Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 1)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the
Hyper-V server role installed.
An iSCSI SAN is available on the network.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
You create a LUN on the SAN to host the virtual hard drive files for the virtual machines.
You need to create a 3-TB virtual hard disk for VM1 on the LUN. The solution must prevent
VM1 from being paused if the LUN runs out of disk space.
Which type of virtual hard disk should you create on the LUN?
A. Dynamically expanding VHDX
B. Fixed-size VHDX
C. Fixed-size VHD
D. Dynamically expanding VHD
Answer: B
Explanation:
The virtual disk needs to be a VHDX file since it is going to be over 2TB in size and it must be fixed-size so that the space is already taken on the server (that way the server does not run out of space as the volume grows) even if the actual virtual disk does not yet hold that amount of data.
Q2. HOTSPOT - (Topic 3)
Your network contains an Active Directory domain named contoso.com. All client
computers run Windows 8.
An administrator creates an application control policy and links the policy to an
organizational unit (OU) named OU1. The application control policy contains several deny
rules. The deny rules apply to the Everyone group.
You need to prevent users from running the denied application.
What should you configure?
To answer, select the appropriate object in the answer area.
Answer:
Q3. - (Topic 3)
You work as a senior administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
You are running a training exercise for junior administrators. You are currently discussing connection security rules.
Which of the following is TRUE with regards to connection security rules? (Choose all that apply.)
A. Connection security rules allows for traffic to be secured via IPsec.
B. Connection security rules do not allow the traffic through the firewall.
C. Connection security rules are applied to programs or services.
D. Connection security rules are applied between two computers.
Answer: A,B,D
Explanation:
Connection security involves the authentication of two computers before they begin communications and the securing of information sent between two computers. Windows Firewall with Advanced Security uses Internet Protocol security (IPsec) to achieve connection security by using key exchange, authentication, data integrity, and, optionally, data encryption. How firewall rules and connection security rules are related Firewall rules allow traffic through the firewall, but do not secure that traffic. To secure traffic with IPsec, you can create Computer Connection Security rules. However, the creation of a connection security rule does not allow the traffic through the firewall. You must create a firewall rule to do this, if the traffic is not allowed by the default behavior of the firewall. Connection security rules are not applied to programs or services; they are applied between the computers that make up the two endpoints.
Q4. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named HVServer1. HVServer1 runs Windows Server 2012 and has the Hyper-V server role installed. HVServer1 hosts 10 virtual machines. All of the virtual machines connect to a virtual switch named Switch1. Switch1 is configured as a private network. All of the virtual machines have the DHCP guard and the router guard settings enabled.
You install the DHCP server role on a virtual machine named Server 1. You authorize Server1 as a DHCP server in contoso.com. You create an IP scope.
You discover that the virtual machines connected to Switch1 do not receive IP settings from Server1.
You need to ensure that the virtual machines can use Server1 as a DHCP server.
What should you do?
A. Enable MAC address spoofing on Server1.
B. Disable the DHCP guard on all of the virtual machines that are DHCP clients.
C. Disable the DHCP guard on Server1.
D. Enable single-root I/O virtualization (SR-IOV) on Server1.
Answer: C
Explanation:
Private virtual networks are used where you want to allow communications between virtual machine to virtual machine on the same physical server in a block diagram, a private network is an internal network without a virtual NIC in the parent partition. A private network would commonly be used where you need complete isolation of virtual machines from external and parent partition traffic. DMZ workloads running on a leg of a trihomed firewall, or an isolated test domain are examples where this type of network may be useful.
Q5. HOTSPOT - (Topic 1)
Your network contains an Active Directory domain named contoso.com. All domain
controllers run Windows Server 2012 R2.
All servers are configured to enforce AppLocker policies.
You install a server named Server1.
On Server1, you install an application named App1.exe in a folder located on C:\App1.
You have two domain groups named Group1 and Group2.A user named User1 is a
member of Group1 and Group2.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to contoso.com.
You create the executable rules as shown in the exhibit by using the Create Executable Rules wizard. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.
Answer:
Q6. - (Topic 1)
You have a server named Server1 that runs Windows Server 2012 R2. You need to create a script that will create and mount a virtual hard disk. Which tool should you use?
A. diskpart.exe
B. vdsldr.exe
C. fsutil.exe
D. vds.exe
Answer: A
Q7. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.Client computers run either Windows 7 or Windows 8.
All of the computer accounts of the client computers reside in an organizational unit (OU) named Clients. A Group Policy object (GPO) named GPO1 is linked to the Clients OU. All of the client computers use a DNS server named Server1.
You configure a server named Server2 as an ISATAP router. You add a host (A) record for ISATAP to the contoso.com DNS zone.
You need to ensure that the client computers locate the ISATAP router.
What should you do?
A. Run the Set-DnsServerGlobalQueryBlockList cmdlet on Server1.
B. Configure the Network Options Group Policy preference of GPO1.
C. Run the Add-DnsServerResourceRecord cmdlet on Server1.
D. Configure the DNS Client Group Policy setting of GPO1.
Answer: A
Explanation:
The Set-DnsServerGlobalQueryBlockList command will change the settings of a global query block list which you can use to ensure that client computers locate the ISATAP router.
Windows Server 2008 introduced a new feature, called “Global Query Block list”, which prevents some arbitrary machine from registering the DNS name of WPAD. This is a good security feature, as it prevents someone from just joining your network, and setting himself up as a proxy. The dynamic update feature of Domain Name System (DNS) makes it possible for DNS client computers to register and dynamically update their resource records with a DNS server whenever a client changes its network address or host name. This reduces the need for manual administration of zone records. This convenience comes at a cost, however, because any authorized client can register any unused host name, even a host name that might have special significance for certain Applications. This can allow a malicious user to take over a special name and divert certain types of network traffic to that user’s computer. Two commonly deployed protocols are particularly vulnerable to this type of takeover: the Web Proxy Automatic Discovery Protocol (WPAD) and the Intra-site Automatic Tunnel Addressing Protocol (ISATAP). Even if a network does not deploy these protocols, clients that are configured to use them are vulnerable to the takeover that DNS dynamic update enables. Most commonly, ISATAP hosts construct their PRLs by using DNS to locate a host named isatap on the local domain. For example, if the local domain is corp.contoso.com, an ISATAP-enabled host queries DNS to obtain the IPv4 address of a host named isatap.corp.contoso.com. In its default configuration, the Windows Server 2008 DNS Server service maintains a list of names that, in effect, it ignores when it receives a query to resolve the name in any zone for which the server is authoritative. Consequently, a malicious user can spoof an ISATAP router in much the same way as a malicious user can spoof a WPAD server: A malicious user can use dynamic update to register the user’s own computer as a counterfeit ISATAP router and then divert traffic between ISATAP-enabled computers on the network. The initial contents of the block list depend on whether WPAD or ISATAP is already deployed when you add the DNS server role to an existing Windows Server 2008 deployment or when you upgrade an earlier version of Windows Server running the DNS Server service. Add-DnsServerResourceRecord – The Add-DnsServerResourceRecordcmdlet adds a resource record for a Domain Name System (DNS) zone on a DNS server. You can add different types of resource records. Use different switches for different record types. By using this cmdlet, you can change a value for a record, configure whether a record has a time stamp, whether any authenticated user can update a record with the same owner name, and change lookup timeout values, Windows Internet Name Service (WINS) cache settings, and replication settings. Set-DnsServerGlobalQueryBlockList – The Set-DnsServerGlobalQueryBlockListcmdlet changes settings of a global query block list on a Domain Name System (DNS) server. This cmdlet replaces all names in the list of names that the DNS server does not resolve with the names that you specify. If you need the DNS server to resolve names such as ISATAP and WPAD, remove these names from the list. Web Proxy Automatic Discovery Protocol (WPAD) and Intra-site Automatic Tunnel Addressing Protocol (ISATAP) are two commonly deployed protocols that are particularly vulnerable to hijacking.
