Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domain controllers. The domain controllers are configured as shown in the following table.
An IP site link exits between each site.
You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB.
You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable.
What should you do?
A. Create an SMTP site link between SiteB and SiteC.
B. Create additional connection objects for DC3 and DC4.
C. Decrease the cost of the site link between SiteB and SiteC.
D. Create additional connection objects for DC1 and DC2.
Answer: C
Explanation:
By decreasing the site link cost between SiteB and SiteC the SiteC users would be authenticated by SiteB rather than by SiteA.
Q2. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.
You add two additional nodes in Cluster1.
You have a folder named Folder1 on Server1 that hosts Application data. Folder1 is a folder target in a Distributed File System (DFS) namespace.
You need to provide highly available access to Folder1. The solution must support DFS Replication to Folder1.
What should you configure?
A. Affinity-None
B. Affinity-Single
C. The cluster quorum settings
D. The failover settings
E. A file server for general use
F. The Handling priority
G. The host priority
H. Live migration
I. The possible owner
J. The preferred owner
K. Quick migration
L. The Scale-Out File Server
Answer: E
Explanation:
File Server for general use
Note: You can deploy and configure a clustered file server by using either of the following methods:
* File Server for general use. This is the continuation of the clustered file server that has been supported in Windows Server since the introduction of Failover Clustering. This type of clustered file server, and therefore all the shares associated with the clustered file server, is online on one node at a time. This is sometimes referred to as active-passive or dual-active. File shares associated with this type of clustered file server are called clustered file shares. This is the recommended file server type when deploying information worker scenarios.
* Scale-Out File Server for application data This clustered file server feature was introduced in Windows Server 2012, and it lets you store server application data, such as Hyper-V virtual machine files, on file shares, and obtain a similar level of reliability, availability, manageability, and high performance that you would expect from a storage area network. All file shares are simultaneously online on all nodes. File shares associated with this type of clustered file server are called scale-out file shares. This is sometimes referred to as active-active. This is the recommended file server type when deploying either Hyper-V over Server Message Block (SMB) or Microsoft SQL Server over SMB.
Reference: Scale-Out File Server for Application Data Overview
Q3. HOTSPOT
Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com.
You deploy a new server named Server3 that runs Windows Server 2012 R2. The contoso.com DNS zone contains the records shown in the following table.
You need to add Server3 to the NLB cluster.
What command should you run?
To answer, select the appropriate options in the answer area.
Answer:
Q4. Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as a standalone certification authority (CA).
You install a second server named Server2. You install the Online Responder role service on Server2.
You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signing certificate to Server2.
What should you run on Server1?
A. The certreq.exe command and specify the -policy parameter
B. The certutil.exe command and specify the -getkey parameter
C. The certutil.exe command and specify the -setreg parameter
D. The certreq.exe command and specify the -retrieve parameter
Answer: C
Explanation: To prepare a computer running Windows Server to issue OCSP Response Signing certificates
On the server hosting the CA, open a command prompt, and type: certutil -v -setreg policy\EnableRequestExtensionList +1.3.6.1.5.5.7.48.1.5 Stop and restart the CA. You can do this at a command prompt by running the following commands: net stop certsvc
net start certsvc
Reference: Configure a CA to Support OCSP Responders
https://technet.microsoft.com/en-us/library/cc732526.aspx
Q5. Your network contains two Active Directory forests named contoso.com and adatum.com. All of the domain controllers in both of the forests run Windows Server 2012 R2. The adatum.com domain contains a file server named Servers.
Adatum.com has a one-way forest trust to contoso.com.
A contoso.com user name User10 attempts to access a shared folder on Servers and receives the error message shown in the exhibit. (Click the Exhibit button.)
You verify that the Authenticated Users group has Read permissions to the Data folder.
You need to ensure that User10 can read the contents of the Data folder on Server5 in the
adatum.com domain.
What should you do?
A. Grant the Other Organization group Read permissions to the Data folder.
B. Modify the list of logon workstations of the contoso\User10 user account.
C. Enable the Netlogon Service (NP-In) firewall rule on Server5.
D. Modify the permissions on the Server5 computer object in Active Directory.
Answer: D
Explanation:
* To resolve the issue, I had to open up AD Users and Computers --> enable Advanced Features --> Select the Computer Object --> Properties --> Security --> Add the Group I want to allow access to the computer (in this case, DomainA\Domain users) and allow "Allowed to Authenticate". Once I did that, everything worked:
* For users in a trusted Windows Server 2008 or Windows Server 2003 domain or forest to be able to access resources in a trusting Windows Server 2008 or Windows Server 2003 domain or forest where the trust authentication setting has been set to selective authentication, each user must be explicitly granted the Allowed to Authenticate permission on the security descriptor of the computer objects (resource computers) that reside in the trusting domain or forest.
Reference: Grant the Allowed to Authenticate Permission on Computers in the Trusting Domain or Forest.
http://technet.microsoft.com/en-us/library/cc816733(v=ws.10).aspx
Q6. HOTSPOT
Your network contains one Active Directory domain.
The domain contains an enterprise certification authority (CA).
You need to ensure that members of a group named Group1 can issue certificates for the
User certificate template only.
Which two tabs should you use to perform the configuration? To answer, select the
appropriate tabs in the answer area.
Answer:
Q7. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2.
You plan to implement a new Active Directory forest. The new forest will be used for testing and will be isolated from the production network.
In the test network, you deploy a server named Server1 that runs Windows Server 2012 R2.
You need to configure Server1 as a new domain controller in a new forest named contoso.test.
The solution must meet the following requirements:
. The functional level of the forest and of the domain must be the same as that of contoso.com. . Server1 must provide name resolution services for contoso.test.
What should you do?
To answer, configure the appropriate options in the answer area.
Answer:
Q8. Your network contains an Active Directory domain named contoso.com.
You deploy a server named Server1 that runs Windows Server 2012 R2.
A local administrator installs the Active Directory Rights Management Services server role
on Server1.
You need to ensure that AD RMS clients can discover the AD RMS cluster automatically.
What should you do?
A. Run the Active Directory Rights Management Services console by using an account that is a member of the Schema Admins group, and then configure the proxy settings.
B. Run the Active Directory Rights Management Services console by using an account that is a member of the Schema Admins group, and then register the Service Connection Point (SCP).
C. Run the Active Directory Rights Management Services console by using an account that is a member of the Enterprise Admins group, and then register the Service Connection Point (SCP).
D. Run the Active Directory Rights Management Services console by using an account that is a member of the Enterprise Admins group, and then configure the proxy settings.
Answer: C
Explanation:
* The Active Directory Rights Management Services (AD RMS) Service Connection Point (SCP) is an object in Active Directory that holds the web address of the AD RMS certification cluster. AD RMS-enabled applications use the SCP to discover the AD RMS service; it is the first connection point for users to discover the AD RMS web services.
* To register the SCP you must be a member of the local AD RMS Enterprise Administrators group and the Active Directory Domain Services (AD DS) Enterprise Admins group, or you must have been given the appropriate authority.
Reference: The AD RMS Service Connection Point
Q9. You have a server named Server1 that runs Windows Server 2012 R2.
You start Server1 by using Windows RE.
You need to repair the Boot Configuration Data (BCD) store on Server1.
Which tool should you use?
A. Bootim
B. Bootsect
C. Bootrec
D. Bootcfg
Answer: C
Q10. You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 contains a virtual machine named VM1 that runs Windows Server 2012 R2.
You fail to start VM1 and you suspect that the boot files on VM1 are corrupt.
On Server1, you attach the virtual hard disk (VHD) of VM1 and you assign the VHD a drive
letter of F.
You need to repair the corrupt boot files on VM1. What should you run?
A. bootrec.exe /rebuildbcd
B. bootrec.exe /scanos
C. bcdboot.exe f:\windows /s c:
D. bcdboot.exe c:\windows /s f:
Answer: D
Explanation:
Enables you to quickly set up a system partition, or to repair the boot environment located on the system partition. The system partition is set up by copying a simple set of Boot Configuration Data (BCD) files to an existing empty partition.
Reference: BCDboot Command-Line Options
Q11. You have a server named Server1 that runs Windows Server 2012 R2.
Windows Server 2012 R2 is installed on volume C.
You need to ensure that Safe Mode with Networking loads the next time Server1 restarts.
Which tool should you use?
A. The Msconfig command
B. The Bootcfg command
C. The Restart-Computer cmdlet
D. The Restart-Server cmdlet
Answer: A
Explanation:
Use system config (Msconfig) to configure boot options.
Reference: System Configuration – aka MSCONFIG.
