Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 3)
Server1 runs Windows Server 2012 R2 and is installed as an FTP server. Client uses App1 to connect to Server1 for FTP. App1 uses TCP port 21 for control and a dynamic port for data. You have allowed port 21 in firewall. What should you do next in order to allow clients to use App1 to connect to server1 using ftp.
A. At Server1 allow firewall rule of outbound
B. At Server1 allow firewall rule of inbound
C. Netsh advfirewall domainprofile state off
D. Netsh advfirewall set global StatefulFtp enable
Answer: D
Explanation:
Set global statefulftp Configures how Windows Firewall with Advanced Security handles FTP traffic that uses an initial connection on one port to request a data connection on a different port. This affects both active and passive FTP.
Q2. - (Topic 3)
Your infrastructure divided in 2 sites. You have a forest root domain and child domain. There is only one DC on site 2 with no FSMO roles. The link goes down to site 2 and no users can log on. What FSMO roles you need on to restore the access?
A. Infrastructure master
B. RID master
C. Domain Naming master
D. PDC Emulator
Answer: D
Explanation:
D. The PDC emulator is used as a reference DC to double-check incorrect passwords and it also receives new password changes. PDC Emulator is the most complicated and least understood role, for it runs a diverse range of critical tasks. It is a domain-specific role, so exists in the forest root domain and every child domain. Password changes and account lockouts are immediately processed at the PDC Emulator for a domain, to ensure such changes do not prevent a user logging on as a result of multi-master replication delays, such as across Active Directory sites.
Q3. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
Server2 establishes an IPSec connection to Server1.
You need to view which authentication method was used to establish the initial IPSec connection.
What should you do?
A. From Windows Firewall with Advanced Security, view the quick mode security association.
B. From Event Viewer, search the Application Log for events that have an ID of 1704.
C. From Event Viewer, search the Security Log for events that have an ID of 4672.
D. From Windows Firewall with Advanced Security, view the main mode security association.
Answer: D
Explanation:
Main mode negotiation establishes a secure channel between two computers by determining a set of cryptographic protection suites, exchanging keying material to establish a shared secret key, and authenticating computer and user identities. A security association (SA) is the information maintained about that secure channel on the local computer so that it can use the information for future network traffic to the remote computer. You can monitor main mode SAs for information like which peers are currently connected to this computer and which protection suite was used to form the SA. To get to this view In the Windows Firewall with Advanced Security MMC snap-in, expand Monitoring, expand Security Associations, and then click Main Mode. The following information is available in the table view of all main mode SAs. To see the information for a single main mode SA, double-click the SA in the list. Main mode SA information You can add, remove, reorder, and sort by these columns in the Results pane: Local Address: The local computer IP address. Remote Address: The remote computer or peer IP address. 1st Authentication Method: The authentication method used to create the SA. 1st Authentication Local ID: The authenticated identity of the local computer used in first authentication. 1st Authentication Remote ID: The authenticated identity of the remote computer used in first authentication.
2nd Authentication Method: The authentication method used in the SA.
2nd Authentication Local ID: The authenticated identity of the local computer used in
second authentication.
2nd Authentication Remote ID: The authenticated identity of the remote computer used in
second authentication.
Encryption: The encryption method used by the SA to secure quick mode key exchanges.
Integrity: The data integrity method used by the SA to secure quick mode key exchanges.
Key Exchange: The Diffie-Hellman group used to create the main mode SA.
: http://technet.microsoft.com/en-us/library/dd448497(v=ws.10).aspx
Q4. HOTSPOT - (Topic 2)
Your network contains an Active Directory domain named contoso.com.
You need to identify whether the Company attribute replicates to the global catalog.
Which part of the Active Directory partition should you view?
To answer, select the appropriate Active Directory object in the answer area.
Answer:
Q5. - (Topic 3)
You have a server that runs Windows Server 2012 R2. The server contains the disks configured as shown in the following table.
You need to create a volume that can store up to 3 TB of user files. The solution must ensure that the user files are available if one of the disks in the volume fails. What should you create?
A. a storage pool on Disk 2 and Disk 3
B. a spanned volume on Disk 2 and Disk 3
C. a mirrored volume on Disk 1 and Disk 3
D. a mirrored volume on Disk 2 and Disk 3
E. a RAID-5 volume on Disk 1, Disk 2, and Disk 3
F. a storage pool on Disk 1 and Disk 3
G. a spanned volume on Disk 0 and Disk 4
H. a mirrored volume on Disk 1 and Disk 4
Answer: D
Q6. - (Topic 2)
Your network contains several servers that run Windows Server 2012 R2 and client computers that run Windows 8.1.
You download several signed Windows PowerShell scripts from the Internet.
You need to run the PowerShell scripts on all of the servers and all of the client computers.
What should you modify first?
A. The environment variables on all of the servers
B. The execution policy on all of the servers
C. The execution policy on all of the client computers
D. The environment variables on all client computers
Answer: C
Explanation:
The default execution policy of Windows Server 2012 is RemoteSigned meaning that as long as a valid signature is used on the scripts, they will run. However, the client computers have a default execution policy of restricted meaning that no scripts will run in PowerShell whatsoever, so this would have to be changed before the scripts could be executed on the client computers.
Q7. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
Contoso.com has a server, named ENSUREPASS-SR07, which has two physical disks installed. The C: drive hosts the boot partition, while the D: drive is not being used. Both disks are online.
You have received instructions to create a virtual machine on ENSUREPASS-SR07. Subsequent to creating the virtual machine, you have to connect the D: drive to the virtual machine.
Which of the following is TRUE with regards to connecting a physical disk to a virtual machine?
A. The physical disk should not be online.
B. The physical disk should be uninstalled and re-installed.
C. The physical disk should be configured as a striped disk.
D. The physical disk should be configured as a mirrored disk.
Answer: A
Explanation:
Your virtual machines can also be connected to physical hard disks on the virtualization server virtual hard disks. (This is sometimes referred to as having a “pass-through” disk connected to a virtual machine.) The physical hard disk that you connect to a virtual machine can also be a network-attached disk, like a logical unit number (LUN) in a storage area network (SAN). A common example is an iSCSI LUN that has been mapped to the virtualization server by using Microsoft iSCSI Initiator. Because the virtualization server sees network-attached storage as local disks, the iSCSI LUN can be connected to a virtual machine. The most important limitation about having a physical hard disk connected to a virtual machine is that it cannot be connected to the virtualization server or to other virtual machines at the same time. The virtual machine must have exclusive access to the physical hard disk. Pass-through Disk Configuration Hyper-V allows virtual machines to access storage mapped directly to the Hyper-V server without requiring the volume be configured. The storage can either be a physical disk internal to the Hyper-V server or it can be a Storage Area Network (SAN) Logical Unit (LUN) mapped to the Hyper-V server. To ensure the Guest has exclusive access to the storage, it must be placed in an Offline state from the Hyper-Vserver perspective.
Q8. - (Topic 3)
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 is a DHCP server that is configured to have a scope named Scope1. Server2 is configured to obtain an IP address automatically.
In Scope1, you create a reservation named Res_Server2 for Server2.
A technician replaces the network adapter on Server2.
You need to ensure that Server2 can obtain the same IP address.
What should you modify on Server1?
A. The Name Protection settings of Scope1
B. The MAC address of Res_Server2
C. The Advanced settings of Res_Server2
D. The Network Access Protection Settings of Scope1
Answer: B
Explanation:
DHCP reservations are given based upon MAC address (at least on IPv4/DHCPv4). For clients that require a constant IP address, you can either manually configure a static IP address, or assign a reservation on the DHCP server. Reservations are permanent lease assignments that are used to ensure that a specified client on a subnet can always use the same IP address. You can use DHCP reservations for hosts that require a consistent IP address, but do not need to be statically configured. DHCP reservations provide a mechanism by which IP addresses may be permanently assigned to a specific client based on the MAC address of that client. The MAC address of a Windows client can be found running the ipconfig /all command. For Linux systems the corresponding command is ifconfig -a. Once the MAC address has been identified, the reservation may be configured using either the DHCP console or at the command prompt using the netsh tool.
Media access control (MAC) address authorization functions in the same way as automatic number identification (ANI) authorization, but it is used for wireless clients and clients connecting to your network by using an 802.1X authenticating switch. Since the network adapter was replaced, you need to modify the MAC address on Server1 to ensure that Server2 can obtain the same IP address.
Reference: http://technet.microsoft.com/en-us/library/dd197535%28v=WS.10%29.aspx
Q9. HOTSPOT - (Topic 3)
You have a server named Server1. Server1 runs Windows Server 2012 R2.
A user named Admin1 is a member of the local Administrators group.
You need to ensure that Admin1 receives a User Account Control (UAC) prompt when
attempting to open Windows PowerShell as an administrator.
Which setting should you modify from the Local Group Policy Editor?
To answer, select the appropriate setting in the answer area.
Answer:
Q10. - (Topic 2)
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 has the virtual switches listed in the following table.
You create a virtual machine named VM1. VM1 has two network adapters. One network adapter connects to vSwitch1. The other network adapter connects to vSwitch2. You configure NIC teaming on VM1.
You need to ensure that if a physical NIC fails on Server1, VM1 remains connected to the network.
What should you do on Server1?
A. Run the Set-VmNetworkAdapter cmdlet.
B. Create a new virtual switch on Server1.
C. Modify the properties of vSwitch1 and vSwitch2.
D. Add a new network adapter to VM1.
Answer: A
Q11. - (Topic 1)
Your network contains an Active Directory domain named contoso.com.
You create a software restriction policy to allow an application named App1 by using a certificate rule. You need to ensure that when users attempt to execute App1, the certificate for App1 is
verified against a certificate revocation list (CRL). What should you do?
A. Modify the rule for App1.
B. Modify the Trusted Publishers Properties.
C. Create a new certificate rule for App1.
D. Modify the Enforcement Properties.
Answer: B
Q12. - (Topic 2)
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2.
Server1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
VM1 has several snapshots.
You need to modify the snapshot file location of VM1.
What should you do?
A. Delete the existing snapshots, and then modify the settings of VM1.
B. Right-click VM1, and then click Move. ..
C. Right-click VM1, and then click Export...
D. PauseVM1, and then modify the settings of VM1.
Answer: A
Explanation:
You will need to navigate to the Hyper-V Management
snap-in (C:\ProgramData\Microsoft\Windows\Hyper-V) and from there access the Snapshot file Location tab where you can change the settings for the VM1 snapshot file location. However, since there are already several snapshots in existence, you will need to delete them first because you will not be able to change the location of the snapshot file while there is an existing snapshot.
You need to modify the snapshot file location of VM1.
Q13. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The network contains 500 client computers that run Windows 8. All of the client computers connect to the Internet by using a web proxy.
You deploy a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed.
You configure all of the client computers to use Server1 as their primary DNS server. You need to prevent Server1 from attempting to resolve Internet host names for the client computers.
What should you do on Server1?
A. Create a primary zone named “.”.
B. Configure the Security settings of the contoso.com zone.
C. Create a zone delegation for GlobalNames.contoso.com.
D. Create a stub zone named “root”.
Answer: A
Explanation:
When you install DNS on a Windows server that does not have a connection to the Internet, the zone for the domain is created and a root zone, also known as a dot zone, is also created. This root zone may prevent access to the Internet for DNS and for clients of the DNS. If there is a root zone, there are no other zones other than those that are listed with DNS, and you cannot configure forwarders or root hint servers. Root domain This is the top of the tree, representing an unnamed level; it is sometimes shown as two empty quotation marks (“”), indicating a null value. When used in a DNS domain name, it is stated by a trailing period (.) to designate that the name is located at the root or highest level of the domain hierarchy. In this instance, the DNS domain name is considered to be complete and points to an exact location in the tree of names. Names stated this way are called fully qualified domain names (FQDNs). DNS Domain Name Hierarchy:
Q14. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2008 R2 installed. Some of Contoso.com’s workstations have Windows 7 installed, while the rest have Windows 8 installed.
After installing a new Windows Server 2012 computer in the Contoso.com domain, you configure it to run the File and Storage Services server role. You are instructed to create a shared folder on the new server, and configure the use of Previous Versions for restoring files located in the shared folder.
Which of the following actions should you take?
A. You should consider configuring the Shadow Copies settings on the new server.
B. You should consider configuring the Snapshot settings on the new server.
C. You should consider configuring the Background Copy settings on the new server.
D. You should consider configuring the Permission settings on the new server.
Answer: A
Explanation:
What are previous versions? Previous versions are either backup copies (copies of files and folders that you back up by using the Back Up Files wizard, or shadow copies) copies of files and folders that Windows automatically saves as part of a restore point. (Shadow copies can be copies of files on your computer or shared files on a computer on a network.) You can use previous versions of files to restore files that you accidentally modified or deleted, or that were damaged. Depending on the type of file or folder, you can open, save to a different location, or restore a previous version. ATT: (nothing to do with question but cool to know) File Server Volume Copy Shadow Service (VSS) Agent Service Enables consistency of application snaphots (shadow copies). With previous versions of Windows Server, VSS only supported shadow copies of data on the local server. With WS2012, Microsoft has added VSS for SMB File Shares which extends shadow copy support for network volumes. Administrators install the FS VSS Agent on the file server where the application data is located. They then install the VSS provider in the server where the application is located. The provider talks to the agent using the new File Server Remote VSS protocol in order to manage the shadow copies of the data.
Q15. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains an application server named Server1. Server1 runs Windows Server 2012 R2.
You have a client application named App1 that communicates to Server1 by using dynamic TCP ports.
On Server1, a technician runs the following command:
New-NetFirewallRule -DisplayNameAllowDynamic -Direction Outbound -LocalPort 1024-65535 -Protocol TCP. Users report that they can no longer connect to Server1 by using Appl.
You need to ensure that App1 can connect to Server1.
What should you run on Server1?
A. Set-NetFirewallRule -DisplayNameAllowDynamic -Action Allow
B. netshadvfirewall firewall add rule name=allowdynamic action-allow
C. netshadvfirewall firewall set rule name-allowdynamic new action- allow
D. Set-NetFirewallRule -DisplayNameAllowDynamic -Direction Inbound
Answer: D
Explanation:
When using the using the Windows Firewall with Advanced Security console. You can select the Inbound Rules node and scroll down in the list, you can see nine different Network Discovery rules. The Direction Inbound rule is the rule that will allow App1 to connect to Server1.
Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2, Chapter 6: Create and manage Group Policy, Objective 6.4: Configure Windows Firewall, p. 348 Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 6: Network Administration, Lesson 4: Configuring IPv6/IPv4 Interoperability, p. 269