Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Your network contains an Active Directory forest named contoso.com. The forest contains three domains. All domain controllers run Windows Server 2012 R2.
The forest has a two-way realm trust to a Kerberos realm named adatum.com.
You discover that users in adatum.com can only access resources in the root domain of contoso.com.
You need to ensure that the adatum.com users can access the resources in all of the domains in the forest.
What should you do in the forest?
A. Delete the realm trust and create a forest trust.
B. Delete the realm trust and create three external trusts.
C. Modify the incoming realm trust.
D. Modify the outgoing realm trust.
Answer: D
Explanation:
* A one-way, outgoing realm trust allows resources in your Windows Server domain (the domain that you are logged on to at the time that you run the New Trust Wizard) to be accessed by users in the Kerberos realm.
* You can establish a realm trust between any non-Windows Kerberos version 5 (V5) realm and an Active Directory domain. This trust relationship allows cross-platform interoperability with security services that are based on other versions of the Kerberos V5 protocol, for example, UNIX and MIT implementations. Realm trusts can switch from nontransitive to transitive and back. Realm trusts can also be either one-way or two-way.
Reference: Create a One-Way, Outgoing, Realm Trust
Q2. HOTSPOT
Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2012 R2. All domain controllers have the DNS Server server role installed.
You have a domain controller named DC1.
On DC1, you create an Active Directory-integrated zone named adatum.com and you sign
the zone by using DNSSEC.
You deploy a new read-only domain controller (RODC) named RODC1. You need to ensure that the contoso.com zone replicates to RODC1. What should you configure on DC1?
To answer, select the appropriate tab in the answer area.
Answer:
Q3. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
You are creating a file management task as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that the Include all folders that store the following kinds of data list displays an entry named Corporate Data.
What should you do?
A. Create a new file group.
B. Create a new classification property.
C. Modify the properties of the System Files file group.
D. Modify the Folder Usage classification property.
Answer: B
Explanation:
Classification properties are used to assign values to files. Reference: Working with File Classification
Q4. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a member server named Server1. All servers run Windows Server 2012 R2.
You install the IP Address Management (IPAM) Server feature on Server1.
From the Provision IPAM wizard, you select the Group Policy Based provisioning method and enter a GPO name prefix of IPAM1.
You need to provision IPAM by using Group Policy.
What command should you run on Server1 to complete the process? To answer, select the appropriate options in the answer area.
Answer:
Q5. You have a server named Server1 that runs Windows Server 2012 R2.
You install the File and Storage Services server role on Server1.
From Windows Explorer, you view the properties of a folder named Folder1 and you discover that the Classification tab is missing.
You need to ensure that you can assign classifications to Folder1 from Windows Explorer manually.
What should you do?
A. From Folder Options, clear Hide protected operating system files (Recommended).
B. Install the File Server Resource Manager role service.
C. From Folder Options, select the Always show menus.
D. Install the Share and Storage Management Tools.
Answer: B
Explanation:
On the Classification tab of the file properties in Windows Server 2012, File Classification Infra-structure adds the ability to manually classify files. You can also classify folders so that any file added to the classified folder will inherit the classifications of the parent folder.
Reference: What's New in File Server Resource Manager in Windows Server.
Q6. HOTSPOT
Your company has a main office and a branch office. An Active Directory site exists for each office.
The network contains an Active Directory forest named contoso.com. The contoso.com domain contains three member servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2.
In the main office, you configure Server1 as a file server that uses BranchCache.
In the branch office, you configure Server2 and Server3 as BranchCache hosted cache servers.
You are creating a Group Policy for the branch office site.
Which two Group Policy settings should you configure?
To answer, select the appropriate two settings in the answer area.
Answer:
Q7. DRAG DROP
You have 3 server named Server1 that runs Windows Server 2012 R2. You are asked to test Windows Azure Online Backup to back up Server1. You need to back up Server1 by using Windows Azure Online Backup. Which four actions should you perform in sequence?
To answer, move the appropriate four actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q8. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
You are creating a central access rule named TestFinance that will be used to grant members of the Authenticated users group access to a folder stored on a Microsoft SharePoint Server 2013 server.
You need to ensure that the permissions are granted when the rule is published.
What should you do?
A. Set the Permissions to Use the following permissions as proposed permissions.
B. Set the Permissions to Use following permissions as current permissions.
C. Add a Resource condition to the current permissions entry for the Authenticated Users principal.
D. Add a User condition to the current permissions entry for the Authenticated Users principal.
Answer: B
Explanation:
To create a central access rule (see step 5 below): In the left pane of the Active Directory Administrative Center, click Tree View, select Dynamic Access Control, and then click Central Access Rules. Right-click Central Access Rules, click New, and then click Central Access Rule. In the Name field, type Finance Documents Rule. In the Target Resources section, click Edit, and in the Central Access Rule dialog box, click Add a condition. Add the following condition: [Resource] [Department] [Equals] [Value] [Finance], and then click OK. In the Permissions section, select Use following permissions as current permissions, click Edit, and in the Advanced Security Settings for Permissions dialog box click Add.
Note (not A): Use the following permissions as proposed permissions option lets you create the policy in staging.
6. In the Permission entry for Permissions dialog box, click Select a principal, type Authenticated Users, and then click OK.
Etc.
Incorrect:
Not A. Proposed permissions enable an administrator to more accurately model the impact
of potential changes to access control settings without actually changing them.
Reference: Deploy a Central Access Policy (Demonstration Steps)
https://technet.microsoft.com/en-us/library/hh846167.aspx
Q9. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
You are creating a central access rule named TestFinance that will be used to audit members of the Authenticated Users group for access failure to shared folders in the finance department.
You need to ensure that access requests are unaffected when the rule is published.
What should you do?
A. Add a User condition to the current permissions entry for the Authenticated Users principal.
B. Set the Permissions to Use the following permissions as proposed permissions.
C. Add a Resource condition to the current permissions entry for the Authenticated Users principal.
D. Set the Permissions to Use following permissions as current permissions.
Answer: B
Explanation:
Proposed permissions enable an administrator to more accurately model the impact of potential changes to access control settings without actually changing them. Reference: Access Control and Authorization Overview http://technet.microsoft.com/en-us/library/jj134043.aspx
Q10. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a cluster disk resource.
A developer creates an application named App1. App1 is NOT a cluster-aware application. App1 runs as a service. App1 stores date on the cluster disk resource.
You need to ensure that App1 runs in Cluster1. The solution must minimize development effort.
Which cmdlet should you run?
A. Add-ClusterGenericServiceRole
B. Add-ClusterGenericApplicationRole
C. Add-ClusterScaleOutFileServerRole
D. Add-ClusterServerRole
Answer: B
Explanation:
Add-ClusterGenericApplicationRole
Configure high availability for an application that was not originally designed to run in a
failover cluster.
If you run an application as a Generic Application, the cluster software will start the
application, then periodically query the operating system to see whether the application
appears to be running. If so, it is presumed to be online, and will not be restarted or failed
over.
EXAMPLE 1.
Command Prompt: C:\PS>
Add-ClusterGenericApplicationRole -CommandLine NewApplication.exe
Name OwnerNode State
cluster1GenApp node2 Online Description
This command configures NewApplication.exe as a generic clustered application. A default name will be used for client access and this application requires no storage.
Reference: Add-ClusterGenericApplicationRole
http://technet.microsoft.com/en-us/library/ee460976.aspx
Q11. HOTSPOT
You build a test environment. The test environment contains one Active Directory forest. The forest contains a single domain named contoso.com. The domain contains the servers configured as shown in the following table.
You run the following commands.
New-ADReplicationSite Site1 New-ADReplicationSite Site2 New-ADReplicationSubnet -Name “192.168.1.0/24” -Site Site1 New-ADReplicationSubnet -Name “192.168.2.0/24” -Site Site2 New-ADReplicationSiteLink -Name “SiteLink1” –SitesIncluded Site1,Site2 -Cost 100 -
ReplicationFrequencyInMinutes 15
You promote Server3 and Server4 to domain controllers by using the default options.
Use the drop-down menus to select the answer choice that completes each statement.
Answer:
Q12. Your network contains an Active Directory forest named contoso.com.
Users frequently access the website of an external partner company. The URL of the website is http://partners.adatum.com. The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change.
After the change is complete, the users on your internal network report that they fail to access the website. However, some users who work from home report that they can access the website.
You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.
What should you do?
A. Run dnscmd and specify the CacheLockingPercent parameter.
B. Run Set-DnsServerGlobalQueryBlockList.
C. Run ipconfig and specify the Renew parameter.
D. Run Set-DnsServerCache.
Answer: D
Explanation:
The Set-DnsServerCache cmdlet modifies cache settings for a Domain Name System
(DNS) server.
Run Set-DnsServerCache with the -LockingPercent switch.
/ -LockingPercent<UInt32>
Specifies a percentage of the original Time to Live (TTL) value that caching can consume.
Cache locking is configured as a percent value. For example, if the cache locking value is
set to 50, the DNS server does not overwrite a cached entry for half of the duration of the
TTL. By default, the cache locking percent value is 100. This value means that the DNS
server will not overwrite cached entries for the entire duration of the TTL.
Note. A better way would be clear the DNS cache on the DNS server with either Dnscmd
/ClearCache (from command prompt), or Clear-DnsServerCache (from Windows
PowerShell).
Reference: Set-DnsServerCache
http://technet.microsoft.com/en-us/library/jj649852.aspx
Incorrect:
Not A. You need to use the /config parameter as well:
You can change this value if you like by using the dnscmd command:
dnscmd /Config /CacheLockingPercent<percent>
Q13. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed.
You need to make configuration changes to the Windows Token-based Agent role service.
Which tool should you use?
To answer, select the appropriate tool in the answer area.
Answer:
Q14. HOTSPOT
Your network contains an Active Directory domain named contoso.com.
You install the IP Address Management (IPAM) Server feature on a server named Server1
and select Manual as the provisioning method.
The IPAM database is located on a server named SQL1.
You need to configure IPAM to use Group Policy Based provisioning.
What command should you run first?
To answer, select the appropriate options in the answer area.
Answer:
Q15. You have a server named Server1 that runs Windows Server 2012 R2.
You start Server1 by using Windows RE.
You need to repair the Boot Configuration Data (BCD) store on Server1.
Which tool should you use?
A. Bootim
B. Bootsect
C. Bootrec
D. Bootcfg
Answer: C
Q16. Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain controllers. The domain controllers are configured as shown in the following table.
You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in both domains.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Raise the domain functional level of contoso.com.
B. Raise the domain functional level ofchildl.contoso.com.
C. Raise the forest functional level of contoso.com.
D. Upgrade DC11 to Windows Server 2012 R2.
E. Upgrade DC1 to Windows Server 2012 R2.
Answer: A,E
Explanation:
The root domain in the forest must be at Windows Server 2012 level. First upgrade DC1 to this level (E), then raise the contoso.com domain functional level to Windows Server 2012 (A).
* (E) To support resources that use claims-based access control, the principal’s domains
will need to be running one of the following:
/ All Windows Server 2012 domain controllers.
/ Sufficient Windows Server 2012 domain controllers to handle all the Windows 8 device
authentication requests.
/ Sufficient Windows Server 2012 domain controllers to handle all the Windows Server
2012 resource protocol transition requests to support non-Windows 8 devices.
Reference: What's New in Kerberos Authentication
http://technet.microsoft.com/en-us/library/hh831747.aspx.