Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the Hyper-V server role installed.
You plan to replicate virtual machines between Server1 and Server2. The replication will be encrypted by using Secure Sockets Layer (SSL).
You need to request a certificate on Server1 to ensure that the virtual machine replication is encrypted.
Which two intended purposes should the certificate for Server1 contain? (Each correct answer presents part of the solution. Choose two.)
A. Client Authentication
B. Kernel Mode Code Signing
C. Server Authentication
D. IP Security end system
E. KDC Authentication
Answer: A,C
Explanation:
You need to use certificate-based authentication if you want transmitted data to be encrypted.
Replica Server Certificate Requirements
To enable a server to receive replication traffic, the certificate in the replica server must meet the following conditions
* Enhanced Key Usage must support both Client and Server authentication
Etc.
Reference: Hyper-V Replica - Prerequisites for certificate based deployments
http://blogs.technet.com/b/virtualization/archive/2012/03/13/hyper-v-replica-certificate-requirements.aspx
Q2. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as an enterprise certification authority (CA).
You need to ensure that all of the users in the domain are issued a certificate that can be used for the following purposes:
Email security
Client authentication
Encrypting File System (EFS)
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From a Group Policy, configure the Certificate Services Client – Auto-Enrollment settings.
B. From a Group Policy, configure the Certificate Services Client – Certificate Enrollment Policy settings.
C. Modify the properties of the User certificate template, and then publish the template.
D. Duplicate the User certificate template, and then publish the template.
E. From a Group Policy, configure the Automatic Certificate Request Settings settings.
Answer: A,D
Explanation:
The default user template supports all of the requirements EXCEPT auto enroll as shown below:
However a duplicated template from users has the ability to autoenroll:
The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.
Reference: Manage Certificate Enrollment Policy by Using Group Policy. http://technet.microsoft.com/en-us/library/dd851772.aspx
Q3. DRAG DROP
You have a file server named Server1 that runs Windows Server 2012 R2. The folders on Server1 are configured as shown in the following table.
A new corporate policy states that backups must use Windows Azure Online Backup whenever possible.
You need to identify which technology you must use to back up Server1. The solution must use Windows Azure Online Backup whenever possible.
What should you identify?
To answer, drag the appropriate backup type to the correct location or locations. Each backup type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q4. Your network contains an Active Directory forest named contoso.com.
Users frequently access the website of an external partner company. The URL of the website is http://partners.adatum.com.
The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change.
After the change is complete, the users on your internal network report that they fail to access the website. However, some users who work from home report that they can access the website.
You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.
What should you do?
A. Run ipconfig and specify the FlushDns parameter.
B. Run ipconfig and specify the Renew parameter.
C. Run dnscmd and specify the ClearCache parameter.
D. Run Set-DnsServerResourceRecordAging.
Answer: C
Explanation: We cane clear the DNS cache on the DNS server with either Dnscmd /ClearCache (from command prompt) or Clear-DnsServerCache (from Windows PowerShell).
Reference: Technet, Dnscmd
https://technet.microsoft.com/en-us/library/cc772069.aspx
Q5. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server2 that runs Windows Server 2012 R2. You are a member of the local Administrators group on Server2. You install an Active Directory Rights
Management Services (AD RMS) root cluster on Server2.
You need to ensure that the AD RMS cluster is discoverable automatically by the AD RMS
client computers and the users in contoso.com.
Which additional configuration settings should you configure? To answer, select the appropriate tab in the answer area.
Answer:
Q6. DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains four member servers named Server1, Server2, Server3, and Server4. All servers run Windows Server 2012 R2.
Server1 and Server3 are located in a site named Site1. Server2 and Server4 are located in a site named Site2. The servers are configured as nodes in a failover cluster named Cluster1.
Dynamic quorum management is disabled.
Cluster1 is configured to use the Node Majority quorum configuration.
You need to ensure that users in Site2 can access Cluster1 if the network connection between the two sites becomes unavailable.
What should you run from Windows PowerShell?
To answer, drag the appropriate commands to the correct location. Each command may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q7. Your network contains an Active Directory domain named contoso.com. The domain
contains two member servers named Server1 and Server2.
You install the DHCP Server server role on Server1 and Server2. You install the IP
Address Management (IPAM) Server feature on Server1.
You notice that you cannot discover Server1 or Server2 in IPAM.
