Administering Windows Server 2012

QUESTION NO: 1

Your network contains an Active Directory domain named contoso.com. The functional level of the forest is Windows Server 2008 R2.

Computer accounts for the marketing department are in an organizational unit (OU) named Departments\Marketing\Computers. User accounts for the marketing department are in an OU named Departments\Marketing\Users.

All of the marketing user accounts are members of a global security group named MarketingUsers. All of the marketing computer accounts are members of a global security group named MarketingComputers.

In the domain, you have Group Policy objects (GPOs) as shown in the exhibit. (Click the Exhibit button.)

You create two Password Settings objects named PSO1 and PSO2. PSO1 is applied to MarketingUsers. PSO2 is applied to MarketingComputers.

The minimum password length is defined for each policy as shown in the following table.

You need to identify the minimum password length required for each marketing user.

What should you identify?

A. 5

B. 6

C. 7

D. 10

E. 12

Answer: D

PSO1 is applied to the users so min length is 10

QUESTION NO: 2

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Admin1 that runs Windows Server 2012. Admin1 has the File Server Resource Manager role service installed.

You configure a quota threshold as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that a user named User1 receives an email notification when the threshold is exceeded.

What should you do?

A. Configure the File Server Resource Manager Options.

B. Modify the members of the Performance Log Users group.

C. Create a performance counter alert.

D. Create a classification rule.

Answer: A

Explanation:

A. When you create quotas and file screens, you have the option of sending e-mail notifications to users when their quota limit is approaching or after they have attempted to save files that have been blocked

B. Members of this group can manage performance counters, logs and alerts on the server locally and from remote clients without being a member of the Administrators group.

C. You can set an alert on a counter, thereby defining that a message be sent, a program be run, an entry made to the application event log, or a log be started when the selected counter's value exceeds or falls below a specified setting.

D. File Classification Infrastructure provides insight into your data by automating classification processes so that you can manage your data more effectively. You can classify files and apply policies based on this classification. Example policies include dynamic access control for restricting access to files, file encryption, and file expiration. Files can be classified automatically by using file classification rules or manually by modifying the properties of a selected file or folder.

http://technet.microsoft.com/en-us/library/cc756031(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/cc785098(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/bb490759.aspx

http://technet.microsoft.com/en-us/library/hh831701.aspx

QUESTION NO: 3 HOTSPOT

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012.

The domain contains an organizational unit (OU) named FileServers_OU. FileServers_OU contains the computer accounts for all of the file servers in the domain.

You need to audit the users who successfully access shares on the file servers.

Which audit category should you configure?

To answer, select the appropriate category in the answer area.

Answer: <map><m x1="3" x2="342" y1="153" y2="175" ss="0" a="0" /></map>

Explanation:

http://technet.microsoft.com/en-us/library/hh831382.aspx

http://technet.microsoft.com/en-us/library/cc766468(v=ws.10).aspx

QUESTION NO: 4

Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Admin1 that runs Windows Server 2012.

You view the effective policy settings of Admin1 as shown in the exhibit. (Click the Exhibit button.)

On Admin1, you have a folder named C:\Share1 that is shared as Share1. Share1 contains confidential data. A group named Group1 has full control of the content in Share1.

You need to ensure that an entry is added to the event log whenever a member of Group1 deletes a file in Share1.

What should you configure?

A. The Audit File System setting of Servers GPO

B. The Sharing settings of C:\Share1

C. The Security settings of C:\Share1

D. The Audit File Share setting of Servers GPO

Answer: C

Explanation:

C. Access to objects, such as files and folders can be audited using the advanced security setting auditing tab on Share1 and adding Group1 and selecting the delete check box

http://technet.microsoft.com/en-us/library/cc753927(v=ws.10).aspx

http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/

QUESTION NO: 5

You have a server named Admin1 that runs Windows Server 2012. Admin1 has the File Server Resource Manager role service installed. Admin1 has a folder named Folder1 that is used by the human resources department.

You need to ensure that an email notification is sent immediately to the human resources manager when a user copies an audio file or a video file to Folder1.

What should you configure on Admin1?

A. A file screen

B. A file screen exception

C. A file group

D. A storage report task

Answer: A

Explanation:

A. Create file screens to control the types of files that users can save, and generate notifications when users attempt to save unauthorized files.

B. A file screen exception is a special type of file screen that overrides any file screening that would otherwise apply to a folder and all its subfolders in a designated exception path. That is, it creates an exception to any rules derived from a parent folder.

C. File are a group of file classified by extension (i.e. Images: ,jpg, .gif, etc..)

D. Create reports based on file use

http://technet.microsoft.com/en-us/library/cc732074.aspx

http://technet.microsoft.com/en-us/library/cc730822.aspx

http://technet.microsoft.com/en-us/library/cc755988(v=ws.10).aspx

QUESTION NO: 6

Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the following table.

All desktop computers in contoso.com run Windows 8 and are configured to use BitLocker Drive Encryption (BitLocker) on all local disk drives.

You need to deploy the Network Unlock feature. The solution must minimize the number of features and server roles installed on the network.

To which server should you deploy the feature?

A. Server3

B. Server5

C. Server1

D. Server2

E. Server4

Answer: B

QUESTION NO: 7

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Admin1 and Server2. Both servers run Windows Server 2012. Both servers have the File and Storage Services server role, the DFS Namespaces role service, and the DFS Replication role service installed.

Admin1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Admin1 and Server2 are separated by a low-speed WAN connection.

You need to limit the amount of bandwidth that DFS can use to replicate between Admin1 and Server2.

What should you modify?

A. The cache duration of the namespace

B. The staging quota of the replicated folder

C. The referral ordering of the namespace

D. The schedule of the replication group

Answer: D

QUESTION NO: 8

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012.

All sales users have laptop computers that run Windows 8. The sales computers are joined to the domain. All user accounts for the sales department are in an organizational unit (OU) named Sales_OU.

A Group Policy object (GPO) named GPO1 is linked to Sales_OU.

You need to configure a dial-up connection for all of the sales users.

What should you configure from User Configuration in GPO1?

A. Policies/Administrative Templates/Network/Windows Connect Now

B. Policies/Administrative Templates/Windows Components/Windows Mobility Center

C. Preferences/Control Panel Settings/Network Options

D. Policies/Administrative Templates/Network/Network Connections

Answer: C

Explanation:

http://technet.microsoft.com/en-us/library/cc772107.aspx

To create a new Dial-Up Connection preference item

Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit.

In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Control Panel Settings folder.

Right-click the Network Options node, point to New, and select Dial-Up Connection.

QUESTION NO: 9

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012.

You have a Group Policy object (GPO) named GPO1 that contains several custom Administrative templates.

You need to filter the GPO to display only settings that will be removed from the registry when the GPO falls out of scope. The solution must only display settings that are either enabled or disabled and that have a comment.

How should you configure the filter?

To answer, select the appropriate options below. Select three.

A. Set Managed to: Yes

B. Set Managed to: No

C. Set Managed to: Any

D. Set Configured to: Yes

E. Set Configured to: No

F. Set Configured to: Any

G. Set Commented to: Yes

H. Set Commented to: No

I. Set Commented to: Any

Answer: A, F, G

A: Set Managed to: Yes

There are two kinds of Administrative Template policy settings: Managed and Unmanaged . The Group Policy Client service governs Managed policy settings and removes a policy setting when it is no longer within scope of the user or computer.

F: Set Configured to: Any

We want to display both settings that are enable and disabled.

G: Set Commented to: Yes

Only settings that are commented should be displayed.

Note: Filter with Property Filters

The Local Group Policy Editor allows you to change the criteria for displaying Administrative Template policy settings. By default, the editor displays all policy settings, including unmanaged policy settings. However, you can use property filters to change how the Local Group Policy Editor displays Administrative Template policy settings.

There are three inclusive property filters that you can use to filter Administrative Templates.

These property filters include:

  • Managed

  • Configured

  • Commented

QUESTION NO: 10 HOTSPOT

Your network contains an Active Directory domain named contoso.com.

You have several Windows PowerShell scripts that execute when users log on to their client computer.

You need to ensure that all of the scripts execute completely before the users can access their desktop.

Which setting should you configure?

To answer, select the appropriate setting in the answer area.

Answer: <map><m x1="10" x2="319" y1="142" y2="158" ss="0" a="0" /></map>

Explanation:

http://technet.microsoft.com/en-us/library/cc738773(v=ws.10).aspx

QUESTION NO: 11

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named dcl.contoso.com

You discover that the Default Domain Policy Group Policy objects (GPOs) and the Default Domain Controllers Policy GPOs were deleted.

You need to recover the Default Domain Policy and the Default Domain Controllers Policy GPOs.

What should you run?

A. dcgpofix.exe /target:domain

B. gpfixup.exe /dc:dc1.contoso.com

C. dcgpofix.exe /target:both

D. gptixup.exe /oldnb:contoso /newnb:dc1

Answer: C

Explanation:

http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx

QUESTION NO: 12

Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Admin1. Admin1 has the Web Server (US) server role installed.

On Admin1, you install a managed service account named Service1.

You attempt to configure the World Wide Web Publishing Service as shown in the exhibit. (Click the Exhibit button.)

You receive the following error message: “The account name is invalid or does not exist, or the password is invalid for the account name specified.”

You need to ensure that the World Wide Web Publishing Service can log on by using the managed service account.

What should you do?

A. Specify contoso\service1$ as the account name.

B. Specify service1@contoso.com as the account name.

C. Reset the password for the account.

D. Enter and confirm the password for the account.

Answer: A

Explanation:

A. There must be a dollar sign ($) at the end of the account name in the Services snap-in console. When you use the Services snap-in console, the SeService1ogonRight logon right is automatically assigned to the account. If you use the Sc.exe tool or APIs to configure the account, the account has to be explicitly granted this right by using tools such as the Security Policy snap-in, Secedit.exe, or NTRights.exe.

B. Logon right not automatically granted

C. Not a password issue "I assume" not exhibit present

D. Password not needed when using MSA

http://technet.microsoft.com/en-us/library/dd548356(v=ws.10).aspx

http://blogs.technet.com/b/askds/archive/2009/09/10/managed-service-accounts-understanding-implementingbest-practices-and-troubleshooting.aspx

QUESTION NO: 13

Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012.

You have a Password Settings object (PSOs) named PSO1.

You need to view the settings of PSO1.

Which tool should you use?

A. Group Policy Management

B. Server Manager

C. Get-ADAccountResultantPasswordReplicationPolicy

D. Active Directory Administrative Center

Answer: D

Explanation:

A. ADAC Only

B. ADAC Only

C. Gets the resultant password replication policy for an Active Directory account.

D. You must use the Windows Server 2012 version of Active Directory Administrative Center to administer finegrained password policies through a graphical user interface.

http://technet.microsoft.com/en-us/library/ee617227.aspx

http://technet.microsoft.com/en-us/library/hh831702.aspx#fine_grained_pswd_policy_mgmt

QUESTION NO: 14

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1.

On Dc1, you add a new volume and you stop the Active Directory Domain Services (AD DS) service.

You run ntdsutil.exe and you set NTDS as the active instance.

You need to move the Active Directory database to the new volume.

Which Ntdsutil context should you use?

A. Configurable Settings

B. Partition management

C. IFM

D. Files

Answer: D

Explanation:

A. Aids in modifying the time to live (TTL) of dynamic data that is stored in Active Directory Domain Services (AD DS). At the configurable setting: prompt, type any of the parameters listed under Syntax.

B. Manages directory partitions for Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS).

C. Creates installation media for writable (full) domain controllers, read-only domain controllers (RODCs), and instances of Active Directory Lightweight Directory Services (AD LDS).

D. ntdsutil move db to %s Moves the directory service log files to the new directory specified by %s, and updates the registry so that, upon service restart, the directory service uses the new location.

http://technet.microsoft.com/en-us/library/cc753343(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/cc755229(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/cc730970(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/cc732530(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/cc753900(v=ws.10).aspx

QUESTION NO: 15

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012.

You pre-create a read-only domain controller (RODC) account named RODC1.

You export the settings of RODC1 to a file named File1.txt.

You need to promote RODC1 by using File1.txt.

Which tool should you use?

A. The Dcpromo command

B. The Install-WindowsFeature cmdlet

C. The Install-ADDSDomainController cmdlet

D. The Add-WindowsFeature cmdlet

E. The Dism command

Answer: A

QUESTION NO: 16

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2.

The domain contains three servers that run Windows Server 2012. The servers are configured as shown in the following table.

Admin1 and Server2 are configured in a Network Load Balancing (NLB) cluster. The NLB cluster hosts a website named Web1 that uses an application pool named App1. Web1 uses a database named DB1 as its data store.

You create an account named User1.

You configure User1, as the identity of App1.

You need to ensure that contoso.com domain users accessing Web1 connect to DB1 by using their own credentials.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Configure the delegation settings of Server3.

B. Create a Service Principal Name (SPN) for User1.

C. Configure the delegation settings of User1.

D. Create a matching Service Principal Name (SPN) for Admin1 and Server2.

E. Configure the delegation settings of Admin1 and Server2.

Answer: B, E

Explanation:

A. Delegation needs to be setup on the IIS web servers for the application pool identity

B. Correct user: When an IIS application runs under a domain user account instead of under the default network service account, you must set the SPN for the HTTP service under the domain account.

C. Delegation settings need to be set on server 1 & 2

D. SPN needs to be created for the application pool identity account

E. In a distributed application (Split app/db) the IIS/web servers to be trusted for delegation to impersonate/pasusers

http://technet.microsoft.com/en-us/library/hh831797.aspx

http://technet.microsoft.com/en-us/library/cc961723.aspx

http://technet.microsoft.com/en-us/library/cc739764(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/ee675779.aspx

QUESTION NO: 17

Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012.

A support technician accidentally deletes a user account named User1.

You need to use tombstone reanimation to restore the User1 account.

Which tool should you use?

A. Ntdsutil

B. Ldp

C. Esentutl

D. Active Directory Administrative Center

Answer: B

Explanation:

A. You can use the ntdsutil commands to perform database maintenance of AD DS, manage and control single master operations, and remove metadata

B. use Ldp.exe to restore a single, deleted Active Directory object

C. Provides database utilities for the Extensible Storage Engine (ESE) for Windows Vista.

D. ADAC offers no options to restore deleted objects

http://technet.microsoft.com/nl-nl/library/dd379509(v=ws.10).aspx#BKMK_2

http://technet.microsoft.com/en-us/magazine/2007.09.tombstones.aspx

http://technet.microsoft.com/en-us/library/hh875546.aspx

http://technet.microsoft.com/en-us/library/dd560651(v=ws.10).aspx

QUESTION NO: 18

Your network contains an Active Directory domain named contoso.com. The functional level of the forest is Windows Server 2008 R2.

Computer accounts for the marketing department are in an organizational unit (OU) named Departments\Marketing\Computers. User accounts for the marketing department are in an OU named Departments\Marketing\Users.

All of the marketing user accounts are members of a global security group named MarketingUsers. All of the marketing computer accounts are members of a global security group named MarketingComputers.

In the domain, you have Group Policy objects (GPQ5) as shown in the exhibit. (Click the Exhibit button.)

You create two Password Settings objects named PSO1 and PSO2. PSO1 is applied to MarketingUsers. PSO2 is applied to MarketingComputers.

The minimum password length is defined for each policy as shown in the following table.

You need to identify the minimum password length required for each marketing user.

What should you identify?

A. 5

B. 6

C. 7

D. 10

E. 12

Answer: D

QUESTION NO: 19

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC4 that runs Windows Server 2012.

You create a DCCloneConfig.xml file.

You need to clone DC4.

Where should you place DCCloneConfig.xml on DC4?

A. %Systemroot%\SYSVOL

B. %Programdata%\Microsoft

C. %Systemroot%\NTDS

D. %Systemdrive%

Answer: C

Explanation:

As the output shows, the XML file is written to c:\windows\ntds. That's one of three valid locations where the file can be placed for cloning. All three locations are:

%windir%\NTDS

Wherever the DIT lives (if you've changed the path to D:\NTDS, for example) the root of any removable media

QUESTION NO: 20

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1.

You run ntdsutil as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that you can access the contents of the mounted snapshot.

What should you do?

