Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. HOTSPOT
Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2012 R2. All domain controllers have the DNS Server server role installed.
You have a domain controller named DC1.
On DC1, you create an Active Directory-integrated zone named adatum.com and you sign
the zone by using DNSSEC.
You deploy a new read-only domain controller (RODC) named RODC1. You need to ensure that the contoso.com zone replicates to RODC1. What should you configure on DC1?
To answer, select the appropriate tab in the answer area.
Answer:
Q2. DRAG DROP
You plan to deploy a failover cluster that will contain two nodes that run Windows Server
2012 R2.
You need to configure a witness disk for the failover cluster.
How should you configure the witness disk?
To answer, drag the appropriate configurations to the correct location or locations. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q3. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA).
The domain contains a server named Server1 that runs Windows Server 2012 R2. You install the Active Directory Federation Services server role on Server1.
You plan to configure Server1 as an Active Directory Federation Services (AD FS) server. The Federation Service name will be set to adfs1.contoso.com.
You need to identify which type of certificate template you must use to request a certificate for AD FS.
Answer:
Q4. Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 have the Hyper-V server role installed. Server1 and Server2 are configured as Hyper-V replicas of each other.
Server2 hosts a virtual machine named VM5. VM5 is replicated to Server1.
You need to verify whether the replica of VM5 on Server1 is functional. The solution must ensure that VM5 remains accessible to clients.
What should you do from Hyper-V Manager?
A. On Server1, execute a Planned Failover.
B. On Server1, execute a Test Failover.
C. On Server2, execute a Planned Failover.
D. On Server2, execute a Test Failover.
Answer: B
Explanation:
Test Failover (TFO) is an operation initiated on your replica virtual machine (in this scenario on Server1) which allows you to test the sanity of the virtualized workload without interrupting your production workload or ongoing replication.
TFO is performed on the replica virtual machine by right-clicking on the VM and choosing the Test Failover operation (either from the Hyper-V Manager or from the Failover Clustering Manager).
Reference: Types of failover operations in Hyper-V Replica – Part I – Test Failover.
Q5. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
You are creating a central access rule named TestFinance that will be used to audit members of the Authenticated Users group for access failure to shared folders in the finance department.
You need to ensure that access requests are unaffected when the rule is published.
What should you do?
A. Add a User condition to the current permissions entry for the Authenticated Users principal.
B. Set the Permissions to Use the following permissions as proposed permissions.
C. Add a Resource condition to the current permissions entry for the Authenticated Users principal.
D. Set the Permissions to Use following permissions as current permissions.
Answer: B
Explanation:
Proposed permissions enable an administrator to more accurately model the impact of potential changes to access control settings without actually changing them. Reference: Access Control and Authorization Overview http://technet.microsoft.com/en-us/library/jj134043.aspx
Q6. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
You are creating a file management task as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that the Include all folders that store the following kinds of data list displays an entry named Corporate Data.
What should you do?
A. Create a new file group.
B. Create a new classification property.
C. Modify the properties of the System Files file group.
D. Modify the Folder Usage classification property.
Answer: B
Explanation:
Classification properties are used to assign values to files. Reference: Working with File Classification
Q7. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is an enterprise root certification authority (CA) for contoso.com.
Your user account is assigned the certificate manager role and the auditor role on the contoso.com CA. Your account is a member of the local Administrators group on Server1.
You enable CA role separation on Server1.
You need to ensure that you can manage the certificates on the CA.
What should you do?
A. Remove your user account from the local Administrators group.
B. Assign the CA administrator role to your user account.
C. Assign your user account the Bypass traverse checking user right.
D. Remove your user account from the Manage auditing and security log user right.
Answer: D
Explanation:
The separation of CA roles can be enforced using role separation. Once enforced, role separation only allows a user to be assigned a single role. If a user is assigned to more than one role and attempts to perform an operation on the CA, the operation is denied. For this reason, before role separation is enabled, a user should be assigned only one CA role.
Reference: Role Separation
Q8. Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Rights Management Services server role installed.
Your company works with a partner organization that does not have its own Active Directory Rights Management Services (AD RMS) implementation.
You need to create a trust policy for the partner organization.
The solution must meet the following requirements:
. Grant users in the partner organization access to protected content. . Provide users in the partner organization with the ability to create protected content.
Which type of trust policy should you create?
A. A federated trust
B. Windows Live ID
C. A trusted publishing domain
D. A trusted user domain
Answer: A
Explanation:
In AD RMS rights can be assigned to users who have a federated trust with Active
Directory Federation Services (AD FS). This enables an organization to share access to
rights-protected content with another organization without having to establish a separate
Active Directory trust or Active Directory Rights Management Services (AD RMS)
infrastructure.
Incorrect:
Not C. Trusted publishing domains allow one AD RMS server to issue use licenses that
correspond with a publishing license issued by another AD RMS server, but in this scenario
the partner organization does not have any Active Directory.
Not D. A trusted user domain, often referred as a TUD, is a trust between AD RMS
clusters, but in this scenario the partner organization does not have any Active Directory.
Reference: AD RMS and AD FS Considerations
http://technet.microsoft.com/en-us/library/dd772651(v=WS.10).aspx
Q9. You have a server named Server1 that runs Windows Server 2012 R2.
You start Server1 by using Windows RE.
You need to repair the Boot Configuration Data (BCD) store on Server1.
Which tool should you use?
A. Bootim
B. Bootsect
C. Bootrec
D. Bootcfg
Answer: C
Q10. You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2. Cluster1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
You configure a custom service on VM1 named Service1.
You need to ensure that VM1 will be moved to a different node if Service1 fails.
Which cmdlet should you run on Cluster1?
A. Add-ClusterVmMonitoredItem
B. Set-ClusterResourceDependency
C. Enable- VmResourceMetering
D. Add-ClusterGenericServiceRole
Answer: A
Explanation:
* The Add-ClusterVMMonitoredItem cmdlet configures monitoring for a service or an Event Tracing for Windows (ETW) event so that it is monitored on a virtual machine. If the service fails or the event occurs, then the system responds by taking an action based on the failover configuration for the virtual machine resource. For example, the configuration might specify that the virtual machine be restarted or failover.
* The decision on whether to failover or restart on the same node is configurable and determined by the failover properties for the virtual machine.
Reference: Add-ClusterVMMonitoredItem
Q11. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed.
You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2.
You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2.
To which group on Server2 should you add Tech1?
A. IPAM MSM Administrators
B. IPAM Administrators
C. winRMRemoteWMIUsers_
D. Remote Management Users
Answer: C
Explanation:
If you are accessing the IPAM server remotely using Server Manager IPAM client RSAT, then you must be a member of the WinRMRemoteWMIUsers group on the IPAM server, in addition to being a member of the appropriate IPAM security group (or local Administrators group).
Reference: IPAM Deployment Planning, IPAM specifications
Q12. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. All client computers run Windows 8.
You need to configure a custom Access Denied message that will be displayed to users when they are denied access to folders or files on Server1.
What should you configure?
A. A classification property
B. The File Server Resource Manager Options
C. A file management task
D. A file screen template
Answer: B
Explanation:
Access-denied assistance can be configured by using the File Server Resource Manager console on the file server.
Note: Access-denied assistance is a new feature in Windows Server 2012, which provides the following ways to troubleshoot issues that are related to access to files and folders:
* Self-assistance. If a user can determine the issue and remediate the problem so that they can get the requested access, the impact to the business is low, and no special exceptions are needed in the central access policy. Access-denied assistance provides an access-denied message that file server administrators can customize with information specific to their organizations. For example, an administrator could set the message so that users can request access from a data owner without involving the file server administrator.
Reference: Scenario: Access-Denied Assistance
Q13. Your network contains an Active Directory domain named contoso.com. The domain contains two sites named Site1 and Site2 and two domain controllers named DC1 and DC2. Both domain controllers are located in Site1.
You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2.
A technician connects DC3 to Site2.
You discover that users in Site2 are authenticated by all three domain controllers.
You need to ensure that the users in Site2 are authenticated by DC1 or DC2 only if DC3 is unavailable.
What should you do?
A. From Network Connections, modify the IP address of DC3.
B. In Active Directory Sites and Services, modify the Query Policy of DC3.
C. From Active Directory Sites and Services, move DC3.
D. In Active Directory Users and Computers, configure the insDS-PrimaryComputer attribute for the users in Site2.
Answer: C
Explanation:
DC3 needs to be moved to Site2 in AD DS
Incorrect:
Not A. Modifying IP will not affect authentication
Not B. A query policy prevents specific Lightweight Directory Access Protocol (LDAP)
operations from adversely impacting the performance of the domain controller and also
makes the domain controller more resilient to denial-of-service attacks.
Reference: Move a domain controller between sites
http://technet.microsoft.com/en-us/library/cc759326(v=ws.10).aspx
Q14. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.
You configure File Services and DHCP as clustered resources for Cluster1. Server1 is the active node for both clustered resources.
You need to ensure that if two consecutive heartbeat messages are missed between Server1 and Server2, Server2 will begin responding to DHCP requests. The solution must ensure that Server1 remains the active node for the File Services clustered resource for up to five missed heartbeat messages.
What should you configure?
A. Affinity-None
B. Affinity-Single
C. The cluster quorum settings
D. The failover settings
E. A file server for general use
F. The Handling priority
G. The host priority
H. Live migration
I. The possible owner
J. The preferred owner
K. Quick migration
L. the Scale-Out File Server
Answer: D
Explanation:
The number of heartbeats that can be missed before failover occurs is known as the heartbeat threshold. Heartbeat threshold is failover clustering setting.
Reference: Tuning Failover Cluster Network Thresholds
http://technet.microsoft.com/en-us/library/dn265972.aspx
http://technet.microsoft.com/en-us/library/dd197562(v=ws.10).aspx
http://blogs.msdn.com/b/clustering/archive/2012/11/21/10370765.aspx
Q15. HOTSPOT
Your network contains an Active Directory forest named contoso.com that contains a single
domain. The forest contains three sites named Site1, Site2, and Site3.
Domain controllers run either Windows Server 2008 R2 or Windows Server 2012 R2.
Each site contains two domain controllers. Site1 and Site2 contain a global catalog server.
You need to create a new site link between Site1 and Site2. The solution must ensure that
the site link supports the replication of all the naming contexts.
From which node should you create the site link?
To answer, select the appropriate node in the answer area.
Answer:
Q16. DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server3. The network contains a standalone server named Server2.
All servers run Windows Server 2012 R2. The servers are configured as shown in the following table.
Server3 hosts an application named App1. App1 is accessible internally by using the URL https://app1.contoso.com. App1 only supports Integrated Windows authentication.
You need to ensure that all users from the Internet are pre-authenticated before they can access App1.
What should you do?
To answer, drag the appropriate servers to the correct actions. Each server may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer: