Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. Server1 has an IPv6 scope named Scope1.
You implement an additional DHCP server named Server2 that runs Windows Server 2012 R2.
You need to provide high availability for Scope1. The solution must minimize administrative effort.
What should you do?
A. Install and configure Network Load Balancing (NLB) on Server1 and Server2.
B. Create a scope on Server2.
C. Configure DHCP failover on Server1.
D. Install and configure Failover Clustering on Server1 and Server2.
Answer: C
Explanation:
Overview: Configure DHCP failover using the DHCP console To configure DHCP failover using the DHCP console, right-click a DHCP scope or right-click IPv4 and then click Configure Failover.
Configure Failover
The Configure Failover wizard guides you through configuring DHCP failover on the
selected scope.
Note: The DHCP server failover feature, available in Windows Server 2012 and later,
provides the ability to have two DHCP servers provide IP addresses and option
configuration to the same subnet or scope, providing for continuous availability of DHCP
service to clients.
Incorrect:
Not A. NLB is not related to DHCP scope availability.
Not B. DHCP failover requirements include:
DHCP Scopes requirement:
At least one IPv4 DHCP scope must be configured on the primary DHCP server.
The same DHCP scope ID, or an overlapping scope, must not be configured on the failover
partner.
Not D. Failover clustering is possibly, but would not minimize administration.
Reference: Deploy DHCP Failover
Q2. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains the two servers.
The servers are configured as shown in the following table.
You investigate a report about the potential compromise of a private key for a certificate issued to Server2.
You need to revoke the certificate issued to Server2. The solution must ensure that the revocation can be reverted.
Which reason code should you select?
To answer, select the appropriate reason code in the answer area.
Answer:
Q3. You have 20 servers that run Windows Server 2012 R2.
You need to create a Windows PowerShell script that registers each server in Windows Azure Backup and sets an encryption passphrase.
Which two PowerShell cmdlets should you run in the script? (Each correct answer presents part of the solution. Choose two.)
A. New-OBPolicy
B. New-OBRetentionPolicy
C. Add-OBFileSpec
D. Start-OBRegistration
E. Set OBMachineSetting
Answer: D,E
Explanation:
D. Start-OBRegistration Registers the current computer with Windows Azure Online Backup using the credentials (username and password) created during enrollment.
E. The Set-OBMachineSetting cmdlet sets a OBMachineSetting object for the server that includes proxy server settings for accessing the internet, network bandwidth throttling settings, and the encryption passphrase that is required to decrypt the files during recovery to another server.
Incorrect:
Not C. TheAdd-OBFileSpeccmdlet adds theOBFileSpecobject, which specifies the items to
include or exclude from a backup, to the backup policy (OBPolicyobject).
TheOBFileSpecobject can include or exclude multiple files, folders, or volumes. T Reference: Start-OBRegistration; Set OBMachineSetting http://technet.microsoft.com/en-us/library/hh770398.aspx http://technet.microsoft.com/en-us/library/hh770409.aspx
Q4. You have a server named Server1 that runs Windows Server 2012 R2 and is used for testing.
A developer at your company creates and installs an unsigned kernel-mode driver on Server1. The developer reports that Server1 will no longer start.
You need to ensure that the developer can test the new driver. The solution must minimize the amount of data loss.
Which Advanced Boot Option should you select?
A. Disable Driver Signature Enforcement
B. Disable automatic restart on system failure
C. Last Know Good Configuration (advanced)
D. Repair Your Computer
Answer: A
Explanation:
A. By default, 64-bit versions of Windows Vista and later versions of Windows will load a kernel-mode driver only if the kernel can verify the driver signature. However, this default behavior can be disabled to facilitate early driver development and non-automated testing.
Incorrect:
Not B. specifies that Windows automatically restarts your computer when a failure occurs.
Not C. Developer would not be able to test the driver as needed.
Not D. Removes or repairs critical windows files, Developer would not be able to test the
driver as needed and some file loss.
Reference: Installing Windows Server 2012.
http://technet.microsoft.com/en-us/library/jj134246.aspx
http://msdn.microsoft.com/en-us/library/windows/hardware/ff547565(v=vs.85).aspx
Q5. Your network contains an Active Directory domain named contoso.com. The domain contains an IP Address Management (IPAM) server that uses a Windows Internal Database.
You install a Microsoft SQL Server 2012 instance on a new server.
You need to migrate the IPAM database to the SQL Server instance.
Which cmdlet should you run?
A. Disable-IpamCapability
B. Set-IpamConfiguration
C. Update-IpamServer
D. Move-IpamDatabase
Answer: D
Explanation:
The Move-IpamDatabase cmdlet migrates the IP Address Management (IPAM) database to a Microsoft SQL Server database. You can migrate from Windows Internal Database (WID) or from a SQL Server database. The cmdlet creates a new IPAM schema and copies all data from the existing IPAM database. After the cmdlet completes copying data, it changes IPAM configuration settings to refer to the new database as the IPAM database.
Reference: Move-IpamDatabase
Q6. DRAG DROP
Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains an Active Directory Rights Management Services (AD RMS) root cluster. All servers run Windows Server 2012 R2.
You need to ensure that the rights account certificates issued in adatum.com are accepted by the AD RMS root cluster in contoso.com.
What should you do in each forest?
To answer, drag the appropriate actions to the correct forests. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q7. You have a server named FS1 that runs Windows Server 2012 R2.
You install the File and Storage Services server role on FS1.
From Windows Explorer, you view the properties of a shared folder named Share1 and you
discover that the Classification tab is missing.
You need to ensure that you can assign classifications to Share1 from Windows Explorer
manually.
What should you do?
A. From Folder Options, select Show hidden files, folders, and drives.
B. From Folder Options, clear Use Sharing Wizard (Recommend).
C. Install the File Server Resource Manager role service.
D. Install the Enhanced Storage feature.
Answer: C
Explanation:
On the Classification tab of the file properties in Windows Server 2012, File Classification Infrastructure adds the ability to manually classify files. You can also classify folders so that any file added to the classified folder will inherit the classifications of the parent folder.
Reference: What's New in File Server Resource Manager in Windows Server
Q8. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1.
Port rules are configured for all clustered Applications.
You need to ensure that Server2 handles all client requests to the cluster that are NOT covered by a port rule.
What should you configure?
A. Affinity-None
B. Affinity-Single
C. The cluster quorum settings
D. The failover settings
E. A file server for general use
F. The Handling priority
G. The host priority
H. Live migration
I. The possible owner
J. The preferred owner
K. Quick migration
L. The Scale-Out File Server
Answer: G
Explanation:
Host Priorities Each cluster host is assigned a unique host priority in the range of 1 to 32, where lower numbers denote higher priorities. The host with the highest host priority (lowest numeric value) is called the default host. It handles all client traffic for the virtual IP addresses that is not specifically intended to be load-balanced. This ensures that server applications not configured for load balancing only receive client traffic on a single host. If the default host fails, the host with the next highest priority takes over as default host.
Reference: Network Load Balancing Technical Overview
http://technet.microsoft.com/en-us/library/bb742455.aspx
Q9. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. The File Server Resource Manager role service is installed on Server1. All servers run Windows Server 2012 R2.
A Group Policy object (GPO) named GPO1 is linked to the organizational unit (OU) that contains Server1. The following graphic shows the configured settings in GPO1.
Server1 contains a folder named Folder1. Folder1 is shared as Share1.
You attempt to configure access-denied assistance on Server1, but the Enable access-denied assistance option cannot be selected from File Server Resource Manager.
You need to ensure that you can configure access-denied assistance on Server1 manually by using File Server Resource Manager.
Which two actions should you perform?
A. Set the Enable access-denied assistance on client for all file types policy setting to Disabled for GPO1.
B. Set the Customize message for Access Denied errors policy setting to Not Configured for GPO1.
C. Set the Enable access-denied assistance on client for all file types policy setting to Enabled for GPO1.
D. Set the Customize message for Access Denied errors policy setting to Enabled for GPO1.
Answer: C,D
Explanation:
C. To configure access-denied assistance for all file types by using Group Policy . Open Group Policy Management. In Server Manager, click Tools, and then click
Group Policy Management. . Right-click the appropriate Group Policy, and then click Edit. . Click Computer Configuration, click Policies, click Administrative Templates, click
System, and then click Access-Denied Assistance.
Right-click Enable access-denied assistance on client for all file types, and then
click Edit.
Click Enabled, and then click OK.
D. To configure access-denied assistance by using Group Policy (see step 5)
Open Group Policy Management. In Server Manager, click Tools, and then click
Group Policy Management.
Right-click the appropriate Group Policy, and then click Edit.
Click Computer Configuration, click Policies, click Administrative Templates, click
System, and then click Access-Denied Assistance.
Right-click Customize message for Access Denied errors, and then click Edit.
Select the Enabled option.
Etc Reference: Deploy Access-Denied Assistance (Demonstration Steps) http://technet.microsoft.com/en-us/library/hh831402.aspx
Q10. DRAG DROP
Your network contains an Active Directory forest. The forest contains a single domain named contoso.com.
The forest contains two Active Directory sites named Main and Branch1. The sites connect to each other by using a site link named Main-Branch1. There are no other site links.
Each site contains several domain controllers. All domain controllers run Windows Server 2012 R2. Your company plans to open a new branch site named Branch2. The new site will have a WAN link that connects to the Main site only. The site will contain two domain controllers that run Windows Server 2012 R2.
You need to create a new site and a new site link for Branch2. The solution must ensure that the domain controllers in Branch2 only replicate to the domain controllers in Branch1 if all of the domain controllers in Main are unavailable.
Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q11. Your network contains an Active Directory domain named contoso.com. All servers run
Windows Server 2012 R2. The domain contains a domain controller named DC1 that is
configured as an enterprise root certification authority (CA).
All users in the domain are issued a smart card and are required to log on to their domain-
joined client computer by using their smart card.
A user named User1 resigned and started to work for a competing company.
You need to prevent User1 immediately from logging on to any computer in the domain.
The solution must not prevent other users from logging on to the domain.
Which tool should you use?
A. Server Manager
B. The Certification Authority console
C. Active Directory Administrative Center
D. Active Directory Sites and Services
Answer: C
Q12. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a member server named Server1. Server1
has the IP Address Management (IPAM) Server feature installed.
On Dc1, you configure Windows Firewall to allow all of the necessary inbound ports for
IPAM.
On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can use IPAM on Server1 to manage DNS on DC1.
What should you do?
A. Modify the outbound firewall rules on Server1.
B. Modify the inbound firewall rules on Server1.
C. Add Server1 to the Remote Management Users group.
D. Add Server1 to the Event Log Readers group.
Answer: D
Explanation:
To access configuration data and server event logs, the IPAM server must be a member of the domain IPAM Users Group (IPAMUG). The IPAM server must also be a member of the Event Log Readers security group.
Note: The computer account of the IPAM server must be a member of the Event Log Readers security group.
Reference: Manually Configure DC and NPS Access Settings. http://technet.microsoft.com/en-us/library/jj878317.aspx http://technet.microsoft.com/en-us/library/jj878313.aspx
Q13. You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server 2012 R2.
You need to schedule the installation of Windows updates on the cluster nodes.
Which tool should you use?
A. the Add-CauClusterRole cmdlet
B. the Wusa command
C. the Wuauclt command
D. the Invoke-CauScan cmdlet
Answer: A
Explanation:
To enable self-updating mode, the CAU clustered role must also be added to the failover cluster. To do this by using the CAU UI, under Cluster Actions, use the Configure Self-Updating Options action. Alternatively, run the Add-CauClusterRole Windows PowerShell cmdlet.
Note: The process for installing service packs and hotfixes on Windows Server 2012 differs from the process in earlier versions. In Windows Server 2012, you can use the Cluster-Aware Updating (CAU) feature. CAU automates the software-updating process on clustered servers while maintaining availability.
Reference: Cluster-Aware Updating Overview
Q14. DRAG DROP
Your network contains an Active Directory domain named contoso.com. All file servers in the domain run Windows Server 2012 R2.
The computer accounts of the file servers are in an organizational unit (OU) named OU1. A Group Policy object (GPO) named GPO1 is linked to OU1.
You plan to modify the NTFS permissions for many folders on the file servers by using central access policies.
You need to identify any users who will be denied access to resources that they can currently access once the new permissions are implemented.
In which order should you Perform the five actions?
Answer:
Q15. You have a server named Server1 that runs Windows Server 2012 R2.
A Microsoft Azure Backup of Server1 is created automatically every day.
You need to view the items that are included in the backup.
Which cmdlet should you run?
A. Get-OBPolicyState
B. Get-OBJob
C. Get-OBPolicy
D. Get-WBSummary
Answer: C
Reference: Technet, Get-OBPolicy
https://technet.microsoft.com/en-us/library/hh770406(v=wps.630).aspx
Q16. Your company recently deployed a new Active Directory forest named contoso.com. The forest contains two Active Directory sites named Site1 and Site2. The first domain controller in the forest runs Windows Server 2012 R2.
You need to force the replication of the SYSVOL folder from Site1 to Site2.
Which tool should you use?
A. Active Directory Sites and Services
B. DFS Management
C. Repadmin
D. Dfsrdiag
Answer: D
Explanation:
In Windows Server 2012 R2, Windows Server 2008 R2, or Windows Server 2008, you can force replication immediately by using DFS Management, as described in Edit Replication Schedules. You can also force replication by using the Dfsrdiag SyncNow command. You can force polling by using the Dfsrdiag PollAD command.
Reference: DFS Replication: Frequently Asked Questions (FAQ)
http://technet.microsoft.com/en-us/library/cc773238(v=ws.10).aspx#BKMK_072