Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. The servers have the Hyper-V server role installed.
A certification authority (CA) is available on the network.
A virtual machine named vml.contoso.com is replicated from Server1 to Server2. A virtual
machine named vm2.contoso.com is replicated from Server2 to Server1.
You need to configure Hyper-V to encrypt the replication of the virtual machines.
Which common name should you use for the certificates on each server?
To answer, configure the appropriate common name for the certificate on each server in
the answer area.
Answer:
Q2. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. The File Server Resource Manager role service is installed on Server1. All servers run Windows Server 2012 R2.
A Group Policy object (GPO) named GPO1 is linked to the organizational unit (OU) that contains Server1. The following graphic shows the configured settings in GPO1.
Server1 contains a folder named Folder1. Folder1 is shared as Share1.
You attempt to configure access-denied assistance on Server1, but the Enable access-denied assistance option cannot be selected from File Server Resource Manager.
You need to ensure that you can configure access-denied assistance on Server1 manually by using File Server Resource Manager.
Which two actions should you perform?
A. Set the Enable access-denied assistance on client for all file types policy setting to Disabled for GPO1.
B. Set the Customize message for Access Denied errors policy setting to Not Configured for GPO1.
C. Set the Enable access-denied assistance on client for all file types policy setting to Enabled for GPO1.
D. Set the Customize message for Access Denied errors policy setting to Enabled for GPO1.
Answer: C,D
Explanation:
C. To configure access-denied assistance for all file types by using Group Policy . Open Group Policy Management. In Server Manager, click Tools, and then click
Group Policy Management. . Right-click the appropriate Group Policy, and then click Edit. . Click Computer Configuration, click Policies, click Administrative Templates, click
System, and then click Access-Denied Assistance.
Right-click Enable access-denied assistance on client for all file types, and then
click Edit.
Click Enabled, and then click OK.
D. To configure access-denied assistance by using Group Policy (see step 5)
Open Group Policy Management. In Server Manager, click Tools, and then click
Group Policy Management.
Right-click the appropriate Group Policy, and then click Edit.
Click Computer Configuration, click Policies, click Administrative Templates, click
System, and then click Access-Denied Assistance.
Right-click Customize message for Access Denied errors, and then click Edit.
Select the Enabled option.
Etc Reference: Deploy Access-Denied Assistance (Demonstration Steps) http://technet.microsoft.com/en-us/library/hh831402.aspx
Q3. Your network contains an Active Directory domain named adatum.com. The domain contains a file server named FS1 that runs Windows Server 2012 R2 and has the File Server Resource Manager role service installed. All client computers run Windows 8.
File classification and Access-Denied Assistance are enabled on FS1.
You need to ensure that if users receive an Access Denied message, they can request assistance by email from the Access Denied dialog box.
What should you configure?
A. A file management task
B. A classification property
C. The File Server Resource Manager Options
D. A report task
Answer: C
Explanation:
You can configure access-denied assistance individually on each file server by using the File Server Resource Manager console.
Note:
To configure access-denied assistance by using File Server Resource Manager
Open File Server Resource Manager. In Server Manager, click Tools, and then
click File Server Resource Manager.
Right-click File Server Resource Manager (Local), and then click Configure
Options.
Click the Access-Denied Assistance tab.
Select the Enable access-denied assistance check box.
In the Display the following message to users who are denied access to a folder or
file box, type a message that users will see when they are denied access to a file
or folder.
You can add macros to the message that will insert customized text.
Click Configure email requests, select the Enable users to request assistance
check box, and then click OK.
Click Preview if you want to see how the error message will look to the user.
Click OK.
Reference: Deploy Access-Denied Assistance (Demonstration Steps)
Q4. DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains four member servers named Server1, Server2, Server3, and Server4. Server1 and Server2 run Windows Server 2008 R2.
Server1 and Server2 have the Hyper-V server role and the Failover Clustering feature installed. Failover
Clustering is configured to provide highly available virtual machines by using a cluster
named Cluster1.
Cluster1 hosts 10 virtual machines.
Server3 and Server4 run Windows Server 2012 R2.
You install the Hyper-V server role and the Failover Clustering feature on Server3 and Server4. You create a cluster named Cluster2.
You need to migrate cluster resources from Cluster1 to Cluster2. The solution must minimize downtime on the virtual machines.
Which five actions should you perform?