References: Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 4: Deploying domain controllers, Lesson 4: Configuring IPv6/IPv4 Interoperability, p. 254-256 http://technet.microsoft.com/en-us/library/jj649942(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649876(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649874.aspx http://technet.microsoft.com/en-us/library/jj649909.aspx
Q8. - (Topic 3)
You have an Active Directory domain named contoso.com. You have a domain controller named Server1 that is configured as a DNS server. Server1 hosts a standard primary zone for contoso.com. The DNS configuration of Server1 is shown in the exhibit.
You discover that stale resource records are not automatically removed from the contoso.com zone.
You need to ensure that the stale resource records are automatically removed from the contoso.com zone.
What should you do?
A. Set the scavenging period of Server1 to 0 days.
B. Modify the Server Aging/Scavenging properties.
C. Configure the aging properties for the contoso.com zone.
D. Convert the contoso.com zone to an Active Directory-integrated zone.
Answer: C
Explanation:
Scavenging or aging as it is also known as automates the deletion of old records. When scavenging is disabled, these records must be deleted manually or the size of the DNS database can become large and have an adverse effect on performance. In the exhibit it shows that scavenging is enabled on Server1, thus you should configure the aging properties for the zone.
Q9. - (Topic 2)
Your network contains three servers that run Windows Server 2012 R2. The servers are configured as shown in the following table.
Server3 is configured to obtain an IP address automatically.
You need to prevent Server3 from receiving an IP address from Server1.
What should you create on Server1?
A. A reservation
B. A filter
C. A scope option
D. An exclusion
Answer: B
Explanation:
A. For clients that require a constant IP address
B. Filter to exclude MAC address of Server3
C. Range of allowed IP’s to be assigned
D. Exclude range of IP’s MAC address based filtering ensure that only a known set of devices in the system are able to obtain an IPAddress from the DHCP Reservation and Exclusion, two incredibly different concepts. An exclusion is an address or range of addresses taken from a DHCP scope that the DHCP server is not allowed to hand out. For example, if you have set a DHCP server to exclude the address range 192.168.0.1-192.168.0.10 then the only way a computer on your network would get an address of 192.168.0.4 would be if you assigned it statically on that machine. This is because DHCP knows NOT to give this range of IP addresses out. A reservation is a specific IP addresses that is tied to a certain device through its MAC address. For example, if we have a workstation on the network that requires a certain IP address, but we don’t want to go through to trouble of assigning it statically, then we can create a reservation for it. So if the MAC address of the NIC on the computer is AA-BB-00FF-CC-AA and we want it to maintain the IP address of 192.168.0.100 then we would create a DHCP reservation under that particular scope saying that the IP address
192.168.0.100 is reserved only for the MAC address AA-BB-00-FF-CC-AA. Reference: http://technet.microsoft.com/en-us/magazine/ff521761.aspx
Q10. HOTSPOT - (Topic 1)
You have a Hyper-V host named Server1 that runs Windows Server 2008 R2. All of the virtual machines on Server1 use VHDs.
You install the Hyper-V server role on a server named Server2 that runs Windows Server 2012 R2. Server2 has the same hardware configurations as Server1.
You plan to migrate the Hyper-V host from Server1 to Server2 by using the Windows Server Migration Tools.
In the table below, identify what can be migrated by using the Windows Server Migration Tools. Make only one selection in each row. Each correct selection is worth one point.
Answer:
Q11. - (Topic 3)
Your network contains an active directory forest. The forest functional level is Windows server 2012. The forest contains a single domain. The domain contains a member server named Server1 that runs Windows server 2012. You purchase a network scanner named Scanner1 that supports Web Services on Devices (WDS). You need to share the network scanner on Server1.
Which server role should you install on Server1?
A. Web Server (IIS)
B. Fax Server
C. File and Storage Services
D. Print and Document Services
Answer: D
Explanation:
Print and Document Services enables you to centralize print server and network printer tasks. With this role, you can also receive scanned documents from network scanners and route the documents to a shared network resource, Windows SharePoint Services site, or email addresses. Windows Server 2012 uses Web Services on Devices (WSD) technologies to integrate scanning devices into the system.