Q12. HOTSPOT
Your company has a main office and a branch office. The main office is located in Detroit. The branch office is located in Seattle.
The network contains an Active Directory domain named adatum.com. Client computers run either Windows 7 Enterprise or Windows 8 Enterprise.
The main office contains 1,000 client computers and 50 servers. The branch office contains 20 client computers.
All computer accounts for the branch office are located in an organizational unit (OU) named SeattleComputers. A Group Policy object (GPO) named GPO1 is linked to the SeattleComputers OU.
You need to configure BranchCache for the branch office.
Answer:
Q13. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. All client computers run Windows 8.
You need to configure a custom Access Denied message that will be displayed to users when they are denied access to folders or files on Server1.
What should you configure?
A. A classification property
B. The File Server Resource Manager Options
C. A file management task
D. A file screen template
Answer: B
Explanation:
Access-denied assistance can be configured by using the File Server Resource Manager console on the file server.
Note: Access-denied assistance is a new feature in Windows Server 2012, which provides the following ways to troubleshoot issues that are related to access to files and folders:
* Self-assistance. If a user can determine the issue and remediate the problem so that they can get the requested access, the impact to the business is low, and no special exceptions are needed in the central access policy. Access-denied assistance provides an access-denied message that file server administrators can customize with information specific to their organizations. For example, an administrator could set the message so that users can request access from a data owner without involving the file server administrator.
Reference: Scenario: Access-Denied Assistance
Q14. You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012 R2.
Server1 has a volume named D that contains user data. Server1 has a volume named E that is empty.
Server1 is configured to create a shadow copy of volume D every hour. You need to configure the shadow copies of volume D to be stored on volume E.
What should you run?
A. The Set-Volume cmdlet with the -driveletter parameter
B. The Set-Volume cmdlet with the -path parameter
C. The vssadmin.exe add shadowstorage command
D. The vssadmin.exe create shadow command
Answer: C
Explanation:
Add ShadowStorage
Adds a shadow copy storage association for a specified volume.
Incorrect:
Not A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a
letter used to identify a drive or volume in the system.
Not B. Create Shadow
Creates a new shadow copy of a specified volume.
Not C. Sets or changes the file system label of an existing volume -Path Contains valid
path information.
Reference: Vssadmin; Set-Volume
http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx
Q15. You have a server named Server1 that runs Windows Server 2012 R2.
You install the File and Storage Services server role on Server1.
From Windows Explorer, you view the properties of a folder named Folder1 and you discover that the Classification tab is missing.
You need to ensure that you can assign classifications to Folder1 from Windows Explorer manually.
What should you do?
A. From Folder Options, clear Hide protected operating system files (Recommended).
B. Install the File Server Resource Manager role service.
C. From Folder Options, select the Always show menus.
D. Install the Share and Storage Management Tools.
Answer: B
Explanation:
On the Classification tab of the file properties in Windows Server 2012, File Classification Infra-structure adds the ability to manually classify files. You can also classify folders so that any file added to the classified folder will inherit the classifications of the parent folder.
Reference: What's New in File Server Resource Manager in Windows Server.
Q16. Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Rights Management Services server role installed.
Your company works with a partner organization that does not have its own Active Directory Rights Management Services (AD RMS) implementation.
You need to create a trust policy for the partner organization.
The solution must meet the following requirements:
. Grant users in the partner organization access to protected content. . Provide users in the partner organization with the ability to create protected content.
Which type of trust policy should you create?
A. A federated trust
B. Windows Live ID
C. A trusted publishing domain
D. A trusted user domain
Answer: A
Explanation:
In AD RMS rights can be assigned to users who have a federated trust with Active
Directory Federation Services (AD FS). This enables an organization to share access to
rights-protected content with another organization without having to establish a separate
Active Directory trust or Active Directory Rights Management Services (AD RMS)
infrastructure.
Incorrect:
Not C. Trusted publishing domains allow one AD RMS server to issue use licenses that
correspond with a publishing license issued by another AD RMS server, but in this scenario
the partner organization does not have any Active Directory.
Not D. A trusted user domain, often referred as a TUD, is a trust between AD RMS
clusters, but in this scenario the partner organization does not have any Active Directory.
Reference: AD RMS and AD FS Considerations
http://technet.microsoft.com/en-us/library/dd772651(v=WS.10).aspx