Upgrading Your Skills to MCSA Windows Server 2012

QUESTION NO: 20

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.

You are creating a central access rule named TestFinance that will be used to audit members of the Authenticated users group for access failure to shared folders in the finance department.

You need to ensure that access requests are unaffected when the rule is published. What should you do?

A. Set the Permissions to Use the following permissions as proposed permissions.

B. Add a Resource condition to the current permissions entry for the Authenticated Users principal.

C. Set the Permissions to Use following permissions as current permissions.

D. Add a User condition to the current permissions entry for the Authenticated Users principal.

Answer: A

Explanation/Reference:

http://technet.microsoft.com/en-us/library/jj134043.aspx

QUESTION NO: 21 DRAG DROP

Your network contains two Active Directory forests named contoso.com and adatum.com. All domain controllers run Windows Server 2012 R2.

A federated trust exists between adatum.com and contoso.com. The trust provides adatum.com users with access to contoso.com resources.

You need to configure Active Directory Federation Services (AD FS) claim rules for the federated trust.

The solution must meet the following requirements:

  • In contoso.com, replace an incoming claim type named Group with an outgoing claim type named Role.

  • In adatum.com, allow users to receive their tokens for the relying party by using their Active Directory group membership as the claim type.

The AD FS claim rules must use predefined templates.

Which rule types should you configure on each side of the federated trust?

To answer, drag the appropriate rule types to the correct location or locations. Each rule type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer: <map><m x1="1" x2="248" y1="66" y2="88" ss="0" a="0" /><m x1="2" x2="247" y1="101" y2="120" ss="0" a="0" /><m x1="4" x2="250" y1="134" y2="156" ss="0" a="0" /><m x1="2" x2="247" y1="168" y2="189" ss="0" a="0" /><m x1="440" x2="685" y1="65" y2="92" ss="1" a="0" /><m x1="438" x2="687" y1="102" y2="127" ss="1" a="0" /><c start="0" stop="0" /><c start="2" stop="1" /></map>

Explanation:

http://technet.microsoft.com/zh-cn/library/ee913586(v=WS.10).aspx

QUESTION NO: 22 DRAG DROP

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server3. The network contains a standalone server named Server2. All servers run Windows Server 2012 R2. The servers are configured as shown in the following table.

Server3 hosts an application named App1. App1 is accessible internally by using the URL https://app1.contoso.com. App1 only supports Integrated Windows authentication.

You need to ensure that all users from the Internet are pre-authenticated before they can access App1.

What should you do? To answer, drag the appropriate servers to the correct actions. Each server may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer:

QUESTION NO: 23 DRAG DROP

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.

You plan to install the Active Directory Federation Services server role on Server1 to allow for Workplace Join.

You run nslookupenterpriseregistration and you receive the following results:

You need to create a certificate request for Server1 to support the Active Directory Federation Services (AD FS) installation.

How should you configure the certificate request? To answer, drag the appropriate names to the correct locations. Each name may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer:

QUESTION NO: 24

You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store.

Some users report that they fail to authenticate to the AD FS infrastructure.

You discover that only users who run third-party web browsers experience issues.

You need to ensure that all of the users can authenticate to the AD FS infrastructure successfully.

Which Windows PowerShell command should you run?

A. Set-ADFSProperties -SSOLifetime 1:00:00

B. Set-ADFSProperties -AddProxyAuthenticationRules None

C. Set-ADFSProperties -ExtendedProtectionTokenCheck None

D. Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00

Answer: D

Explanation/Reference:

A. Sets the valid token lifetime for proxy trust tokens (in minutes). This value is used by the federation server proxy to authenticate with its associated federation server.

B. Specifies a policy rule set that can be used to establish authorization permissions for setting up trust proxies. The default value allows the AD FS 2.0 service user account or any member of BUILTIN\Administrators to register a federation server proxy with the Federation Service.

C. Specifies the duration of the single sign-on (SSO) experience for Web browser clients (in minutes).

D. pecifies the level of extended protection for authentication supported by the federation server. Extended Protection for Authentication helps protect against man-in-the-middle (MITM) attacks, in which an attacker intercepts a client's credentials and forwards them to a server.

http://technet.microsoft.com/zh-cn/library/ee892317.aspx

QUESTION NO: 25

Your network contains a perimeter network and an internal network. The internal network contains an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store.

