Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Your network contains two servers that run Windows Server 2012 R2 named Server1 and Server2. Both servers have the File Server role service installed.
On Server2, you create a share named Backups.
From Windows Server Backup on Server1, you schedule a full backup to run every night. You set the backup destination to \\Server2 \Backups.
After several weeks, you discover that \\Server2\Backups only contains the last backup that completed on Server1.
You need to ensure that multiple backups of Server1 are maintained.
What should you do?
A. Modify the Volume Shadow Copy Service (VSS) settings.
B. Modify the properties of the Windows Store Service (WSService) service.
C. Change the backup destination.
D. Configure the permission of the Backups share.
Answer: C
Explanation:
Explanation/Reference:
The destination in the exhibit shows a network share is used. If a network share is being
used only the latest copy will be saved.
Reference: Where should I save my backup?
http://windows.microsoft.com/en-us/windows7/where-should-i-save-my-backup
Q2. Your network contains an Active Directory forest. The forest contains one domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
DC1 has all of the operations master roles installed.
You transfer all of the operations master roles to DC2, and then you uninstall Active Directory from DC1.
You need to ensure that you can use Password Settings objects (PSOs) in the domain.
What should you do?
A. Change the domain functional level.
B. Upgrade DC2.
C. Run the dcgpofix.exe command.
D. Transfer the schema master role.
Answer: A
Explanation:
The domain functional level must be Windows Server 2008 to use PSO's
Requirements and special considerations for fine-grained password and account lockout policies:
* Domain functional level: The domain functional level must be set to Windows Server 2008
or higher.
Etc.
Incorrect:
Not B. DC2 is also Windows Server 2008.
Not C. Recreates the default Group Policy Objects (GPOs) for a domain
Not D. Schema isn't up to right level
Reference: AD DS: Fine-Grained Password Policies
http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx
Q3. Your network contains an Active Directory forest named adatum.com. All servers run Windows Server 2012 R2. The domain contains four servers. The servers are configured as shown in the following table.
You need to deploy IP Address Management (IPAM) to manage DNS and DHCP.
On which server should you install IPAM?
A. Server1
B. Server2
C. Server3
D. Server4
Answer: D
Explanation:
An IPAM server is intended as a single-purpose server. It is not recommended to collocate
other network infrastructure roles such as DNS or DHCP on the same server. IPAM installation is not supported on a domain controller, and discovery of DHCP servers will be disabled if you install IPAM on a server that is also running the DHCP Server service. The following features and tools are automatically installed when you install IPAM Server.
Reference: IPAM Deployment Planning
Q4. You have a server named Server1 that runs Windows Server 2012 R2.
You modify the properties of a system driver and you restart Server1.
You discover that Server1 continuously restarts without starting Windows Server 2012 R2.
You need to start Windows Server 2012 R2 on Server1 in the least amount of time. The
solution must minimize the amount of data loss.
Which Advanced Boot Option should you select?
A. Repair Your Computer
B. Last Known Good Configuration (advanced)
C. Disable Driver Signature Enforcement
D. Disable automatic restart on system failure
Answer: B
Explanation:
Try using Last Known Good Configuration if you can't start Windows, but it started correctly the last time you turned on the computer.
Reference: Using Last Known Good Configuration
Q5. DRAG DROP
Your network contains an Active Directory forest. The forest contains a single domain named contoso.com.
The forest contains two Active Directory sites named Main and Branch1. The sites connect to each other by using a site link named Main-Branch1. There are no other site links.
Each site contains several domain controllers. All domain controllers run Windows Server 2012 R2. Your company plans to open a new branch site named Branch2. The new site will have a WAN link that connects to the Main site only. The site will contain two domain controllers that run Windows Server 2012 R2.
You need to create a new site and a new site link for Branch2. The solution must ensure that the domain controllers in Branch2 only replicate to the domain controllers in Branch1 if all of the domain controllers in Main are unavailable.
Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q6. Your network contains an Active Directory forest named contoso.com.
Users frequently access the website of an external partner company. The URL of the website is http://partners.adatum.com.
The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change.
After the change is complete, the users on your internal network report that they fail to access the website. However, some users who work from home report that they can access the website.
You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.
What should you do?
A. Run ipconfig and specify the FlushDns parameter.
B. Run ipconfig and specify the Renew parameter.
C. Run dnscmd and specify the ClearCache parameter.
D. Run Set-DnsServerResourceRecordAging.
Answer: C
Explanation: We cane clear the DNS cache on the DNS server with either Dnscmd /ClearCache (from command prompt) or Clear-DnsServerCache (from Windows PowerShell).
Reference: Technet, Dnscmd
https://technet.microsoft.com/en-us/library/cc772069.aspx
Q7. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012.
Server1 is the enterprise root certification authority (CA) for contoso.com.
You need to enable CA role separation on Server1.
Which tool should you use?
A. The Certutil command
B. The Authorization Manager console
C. The Certsrv command
D. The Certificates snap-in
Answer: A
Explanation:
To enable role separation
. Open Command Prompt.
. Type: certutil -setreg ca\RoleSeparationEnabled 1 Etc.
Reference: Enable role separation
Q8. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed.
You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2.
You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2.
To which group on Server2 should you add Tech1?
A. IPAM MSM Administrators
B. IPAM Administrators
C. winRMRemoteWMIUsers_
D. Remote Management Users
Answer: C
Explanation:
If you are accessing the IPAM server remotely using Server Manager IPAM client RSAT, then you must be a member of the WinRMRemoteWMIUsers group on the IPAM server, in addition to being a member of the appropriate IPAM security group (or local Administrators group).
Reference: IPAM Deployment Planning, IPAM specifications
Q9. Your network contains an Active Directory domain named contoso.com. The domain
contains two member servers named Server1 and Server2.
You install the DHCP Server server role on Server1 and Server2. You install the IP
Address Management (IPAM) Server feature on Server1.
You notice that you cannot discover Server1 or Server2 in IPAM.
You need to ensure that you can use IPAM to discover the DHCP infrastructure.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On Server2, create an IPv4 scope.
B. On Server1, run the Add-IpamServerInventory cmdlet.
C. On Server2, run the Add-DhcpServerInDc cmdlet
D. On both Server1 and Server2, run the Add-DhcpServerv4Policy cmdlet.
E. On Server1, uninstall the DHCP Server server role.
Answer: B,C
Explanation:
B. The Add-IpamServerInventory cmdlet adds a new infrastructure server to the IP Address Management (IPAM) server inventory. Use the fully qualified domain name (FQDN) of the server to add to the server inventory.
C. The Add-DhcpServerInDC cmdlet adds the computer running the DHCP server service to the list of authorized Dynamic Host Configuration Protocol (DHCP) server services in the Active Directory (AD). A DHCP server service running on a domain joined computer needs to be authorized in AD so that it can start leasing IP addresses on the network.
Reference: Add-IpamServerInventory; Add-DhcpServerInDC
Q10. Your network contains two servers named HV1 and HV2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed.
HV1 hosts 25 virtual machines. The virtual machine configuration files and the virtual hard disks are stored in D:\VM.
You shut down all of the virtual machines on HV1.
You copy D:\VM to D:\VM on HV2.
You need to start all of the virtual machines on HV2. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Run the Import-VMInitialReplication cmdlet.
B. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and overwrite the existing files. On HV2, run the Import Virtual Machine wizard.
C. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and overwrite the existing files. On HV2, run the New Virtual Machine wizard.
D. Run the Import-VM cmdlet.
Answer: D
Explanation:
Import-VM
Imports a virtual machine from a file.
Example
Imports the virtual machine from its configuration file. The virtual machine is registered in-
place, so its files are not copied.
Windows PowerShell
PS C:\> Import-VM –Path 'D:\Test\VirtualMachines\5AE40946-3A98-428E-8C83-081A3C6BD18C.XML'
Reference: Import-VM
Q11. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery.
You create a new Active Directory group named Group1.
You need to ensure that the members of Group1 can request a Key Recovery Agent certificate.
The solution must minimize the permissions assigned to Group1.
Which two permissions should you assign to Group1? (Each correct answer presents part of the solution. Choose two.)
A. Read
B. Auto enroll
C. Write
D. Enroll
E. Full control
Answer: A,D
Explanation:
See step 6 below. To configure the Key Recovery Agent certificate template Open the Certificate Templates snap-in. In the console tree, right-click the Key Recovery Agent certificate template. Click Duplicate Template. In Template, type a new template display name, and then modify any other optional properties as needed. On the Security tab, click Add, type the name of the users you want to issue the key recovery agent certificates to, and then click OK. Under Group or user names, select the user names that you just added. Under Permissions, select the Read and Enroll check boxes, and then click OK.
Reference: Identify a Key Recovery Agent
Q12. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.
Cluster1 hosts an Application named App1.
You need to ensure that Server2 handles all of the client requests to the cluster for App1. The solution must ensure that if Server2 fails, Server1 becomes the active node for App1.
What should you configure?
A. Affinity-None
B. Affinity-Single
C. The cluster quorum settings
D. The failover settings
E. A file server for general use
F. The Handling priority
G. The host priority
H. Live migration
I. The possible owner
J. The preferred owner
K. Quick migration
L. the Scale-Out File Server
Answer: J
Explanation:
The preferred owner in a two-server cluster will always be the active node unless it is down.
Reference: Preferred Owners in a Cluster
http://blogs.msdn.com/b/clustering/archive/2008/10/14/9000092.aspx
Q13. You have a server named Server1 that runs Windows Server 2012 R2.
Windows Server 2012 R2 is installed on volume C.
You need to ensure that Safe Mode with Command Prompt loads the next time Server1
restarts.
Which tool should you use?
A. The Restart-Server cmdlet
B. The Bootcfg command
C. The Restart-Computer cmdlet
D. The Bcdedit command
Answer: D
Explanation:
How To Force Windows To Restart in Safe Mode
1. Open Advanced Startup Options in Windows 8
2. Open Command Prompt.
3. With Command Prompt open, execute the correct bcdedit command as shown below based on which Safe Mode option you'd like to start:
Safe Mode:
bcdedit /set {default} safeboot minimal
http://pcsupport.about.com/od/repair-recovery/a/force-or-stop-safe-mode-windows.htm
Q14. Your network contains four Active Directory forests. Each forest contains an Active
Directory Rights Management Services (AD RMS) root cluster.
All of the users in all of the forests must be able to access protected content from any of
the forests.
You need to identify the minimum number of AD RMS trusts required. How many trusts should you identify?
A. 3
B. 6
C. 12
D. 16
Answer: C
Explanation:
The number of AD RMS trusts required to interact between all AD RMS forests can be
defined by using the following formula: N*(N-1).
Here N=4, so the number of trust is 12 (4*3).
Reference: AD RMS Prerequisites, Important considerations for installing AD RMS in a
multi-forest environment
Q15. Your network contains two servers named Server1 and Server 2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed.
Server1 hosts a virtual machine named VM1. The virtual machine configuration files and the virtual hard disks for VM1 are stored in D: \VM1.
You shut down VM1 on Server1.
You copy D:\VM1 to D:\VM1 on Server2.
You need to start VM1 on Server2. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Run the Import-VMIntialReplication cmdlet.
B. Create a new virtual machine on Server2 and attach the VHD from VM1 to the new virtual machine.
C. From Hyper-V Manager, run the Import Virtual Machine wizard.
D. Run the Import-IscsiVirtualDisk cmdlet.
Answer: C
Explanation:
Starting in Windows Server 2012, you no longer need to export a virtual machine to be able to import it. You can simply copy a virtual machine and its associated files to the new host, and then use the Import Virtual Machine wizard to specify the location of the files. This registers the virtual machine with Hyper-V and makes it available for use.
In addition to the wizard, the Hyper-V module for Windows PowerShell includes cmdlets for importing virtual machines. For more information, see Import-VM
Reference: Overview of exporting and importing a virtual machine
Q16. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed.
Server1 has a zone named contoso.com. The zone is configured as shown in the exhibit. (Click the Exhibit button.)
You need to assign a user named User1 permission to add and delete records from the contoso.com zone only.
What should you do first?
A. Enable the Advanced view from DNS Manager.
B. Add User1 to the DnsUpdateProxy group.
C. Run the New Delegation Wizard.
D. Configure the zone to be Active Directory-integrated.
Answer: D
Explanation:
Secure dynamic updates are only supported or configurable for resource records in zones that are stored in Active Directory Domain Services (AD DS).
Note: To modify security for a resource record
Open DNS Manager.
In the console tree, click the applicable zone.
In the details pane, click the record that you want to view.
On the Action menu, click Properties.
On the Security tab, modify the list of member users or groups that are allowed to
securely update the applicable record and reset their permissions as needed.
Reference: Modify Security for a Resource Record