Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 2)
Your network contains an Active Directory domain named contoso.com.
The password policy for the domain is set to require a minimum password length of 10 characters.
A user named User1 and a user named User2 work for the sales department.
User1 is forced to create a domain password that has a minimum of 12 characters. User2 is forced to create a domain password that has a minimum of eight characters.
You need to identify what forces the two users to have different password lengths.
Which tool should you use?
A. Credential Manager
B. Security Configuration Wizard (SCW)
C. Group Policy Management
D. Active Directory Administrative Center
Answer: D
Explanation:
In Windows Server 2008, you can use fine-grained password policies to specify multiple password policies and apply different password restrictions and account lockout policies to different sets of users within a single domain. For example, to increase the security of privileged accounts, you can apply stricter settings to the privileged accounts and then apply less strict settings to the accounts of other users. Or in some cases, you may want to apply a special password policy for accounts whose passwords are synchronized with other data sources.
This is found in the Active Directory Administrative Center. You can use Active Directory Administrative Center to perform the following Active Directory administrative tasks: Create new user accounts or manage existing user accounts Create new groups or manage existing groups Create new computer accounts or manage existing computer accounts Create new organizational units (OUs) and containers or manage existing OUs Connect to one or several domains or domain controllers in the same instance of Active Directory Administrative Center, and view or manage the directory information for those domains or domain controllers Filter Active Directory data by using query-building search
: http://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx
Q2. HOTSPOT - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a single location named Site1. The domain contains a server named Server1 that has the DHCP Server server role installed.
All client computers receive their IPv4 configurations dynamically.
The domain will expand to include a second location named Site2. A server named Server2 will be deployed to Site2. Site1 and Site2 will connect to each other by using a WAN link.
You need to ensure that the clients in both sites receive their IPv4 configurations from Server1.
In the table below, identify which actions must be performed on each server. Make only one selection in each row. Each correct selection is worth one point.
Answer:
Q3. - (Topic 3)
You have a network printer connected to print server. You need to be able to print if print server goes down.
What should you configure?
A. branch office direct printing
B. printer pooling
C. spooling
D. Print forwarding
Answer: A
Explanation:
Branch Office Direct Printing can reduce Wide Area Network (WAN) usage by printing directly to a print device instead of a server print queue. This feature can be enabled or disabled on a per printer basis and is transparent to the user. It is enabled by an administrator using the Print Management Console or Windows PowerShell on the server.
The printer information is cached in the branch office, so that if the print server is unavailable for some reason (for example if the WAN link to the data center is down), then it is still possible for the user to print. Branch Office Direct Printing requires the following operating systems: Windows Server 2012 Windows 8
Q4. - (Topic 1)
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1.
User1 logs on to a client computer named Computer1.
You need to disable the computer account of Computer1.
Which cmdlet should you run?
A. Add-AdPrincipalGroupMember.hip
B. Install-AddsDomainController
C. Install WindowsFeature
D. Install AddsDomain
E. Roname-AdObject
F. Set-AdAccountControl
G. Set-AdGroup
H. Set-User
Answer: F
Explanation:
Set-ADAccountControl Enabled Specifies if an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory User Account Control (UAC) attribute. Possible values for this parameter include: $false or 0 $true or 1 The following example shows how to set this parameter to enable the account. -Enabled $true
Q5. - (Topic 3)
You have external virtual switch with srv-io enabled with 10 Virtual Machines on it. You need to make the Virtual Machines able to talk only to each other.
A. remove the vswitch and recreate it as private.
B. add new vswitch
C. remove vswitch and recreate it as public
D. adjust srv-io settings
Answer: A
Explanation:
You cannot change the settings of a vswitch with SR-IOV enabled, so you must delete it and recreate it.
Q6. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com.
Contoso.com has a domain controller, named ENSUREPASS-DC01, which has Windows Server 2012 R2 installed. Another Contoso.com domain controller, named ENSUREPASS-DC02, has Windows Server 2008 R2 installed.
You have deployed a server, named ENSUREPASS-SR15, on Contoso.com’s perimeter network. ENSUREPASSSR15 is running a Server Core Installation of Windows Server 2012 R2.
You have been instructed to make sure that ENSUREPASS-SR15 is part of the Contoso.com domain.
Which of the following actions should you take?
A. You should consider making use of Set-Computer Windows PowerShell cmdlet on ENSUREPASS-SR15.
B. You should consider making use of Get-Computer Windows PowerShell cmdlet on ENSUREPASS-SR15.
C. You should consider making use of Test-Computer Windows PowerShell cmdlet on ENSUREPASS-SR15.
D. You should consider making use of Add-Computer Windows PowerShell cmdlet on ENSUREPASS-SR15.
Answer: D
Explanation:
Add-Computer – Add the local computer to a domain or workgroup.
Q7. - (Topic 3)
You work as an administrator at ABC.com. The ABC.com network consists of a single domain named ABC.com. All servers in the ABC.com domain, including domain controllers, have Windows Server 2012 R2 installed.
You have installed the DNS Server Role on an ABC.com server, named ABC-SR13. ABC.com’s workstations make use of a web proxy to access the Internet, and refer to ABC-SR13 as a primary DNS server.
You have been instructed to make sure that Internet host names for ABC.com’s workstations are not resolved by ABC-SR13.
Which of the following actions should you take?
A. You should consider configuring a primary zone on ENSUREPASS-SR13.
B. You should consider configuring a secondary zone on ENSUREPASS-SR13.
C. You should consider configuring a reverse lookup zone on ENSUREPASS-SR13.
D. You should consider configuring a forward lookup zone on ENSUREPASS-SR13.
Answer: A
Q8. DRAG DROP - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs a Server Core installation of Windows Server 2012 R2.
You install the DNS Server server role on Server1.
You need to perform the following configurations on Server1:
. Create an Active Directory-integrated zone named adatum.com. . Send unresolved DNS client queries for other domain suffixes to the DNS server of your company's Internet Service Provider (ISP).
Which Windows PowerShell cmdlets should you use?
To answer, drag the appropriate cmdlet to the correct configuration in the answer area. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q9. - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. You have fixed-size VHD named Files.vhd.
You need to make the contents in Files.vhd available to several virtual machines. The solution must meet the following requirements:
. Ensure that if the contents are changed on any virtual machine, the changes are not reflected on the other virtual machines. . Minimize the amount of disk space used.
What should you do?
A. Create a fixed-size VHDX. Transfer the information from Files.vhd to the new VHDX file.
B. Convert Files.vhd to a dynamically expanding VHD?
C. Create a dynamically expanding VHDX. Transfer the information from Files.vhd to the new VHDX file.
D. Create differencing VHDs that use Files.vhd as the parent disk.
Answer: D
Explanation:
A. A conversion would be needed from VHD to VHDX. Not available to multiple VM’s
B. Single VHD not available to multiple VM’s. Changes wouldn’t be reflected
C. A conversion would be needed from VHD to VHDX. Not available to multiple VM’s
D. Child disk for multiple VM’s with Files.vhd as parent. A differencing disk is associated with another virtual hard disk that you select when you create the differencing disk. This means that the disk to which you want to associate the differencing disk must exist first. This virtual hard disk is called the “parent” disk and the differencing disk is the “child” disk. The parent disk can be any type of virtual hard disk. The differencing disk stores all changes that would otherwise be made to the parent disk if the differencing disk was not being used. The differencing disk provides an ongoing way to save changes without altering the parent disk. You can use the differencing disk to store changes indefinitely, as long as there is enough space on the physical disk where the differencing disk is stored. The differencing disk expands dynamically as data is written to it and can grow as large as the maximum size allocated for the parent disk when the parent disk was created.
Q10. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed.
You have been instructed to make sure that Contoso.com users are not able to install a Windows Store application. You then create a rule for packaged apps.
Which of the following is the rule based on? (Choose all that apply.)
A. The publisher of the package.
B. The publisher of the application.
C. The name of the package
D. The name of the application
E. The package version.
F. The application version.
Answer: A,C,E
Explanation:
Packaged apps (also known as Windows 8 apps) are new to Windows Server 2012 R2 and Windows 8. They are based on the new app model that ensures that all the files within an app package share the same identity. Therefore, it is possible to control the entire application using a single AppLocker rule as opposed to the non-packaged apps where each file within the app could have a unique identity. Windows does not support unsigned packaged apps which implies all packaged apps must be signed. AppLocker supports only publisher rules for Packaged apps. A publisher rule for a Packaged app is based on the following information: Publisher of the package Package name Package version All the files within a package as well as the package installer share these attributes. Therefore, an AppLocker rule for a Packaged app controls both the installation as well as the running of the app. Otherwise, the publisher rules for Packaged apps are no different than the rest of the rule collections; they support exceptions, can be increased or decreased in scope, and can be assigned to users and groups.