You plan to deploy a federation server proxy to a server named Server2 in the perimeter network.

You need to identify which value must be included in the certificate that is deployed to Server2.

What should you identify?

A. The name of the Federation Service

B. The name of the Active Directory domain

C. The FQDN of the AD FS server

D. The public IP address of Server2

Answer: C

Explanation:

A. It must contain the FQDN

http://technet.microsoft.com/en-us/library/cc776786(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/cc782620(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/cc759635(v=ws.10).aspx

QUESTION NO: 26

Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed. Server2 is a file server.

Your company introduces a Bring Your Own Device (BYOD) policy.

You need to ensure that users can use a personal device to access domain resources by using Single Sign-On (SSO) while they are connected to the internal network.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Enable the Device Registration Service in Active Directory.

B. Publish the Device Registration Service by using a Web Application Proxy.

C. Configure Active Directory Federation Services (AD FS) for the Device Registration Service.

D. Install the Work Folders role service on Server2.

E. Create and configure a sync share on Server2.

Answer: AC

QUESTION NO: 27 DRAG DROP

Your network contains an Active Directory domain named contoso.com. The domain contains four member servers named Server 1, Server2, Server3, and Server4. All servers run Windows Server 2012 R2.

Server1 and Server2 are located in a site named Site1. Server3 and Server4 are located in a site named Site2. The servers are configured as nodes in a failover cluster named Cluster1.

Cluster1 is configured to use the Node Majority quorum configuration.

You need to ensure that Server1 is the only server in Site1 that can vote to maintain quorum.

What should you run from Windows PowerShell?

To answer, drag the appropriate commands to the correct location. Each command may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer: <map><m x1="5" x2="205" y1="60" y2="84" ss="0" a="0" /><m x1="1" x2="204" y1="94" y2="117" ss="0" a="0" /><m x1="2" x2="206" y1="124" y2="153" ss="0" a="0" /><m x1="3" x2="207" y1="158" y2="185" ss="0" a="0" /><m x1="234" x2="438" y1="50" y2="80" ss="1" a="0" /><m x1="483" x2="685" y1="52" y2="78" ss="1" a="0" /><c start="1" stop="0" /><c start="2" stop="1" /></map>

Explanation/Reference:

http://technet.microsoft.com/en-us/library/ee460990.aspx

QUESTION NO: 28

Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 and Server2 are nodes in a failover cluster named Cluster1. The network contains two servers named Server3 and Server4 that run Windows Server 2012 R2. Server3 and Server4 are nodes in a failover cluster named Cluster2.

You need to move all of the applications and the services from Cluster1 to Cluster2.

What should you do first from Failover Cluster Manager?

A. On a server in Cluster2, click Migrate Roles.

B. On a server in Cluster2, click Move Core Cluster Resources, and then click Select Node...

C. On a server in Cluster1, configure Cluster-Aware Updating.

D. On a server in Cluster2, click Move Core Cluster Resources, and then click Best Possible Node.

Answer: D

Explanation:

In a Windows Server 2012 cluster, In FCM, right-click the Cluster name, click on More Actions, Move Core Cluster Resources and select either Best Possible Node or select the node of your choice.

QUESTION NO: 29 HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.

Server1 and Server2 have the Hyper-V server role installed. The servers are configured as shown in the following table.

You add a third server named Server3 to the network. Server3 has Intel processors.

You need to move VM3 and VM6 to Server3. The solution must minimize downtime on the virtual machines.

Which method should you use to move each virtual machine?

To answer, select the appropriate method for each virtual machine in the answer area.

Answer: <map><m x1="32" x2="158" y1="32" y2="47" ss="0" a="0" /><m x1="32" x2="125" y1="156" y2="172" ss="0" a="0" /></map>

Explanation:

VM3: export/import is the only option due to different processor manufacturers

VM6: Live migration can be used as both have Intel CPU's

Live Storage Migration requires same processor manufacturers

Live migration requires same same processor manufacturers

Quick migration has downtime

http://technet.microsoft.com/en-us/library/dd446679(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/hh831656.aspx

http://technet.microsoft.com/en-us/library/jj628158.aspx

QUESTION NO: 30

Your network contains two servers named HV1 and HV2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed.

