Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 installed.
Contoso.com has a server, named ENSUREPASS-SR07, which has the AD DS, DHCP, and DNS server roles installed. Contoso.com also has a server, named ENSUREPASS-SR08, which has the DHCP, and Remote Access server roles installed. You have configured a server, which has the File and Storage Services server role installed, to automatically acquire an IP address.
The server is named ENSUREPASS-SR09. You then create a filter on ENSUREPASS-SR07.
Which of the following is a reason for this configuration?
A. To make sure that ENSUREPASS-SR07 issues ENSUREPASS-SR09 an IP address.
B. To make sure that ENSUREPASS-SR07 does not issue ENSUREPASS-SR09 an IP address.
C. To make sure that ENSUREPASS-SR09 acquires a constant IP address from ENSUREPASS-SR08 only.
D. To make sure that ENSUREPASS-SR09 is configured with a static IP address.
Answer: B
Q2. - (Topic 3)
You have a server that runs Windows Server 2012 R2. The server contains the disks configured as shown in the following table.
You need to create a volume that can store up to 3 TB of user files. The solution must ensure that the user files are available if one of the disks in the volume fails. What should you create?
A. A mirrored volume on Disk 1 and Disk 4
B. A storage pool on Disk 2 and Disk 3
C. A storage pool on Disk 1 and Disk 3
D. A mirrored volume on Disk 2 and Disk 3
Answer: D
Q3. - (Topic 3)
Your network contains an Active Directory forest that contains two domains. The forest contains five domain controllers. The domain controllers are configured as shown in the following table.
You need to configure DC5 as a global catalog server. Which tool should you use?
A. Active Directory Domains and Trusts
B. Active Directory Users and Computers
C. Active Directory Administrative Center
D. Active Directory Sites and Services
Answer: D
Explanation:
If you have more than one domain in your forest and you have a significant user population in a site, you can optimize the speed and efficiency of domain logons and directory searches by adding a global catalog server to the site. If you have a single-domain forest, global catalog servers are not required for logons, but directory searches are directed to the global catalog. In this case, you can enable the global catalog on all domain controllers for faster directory searches. You can use the same user interface (UI) in the Active Directory Sites and Services snap-in to add or remove the global catalog. Enabling the global catalog can cause additional replication traffic. However, global catalog removal occurs gradually in the background and does not affect replication or performance. Membership in the Enterprise Admins group in the forest or the Domain Admins group in the forest root domain, or equivalent, is the minimum required to complete this procedure. To add or remove the global catalog Open Active Directory Sites and Services. To open Active Directory Sites and Services, click Start, click Administrative Tools, and then click Active Directory Sites and Services. To open Active Directory Sites and Services in Windows Server 2012, click Start , type dssite.msc. In the console tree, click the server object to which you want to add the global catalog or from which you want to remove the global catalog. Where? Active Directory Sites and Services\Sites\SiteName\Servers In the details pane, right-click NTDS Settings of the selected server object, and then click Properties. Select the Global Catalog check box to add the global catalog, or clear the check box to remove the global catalog. Global catalog servers and sites. To optimize network performance in a multiple-site environment, consider adding global catalog servers in sites according to the needs in the sites for fast search responses and domain logons. It is recommended to make all domain controllers be global catalog severs if possible. In a single-site, multiple-domain environment, a single global catalog server is usually sufficient to cover common Active Directory queries and logons.
Q4. - (Topic 3)
Your network contains an Active Directory domain named contoso.com.
You need to prevent users from installing a Windows Store app named App1.
What should you create?
A. An application control policy executable rule
B. An application control policy packaged app rule
C. A software restriction policy certificate rule
D. An application control policy Windows Installer rule
Answer: B
Explanation:
Windows 8 is coming REALLY SOON and of course one of the big new things to computer with that is the new Packaged Apps that run in the start screen. However these apps are very different and do not install like traditional apps to a path or have a true “executable” file to launch the program. Of course enterprises need a way to control these packaged apps and therefore Microsoft has added a new feature Packaged Apps option to the App1ocker feature.
A. For .exe or .com
B. A publisher rule for a Packaged app is based on publisher, name and version
C. You can create a certificate rule that identifies software and then allows or does not allow the software to run, depending on the security level.
D. For .msi or .msp Packaged apps (also known as Windows 8 apps) are new to Windows Server 2012 R2 and Windows 8. They are based on the new app model that ensures that all the files within an app package share the same identity. Therefore, it is possible to control the entire Application using a single App1ocker rule as opposed to the non-packaged apps where each file within the app could have a unique identity. Windows does not support unsigned packaged apps which implies all packaged apps must be signed. App1ocker supports only publisher rules for Packaged apps. A publisher rule for a packaged app is based on the following information: Publisher of the package Package name Package version Therefore, an App1ocker rule for a Packaged app controls both the installation as well as the running of the app. Otherwise, the publisher rules for Packaged apps are no different than the rest of the rule collections; they support exceptions, can be increased or decreased in scope, and can be assigned to users and groups.
Q5. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed.Server2 is a file server.
Your company introduces a Bring Your Own Device (BYOD) policy.
You need to ensure that users can use a personal device to access domain resources by using Single Sign-On (SSO) while they are connected to the internal network.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Enable the Device Registration Service in Active Directory.
B. Publish the Device Registration Service by using a Web Application Proxy.
C. Configure Active Directory Federation Services (AD FS) for the Device Registration Service.
D. Install the Work Folders role service on Server2.
E. Create and configure a sync share on Server2.
Answer: A,C
Explanation:
*Prepare your Active Directory forest to support devices. This is a one-time operation that you must run to prepare your Active Directory forest to support devices. To prepare the Active Directory forest On your federation server, open a Windows PowerShell command window and type: Initialize-ADDeviceRegistration *Enable Device Registration Service on a federation server farm node. To enable Device Registration Service:
1. On your federation server, open a Windows PowerShell command window and type: Enable-AdfsDeviceRegistration.
2. Repeat this step on each federation farm node in your AD FS farm.
Q6. - (Topic 3)
You work as an administrator at ABC.com. The ABC.com network consists of a single domain named ABC.com. All servers in the ABC.com domain, including domain controllers, have Windows Server 2012 R2 installed.
ABC.com has a domain controller, named ABC-DC01, which contains the ABC.com domain’s primary DNS zone. ABC.com’s workstations refer to ABC-DC01 as their primary DNS server.
You have been instructed to make sure that any DNS requests that are not for the ABC.com domain, is resolved by ABC-DC01 querying the DNS server of ABC.com’s Internet Service Provider (ISP).
Which of the following actions should you take?
A. You should consider configuring a reverse lookup zone.
B. You should consider configuring forward lookup zone.
C. You should consider configuring Forwarders.
D. You should consider configuring 019 IP Layer Forwarding.
Answer: C
Explanation:
A forwarder is a Domain Name System (DNS) server on a network that forwards DNS queries for external DNS names to DNS servers outside that network. You can also forward queries according to specific domain names using conditional forwarders. You designate a DNS server on a network as a forwarder by configuring the other DNS servers in the network to forward the queries that they cannot resolve locally to that DNS server. By using a forwarder, you can manage name resolution for names outside your network, such as names on the Internet, and improve the efficiency of name resolution for the computers in your network.
Q7. - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has five network adapters. Three of the network adapters are connected to a network named LAN1. The two other network adapters are connected to a network named LAN2.
You need to create a network adapter team from the three network adapters connected to LAN1.
Which tool should you use?
A. Routing and Remote Access
B. Network and Sharing Center
C. Server Manager
D. Network Load Balancing Manager
Answer: C
Q8. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You create and enforce the default AppLocker executable rules.
Users report that they can no longer execute a legacy application installed in the root of drive C.
You need to ensure that the users can execute the legacy application.
What should you do?
A. Create a new rule.
B. Delete an existing rule.
C. Modify the action of the existing rules.
D. Add an exception to the existing rules.
Answer: A
Explanation:
AppLocker is a feature that advances the functionality of the Software Restriction Policies
feature. AppLocker contains new capabilities and extensions that reduce administrative
overhead and help administrators control how users can access and use files, such as
executable files, scripts, Windows Installer files, and DLLs. By using AppLocker, you can:
Define rules based on file attributes that persist across application updates, such as the
publisher name (derived from the digital signature), product name, file name, and file
version. You can also create rules based on the file path and hash.
Assign a rule to a security group or an individual user.
Create exceptions to rules. For example, you can create a rule that allows all users to run
all Windows binaries except the Registry Editor (Regedit.exe).
Use audit-only mode to deploy the policy and understand its impact before enforcing it. .
Create rules on a staging server, test them, export them to your production environment,
and then import them into a Group Policy Object.
Simplify creating and managing AppLocker rules by using Windows PowerShell cmdlets for
AppLocker.
AppLocker default rules
AppLocker allows you to generate default rules for each of the rule types.
Executable default rule types:
Allow members of the local Administrators group to run all applications. Allow members of the Everyone group to run applications that are located in the Windows folder. Allow members of the Everyone group to run applications that are located in the Program Filesfolder. Windows Installer default rule types: Allow members of the local Administrators group to run all Windows Installer files. Allow members of the Everyone group to run digitally signed Windows Installer files. Allow members of the Everyone group to run all Windows Installer files located in the Windows\Installer folder. Script default rule types: Allow members of the local Administrators group to run all scripts. Allow members of the Everyone group to run scripts located in the Program Files folder. Allow members of the Everyone group to run scripts located in the Windows folder. DLL default rule types: (this on can affect system performance ) Allow members of the local Administrators group to run all DLLs. Allow members of the Everyone group to run DLLs located in the Program Files folder. Allow members of the Everyone group to run DLLs located in the Windows folder. You can apply AppLocker rules to individual users or to a group of users. If you apply a rule to a group of users, all users in that group are affected by that rule. If you need to allow a subset of a user group to use an application, you can create a special rule for that subset. For example, the rule “Allow Everyone to run Windows except Registry Editor” allows everyone in the organization to run the Windows operating system, but it does not allow anyone to run Registry Editor. The effect of this rule would prevent users such as Help Desk personnel from running a program that is necessary for their support tasks. To resolve this problem, create a second rule that applies to the Help Desk user group: “Allow Help Desk to run Registry Editor.” If you create a deny rule that does not allow any users to run Registry Editor, the deny rule will override the second rule that allows the Help Desk user group to run Registry Editor.
Q9. - (Topic 2)
Your network contains a server named Server1 that runs Windows Server 2012 R2.Server1 has the Hyper-V server role installed. Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.Server1 is configured as shown in the following table.
You need to configure VM4 to track the CPU, memory, and network usage.
What should you configure?
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring K. Single-root I/O virtualization
Answer: C
Explanation:
Metrics collected for each virtual machine using resource metering: Average CPU usage, measured in megahertz over a period of time. Average physical memory usage, measured in megabytes. Minimum memory usage (lowest amount of physical memory). Maximum memory usage (highest amount of physical memory). Maximum amount of disk space allocated to a virtual machine. Total incoming network traffic, measured in megabytes, for a virtual network adapter. Total outgoing network traffic, measured in megabytes, for a virtual network adapter
: http://blogs.technet.com/b/meamcs/archive/2012/05/28/hyper-v-resource-metering-in-windows-server-2012-server-8-beta.aspx
Q10. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed. You have been instructed to make sure that a server, named ENSUREPASS-SR07, is configured to be managed remotely from ENSUREPASS-SR01 using Server Manager.
Which of the following is not a valid option to take? (Choose all that apply.)
A. You could access the server manager on ENSUREPASS-SR07.
B. You could access the server manager on ENSUREPASS-SR13.
C. You could run the %windir%\system32\Configure-SMRemoting.exe from an elevated command prompt on ENSUREPASS-SR13.
D. You could run the Configure-SMRemoting.exe – enable cmdlet on ENSUREPASS-SR07.
Answer: B,C
Q11. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
Server1 has the Group Policy Management feature installed. Server2 has the Print and Document Services server role installed.
On Server2, you open Print Management and you deploy a printer named Printer1 by using a Group Policy object (GPO) named GPO1.When you open GPO1 on Server1, you discover that the Deployed Printers node does not appear.
You need to view the Deployed Printers node in GPO1.
What should you do?
A. On Server1, modify the Group Policy filtering options of GPO1.
B. On a domain controller, create a Group Policy central store.
C. On Server2, install the Group Policy Management feature.
D. On Server1, configure the security filtering of GPO1.
Answer: C
Explanation:
Pre-Requisites To use Group Policy for printer deployment you will need to have a Windows Active Directory domain, and this article assumes that your Domain Controller is a Windows 2008 R2 Server. You will also need the Print Services role installed on a server (can be on your DC), and you will be using the Print Management and Group Policy Management consoles to configure the various settings. It’s assumed that you have already followed Part One and have one or more printers shared on your server with the necessary drivers, ready to deploy to your client computers.
Q12. HOTSPOT - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2.
You create a windows PowerShell script named Scriptl.psl that contains the following configuration:
You need to apply the configuration to Server1. The solution must ensure that the configuration on Server1 can be updated by modifying a MOF file on Server2.
Which actions should you perform on each server?
To answer, select the appropriate server on which to perform each action in the answer area.
Answer:
Q13. - (Topic 3)
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 hosts 50 virtual machines that run Windows Server 2012 R2.
Your company uses smart cards for authentication.
You need to ensure that you can use smart card authentication when you connect to the virtual machine by using Virtual Machine Connection.
What should you configure?
A. The RemoteFX settings
B. The Enhanced Session Mode Policy
C. The NUMA Spanning settings
D. The Integration Services settings
Answer: B
Q14. HOTSPOT - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a print server named Server1 that runs Windows Server 2012 R2.
You share several printers on Server1.
You need to ensure that you can view the printer objects associated to Server1 in Active
Directory Users and Computers.
Which option should you select?
To answer, select the appropriate option in the answer area.
Answer:
Q15. - (Topic 1)
Your network contains a server named Server1 that runs Windows Server 2012
R2.Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
You install Windows Server 2012 R2 on VM2 by using Windows Deployment Services (WDS).
You need to ensure that the next time VM2 restarts, you can connect to the WDS server by using PXE.
Which virtual machine setting should you configure for VM2?
A. NUMA topology
B. Resource control
C. resource metering
D. virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Answer: G
Explanation:
Configure the BIOS of the computer to enable PXE boot, and set the boot order so that it is booting from the network is first.
References: http://technet.microsoft.com/en-us/library/cc766320(v=ws.10).aspx Exam Ref 70-410, Installing and Configuring Windows Server 2012 R2, Chapter 3: Configure Hyper-V, Objective 3.1: Create and Configure virtual machine settings, p.144 Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 7: Hyper-V Virtualization, Lesson 2: Deploying and configuring virtual machines, p.335