Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server 2012 R2.
You need to schedule the installation of Windows updates on the cluster nodes.
Which tool should you use?
A. the Add-CauClusterRole cmdlet
B. the Wusa command
C. the Wuauclt command
D. the Invoke-CauScan cmdlet
Answer: A
Explanation:
To enable self-updating mode, the CAU clustered role must also be added to the failover cluster. To do this by using the CAU UI, under Cluster Actions, use the Configure Self-Updating Options action. Alternatively, run the Add-CauClusterRole Windows PowerShell cmdlet.
Note: The process for installing service packs and hotfixes on Windows Server 2012 differs from the process in earlier versions. In Windows Server 2012, you can use the Cluster-Aware Updating (CAU) feature. CAU automates the software-updating process on clustered servers while maintaining availability.
Reference: Cluster-Aware Updating Overview
Q2. Your network contains an Active Directory forest named contoso.com. The forest contains
a single domain. The forest functional level is Windows Server 2012 R2.
You have a domain controller named DC1.
On DC1, you create a new Group Policy object (GPO) named GPO1. You need to verify that GPO1 was replicated to all of the domain controllers.
Which tool should you use?
A. Group Policy Management
B. Active Directory Sites and Services
C. DFS Management
D. Active Directory Administrative Center
Answer: A
Explanation:
In Windows Server 2012, the Group Policy Management Console (GPMC) was enhanced to provide a report for the overall health state of the Group Policy infrastructure for a domain, or to scope the health view to a single GPO.
Reference: Check Group Policy Infrastructure Status
http://technet.microsoft.com/en-us/library/jj134176.aspx
Q3. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the DNS Server server role installed.
The network contains client computers that run either Linux, Windows 7, or Windows 8.
You have a standard primary zone named adatum.com as shown in the exhibit. (Click the Exhibit button.)
You plan to configure Name Protection on all of the DHCP servers.
You need to configure the adatum.com zone to support Name Protection.
Which two configurations should you perform from DNS Manager? (Each correct answer presents part of the solution. Choose two.)
A. Sign the zone.
B. Store the zone in Active Directory.
C. Modify the Security settings of the zone.
D. Configure Dynamic updates.
E. Add a DNS key record
Answer: B,D
Explanation:
Name protection requires secure update to work. Without name protection DNS names may be hijacked.
You can use the following procedures to allow only secure dynamic updates for a zone.
Secure dynamic update is supported only for Active Directory–integrated zones. If the zone type is configured differently, you must change the zone type and directory-integrate the zone before securing it for Domain Name System (DNS) dynamic updates.
1. (B) Convert primary DNS server to Active Directory integrated primary
2. (D) Enable secure dynamic updates
Reference: DHCP: Secure DNS updates should be configured if Name Protection is enabled on any IPv4 scope
http://technet.microsoft.com/en-us/library/ee941152(v=ws.10).aspx
Q4. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. The system properties of Server1 are shown in the exhibit. (Click the Exhibit button.)
You need to configure Server1 as an enterprise subordinate certification authority (CA).
What should you do first?
A. Add RAM to the server.
B. Set the Startup Type of the Certificate Propagation service to Automatic.
C. Install the Certification Authority Web Enrollment role service.
D. Join Server1 to the contoso.com domain.
Answer: D
Explanation:
Enterprise CAs must be domain members. From the exhibit we see that it is only a
Workgroup member.
Note:
A new CA can be the root CA of a new PKI or subordinate to another in an existing PKI.
Enterprise subordinate certification authority.
An enterprise subordinate CA must get a CA certificate from an enterprise root CA but can
then issue certificates to all users and computers in the enterprise. These types of CAs are
often used for load balancing of an enterprise root CA.
Reference: Install a Subordinate Certification Authority
Q5. HOTSPOT
Your company has a main office and a branch office. The main office is located in Detroit. The branch office is located in Seattle.
The network contains an Active Directory domain named adatum.com. Client computers run either Windows 7 Enterprise or Windows 8 Enterprise.
The main office contains 1,000 client computers and 50 servers. The branch office contains 20 client computers.
All computer accounts for the branch office are located in an organizational unit (OU) named SeattleComputers. A Group Policy object (GPO) named GPO1 is linked to the SeattleComputers OU.
You need to configure BranchCache for the branch office.
Answer:
Q6. Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as a standalone certification authority (CA).
You install a second server named Server2. You install the Online Responder role service on Server2.
You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signing certificate to Server2.
What should you run on Server1?
A. The certreq.exe command and specify the -policy parameter
B. The certutil.exe command and specify the -getkey parameter
C. The certutil.exe command and specify the -setreg parameter
D. The certreq.exe command and specify the -retrieve parameter
Answer: C
Explanation: To prepare a computer running Windows Server to issue OCSP Response Signing certificates
On the server hosting the CA, open a command prompt, and type: certutil -v -setreg policy\EnableRequestExtensionList +1.3.6.1.5.5.7.48.1.5 Stop and restart the CA. You can do this at a command prompt by running the following commands: net stop certsvc
net start certsvc
Reference: Configure a CA to Support OCSP Responders
https://technet.microsoft.com/en-us/library/cc732526.aspx
Q7. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1.
Port rules are configured for all clustered Applications.
You need to ensure that Server2 handles all client requests to the cluster that are NOT covered by a port rule.
What should you configure?
A. Affinity-None
B. Affinity-Single
C. The cluster quorum settings
D. The failover settings
E. A file server for general use
F. The Handling priority
G. The host priority
H. Live migration
I. The possible owner
J. The preferred owner
K. Quick migration
L. The Scale-Out File Server
Answer: G
Explanation:
Host Priorities Each cluster host is assigned a unique host priority in the range of 1 to 32, where lower numbers denote higher priorities. The host with the highest host priority (lowest numeric value) is called the default host. It handles all client traffic for the virtual IP addresses that is not specifically intended to be load-balanced. This ensures that server applications not configured for load balancing only receive client traffic on a single host. If the default host fails, the host with the next highest priority takes over as default host.
