MicrosoftMicrosoft - ActualTests.70-412.v2015-12-30.by - GabbyDigital.362q.pdf - Actualtests.70 412.v2015!12!30.by - Gabbydigital.362q

70-412
Number: 000-000
Passing Score: 800
Time Limit: 120 min
File Version: 1.0
http://www.gratisexam.com/
All the questions i found from the different forums and other VCE files.
Organized some of the questions into sections.
Fixed some incorrect answers
Contains almost all the questions
Some questions may contain wrong answers
Enough to pass
Special thanks to people who contributed.
Sections
1. Configure and manage the high availability (15-20%)
2. Configure File and Storage Solutions (15-20%)
3. Implementation of business continuity and disaster recovery (15-20%
4. Configure network services (15-20%)
5. Configure the Active Directory infrastructure (15-20%)
6. Configuring Identity and Access Solutions (15-20%
Exam A
QUESTION 1
Your network contains an Active Directory domain named adatum.com.
The domain contains two domain controllers that run Windows Server 2012 R2.
The domain controllers are configured as shown in the following table.
You log on to DC1 by using a user account that is a member of the Domain Admins group, and then you create a new user account named User1.
You need to prepopulate the password for User1 on DC2.
What should you do first?
A.
B.
C.
D.
Connect to DC2 from Active Directory Users and Computers.

Add DC2 to the Allowed RODC Password Replication Policy group.
Add the User1 account to the Allowed RODC Password Replication Policy group.
Run Active Directory Users and Computers as a member of the Enterprise Admins group.
Correct Answer: C
Section: Configure the Active Directory infrastructure (15-20%)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre
QUESTION 2
Your company has offices in Montreal, New York, and Amsterdam.
The network contains an Active Directory forest named contoso.com.
An Active Directory site exists for each office. All of the sites connect to each other by using the DEFAULTIPSITELINK site link.
You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicate the Active Directory changes to the domain controllers
in the Amsterdam office.
The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the Active Directory changes any time of day.
What should you do?
A. Create a new site link that contains Montreal and Amsterdam.
Remove Amsterdam from DEFAULTIPSITELINK.
Modify the schedule of DEFAULTIPSITELINK.
B. Create a new site link that contains Montreal and Amsterdam.
Create a new site link bridge.
Modify the schedule of DEFAU LTIPSITELINK.
C. Create a new site link that contains Montreal and Amsterdam.
Remove Amsterdam from DEFAULTIPSITELINK.
Modify the schedule of the new site link.
D. Create a new site link that contains Montreal and Amsterdam.
Create a new site link bridge.
Modify the schedule of the new site link.
Correct Answer: C
Explanation
Explanation:
Very Smartly reworded with same 3 offices. In the exam correct answer is "Create a new site link that contains Newyork to Montreal.
Remove Montreal from DEFAULTIPSITELINK.Modify the schedule of the new site link".
QUESTION 3
Your network contains two Active Directory forests named contoso.com and adatum.com.
A two- way forest trust exists between the forests. The contoso.com forest contains an enterprise certification authority (CA) named Server1.
You implement cross-forest certificate enrollment between the contoso.com forest and the adatum.com forest.
On Server1, you create a new certificate template named Template1.
You need to ensure that users in the adatum.com forest can request certificates that are based on Template1.
Which tool should you use?
A.
B.
C.
D.
E.
DumpADO.ps1
Repadmin
Add-CATemplate
Certutil
PKISync.ps1
Correct Answer: E
Section: Configuring Identity and Access Solutions (15-20%
Explanation
Explanation:
B. Repadmin.exe helps administrators diagnose Active Directory replication problems between domain controllers running Microsoft Windows operating systems.
C. Adds a certificate template to the CA.
D. Use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components,
and verify certificates, key pairs, and certificate chains.
E. PKISync.ps1 copies objects in the source forest to the target forest
http://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx#BKMK_Consolidating
http://technet.microsoft.com/en-us/library/hh848372.aspx
http://technet.microsoft.com/library/cc732443.aspx
http://technet.microsoft.com/en-us/library/ff961506(v=ws.10).aspx
QUESTION 4
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Deployment Services server role installed.
You back up Server1 each day by using Windows Server Backup.
The disk array on Server1 fails.
You replace the disk array.
You need to restore Server1 as quickly as possible. What should you do?
A.
B.
C.
D.
Start Server1 from the Windows Server 2012 R2 installation media.

Start Server1and press F8.
Start Server1 and press Shift+F8.
Start Server1 by using the PXE.
Correct Answer: A
Explanation
Explanation:
A. Recovery of the OS uses the Windows Setup Disc
http://technet.microsoft.com/en-us/library/cc753920.aspx
http://www.windowsnetworking.com/articles_tutorials/Restoring-Windows-Server-BareMetal.html
QUESTION 5
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
Both servers have the Hyper-V server role installed. Server1 and Server2 are located in different offices.
The offices connect to each other by using a high-latency WAN link.
Server2 hosts a virtual machine named VM1.
You need to ensure that you can start VM1 on Server1 if Server2 fails.
The solution must minimize hardware costs. What should you do?
A. On Server1, install the Multipath I/O (MPIO) feature.

Modify the storage location of the VHDs for VM1.
B. From the Hyper-V Settings of Server2, modify the Replication Configuration settings.
Enable replication for VM1.
C. On Server2, install the Multipath I/O (MPIO) feature.
Modify the storage location of the VHDs for VM1.
D. From the Hyper-V Settings of Server1, modify the Replication Configuration settings.
Enable replication for VM1.
Correct Answer: D
Explanation
Explanation:
You first have to enable replication on the Replica server--Server1--by going to the server and modifying the "Replication Configuration" settings under Hyper-V
settings.
You then go to VM1-- which presides on Server2-- and run the "Enable Replication" wizard on VM1.
QUESTION 6
Your network contains an Active Directory domain named contoso.com.
The domain contains three servers named Server1, Server2, and Server3 that run Windows Server 2012 R2.
All three servers have the Hyper-V server role installed and the Failover Clustering feature installed. Server1 and Server2 are nodes in a failover cluster named
Cluster1.
Several highly available virtual machines run on Cluster1.

Cluster1 has the Hyper-V Replica Broker role installed.
The Hyper-V Replica Broker currently runs on Server1. Server3 currently has no virtual machines.
You need to configure Cluster1 to be a replica server for Server3 and Server3 to be a replica server for Cluster1.
Which two tools should you use? (Each correct answer presents part of the solution. Choose two.)
A.
B.
C.
D.
E.
The Hyper-V Manager console connected to Server3

The Failover Cluster Manager console connected to Server3
The Hyper-V Manager console connected to Server1.
The Failover Cluster Manager console connected to Cluster1
The Hyper-V Manager console connected to Server2
Correct Answer: AD
Section: Configure and manage the high availability (15-20%)
Explanation
Explanation:
http://technet.microsoft.com/en-us/library/jj134240.aspx
QUESTION 7
You have a DNS server named Server1 that runs Windows Server 2012 R2.
Server1 has a signed zone for contoso.com.
You need to configure DNS clients to perform DNSSEC validation for the contoso.com DNS domain.
What should you configure?
A.
B.
C.
D.
The Network Connection settings

A Name Resolution Policy
The Network Location settings
The DNS Client settings
Correct Answer: B
Section: Configure network services (15-20%)
Explanation
Explanation:
In a DNSSEC deployment, validation of DNS queries by client computers is enabled through configuration of IPSEC & NRPT
http://technet.microsoft.com/en-us/library/ee649182(v=ws.10).aspx
QUESTION 8
The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
On Dc1, you open DNS Manager as shown in the exhibit. (Click the Exhibit button.)
You need to change the replication scope of the contoso.com zone.

What should you do before you change the replication scope?
A.
B.
C.
D.
Modify the Zone Transfers settings.

Add DC1 to the Name Servers list.
Add your user account to the Security settings of the zone.
Unsign the zone.
Correct Answer: D

Explanation
Explanation:
Lock icon signifies that the Zone has been signed. Changes to the zone are blocked when signed
http://www.microsoft.com/en-us/download/dlx/ThankYou.aspx?id=29018
QUESTION 9
The domain contains a domain controller named DC1 and a member server named Server1.
Server1 has the IP Address Management (IPAM) Server feature installed.
On Dc1, you configure Windows Firewall to allow all of the necessary inbound ports for IPAM.
On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can use IPAM on Server1 to manage DNS on DC1.
What should you do?
A.
B.
C.
D.
Modify the outbound firewall rules on Server1.

Modify the inbound firewall rules on Server1.
Add Server1 to the Remote Management Users group.
Add Server1 to the Event Log Readers group.
Correct Answer: D
Explanation
Explanation:
Since no exhibit, the guess here is it's not using the GPO to manage the Event Log Readers group-- evidenced by the fact that the firewall was configured manually
instead of with the GPO.
If the GPO was being used then the IPAM server would be in the Event Log Readers group due to restricted group settings in the GPO as shown below:
In the above example, the IPAM server is as member of the VDI\IPAMUG group.
QUESTION 10
The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2.
You install the IPAM client on Server2.
You open Server Manager on Server2 as shown in the exhibit. (Click the Exhibit button.)
You need to manage IPAM from Server2.

A. On Server1, add the Server2 computer account to the IPAM MSM Administrators group.
B. On Server2, open Computer Management and connect to Server1.
C. On Server2, add Server1 to Server Manager.
D. On Server1, add the Server2 computer account to the IPAM ASM Administrators group.
Correct Answer: C
Explanation
Explanation:
QUESTION 11
The domain contains a domain controller named Dc1. DC1 has the DNS Server server role installed.
The network has two sites named Site1 and Site2. Site1 uses 10.10.0.0/16 IP addresses and Site2 uses 10.11.0.0/16 IP addresses.
All computers use DC1 as their DNS server. The domain contains four servers named Server1, Server2, Server3, and Server4.
All of the servers run a service named Service1. DNS host records are configured as shown in the exhibit. (Click the Exhibit button.)
You discover that computers from the 10.10.1.0/24 network always resolve Service1 to the [P address of Server1.
You need to configure DNS on DC1 to distribute computers in Site1 between Server1 and Server2 when the computers attempt to resolve Service1.
What should run on DC1?
A.
B.
C.
D.
dnscmd /config /bindsecondaries 1