HV1 hosts 25 virtual machines. The virtual machine configuration files and the virtual hard disks are stored in D:\VM.

You shut down all of the virtual machines on HV1.

You copy D:\VM to D:\VM on HV2.

You need to start all of the virtual machines on HV2. You want to achieve this goal by using the minimum amount of administrative effort.

What should you do?

A. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and overwrite the existing files. On HV2, run the New Virtual Machine wizard.

B. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and overwrite the existing files. On HV2, run the Import Virtual Machine wizard.

C. Run the Import-VM InitialReplicationcmdlet.

D. Run the Import-VM cmdlet.

Answer: D

ENU-1\Batch 1

QUESTION NO: 3

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 has the Remote Access server role installed.

You log on to Server1 by using a user account named User2.

From the Remote Access Management Console, you run the Getting Started Wizard and you receive a warning message as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that you can configure DirectAccess successfully. The solution must minimize the number of permissions assigned to User2.

To which group should you add User2?

A. Account Operators

B. Enterprise Admins

C. Domain Admins

D. Server Operators

Answer: C

QUESTION NO: 4 HOTSPOT

Your network contains an Active Directory domain named fabrikam.com.

You implement DirectAccess.

You need to view the properties of the DirectAccess connection.

Which connection properties should you view?

To answer, select the appropriate connection properties in the answer area.

Answer:

QUESTION NO: 5

Your network contains a Hyper-V host named Hyperv1. Hyperv1 runs Windows Server 2012 R2.

Hyperv1 hosts four virtual machines named VM1, VM2, VM3, and VM4. All of the virtual machines run Windows Server 2008 R2.

You need to view the amount of memory resources and processor resources that VM4 currently uses.

Which tool should you use on Hyperv1?

A. Task Manager

B. Windows System Resource Manager (WSRM)

C. Hyper-V Manager

D. Resource Monitor

Answer: C

QUESTION NO: 6

You have a server named Server1 that runs Windows Server 2012 R2.

You create a custom Data Collector Set (DCS) named DCS1.

You need to configure Server1 to start DCS1 automatically when the network usage exceeds 70 percent.

Which type of data collector should you create?

A. A performance counter alert

B. A performance counter data collector

C. An event trace data collector

D. A configuration data collector

Answer: A

QUESTION NO: 7

Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Server1 and 10 web servers. All of the web servers are in an organizational unit (OU) named WebServers_OU. All of the servers run Windows Server 2012 R2.

On Server1, you need to collect the error events from all of the web servers. The solution must ensure that when new web servers are added to WebServers_OU, their error events are collected automatically on Server1.

What should you do?

A. On Server1, create a collector initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.

B. On Server1, create a collector initiated subscription. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.

C. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.

D. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.

Answer: D

QUESTION NO: 9

You have a server named Server1 that runs Windows Server 2012 R2.

You create a Data Collector Set (DCS) named DCS1.

You need to configure DCS1 to log data to D:\logs.

What should you do?

A. Right-click DCS1 and click Properties.

B. Right-click DCS1 and click Save template...

C. Right-click DCS1 and click Export list...

D. Right-click DCS1 and click Data Manager...

Answer: A

QUESTION NO: 10 DRAG DROP

Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.

You need to log all DHCP clients that have Windows Firewall disabled.

Which three actions should you perform in sequence?

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer: <map><m x1="6" x2="413" y1="48" y2="70" ss="0" a="0" /><m x1="2" x2="410" y1="82" y2="106" ss="0" a="0" /><m x1="2" x2="413" y1="117" y2="141" ss="0" a="0" /><m x1="4" x2="411" y1="149" y2="191" ss="0" a="0" /><m x1="5" x2="413" y1="200" y2="226" ss="0" a="0" /><m x1="424" x2="818" y1="41" y2="87" ss="1" a="0" /><m x1="425" x2="816" y1="95" y2="138" ss="1" a="0" /><m x1="427" x2="815" y1="145" y2="190" ss="1" a="0" /><c start="3" stop="0" /><c start="2" stop="1" /><c start="1" stop="2" /></map>

QUESTION NO: 11

Your network contains an Active Directory domain named contoso.com.

Network Policy Server (NPS) is deployed to the domain.

You plan to deploy Network Access Protection (NAP).

You need to configure the requirements that are validated on the NPS client computers.

What should you do?

A. From the Network Policy Server console, configure a health policy.

B. From the Network Policy Server console, configure a network policy.

C. From a Group Policy object (GPO), configure the NAP Client Configuration security setting.

D. From a Group Policy object (GPO), configure the Network Access Protection Administrative Templates setting.

E. From the Network Policy Server console, configure a Windows Security Health Validator (WSHV) policy.

Answer:

QUESTION NO: 12

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains two servers. The servers are configured as shown in the following table.

All client computers run Windows 8 Enterprise.

You plan to deploy Network Access Protection (NAP) by using IPSec enforcement.

A Group Policy object (GPO) named GPO1 is configured to deploy a trusted server group to all of the client computers.

You need to ensure that the client computers can discover HRA servers automatically.

Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A. On all of the client computers, configure the EnableDiscovery registry key.

B. In a GPO, modify the Request Policy setting for the NAP Client Configuration.

C. On Server2/ configure the EnableDiscovery registry key.

D. On DC1, create a service location (SRV) record.

E. On DC1, create an alias (CNAME) record.

Answer: A, B, D

QUESTION NO: 13

Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs WindowsServer 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.

You need to ensure that only computers that send a statement of health are checked for Network Access Protection (NAP) healthrequirements.

Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)

A. The NAS Port Type constraints

B. The MS-Service Class conditions

C. The Health Policies conditions

D. The NAP-Capable Computers conditions

E. The Called Station ID constraints

Answer: C, D

QUESTION NO: 15

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.

You make a change to GPO1.

You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.

Which tool should you use?

A. The Set-AdComputercmdlet

B. Group Policy Management Console (GPMC)

C. Server Manager

D. TheGpupdate command

Answer: B

QUESTION NO: 16 DRAG DROP

Your network contains a single Active Directory domain named contoso.com. The domain contains an Active Directory site named Site1 and an organizational unit (OU) named OU1.

The domain contains a client computer named Client1 that is located in OU1 and Site1.

You create five Group Policy objects (GPO). The GPOs are configured as shown in the following table.

You need to identify in which order the GPOs will be applied to Client1. In which order should you arrange the listed GPOs?

To answer, move all GPOs from the list of GPOs to the answer area and arrange them in the correct order.

Answer:

Explanation:

By default settings in Group Policy Objects (GPOs) get applied in the following order: Local system policies first, then policies on the Active Directory Domain level, then policies on the Active Directory Site level and then the policies for all the Organization Units the computer and user are members of, starting at the root of the domain. The settings that are last applied are the settings in effect.

QUESTION NO: 17

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\.

All of the domain controllers have a third-party application installed.

The operating system fails to recognize that the application is compatible with domain controller cloning.

You verify with the application vendor that the application supports domain controller cloning.

You need to prepare a domain controller for cloning.

What should you do?

A. In C:\Windows\, create an XML file named DCCIoneConfig.xml and add the application information to the file.

B. In the root of a USB flash drive, add the application information to an XML file named DefaultDCCIoneAllowList.xml.

C. In D:\Windows\NTDS\, create an XML file named DCCIoneConfig.xml and add the application information to the file.

D. In D:\Windows\NTDS\, create an XML file named CustomDCCIoneAllowList.xml and add the application information to the file.

Answer: D

Explanation/Reference:

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active-directory-domainservices-in-windows-server-2012-part-13-domain-controller-cloning.aspx

Place the CustomDCCloneAllowList.xml file in the same folder as the Active Directory database (ntds.dit) on the source Domain Controller.

Site Search:

Close

Close
Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.


Simply submit your e-mail address below to get started with our interactive software demo of your free trial.


Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.