Q12. - (Topic 2)
You have a server named Server1 that runs Windows Server 2012 R2. You add an additional disk to Server1 as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that users can access the additional disk from drive C.
What should you do?
A. Convert Disk 0 to a dynamic disk and add a mirror.
B. Create a simple volume on Disk 1 and mount the volume to a folder.
C. Convert Disk 0 and Disk 1 to dynamic disks and extend a volume.
D. Convert Disk 1 to a dynamic disk and create a spanned volume.
Answer: B
Q13. - (Topic 3)
You have a server named Server1 that runs a Server Core installation of Windows Server 2012 R2. Server1 is configured to obtain an IPv4 address by using DHCP. You need to configure the IPv4 settings of the network connection on Server1 as follows:
IP address: 10.1.1.1
Subnet mask: 255.255.240.0
Default gateway: 10.1.1.254
What should you run?
A. Set-NetlPInterface
B. netcfg.exe
C. New-NetlPAddress
D. msconfig.exe
Answer: C
Q14. - (Topic 1)
Your company has a main office and two branch offices. The offices connect to each other by using a WAN link.
In the main office, you have a server named Server1 that runs Windows Server 2012 R2.
Server1 is configured to use an IPv4 address only.
You need to assign an IPv6 address to Server1. The IP address must be private and routable.
Which IPv6 address should you assign to Server1?
A. fe80:ab32:145c::32cc:401b
B. ff00:3fff:65df:145c:dca8::82a4
C. 2001:ab32:145c::32cc:401b
D. fd00:ab32:14:ad88:ac:58:abc2:4
Answer: D
Explanation:
Unique local addresses are IPv6 addresses that are private to an organization in the same way that private addresses–such as 10.x.x.x, 192.168.x.x, or 172.16.0.0 172.31.255.255–can be used on an IPv4 network. Unique local addresses, therefore, are not routable on the IPv6 Internet in the same way that an address like 10.20.100.55 is not routable on the IPv4 Internet. A unique local address is always structured as follows: The first 8 bits are always 11111101 in binary format. This means that a unique local address always begins with FD and has a prefix identifier of FD00::/8.
Q15. - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2.
You plan to create an image of Server1.
You need to remove the source files for all server roles that are not installed on Server1.
Which tool should you use?
A. servermanagercmd.exe
B. imagex.exe
C. ocsetup.exe
D. dism.exe
Answer: D
Explanation:
servermanagercmd.exe – The ServerManagerCmd.exe command-line tool has been deprecated in Windows Server 2008 R2. imagex.exe – ImageX is a command-line tool in Windows Vista that you can use to create and manage Windows image (.wim) files. A .wim file contains one or more volume images, disk volumes that contain images of an installed Windows operating system. dism.exe – Deployment Image Servicing and Management (DISM.exe) is a command-line tool that can be used to service a Windows image or to prepare a Windows Preinstallation Environment (Windows PE) image. It replaces Package Manager (Pkgmgr.exe), PEimg, and Intlcfg that were included in Windows Vista. The functionality that was included in these tools is now consolidated in one tool(DISM.exe), and new functionality has been added to improve the experience for offline servicing. DISM can Add, remove, and enumerate packages. ocsetup.exe – The Ocsetup.exe tool is used as a wrapper for Package Manager (Pkgmgr.exe) and for Windows Installer (Msiexec.exe). Ocsetup.exe is a command-line utility that can be used to perform scripted installs and scripted uninstalls of Windows optional components. The Ocsetup.exe tool replaces the Sysocmgr.exe tool that Windows XP and Windows Server 2003i use.
The Dism utility can be used to create and mount an image of Server1.
References:
http://technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd744382(v=ws.10).aspx
Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 2: Deploying Servers, p. 44 Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2: Chapter 1: Installing and Configuring Servers, p. 19-22