Q11. - (Topic 2)
You have a server that runs a Server Core installation of Windows Server 2012 R2.
You need to change the DNS server used by IPv6.
What should you do?
A. From Sconfig, configure the Network Settings.
B. Run the sc.exe command and specify the config parameter.
C. From Windows PowerShell, run the Set-NetIpv6Protocol cmdlet.
D. From Windows PowerShell, run the Set-DnsClientServerAddress cmdlet.
Answer: D
Explanation:
The Set-DnsClientServerAddresscmdlet sets one or more IP addresses for DNS servers associated with an interface. This cmdlet statically adds DNS server addresses to the interface. If this cmdlet is used to add DNS servers to the interface, then the DNS servers will override any DHCP configuration for that interface. PS C:\> Set-DnsClientServerAddress -InterfaceIndex 12 -ServerAddresses "10.0.0.1","10.0.0.2")
References: http://technet.microsoft.com/en-us/library/jj592692.aspx
http://technet.microsoft.com/en-us/library/jj590768.aspx
Q12. - (Topic 2)
You have a new server named Server1 that runs Windows Server 2012 R2.
Server1 has two dual-core processors and 32 GB of RAM.
You install the Hyper-V server role on Server1.
You create two virtual machines on Server1 that each have 8 GB of memory.
You need to minimize the amount of time it takes for both virtual machines to access
memory.
What should you configure on each virtual machine?
A. Resource control
B. Memory weight
C. Dynamic Memory
D. NUMA topology
Answer: D
Explanation:
Windows Server 2012 introduced support for projecting a virtual NUMA topology into Hyper-V virtual machines. This capability can help improve the performance of workloads running on virtual machines that are configured with large amounts of memory.
Q13. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains an Application server named Server1. Server1 runs Windows Server 2012 R2.
Server1 is configured as an FTP server.
Client computers use an FTP Application named App1.exe. App1.exe uses TCP port 21 as
the control port and dynamically requests a data port.
On Server1, you create a firewall rule to allow connections on TCP port 21. You need to configure Server1 to support the client connections from App1.exe. What should you do?
A. Run netshadvfirewall set global statefulftp enable.
B. Create an inbound firewall rule to allow App1.exe.
C. Create a tunnel connection security rule.
D. Run Set-NetFirewallRule -DisplayName DynamicFTP -Profile Domain
Answer: A
Explanation:
The netsh firewall context is supplied only for backward compatibility. We recommend that you do not use this context on a computer that is running Windows Vista or a later version of Windows. In the netsh advfirewall firewall context, the add command only has one variation, the add rule command. Netsh advfirewall set global statefulftp: Configures how Windows Firewall with Advanced Security handles FTP traffic that uses an initial connection on one port to request a data connection on a different port. When statefulftp is enabled, the firewall examines the PORT and PASV requests for these other port numbers and then allows the corresponding data connection to the port number that was requested. Syntax set global statefulftp { enable | disable | notconfigured } Parameters statefulftp can be set to one of the following values: enable The firewall tracks the port numbers specified in PORT command requests and in the responses to PASV requests, and then allows the incoming FTP data traffic entering on the requested port number. disable This is the default value. The firewall does not track outgoing PORT commands or PASV responses, and so incoming data connections on the PORT or PASV requested port is blocked as an unsolicited incoming connection. notconfigured Valid only when netsh is configuring a GPO by using the set store command.
Q14. HOTSPOT - (Topic 3)
You run a Windows 2012 and implementing 3 new printers in a warehouse. You need to makean exclusion forthese IP addresses within DHCP server.
Select the location where would configure at the DHCP console?
Answer:
Q15. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains 100 user accounts that reside in an organizational unit (OU) named 0U1. You need to ensure that a user named User1 can link and unlink Group Policy objects (GPOs) to OU1. The solution must minimize the number of permissions assigned to User1.
What should you do?
A. Modify the permissions on OU1.
B. Run the Set-GPPermission cmdlet.
C. Add User1 to the Group Policy Creator Owners group.
D. Modify the permissions on the User1 account.
Answer: A
Explanation: