Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. You perform a Server Core Installation of Windows Server 2012 R2 on a server named Server1.
You need to add a graphical user interface (GUI) to Server1.
Which tool should you use?
A. the dism.exe command
B. the ocsetup.exe command
C. the setup.exe command
D. the Install-Module cmdlet
Answer: A
Explanation:
The DISM command is called by the Add-WindowsFeature command. Here is the systax for DISM: Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:Server-Gui-Shell /featurename:Server-Gui-Mgmt
Q2. Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the Hyper-V server role installed.Server1 and Server2 are located in different offices. The offices connect to each other by using a high-latency WAN link.
Server2 hosts a virtual machine named VM1.
You need to ensure that you can start VM1 on Server1 if Server2 fails. The solution must minimize hardware costs.
What should you do?
A. From the Hyper-V Settings of Server2, modify the Replication Configuration settings. Enable replication for VM1.
B. On Server1, install the Multipath I/O (MPIO) feature. Modify the storage location of the VHDs for VM1.
C. On Server2, install the Multipath I/O (MPIO) feature. Modify the storage location of the VHDs for VM1.
D. From the Hyper-V Settings of Server1, modify the Replication Configuration settings. Enable replication for VM1.
Answer: D
Explanation:
You first have to enable replication on the Replica server--Server1--by going to the server and modifying the "Replication Configuration" settings under Hyper-V settings. You then go to VM1--which presides on Server2-- and run the "Enable Replication" wizard on VM1.
Q3. OTSPOT
You have a server named Server1 that runs Windows Server 2012 R2. Server1 does not have Internet connectivity.
All roles are removed completely from Server1.
You mount a Windows Server 2012 R2 installation image to the C:\Source folder.
You need to install the DNS Server server role on Server1.
Which folder should you use as the source?
To answer, select the appropriate folder in the answer area.
Answer:
211. Your network contains an Active Directory domain named contoso.com. All domain
controllers run Windows Server 2012 R2.
DirectAccess is deployed to the network.
Remote users connect to the DirectAccess server by using a variety of network speeds.
The remote users report that sometimes their connection is very slow.
You need to minimize Group Policy processing across all wireless wide area network
(WWAN) connections.
Which Group Policy setting should you configure?
A. Configure Direct Access connections as a fast network connection.
B. Change Group Policy processing to run asynchronously when a slow network connection is detected.
C. Configure Group Policy slow link detection.
D. Configure wireless policy processing.
Q4. OTSPOT
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server2 has the Windows Deployment Services server role installed.
On Server1, you have a virtual machine named VM1.
You plan to deploy an image to VM1 by using Windows Deployment Services (WDS).
You need to ensure that VM1 can connect to Server1 by using PXE.
Which settings should you configure on VM1?To answer, select the appropriate settings in
the answer area.
Answer:
Q5. You have a server named Server1.
You install the IP Address Management (IPAM) Server feature on Server1.
You need to provide a user named User1 with the ability to set the access scope of all the DHCP servers that are managed by IPAM. The solution must use the principle of least privilege.
Which user role should you assign to User1?
A. IP Address Record Administrator Role
B. IPAM Administrator Role
C. IPAM MSM Administrator Role
D. IPAM DHCP Scope Administrator Role
Answer: A
Explanation:
Explanation IPAM ASM Administrators IPAM ASM Administrators is a local security group on an IPAM server that is created when you install the IPAM feature. Members of this group have all the privileges of the IPAM Users security group, and can perform IP address space tasks in addition to IPAM common management tasks. Note: When you install IPAM Server, the following local role-based IPAM security groups are created: IPAM Users IPAM MSM Administrators IPAM ASM Administrators IPAM IP Audit Administrators IPAM Administrators Incorrect: not B: Too much privileges. IPAM Administrators IPAM Administrators is a local security group on an IPAM server that is created when you install the IPAM feature. Members of this group have privileges to view all IPAM data and perform all IPAM tasks.
Q6. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC5. DC5 has a Server Core Installation of Windows Server 2012 R2.
You need to uninstall Active Directory from DCS manually.
Which tool should you use?
A. The Remove-ADComputercmdlet
B. The ntdsutil.exe command
C. The dsamain.exe command
D. The Remove-WindowsFeaturecmdlet
Answer: B
Explanation:
Explanation
*
Ntdsutil.exe is a command-line tool that provides management facilities for Active
Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services
(AD LDS).
You can use the ntdsutil commands to perform database maintenance of AD DS, manage
and control single master operations, and remove metadata left behind by domain
controllers that were removed from the network without being properly uninstalled.
*
NTdsutil commands include:
/ local roles
Manages local administrative roles on an RODC.
/ metadata cleanup
Cleans up objects of decommissioned servers.
Q7. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the DNS Server server role installed.
The network contains client computers that run either Linux, Windows 7, or Windows 8.
You have a zone named adatum.com as shown in the exhibit. (Click the Exhibit button.)
You plan to configure Name Protection on all of the DHCP servers.
You need to configure the adatum.com zone to support Name Protection.
What should you do?
A. Change the zone type.
B. Sign the zone.
C. Add a DNSKEY record.
D. Configure Dynamic updates.
Answer: D
Q8. OTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured.
For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll the smart card certificates for the users.
You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent.
Which setting should you modify? To answer, select the appropriate setting in the answer area.
Answer:
172. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.
Which tool should you use?
A. The Set-AdComputercmdlet
B. Group Policy Management Console (GPMC)
C. Server Manager
D. TheGpupdate command
Q9. Your network contains an Active Directory forest named contoso.com. Users frequently access the website of an external partner company. The URL of the website is http://partners.adatum.com.
The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change.
After the change is complete, the users on your internal network report that they fail to access the website.
However, some users who work from home report that they can access the website.
You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.
What should you do?
A. Run dnscmd and specify the CacheLockingPercent parameter
B. Run Set-DnsServerGlobalQueryBlockList
C. Run ipconfig and specify the Renew parameter
D. Run Set-DnsServerCache
Answer: D
Q10. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
On a server named Server2, you perform a Server Core Installation of Windows Server 2012 R2. You join Server2 to the contoso.com domain. You need to ensure that you can manage Server2 by using the Computer Management console on Server1.
What should you do on Server2?
A. Run the Disable-NetFirewallRulecmdlet.
B. Run the Enable-NetFirewallRulecmdlet.
C. Run sconfig.exe and configure the network settings.
D. Run sconfig.exe and configure remote management.
Answer: B
Explanation:
As we can see on the following screenshot, Remote Management is enabled by default on a new Server Core installation of 2012 (so we don't have to configure it on Server2) BUT that's not enough as it only enables WinRM-based remote management (and computer management is not WinRM- based of course). To enable the remote management from an MMC (such as server manager, or computer manager), we have to enable exception rules in the Firewall, which can be done, amongst other ways, using Powershell and the Enable-NetFirewallRulecmdlet.
http://technet.microsoft.com/en-us/library/jj554869.aspx Enable-NetFirewallRule Detailed Description The Enable-NetFirewallRulecmdlet enables a previously disabled firewall rule to be active within the computer or a group policy organizational unit. This cmdlet gets one or more firewall rules to be enabled with the Name parameter (default), the DisplayName parameter, rule properties, or by associated filters or objects. The Enabled parameter for the resulting queried rules is set to True.
Q11. RAG DROP
Your network contains a single Active Directory domain named contoso.com. The domain contains an Active Directory site named Site1 and an organizational unit (OU) named OU1.
The domain contains a client computer named Client1 that is located in OU1 and Site1.
You create five Group Policy objects (GPO). The GPOs are configured as shown in the following table.
You need to identify in which order the GPOs will be applied to Client1.
In which order should you arrange the listed GPOs?
To answer, move all GPOs from the list of GPOs to the answer area and arrange them in
the correct order.
Answer:
Q12. You have a server named Server1 that runs Windows Server 2012 R2. You create a custom Data Collector Set (DCS) named DCS1. You need to configure DCS1 to meet the following requirements:
Automatically run a program when the amount of total free disk space on Server1 drops below 10 percent of capacity.
Log the current values of several registry settings.
Which two should you configure in DCS1? (Each correct answer presents part of the solution. Choose two.)
A. System configuration information
B. A Performance Counter Alert
C. Event trace data
D. A performance counter
Answer: A,B
Q13. You have a server named Corel that has a Server Core Installation of Windows Server 2012 R2. Corel has the Hyper-V server role installed. Corel has two network adapters from different third-party hardware vendors.
You need to configure network traffic failover to prevent connectivity loss if a network adapter fails.
What should you use?
A. New-NetSwitchTeam
B. Install-Feature
C. Add-NetSwitchTeamMember
D. Netsh.exe
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/jj553814.aspx Detailed Description The New-NetSwitchTeam cmdlet creates a new switch team. A switch team must have a name for the team and must be created with one or more members, or network adapters. The network switch team is a team that is controlled by a Hyper-V extensible switch forwarding extension. No other cmdlets can be used to manage a switch team and the NetSwitchTeam cmdlets must not be used to manage standard, or non-switch, network adapter teams.
Q14. You have a server named Server1.
You install the IP Address Management (IPAM) Server feature on Server1.
You need to provide a user named User1 with the ability to set the access scope of all the DHCP servers that are managed by IPAM. The solution must use the principle of least privilege.
Which user role should you assign to User1?
A. IP Address Record Administrator Role
B. IPAM Administrator Role
C. IPAM MSM Administrator Role
D. IPAM DHCP Scope Administrator Role
Answer: A
Explanation: IPAM ASM Administrators IPAM ASM Administrators is a local security group on an IPAM server that is created when you install the IPAM feature. Members of this group have all the privileges of the IPAM Users security group, and can perform IP address space tasks in addition to IPAM common management tasks. Note: When you install IPAM Server, the following local role-based IPAM security groups are created: IPAM Users IPAM MSM Administrators IPAM ASM Administrators IPAM IP Audit Administrators IPAM Administrators
Q15. Your network contains an Active Directory domain named contoso.com.
Network Policy Server (NPS) is deployed to the domain.
You plan to deploy Network Access Protection (NAP).
You need to configure the requirements that are validated on the NPS client computers.
What should you do?
A. From the Network Policy Server console, configure a health policy.
B. From the Network Policy Server console, configure a network policy.
C. From a Group Policy object (GPO), configure the NAP Client Configuration security setting.
D. From a Group Policy object (GPO), configure the Network Access Protection Administrative Templates setting.
E. From the Network Policy Server console, configure a Windows Security Health Validator (WSHV) policy.
Answer: E Explanation:
I feel the question is a bit unclear still.
http://technet.microsoft.com/en-us/library/cc731260.aspx
WSHV settings
If a client computer is noncompliant with one of the requirements of the WSHV, it is
considered noncompliant with the WSHV as a whole. If a computer is determined to be
noncompliant with the WSHV, the following actions might be taken:
I believe that the validation will take into account Health and Network, so it has to be both
of them.
I don't see A or D being a valid choice.
Leaving us with E. And, the site kinda confirm this.