You need to ensure that you can use IPAM to discover the DHCP infrastructure.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On Server2, create an IPv4 scope.
B. On Server1, run the Add-IpamServerInventory cmdlet.
C. On Server2, run the Add-DhcpServerInDc cmdlet
D. On both Server1 and Server2, run the Add-DhcpServerv4Policy cmdlet.
E. On Server1, uninstall the DHCP Server server role.
Answer: B,C
Explanation:
B. The Add-IpamServerInventory cmdlet adds a new infrastructure server to the IP Address Management (IPAM) server inventory. Use the fully qualified domain name (FQDN) of the server to add to the server inventory.
C. The Add-DhcpServerInDC cmdlet adds the computer running the DHCP server service to the list of authorized Dynamic Host Configuration Protocol (DHCP) server services in the Active Directory (AD). A DHCP server service running on a domain joined computer needs to be authorized in AD so that it can start leasing IP addresses on the network.
Reference: Add-IpamServerInventory; Add-DhcpServerInDC
Q8. Your network contains two servers named Server1 and Server 2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed.
Server1 hosts a virtual machine named VM1. The virtual machine configuration files and the virtual hard disks for VM1 are stored in D: \VM1.
You shut down VM1 on Server1.
You copy D:\VM1 to D:\VM1 on Server2.
You need to start VM1 on Server2. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Run the Import-VMIntialReplication cmdlet.
B. Create a new virtual machine on Server2 and attach the VHD from VM1 to the new virtual machine.
C. From Hyper-V Manager, run the Import Virtual Machine wizard.
D. Run the Import-IscsiVirtualDisk cmdlet.
Answer: C
Explanation:
Starting in Windows Server 2012, you no longer need to export a virtual machine to be able to import it. You can simply copy a virtual machine and its associated files to the new host, and then use the Import Virtual Machine wizard to specify the location of the files. This registers the virtual machine with Hyper-V and makes it available for use.
In addition to the wizard, the Hyper-V module for Windows PowerShell includes cmdlets for importing virtual machines. For more information, see Import-VM
Reference: Overview of exporting and importing a virtual machine
Q9. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the
DHCP Server server role installed.
DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
You discover that client computers cannot obtain IPv4 addresses from DC1.
You need to ensure that the client computers can obtain IPv4 addresses from DC1.
What should you do?
A. Activate the scope.
B. Authorize DC1.
C. Disable the Allow filters.
D. Disable the Deny filters.
Answer: C
Explanation:
You have enabled the Allow list but haven't entered any MAC addresses, thus everyone is denied. Either Disable the Allow filters or start adding MAC addresses to the Allow filter.
Note: MAC address based filtering allows specific control over which clients have access to DHCP addresses. You can create a list of computers that are allowed to obtain DHCP addresses from the server by adding the client MAC address to the list of allowed client computers. By enabling the allow list, you automatically deny access to the DHCP server addresses to any client computer not on the list.
Reference: DHCP: If the allow list is enabled, MAC address filtering should be populated https://technet.microsoft.com/en-us/library/ee956897(v=ws.10)
Q10. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the Hyper-V server role installed.
The network contains an enterprise certification authority (CA). All servers are enrolled automatically for a certificate-based on the Computer certificate template.
On Server1, you have a virtual machine named VM1. VM1 is replicated to Server2.
You need to encrypt the replication of VM1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On Server1, modify the Hyper-V Settings.
B. On Server2, modify the settings of VM1.
C. On Server2, modify the Hyper-V Settings.
D. On Server1, modify the settings of VM1.
E. On Server1, modify the settings of the virtual switch to which VM1 is connected.
F. On Server2, modify the settings of the virtual switch to which VM1 is connected.
Answer: B,C
Explanation:
B. Each virtual machine that is to be replicated must be enabled for replication (on the replica server – Server2).
C. To configure the Replica server (here Server2) In Hyper-V Manager, click Hyper-V Settings in the Actions pane. In the Hyper-V Settings dialog, click Replication Configuration. In the Details pane, select Enable this computer as a Replica server. In the Authentication and ports section, select the authentication method. For either authentication method, specify the port to be used (the default ports are 80 for Kerberos over HTTP and 443 for certificate-based authentication over HTTPS). If you are using certificate-based authentication, click Select Certificate and provide the request certificate information.
Etc
Reference: Deploy Hyper-V Replica Step 2: Enable Replication
Q11. Your network contains an Active Directory forest. The forest contains one domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
DC1 has all of the operations master roles installed.
You transfer all of the operations master roles to DC2, and then you uninstall Active Directory from DC1.
You need to ensure that you can use Password Settings objects (PSOs) in the domain.
What should you do?
A. Change the domain functional level.
B. Upgrade DC2.
C. Run the dcgpofix.exe command.
D. Transfer the schema master role.
Answer: A
Explanation:
The domain functional level must be Windows Server 2008 to use PSO's
Requirements and special considerations for fine-grained password and account lockout policies:
* Domain functional level: The domain functional level must be set to Windows Server 2008
or higher.
Etc.
Incorrect:
Not B. DC2 is also Windows Server 2008.
Not C. Recreates the default Group Policy Objects (GPOs) for a domain
Not D. Schema isn't up to right level
Reference: AD DS: Fine-Grained Password Policies
http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx
Q12. HOTSPOT
Your network contains an Active Directory domain named contoso.com.
You install the IP Address Management (IPAM) Server feature on a server named Server1
and select Manual as the provisioning method.
The IPAM database is located on a server named SQL1.
You need to configure IPAM to use Group Policy Based provisioning.
What command should you run first?
To answer, select the appropriate options in the answer area.
Answer:
Q13. HOTSPOT
Your network contains one Active Directory forest. The forest has three sites configured as shown in the following table.
The forest contains the site links configured as shown in the following table.
A domain controller named DC2 has an IP address of 192.168.2.2. DC2 and is in Site2.
You run the following cmdlets.
New-ADReplicationSite Site3
New-ADReplacationSubnet –Name “192.168.3.0/24” –Site Site3
Use the drop-down menus to select the answer choice that completes each statement.
Answer:
Q14. HOTSPOT
Your network contains one Active Directory forest named adatum.com. The forest contains a single domain.
The forest contains the domain controllers configured as shown in the following table.
Recently, a domain controller named DC4 was deployed to adatum.com. DC4 is in the Default-First-Site-Name site.
The adatum.com site links are configured as follows.
The schedule for SiteLink1 is shown in the SiteLink1 exhibit. (Click the Exhibit button.)
The schedule for SiteLink2 is shown in the SiteLink2 exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Q15. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed.
You need to make configuration changes to the Windows Token-based Agent role service.
Which tool should you use?
To answer, select the appropriate tool in the answer area.
Answer:
Q16. Your network contains an Active Directory domain named adatum.com. The domain contains two domain controllers that run Windows Server 2012 R2. The domain controllers are configured as shown in the following table.
You log on to DC1 by using a user account that is a member of the Domain Admins group, and then you create a new user account named User1.
You need to prepopulate the password for User1 on DC2.
What should you do first?
A. Connect to DC2 from Active Directory Users and Computers.
B. Add DC2 to the Allowed RODC Password Replication Policy group.
C. Add the User1 account to the Allowed RODC Password Replication Policy group.
D. Run Active Directory Users and Computers as a member of the Enterprise Admins group.
Answer: D
Explanation:
To prepopulate the password cache for an RODC by using Active Directory Users and Computers (see step 1 below).
Administrative credentials: To prepopulate the password cache for an RODC, you must be a member of the Domain Admins group.
Click Start, click Administrative Tools, and then click Active Directory Users and
Computers.
Ensure that Active Directory Users and Computers points to the writable domain
controller that is running Windows Server 2008, and then click Domain Controllers.
In the details pane, right-click the RODC computer account, and then click
Properties.
Click the Password Replication Policy tab.
Click Advanced.
Click Prepopulate Passwords.
Type the name of the accounts whose passwords you want to prepopulate in the
cache for the RODC, and then click OK.
When you are asked if you want to send the passwords for the accounts to the
RODC, click Yes.
Note: You can prepopulate the password cache for an RODC with the passwords of user and computer accounts that you plan to authenticate to it. When you prepopulate the RODC password cache, you trigger the RODC to replicate and cache the passwords for users and computers before the accounts try to log on in the branch office.
Incorrect: Not C. You don't need to add User1 to the Allowed RODC Password Replication Policy group. As a first step you should run Active.Directory Users and Computers as a member of the Domain/Enterprise Admins group.-
Reference: Password Replication Policy Administration
http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre