Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. You have a virtual machine named VM1 that runs on a host named Host1.
You configure VM1 to replicate to another host named Host2. Host2 is located in the same physical location as Host1.
You need to add an additional replica of VM1. The replica will be located in a different physical site.
What should you do?
A. From VM1 on Host2, click Extend Replication.
B. On Host1, configure the Hyper-V settings.
C. From VM1 on Host1, click Extend Replication.
D. On Host2, configure the Hyper-V settings.
Answer: A
Explanation:
Extend Replication through UI:
Before you Extend Replication to third site, you need to establish the replication between a primary server and replica server. Once that is done, go to replica site and from Hyper-V UI manager select the VM for which you want to extend the replication. Right click on VM and select “Replication->Extend Replication …”. This will open Extend Replication Wizard which is similar to Enable Replication Wizard.
NOTE: You configure a server to receive replication with Hyper-V Manager, in this situation the replica site is assumed to be the Replica Server. Therefore you extend replication from VM1 on Host2.
Note 2: With Hyper-V Extend Replication feature in Windows Server 2012 R2, customers can have multiple copies of data to protect them from different outage scenarios. For example, as a customer I might choose to keep my second DR site in the same campus or a few miles away while I want to keep my third copy of data across the continents to give added protection for my workloads. Hyper-V Replica Extend replication exactly addresses this problem by providing one more copy of workload at an extended site apart from replica site.
Reference: Hyper-V Replica: Extend Replication
http://blogs.technet.com/b/virtualization/archive/2013/12/10/hyper-v-replica-extend-replication.aspx
Q2. Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed. Server2 is a file server.
Your company introduces a Bring Your Own Device (BYOD) policy.
You need to ensure that users can use a personal device to access domain resources by using Single Sign-On (SSO) while they are connected to the internal network.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Enable the Device Registration Service in Active Directory.
B. Publish the Device Registration Service by using a Web Application Proxy.
C. Configure Active Directory Federation Services (AD FS) for the Device Registration Service.
D. Create and configure a sync share on Server2.
E. Install the Work Folders role service on Server2.
Answer: A,C
Explanation:
* Workplace Join leverages a feature included in the Active Directory Federation Services (AD FS) Role in Windows Server 2012 R2, called Device Registration Service (DRS). DRS provisions a device object in Active Directory when a device is Workplace Joined. Once the device object is in Active Directory, attributes of that object can be retrieved and used to provide conditional access to resources and applications. The device identity is represented by a certificate which is set on the personal device by DRS when the device is Workplace Joined.
* In Windows Server 2012 R2, AD FS and Active Directory Domain Services have been extended to comprehend the most popular mobile devices and provide conditional access to enterprise resources based on user+device combinations and access policies. With these policies in place, you can control access based on users, devices, locations, and access times.
Reference: BYOD Basics: Enabling the use of Consumer Devices using Active Directory in Windows Server 2012 R2
Q3. Your network contains an Active Directory domain named adatum.com. You create a new
Group Policy object (GPO) named GPO1.
You need to verify that GPO1 was replicated to all of the domain controllers.
Which tool should you use?
A. Gpupdate
B. Gpresult
C. Group Policy Management
D. Active Directory Sites and Services
Answer: C
Explanation:
In Windows Server 2012, the Group Policy Management Console (GPMC) was enhanced to provide a report for the overall health state of the Group Policy infrastructure for a domain, or to scope the health view to a single GPO.
Reference: Check Group Policy Infrastructure Status
http://technet.microsoft.com/en-us/library/jj134176.aspx
Q4. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is an enterprise root certification authority (CA) for contoso.com.
Your user account is assigned the certificate manager role and the auditor role on the contoso.com CA. Your account is a member of the local Administrators group on Server1.
You enable CA role separation on Server1.
You need to ensure that you can manage the certificates on the CA.
What should you do?
A. Remove your user account from the local Administrators group.
B. Assign the CA administrator role to your user account.
C. Assign your user account the Bypass traverse checking user right.
D. Remove your user account from the Manage auditing and security log user right.
Answer: D
Explanation:
The separation of CA roles can be enforced using role separation. Once enforced, role separation only allows a user to be assigned a single role. If a user is assigned to more than one role and attempts to perform an operation on the CA, the operation is denied. For this reason, before role separation is enabled, a user should be assigned only one CA role.
Reference: Role Separation
Q5. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012.
Server1 is the enterprise root certification authority (CA) for contoso.com.
You need to enable CA role separation on Server1.
Which tool should you use?
A. The Certutil command
B. The Authorization Manager console
C. The Certsrv command
D. The Certificates snap-in
Answer: A
Explanation:
To enable role separation
. Open Command Prompt.
. Type: certutil -setreg ca\RoleSeparationEnabled 1 Etc.
Reference: Enable role separation
Q6. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the Hyper-V server role installed.
The network contains an enterprise certification authority (CA). All servers are enrolled automatically for a certificate-based on the Computer certificate template.
On Server1, you have a virtual machine named VM1. VM1 is replicated to Server2.
You need to encrypt the replication of VM1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On Server1, modify the Hyper-V Settings.
B. On Server2, modify the settings of VM1.
C. On Server2, modify the Hyper-V Settings.
D. On Server1, modify the settings of VM1.
E. On Server1, modify the settings of the virtual switch to which VM1 is connected.
F. On Server2, modify the settings of the virtual switch to which VM1 is connected.
Answer: B,C
Explanation:
B. Each virtual machine that is to be replicated must be enabled for replication (on the replica server – Server2).
C. To configure the Replica server (here Server2) In Hyper-V Manager, click Hyper-V Settings in the Actions pane. In the Hyper-V Settings dialog, click Replication Configuration. In the Details pane, select Enable this computer as a Replica server. In the Authentication and ports section, select the authentication method. For either authentication method, specify the port to be used (the default ports are 80 for Kerberos over HTTP and 443 for certificate-based authentication over HTTPS). If you are using certificate-based authentication, click Select Certificate and provide the request certificate information.
Etc
Reference: Deploy Hyper-V Replica Step 2: Enable Replication
Q7. Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com.
You plan to perform maintenance on Server1.
You need to ensure that all new connections to App1 are directed to Server2. The solution must not disconnect the existing connections to Server1.
What should you run?
A. The Set-NlbCluster cmdlet
B. The Set-NlbClusterNode cmdlet
C. The Stop-NlbCluster cmdlet
D. The Stop-NlbClusterNode cmdlet
Answer: D
Explanation:
The Stop-NlbClusterNode cmdlet stops a node in an NLB cluster. When you use the stop
the nodes in the cluster, client connections that are already in progress are interrupted. To
avoid interrupting active connections, consider using the -drain parameter, which allows the
node to continue servicing active connections but disables all new traffic to that node.
-Drain <SwitchParameter>
Drains existing traffic before stopping the cluster node. If this parameter is omitted, existing
traffic will be dropped.
Reference: Stop-NlbClusterNode
Q8. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed.
You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2.
You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2.
To which group on Server2 should you add Tech1?
A. IPAM MSM Administrators
B. IPAM Administrators
C. winRMRemoteWMIUsers_
D. Remote Management Users
Answer: C
Explanation:
If you are accessing the IPAM server remotely using Server Manager IPAM client RSAT, then you must be a member of the WinRMRemoteWMIUsers group on the IPAM server, in addition to being a member of the appropriate IPAM security group (or local Administrators group).
Reference: IPAM Deployment Planning, IPAM specifications
Q9. Your network contains one Active Directory forest named contoso.com. The forest contains two child domains and six domain controllers. The domain controllers are configured as shown in the following table.
For the contoso.com domain, a company policy states that administrators must be able to retrieve a list of all the users who have not logged on to the network in the last seven days from any domain controller.
You need to ensure that the users’ last logon information from the last seven days is replicated to all of the domain controllers.
What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Answer: C
Reference: Technet, Set-ADDomain
https://technet.microsoft.com/en-us/library/ee617212.aspx
Q10. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
You need to create an IPv6 scope on Server1. The scope must use an address space that is reserved for private networks. The addresses must be routable.
Which IPV6 scope prefix should you use?
A. 2001:123:4567:890A::
B. FE80:123:4567::
C. FF00:123:4567:890A::
D. FD00:123:4567::
Answer: D Explanation:
Explanation/Reference:
* A unique local address (ULA) is an IPv6 address in the block fc00::/7, defined in RFC
4193. It is the approximate IPv6 counterpart of the IPv4 private address.
The address block fc00::/7 is divided into two /8 groups:
/ The block fc00::/8 has not been defined yet.
/ The block fd00::/8 is defined for /48 prefixes, formed by setting the 40 least-significant bits
of the prefix to a randomly generated bit string.
* Prefixes in the fd00::/8 range have similar properties as those of the IPv4 private address
ranges:
/ They are not allocated by an address registry and may be used in networks by anyone
without outside involvement.
/ They are not guaranteed to be globally unique.
/ Reverse Domain Name System (DNS) entries (under ip6.arpa) for fd00::/8 ULAs cannot
be delegated in the global DNS.
Reference: RFC 4193
Q11. HOTSPOT
You have a server named Server1 that runs Windows Server 2012 R2.
You are configuring a storage space on Server1.
You need to ensure that the storage space supports tiered storage.
Which settings should you configure?
To answer, select the appropriate options in the answer area.
Answer:
Q12. You have a server named Server1 that runs Windows Server 2012 R2.
When you install a custom Application on Server1 and restart the server, you receive the
following error message: "The Boot Configuration Data file is missing some required information. File: \Boot\BCD
Error code: 0x0000034."
You start Server1 by using Windows RE.
You need to ensure that you can start Windows Server 2012 R2 on Server1.
Which tool should you use?
A. Bootsect
B. Bootim
C. Bootrec
D. Bootcfg
Answer: C
Explanation:
* Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks for installations that are compatible with Windows Vista or Windows 7. Additionally, this option displays the entries that are currently not in the BCD store. Use this
option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not list.
* Error code 0x0000034 while booting.
Resolution:
1. Put the Windows Windows 7 installation disc in the disc drive, and then start the computer.
2. Press any key when the message indicating "Press any key to boot from CD or DVD …". appears.
3. Select a language, time, currency, and a keyboard or another input method. Then click Next.
4. Click Repair your computer.
5. Click the operating system that you want to repair, and then click Next.
6. In the System Recovery Options dialog box, click Command Prompt.
7. Type Bootrec /RebuildBcd, and then press ENTER.
Incorrect:
Not A. Bootsect.exe updates the master boot code for hard disk partitions to switch
between BOOTMGR and NTLDR. You can use this tool to restore the boot sector on your
computer. This tool replaces FixFAT and FixNTFS.
Not D. The bootcfg command is a Microsoft Windows Server 2003 utility that modifies the
Boot.ini file.
Reference: Bootsect Command-Line Options
http://technet.microsoft.com/en-us/library/cc749177(v=ws.10).aspx
http://support.microsoft.com/kb/927392/en-us
http://answers.microsoft.com/en-us/windows/forum/windows_7-system/error-code-0x0000034-in-windows-7/4dcb8d38-a206-40ed-bced-55e4a4de9bf2
Q13. Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003.
You have a domain outside the forest named adatum.com.
You need to configure an access solution to meet the following requirements:
* Users in adatum.com must be able to access resources in contoso.com.
* Users in adatum.com must be prevented from accessing resources in fabrikam.com.
* Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com.
What should you create?
A. a one-way realm trust from contoso.com to adatum.com
B. a one-way realm trust from adatum.com to contoso.com
C. a one-way external trust from contoso.com to adatum.com
D. a one-way external trust from adatum.com to contoso.com
Answer: C
Explanation:
The contoso domain must trust the adatum domain.
Note: In a One-way: incoming trust, users in your (trusted) domain can be authenticated in
the other (trusting) domain. Users in the other domain cannot be authenticated in your
domain.
Incorrect:
Not A, not B. Use realm trusts to form a trust relationship between a non-Windows
Kerberos realm and a Windows Server domain.
Not D. The resources that are to be shared are in the contoso domain.
Reference: Trust types
Q14. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2.
You create a user account named User1 in the domain.
You need to ensure that User1 can use Windows Server Backup to back up Server1. The solution must minimize the number of administrative rights assigned to User1.
What should you do?
A. Add User1 to the Backup Operators group.
B. Add User1 to the Power Users group.
C. Assign User1 the Backup files and directories user right and the Restore files and directories user right.
D. Assign User1 the Backup files and directories user right.
Answer: D
Explanation:
Backup Operators have these permissions by default:
However the question explicitly says we need to minimize administrative rights. Since the requirement is for backing up the data only--no requirement to restore or shutdown--then assigning the "Back up files and directories user right" would be the correct answer.
Reference: Default local groups
http://technet.microsoft.com/en-us/library/cc787956(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc756898(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc771990.aspx
Q15. Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
Both servers have the Hyper-V server role installed. Server1 and Server2 are located in different offices. The offices connect to each other by using a high-latency WAN link.
Server2 hosts a virtual machine named VM1.
You need to ensure that you can start VM1 on Server1 if Server2 fails. The solution must minimize hardware costs.
What should you do?
A. On Server1, install the Multipath I/O (MPIO) feature. Modify the storage location of the VHDs for VM1.
B. From the Hyper-V Settings of Server2, modify the Replication Configuration settings. Enable replication for VM1.
C. On Server2, install the Multipath I/O (MPIO) feature. Modify the storage location of the VHDs for VM1.
D. From the Hyper-V Settings of Server1, modify the Replication Configuration settings. Enable replication for VM1.
Answer: D
Explanation:
You first have to enable replication on the Replica server--Server1--by going to the server and modifying the "Replication Configuration" settings under Hyper-V settings. You then go to VM1--which presides on Server2-- and run the "Enable Replication" wizard on VM1.
Q16. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. Server1 is configured to resolve single-label names for DNS clients.
You need to view the number of queries for single-label names that are resolved by Server1.
What command should you run?
To answer, select the appropriate options in the answer area.
Answer: