Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. OTSPOT
You have a server named Server1 that has the Web Server (IIS) server role installed. You obtain a Web Server certificate.
You need to configure a website on Server1 to use Secure Sockets Layer (SSL). To which store should you import the certificate?
To answer, select the appropriate store in the answer area.
Answer:
Q2. Your network contains an Active Directory domain named contoso.com. The domain contains four servers. The servers are configured as shown in the following table.
You plan to deploy an enterprise certification authority (CA) on a server named Servers. Server5 will be used to issue certificates to domain-joined computers and workgroup computers.
You need to identify which server you must use as the certificate revocation list (CRL) distribution point for Server5.
Which server should you identify?
A. Server1
B. Server3
C. Server4
D. Server2
Answer: B
Explanation:
CDP (and AD CS) always uses a Web Server NB: this CDP must be accessible from outside the AD, but here we don't have to wonder about that as there's only one web server.
http://technet.microsoft.com/fr-fr/library/cc782183%28v=ws.10%29.aspx
Selecting a CRL Distribution Point Because CRLs are valid only for a limited time, PKI clients need to retrieve a new CRL periodically. Windows Server 2003 PKI Applications look in the CRL distribution point extension for a URL that points to a network location from which the CRL object can be retrieved. Because CRLs for enterprise CAs are stored in Active Directory, they can be accessed by means of LDAP. In comparison, because CRLs for stand-alone CAs are stored in a directory on the server, they can be accessed by means of HTTP, FTP, and so on as long as the CA is online. Therefore, you should set the CRL distribution point after the CA has been installed.
The system account writes the CRL to its distribution point, whether the CRL is published manually or is published according to an established schedule. Therefore you must ensure that the system accounts for CAs have permission to write to the CRL distribution point. Because the CRL path is also included in every certificate, you must define the CRL location and its access path before deploying certificates. If an Application performs revocation checking and a valid CRL is not available on the local computer, it rejects the certificate.
You can modify the CRL distribution point by using the Certification Authority MMC snap-in. In this way, you can change the location where the CRL is published to meet the needs of users in your organization. You must move the CRL distribution point from the CA configuration folder to a Web server to change the location of the CRL, and you must move each new CRL to the new distribution point, or else the chain will break when the previous CRL expires.
Note On root CAs, you must also modify the CRL distribution point in the CAPolicy.inf file so that the root CA certificate references the correct CDP and AIA paths, if specified. If you are using certificates on the Internet, you must have at least one HTTPs-accessible location for all certificates that are not limited to internal use.
http://technet.microsoft.com/en-us/library/cc771079.aspx Configuring Certificate Revocation It is not always possible to contact a CA or other trusted server for information about the validity of a certificate. To effectively support certificate status checking, a client must be able to access revocation data to determine whether the certificate is valid or has been revoked. To support a variety of scenarios, Active Directory Certificate Services (AD CS) supports industry-standard methods of certificate revocation. These include publication of certificate revocation lists (CRLs) and delta CRLs, which can be made available to clients from a variety of locations, including Active Directory Domain Services (AD DS), Web servers, and network file shares.
Q3. You have decided to install Windows Server 2012 R2 by choosing the Service Core Installation option.
If you want to install, configure or uninstall server roles remotely, what tool would you use?
A. Windows PowerShell
B. Any of these
C. Server Manager
D. Remote Server Administration Tools (RSAT)
Answer: B
Explanation:
Initial Answer: Windows PowerShell (Only PowerShell can be used to manage server roles remotely to a server core installation.) => FALSE Since 2012, remote installations of server roles to a Core installation are allowed i've just done it, screenshots as proof:
Then, i just had to use Enable-NetFirewallRule to allow remote management using MMC And i can see my FSRM role was correctly remotely installed on my Core Installation (and is remotely managed using FSRM MMC):
Q4. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC5. DC5 has a Server Core Installation of Windows Server 2012 R2.
You need to uninstall Active Directory from DC5 manually.
Which tool should you use?
A. The Remove-ADComputercmdlet
B. The ntdsutil.exe command
C. The dsamain.exe command
D. The Remove-WindowsFeaturecmdlet
Answer: D
Explanation: http://technet.microsoft.com/en-us/library/hh472163.aspx#BKMK_RemoveSM http://technet.microsoft.com/en-us/library/cc732257.aspx#BKMK_powershell
Q5. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. Cluster1 hosts 10 virtual machines. All of the virtual machines run Windows Server 2012 R2 and are members of the domain.
You need to ensure that the first time a service named Service1 fails on a virtual machine, the virtual machine is moved to a different node.
You configure Service1 to be monitored from Failover Cluster Manager.
What should you configure on the virtual machine?
A. From the General settings, modify the Startup type.
B. From the Recovery settings of Service1, set the First failure recovery action to Take No Action.
C. From the Recovery settings of Service1, set the First failure recovery action to Restart the Service.
D. From the General settings, modify the Service status.
Answer: B
Explanation:
C. Configure the virtual machine to take no action through Hyper-V if the physical computer shuts down by modifying the Automatic Stop Action setting to None. Virtual machine state must be managed through the Failover Clustering feature. http://technet.microsoft.com/en-us/library/cc742396.aspx http://windowsitpro.com/windows-server-2012/enable-windows-server-2012-failover-cluster-hyper-v-vmmonitoring
Q6. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the Hyper-V server role installed.
The network contains an enterprise certification authority (CA). All servers are enrolled automatically for a certificate-based on the Computer certificate template.
On Server1, you have a virtual machine named VM1. VM1 is replicated to Server2.
You need to encrypt the replication of VM1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On Server2, modify the Hyper-V Settings.
B. On Server1, modify the settings of VM1.
C. On Server2, modify the settings of VM1.
D. On Server1, modify the settings of the virtual switch to which VM1 is connected.
E. On Server1, modify the Hyper-V Settings.
F. On Server2, modify the settings of the virtual switch to which VM1 is connected.
Answer: A,B
Explanation: Once you change the Hyper-V Settings of Server 2 to encrypt replications with a certificate, you then need to change the replication information of VM1 to use the secure connection.
http://technet.microsoft.com/en-us/library/jj134240.aspx
Q7. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has six network adapters. Two of the network adapters are connected to a network named LAN1, two of the network adapters are connected to a network named LAN2, and two of the network adapters are connected to a network named LAN3.
You create a network adapter team named Team1 from the two adapters connected to LAN1.
You create a network adapter team named Team2 from the two adapters connected to LAN2.
A company policy states that all server IP addresses must be assigned by using a reserved address in DHCP.
You need to identify how many DHCP reservations you must create for Server1.
How many reservations should you identify?
A. 3
B. 4
C. 6
D. 8
Answer: B
Explanation:
2 Adapters = LAN1 = Team1 = 1 IP 2 Adapters = LAN2 = Team2 = 1 IP 2 Adapters = LAN3 = No Team = 2 IP 1 + 1 + 2 = 4
References: Training Guide: Installing and Configuring Windows Server 2012: Chapter 6: Network Administration, Lesson 3: Managing Networking using Windows PowerShell, p. 253
Q8. Which of the following features is available when Windows Server 2012 R2 is installed using the GUI option but without the desktop experience feature installed?
A. Metro-style Start screen
B. Built-in help system
C. All of these
D. Windows Media Player
Answer: A,B
Explanation:
Here is description of Desktop Experience: http://technet.microsoft.com/en-us/library/cc772567.aspx
Q9. You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has three physical network adapters named NIC1, NIC2, and NIC3.
On Server1, you create a NIC team named Team1 by using NIC1 and NIC2. You configure Team1 to accept network traffic on VLAN 10.
You need to ensure that Server1 can accept network traffic on VLAN 10 and VLAN 11. The solution must ensure that the network traffic can be received on both VLANs if a network adapter fails.
What should you do?
A. From Server Manager, change the load balancing mode of Team1.
B. Run the New-NetLbfoTeamcmdlet.
C. From Server Manager, add an interface to Team1.
D. Run the Add-NetLbfoTeamMembercmdlet.
Answer: C
306. Your network contains a server named Server1 that runs Windows Server 2012. Server1
has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
VM3 is used to test applications.
You need to prevent VM3 from synchronizing its clock to Server1.
What should you configure?
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Q10. You have a server named FS1 that runs Windows Server 2012 R2.
You install the File and Storage Services server role on FS1.
From Windows Explorer, you view the properties of a shared folder named Share1 and you
discover that the Classification tab is missing.
You need to ensure that you can assign classifications to Share1 from Windows Explorer manually.
What should you do?
A. Install the Enhanced Storage feature.
B. From Folder Options, clear Use Sharing Wizard (Recommend).
C. Install the File Server Resource Manager role service.
D. From Folder Options, select Show hidden files, folders, and drives.
Answer: C
Q11. Your network contains a Hyper-V host named Server1 that runs Windows Server 2012 R2.
Server1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
You create a checkpoint of VM1, and then you install an application on VM1. You verify
that the application runs properly.
You need to ensure that the current state of VM1 is contained in a single virtual hard disk
file.
The solution must minimize the amount of downtime on VM1.
What should you do?
A. From a command prompt run dism.exe and specify the /commit-image parameter.
B. From a command prompt, run dism.exe and specify the /delete-image parameter.
C. From Hyper-V Manager, delete the checkpoint.
D. From Hyper-V Manager, inspect the virtual hard disk.
Answer: C
Q12. OTSPOT
You have a server named Server1 that has the Network Policy and Access Services server role installed.
You plan to configure Network Policy Server (NPS) on Server1 to use certificate-based
authentication for VPN connections.
You obtain a certificate for NPS.
You need to ensure that NPS can perform certificate-based authentication.
To which store should you import the certificate?
To answer, select the appropriate store in the answer area.
Answer:
Q13. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server 1. Server1 has the IP Address Management (IPAM) Server feature installed.
A technician performs maintenance on Server1.
After the maintenance is complete, you discover that you cannot connect to the IPAM server on Server1.
You open the Services console as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can connect to the IPAM server.
Which service should you start?
A. Windows Process Activation Service
B. Windows Event Collector
C. Windows Internal Database
D. Windows Store Service (WSService)
Answer: C
Q14. Your network contains an Active Directory domain named contoso.com.
You install Windows Server 2012 R2 on a new server named Server1 and you join Server1 to the domain. You need to ensure that you can view processor usage and memory usage information in
Server Manager. What should you do?
A. From Server Manager, click Configure Performance Alerts.
B. From Performance Monitor, create a Data Collector Set (DCS).
C. From Performance Monitor, start the System Performance Data Collector Set (DCS).
D. From Server Manager, click Start Performance Counters.
Answer: D
Explanation: You should navigate to the Server Manager snap-in and there click on All Servers, and then Performance Counters. The Performance Counters, when started can be set to collect and display data regarding processor usage, memory usage, amongst many other resources like disk-related and security related data, that can be monitored. References: http://technet.microsoft.com/en-us/library/bb734903.aspx
Q15. Your network contains a server named Server1 and 10 Web servers. All servers run Windows Server 2012 R2.
You create a Windows PowerShell Desired State Configuration (DSC) to push the settings from Server1 to all of the Web servers.
On Server1, you modify the file set for the Web servers.You need to ensure that all of the Web servers have the latest configurations.
Which cmdlet should you run on Server1?
A. Restore-DcsConfiguration
B. Set DcsLocalConfigurationManager
C. Start-DcsConfiguration
D. Get-DcsConfiguration
Answer: C