A. From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds\ntds.dit - Idapport 33389.

B. From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds\ntds.dit - Idapport 389.

C. From the snapshot context of ntdsutil, run activate instance “NTDS”.

D. From the snapshot context of ntdsutil, run mount (79f94f82-5926-4f44-8af0-2f56d827a57d).

Answer: A

Explanation:

A. Custom port needs to be defined when mounting to allow access from ADUC

B. 389 is used as the standard ldap port

C. Run prior to mount and after the mount run dsamain Sets NTDS or a specific AD LDS instance as the active instance.

D. mounts a specific snap shot as specified by guid, using the snapshot mounted you needs to run dsamain to start an instance of AD

http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx

QUESTION NO: 21

You have a server named Admin1 that runs Windows Server 2012.

On Admin1, you configure a custom Data Collector Set (DCS) named DCS1.

You need to ensure that all performance log data that is older than 30 days is deleted automatically.

What should you configure?

A. a File Server Resource Manager (FSRM) quota on the %Systemdrive%\PerfLogs folder

B. a schedule for DCS1

C. the Data Manager settings of DCS1

D. a File Server Resource Manager (FSRM) file screen on the %Systemdrive%\PerfLogs folder

Answer: C

Explanation:

A. Would set a quota on the logs folder, wouldnt remove old log data

B. Configures when the data set would start and stop collecting data, would not remove old log data

C. With Data Management, you can configure how log data, reports, and compressed data are stored for each Data Collector Set.

D. File screens allow certain types of files to prohibited from a share

http://technet.microsoft.com/en-us/library/cc722312.aspx

http://technet.microsoft.com/en-us/library/cc765998.aspx

http://technet.microsoft.com/en-us/library/cc772675(v=ws.10).aspx

QUESTION NO: 22

You have a server named Admin1 that runs Windows Server 2012.

You create a custom Data Collector Set (DCS) named DCS1.

You need to configure DCS1 to meet the following requirements:

  • Automatically run a program when the amount of total free disk space on Admin1 drops below 10 percent of capacity.

  • Log the current values of several registry settings.

Which two should you configure in DCS1? (Each correct answer presents part of the solution. Choose two.)

A. System configuration information

B. A performance counter

C. Event trace data

D. A Performance Counter Alert

Answer: A, D

Explanation:

Automatically run a program when the amount of total free disk space on Admin1 drops below 10 percent of capacity.

You can also configure alerts to start applications and performance logs

Log the current values of several registry settings.

System configuration information allows you to record the state of, and changes to, registry keys.

http://technet.microsoft.com/en-us/library/cc766404.aspx

QUESTION NO: 23 HOTSPOT

Your network contains an Active Directory domain named corp.contoso.com. The domain contains two member servers named Admin1 and Edge1. Both servers run Windows Server 2012.

Your company wants to implement a central location where the system events from all of the servers in the domain will be collected.

From Admin1, a network technician creates a collector-initiated subscription for Edge 1.

You discover that Admin1 does not contain any events from Edge 1.

You view the runtime status of the subscription as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that the system events from Edge 1 are collected on Admin1.

Answer: <map><m x1="369" x2="504" y1="359" y2="379" ss="0" a="0" /></map>

Explanation:

If you intend to specify a user account by using the Specific User option in Advanced Subscription Settings when creating the subscription, you must ensure that account is a member of the local Administrators group on each of the source computers

http://technet.microsoft.com/en-us/library/cc748890.aspx

QUESTION NO: 24 HOTSPOT

Your network contains an Active Directory domain named adatum.com.

You have a Group Policy object (GPO) that configures the Windows Update settings.

Currently, client computers are configured to download updates from Microsoft Update servers. Users choose when the updates are installed.

You need to configure all client computers to install Windows updates automatically.

Which setting should you configure in the GPO?

To answer, select the appropriate setting in the answer area.

Answer: <map><m x1="199" x2="199" y1="166" y2="166" ss="0" a="0" /><m x1="199" x2="740" y1="166" y2="185" ss="0" a="0" /></map>

Explanation:

http://support.microsoft.com/kb/328010#method1

QUESTION NO: 25

Your network contains an Active Directory domain named contoso.com.

All client computers connect to the Internet by using a server that has Microsoft Forefront Threat Management Gateway (TMG) installed.

You deploy a server named Admin1 that runs Windows Server 2012.

You install the Windows Server Update Services server role on Admin1.

From the Windows Server Update Services Configuration Wizard, you click Start Connecting and you receive an HTTP error message.

You need to configure Admin1 to download Windows updates from the Internet.

What should you do?

A. From the Update Services console, modify the Synchronization Schedule options.

B. From Windows Internet Explorer, modify the Connections settings.

C. From Windows Internet Explorer, modify the Security settings.

D. From the Update Services console, modify the Update Source and Proxy Server options.

Answer: D

Explanation:

A. Creates a time/schedule to synchronize the WSUS server

B. Not an IE issue

C. Not an IE issue

D. Specifies WSUS to update using MS Update or other WSUS server, configure Proxy server information to TMG server

http://technet.microsoft.com/en-us/library/hh852346.aspx#BKM_ConfigureWSUSusingConfigurationWizard

QUESTION NO: 26

Your network contains a single Active Directory domain named contoso.com. The domain contains a member server named Admin1 that runs Windows Server 2012.

Admin1 has the Windows Server Updates Services server role installed and is configured to download updates from the Microsoft Update servers.

You need to ensure that Admin1 downloads express installation files from the Microsoft Update servers.

What should you do from the Update Services console?

A. From the Automatic Approvals options, configure the Update Rules settings.

B. From the Products and Classifications options, configure the Classifications settings.

C. From the Products and Classifications options, configure the Products settings.

D. From the Update Files and Languages options, configure the Update Files settings.

Answer: D

Explanation:

To specify whether express installation files are downloaded during synchronization

In the left pane of the WSUS Administration console, click Options.

In Update Files and Languages, click the Update Files tab.

If you want to download express installation files, select the Download express installation files check box. If you do not want to download express installation files, clear the check box.

http://technet.microsoft.com/en-us/library/cc708431(v=WS.10).aspx

QUESTION NO: 27

You have a VHD that contains an image of Windows Server 2012.

You plan to apply updates to the image.

You need to ensure that only updates that can install without requiring a restart are installed.

Which DISM option should you use?

A. /PreventPending

B. /Apply-Unattend

C. /Cleanup-Image

D. /Add-ProvisionedAppxPackage

Answer: A

Explanation:

-PreventPending

Skips the installation of the package if the package or Windows image has pending online actions

http://technet.microsoft.com/en-us/library/hh852164.aspx

http://technet.microsoft.com/en-us/library/dd744522(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/dd744311(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/hh824882.aspx

QUESTION NO: 28

Your network contains an Active Directory domain named adatum.com. The domain contains a server named WDS1 that runs Windows Server 2012. You install the Windows Deployment Services server role on WDS1.

You have a virtual machine named VM1 that runs Windows Server 2012. VM1 has several line-of-business applications installed.

You need to create an image of VM1 by using Windows Deployment Services.

Which type of image should you add to Admin1 first?

A. Capture

B. Install

C. Discovery

D. Boot

Answer: D

Reference:

http://technet.microsoft.com/en-us/library/cc730907(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/jj648426.aspx

http://itadmintips.wordpress.com/2011/05/19/wds-setup-guide-part-2-boot-image-setup/

QUESTION NO: 29 HOTSPOT

Your network contains an Active Directory domain named fabrikam.com.

You implement DirectAccess and an IKEv2 VPN.

You need to view the properties of the VPN connection.

Which connection properties should you view?

To answer, select the appropriate connection properties in the answer area.

Answer: <map><m x1="11" x2="258" y1="191" y2="219" ss="0" a="0" /></map>

Explanation:

http://technet.microsoft.com/en-us/library/jj613767.aspx

untitled

QUESTION NO: 30

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Admin1 that runs Windows Server 2012.

You enable and configure Routing and Remote Access (RRAS) on Admin1.

You create a user account named User1.

You need to ensure that User1 can establish VPN connections to Admin1.

What should you do?

A. Create a network policy.

B. Modify the members of the Remote Management Users group.

C. Create a connection request policy.

D. Add a RADIUS client.

Answer: A

QUESTION NO: 31

Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet.

You implement DirectAccess by using the default configuration.

You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com.

Which settings should you configure in a Group Policy object (GPO)?

A. Name Resolution Policy

B. DNS Client

C. Network Connections

D. DirectAccess Client Experience Settings

Answer: A

Explanation:

For DirectAccess, the NRPT must be configured with the namespaces of your intranet with a leading dot (for example, .internal.contoso.com or .corp.contoso.com). For a DirectAccess client, any name request that matches one of these namespaces will be sent to the specified intranet Domain Name System (DNS) servers.

Include all intranet DNS namespaces that you want DirectAccess client computers to access.

There are no command line methods for configuring NRPT rules. You must use Group Policy settings. To configure the NRPT through Group Policy, use the Group Policy add-in at Computer Configuration \Policies\Windows Settings\Name Resolution Policy in the Group Policy object for DirectAccess clients. You can create a new NRPT rule and edit or delete existing rules. For more information, see Configure the NRPT with Group Policy.

QUESTION NO: 32 HOTSPOT

You have a server named Admin1 that runs Windows Server 2012. Admin1 has the Remote Access server role installed.

You need to configure the ports on Admin1 to ensure that client computers can establish VPN connections to Admin1 by using TCP port 443.

What should you modify?

To answer, select the appropriate object in the answer area.

Answer: <map><m x1="29" x2="339" y1="156" y2="172" ss="0" a="0" /></map>

QUESTION NO: 33

You have a DNS server named Admin1.

Admin1 has a primary zone named contoso.com.

Zone Aging/Scavenging is configured for the contoso.com zone.

One month ago, an Administrator removed a server named Server2 from the network.

You discover that a static resource record for Server2 is present in contoso.com. Resource records for decommissioned client computers are removed automatically from contoso.com.

You need to ensure that the static resource records for all of the servers are removed automatically from contoso.com.

What should you modify?

A. The Security settings of the static resource records

B. The Expires after value of contoso.com

C. The Record time stamp value of the static resource records

D. The time-to-live (TTL) value of the static resource records

Answer: C

Explanation:

A.

B.

C. reset and permit them to use a current (non-zero) time stamp value. This enables these records to become aged and scavenged.

D. For most resource records, this field is optional. It indicates a length of time used by other DNS servers to determine how long to cache information for a record before expiring and discarding it.

http://technet.microsoft.com/en-us/library/cc771677.aspx

http://technet.microsoft.com/en-us/library/cc758321(v=ws.10).aspx

QUESTION NO: 34

Your network contains two Active Directory domains named contoso.com and adatum.com.

The network contains a server named Admin1 that runs Windows Server 2012. Admin1 has the DNS Server server role installed. Server1 has a copy of the contoso.com DNS zone.

You need to configure Admin1 to resolve names in the adatum.com domain.

The solution must meet the following requirements:

  • Prevent the need to change the configuration of the current name servers that host zones for adatum.com.

  • Minimize Administrative effort.

Which type of zone should you create?

A. Primary

B. Secondary

C. Reverse lookup

D. Stub

Answer: D

Explanation:

A. When a zone that this DNS server hosts is a primary zone, the DNS server is the primary source for information about this zone, and it stores the master copy of zone data in a local file or in AD DS.

B. When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone

C. clients use a known IP address and look up a computer name based on its address. A reverse lookup takes the form of a question, such as "Can you tell me the DNS name of the computer that uses the IP address 192.168.1.20?"

D. When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone.

- Prevents Change to current zone

http://technet.microsoft.com/en-us/library/cc771898.aspx

http://technet.microsoft.com/en-us/library/cc730980.aspx

QUESTION NO: 35

Your network contains two servers named Admin1 and Server2. Both servers run Windows Server 2012 and have the DNS Server server role installed.

On Admin1, you create a standard primary zone named contoso.com.

You need to ensure that Server2 can host a secondary zone for contoso.com.

What should you do from Admin1?

A. Add Server2 as a name server.

B. Convert contoso.com to an Active Directory-integrated zone.

C. Create a zone delegation that points to Server2.

D. Create a trust anchor named Server2.

Answer: A

Explanation:

A. You must add a new Name Server. To add a name server to the list of authoritative servers for the zone, you must specify both the server's IP address and its DNS name. When entering names, click Resolve to resolve the name to its IP address prior to adding it to the list.

B. Instead of adding standard secondary DNS servers, you can convert the server from a primary DNS server to an Active Directory Integrated Primary server and configure another domain controller to be a DNS server

C. You can divide your Domain Name System (DNS) namespace into one or more zones. You can delegate management of part of your namespace to another location or department in your organization by delegating the management of the corresponding zone.

D.

http://technet.microsoft.com/en-us/library/cc770984.aspx

http://support.microsoft.com/kb/816101

http://technet.microsoft.com/en-us/library/cc753500.aspx

http://technet.microsoft.com/en-us/library/cc771640(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/ee649280(v=ws.10).aspx

QUESTION NO: 36

You have a server named Admin1 that has a Server Core Installation on Windows Server 2012.

You need to view the time-to-live (TTL) value of a host name that is cached on Admin1.

What should you run?

A. dnscacheugc.exe

B. ipconfig.exe /displaydns

C. nslookup.exe

D. Show-DNSserverCache

Answer: B

QUESTION NO: 37

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.

The domain contains a GPO named GPO 1. GPO1 contains several Group Policy preferences.

You need to view all of the preferences configured in GPO 1.

What should you use?

A. Dcgpofix

B. Get-GPOReport

C. Gpfixup

D. Gpresult

E. Gptedit.msc

F. Import-GPO

G. Restore-GPO

H. Set-GPInheritance

I. Set-GPLink

J. Set-GPPermission

K. Gpupdate

L. Add-ADGroupMember

Answer: B

Explanation:

B. The Get-GPOReport cmdlet generates a report in either XML or HTML format that describes properties and policy settings for a specified GPO or for all GPOs in a domain. The information that is reported for each GPO includes: details, links, security filtering, WMI filtering, delegation, and computer and user configuration

http://technet.microsoft.com/en-us/library/ee461027.aspx

http://cmdlet.wordpress.com/2011/08/24/episode-3-get-gporeport

QUESTION NO: 38

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.

You need to prevent all of the GPO5 at the site level and at the domain level from being applied to users and computers in an organizational unit (OU) named OU1. You want to achieve this goal by using the minimum amount of Administrative effort.

What should you use?

A. Dcgpofix

B. Get-GPOReport

C. Gpfixup

D. Gpresult

E. Gptedit.msc

F. Import-GPO

G. Import-GPO

H. Restore-GPO

I. Set-GPInheritance

J. Set-GPLink

K. Set-GPPermission

L. Gpupdate

M. Add-ADGroupMember

Answer: I

Reference:

http://technet.microsoft.com/en-us/library/ee461032.aspx

QUESTION NO: 39

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPO5). Currently, there are no enforced GPOs.

You have two GPOs linked to an organizational unit (OU) named OU1.

You need to change the precedence order of the GPOs.

What should you use?

A. Dcgpofix

B. Get-GPOReport

C. Gpfixup

D. Gpresult

E. Gptedit.msc

F. Import-GPO

G. Restore-GPO

H. Set-GPInheritance

I. Set-GPLink

J. Set-GPPermission

K. Gpupdate

L. Add-ADGroupMember

Answer: I

Explanation:

The Set-GPLink cmdlet sets the properties of a GPO link.

You can set the following properties:

-- Enabled. If the GPO link is enabled, the settings of the GPO are applied when Group Policy is processed for the site, domain or OU.

-- Enforced. If the GPO link is enforced, it cannot be blocked at a lower-level (in the Group Policy processing hierarchy) container.

-- Order. The order specifies the precedence that the settings of the GPO take over conflicting settings in other GPOs that are linked (and enabled) to the same site, domain, or OU.

http://technet.microsoft.com/en-us/library/ee461022.aspx

QUESTION NO: 40

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.

You need to provide an Administrator named Admin1 with the ability to create GPOs in the domain. The solution must not provide Admin1 with the ability to link GPOs.

What should you use?

A. Dcgpofix

B. Get-GPOReport

C. Gpfixup

D. Gpresult

E. Gptedit.msc

F. Import-GPO

G. Restore-GPO

H. Set-GPInheritance

I. Set-GPLink

J. Set-GPPermission

K. Gpupdate

L. Add-ADGroupMember

Answer: J

Explanation:

http://technet.microsoft.com/en-us/library/ee461038.aspx

Site Search:

Close

Close
Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.


Simply submit your e-mail address below to get started with our interactive software demo of your free trial.


Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.