Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Remote Access server role installed.
DirectAccess is implemented on Server1 by using the default configuration.
You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet.
You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess connection.
What should you do?
A. Configure a DNS suffix search list on the DirectAccess clients.
B. Enable the Route all traffic through the internal network policy setting in the DirectAccess Server Settings Group Policy object (GPO).
C. Configure DirectAccess to enable force tunneling.
D. Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings Group Policy object (GPO).
Answer: C
Q2. You have a server named Server1 that runs Windows Server 2012 R2. Server1 is located
in the perimeter network and has the DNS Server server role installed.
Server1 has a zone named contoso.com.
You apply a security template to Server1.
After you apply the template, users report that they can no longer resolve names from
contoso.com.
On Server1, you open DNS Manager as shown in the DNS exhibit. (Click the Exhibit button.)
On Server1, you open Windows Firewall with Advanced Security as shown in the Firewall exhibit. (Click the Exhibit button.)
You need to ensure that users can resolve contoso.com names.
What should you do?
A. From Windows Firewall with Advanced Security, disable the DNS (TCP, Incoming) rule and the DNS (UDP, Incoming) rule.
B. From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.
C. From DNS Manager, unsign the contoso.com zone.
D. From DNS Manager, modify the Start of Authority (SOA) of the contoso.com zone.
E. From Windows Firewall with Advanced Security, modify the profiles of the DNS (TCP,
Incoming) rule and the DNS (UDP, Incoming) rule.
Answer: E
Q3. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the IP Address Management (IPAM) Server feature installed. IPAM is configured currently for Group Policy-based provisioning.
You need to change the IPAM provisioning method on Server1.
What should you do?
A. Run the ipamgc.exe command.
B. Run the ipamgc.exe command.
C. Run the Set-IPAMConfigurationcmdlet.
D. Reinstall the IP Address Management (IPAM) Server feature.
E. Delete IPAM Group Policy objects (GPOs) from the domain.
Answer: D
Explanation:
You cannot change the provisioning method after completing the initial setup. When you install IPAM and configure either manual OR GPO, you receive the same message about not being able to change the provisioning method. As a matter of fact, I set it up in my lab and configured it as GPO. Here is a copy/paste of the message that is presently on the IPAM home page in server manager:
"The access configuration mode cannot be modified after completing the IPAM provisioning wizard" Also, the help console in IPAM displays this when searching about provisioning methods: "The managed server provisioning method cannot be changed after you complete the IPAM provisioning wizard."
Q4. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server 1. Server1 has the IP Address Management (IPAM) Server feature installed.
A technician performs maintenance on Server1.
After the maintenance is complete, you discover that you cannot connect to the IPAM server on Server1.
You open the Services console as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can connect to the IPAM server.
Which service should you start?
A. Windows Process Activation Service
B. Windows Event Collector
C. Windows Internal Database
D. Windows Store Service (WSService)
Answer: C
Q5. Your network contains multiple subnets. On one of the subnets, you deploy a server named Server1 that runs Windows Server 2012 R2.
You install the DNS Server server role on Server1, and then you create a standard primary zone named contoso.com. You need to ensure that client computers can resolve IP addresses to host names.
What should you do first?
A. Create a GlobalNames zone
B. Convert the contoso.com zone to an Active Directory-integrated zone
C. Configure dynamic updates for contoso.com
D. Create a reverse lookup zone
Answer: A
Q6. OTSPOT
Your network contains an Active Directory domain named fabrikam.com. You implement DirectAccess.
You need to view the properties of the DirectAccess connection.
Which connection properties should you view?
To answer, select the appropriate connection properties in the answer area.
Answer:
Q7. RAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2.
All domain user accounts have the Division attribute automatically populated as part of the user provisioning process. The Support for Dynamic Access Control and Kerberos armoring policy is enabled for the domain.
You need to control access to the file shares on Server1 based on the values in the Division attribute and the Division resource property.
Which three actions should you perform in sequence?
Answer:
Q8. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has six network adapters. Two of the network adapters are connected to a network named LAN1, two of the network adapters are connected to a network named LAN2, and two of the network adapters are connected to a network named LAN3.
You create a network adapter team named Team1 from the two adapters connected to LAN1.
You create a network adapter team named Team2 from the two adapters connected to LAN2.
A company policy states that all server IP addresses must be assigned by using a reserved address in DHCP.
You need to identify how many DHCP reservations you must create for Server1.
How many reservations should you identify?
A. 3
B. 4
C. 6
D. 8
Answer: B
Explanation:
2 Adapters = LAN1 = Team1 = 1 IP 2 Adapters = LAN2 = Team2 = 1 IP 2 Adapters = LAN3 = No Team = 2 IP 1 + 1 + 2 = 4
References: Training Guide: Installing and Configuring Windows Server 2012: Chapter 6: Network Administration, Lesson 3: Managing Networking using Windows PowerShell, p. 253
Q9. Complete the missing word from the sentence below that is describing one of the new roles in Server 2008:
By using__________ , you can augment an organization's security strategy by protecting information through persistent usage policies, which remain with the information, no matter where it is moved.
A. AD FS
B. AD RMS
C. RODC
D. AD LDS
Answer: B
Explanation:
Active Directory Rights Management Services (AD RMS)
Q10. Server manager is a great tool for managing most of your server settings and configuration all in one central place. Which one of the following Server manager Features is used for management of Public Key Infrastructure?
A. Dynamic Host Configuration Server
B. WINS Server
C. Domain Name Service
D. Active Directory Certificate Services
Answer: D
Q11. OTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA).
The domain contains a server named Server1 that runs Windows Server 2012 R2. You install the Active Directory Federation Services server role on Server1.
You plan to configure Server1 as an Active Directory Federation Services (AD FS) server. The Federation
Service name will be set to adfs1.contoso.com.
You need to identify which type of certificate template you must use to request a certificate for AD FS.
Which certificate template should you identify? To answer, select the appropriate template in the
answer area.
Answer:
Q12. OTSPOT
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1 by using TCP port 443.
What should you modify? To answer, select the appropriate object in the answer area.
Answer:
418. You have a server named Server1 that runs Windows Server 2012 R2. You modify the
properties of a system driver and you restart Server1.
You discover that Server1 continuously restarts without starting Windows Server 2012 R2.
You need to start Windows Server 2012 R2 on Server1 in the least amount of time.
The solution must minimize the amount of data loss.
Which Advanced Boot Option should you select?
A. Repair Your Computer
B. Disable Driver Signature Enforcement
C. Last Know Good Configuration (advanced)
D. Disable automatic restart on system failure
Q13. Your network contains an Active Directory domain named contoso.com. The domain contains four servers named Server1, Server2, Server3, and Server4 that run Windows Server 2012 R2.
All servers have the Hyper-V server role and the Failover Clustering feature installed.
The servers are configured as shown in the following table.
You need to replicate virtual machines from Cluster1 to Cluster2.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. From Hyper-V Manager on a node in Cluster2, create three virtual machines.
B. From Cluster2, add and configure the Hyper-V Replica Broker role.
C. From Failover Cluster Manager on Cluster1, configure each virtual machine for replication.
D. From Cluster1, add and configure the Hyper-V Replica Broker role.
E. From Hyper-V Manager on a node in Cluster2/ modify the Hyper-V settings.
Answer: B,C,D
Explanation:
These are two clusters, to replicate any VM to a cluster you need to configure the Replica Broker role on each cluster the last step should be enabling replication on the VMs.
Q14. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the DHCP Server server role and the Network Policy Server role service installed.
Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently provides the same Network Access Protection (NAP) settings to the three scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)
You need to configure Server1 to provide unique NAP enforcement settings to the NAP non-compliant DHCP clients from Scope1.
What should you create?
A. A network policy that has the MS-Service Class condition
B. A connection request policy that has the Service Type condition
C. A network policy that has the Identity Type condition
D. A connection request policy that has the Identity Type condition
Answer: A
Explanation:
A. Restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are
deploying NAP with the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile. http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx
Q15. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
An administrator installs the IP Address Management (IPAM) Server feature on a server named Server2. The administrator configures IPAM by using Group Policy based provisioning and starts server discovery.
You plan to create Group Policies for IPAM provisioning.
You need to identify which Group Policy object (GPO) name prefix must be used for IPAM Group Policies.
What should you do on Server2?
A. From Server Manager, review the IPAM overview.
B. Run the Get-IpamConfigurationcmdlet.
C. From Task Scheduler, review the IPAM tasks.
D. Run the ipamgc.exe tool.
Answer: A