dnscmd /config /localnetpriority 0
dnscmd /config /localnetprioritynetmask 0x0000ffff
dnscmd /config /roundrobin 0
Correct Answer: C
Section: (none)
Explanation
Explanation:
A. Specifies use of fast transfer format used by legacy Berkeley Internet Name Domain (BIND) servers. 1 enables
B. Disables netmask ordering.
C. You can use the Dnscmd /Config /LocalNetPriorityNetMask 0x0000FFFF command to use class B ( or 16 bit) for netmask ordering for DNS round robin
D. Disables round robin rotation.
http://support.microsoft.com/kb/842197
QUESTION 12
The domain contains a main office and a branch office. An Active Directory site exists for each office.
The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
Both servers have the DHCP Server server role installed. Server1 is located in the main office site.
Server2 is located in the branch office site. Server1 provides IPv4 addresses to the client computers in the main office site.
Server2 provides IPv4 addresses to the client computers in the branch office site.
You need to ensure that if either Server1 or Server2 are offline, the client computers can still obtain IPv4 addresses.
The solution must meet the following requirements:
- The storage location of the DHCP databases must not be a single point of failure.
- Server1 must provide IPv4 addresses to the client computers in the branch office site only if Server2 is offline.
- Server2 must provide IPv4 addresses to the client computers in the main office site only if Server1 is offline.
Which configuration should you use?
A.
B.
C.
D.
load sharing mode failover partners

a failover cluster
hot standby mode failover partners
a Network Load Balancing (NLB) cluster
Correct Answer: C
Explanation
Explanation:
A. The load sharing mode of operation is best suited to deployments where both servers in a failover relationship are located at the same physical site.
B. Hot standby mode of operation is best suited to deployments where a central office or data center server acts as a standby backup server to a server at a remote
site, which is local to the DHCP clients
C. Needs to be a DHCP Failover option
D. Needs to be a DHCP Failover option
http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failover-hot-standbymode.aspx
QUESTION 13
You have a DHCP server named Server1.
Server1 has an IP address 192.168.1.2 is located on a subnet that has a network ID of 192.168.1.0/24.
On Server1, you create the scopes shown in the following table.
You need to ensure that Server1 can assign IP addresses from both scopes to the DHCP clients on the local subnet.
What should you create on Server1?
A.
B.
C.
D.
A scope
A superscope
A split-scope
A multicast scope
Correct Answer: B
Explanation
Explanation:
A. A scope is an administrative grouping of IP addresses for computers on a subnet that use the Dynamic Host Configuration Protocol (DHCP) service. The
administrator first creates a scope for each physical subnet and then uses the scope to define the parameters used by clients.
B. A superscope is an administrative feature of Dynamic Host Configuration Protocol (DHCP) servers running Windows Server 2008 that you can create and
manage by using the DHCP Microsoft Management Console (MMC) snap-in. By using a superscope, you can group multiple scopes as a single administrative
entity.
D. Multicasting is the sending of network traffic to a group of endpointsdestination hosts.
Only those members in the group of endpoints hosts that are listening for the multicast traffic (the multicast group) process the multicast traffic
http://technet.microsoft.com/en-us/library/dd759168.aspx
QUESTION 14
Your network contains servers that run Windows Server 2012 R2.
The network contains a large number of iSCSI storage locations and iSCSI clients.
You need to deploy a central repository that can discover and list iSCSI resources on the network automatically.
Which feature should you deploy?
A.
B.
C.
D.
the Windows Standards-Based Storage Management feature

the iSCSI Target Server role service
the iSCSI Target Storage Provider feature
the iSNS Server service feature
Correct Answer: D
Section: Configure File and Storage Solutions (15-20%)
Explanation
Explanation:
A. Windows Server 2012 R2 enables storage management that is comprehensive and fully scriptable, and administrators can manage it remotely.
A WMI-based interface provides a single mechanism through which to manage all storage, including non-Microsoft intelligent storage subsystems and virtualized
local storage (known as Storage Spaces). Additionally, management applications can use a single Windows API to manage different storage types by using
standards- based protocols such as Storage Management Initiative Specification (SMI-S).
B. Targets are created in order to manage the connections between an iSCSI device and the servers that need to access it. A target defines the portals (IP
addresses) that can be used to connect to the iSCSI device, as well as the security settings (if any) that the iSCSI device requires in order to authenticate the
servers that are requesting access to its resources.
C. iSCSI Target Storage Provider enables applications on a server that is connected to an iSCSI target to perform volume shadow copies of data on iSCSI virtual
disks. It also enables you to manage iSCSI virtual disks by using older applications that require a Virtual Disk Service (VDS) hardware provider, such as the
Diskraid command.
D. The Internet Storage Name Service (iSNS) protocol is used for interaction between iSNS servers and iSNS clients. iSNS clients are computers, also known as
initiators, that are attempting to discover storage devices, also known as targets, on an Ethernet network.
QUESTION 15
Your network contains two Active Directory forests named contoso.com and fabrikam.com.
The contoso.com forest contains two domains named corp.contoso.com and contoso.com.
You establish a two-way forest trust between contoso.com and fabrikam.com.
Users from the corp.contoso.com domain report that they cannot log on to client computers in the fabrikam.com domain by using their corp.contoso.com user
account.
When they try to log on, they receive following error message:
"The computer you are signing into is protected by an authentication firewall. The specified account is not allowed to
authenticate to the computer."
Corp.contoso.com users can log on successfully to client computers in the contoso.com domain by using their corp.contoso.com user account credentials.
You need to allow users from the corp.contoso.com domain to log on to the client computers in the fabrikam.com forest.
What should you do?
A.
B.
C.
D.
Configure Windows Firewall with Advanced Security.

Enable SID history.
Configure forest-wide authentication.
Instruct the users to log on by using a user principal name (UPN).
Correct Answer: C
Explanation
Explanation:
The forest-wide authentication setting permits unrestricted access by any users in the trusted forest to all available shared resources in any of the domains in the
trusting forest.
QUESTION 16
Both servers have the Hyper-V server role installed.
The servers have the hardware configurations shown in the following table.
Server1 hosts five virtual machines that run Windows Server 2012 R2.
You need to move the virtual machines from Server1 to Server2.
The solution must minimize downtime.
What should you do for each virtual machine?
A.
B.
C.
D.
Export the virtual machines from Server1 and import the virtual machines to Server2.
Perform a live migration.
Perform a quick migration.
Perform a storage migration.
Correct Answer: A
Explanation
Explanation:
None of these migration options will work between different Processors ( AMD/Intel). The only option remaining is to export and re-import the VMs
QUESTION 17
The domain contains two servers named Server1 and Server2.
You plan to replicate virtual machines between Server1 and Server2.
The replication will be encrypted by using Secure Sockets Layer (SSL).
You need to request a certificate on Server1 to ensure that the virtual machine replication is encrypted.
Which two intended purposes should the certificate for Server1 contain? (Each correct answer presents part of the solution. Choose two.)
A.
B.
C.
D.
E.
Client Authentication
Kernel Mode Code Signing
Server Authentication
IP Security end system
KDC Authentication
Correct Answer: AC
Explanation
Explanation:
http://blogs.technet.com/b/virtualization/archive/2012/03/13/hyper-v-replica-certificate- requirements.aspx
QUESTION 18
The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2.
The network contains an enterprise certification authority (CA).
All servers are enrolled automatically for a certificate-based on the Computer certificate template.
On Server1, you have a virtual machine named VM1. VM1 is replicated to Server2.
You need to encrypt the replication of VM1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On Server1, modify the settings of VM1.
B.
C.
D.
E.
F.
On Server2, modify the settings of VM1.

On Server2, modify the Hyper-V Settings.
On Server1, modify the Hyper-V Settings.
On Server1, modify the settings of the virtual switch to which VM1 is connected.
On Server2, modify the settings of the virtual switch to which VM1 is connected.
Correct Answer: AC
Section: (none)
Explanation
Explanation:
Answer is A and C, not A and F. Virtual Switch has nothing to do with this scenario based many sites I've visited even TechNet.
And added a couple examples with Enterprise CA as well.
C. - Is Server 2, modify settings of Hyper-V=>Replica Server. then all the Encryption Reqs. TCP- 443/SSL.
QUESTION 19
The domain contains a file server named Server1 that runs Windows Server 2012 R2.
You create a user account named User1 in the domain.
You need to ensure that User1 can use Windows Server Backup to back up Server1.
The solution must minimize the number of administrative rights assigned to User1.
What should you do?
A.
B.
C.
D.
Add User1 to the Backup Operators group.

Add User1 to the Power Users group.
Assign User1 the Backup files and directories user right and the Restore files and directories user right.
Assign User1 the Backup files and directories user right.
Correct Answer: D
Section: Implementation of business continuity and disaster recovery (15-20%
Explanation
Explanation:
Backup Operators have these permissions by default:
However the question explicitly says we need to minimize administrative rights.

Since the requirement is for backing up the data only--no requirement to restore or shutdown--then assigning the "Back up files and directories user right" would be
the correct answer.
QUESTION 20
You have a server named Server1 that runs Windows Server 2012 R2 and is used for testing.
A developer at your company creates and installs an unsigned kernel-mode driver on Server1.
The developer reports that Server1 will no longer start.
You need to ensure that the developer can test the new driver.
The solution must minimize the amount of data loss.
Which Advanced Boot Option should you select?
A. Disable Driver Signature Enforcement
B. Disable automatic restart on system failure
C. Last Know Good Configuration (advanced)
D. Repair Your Computer

Correct Answer: A
Explanation
Explanation:
A. By default, 64-bit versions of Windows Vista and later versions of Windows will load a kernel- mode driver only if the kernel can verify the driver signature.
However, this default behavior can be disabled to facilitate early driver development and non-automated testing.
B. specifies that Windows automatically restarts your computer when a failure occurs
C. Developer would not be able to test the driver as needed
D. Removes or repairs critical windows files, Developer would not be able to test the driver as needed and some file loss
http://msdn.microsoft.com/en-us/library/windows/hardware/ff547565(v=vs.85).aspx
QUESTION 21
The domain contains two member servers named Server1 and Server2.
All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed.
The servers are configured as nodes in a failover cluster named Cluster1.
You add two additional nodes in Cluster1.
You have a folder named Folder1 on Server1 that hosts application data.
Folder1 is a folder target in a Distributed File System (DFS) namespace.
You need to provide highly available access to Folder1.
The solution must support DFS Replication to Folder1.

A.
B.
C.
D.
E.
F.
G.
H.
I.
J.
K.
L.
Affinity-None
Affinity-Single
The cluster quorum settings
The failover settings
A file server for general use
The Handling priority
The host priority
Live migration
The possible owner
The preferred owner
Quick migration
The Scale-Out File Server
Correct Answer: E
Explanation
Explanation:
QUESTION 22
All servers run Windows Server 2012 R2. Server1 and Server2 have the Network Load Balancing (NLB) feature installed.
The servers are configured as nodes in an NLB cluster named Cluster1.
Port rules are configured for all clustered applications.
You need to ensure that Server2 handles all client requests to the cluster that are NOT covered by a port rule.
A.
B.
C.
D.
E.
F.
G.
H.
Affinity-None
Affinity-Single
The host priority
Live migration
I.
J.
K.
L.
The possible owner

The preferred owner
Quick migration
The Scale-Out File Server
Correct Answer: G
Explanation
Explanation:
http://technet.microsoft.com/en-us/library/bb742455.aspx
QUESTION 23
Your network contains an Active Directory forest.
The forest contains two domains named contoso.com and fabrikam.com.
The functional level of the forest is Windows Server 2003.
You have a domain outside the forest named adatum.com.
You need to configure an access solution to meet the following requirements:
- Users in adatum.com must be able to access resources in contoso.com.

- Users in adatum.com must be prevented from accessing resources in fabrikam.com.
- Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com.
What should you create?
A.
B.
C.
D.
a one-way realm trust from contoso.com to adatum.com

a one-way realm trust from adatum.com to contoso.com
a one-way external trust from contoso.com to adatum.com
a one-way external trust from adatum.com to contoso.com
Correct Answer: C
Explanation
Explanation:
domain names were changed, so understand the question well
You need to make trust relationship where domain contoso.com trusts adatum.com.
QUESTION 24
The domain contains a main office and a branch office.
An Active Directory site exists for each office.
All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers.
DC1 hosts an Active Directory- integrated zone for contoso.com.
You add the DNS Server server role to DC2.
You discover that the contoso.com DNS zone fails to replicate to DC2.
You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2.
You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication.
A.
B.
C.
D.
E.
Dnscmd
Dnslint
Repadmin
Ntdsutil
DNS Manager
F. Active Directory Sites and Services

G. Active Directory Domains and Trusts
H. Active Directory Users and Computers
Correct Answer: F
Explanation
Explanation:
http://technet.microsoft.com/en-us/library/cc739941(v=ws.10).aspx If you see question about AD Replication, First preference is AD sites and services, then
Repadmin and then DNSLINT.
QUESTION 25
DC1 has the DHCP Server server role installed. DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
You discover that client computers cannot obtain IPv4 addresses from DC1.
You need to ensure that the client computers can obtain IPv4 addresses from DC1.
What should you do?
A.
B.
C.
D.
Activate the scope.

Authorize DC1.
Disable the Allow filters.
Disable the Deny filters.
Correct Answer: C
Explanation
Explanation:
There is no items in the deny List. So it means that client computers MAC addresses is not listed in the allow list. So we have to disable the "Allow Filters"
http://technet.microsoft.com/en- us/library/ee956897(v=ws.10).aspx
QUESTION 26
The domain contains a file server named Server1 and a domain controller named DC1.
All servers run Windows Server 2012 R2.
A Group Policy object (GPO) named GPO1 is linked to the domain.
Server1 contains a folder named Folder1.
Folder1 is shared as Share1.

You need to ensure that authenticated users can request assistance when they are denied access to the resources on Server1.
A.
B.
C.
D.
E.
Assign the Read Attributes NTFS permission on Folder1 to the Authenticated Users group.
Install the File Server Resource Manager role service on Server1.
Configure the Customize message for Access Denied errors policy setting of GPO1.
Enable the Enable access-denied assistance on client for all file types policy setting for GPO1.
Install the File Server Resource Manager role service on DC1.
Correct Answer: BD
Section: (none)
Explanation
Explanation:
http://technet.microsoft.com/en-us/library/hh831402.aspx#BKMK_1
QUESTION 27
Server6 contains a folder named Folder1. Folder1 is shared as Share1.
The NTFS permissions on Folder1 are shown in the exhibit. (Click the Exhibit button.)
The domain contains two global groups named Group1 and Group2.
You need to ensure that only users who are members of both Group1 and Group2 are denied access to Folder1.
A.
B.
C.
D.
E.
F.
Remove the Deny permission for Group1 from Folder1.

Deny Group2 permission to Folder1.
Install a domain controller that runs Windows Server 2012 R2.
Create a conditional expression.
Deny Group2 permission to Share1.
Deny Group1 permission to Share1.
Correct Answer: CD
Section: (none)
Explanation
Explanation:
* Conditional Expressions for Permission Entries Windows Server 2008 R2 and Windows 7 enhanced Windows security descriptors by introducing a conditional
access permission entry. Windows Server 2012 R2 takes advantage of conditional access permission entries by inserting user claims, device claims, and resource
properties, into conditional expressions. Windows Server 2012 R2 security evaluates these expressions and allows or denies access based on results of the
evaluation. Securing access to resources through claims is known as claims-based access control. Claims-based access control works with traditional access
control to provide an additional layer of authorization that is flexible to the varying needs of the enterprise environment. http://social.technet.microsoft.com/wiki/
contents/articles/14269.introducing-dynamicaccess- control-en-us.aspx
QUESTION 28
Server1 and Server2 have the Hyper-V server role installed.
Server1 and Server2 are configured as Hyper-V replicas of each other.
Server1 hosts a virtual machine named VM1. VM1 is replicated to Server2.
You need to verify whether the replica of VM1 on Server2 is functional.
The solution must ensure that VM1 remains accessible to clients.
What should you do from Hyper-V Manager?
A.
B.
C.
D.
On Server1, execute a Planned Failover.

On Server1, execute a Test Failover.
On Server2, execute a Planned Failover.
On Server2, execute a Test Failover.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 29
You have a failover cluster named Cluster1 that contains four nodes.
All of the nodes run Windows Server 2012 R2.
You need to force every node in Cluster1 to contact immediately the Windows Server Update Services (WSUS) server on your network for updates.
A.
B.
C.
D.
The Add-CauClusterRole cmdlet

The Wuauclt command
The Wusa command
The Invoke-CauScan cmdlet
Correct Answer: D
Explanation
Explanation:
A. Adds the Cluster-Aware Updating (CAU) clustered role that provides the self-updating functionality to the specified cluster.
B. the wuauclt utility allows you some control over the functioning of the Windows Update Agent
C. The Wusa.exe file is in the %windir%\System32 folder. The Windows Update Standalone Installer uses the Windows Update Agent API to install update
packages.
Update packages have an .msu file name extension. The .msu file name extension is associated with the Windows Update Standalone Installer.
D. Performs a scan of cluster nodes for applicable updates and returns a list of the initial set of updates that would be applied to each node in a specified cluster.
http://technet.microsoft.com/en- us/library/hh847235(v=wps.620).aspx
http://technet.microsoft.com/en- us/library/cc720477(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/hh847228(v=wps.620).aspx
QUESTION 30
The network contains a file server named Server1 that runs Windows Server 2012 R2.
You are configuring a central access policy for temporary employees.
You enable the Department resource property and assign the property a suggested value of Temp.
You need to configure a target resource condition for the central access rule that is scoped to resources assigned to Temp only.
Which condition should you use?
A. (Temp.Resource Equals "Department")
B. (Resource.Temp Equals "Department")
C. (Resource.Department Equals "Temp")
D. (Department.Value Equals "Temp")

Correct Answer: C
Explanation
Explanation:
http://technet.microsoft.com/fr-fr/library/hh846167.aspx
QUESTION 31
The domain contains a server named CA1 that runs Windows Server 2012 R2.
CA1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery.
You need to ensure that a user named User1 can decrypt private keys archived in the Active Directory Certificate Services (AD CS) database.
The solution must prevent User1 from retrieving the private keys from the AD CS database.
What should you do?
A. Assign User1 the Issue and Manage Certificates permission to Server1.
B. Assign User1 the Read permission and the Write permission to all certificate templates.
C. Provide User1 with access to a Key Recovery Agent certificate and a private key.
D. Assign User1 the Manage CA permission to Server1.
Correct Answer: C
Explanation
Explanation:
http://social.technet.microsoft.com/wiki/contents/articles/7573.active-directory-certificate-services-pki-keyarchival-andmanagement.aspx#Protecting_Key_Recovery_Agent_Keys
QUESTION 32
The domain contains two sites named Site1 and Site2 and two domain controllers named DC1 and DC2.
Both domain controllers are located in Site1.
You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2.
A technician connects DC3 to Site2.
You discover that users in Site2 are authenticated by all three domain controllers.
You need to ensure that the users in Site2 are authenticated by DC1 or DC2 only if DC3 is unavailable.
What should you do?
A.
B.
C.
D.
From Network Connections, modify the IP address of DC3.

In Active Directory Sites and Services, modify the Query Policy of DC3.
From Active Directory Sites and Services, move DC3.
In Active Directory Users and Computers, configure the insDS-PrimaryComputer attribute for the users in Site2.
Correct Answer: C
Explanation
Explanation:
http://social.technet.microsoft.com/wiki/contents/articles/7573.active-directory-certificateservices-pki-keyarchival-andanagement.aspx#Protecting_Key_Recovery_Agent_Keys
QUESTION 33
Contoso.com contains one domain. Adatum.com contains a child domain named child.adatum.com.
Contoso.com has a one-way forest trust to adatum.com.
Selective authentication is enabled on the forest trust.
Several user accounts are migrated from child.adatum.com to adatum.com.
Users report that after the migration, they fail to access resources in contoso.com.
The users successfully accessed the resources in contoso.com before the accounts were migrated.
You need to ensure that the migrated users can access the resources in contoso.com.
What should you do?
A.
B.
C.
D.
Replace the existing forest trust with an external trust.

Run netdom and specify the /quarantine attribute.
Disable SID filtering on the existing forest trust.
Disable selective authentication on the existing forest trust.
Correct Answer: C
Explanation
Explanation:
B. Enables administrators to manage Active Directory domains and trust relationships from the command prompT, /quarantine Sets or clears the domain
quarantine
C. Need to gran access to the resources in contoso.com
D. Selective authentication over a forest trust restricts access to only those users in a trusted forest who have been explicitly given authentication permissions to
computer objects (resource computers) that reside in the trusting forest
QUESTION 34
You have four servers that run Windows Server 2012 R2.
The servers have the Failover Clustering feature installed.
You deploy a new cluster named Cluster1. Cluster1 is configured as shown in the following table.
Site2 is a disaster recovery site. Server1, Server2, and Server3 are configured as the preferred owners of the cluster roles.
Dynamic quorum management is disabled.
You plan to perform hardware maintenance on Server3.
You need to ensure that if the WAN link between Site1 and Site2 fails while you are performing maintenance on Server3, the cluster resource will remain available
in Site1.
What should you do?
A.
B.
C.
D.
Enable dynamic quorum management.

Remove the node vote for Server3.
Add a file share witness in Site1.
Remove the node vote for [C1] Server4 and Server5.
Correct Answer: D
Section: (none)
Explanation
Explanation:
http://msdn.microsoft.com/en-us/library/hh270280.aspx#VotingandNonVotingNodes
QUESTION 35
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has the DNS Server server role installed.
You need to configure Server1 to resolve queries for single-label DNS names.
A.
B.
C.
D.
E.
F.
Run the Set-DNSServerGlobalNameZone cmdlet.