To answer, move the appropriate five actions from the list of actions to the answer area
and arrange them in the correct order.
Answer:
Q5. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed.
You need to configure Server1 to resolve queries for single-label DNS names.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Run the Set-DNSServerGlobalNameZone cmdlet.
B. Modify the DNS suffix search list setting.
C. Modify the Primary DNS Suffix Devolution setting.
D. Create a zone named “.”.
E. Create a zone named GlobalNames.
F. Run the Set-DNSServerRootHint cmdlet.
Answer: A,E
Explanation:
Deploying a GlobalNames zone
The specific steps for deploying a GlobalNames zone can vary somewhat, depending on
the AD DS topology of your network.
Step 1: Create the GlobalNames zone (E)
Step 2: Enable GlobalNames zone support (A)
The Set-DnsServerGlobalNameZone cmdlet enables or disables single-label Domain
Name System (DNS) queries. It also changes configuration settings for a GlobalNames
zone.
Etc.
Reference: Deploying a GlobalNames Zone; Set-DnsServerGlobalNameZone
http://technet.microsoft.com/en-us/library/cc731744.aspx
http://technet.microsoft.com/en-us/library/jj649907(v=wps.620).aspx
Q6. Your network contains one Active Directory domain. The domain contains two Hyper-V
hosts named Host1 and Host2 that run Windows Server 2012 R2.
Host1 contains a virtual machine named VM1.
You plan to move VM1 to Host2.
You need to generate a report that lists any configuration issues on Host2 that will prevent
VM1 from being moved successfully.
Which cmdlet should you use?
A. Move-VM
B. Test-VHD
C. Debug-VM
D. Compare-VM
Answer: C
Reference: Technet, Compare-VM https://technet.microsoft.com/en-us/library/hh848612(v=wps.630).aspx
Q7. HOTSPOT
Your company has a primary data center and a disaster recovery data center.
The network contains an Active Directory domain named contoso.com. The domain
contains a server named that runs Windows Server 2012 R2. Server1 is located in the
primary data center.
Server1 has an enterprise root certification authority (CA) for contoso.com.
You deploy another server named Server2 to the disaster recovery data center.
You plan to configure Server2 as a secondary certificate revocation list (CRL) distribution point.
You need to configure Server2 as a CRL distribution point (CDP).
Which tab should you use to configure the required CDP entry? To answer, select the appropriate tab in the answer area.
Answer:
Q8. Your network contains one Active Directory forest named contoso.com. The forest contains two child domains and six domain controllers. The domain controllers are configured as shown in the following table.
You need to prevent administrators from accidentally deleting any of the sites in the forest. What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Answer: B
Explanation: The Set-ADReplicationSite sets the replication properties for an Active
Directory site.
Parameter: -ProtectedFromAccidentalDeletion<Boolean>
Specifies whether to prevent the object from being deleted. When this property is set to
$True, you cannot delete the corresponding object without changing the value of the
property. The acceptable values for this parameter are:
-- $False or 0
-- $True or 1
Reference: Technet, Set-ADReplicationSite
https://technet.microsoft.com/en-us/library/hh852305(v=wps.630).aspx
Q9. Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
Server1 and Seiver2 are nodes in a Network Load Balancing (NLB) cluster. The NIB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com.
You plan to perform maintenance on Server1.
You need to ensure that all new connections to App1 are directed to Server2. The solution must not disconnect the existing connections to Server1.
What should you run?
A. The Stop-NlbCluster cmdlet
B. The nlb.exe stop command
C. The Suspend-NlbCluster cmdlet
D. The nlb.exe suspend command
Answer: A
Explanation:
The Stop-NlbClusterNode cmdlet stops a node in an NLB cluster. When you use the stop the nodes in the cluster, client connections that are already in progress are interrupted. To avoid interrupting active connections, consider using the -drain parameter, which allows the node to continue servicing active connections but disables all new traffic to that node.
Q10. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1. Both servers connect to the same switch.
Cluster1 hosts a secure web Application named WebApp1. WebApp1 saves user state information in a central database.
You need to ensure that the connections to WebApp1 are distributed evenly between the nodes. The solution must minimize port flooding.
What should you configure? To answer, configure the appropriate affinity and the appropriate mode for Cluster1 in the answer area.
Answer:
Q11. DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2.
All domain user accounts have the Division attribute automatically populated as part of the user provisioning process. The Support for Dynamic Access Control and Kerberos armoring policy is enabled for the domain.
You need to control access to the file shares on Server1 based on the values in the Division attribute and the Division resource property.
Which three actions should you perform in sequence?
Answer:
Q12. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 is an enterprise root certification authority (CA) for contoso.com.
You need to ensure that the members of a group named Group1 can request code signing certificates. The certificates must be issued automatically to the members.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. From Certificate Templates, modify the certificate template.
B. From Certification Authority, add a certificate template to be issued.
C. From Certificate Authority, modify the CA properties.
D. From Certificate Templates, duplicate a certificate template.
E. From Certificate Authority, stop and start the Active Directory Certificate Services (AD CS) service.
Answer: A,D
Explanation:
Explanation/Reference:
Best Practices include: Duplicate new templates from existing templates closest in function
to the intended template.
New certificate templates are duplicated from existing templates. Many settings are copied
from the original template. Because of this, duplicating one template to another of a totally
different type may carry over some unintended settings. When duplicating a template,
examine the subject type of the original template and ensure that you duplicate one that
has a similar function to that of the intended template. Although most settings for certificate
templates can be edited once the template is duplicated, the subject type cannot be
changed.
Reference: Deploying Certificate Templates
https://technet.microsoft.com/en-us/library/cc770794%28v=ws.10%29.aspx
Q13. Your network contains an Active Directory forest named adatum.com. The forest contains an Active Directory Rights Management Services (AD RMS) cluster.
A partner company has an Active Directory forest named litwareinc.com. The partner company does not have AD RMS deployed.
You need to ensure that users in litwareinc.com can consume rights-protected content from adatum.com.
Which type of trust policy should you create?
A. At federated trust
B. A trusted user domain
C. A trusted publishing domain
D. Windows Live ID
Answer: A
Explanation:
In AD RMS rights can be assigned to users who have a federated trust with Active Directory Federation Services (AD FS). This enables an organization to share access to rights-protected content with another organization without having to establish a separate Active Directory trust or Active Directory Rights Management Services (AD RMS) infrastructure.
Reference: AD RMS and AD FS Considerations
http://technet.microsoft.com/en-us/library/dd772651(v=WS.10).aspx
Q14. You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server 2012 R2.
You need to schedule the installation of Windows updates on the cluster nodes.
Which tool should you use?
A. the Add-CauClusterRole cmdlet
B. the Wusa command
C. the Wuauclt command
D. the Invoke-CauScan cmdlet
Answer: A
Explanation:
To enable self-updating mode, the CAU clustered role must also be added to the failover cluster. To do this by using the CAU UI, under Cluster Actions, use the Configure Self-Updating Options action. Alternatively, run the Add-CauClusterRole Windows PowerShell cmdlet.
Note: The process for installing service packs and hotfixes on Windows Server 2012 differs from the process in earlier versions. In Windows Server 2012, you can use the Cluster-Aware Updating (CAU) feature. CAU automates the software-updating process on clustered servers while maintaining availability.
Reference: Cluster-Aware Updating Overview
Q15. You have a server named Server1 that runs Windows Server 2012 R2.
You have a subscription to Windows Azure.
You need to register the Microsoft Azure Backup Agent on Server1.
What should you do first?
A. Install the Microsoft System Center 2012 Data Protection Manager (DPM) agent.
B. Create a backup vault.
C. Create Site Recovery vault.
D. Configure a passphrase for the Azure Backup Agent.
Answer: B
Explanation: To back up files and data from your Windows Server to Azure, you must create a backup vault in the geographic region where you want to store the data. The main steps include:
* the creation of the vault you will use to store backups
* downloading a vault credential
* the installation of a backup agent
Reference: Configure Azure Backup to quickly and easily back up Windows Server
https://azure.microsoft.com/sv-se/documentation/articles/backup-configure-vault/
Q16. DRAG DROP
Your network contains an Active Directory domain named contoso.com. All file servers in the domain run Windows Server 2012 R2.
The computer accounts of the file servers are in an organizational unit (OU) named OU1. A Group Policy object (GPO) named GPO1 is linked to OU1.
You plan to modify the NTFS permissions for many folders on the file servers by using central access policies.
You need to identify any users who will be denied access to resources that they can currently access once the new permissions are implemented.
In which order should you Perform the five actions?
Answer: