q11. - (Topic 3)
Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2012 R2.
An application named Appl.exe is installed on all client computers. Multiple versions of Appl.exe are installed on different client computers. Appl.exe is digitally signed.
You need to ensure that only the latest version of Appl.exe can run on the client computers.
What should you create?
A. An application control policy packaged app rule
B. A software restriction policy certificate rule
C. An application control policy Windows Installer rule
D. An application control policy executable rule
Answer: D
Explanation:
A. A publisher rule for a Packaged app is based on publisher, name and version B. You can create a certificate rule that identifies software and then allows or does not allow the software torun, depending on the security level.
C. For .msi or .msp
D. Executable Rules, for .exe and can be based on Publisher, Product name, filename and version. Use Certificate Rules on Windows Executables for Software Restriction Policies This security setting determines if digital certificates are processed when a user or process attempts to run software with an .exe file name extension. This security settings is used to enable or disable certificate rules, a type of software restriction policies rule. With software restriction policies, you can create a certificate rule that will allow or disallow software that is signed by Authenticode to run, based on the digital certificate that is associated with the software. In order for certificate rules to take effect, you must enable this security setting. When certificate rules are enabled, software restriction policies will check a certificate revocation list (CRL) to make sure the software’s certificate and signature are valid. This may decrease performance when start signed programs. You can disable this feature. On Trusted Publishers Properties, clear the Publisher and Timestampcheck boxes.
Q12. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The network contains 500 client computers that run Windows 8. All of the client computers connect to the Internet by using a web proxy.
You deploy a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed.
You configure all of the client computers to use Server1 as their primary DNS server.
You need to prevent Server1 from attempting to resolve Internet host names for the client computers.
What should you do on Server1?
A. Create a primary zone named “root”.
B. Create a primary zone named "GlobalNames".
C. Create a forwarder that points to 169.254.0.1.
D. Create a primary zone named “.”.
Answer: A
Q13. - (Topic 3)
You have a file server named File1 that runs Windows Server 2012 R2.
File1 contains a shared folder named Share1. Share1 contains an Application named
SalesAppl.exe.
The NTFS permissions for Share1 are shown in the following table.
The members of L_Sales discover that they cannot add files to Share1. Domain users can run SalesAppl.exe successfully.
You need to ensure that the members of L_Sales can add files to Share1.
What should you do?
A. Add the Domain Users group to L_Sales.
B. Add L_Sales to the Domain Users group.
C. Edit the Share permissions.
D. Edit the NTFS permissions.
Answer: C
Explanation:
Based on the NTFS permissions, these users should be able to add files (as they have the “write” permission), so they must have read-only share permissions preventing them from doing so.
Q14. - (Topic 1)
Your network contains a server named Server1 that runs Windows Server 2012
R2.Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
You plan to schedule a complete backup of Server1 by using Windows Server Backup.
You need to ensure that the state of VM1 is saved before the backup starts.
What should you configure?
A. NUMA topology
B. Resource control
C. resource metering
D. virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Answer: I
Explanation:
The Integration Services settings on virtual machines include services such as operating system shutdown, time synchronization, data exchange, Heartbeat, and Backup (volume snapshot services). This snapshot will ensure that the state of VM1 is saved prior to backup.
References: http://msdn.microsoft.com/en-us/library/dd405549(v=vs.85).aspx Exam Ref 70-410, Installing and Configuring Windows Server 2012 R2, Chapter 3: Configure Hyper-V, Objective 3.1: Create and Configure virtual machine settings, p.144
Q15. - (Topic 1)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 is connected to two Fibre Channel SANs and is configured as shown in the following table.
You have a virtual machine named VM1.
You need to configure VM1 to connect to SAN1.
What should you do first?
A. Add one HBA
B. Create a Virtual Fibre Channel SAN.
C. Create a Hyper-V virtual switch.
D. Configure network adapter teaming.
Answer: B
Explanation:
You need your virtualized workloads to connect easily and reliably to your existing storage
arrays.
Windows Server 2012 provides Fibre Channel ports within the guest operating system,
which allows you to connect to Fibre Channel directly from within virtual machines. This
feature protects your investments in Fibre Channel, enables you to virtualize workloads that use direct access to Fibre Channel storage, allows you to cluster guest operating systems over Fibre Channel, and provides an important new storage option for servers hosted in your virtualization infrastructure. With this Hyper-V virtual Fibre Channel feature, you can connect to Fibre Channel storage from within a virtual machine. This allows you to use your existing Fibre Channel investments to support virtualized workloads. Support for Fibre Channel in Hyper-V guests also includes support for many related features, such as virtual SANs, live migration, and MPIO.