Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. You have a server named Server1 that runs Windows Server 2012 R2.
You connect two new hard disks to Server1.
You need to create a storage space that contains the two disks.
The solution must meet the following requirements:
. Provide fault tolerance if a single disk fails.
. Maximize the amount of files that can be stored in the storage space.
What should you create?
A. a parity space
B. a simple space
C. a spanned volume
D. a mirrored space
Answer: D
Explanation:
References: http://social.technet.microsoft.com/wiki/contents/articles/15198.storage-spaces-overview.aspx http://technet.microsoft.com/en-us/library/cc772180.aspx Training Guide: Installing and Configuring Windows Server 2012: Chapter 8: File Services and Storage, p. 367-8
Q2. OTSPOT
Your network contains a DNS server named Server1 that runs Windows Server 2012 R2. Server1 has a zone namedcontoso.com. The network contains a server named Server2 that runs Windows Server 2008 R2. Server1 and Server2 are members of an Active Directory domain named contoso.com.
You change the IP address of Server2.
Several hours later, some users report that they cannot connect to Server2.
On the affected users' client computers, you flush the DNS client resolver cache, and the users successfully connect to Server2.
You need to reduce the amount of time that the client computers cache DNS records from contoso.com.
Which value should you modify in the Start of Authority (SOA) record?To answer, select the appropriate setting in the answer area.
Answer:
Q3. Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Host1. Host1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
Host1 hosts two virtual machines named VM5 and VM6. Both virtual machines connect to a virtual switch named Virtual1.
On VM5, you install a network monitoring application named Monitor1.
You need to capture all of the inbound and outbound traffic to VM6 by using Monitor1.
Which two commands should you run from Windows PowerShell? (Each correct answer presents part of the solution. Choose two.)
A. Get-VM "VM6" | Set-VMNetworkAdapter-IovWeight 1
B. Get-VM "VM5" | Set-VMNetworkAdapter -IovWeight 0
C. Get-VM "VM6" | Set-VMNetworkAdapter -PortMirroring Source
D. Get-VM "VM6" | Set-VMNetworkAdapter -AllowTeaming On
E. Get-VM "VM5" | Set-VMNetworkAdapter -PortMirroring Destination
F. Get-VM "VM5" | Set-VMNetworkAdapter -AllowTeaming On
Answer: C,E
Explanation: -PortMirroring specifies the port mirroring mode for the network adapter. This can be set to None, Source, and Destination. . If set to Source, a copy of every network packet it sends or receives is forwarded to a virtual network adapter configured to receive the packets. . If set to Destination, it receives copied packets from the source virtual network adapter.
In this scenario, VM5 is the destination which must receive a copy of the network packets from VM6, which s the source.
Reference:
http://technet.microsoft.com/en-us/library/hh848457.aspx
Q4. Your network contains an Active Directory domain named adatum.com.
A network administrator creates a Group Policy central store.
After the central store is created, you discover that when you create new Group Policy objects (GPOs), the GPOs do not contain any Administrative Templates.
You need to ensure that the Administrative Templates appear in new GPOs.
What should you do?
A. Add your user account to the Group Policy Creator Owners group.
B. Configure all domain controllers as global catalog servers.
C. Copy files from %Windir%\Policydefinitions to the central store.
D. Modify the Delegation settings of the new GPOs.
Answer: C
Explanation:
To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.
Q5. OTSPOT
Your network contains an Active Directory domain named contoso.com.
You have several Windows PowerShell scripts that execute when users log on to their client computer.
You need to ensure that all of the scripts execute completely before the users can access their desktop.
Which setting should you configure? To answer, select the appropriate setting in the answer area.
Answer:
Q6. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the
Hyper-V server role installed. On Server1, you create a virtual machine named VM1.
VM1 has a legacy network adapter.
You need to assign a specific amount of available network bandwidth to VM1.
What should you do first?
A. Add a second legacy network adapter, and then run the Set-VMNetworkAdaptercmdlet.
B. Add a second legacy network adapter, and then configure network adapter teaming.
C. Remove the legacy network adapter, and then run the Set-VMNetworkAdaptercmdlet.
D. Remove the legacy network adapter, and then add a network adapter.
Answer: D
95. Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4. Server1 is configured as shown in the following table.
You install Windows Server 2012 on VM2 by using Windows Deployment Services (WDS).
You need to ensure that the next time VM2 restarts, you can connect to the WDS server by using PXE.
Which virtual machine setting should you configure for VM2?
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Q7. Your network contains a server named Server1 that runs Windows Server 2012. Server1
has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
You plan to schedule a complete backup of Server1 by using Windows Server Backup.
You need to ensure that the state of VM1 is saved before the backup starts.
What should you configure?
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Answer: I
Explanation:
http://www.altaro.com/hyper-v/vss-crash-consistent-vs-Application-consistent-vss-backupspost-2- of-2/ Backup Operations in Hyper-V No VSS Writer Available? In some cases, you need an Application-consistent backup but there is no VSS writer available. One example of this is MySQL. Hyper-V backups of virtual machines containing MySQL will always result in either a crashconsistent or an image-level backup. For MySQL, the latter is probably acceptable as MySQL doesn't perpetually expand the log file. However, if you're using MySQL within a VSS-aware VM, then a Hyper-Vbased backup tool is going to take a crash-consistent backup. MySQL (like any other database system) isn't always recoverable from a crash-consistent backup; tool is going to take a crash-consistent backup. MySQL (like any other database system) isn't always recoverable from a crash-consistent backup; even when recovery is possible, it may be painful. MySQL is just one example; any number of line-of-business Applications could tell a similar tale. In the case of MySQL, one solution is to find a guest-level backup Application that is MySQL- aware and can back it up properly. For Applications for which no backup Application has a plug-in, you may need to have pre-and post-backup scripts that stop services or close Applications. If brief downtime is acceptable, you can disable the Backup item in Hyper-V Integration Services, thereby forcing Hyper-V to save the state of the VM during backup. This technique results in an image-level backup and can
be used on any Application that doesn't have a VSS writer.
Q8. Your network contains a server named Server1 and 10 Web servers. All servers run Windows Server 2012 R2.
You create a Windows PowerShell Desired State Configuration (DSC) to push the settings from Server1 to all of the Web servers.
On Server1, you modify the file set for the Web servers.You need to ensure that all of the Web servers have the latest configurations.
Which cmdlet should you run on Server1?
A. Restore-DcsConfiguration
B. Set DcsLocalConfigurationManager
C. Start-DcsConfiguration
D. Get-DcsConfiguration
Answer: C
Q9. Your network contains a Hyper-V host named Server1 that runs Windows Server 2012 R2.
Server1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
You create a checkpoint of VM1, and then you install an application on VM1. You verify
that the application runs properly.
You need to ensure that the current state of VM1 is contained in a single virtual hard disk
file.
The solution must minimize the amount of downtime on VM1.
What should you do?
A. From a command prompt run dism.exe and specify the /commit-image parameter.
B. From a command prompt, run dism.exe and specify the /delete-image parameter.
C. From Hyper-V Manager, delete the checkpoint.
D. From Hyper-V Manager, inspect the virtual hard disk.
Answer: C
Q10. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.
Which tool should you use?
A. The Set-AdComputercmdlet
B. Group Policy Object Editor
C. Active Directory Users and Computers
D. Group Policy Management Console (GPMC)
Answer: D
Explanation:
In the previous versions of Windows, this was accomplished by having the user run
GPUpdate.exe on their computer. Starting with Windows Server? 2012 and Windows?8,
you can now remotely refresh Group Policy settings for all computers in an OU from one
central location through the Group Policy Management Console (GPMC). Or you can use
the Invoke-GPUpdate cmdlet to refresh Group Policy for a set of computers, not limited to
the OU structure, for example, if the computers are located in the default computers
container. Note: Group Policy Management Console (GPMC) is a scriptable Microsoft
Management Console (MMC) snap-in, providing a single administrative tool for managing
Group Policy across the enterprise. GPMC is the standard tool for managing Group Policy.
Incorrect:
Not B: Secedit configures and analyzes system security by comparing your current
configuration to at least one template.
Reference: Force a Remote Group Policy Refresh (GPUpdate)
Q11. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\.
All of the domain controllers have a third-party application installed.
The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning.
You need to prepare a domain controller for cloning.
What should you do?
A. In C:\Windows\, create an XML file named DCCIoneConfig.xml and add the application information to the file.
B. In the root of a USB flash drive, add the application information to an XML file named DefaultDCCIoneAllowList.xml.
C. In D:\Windows\NTDS\, create an XML file named DCCIoneConfig.xml and add the application information to the file.
D. In D:\Windows\NTDS\, create an XML file named CustomDCCIoneAllowList.xml and add the application information to the file.
Answer: D
Explanation:
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active-directory-domainservices-in-windows-server-2012-part-13-domain-controller-cloning.aspx Place the CustomDCCloneAllowList.xml file in the same folder as the Active Directory database (ntds.dit) on the source Domain Controller.
Q12. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server role service installed.
You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN enforcement by using the Configure NAPwizard.
You need to ensure that you can configure the VPN enforcement method on Server1 successfully.
What should you install on Server1 before you run the Configure NAP wizard?
A. A computer certificate
B. A system health validator (SHV)
C. The Remote Access server role
D. The Host Credential Authorization Protocol (HCAP)
Answer: A
Explanation:
http://technet.microsoft.com/fr-fr/library/dd314165%28v=ws.10%29.aspx
Q13. Your network contains an Active Directory domain named contoso.com. The network contains a file server named Server1 that runs Windows Server 2012 R2. You create a folder named Folder1. You share Folder1 as Share1.
The NTFS permissions on Folder1 are shown in the Folder1 exhibit. (Click the Exhibit button.)
The Everyone group has the Full control Share permission to Folder1.
You configure a central access policy as shown in the Central Access Policy exhibit. (Click the Exhibit button.)
Members of the IT group report that they cannot modify the files in Folder1. You need to
ensure that the IT group members can modify the files in Folder1. The solution must use central access policies to control the permissions. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On the Security tab of Folder1, remove the permission entry for the IT group.
B. On the Classification tab of Folder1, set the classification to "Information Technology".
C. On the Security tab of Folder1, assign the Modify permission to the Authenticated Users group.
D. On Share1, assign the Change Share permission to the IT group.
E. On the Security tab of Folder1, add a conditional expression to the existing permission entry for the IT group.
Answer: B,C
Explanation:
A: On the Security tab of Folder1, remove the permission entry for the IT group. => tested => it failed of course, users don't even have read permissions anymore
D: On Share1, assign the Change share permission to the IT group =>Everyone already has the full control share permission => won't solve the problem which is about the NTFS Read permission
E: On the Security tab of Folder1, add a conditional expression to the existing permission entry for the IT group => how could a condition, added to a read permission, possibly transform a read to a modify permission? If they had said "modify the permission and add a conditional expression" => ok (even if that's stupid, it works) a condition is Applied to the existing permissions to filter existing access to only matching users or groups so if we Apply a condition to a read permission, the result will only be that less users (only them matching the conditions) will get those read permissions, which actually don't solve the problem neither so only one left:
C: On the Security tab of Folder1, assign the Modify permission to the Authenticated Users group => for sure it works and it's actually the only one which works, but what about security? well i first did not consider this method => "modify" permission for every single authenticated users? But now it looks very clear:
THE MORE RESTRICTIVE PERMISSION IS ALWAYS THE ONE APPLIED!! So "Modify" for Authenticated Users group and this will be filtered by the DAC who only allows IT group. and it matches the current settings that no other user (except admin, creator owner, etc...) can even read the folder. and this link confirms my theory:
http://autodiscover.wordpress.com/2012/09/12/configuring-dynamic-access-controls-andfileclassificationpart4-winservr-2012-dac-microsoft- mvpbuzz/
Configuring Dynamic Access Controls and File Classification
Note:
In order to allow DAC permissions to go into play, allow everyone NTFS full control
permissions and then DAC will overwrite it, if the user doesn't have NTFS permissions he
will be denied access even if DAC grants him access.
And if this can help, a little summary of configuring DAC:
Q14. Your network contains an Active Directory domain named contoso.com. All servers run either Windows Server 2008 R2 or Windows Server 2012 R2. All client computers run either Windows 7 or Windows 8. The domain contains a member server named Server1 that runs Windows Server 2012 R2. Server1 has the File and Storage Services server role installed. On Server1, you create a share named Share1. You need to ensure that users can use Previous Versions to restore the files in Share1. What should you configure on Server1?
A. A data recovery agent
B. The Shadow Copies settings
C. The Recycle Bin properties
D. A Windows Server Backup schedule
Answer: B
Q15. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named HVServer1. HVServer1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
HVServer1 hosts 10 generation 1 virtual machines. All of the virtual machines connect to a virtual switch named Switch1. Switch1 is configured as a private network. All of the virtual machines have the DHCP guard and the router guard settings enabled.
You install the DHCP server role on a virtual machine named Server1. You authorize Server1 as a DHCP server in contoso.com. You create an IP scope.
You discover that the virtual machines connected to Switch1 do not receive IP settings from Server1.
You need to ensure that the virtual machines can use Server1 as a DHCP server.
What should you do?
A. Enable MAC address spoofing on Server1.
B. Enable single-root I/O visualization (SR-IOV) on Server1.
C. Disable the DHCP guard on Server1.
D. Disable the DHCP guard on all of the virtual machines that are DHCP clients.
Answer: C
Explanation: DHCP guard setting This setting stops the virtual machine from making DHCP offers over this network interface. To be clear – this does not affect the ability to receive a DHCP offer (i.e. if you need to use DHCP to acquire an IP address that will work) it only blocks the ability for the virtual machine to act as a DHCP server.