Reference: Network Load Balancing Technical Overview
http://technet.microsoft.com/en-us/library/bb742455.aspx
Q8. You create a new virtual disk in a storage pool by using the New Virtual Disk Wizard. You discover that the new virtual disk has a write-back cache of 1 GB.
You need to ensure that the virtual disk has a write-back cache of 5 GB.
What should you do?
A. Detach the virtual disk, and then run the Resize-VirtualDisk cmdlet.
B. Detach the virtual disk, and then run the Set-VirtualDisk cmdlet.
C. Delete the virtual disk, and then run the New-StorageSubSystemVirtualDisk cmdlet.
D. Delete the virtual disk, and then run the New-VirtualDisk cmdlet.
Answer: D
Explanation:
So what about changing the cache size? Well, you can't modify the cache size, but you can specify it at the time that you create a new virtual hard disk. In order to do so, you have to use Windows PowerShell.
New-VirtualDisk –StoragePoolFriendlyName "<storage pool name>" –FriendlyName "<v
Reference: Using Windows Server 2012's SSD Write-Back Cache
Q9. DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server3. The network contains a standalone server named Server2.
All servers run Windows Server 2012 R2. The servers are configured as shown in the following table.
Server3 hosts an application named App1. App1 is accessible internally by using the URL https://app1.contoso.com. App1 only supports Integrated Windows authentication.
You need to ensure that all users from the Internet are pre-authenticated before they can access App1.
What should you do?
To answer, drag the appropriate servers to the correct actions. Each server may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q10. DRAG DROP
You have a server that runs Windows Server 2012 R2.
You create a new work folder named Share1.
You need to configure Share1 to meet the following requirements:
Ensure that all synchronized copies of Share1 are encrypted.
Ensure that clients synchronize to Share1 every 30 minutes.
Ensure that Share1 inherits the NTFS permissions of the parent folder.
Which cmdlet should you use to achieve each requirement?
To answer, drag the appropriate cmdlets to the correct requirements. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q11. DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
You plan to install the Active Directory Federation Services server role on Server1 to allow for Workplace Join.
You run nslookup enterprise registration and you receive the following results:
You need to create a certificate request for Server1 to support the Active Directory Federation Services (AD FS) installation.
How should you configure the certificate request?
To answer, drag the appropriate names to the correct locations. Each name may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q12. Your network contains an Active Directory domain named contoso.com. The network contains a file server named Server1 that runs Windows Server 2012 R2.
You are configuring a central access policy for temporary employees.
You enable the Department resource property and assign the property a suggested value of Temp.
You need to configure a target resource condition for the central access rule that is scoped to resources assigned to Temp only.
Which condition should you use?
A. (Temp.Resource Equals "Department")
B. (Resource.Temp Equals "Department")
C. (Resource.Department Equals "Temp")
D. (Department.Value Equals "Temp")
Answer: C
Explanation:
Example:
Targeting: Resource.Department Contains Finance
Access rule: Allow read User.Country=Resource.Country AND User.department =
Resource.Department
Reference: Deploy a Central Access Policy (Demonstration Steps)
Q13. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. Server1 is a BranchCache hosted cache server that is located in a branch office.
The network contains client computers that run either Windows 7 or Windows 8.
For the branch office, all of the user accounts and the client computer accounts are located in an organizational unit (OU) named Branch1. A Group Policy object (GPO) named GPO1 is linked to Branch 1. GPO1 contains the BranchCache settings.
You discover that users in the branch office who have client computers that run Windows 7 do not access cached content from Server1. Users in the branch office who have Windows 8 computers access cached content from Server1.
You need to configure the Windows 7 computers to use BranchCache on Server1. Which setting should you configure in GPO1?
To answer, select the appropriate setting in the answer area.
Answer:
Q14. Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2012 R2.
The domain contains four servers. The servers are configured as shown in the following table.
You need to deploy IP Address Management (IPAM) to manage DNS and DHCP.
On which server should you install IPAM?
A. DC1
B. DC2
C. DC3
D. Server1
Answer: D
Explanation:
Explanaton: IPAM cannot be installed on Domain Controllers. All servers, except Server1, have the DC role
Reference: IP Address Management (IPAM) Overview http://technet.microsoft.com/en-us/library/hh831353.aspx
Q15. Your network contains one Active Directory forest named contoso.com. The forest contains two child domains and six domain controllers. The domain controllers are configured as shown in the following table.
You need to prevent administrators from accidentally deleting any of the sites in the forest. What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Answer: B
Explanation: The Set-ADReplicationSite sets the replication properties for an Active
Directory site.
Parameter: -ProtectedFromAccidentalDeletion<Boolean>
Specifies whether to prevent the object from being deleted. When this property is set to
$True, you cannot delete the corresponding object without changing the value of the
property. The acceptable values for this parameter are:
-- $False or 0
-- $True or 1
Reference: Technet, Set-ADReplicationSite
https://technet.microsoft.com/en-us/library/hh852305(v=wps.630).aspx
Q16. HOTSPOT
You have a file server named Server1 that runs Windows Server 2012 R2.
Server1 contains a file share that must be accessed by only a limited number of users.
You need to ensure that if an unauthorized user attempts to access the file share, a custom access-denied message appears, which contains a link to request access to the share. The message must not appear when the unauthorized user attempts to access other shares.
Which two nodes should you configure in File Server Resource Manager? To answer, select the appropriate two nodes in the answer area.
Answer: