Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Your network contains an Active Directory domain named contoso.com.
All user accounts for the marketing department reside in an organizational unit (OU) named OU1. All user accounts for the finance department reside in an organizational unit (OU) named OU2.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU2. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop.
You discover that when a user signs in, the Link1 is not added to the desktop.
You need to ensure that when a user signs in, Link1 is added to the desktop.
What should you do?
A. Enforce GPO1.
B. Enable loopback processing in GPO1.
C. Modify the Link1 shortcut preference of GPO1.
D. Modify the Security Filtering settings of GPO1.
Answer: D
Explanation:
Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.
Q2. Your network contains a single Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that hosts the primary DNS zone for contoso.com.
All servers dynamically register their host names.
You install three new Web servers that host identical copies of your company's intranet website. The servers are configured as shown in the following table.
You need to use DNS records to load balance name resolution queries for intranet.contoso.com between the three Web servers.
What is the minimum number of DNS records that you should create manually?
A. 1
B. 3
C. 4
D. 6
Answer: B
Explanation:
To create DNS Host (A) Records for all internal pool servers
1. Click Stabrt, click All Programs, click Administrative Tools, and then click DNS.
2. In DNS Manager, click the DNS Server that manages your records to expand it.
3. Click Forward Lookup Zones to expand it.
4. Right-click the DNS domain that you need to add records to, and then click New Host (A or AAAA).
5. In the Name box, type the name of the host record (the domain name will be automatically appended).
6. In the IP Address box, type the IP address of the individual Front End Server and then select Create associated pointer (PTR) record or Allow any authenticated user to update DNS records with the same owner name, if applicable.
7. Continue creating records for all member Front End Servers that will participate in DNS Load Balancing.
For example, if you had a pool named pool1.contoso.com and three Front End Servers, you would create the following DNS entries:
Reference:
http: //technet. microsoft. com/en-us/library/cc772506. aspx
http: //technet. microsoft. com/en-us/library/gg398251. aspx
Q3. You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed.
You have a desktop computer that has the following configuration:
Computer name: Computer1
Operating system: Windows 8
MAC address: 20-CF-30-65-D0-87
GUID: 979708BF-C04B-4525-9FE0-C4150BB6C618
You need to configure a pre-staged device for Computer1 in the Windows Deployment Services console.
Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.)
A. 20CF3065D08700000000000000000000
B. 979708BFC04B45259FE0C4150BB6C618
C. 979708BF-C04B-452S-9FE0-C4150BB6C618
D. 0000000000000000000020CF306SD087
E. 00000000-0000-0000-0000-C41S0BB6C618
Answer: C,D
Explanation:
In the text box, type the client computer's MAC address preceded with twenty zeros or the globally unique identifier (GUID) in the format: {XXXXXXXX-XXXX-XXXX-XXX-XXXXXXXXXXXX}.
* To add or remove pre-staged client to/from AD DS, specify the name of the computer or the device ID, which is a GUID, media access control (MAC) address, or Dynamic Host Configuration Protocol (DHCP) identifier associated with the computer.
* Example: Remove a device by using its ID from a specified domain This command removes the pre-staged device that has the specified ID. The cmdlet searches the domain named TSQA.contoso.com for the device.
Windows PowerShell PS C:\> Remove-WdsClient -DeviceID "5a7a1def-2e1f-4a7b-a792-ae5275b6ef92" -Domain -DomainName "TSQA.contoso.com"
Q4. DRAG DROP
Your network contains an Active Directory forest named contoso.com. The forest contains a Network Policy Server (NPS) server named NPS1 and a VPN server named VPN1. VPN1 forwards all authentication requests to NPS1.
A partner company has an Active Directory forest named adatum.com. The adatum.com forest contains an NPS server named NPS2.
You plan to grant users from adatum.com VPN access to your network.
You need to authenticate the users from adatum.com on VPN1.
What should you create on each NPS server?
To answer, drag the appropriate objects to the correct NPS servers. Each object may be
used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q5. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder 1.
You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?
A. From File Explorer, modify the Classification tab of Folder1.
B. From the File Server Resource Manager console, modify the Email Notifications settings.
C. From the File Server Resource Manager console, set a folder management property.
D. From File Explorer, modify the Customize tab of Folder1.
Answer: C
Explanation:
When using the email model each of the file shares, you can determine whether access requests to each file share will be received by the administrator, a distribution list that represents the file share owners, or both.
You can use the File Server Resource Manager console to configure the owner distribution list by editing the management properties of the classification properties.
Reference: http://technet.microsoft.com/en-us/library/jj574182.aspx#BKMK_12
Q6. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. All servers run Windows Server 2012 R2.
You need to collect the error events from all of the servers on Server1. The solution must ensure that when new servers are added to the domain, their error events are collected automatically on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On Server1, create a collector initiated subscription.
B. On Server1, create a source computer initiated subscription.
C. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.
D. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.
Answer: B,C
Explanation:
To set up a Source-Initiated Subscription with Windows Server 2003/2008 so that events of interest from the Security event log of several domain controllers can be forwarded to an administrative workstation.
* Group Policy The forwarding computer needs to be configured with the address of the server to which the events are forwarded. This can be done with the following group policy setting:
Computer configuration-Administrative templates-Windows components-Event forwarding-Configure the server address, refresh interval, and issue certificate authority of a target subscription manager.
* Edit the GPO and browse to Computer Configuration | Policies | Administrative Templates | Windows Components | Event Forwarding - Configure the server address, refresh interval, and issuer certificate authority of a target Subscription Manager.
Q7. You have a server named WSUS1 that runs Windows Server 2012 R2. WSUS1 has the Windows Server Update Services server role installed and has one volume.
You add a new hard disk to WSUS1 and then create a volume on the hard disk.
You need to ensure that the Windows Server Update Services (WSUS) update files are stored on the new volume.
What should you do?
A. From the Update Services console, configure the Update Files and Languages option.
B. From the Update Services console, run the Windows Server Update Services Configuration Wizard.
C. From a command prompt, run wsusutil.exe and specify the export parameter.
D. From a command prompt, run wsusutil.exe and specify the movecontent parameter.
Answer: D
Explanation:
Local Storage Considerations
If you decide to store update files on your server, the recommended minimum disk size is 30 GB. However, depending on the synchronization options you specify, you might need to use a larger disk. For example, when specifying advanced synchronization options, as in the following procedure, if you select options to download multiple languages and/or the option to download express installation files, your server disk can easily reach 30 GB.
Therefore if you choose any of these options, install a larger disk (for example, 100 GB).
If your disk gets full, you can install a new, larger disk and then move the update files to the new location. To do this, after you create the new disk drive, you will need to run the WSUSutil.exetool (with the movecontent command) to move the update files to the new disk. For this procedure, see Managing WSUS from the Command Line.
For example, if D:\WSUS1 is the new path for local WSUS update storage, D:\move. log is the path to the log file, and you wanted to copy the old files to the new location, you would type: wsusutil.exe movecontent D:\WSUS1\ D:\move. Log.
Note: If you do not want to use WSUSutil.exe to change the location of local WSUS update storage, you can also use NTFS functionality to add a partition to the current location of local WSUS update storage. For more information about NTFS, go to Help and Support Center in Windows Server 2003.
Syntax
At the command line %drive%\Program Files\Update Services\Tools>, type:
wsusutilmovecontentcontentpathlogfile -skipcopy [/?]
The parameters are defined in the following table.
contentpath - the new root for content files. The path must exist.
logfile - the path and file name of the log file to create.
-skipcopy - indicates that only the server configuration should be changed, and that the content files should not be copied.
/help or /? - displays command-line help for movecontent command.
References:
http: //blogs.technet.com/b/sus/archive/2008/05/19/wsus-how-to-change-the-location-where-wsus-stores-updates-locally.aspx
http: //technet.microsoft.com/en-us/library/cc720475(v=ws.10).aspx http: //technet.microsoft.com/en-us/library/cc708480%28v=ws.10%29.aspx http: //technet.microsoft.com/en-us/library/cc720466(v=ws.10).aspx http: //technet.microsoft.com/en-us/library/cc708480%28v=ws.10%29.aspx
Q8. DRAG DROP
You have a WIM file that contains an image of Windows Server 2012 R2.
Recently, a technician applied a Microsoft Standalone Update Package (MSU) to the image.
You need to remove the MSU package from the image.
Which three actions should you perform in sequence? To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q9. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8.1 Enterprise and Microsoft Office 2013.
You implement a Group Policy central store.
You need to modify the default Microsoft Office 2013 Save As location for all client computers. The solution must minimize administrative effort.
What should you configure in a Group Policy object (GPO)?
A. The Group Policy preferences
B. An application control policy
C. The Administrative Templates
D. The Software Installation settings
Answer: A
Explanation:
Group Policy preferences provide the means to simplify deployment and standardize configurations. They add to Group Policy a centralized system for deploying preferences (that is, settings that users can change later). You can also use Group Policy preferences to configure applications that are not Group Policy-aware. By using Group Policy preferences, you can change or delete almost any registry setting, file or folder, shortcut, and more. You are not limited by the contents of Administrative Template files.
: http://technet.microsoft.com/en-us/library/dn581922.aspx
Q10. Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2.
You enable and configure Routing and Remote Access (RRAS) on Server1.
You create a user account named User1.
You need to ensure that User1 can establish VPN connections to Server1.
What should you do?
A. Modify the members of the Remote Management Users group.
B. Add a RADIUS client.
C. Modify the Dial-in setting of User1.
D. Create a connection request policy.
Answer: C
Explanation:
Access permission is also granted or denied based on the dial-in properties of each user account.
http://technet.microsoft.com/en-us/library/cc772123.aspx
Q11. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The domain contains an Edge Server named Server1. Server1 is configured as a DirectAccess server. Server1 has the following settings:
You run the Remote Access Setup wizard as shown in the following exhibit. (Click the Exhibit button.)
You need to ensure that client computers on the Internet can establish DirectAccess connections to Server1.
Which additional name suffix entry should you add from the Remote Access Setup wizard?
A. A Name Suffix value of dal.contoso.com and a blank DNS Server Address value
B. A Name Suffix value of Server1.contoso.com and a DNS Server Address value of 65.55.37.62
C. A Name Suffix value of dal.contoso.com and a DNS Server Address value of
65.55.37.62
D. A Name Suffix value of Server1.contoso.com and a blank DNS Server Address value
Answer: A
Explanation:
Split-brain DNS is the use of the same DNS domain for both Internet and intranet resources. For example, the Contoso Corporation is using split brain DNS; contoso.com is the domain name for intranet resources and Internet resources. Internet users use http: //www.contoso.com to access Contoso’s public Web site and Contoso employees on the Contoso intranet use http: //www.contoso.com to access Contoso’s intranet Web site. A Contoso employee with their laptop that is not a DirectAccess client on the intranet that
accesses http: //www.contoso.com sees the intranet Contoso Web site. When they take their laptop to the local coffee shop and access that same URL, they will see the public Contoso Web site.
When a DirectAccess client is on the Internet, the Name Resolution Policy Table (NRPT) sends DNS name queries for intranet resources to intranet DNS servers. A typical NRPT for DirectAccess will have a rule for the namespace of the organization, such as contoso.com for the Contoso Corporation, with the Internet Protocol version 6 (IPv6) addresses of intranet DNS servers. With just this rule in the NRPT, when a user on a DirectAccess client on the Internet attempts to access the uniform resource locator (URL) for their Web site (such as http: //www.contoso.com), they will see the intranet version.
Because of this rule, they will never see the public version of this URL when they are on the Internet.
For split-brain DNS deployments, you must list the FQDNs that are duplicated on the Internet and intranet and decide which resources the DirectAccess client should reach, the intranet version or the public (Internet) version. For each name that corresponds to a resource for which you want DirectAccess clients to reach the public version, you must add the corresponding FQDN as an exemption rule to the NRPT for your DirectAccess clients.
Name suffixes that do not have corresponding DNS servers are treated as exemptions.
References:
http: //technet. microsoft. com/en-us/library/ee382323(v=ws. 10). aspx
Q12. You have Windows Server 2012 R2 installation media that contains a file named Install.wim. You need to identify the permissions of the mounted images in Install.wim.
What should you do?
A. Run dism.exe and specify the /get-mountedwiminfo parameter.
B. Run imagex.exe and specify the /verify parameter.
C. Run imagex.exe and specify the /ref parameter.
D. Run dism.exe and specify the/get-imageinfo parameter.
Answer: A
Explanation:
/Get-MountedWimInfo Lists the images that are currently mounted and information about the mounted image such as read/write permissions, mount location, mounted file path, and mounted image index.
References:
http: //technet. microsoft. com/en-us/library/cc749447(v=ws. 10). aspx
http: //technet. microsoft. com/en-us/library/dd744382(v=ws. 10). aspx
http: //technet. microsoft. com/en-us/library/hh825224. aspx
Q13. Your network contains a server named Server1 that has the Network Policy and Access Services server role installed.
All of the network access servers forward connection requests to Server1.
You create a new network policy on Server1.
You need to ensure that the new policy applies only to connection requests from the 192.168.0.0/24 subnet.
What should you do?
A. Set the Client IP4 Address condition to 192.168.0.0/24.
B. Set the Client IP4 Address condition to 192.168.0.
C. Set the Called Station ID constraint to 192.168.0.0/24.
D. Set the Called Station ID constraint to 192.168.0.
Answer: B
Explanation:
RADIUS client properties
Following are the RADIUS client conditions that you can configure in network policy.
. Calling Station ID: Specifies the network access server telephone number that was dialed by the dial-up access client.
. Client Friendly Name: Specifies the name of the RADIUS client that forwarded the connection request to the NPS server.
. Client IPv4 Address: Specifies the Internet Protocol (IP) version 4 address of the RADIUS client that forwarded the connection request to the NPS server.
. Client IPv6 Address: Specifies the Internet Protocol (IP) version 6 address of the RADIUS client that forwarded the connection request to the NPS server.
. Client Vendor: Specifies the name of the vendor or manufacturer of the RADIUS client that sends connection requests to the NPS server.
. MS RAS Vendor: Specifies the vendor identification number of the network access server that is requesting authentication.
Q14. You have a server that runs Windows Server 2012 R2.
You have an offline image named Windows2012.vhd that contains an installation of
Windows Server 2012 R2.
You plan to apply several updates to Windows2012.vhd.
You need to mount Wmdows2012.vhd to D:\Mount.
Which tool should you use?
A. Server Manager
B. Device Manager
C. Mountvol
D. Dism
Answer: D
Explanation:
You can use the Deployment Image Servicing and Management (DISM) tool to mount a Windows image from a WIM or VHD file. Mounting an image maps the contents of the image to a directory so that you can service the image using DISM without booting into the image. You can also perform common file operations, such as copying, pasting, and editing on a mounted image.
To apply packages and updates to a Windows Embedded Standard 7 image, we recommend creating a configuration set and then using Deployment Imaging Servicing and Management (DISM) to install that configuration set. Although DISM can be used to install individual updates to an image, this method carries some additional risks and is not recommended.
Q15. Your network contains an Active Directory domain named contoso.com. The domain contains a server named NPS1 that has the Network Policy Server server role installed. All servers run Windows Server 2012 R2.
You install the Remote Access server role on 10 servers.
You need to ensure that all of the Remote Access servers use the same network policies.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Configure each Remote Access server to use the Routing and Remote Access service (RRAS) to authenticate connection requests.
B. On NPS1, create a remote RADIUS server group. Add all of the Remote Access servers to the remote RADIUS server group.
C. On NPS1, create a new connection request policy and add a Tunnel-Type and a Service-Type condition.
D. Configure each Remote Access server to use a RADIUS server named NPS1.
E. On NPS1, create a RADIUS client template and use the template to create RADIUS clients.
Answer: C,D
Explanation:
Connection request policies are sets of conditions and settings that allow network administrators to designate which RADIUS servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting. When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain. To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages.
: http://technet.microsoft.com/en-us/library/cc730866(v=ws.10).aspx