Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 6)
This question consists of two statements: One is named Assertion and the other is named Reason. Both of these statements may be true; both may be false; or one may be true, while the other may be false.
To answer this question, you must first evaluate whether each statement is true on its own. If both statements are true, then you must evaluate whether the Reason (the second statement) correctly explains the Assertion (the first statement). You will then select the answer from the list of answer choices that matches your evaluation of the two statements.
Assertion:
You must host the DNS zone research.contoso.com on MADSRV1.
Reason:
You must host Domain Name System Security Extensions (DNSSEQ zones on Active Directory Domain Services-integrated DNS servers.
Evaluate the Assertion and Reason statements and choose the correct answer option.
A. Both the Assertion and Reason are true, and the Reason is the correct explanation for the Assertion,
B. Both the Assertion and Reason are true, but the Reason is not the correct explanation for the Assertion.
C. The Assertion is true, but the Reason is false.
D. The Assertion is false, but the Reason is true.
E. Both the Assertion and the Reason are false.
Answer: C
Q2. - (Topic 6)
You need To configure the Group Policy for salespeople.
Solution: You move all shared desktops to a separate organizational unit (OU). You create one Group Policy object (GPO) that has an AppLocker policy rule and enable loopback policy processing within the GPO. You link the GPO to the new OU.
Does this meet the goal?
A. Yes
B. No
Answer: B
Q3. - (Topic 3)
You need to ensure that NAP meets the technical requirements.
Which role services should you install?
A. Network Policy Server, Health Registration Authority and Host Credential Authorization Protocol
B. Health Registration Authority, Host Credential Authorization Protocol and Online Responder
C. Certification Authority, Network Policy Server and Health Registration Authority
D. Online Responder, Certification Authority and Network Policy Server
Answer: C
Explanation:
* Scenario:
Implement Network Access Protection (NAP).
Ensure that NAP with IPSec enforcement can be configured.
* Health Registration Authority
Applies To: Windows Server 2008 R2, Windows Server 2012
Health Registration Authority (HRA) is a component of a Network Access Protection (NAP)
infrastructure that plays a central role in NAP Internet Protocol security (IPsec)
enforcement.
HRA obtains health certificates on behalf of NAP clients when they are compliant with
network health requirements. These health certificates authenticate NAP clients for IPsec-protected communications with other NAP clients on an intranet. If a NAP client does not
have a health certificate, the IPsec peer authentication fails and the NAP client cannot
initiate communication with other IPsec-protected computers on the network.
HRA is installed on a computer that is also running Network Policy Server (NPS) and
Internet
Information Services (IIS). If they are not already installed, these services will be added when you install HRA.
Reference: Health Registration Authority
Q4. - (Topic 8)
Your company has three offices. The offices are located in New York, Chicago, and Atlanta.
The network contains an Active Directory domain named contoso.com that has three Active Directory sites named Site1, Site2,and Site3. The New York office is located in Site1. The Chicago office is located in Site2. The Atlanta office is located in Site3. There is a local IT staff to manage the servers in each site. The current domain controllers are configured as shown in the following table.
The company plans to open a fourth office in Montreal that will have a corresponding Active Directory site. Because of budget cuts, a local IT staff will not be established for the Montreal site.
The Montreal site has the following requirements:
. Users must be able to authenticate locally.
. Users must not have the ability to log on to the domain controllers.
. Domain account passwords must not be obtained from servers in the Montreal
site. . Network bandwidth between the Montreal site and the other sites must be minimized. . Users in the Montreal office must have access to applications by using Remote Desktop Services (RDS).
You need to recommend a solution for the servers in the Montreal site.
What should you recommend?
A. Only install a domain controller in the Montreal site that has a Server Core installation of Windows Server 2012.
B. Install a read-only domain controller (RODC) in the New York site.
C. Install a read-only domain controller (RODC) in the Montreal site. Install a member server in the New York site to host additional server roles.
D. Install a domain controller in the Montreal site that has a Server Core installation of Windows Server 2012. Install a member server in the Montreal site to host additional server roles,
Answer: C
Q5. - (Topic 8)
You plan to simplify the organizational unit (OU) structure for a company. You must consolidate all member servers in the domain to a single OU named MemberServers.
You need to apply Group Policy settings for servers that meet the following criteria:
Server operating systems: Windows Server 2012
Server hardware platform: 64-bit
Server memory: less than 16 6B of RAM
Solution: You create a WMI filter action that includes the following query:
Does this meet the goal?
A. Yes
B. No
Answer: A
Q6. - (Topic 7)
You have an IP Address Management (IPAM) server that runs Windows Server 2012 SP1. You need to integrate the IPAM server with System Center Virtual Machine Manager (SCVMM).
Solution: You create a dedicated user account named IPAM_svc, and add it to the Local Administrators local group on the SO/MM server.
Does this meet the goal?
A. Yes
B. No
Answer: B
Reference: How to integrate IPAM with SCVMM 2012 R2
Q7. - (Topic 8)
Your network contains an Active Directory forest. The forest contains two Active Directory domains named contoso.com and child.contoso.com. The forest functional level is Windows Server 2003. The functional level of both domains is Windows Server 2008.
The forest contains three domain controllers. The domain controllers are configured as shown in the following table.
DC1 and DC2 have the DNS Server server role installed and are authoritative for both contoso.com and child.contoso.com.
The child.contoso.com domain contains a server named serverl.child.contoso.com that runs Windows Server 2012.
You plan to deploy server1.child.contoso.com as a read-only domain controller (RODC).
You run the adprep.exe /rodcprep command on DC3 and receive the following error message:
You need to identify what prevents you from successfully running Adprep /rodcprep on DC3.
What should you identify?
A. The domain functional level of child.contoso.com is set to the wrong level.
B. DC3 cannot connect to the infrastructure master on DC2.
C. DC3 cannot connect to the domain naming master on DC1.
D. The forest functional level is set to the wrong level.
Answer: B
Explanation: Adprep could not contact a replica…
This problem occurs when the Adprep /rodcprep command tries to contact the
infrastructure master for each application partition in the forest.
Reference: Error message when you run the "Adprep /rodcprep" command in Windows
Server 2008: "Adprep could not contact a replica for partition
DC=DomainDnsZones,DC=Contoso,DC=com"
Q8. - (Topic 3)
You need to implement the technical requirements for the boston.litwareinc.com domain.
Which tools should you use?
A. Gpfixup and Gpupdate
B. Rendom and Gpfixup
C. Gpupdate and Dcgpofix
D. Adprep and Rendom
Answer: B
Explanation:
Minimize the amount of administrative effort whenever possible Rename boston.litwareinc.com domain to bos.litwareinc.com
* Rendom.exe is a command-line tool that is used to rename Active Directory domains.
Reference: Rendom
Q9. - (Topic 8)
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Network Policy Server server role installed.
You configure Server1 as part of a Network Access Protection (NAP) solution that uses the
802.lx enforcement method,
You add a new switch to the network and you configure the switch to use 802.lx authentication.
You need to ensure that only compliant client computers can access network resources through the new switch.
What should you do on Server1?
A. Add the IP address of each new switch to a remediation server group.
B. Add the IP address of each new switch to the list of RADIUS clients.
C. Add the IP address of each new switch to a connection request policy as an Access Client IPv4 Address.
D. Add the IP address of each new switch to a remote RADIUS server group.
Answer: B
Explanation: 802.1X and RADIUS-compliant APs (Acess Points), when they are deployed in a RADIUS infrastructure with a RADIUS server such as an NPS server, are called RADIUS clients.
Q10. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. All servers run either Windows Server 2008 R2 or Windows Server 2012.
Your company uses IP Address Management (IPAM) to manage multiple DHCP servers.
A user named User1 is a member of the IPAM Users group and is a member of the local Administrators group on each DHCP server.
When User1 edits a DHCP scope by using IPAM, the user receives the error message shown in the exhibit. (Click the Exhibit button.)
You need to prevent User1 from receiving the error message when editing DHCP scopes by using IPAM.
What should you do?
A. Add User1 to the DHCP Administrators group on each DHCP server.
B. Add User1 to the IPAM Administrators group.
C. Run the Set-IpamServerConfig cmdlet.
D. Run the Invoke-IpamGpoProvisioning cmdlet.
Answer: B
Explanation:
IPAM Administrators: IPAM Administrators have the privileges to view all IPAM data and perform all IPAM tasks.
Reference: Walkthrough: Demonstrate IPAM in Windows Server 2012
http://technet.microsoft.com/en-us/library/hh831622.aspx
Q11. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The functional level of the domain and the forest is Windows Server 2008 R2.
All domain controllers run Windows Server 2008 R2.
You plan to deploy a new line-of-business application named App1 that uses claims-based authentication.
You need to recommend changes to the network to ensure that Active Directory can provide claims for App1.
What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.)
A. From the properties of the computer accounts of the domain controllers, enable Kerberos constrained delegation.
B. From the Default Domain Controllers Policy, enable the Support for Dynamic Access Control and Kerberos armoring setting.
C. Deploy Active Directory Lightweight Directory Services (AD LDS).
D. Raise the domain functional level to Windows Server 2012.
E. Add domain controllers that run Windows Server 2012.
Answer: B,E
Explanation: E: You must perform several steps to enable claims in Server 2012 AD. First, you must upgrade the forest schema to Server 2012. You can do so manually through Adprep, but Microsoft strongly recommends that you add the AD DS role to a new Server 2012 server or upgrade an existing DC to Server 2012.
B: Once AD can support claims, you must enable them through Group Policy:
. From the Start screen on a system with AD admin rights, open Group Policy Management and select the Domain Controllers Organizational Unit (OU) in the domain in which you wish to enable claims.
. Right-click the Default Domain Controllers Policy and select Edit.
. In the Editor window, drill down to Computer Configuration, Policies, Administrative
Templates, System, and KDC (Key Distribution Center). . Open.KDC support for claims, compound authentication, and Kerberos armoring. . Select the Enabled radio button..Supported.will appear under.Claims, compound
authentication for Dynamic Access Control and Kerberos armoring options
Reference: Enable Claims Support in Windows Server 2012 Active Directory
Q12. - (Topic 8)
Your network contains an Active Directory forest. The forest contains a single domain. The forest has five Active Directory sites. Each site is associated to two subnets.
You add a site named Site6 that contains two domain controllers. Site6 is associated to one subnet.
You need to verify whether replication to the domain controllers in Site6 completes successfully.
Which two possible commands can you use to achieve the goal? Each correct answer presents a complete solution.
A. Get-ADReplicationSubnet
B. Get-ADReplicationUpToDatenessVectorTable
C. repadmin /showattr
D. Get-ADReplicationSite1ink
E. repadmin /showrepl
Answer: B,E
Explanation: B: The Get-ADReplicationUpToDatenessVectorTable cmdlet displays the highest Update Sequence Number (USN) for the specified domain controller(s). This information shows how up-to-date a replica is with its replication partners. During replication, each object that is replicated has USN and if the object is modified, the USN is incremented. The value of the USN for a given object is local to each domain controller where it has replicated are number is different on each domain controller.
E: The repadmin /showrepl command helps you understand the replication topology and replication failures. It reports status for each source domain controller from which the destination has an inbound connection object. The status report is categorized by directory partition.
Q13. DRAG DROP - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2008 R2. Server1 is a file server.
You deploy a new member server named Server2 that runs Windows Server 2012.
You plan to migrate file shares from Server1 to Server2. File share and NTFS permissions are assigned only to domain local groups.
You need to identify which actions are required to perform the migration.
Which five actions should you identify?
