Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Your IT company is constantly changing, with new users coming and going throughout the year. One of your common tasks requires the deletion of user accounts for employees who have left the company. Which command can be used to delete user accounts?
A. LDIFDE
B. Dsmod
C. Dspromo
D. Netsh
Answer: A
Explanation:
So far, dsmod modifies but cannot delete ldifde can
Q2. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Node1and Node2. Node1and Node2 run Windows Server 2012 R2. Node1and Node2 are configured as a two-node failover cluster named Cluster2.
The computer accounts for all of the servers reside in an organizational unit (OU) named Servers.
A user named User1 is a member of the local Administrators group on Node1and Node2.
User1 creates a new clustered File Server role named File1 by using the File Server for general use option. A report is generated during the creation of File1 as shown in the exhibit. (Click the Exhibit button.)
File1 fails to start.
You need to ensure that you can start File1.
What should you do?
A. Increase the value of the ms-DS-MachineAccountQuota attribute of the domain.
B. Assign the user account permissions of User1 to the Servers OU.
C. Assign the computer account permissions of Cluster2 to the Servers OU.
D. Recreate the clustered File Server role by using the File Server for scale-out application data option.
E. Log on to the domain by using the built-in Administrator for the domain, and then recreate the clustered File Server role by using the File Server for general use option.
Answer: D
Q3. Complete the missing word from the sentence below that is describing one of the new roles in Server 2008:
By using__________ , you can augment an organization's security strategy by protecting information through persistent usage policies, which remain with the information, no matter where it is moved.
A. AD FS
B. AD RMS
C. RODC
D. AD LDS
Answer: B
Explanation:
Active Directory Rights Management Services (AD RMS)
Q4. Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server 2012 R2. All three servers have the Hyper-V server role installed and the Failover Clustering feature installed.
Server1 and Server2 are nodes in a failover cluster named Cluster1. Several highly available virtual machines run on Cluster1. Cluster1 has that Hyper-V Replica Broker role installed. The Hyper-V Replica Broker currently runs on Server1.
Server3 currently has no virtual machines.
You need to configure Cluster1 to be a replica server for Server3 and Server3 to be a replica server for Cluster1.
Which two tools should you use? {Each correct answer presents part of the solution. Choose two.)
A. The Hyper-V Manager console connected to Server3
B. The Failover Cluster Manager console connected to Server3
C. The Hyper-V Manager console connected to Server1.
D. The Failover Cluster Manager console connected to Cluster1
E. The Hyper-V Manager console connected to Server2
Answer: A,D
Explanation:
Steps: Install the Replica Broker Hyper-v "role" configure replication on Server 3 in Hyper-V manager and mention the cluster (that's why a replica broker is needed) configure replication on Cluster 1 using the failover cluster manager. Using Hyper-V Replica in a failover cluster The configuration steps previously described Apply to VMs that are not hosted in a failover cluster. However, you might want to provide an offsite replica VM for a clustered VM. In this scenario, you would provide two levels of fault tolerance. The failover cluster is used to provide local fault tolerance, for example, if a physical node fails within a functioning data center. The offsite replica VM, on the other hand, could be used to recover only from sitelevel failures, for example, in case of a power outage, weather emergency, or natural disaster. The steps to configure a replica VM for a clustered VM differ slightly from the normal configuration, but they aren't complicated. The first difference is that you begin by opening Failover Cluster Manager, not Hyper-V Manager. In Failover Cluster Manager, you then have to add a failover cluster role named Hyper-V Replica Broker to the cluster. (Remember, the word "role" is now used to describe a hosted service in a failover cluster.) To add the Hyper-V Replica Broker role, right-click the Roles node in Failover Cluster Manager and select Configure Role. This step opens the High Availability Wizard. In the High Availability Wizard, select Hyper-V Replica Broker
Q5. Your IT company has a large helpdesk department that deals with various types of calls from printer errors through to Application deployment. To give the help desk more responsibility you want to let them reset user passwords and unlock user accounts. This will speed up their response times for common support calls. Which of the following tools should you use to accomplish this?
A. The Delegation of Control Wizard
B. The Advanced Security Settings dialog box
C. DSUTIL
D. DSACLS
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/dd145442.aspx
Q6. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the DHCP Server server role and the Network Policy Server role service installed.
Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently provides the same Network Access Protection (NAP) settings to the three scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)
You need to configure Server1 to provide unique NAP enforcement settings to the NAP non-compliant DHCP clients from Scope1.
What should you create?
A. A network policy that has the MS-Service Class condition
B. A connection request policy that has the Service Type condition
C. A network policy that has the Identity Type condition
D. A connection request policy that has the Identity Type condition
Answer: A
Explanation:
A. Restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are
deploying NAP with the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile. http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx
Q7. Your network contains multiple subnets. On one of the subnets, you deploy a server named Server1 that runs Windows Server 2012 R2.
You install the DNS Server server role on Server1, and then you create a standard primary zone named contoso.com. You need to ensure that client computers can resolve IP addresses to host names.
What should you do first?
A. Create a GlobalNames zone
B. Convert the contoso.com zone to an Active Directory-integrated zone
C. Configure dynamic updates for contoso.com
D. Create a reverse lookup zone
Answer: A
Q8. OTSPOT
Your company has a primary data center and a disaster recovery data center.
The network contains an Active Directory domain named contoso.com. The domain contains a server named that runs Windows Server 2012 R2. Server1 is located in the primary data center.
Server1 has an enterprise root certification authority (CA) for contoso.com.
You deploy another server named Server2 to the disaster recovery data center.
You plan to configure Server2 as a secondary certificate revocation list (CRL) distribution point.
You need to configure Server2 as a CRL distribution point (CDP).
Which tab should you use to configure the required CDP entry? To answer, select the appropriate tab in the answer area.
Answer:
197. OTSPOT
You have a server named Server1 that runs Windows Server 2012 R2.
You are configuring a storage space on Server1.
You need to ensure that the storage space supports tiered storage.
Which settings should you configure?
To answer, select the appropriate options in the answer area.
Q9. OTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
From Server2, you attempt to connect to Server1 by using Computer Management and you receive the following error message: "Computer \\Server1 cannot be found. The network path was not found. "
From Server1, you successfully connect to Server2 by using Server Manager.
You need to ensure that you can manage Server1 remotely from Server2 by using Computer Management.
What should you configure?
To answer, select the appropriate option in the answer area.
Answer:
Q10. Is the following statement true or false?
When a printer is installed on a network, default printer permissions are assigned that allow all users to print and change the status of documents sent to it.
A. True
B. False
Answer: B
Explanation:
Initial answer = true => false the key is all users and change the status of documents. Change the status document refers to the "Manage Document" permission and it's not a default permission for "all users". By default, so far, a user can only modify status of the jobs that he initiated himself. but i tested to make sure. I installed 2 fake printers (one by the network, and one using LPT1) and here's the default permissions i have got:
If we consider that Everyone can be used to designate "all users", the above screenshot is enough. but just to be sure, i'll add the "Domain Users" and "Authenticated Users" groups to the permissions to check which permission are assigned by default: exactly the same: only the permission to print documents:
Now we can be sure the answer is "FALSE".
NB: by default, only Administrators (and administrator) and "All Application Packages" have
both permissions (print & manage documents) http://technet.microsoft.com/en-us/library/cc773372%28v=ws.10%29.aspx Assigning printer permissions When a printer is
installed on a network, default printer permissions are assigned that allow all users to print,
and allow select groups to manage the printer, the documents sent to it, or both.
Because the printer is available to all users on the network, you might want to limit access
for some users by assigning specific printer permissions. For example, you could give all
non administrative users in a department the Print permission and give all managers the
Print and Manage Documents permissions. In this way, all users and managers can print
documents, but managers can also change the print status of any document sent to the
printer.
Q11. Your network contains an Active Directory domain named adatum.com. The domain
contains a member server named Server1 and a domain controller named DC2. All servers run Windows Server 2012 R2.
On DC2, you open Server Manager and you add Server1 as another server to manage.
From Server Manager on DC2, you right-click Server1 as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that when you right-click Server1, you see the option to run the DHCP console.
What should you do?
A. On DC2, install the Role Administration Tools.
B. On DC2 and Server1, run winrmquickconfig.
C. In the domain, add DC2 to the DHCP Administrators group.
D. On Server1, install the Feature Administration Tools.
Answer: A
Explanation:
You need to install the feature administrations tools for the dhcp . Need to install DHCP management tools on DC2 then you will have access to dhcp management.
Q12. Your network contains an Active Directory domain named contoso.com. The network contains a server named Server1 that runs Windows Server 2012 R2 and a server named Server2 that runs Windows Server 2008 R2 Service Pack 1 (SP1). Server1 and Server2 are member servers. You need to ensure that you can manage Server2 from Server1 by using Server Manager. Which two tasks should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Install Windows Management Framework 3.0 on Server2.
B. Install Remote Server Administration Tools on Server1.
C. Install the Windows PowerShell 2.0 engine on Server1.
D. Install Microsoft .NET Framework 4 on Server2.
E. Install Remote Server Administration Tools on Server2.
Answer: A,D
Explanation:
http://technet.microsoft.com/en-us/library/hh831456.aspx#BKMK_softconfig
Q13. Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2008 R2.
The domain contains a file server named Server6 that runs Windows Server 2012 R2. Server6 contains a folder named Folder1. Folder1 is shared as Share1. The NTFS permissions on Folder1 are shown in the exhibit. (Click the Exhibit button.)
The domain contains two global groups named Group1 and Group2.
You need to ensure that only users who are members of both Group1 and Group2 are
denied access to Folder1.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. Remove the Deny permission for Group1 from Folder1.
B. Deny Group2 permission to Folder1.
C. Install a domain controller that runs Windows Server 2012 R2.
D. Create a conditional expression.
E. Deny Group2 permission to Share1.
F. Deny Group1 permission to Share1.
Answer: A,D
Explanation:
* Conditional Expressions for Permission Entries Windows Server 2008 R2 and Windows 7 enhanced Windows security descriptors by introducing a conditional access permission entry. Windows Server 2012 R2 takes advantage of conditional access permission entries by inserting user claims, device claims, and resource properties, into conditional expressions. Windows Server 2012 R2 security evaluates these expressions and allows or denies access based on results of the evaluation. Securing access to resources through claims is known as claims-based access control. Claims-based access control works with traditional access control to provide an additional layer of authorization that is flexible to the varying needs of the enterprise environment. http://social.technet.microsoft.com/wiki/contents/articles/14269.introducing-dynamicaccesscontrol-en-us.aspx
Q14. Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 hosts 10 virtual machines that run Windows Server 2012 R2. You add a new server named Server2.
Server2 has faster hard disk drives, more RAM, and a different processor manufacturer than Server1.
You need to move all of the virtual machines from Server1 to Server2. The solution must minimize downtime.
What should you do for each virtual machine?
A. Perform a quick migration.
B. Perform a storage migration.
C. Export the virtual machines from Server1 and import the virtual machines to Server2.
D. Perform a live migration.
Answer: C
Explanation:
The different processor manufacturer is the key here. Storage, Live, and Quick all require same manufacturer.
Q15. Your network contains an Active Directory domain named contoso.com. The network contains a file server named Server1 that runs Windows Server 2012 R2.
You are configuring a central access policy for temporary employees.
You enable the Department resource property and assign the property a suggested value of Temp.
You need to configure a target resource condition for the central access rule that is scoped to resources assigned to Temp only.
Which condition should you use?
A. (Department.Value Equals "Temp")
B. (Resource.Department Equals "Temp")
C. (Temp.Resource Equals "Department")
D. (Resource.Temp Equals "Department")
Answer: B
Explanation:
Explanation http://technet.microsoft.com/fr-fr/library/hh846167.aspx