Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is backed up daily.
The domain has the Active Directory Recycle Bin enabled.
During routine maintenance, you delete 500 inactive user accounts and 100 inactive groups. One of the deleted groups is named Group1. Some of the deleted user accounts are members of some of the deleted groups.
For documentation purposes, you must provide a list of the members of Group1 before the group was deleted.
You need to identify the names of the users who were members of Group1 prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?
A. Reactivate the tombstone of Group1.
B. Use the Recycle Bin to restore Group1.
C. Perform an authoritative restore of Group1.
D. Mount the most recent Active Directory backup.
Answer: D
Explanation:
You can use the Active Directory database mounting tool (Dsamain.exe) and a Lightweight Directory Access Protocol (LDAP) tool, such as Ldp.exe or Active Directory Users and Computers, to identify which backup has the last safe state of the forest. The Active Directory database mounting tool, which is included in Windows Server 2008 and later Windows Server operating systems, exposes Active Directory data that is stored in backups or snapshots as an LDAP server. Then, you can use an LDAP tool to browse the data. This approach has the advantage of not requiring you to restart any DC in Directory Services Restore Mode (DSRM) to examine the contents of the backup of AD DS.
Q2. UESTION NO: 432 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1.
Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
You have a virtual machine named VM1. VM1 has a checkpoint.You need to modify the Checkpoint File Location of VM1.
What should you do first?
A. Copy the checkpoint file
B. Delete the checkpoint
C. Shut down VM1
D. Pause VM1
Answer: B
Q3. Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as shown in the following table.
The network contains a server named Server1 that has the Hyper-V server role installed. DC6 is a virtual machine that is hosted on Server1.
You need to ensure that you can clone DC6.
Which FSMO role should you transfer to DC2?
A. Rid master
B. Domain naming master
C. PDC emulator
D. Infrastructure master
Answer: C
Explanation:
The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 R2 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows Server 2012 R2, but it does not have to be running on a hypervisor. http: //technet. microsoft. com/en-us/library/hh831734. aspx
Q4. OTSPOT
You have two servers that run Windows Server 2012 R2. The servers are configured as shown in the following table.
You need to ensure that Server2 can be managed by using Server Manager from Server1.
In the table below, identify which actions must be performed on Server1 and Server2.Make only one selection in each row. Each correct selection is worth one point.
Answer:
Q5. OTSPOT
You have a server named Server1 that runs Windows Server 2012 R2. The volumes on Server1 are configured as shown in the following table.
A new corporate policy states that backups must use Windows Azure Backup whenever possible.
You need to identify which backup methods you must use to back up Server1. The solution must use Windows Azure Backup whenever possible.
Which backup type should you identify for each volume?
To answer, select the appropriate backup type for each volume in the answer area.
Answer:
57. Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com.
You plan to perform maintenance on Server1. You need to ensure that all new connections to App1 are directed to Server2.
The solution must not disconnect the existing connections to Server1.
What should you run?
A. The Set-NlbCluster cmdlet
B. The Set-NlbClusterNode cmdlet
C. The Stop-NlbCluster cmdlet
D. The Stop-NlbClusterNode cmdlet
Q6. OTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. The servers have the Hyper-V server role installed.
A certification authority (CA) is available on the network.
A virtual machine named vml.contoso.com is replicated from Server1 to Server2. A virtual
machine named vm2.contoso.com is replicated from Server2 to Server1.
You need to configure Hyper-V to encrypt the replication of the virtual machines.
Which common name should you use for the certificates on each server?
To answer, configure the appropriate common name for the certificate on each server in
the answer area.
Answer:
Q7. You have a VHD that contains an image of Windows Server 2012 R2. You plan to Apply updates to the image.
You need to ensure that only updates that can install without requiring a restart are installed.
Which DISM option should you use?
A. /Apply-Unattend
B. /Add-ProvisionedAppxPackage
C. /PreventPending
D. /Cleanup-Image
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/hh825265.aspx
Q8. In an isolated test environment, you deploy a server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. The test environment does not have Active Directory Domain Services (AD DS) installed.
You install the Active Directory Domain Services server role on Server1.
You need to configure Server1 as a domain controller.
Which cmdlet should you run?
A. Install-ADDSDomain
B. Install-ADDSForest
C. Install-ADDSDomainController
D. Install-WindowsFeature
Answer: B Explanation:
Install-ADDSDomainController Installs a domain controller in Active Directory. Install-ADDSDomain Installs a new Active Directory domain configuration. Install-ADDSForest Installs a new Active Directory forest configuration. Install-WindowsFeature Installs one or more Windows Server roles, role services, or features on either thelocal or a specified remote server that is running Windows Server 2012 R2. This cmdlet is equivalent to andreplaces Add-WindowsFeature, the cmdlet that was used to install roles, role services, and features.
C:\PS>Install-ADDSForest -DomainName corp.contoso.com -CreateDNSDelegation DomainMode Win2008 -ForestMode Win2008R2 -DatabasePath "d:\NTDS" -SysvolPath "d:\SYSVOL" –LogPath "e:\Logs"Installs a new forest named corp.contoso.com, creates a DNS delegation in the contoso.com domain, setsdomain functional level to Windows Server 2008 R2 and sets forest functional level to Windows Server 2008,installs the Active Directory database and SYSVOL on the D:\ drive, installs the log files on the E:\ drive andhas the server automatically restart after AD DS installation is complete and prompts the user to provide andconfirm the Directory Services Restore Mode (DSRM) password. http://technet.microsoft.com/en-us/library/hh974720%28v=wps.620%29.aspx
Q9. RAG DROP
Your network contains an Active Directory domain named contoso.com. The domain
contains a domain controller named DC1.
You need to create an Active Directory snapshot on DC1.
Which four commands should you run?
To answer, move the four appropriate commands from the list of commands to the answer
area and arrange them in the correct order.
Answer:
Q10. Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet.
You implement DirectAccess by using the default configuration.
You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com.
Which settings should you configure in a Group Policy object (GPO)?
A. DirectAccess Client Experience Settings
B. Name Resolution Policy
C. DNS Client
D. Network Connections
Answer: B
Explanation:
http://www.techrepublic.com/blog/10things/10-things-you-should-know-aboutdirectaccess/1371
Q11. Your network contains an Active Directory domain named contoso.com. The Active
Directory Recycle bin is enabled for contoso.com.
A support technician accidentally deletes a user account named User1.
You need to restore the User1 account.
Which tool should you use?
A. Ldp
B. Esentutl
C. Active Directory Administrative Center
D. Ntdsutil
Answer: C
Explanation:
http://technet.microsoft.com/nl-nl/library/dd379509(v=ws.10).aspx#BKMK_2 http://technet.microsoft.com/en-us/magazine/2007.09.tombstones.aspx http://technet.microsoft.com/en-us/library/hh875546.aspx http://technet.microsoft.com/en-us/library/dd560651(v=ws.10).aspx
Q12. You have a Hyper-V host named Server1 that runs Windows Server 2012 R2 Datacenter.
Server1 is located in an isolated network that cannot access the Internet.
On Server1, you install a new virtual machine named VM1. VM1 runs Windows Server
2012 R2 Essentials and connects to a private virtual network.
After 30 days, you discover that VM1 shuts down every 60 minutes.
You need to resolve the issue that causes VM1 to shut down every 60 minutes.
What should you do?
A. OnVM1, run slmgr.exe and specify the /ipk parameter.
B. OnServer1, run slmgr.exe and specify the /rearm-sku parameter.
C. Create a new internal virtual network and attach VM1 to the new virtual network.
D. On Server1, run Add-WindowsFeatureVolumeActivation.
Answer: A
Q13. You have a server named Server1 that runs Windows Server 2012 R2. You create a custom Data Collector Set (DCS) named DCS1.
You need to configure DCS1 to meet the following requirements:
. Automatically run a program when the amount of total free disk space on Server1 drops below 10 percent of capacity. . Log the current values of several registry settings.
Which two should you configure in DCS1? (Each correct answer presents part of the solution. Choose two.)
A. Event trace data
B. A Performance Counter Alert
C. System configuration information
D. A performance counter
Answer: B,C
Explanation:
Automatically run a program when the amount of total free disk space on Server1 drops
below 10 percent of capacity.
You can also configure alerts to start applications and performance logs
Log the current values of several registry settings.
System configuration information allows you to record the state of, and changes to, registry
keys.
Total free disk space
Registry settings
Run a program on alert http: //technet. microsoft. com/en-us/library/cc766404. aspx
Q14. Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
You need to prevent all of the GPOs at the site level and at the domain level from being Applied to users and computers in an organizational unit (OU) named OU1.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gptedit.msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
Answer: H
Explanation:
http://technet.microsoft.com/en-us/library/ee461032.aspx
Q15. Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2. You have a Password Settings object (PSOs) named PSO1. You need to view the settings of PSO1. Which tool should you use?
A. Get-ADDomainControllerPasswordReplicationPolicy
B. Get-ADDefaultDomainPasswordPolicy
C. Active Directory Administrator Centre
D. Local Security Policies
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/ee617231.aspx To get a list of all the properties of an ADFineGrainedPasswordPolicy object, use the following command: Get-ADFineGrainedPasswordPolicy<fine grained password policy> -Properties * | Get-Member [...] EXAMPLE 2 Command Prompt: C:\PS> Get-ADFineGrainedPasswordPolicyAdminsPSO Name: AdminsPSO ComplexityEnabled: True LockoutThreshold: 0 ReversibleEncryptionEnabled : True LockoutDuration: 00:30:00 LockoutObservationWindow: 00:30:00 MinPasswordLength: 10 Precedence: 200 ObjectGUID: ba1061f0-c947-4018-a399-6ad8897d26e3 ObjectClass: msDS-PasswordSettings PasswordHistoryCount: 24 MinPasswordAge: 1.00:00:00 MaxPasswordAge: 15.00:00:00 AppliesTo: {} DistinguishedName: CN=AdminsPSO,CN=Password Settings Container,CN=System,DC=FABRIKAM, DC=COM Description: Get the Fine Grained Password Policy named `AdminsPSO'.