To answer, move the five appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q14. - (Topic 8)
Your network contains 50 servers that run Windows Server 2003 and 50 servers that run Windows Server 2008.
You plan to implement Windows Server 2012.
You need to create a report that includes the following information:
. The servers that run applications and services that can be moved to Windows
Server 2012
. The servers that have hardware that can run Windows Server 2012
. The servers that are suitable to be converted to virtual machines hosted on Hyper-
V hosts that run Windows Server 2012
What should you do?
A. From an existing server, run the Microsoft Application Compatibility Toolkit (ACT).
B. Install Windows Server 2012 on a new server, and then run the Windows Server Migration Tools.
C. Install Windows Server 2012 on a new server, and then run Microsoft Deployment Toolkit (MDT) 2012.
D. From an existing server, run the Microsoft Assessment and Planning (MAP) Toolkit.
Answer: D
Explanation:
The Microsoft Assessment and Planning Toolkit (MAP) is an agentless, automated, multiproduct planning and assessment tool for quicker and easier desktop, server and cloud migrations. MAP provides detailed readiness assessment reports and executive proposals with extensive hardware and software information, and actionable recommendations to help organizations accelerate their IT infrastructure planning process, and gather more detail on assets that reside within their current environment. MAP also provides server utilization data for Hyper-V server virtualization planning; identifying server placements, and performing virtualization candidate assessments, including ROI analysis for server consolidation with Hyper-V. The latest version of the MAP Toolkit adds new scenarios to help you plan your IT future while supporting your current business needs. Included scenarios help you to: Plan your deployment of Windows 8 and Windows Server 2012 with hardware and infrastructure readiness assessments Assess your environment for Office 2013 Plan your migration to Windows Azure Virtual Machines Track Lync Enterprise/Plus usage Size your desktop virtualization needs for both Virtual Desktop Infrastructure (VDI) and session based virtualization using Remote Desktop Services Ready your information platform for the cloud with SQL Server 2012 Virtualize your existing Linux servers onto Hyper-V Identify opportunities to lower your virtualization costs with Hyper-V using the VMware migration assessment MAP is just one of the tools provided by the Microsoft Solution Accelerators team. The Microsoft Assessment and Planning Toolkit, Microsoft Deployment Toolkit, and Security Compliance Manager provide tested guidance and automated tools to help organizations plan, securely deploy, and manage new Microsoft technologies—easier, faster, and at less cost. All are freely available, and fully-supported by Microsoft.
Reference: Microsoft Assessment and Planning Toolkit
Q15. - (Topic 8)
Your network contains an Active Directory domain.
You plan to implement a remote access solution that will contain three servers that run Windows Server 2012. The servers will be configured as shown in the following table.
Server1 will support up to 200 concurrent VPN connections.
You need to ensure that all VPN connection requests are authenticated and authorized by either Server2 or Server3. The solution must ensure that the VPN connections can be authenticated if either Server2 or Server3 fails.
What should you do?
A. On Server1, configure a RADIUS proxy. On Server2 and Server3, add a RADIUS client.
B. On Server2 and Server3, add a RADIUS client. On Server1, modify the Authentication settings.
C. On Server1, configure a RADIUS proxy. Add Server2 and Server3 to a failover cluster.
D. Add Server2 and Server3 to a Network Load Balancing (NLB) cluster. On Server1, modify the Authentication settings.
Answer: B
Explanation:
* A network access server (NAS) is a device that provides some level of access to a larger network. A NAS using a RADIUS infrastructure is also a RADIUS client, sending connection requests and accounting messages to a RADIUS server for authentication, authorization, and accounting.
* Client computers, such as wireless portable computers and other computers running client operating systems, are not RADIUS clients. RADIUS clients are network access
servers—such as wireless access points, 802.1X-capable switches, virtual private network (VPN) servers, and dial-up servers—because they use the RADIUS protocol to communicate with RADIUS servers such as Network Policy Server (NPS) servers.
Reference: RADIUS Client
http://technet.microsoft.com/en-us/library/cc754033.aspx