Modify the DNS suffix search list setting.
Modify the Primary DNS Suffix Devolution setting.
Create a zone named ".".
Create a zone named GlobalNames.
Run the Set-DNSServerRootHint cmdlet.
Correct Answer: AE
Explanation
Explanation:
http://technet.microsoft.com/en-us/library/jj649907(v=wps.620).aspx
QUESTION 36

Server2 has the DHCP Server server role installed.
A user named User1 is a member of the IPAM Users group on Server1.
You need to ensure that User1 can use IPAM to modify the DHCP scopes on Server2.
The solution must minimize the number of permissions assigned to User1.
To which group should you add User1?
A.
B.
C.
D.
DHCP Administrators on Server2

IPAM ASM Administrators on Server1
IPAMUG in Active Directory
IPAM MSM Administrators on Server1
Correct Answer: A
Explanation
Explanation:
The user need rights to change DHCP not IPAM
C. Members of the DHCP Administrators group can view and modify any data at the DHCP server.
QUESTION 37
You have a server named DC2 that runs Windows Server 2012 R2. DC2 contains a DNS zone named adatum.com.
The adatum.com zone is shown in the exhibit. (Click the Exhibit button.)
You need to configure DNS clients to perform DNSSEC validation for the adatum.com DNS domain.
A.
B.
C.
D.
The Network Location settings

A Name Resolution Policy
The DNS Client settings
The Network Connection settings
Correct Answer: B
Explanation
B. The Name Resolution Policy Table (NRPT) is a table that contains rules you can configure to specify DNS settings or special behavior for names or
namespaces.
The NRPT can be configured using Group Policy or by using the Windows Registry.
C. client component that resolves and caches Domain Name System (DNS) domain names.
When the DNS Client service receives a request to resolve a DNS name that it does not contain in its cache, it queries an assigned DNS server for an IP address
for the name
D. Network connections make it possible for computers to access resources on the network and the internet
http://technet.microsoft.com/en-us/library/hh831411.aspx#config_client1
QUESTION 38

Server1 has the DHCP Server server role installed. Server2 has the Hyper-V server role installed.
Server2 has an IP address of 192.168.10.50. Server1 has a scope named Scope1 for the 192.168.10.0/24 network.
You plan to deploy 20 virtual machines on Server2 that will be connected to the external network.
The MAC addresses for the virtual machines will begin with 00-15-SD-83-03.
You need to configure Server1 to offer the virtual machines IP addresses from 192.168.10.200 to 192.168.10.21g.
Physical computers on the network must be offered IP addresses outside this range.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do from the DHCP console?
A.
B.
C.
D.
Create reservations.
Create a policy.
Delete Scope1 and create two new scopes.
Configure Allow filters and Deny filters.
Correct Answer: B
Explanation
Explanation:
A. With client reservations, it is possible to reserve a specific IP address for permanent use by a DHCP client.
A new feature in Windows Server 2012 R2 called policy based assignment allows for even greater flexibility.
B. Policy based assignment allows the policy to be scoped to a MAC address and IP range C.
D. A DHCP server offers its services to the DHCP clients based on the availability of MAC address filtering.
Once the Allow filter is set, all DHCP operations are based on the access controls (allow/deny).
http://blogs.technet.com/b/teamdhcp/archive/2012/08/22/granular-dhcp-serveradministration-using-dhcppolicies-in-windows-server-2012.aspx
QUESTION 39
All of the domain controllers in both of the forests run Windows Server 2012 R2.
The adatum.com domain contains a file server named Servers.
Adatum.com has a one-way forest trust to contoso.com.
A contoso.com user name User10 attempts to access a shared folder on Servers and receives the error message shown in the exhibit. (Click the Exhibit button.)
You verify that the Authenticated Users group has Read permissions to the Data folder.
You need to ensure that User10 can read the contents of the Data folder on Server5 in the adatum.com domain.
What should you do?
A.
B.
C.
D.
Grant the Other Organization group Read permissions to the Data folder.
Modify the list of logon workstations of the contoso\User10 user account.
Enable the Netlogon Service (NP-In) firewall rule on Server5.
Modify the permissions on the Server5 computer object in Active Directory.
Correct Answer: D
Explanation
Explanation:
To resolve the issue, I had to open up AD Users and Computers --> enable Advanced Features - -> Select the Computer Object --> Properties --> Security --> Add
the Group I want to allow access to the computer (in this case, DomainA\Domain users) and allow "Allowed to Authenticate". Once I did that, everything worked:
QUESTION 40
You have a domain outside the forest named adatum.com.
- Users in adatum.com must be able to access resources in contoso.com.
- Users in adatum.com must be prevented from accessing resources in fabrikam.com.

- Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com.
A.
B.
C.
D.
a one-way external trust from adatum.com to fabrikam.com

a one-way realm trust from fabrikam.com to adatum.com
a one-way realm trust from adatum.com to fabrikam.com
a one-way external trust from fabrikam.com to adatum.com
Correct Answer: A
Explanation
Explanation:
A. A one-way trust is a unidirectional authentication path that is created between two domains. This means that in a one-way trust between Domain A and Domain
B, users in Domain A can access resources in Domain B. However, users in Domain B cannot access resources in Domain A. This would allow adatum.com users
access to contoso which is desired. B. This would allow contoso.com users access to adatum which must be prevented and used for non windows realm to AD.
C. This would allow adatum.com users access to contoso which is desired but realm trust types are used for non windows realm to AD.
D. This would allow adatum users access to contoso which must be prevented and You need to make trust relationship where domain contoso.com trusts
adatum.com. NOTE: On exam the domain names were changed, so understand the question well
QUESTION 41

DC1 hosts an Active Directory-integrated zone for contoso.com.

A.
B.
C.
D.
Active Directory Sites and Services

Ntdsutil
DNS Manager
Active Directory Domains and Trusts
Correct Answer: A
Explanation
Explanation:
A. To control replication between two sites, you can use the Active Directory Sites and Services snap- in to configure settings on the site link object to which the
sites are added. By configuring settings on a site link, you can control when replication occurs between two or more sites, and how often
B. Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory
Services (AD LDS). You can use the ntdsutil commands to perform database maintenance of AD DS, manage and control single master operations, and remove
metadata left behind by domain controllers that were removed from the network without being properly uninstalled.
C. DNS Manager is the tool you'll use to manage local and remote DNS Servers
D. Active Directory Domains and Trusts is the Microsoft Management Console (MMC) snap-in that you can use to administer domain trusts, domain and forest
functional levels, and user principal name (UPN) suffixes.
Note: If you see question about AD Replication, First preference is AD sites and services, then Repadmin and then DNSLINT.
QUESTION 42
The contoso.com domain contains domain controllers that run either Windows Server 2008 or Windows Server 2008 R2.
The functional level of the domain is Windows Server 2008.
The fabrikam.com domain contains domain controllers that run either Windows Server 2003 or Windows Server 2008.
The functional level of the domain is Windows Server 2003.
The contoso.com domain contains a member server named Server1 that runs Windows Server 2012 R2.
You install the Active Directory Domain Services server role on Server1.
You need to add Server1 as a new domain controller in the contoso.com domain.
What should you do?
A.
B.
C.
D.
Run the Active Directory Domain Services Configuration Wizard.

Run adprep.exe /domainprep, and then run dcpromo.exe.
Raise the functional level of the forest, and then run dcprorno.exe.
Modify the Computer Name/Domain Changes properties.
Correct Answer: A
Explanation
Explanation:
Windows Server 2012 R2 requires a Windows Server 2003 forest functional level.
That is, before you can add a domain controller that runs Windows Server 2012 R2 to an existing Active Directory forest, the forest functional level must be
Windows Server 2003 or higher.
http://blogs.technet.com/b/askpfeplat/archive/2012/09/03/introducing-the-first-windowsserver-2012-domaincontroller.aspx
http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx
QUESTION 43
The forest functional level is Windows 2000. The contoso.com domain contains domain controllers that run either Windows Server 2008 or Windows Server 2008
R2.
The domain functional level is Windows Server 2008.
The fabrikam.com domain contains domain controllers that run either Windows 2000 Server or Windows Server 2003.
The domain functional level is Windows 2000 native.
The contoso.com domain contains a member server named Server1 that runs Windows Server 2012 R2.
You need to add Server1 as a new domain controller in the contoso.com domain.
A. Raise the functional level of the contoso.com domain to Windows Server 2008 R2.
B.
C.
D.
E.
Upgrade the domain controllers that run Windows Server 2008 to Windows Server 2008 R2.
Raise the functional level of the fabrikam.com domain to Windows Server 2003.
Decommission the domain controllers that run Windows 2000.
Raise the forest functional level to Windows Server 2003.
Correct Answer: D
Section: (none)
Explanation
Explanation:
D. Server 2003 is the minimum Domain Functional level for any domain in the forest Windows Server 2012 R2 requires a Windows Server 2003 forest functional
level.
That is, before you can add a domain controller that runs Windows Server 2012 R2 to an existing Active Directory forest, the forest functional level must be
Windows Server 2003 or higher.
QUESTION 44
The domain contains four servers.
The servers are configured as shown in the following table.
You plan to deploy an enterprise certification authority (CA) on a server named Server5.
Server5 will be used to issue certificates to domain-joined computers and workgroup computers.
You need to identify which server you must use as the certificate revocation list (CRL) distribution point for Server5.
Which server should you identify?
A.
B.
C.
D.
Server 3
Server 2
Server 4
Server 1
Correct Answer: A
Section: (none)
Explanation
Explanation:
A. We cannot use AD DS because workgroup computers must access CRL distribution point
B. We cannot use File Share because workgroup computers must access CRL distribution point
C. Public facing web server can be used
D. AD DS, Web & File Share only
QUESTION 45
You have a server named Server1 that has the Active Directory Certificate Services server role installed.
Server1 uses a hardware security module (HSM) to protect the private key of Server1.
You need to ensure that the Active Directory Certificate Services (AD CS) database, log files, and private key are backed up.
You perform regular backups of the HSM module by using a backup utility provided by the HSM manufacturer.
What else should you do?
A.
B.
C.
D.
Run the certutil.exe command and specify the -backupkey parameter.

Run the certutil.exe command and specify the -backupdb parameter.
Run the certutil.exe command and specify the -backup parameter.
Run the certutil.exe command and specify the -dump parameter.
Correct Answer: B
Section: (none)
Explanation
Explanation:
A. Backup the Active Directory Certificate Services certificate and private key
B. Backup the Active Directory Certificate Services database
C. Backup Active Directory Certificate Services
D. Dump configuration information or files
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupKey
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupDB
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backup
http://technet.microsoft.com/library/cc732443.aspx#BKMK_dump
QUESTION 46
Your network contains four Active Directory forests.
Each forest contains an Active Directory Rights Management Services (AD RMS) root cluster.
All of the users in all of the forests must be able to access protected content from any of the forests.
You need to identify the minimum number of AD RMS trusts required.

How many trusts should you identify?
A.
B.
C.
D.
3
6
12
16
Correct Answer: C
Explanation
Explanation:
https://technet.microsoft.com/en-us/library/dd772659%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
The number of AD RMS trusts required to interact between all AD RMS forests can be defined by using the following formula: N*(N-1).
QUESTION 47
Your network contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the Hyper-V server role installed. Server1 hosts 10 virtual machines that run Windows Server 2012 R2.
You add a new server named Server2. Server2 has faster hard disk drives, more RAM, and a different processor manufacturer than Server1.
You need to move all of the virtual machines from Server1 to Server2.
The solution must minimize downtime. W
hat should you do for each virtual machine?
A.
B.
C.
D.

Export the virtual machines from Server1 and import the virtual machines to Server2.
Correct Answer: C
Explanation
Explanation:
C. Other options require same CPU family and cluster
The different processor manufacturer is the key here. Storage, Live, and Quick all require same manufacturer.
QUESTION 48
You have a datacenter that contains six servers.
Each server has the Hyper-V server role installed and runs Windows Server 2012 R2.
Host4 and Host5 are part of a cluster named Cluster1. Cluster1 hosts a virtual machine named VM1.
You need to move VM1 to another Hyper-V host. The solution must minimize the downtime of VM1.
To which server and by which method should you move VM1?
A.
B.
C.
D.
To Host3 by using a storage migration

To Host6 by using a storage migration
To Host2 by using a live migration
To Host1 by using a quick migration
Correct Answer: A
Section: (none)
Explanation
Explanation:
A. Host3 is the only option to allow minimum downtime and has same processor manufacturers
B. Live Storage Migration requires same processor manufacturers
C. Live migration requires same same processor manufacturers
D. Quick migration has downtime
NOTE: Exam may have more options but same answer
QUESTION 49
Server1 and Server2 have the Failover Clustering feature installed.
Cluster1 hosts an application named App1.
You need to ensure that Server2 handles all of the client requests to the cluster for App1.
The solution must ensure that if Server2 fails, Server1 becomes the active node for App1.
A.
B.
C.
D.
E.
F.
G.
H.
I.
J.
K.
L.
Affinity-None
Affinity-Single
The host priority
Live migration
The possible owner
The preferred owner
Quick migration
the Scale-Out File Server
Correct Answer: J
Explanation
Explanation:
http://blogs.msdn.com/b/clustering/archive/2008/10/14/9000092.aspx
The preferred owner in a 2 server cluster will always be the active node unless it is down.
QUESTION 50
You add two additional nodes to Cluster1.
You need to ensure that Cluster1 stops running if three nodes fail.
A.
B.
C.
D.
E.
F.
G.
H.
I.
J.
K.
L.
Affinity-None
Affinity-Single
The host priority
Live migration
The possible owner
The preferred owner
Quick migration
Correct Answer: C
Explanation
Explanation:
The quorum configuration in a failover cluster determines the number of failures that the cluster can sustain.
QUESTION 51
You configure File Services and DHCP as clustered resources for Cluster1.
Server1 is the active node for both clustered resources.
You need to ensure that if two consecutive heartbeat messages are missed between Server1 and Server2, Server2 will begin responding to DHCP requests.
The solution must ensure that Server1 remains the active node for the File Services clustered resource for up to five missed heartbeat messages.
A.
B.
C.
D.
E.
F.
G.
H.
I.
J.
K.
L.
Affinity-None
Affinity-Single
The host priority
Live migration
The possible owner
The preferred owner
Quick migration
Correct Answer: D
Explanation
Explanation:
The number of heartbeats that can be missed before failover occurs is known as the heartbeat threshold
http://technet.microsoft.com/en-us/library/dn265972.aspx
QUESTION 52
Server1 has a single volume that is encrypted by using BitLocker Drive Encryption (BitLocker).
BitLocker is configured to save encryption keys to a Trusted Platform Module (TPM).
Server1 is configured to perform a daily system image backup.
The motherboard on Server1 is upgraded.
After the upgrade, Windows Server 2012 R2 on Server1 fails to start.
You need to start the operating system on Server1 as soon as possible.
What should you do?
A. Start Server1 from the installation media. Run startrec.exe.
B. Move the disk to a server that has a model of the old motherboard.
Start the server from the installation media.
Run bcdboot.exe.
C. Move the disk to a server that has a model of the old motherboard.
Start the server. Run tpm.msc.
D. Start Server1 from the installation media. Perform a system image recovery.
Correct Answer: D
Section: (none)
Explanation
Explanation:
Encryption keys are lost. Nothing mentioned about password/keys recovery.
My point is that the only way is to restore the server from a backup.
http://social.technet.microsoft.com/Forums/windows/en-US/6b34b4da-b1e2-4038-8d6d192f973cadea/usingsystem-image-with-a-bitlocker-system-drive
QUESTION 53
You have a test server named Server1 that is configured to dual-boot between Windows Server 2008 R2 and Windows Server 2012 R2.
You start Server1 and you discover that the boot entry for Windows Server 2008 R2 no longer appears on the boot menu.
You start Windows Server 2012 R2 on Server1 and you discover the disk configurations shown in the following table.
You need to restore the Windows Server 2008 R2 boot entry on Server1.
What should you do?
A.
B.
C.
D.
Run bootrec.exe and specify the /scanos parameter.

Run bcdedit.exe and specify the /create store parameter.
Run bootcfg.exe and specify the /copy parameter.
Run bootrec.exe and specify the /rebuildbcd parameter.
Correct Answer: D
Explanation
QUESTION 54
Your network contains an Active Directory forest named contoso.com.
The forest contains a single domain.
The forest contains three Active Directory sites named SiteA, SiteB, and SiteC.
The sites contain four domain controllers.
An IP site link exits between each site.

You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB.
You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable.
What should you do?
A.
B.
C.
D.
Create a site link bridge.

Create additional connection objects for DC3 and DC4.
Increase the cost of the site link between SiteA and SiteC.
Correct Answer: D
Explanation
Explanation:
http://technet.microsoft.com/en-us/library/dd277430.aspx#XSLTsection126121120120
QUESTION 55
You have a server named File1 that runs Windows Server 2012 R2.
File1 has the File Server role service installed.
You plan to back up all shared folders by using Windows Azure Online Backup.
You download and install the Windows Azure Online Backup Service Agent on File1.
You need to ensure that you use Windows Server Backup to back up data to Windows Azure Online Backup.
What should you do?
A.
B.
C.
D.
From Computer Management, add the File1 computer account to the Backup Operators group.
From the Services console, modify the Log On settings of the Windows Azure Online Backup Service Agent.
From Windows Server Backup, run the Register Server Wizard.
From a command prompt, run wbadmin.exe enable backup.
Correct Answer: C
Explanation
Explanation:
http://blogs.technet.com/b/windowsserver/archive/2012/03/28/microsoft-online-backupservice.aspx
QUESTION 56

All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers.

A.
B.
C.
D.
Ntdsutil
Repadmin
Dnslint
Correct Answer: B
Section: (none)
Explanation
Explanation:
If you see question about AD Replication, First preference is AD sites and services, then Repadmin and then DNSLINT.
QUESTION 57

A.
B.
C.
D.
Dnslint
A DNS Manager
Active Directory Users and Computers
Dnscmd
Correct Answer: A
Explanation
Explanation:
Note: If you see question about AD Replication, First preference is AD sites and services, then Repadmin and then DNSLINT.
QUESTION 58
Your network contains an Active Directory forest named adatum.com.
You need to update the schema to support a domain controller that will run Windows Server 2012 R2.
On which server should you run adprep.exe?
A.
B.
C.
D.
Server1
DC3
DC2
DC1
Correct Answer: B
Section: (none)
Explanation
Explanation:
DC3 is the only server that could be assumed to be 64bit
http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx#BKMK_WS2012
QUESTION 59
Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2.
You have a Password Settings object (PSOs) named PSO1.
You need to view the settings of PSO1.
A.
B.
C.
D.
Get-ADDomainControllerPasswordReplicationPolicy
Get-ADDefaultDomainPasswordPolicy
Server Manager
Get-ADFineGrainedPasswordPolicy
Correct Answer: D
Explanation
Explanation:
A. Gets the members of the allowed list or denied list of a read-only domain controller's password replication policy
B. Gets the default password policy for an Active Directory domain.
C. PSO's managed from AD AC or Powershell Only
D. Gets one or more Active Directory fine grained password policies.
http://technet.microsoft.com/en-us/library/ee617207.aspx
QUESTION 60
The domain contains two servers named Server1 and Server2 Both servers have the IP Address Management (IPAM) Server feature installed.
You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2.
You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2.
To which group on Server2 should you add Tech1.
A.
B.
C.
D.
IPAM MSM Administrators

IPAM Administrators
winRMRemoteWMIUsers_
Remote Management Users
Correct Answer: C
Explanation
Explanation:
A. IPAM MSM Administrators can't access remotely
B. IPAM Administrators can't access remotely
C. If you are accessing the IPAM server remotely using Server Manager IPAM client RSAT, then you must be a member of the WinRMRemoteWMIUsers group on
the IPAM server, in addition to being a member of the appropriate IPAM security group (or local Administrators group).
http://msdn.microsoft.com/en-us/library/windows/desktop/aa384295(v=vs.85).aspx
http://www.microsoft.com/en-us/download/details.aspx?id=29012
QUESTION 61
Both forests contain multiple domains. All domain controllers run Windows Server 2012 R2.
Contoso.com has a one-way forest trust to adatum.com.
A domain named paris.eu.contoso.com hosts several legacy applications that use NTLM authentication.
Users in a domain named london.europe.adatum.com report that it takes a long time to be authenticated when they attempt to access the legacy applications
hosted in paris.eu.contoso.com.
You need to reduce how long it takes for the london.europe.adatum.com users to be authenticated in paris.eu.contoso.com.
What should you do?
A. Create a shortcut trust.
B. Create an external trust between the forest root domains.
C. Disable SID filtering on the existing trust.

D. Create an external trust.
Correct Answer: A
Explanation
Explanation:
A. Shortcut trusts are one-way or two-way, transitive trusts that can be used when administrators need to optimize the authentication process.
Authentication requests must first travel a trust path between domain trees, and in a complex forest this can take time, which can be reduced with shortcut trusts.
B. Use external trusts to provide access to resources located on a Windows NT 4.0 domain or a domain located in a separate forest that is not joined by a forest
trust.
C. Filters users or SIDs from one domain
D. Use external trusts to provide access to resources located on a Windows NT 4.0 domain or a domain located in a separate forest that is not joined by a forest
trust
QUESTION 62
You are creating a central access rule named TestFinance that will be used to audit members of the Authenticated Users group for access failure to shared folders
in the finance department.
You need to ensure that access requests are unaffected when the rule is published.
What should you do?
A.
B.
C.
D.
Add a User condition to the current permissions entry for the Authenticated Users principal.
Set the Permissions to Use the following permissions as proposed permissions.
Add a Resource condition to the current permissions entry for the Authenticated Users principal.
Set the Permissions to Use following permissions as current permissions.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 63
Windows Server 2012 R2 is installed on volume C.
You need to ensure that Safe Mode with Command Prompt loads the next time Server1 restarts.
A.
B.
C.
D.
The Restart-Server cmdlet

The Bootcfg command
The Restart-Computer cmdlet
The Bcdedit command
Correct Answer: D
Section: (none)
Explanation
Explanation:
A. Restart-Server is not a CMDLET
B. modifies the Boot.ini file
C. Restarts computer
D. Boot Configuration Data (BCD) files provide a store that is used to describe boot applications and boot application settings.
You can see with msconfig tool that boot options have changed as follows:
NOTE: Alternate Shell may be used
After reboot you should remove the safeboot option using bcdedit:
- bcdedit /deletevalue safeboot
QUESTION 64
Your network contains two Web servers named Server1 and Server2.
Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster.
You configure the nodes to use the port rule shown in the exhibit. (Click the Exhibit button.)
You need to configure the NLB cluster to meet the following requirements:
- HTTPS connections must be directed to Server1 if Server1 is available.
- HTTP connections must be load balanced between the two nodes.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A.
B.
C.
D.
E.
F.
From the host properties of Server1, set the Handling priority of the existing port rule to 2.
From the host properties of Server2, set the Priority (Unique host ID) value to 1.
Create a port rule for TCP port 80. Set the Filtering mode to Multiple host and set the Affinity to None.
Create an additional port rule for TCP port 443. Set the Filtering mode to Multiple host and set the Affinity to Single.
Correct Answer: BDE

Explanation
Explanation:
Handling priority: When Single host filtering mode is being used, this parameter specifies the local host's priority for handling the networking traffic for the
associated port rule.
The host with the highest handling priority (lowest numerical value) for this rule among the current members of the cluster will handle all of the traffic for this rule.
The allowed values range from 1, the highest priority, to the maximum number of hosts allowed (32). This value must be unique for all hosts in the cluster.
E (not C): Lower priority (2) for Server 2.
D: HTTP is port 80.
Multiple hosts. This parameter specifies that multiple hosts in the cluster handle network traffic for the associated port rule. This filtering mode provides scaled
performance in addition to fault tolerance by distributing the network load among multiple hosts. You can specify that the load be equally distributed among the
hosts or that each host handle a specified load weight. Reference:
Network Load Balancing parameters
QUESTION 65
Your network contains two Active Directory forests named contoso.com and litwareinc.com.
A two- way forest trusts exists between the forest. Selective authentication is enabled on the trust.
The contoso.com forest contains a server named Server1.
You need to ensure that users in litwareinc.com can access resources on Server1.
What should you do?
A.
B.
C.
D.
Install Active Directory Rights Management Services on a domain controller in contoso.com.

Modify the permission on the Server1 computer account.
Install Active Directory Rights Management Services on a domain controller in litwareinc.com.
Configure SID filtering on the trust.
Correct Answer: B
Explanation
Explanation:
QUESTION 66
You add two additional nodes to Cluster1.
You have a folder named Folder1 on Server1 that contains application data.
You plan to provide continuously available access to Folder1.
You need to ensure that all of the nodes in Cluster1 can actively respond to the client requests for Folder1.
A.
B.
C.
D.
Affinity-None
Affinity-Single
E.
F.
G.
H.
I.
J.
K.
L.

The host priority
Live migration
The possible owner
The preferred owner
Quick migration
Correct Answer: L
Explanation
Explanation:
Scale-Out File Server for application data (Scale-Out File Server)
This clustered file server is introduced in Windows Server 2012 R2 and lets you store server application data, such as Hyper- V virtual machine files, on file shares,
and obtain a similar level of reliability, availability, manageability, and high performance that you would expect from a storage area network. All file shares are online
on all nodes simultaneously.
File shares associated with this type of clustered file server are called scale-out file shares. This is sometimes referred to as active-active.
QUESTION 67
Information and details provided in a question apply only to that question.
All servers run Windows Server 2012 R2. Server1 and Server2 have the Network Load Balancing (NLB) feature installed.
The servers are configured as nodes in an NLB cluster named Cluster1.
Cluster1 hosts a secure web application named WebApp1.
WebApp1 saves user state information locally on each node.
You need to ensure that when users connect to WebApp1, their session state is maintained.

A.
B.
C.
D.
E.
F.
G.
H.
I.
J.
K.
L.
Affinity-None
Affinity-Single
The host priority
Live migration
The possible owner
The preferred owner
Quick migration
Correct Answer: B
Explanation
Explanation:
QUESTION 68
You have a file server named Server1 that runs Windows Server 2012 R2.
Data Deduplication is enabled on drive D of Server1.
You need to exclude D:\Folder1 from Data Deduplication.

A.
B.
C.
D.
Disk Management in Computer Management

File and Storage Services in Server Manager
the classification rules in File Server Resource Manager (FSRM)
the properties of D:\Folder1
Correct Answer: B
Section: (none)
Explanation
Explanation:
Data deduplication exclusion on a Volume are set from File & Storage Services, Server Manager or PowerShell
QUESTION 69
You manage an environment that has many servers.
The servers run Windows Server 2012 R2 and use iSCSI storage.
Administrators report that it is difficult to locate available iSCSI resources on the network.
You need to ensure that the administrators can locate iSCSI resources on the network by using a central repository.
Which feature should you deploy?
A.
B.
C.
D.
The iSCSI Target Server role service

The iSNS Server service feature
The Windows Standards-Based Storage Management feature
The iSCSI Target Storage Provider feature
Correct Answer: B
Explanation
Explanation:
A. iSNS facilitates automated discovery, management, and configuration of iSCSI and Fibre Channel devices (using iFCP gateways) on a TCP/IP network.
C. Windows Server 2012 R2 enables storage management that is comprehensive and fully scriptable, and administrators can manage it remotely
D. iSCSI Target Server enables you to network boot multiple computers from a single operating system image that is stored in a centralized location
QUESTION 70
The network contains a file server named Server1 that runs Windows Server 2012 R2.
You create a folder named Folder1.
You share Folder1 as Share1.
The NTFS permissions on Folder1 are shown in the Folder1 exhibit. (Click the Exhibit button.)
The Everyone group has the Full control Share permission to Folder1.
You configure a central access policy as shown in the Central Access Policy exhibit. (Click the Exhibit button.)
Members of the IT group report that they cannot modify the files in Folder1.
You need to ensure that the IT group members can modify the files in Folder1.
The solution must use central access policies to control the permissions.
A.
B.
C.
D.
E.
On the Classification tab of Folder1, set the classification to Information Technology.

On the Security tab of Folder1, add a conditional expression to the existing permission entry for the IT group.
On Share1, assign the Change Share permission to the IT group.
On the Security tab of Folder1, remove the permission entry for the IT group.
On the Security tab of Folder1, assign the Modify permission to the Authenticated Users group.
Correct Answer: AE
Section: (none)
Explanation
Explanation:
Central access policies for files enable organizations to centrally deploy and manage authorization policies that include conditional expressions that use user
groups, user claims, device claims, and resource properties. (Claims are assertions about the attributes of the object with which they are associated). For example,
to access high-business-impact (HBI) data, a user must be a full-time employee, obtain access from a managed device, and log on with a smart card. These
policies are defined and hosted in Active Directory Domain Services (AD DS).
http://technet.microsoft.com/en- us/library/hh846167.aspx
QUESTION 71
You have a server named File1 that runs Windows Server 2012 R2.
Fuel has the File Server role service installed.
You plan to back up all shared folders by using Microsoft Online Backup.
You download and install the Microsoft Online Backup Service Agent on File1.
You need to ensure that you use Windows Server Backup to back up data to Microsoft Online Backup.
What should you do?
A.
B.
C.
D.
From Computer Management, add the File1 computer account to the Backup Operators group.
From the Services console, modify the Log On settings of the Microsoft Online Backup Service Agent.
Correct Answer: B
Explanation
Explanation:
A. Enables you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt.
B. To register a server for use with Windows Azure Backup you must run the register server wizard
QUESTION 72
You are creating a custom Windows Recovery Environment (Windows RE) image.
You need to ensure that when a server starts from the custom Windows RE image, a drive is mapped automatically to a network share.
What should you modify in the image?
A.
B.
C.
D.
startnet.cmd
Xsl-mApp1ngs.xml
Win.ini
smb.types.ps1xml
Correct Answer: A
Section: (none)
Explanation
Explanation:
The best way to define what to start is using starnet.cmd
QUESTION 73
You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012 R2.
You need to ensure that users can access previous versions of files that are shared on Server1 by using the Previous Versions tab.
A. Diskpart
B. Wbadmin
C. Vssadmin
D. Storrept
Correct Answer: C
Section: (none)
Explanation
Explanation:
B. DiskPart is a text-mode command interpreter that enables you to manage objects (disks, partitions, volumes, or virtual hard disks) by using scripts or direct input
from a command prompt.
C. The storrept command is installed with File Server Resource Manager and includes subcommands for creating and managing storage reports and storage report
tasks, as well as for configuring general administrative options for File Server Resource Manager.
D. Displays current volume shadow copy backups and all installed shadow copy writers and providers. To view the command syntax for any of the commands in the
following table, click the command name.
QUESTION 74
Your company has a main office and a branch office.
The main office contains a file server named Server1.
Server1 has the BranchCache for Network Files role service installed.
The branch office contains a server named Server2.
Server2 is configured as a BranchCache hosted cache server.
You need to preload the data from the file shares on Server1 to the cache on Server2.
You generate hashes for the file shares on Server1.
Which cmdlet should you run next?
A.
B.
C.
D.
Add-BCDataCacheExtension
Set-BCCache
Publish-BCFileContent
Export-BCCachePackage
Correct Answer: C
Explanation
Explanation:
To prehash content and preload the content on hosted cache servers Log on to the file or Web server that contains the data that you wish to preload, and identify
the folders and files that you wish to load on one or more remote hosted cache servers.
Run Windows PowerShell as an Administrator. For each folder and file, run either the Publish-BCFileContent command or the Publish-BCWebContent command,
depending on the type of content server, to trigger hash generation and to add data to a data package.
After all the data has been added to the data package, export it by using the Export-BCCachePackage command to produce a data package file. Move the data
package file to the remote hosted cache servers by using your choice of file transfer technology. FTP, SMB, HTTP, DVD and portable hard disks are all viable
transports.
Import the data package file on the remote hosted cache servers by using the Import-BCCachePackage command.
QUESTION 75
Both servers have the DHCP Server server role installed.
Server1 is located in the main office site.
Server2 is located in the branch office site.
Server1 provides IPv4 addresses to the client computers in the main office site.
Server2 provides IPv4 addresses to the client computers in the branch office site.
You need to ensure that if either Server1 or Server2 are offline, the client computers can still obtain IPv4 addresses.
- The storage location of the DHCP databases must not be a single point of failure.
- Server1 must provide IPv4 addresses to the client computers in the branch office site only if Server2 is offline.
- Server2 must provide IPv4 addresses to the client computers in the main office site only if Server1 is offline.
Which configuration should you use?
A.
B.
C.
D.
load sharing mode failover partners

a failover cluster
hot standby mode failover partners
a Network Load Balancing (NLB) cluster
Correct Answer: C
Explanation
Explanation:
http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failover-hot-standby-mode.aspx
QUESTION 76
You have a server named Server 1 that runs Windows Server 2012 R2.
Server1 has five network adapters. Three of the network adapters are connected to a network named LAN1.
The two other network adapters are connected to a network named LAN2.
You create a network adapter team named Team1 from two of the adapters connected to LAN1.
You create a network adapter team named Team2 from the two adapters connected to LAN2.
A company policy states that all server IP addresses must be assigned by using a reserved address in DHCP.
You need to identify how many DHCP reservations you must create for Server1.
How many reservations should you identify?
A.
B.
C.
D.
2
3
5
7
Correct Answer: B
Explanation
Explanation:
3 adapter on LAN 1
2 adapters on LAN 2
2 adapters on LAN 1 used in a team, so that's 3 - 2 leaving 1.
2 adapaters on LAN 2 used in a team, so that's 2 - 2 leaving 0.
1 team on LAN 1 + 1 team on LAN 2 + remaining adapter on LAN 1 = 3.
QUESTION 77
The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the IP Address Management (IPAM) Server feature installed.
IPAM is configured currently for Group Policy- based provisioning.
You need to change the IPAM provisioning method on Server1.
What should you do?
A.
B.
C.
D.
Run the ipamgc.exe command.

Run the Set-IPAMConfiguration cmdlet.
Reinstall the IP Address Management (IPAM) Server feature.
Delete IPAM Group Policy objects (GPOs) from the domain.
Correct Answer: C
Explanation
Explanation:
You cannot change the provisioning method after completing the initial setup.
QUESTION 78
you are employee as a network administrator at abc.com.
ABC.com has an active directory domain named ABC.com.
All servers on the abc.com network have Windows Server 2012 R2 installed and all workstations have windows 8 enterprise installed.
ABC.com has established a remote Active directory site that only host workstations.
The Computer accounts for these workstations have been placed in an organizational unit (OU),named ABCADRemote, which has a group policy object(GPO)
associated with it.
You are in the process of configuration Branchcahce for the remote Active directory site.
You have Already turned Branchcache on.
Which of the following actions should you take next_?
A.
B.
C.
D.
You Should consider having the set Branchcache HostedServer Cache mode setting configured
You Should consider having the set Branchcache Hostedclient Cache mode settting configured
You Should consider having the set Branchcache distributed cache mode setting configured
You should consider having the set BranchCache disabled cache mode settings configured
Correct Answer: C
Explanation
QUESTION 79
You are employed as a network administrator at ABC.com.

ALL servers on the ABC.com network have Windows Server 2012 R2.
ABC.com has a server,named server 1, which runs the windows deployment services server role.
You make use of windows server backup to back up server 1.
Subsequent to a disk array on server 1 becoming corrupt,you swap the disk array with new hardware.
You now need to recover server1 in the shortest time conceivable.
Which of the following actions should you take?
A.
B.
C.
D.
you should consider making use of the Windows Server 2012 R2 installation media to start server1
you should consider restoring server1 from a snapshot backup
you should consider restoring server 1 from an incremental backup
you should consider restoring server 1 from a differential backup
Correct Answer: A
Section: (none)
Explanation
QUESTION 80
You are employed as a senior network administrator at ABC.com.
All servers on the abc.com network windows server2012 installed.
You are currently running a training exercise for junior network administrators.
You are discussing the PKISync.ps1 tool.
Which of the following is true with regards to The PKISync.ps1?
A.
B.
C.
D.
it adds a certificate template to the CA

it asssists administrators in diagnosing replication problems between windows domain controllers
it is used to display information about the digital certificates that are installed on a directAccess client, DirectAcces server,or intranet resource
it copies objects in the source forest to the target forest.
Correct Answer: D
Section: (none)
Explanation
QUESTION 81
You are employed as a network administrator ABC.com.
All servers on the ABC.com network have Windows Server 2012 R2 installed.
ABC.com has a server named server1 which is configured as a DHCP server.
You have created a superscope on server1.
Which of the following describes reason for creating a superscope?(choose all that apply.)
A.
B.
C.
D.
To support DHCP clients on a single physical network segment where multiple logical ip networks are used.
To allow for the sending of network traffic to a group of endpoints destination hosts.
To support remote DHCP clients located on the far side of DHCP and BOOTP relay agents.
To provide fault tolerance
Correct Answer: AC
Explanation
Explanation:
QUESTION 82
All servers including domain controllers on the ABC.com network have Windows Server 2012 R2 installed.
ABC.com has its headquarters in London and an office in paris.
The London Office has a domain controller named server1,which is configured as a writeable domain controller that servers as a Global catalog server and a DNS
server.
Server1 is configured to host an Active Directory-integrated zone for ABC.com
The Paris office has a Read-Only domain controller (RODC) named server2 which servers as a Global catalog server.
After installing the DNS server role on server2, you want to make sure that the ABC.com zone is replicated to server2 via active directory replication.
A.
B.
C.
D.
You should consider making use of Active Directory Sites and Services to Configured replication
You should consider making use of replmon.exe to configure replication.
You should consider making use of repadmin.exe to configure replication
You should consider making use of Active Directory Schema To configure replication
Correct Answer: A

Explanation
QUESTION 83
ABC.com has an Active Directory domain named. ABC.com all servers on the ABC.com network have Windows Server 2012 R2.
You are running a training exercise for junior network administrators.
You are currently discussing DHCP failover architecture.
You have informed the trainees that DHCP servers can be deployed as fail over partners in either hot standby mode or load sharing mode.
Which of the following is TRUE with regards to hot standby mode? (Choose all that apply)
A. It is when two servers function in a fail over relationship where an active server is responsible for leasing IP address and configuration data to all clients in a
scope or subnet
B. It when two servers in a fail over relationship server IP addresses and options to clients on a given subnet at the same time
C. It is best suited to deployments where a data center server acts as a standby backup server to a server at a remote site
D. It is best suited deployments where both servers in a fail over relationship are located at the same physical site
Correct Answer: AC
Explanation
Explanation:
QUESTION 84
You are emloyed as a network administrator at ABC.com.
Abc.com has an Active directory domain named ABC.com all servers on the ABC.com network have Windows Server 2012 R2.
The ABC.com domain has two Active Directory sites configured.
You want to make use of change notification configure replication between these Active Directory Sites.
You have opened DEFAULTIPSITELINK Properties to configure the necessary attribute.
Which of the following is the attribute that needs to be configured?
A.
B.
C.
D.
The revisiobn attribute

The Options attribute
The schedule attribute
The proxyAddresses attribute
Correct Answer: B
Section: (none)
Explanation
QUESTION 85
ABC.com has an Active Directory domain named ABC.com all servers on the ABC.com network have Windows Server 2012 R2 installed.
ABC.com has a server named SERVER1 which has been configured to run the HYPER-V server role Server1 is configures to host multiple vitrual mahines.
When ABC.com acquires a server with a better hardware configuration to SERVER1 you are instructed to relocate the vitrual machines to the new server with as
little interruptions as possible. Which of the following actions should you take ? (Choose all that apply.)
A.
B.
C.
D.
You should consider exporting the vitrual machines from Server1.

You should consider running a snapshot backup of the SERVER1.
You should consider importing the vitrual machine from Server1 to the new server.
You shoul consider restoring the snapshot backup on the hard drives of the new server.
Correct Answer: AC
Section: (none)
Explanation
QUESTION 86
You are employed as a network administrator at consoto.com.
Contoso.com has in an Active Directory domain named contoso.com.
All Servers on the contoso.com network have Windows Server 2012 R2 installed.
A contoso.com server ,named Server1,hosts the Active Directory Certificate Services Server role and utilizes a hardware security module(HSM) to safeguard its
private key.
You have beed instructed to backup the Active Directory Certificate Services (ADCS) database,log files,and private key regularly.
You should not use a utility supplied by the hardware security module (HSM) creator.
A. You should consider scheduling an incremental backup
B. You Should consider making use of the certutil.exe command.
C. You should consider schedulling a differential backup
D. You should consider schedulling a copy backup

Correct Answer: B
Section: (none)
Explanation
Explanation:
A. ADCS needs to be backup up using certutil
B. -Backup, -backupdb, -backupKey: You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate
Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
C. ADCS needs to be backup up using certutil
D. ADCS needs to be backup up using certutil
http://technet.microsoft.com/library/cc732443.aspx
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backup
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupDB
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupKey
http://blogs.technet.com/b/pki/archive/2010/04/20/disaster-recovery-procedures-for-theactive-directorycertificate-services-adcs.aspx
QUESTION 87
You are employed as a senior network administrator at contoso.com.
contoso.com has an active directory domain named contoso.com.

All servers on the contoso.com network have Windows Server 2012 R2 installed.
You are currently running at training exercise for junior network administrators.
You are discussing the DNSSEC NRPT rule properly.
Which of the following describes the purpose of this rule property?
A.
B.
C.
D.
It is used to indicate the namespace to which the policy applies.

It is used to indicate whether the DNS client should check for DNSSEC validation in the response.
It is used to indicate DNSSEC must be used to protect DNS traffic for queries belonging to the namespace.
It is used to whether DNS connections over DNSSEC will use encryption
Correct Answer: B
Explanation
Explanation:
A. NRPT is a table that contains rules you can configure to specify DNS settings or special behavior for names or namespaces
B. The DNS client's behavior is controlled by a policy(GPO) that determines whether the client should check for validation results for names within a given
namespace.
D. DNS does not provide any mechanism for the encryption of DNS queries and responses.
QUESTION 88
You are employed as a network administrator at contoso.com.
Contoso.com has an active directory domain named contoso.com.
Contoso.com has a server named server1,which is configured as a file server.
You have been instructed to enabled a feature that discovers and eradicates duplication within data without compromising its reliability or accuracy.
A.
B.
C.
D.
You should consider having the Data Deduplication feature enabled.

You should consider having the Storage Spaces feature enabled.
You should consider having the Storage Management feature enabled.
You should consider having the folder redirection feature enabled.
Correct Answer: A
Explanation
Explanation:
A. Data deduplication involves finding and removing duplication within data without compromising its fidelity or integrity
B. Storage Spaces in Windows Server 2012 R2 and Windows 8 enables cost-effective, optimally used, highly available, scalable, and flexible storage solutions for
business-critical (virtual or physical) deployments.
C. Windows Server 2012 R2 enables storage management that is comprehensive and fully scriptable, and administrators can manage it remotely.
D. older Redirection lets administrators redirect the path of a folder to a new location.
http://blogs.technet.com/b/filecab/archive/2012/05/21/introduction-to-data-deduplication-inwindows-server-2012.aspx
QUESTION 89
contoso.com has a single Active Directory domain named contoso.com.
All servers on the Contoso.com network have Windows Server 2012 R2 installed.
Contoso.com has two servers,named server1 and server2 which are configured in a two-node fail over cluster.
You are currently configuration the quorum settings for the cluster.
You want to make use of a quorum mode that allows each node to vote if it is available and in communication.
Which of the following is the mode you should use?
A.
B.
C.
D.
Node Majority
Node and Disk Majority
Node and File Share Majority
No Majority:Disk Only
Correct Answer: A
Explanation
Explanation:
A. Allows each node to vote
B. Allows each node and a disk witness to vote
C. Allows each node and a File share witness to vote
D. Allows one node with a specified disk to have quorum
QUESTION 90
Contoso.com has a single Active Directory domain named contoso.com.

You are preparing to install a third-party application on a contoso.com server, named SERVER1.
You find that the application is unable to install completely due to its driver not being digitally signed.
You want to make sure that the application can be installed succesfully.
Which of the following actions should you take_?
A.
B.
C.
D.
You should consider downloading a signed driver

You should consider having SERVER1 is restored to an earlier date
You should consider making use of the Disable Driver Signature Enforcement option from the Advanced Boot Option.
You should consider restarting SERVER1 in safe Mode
Correct Answer: C
Explanation
Explanation:
A. The 3rd Party installation would need to be repackaged with a signed driver.
B. The restore to an older date would only work if the earlier date had Driver Sig Enforcement disabled.
C. Disable Driver Signature Enforcement from Advanced Boot Options allows the OS to load without the signed driver requirements
D. Safe Mode will not allow the unsigned driver to be installed, you need to select Disable Driver Signature Enforcement to not required signed drivers
http://windows.microsoft.com/en-us/windows-vista/advanced-startup-options-includingsafe-mode
QUESTION 91
You are employed as a senior network administrator at contoso.com.
Contoso.com has a single Active Directory Domain named contoso.com.
You are running a training exercise for junior network administrator.
You are currently discussing the Dnslint.exe tool.
Which of the following should this tool be used for ? (Choose all that apply)
A.
B.
C.
D.
E.
F.
To help diagnose common DNS name resolution issues

For developing scripts for configuring a DNS server
To administer the DNS server Service.
To look for specific DNS record set and sure that they are consistent across multiple DNS servers.
To verify that DNS records used specifially for Active Directory replication are correct
To Create and delete zones and resource records.
Correct Answer: ADE

Explanation
Explanation:
QUESTION 92
You work as an administrator at contoso.com. Contoso.com network consists of a single domain named contoso.com.
Contoso.com has a server,named SERVER1,which has the AD DS, DHCP and DNS server roles installed.
Contoso.com also has a server named SERVER2,which has the DHCP and Remote Access Server Role installed.
You have configured a server,which has the File and Storage Services Server role installed.to automatically acquire an IP address.
The server is named Server3.
You then create a filter on SERVER1.
Which of the following is a reason for this configuration?
A.
B.
C.
D.
To make sure that SERVER1 issues Server3 an IP address.

To make sure that SERVER1 does not issue SERVER3 an IP address
To make sure that SERVER3 acquires a constant IP address from SERVER2 only.
To make sure that SERVER3 is configured with a static IP address
Correct Answer: B
Explanation
Explanation:
A. MAC Address Filtering allows the ability to Deny a MAC addresses to be issued a IP from the DHCP server
B. Deny Filter would not allow SERVER1 to issue SERVER3 an IP
C. A DHCP Reservation on SERVER2 would be needed for a constant IP
D. QUESTION: states it is configure to automatically acquire IP
QUESTION 93
You are employed as a network administrator at ABC.com. ABC.com has an Active Directory domain named ABC.com.
You have been instructed to configure a custom Windows Recovery Environmen(Windows RE) image that should allow for a drive is mapped automatically to a
network share in the event that a server is started using the image.
A.
B.
C.
D.
You should consider configuring the startnet.cmd in the image

You should consider configuring the startup.exe command included in the image.
You should consider configuring the ntdsutil command included in the image
You should consider configuring the certutil.exe command included in the image
Correct Answer: A
Section: (none)
Explanation
QUESTION 94
ABC.com has an Active Directory domain named ABC.com.
You are currently running a training exercise for junior network administrators.
You are discussing the endpoint types supported by Active Directory Federation Services(AD FS).
Which of the following are supported types?(Choose all that apply)
A.
B.
C.
D.
E.
SAML WebSSO
Anonymous
WS-Federation Passive
Client Certicate
WS-Trust
Correct Answer: ACE

Section: (none)
Explanation
Explanation:
http://technet.microsoft.com/en-us/library/adfs2-help-endpoints(v=ws.10).aspx
QUESTION 95
The ABC.com domain has an Active Directory site configured in London,and an Active Directory site in New york.
You have been instructed to make sure that the synchronization of account lockout data happens quicker.
A. You should consider editing the options attribute from WANLINK properties
B. You should consider editing the options attribute from LANLIK properties
C. You should consider editing the options attribute from the DEFAULTSITELINK properties
D. You should consider editing the proxyAddressess attribute from the DEFAULTIPSITELINK properties.
Correct Answer: C
Explanation
Explanation:
QUESTION 96
ABC.com has two servers,named SERVER1 and SERVER2 which are configured in a two-node failover cluster.
Server1 includes a folder,named ABCAppData,which is configured as a Distributed File System (DFS) name space folder target.
After configuring another two nodes in the failover cluster, you are instructed to make sure that access to ABC AppData is highly available.
You also have to make sure that application data is replicated to ABCAppData via DFS replication.
Which following actions should you take ?
A.
B.
C.
D.
You should consider configuring a scale-out File Server

You should consider configuring the replication settings for the cluster
You should consider configuring a file server for general use
You should consider configuring the Quorum settings
Correct Answer: A
Explanation
Explanation:
QUESTION 97
The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
You need to create an IPv6 scope on Server1.
The scope must use an address space that is reserved for private networks.
The addresses must be routable.
Which IPV6 scope prefix should you use?
A.
B.
C.
D.
FF00::
2001::
FD00:123:4567::
FE80::
Correct Answer: C
Explanation
Explanation:
Prefixes in the fd00::/8 range have similar properties as those of the IPv4 private address ranges:
* They are not allocated by an address registry and may be used in networks by anyone without outside involvement.
* They are not guaranteed to be globally unique.
* Reverse Domain Name System (DNS) entries (under ip6.arpa) for fd00::/8 ULAs cannot be delegated in the global DNS.
As fd00::/8 ULAs are not meant to be routed outside their administrative domain (site or organization), administrators of interconnecting networks normally do not
need to worry about the uniqueness of ULA prefixes.
QUESTION 98
The forest contains a single domain. The domain contains three domain controllers.
You discover that when you run Group Policy Results from Group Policy Management, the settings from site-linked Group Policy objects (GPOs) fail to appear in
the results.
You need to ensure that the settings from site-linked GPOs appear in the results.
A.
B.
C.
D.
Run adprep on DC3 by using Windows Server 2012 R2 installation media.

Transfer the infrastructure master role to DC3.
Upgrade DC2 to Windows Server 2012 R2.
Run adprep on DC1 by using Windows Server 2003 installation media.
Correct Answer: A
Explanation
Explanation:
In this scenario a Windows 2012 server has been added to a Windows 2003 network.
Note:
* Before adding your new Windows 2012 Domain Controller, or attempting to perform an inplace upgrade of an existing Windows 2008 or 2008 R2 DC, you must
make sure that the Schema is upgraded to support your new Windows 2012 DC, and that you prepare each domain where you plan to install Windows 2012 DCs.
To do this we can use the ADPREP.exe tool found in the support\adprep folder on your installation media.
* Starting with Windows 2012 there is only one version of ADPREP available, and that is a 64-bit version.
* Adprep is the utility--included in the OS installation media--that performs several crucial functions to upgrade AD to support that OS. The utility has three major
options: /forestprep, /domainprep, and /rodcprep. The /forestprep option runs first, extending the AD schema with new object and attribute classes that the new AD
version needs.
The /domainprep option creates new well-known objects in AD, App1ies security changes, and miscellaneous other bits. Finally, /rodcprep makes forest-wide
security changes to allow read-only domain controller (RODC) functionality. The Windows Server 2012 R2 version of adprep.exe can run on any server that runs a
64- bit version of Windows Server 2008 or later. Reference: How to add a Windows Server 2012 R2 domain controller to an existing Windows 2008 domain
http://www.ipuptime.net/Multicast.aspx
http://technet.microsoft.com/en-us/library/gg144561(v=exchg.141).aspx
http://en.wikipedia.org/wiki/Unique_local_address
QUESTION 99
The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed.
Server1 is configured to use a DNS server from an Internet Service Provider (ISP) as a forwarder.
Corporate management requires that client computers only resolve names of contoso.com computers.
You need to configure Server1 to resolve names in the contoso.com zone only.
What should you do on Server1?
A.
B.
C.
D.
From DNS Manager, modify the root hints of Server1.

From Windows PowerShell, run the Remove-DnsServerForwarder cmdlet.
From Windows PowerShell, run the Set-NetDnsTransitionConfiguration cmdlet.
From DNS Manager, modify the Advanced properties of Server1.
Correct Answer: A
Explanation
Explanation:
If the DNS server does not know the address of the requested site, then it will forward the request to another DNS server. In order to do so, the DNS server must
know of the IP address of another DNS server that it can forward the request to. This is the job of root hints. Root hints provides a list of IP addresses of DNS
servers that are considered to be authoritative at the root level of the DNS hierarchy(also known as root name server).
QUESTION 100
Each day, Server1 is backed up fully to an external disk. On Server1, the disk that contains the operating system fails.
You replace the failed disk.
You need to perform a bare-metal recovery of Server1 by using the Windows Recovery Environment (Windows RE).
What should you use?
A.
B.
C.
D.
The Wbadmin.exe command

The Repair-bde.exe command
The Get-WBBareMetalRecovery cmdlet
The Start-WBVolumeRecovery cmdlet
Correct Answer: A
Explanation
Explanation:
B. Accesses encrypted data on a severely damaged hard disk if the drive was encrypted by using BitLocker.
Repair-bde can reconstruct critical parts of the drive and salvage recoverable data as long as a valid recovery password or recovery key is used to decrypt the
data.
C. Gets the value that indicates whether the ability to perform bare metal recoveries from backups has been added to the backup policy (WBPolicy object).
D. Starts a volume recovery operation.
QUESTION 101
You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012 R2.
Server1 has a volume named D that contains user data. Server1 has a volume named E that is empty.
Server1 is configured to create a shadow copy of volume D every hour.
You need to configure the shadow copies of volume D to be stored on volume E.
What should you run?
A.
B.
C.
D.
The Set-Volume cmdlet with the -driveletter parameter

The Set-Volume cmdlet with the -path parameter
The vssadmin.exe add shadowstorage command
The vssadmin.exe create shadow command
Correct Answer: C
Explanation
Explanation:
A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a letter used to identify a drive or volume in the system.
B. Sets or changes the file system label of an existing volume -Path Contains valid path information.
C. Displays current volume shadow copy backups and all installed shadow copy writers and providers. AddShadowStroage Adds a shadow copy storage
association for a specified volume.
D. Displays current volume shadow copy backups and all installed shadow copy writers and providers. Shadow Creates a new shadow copy of a specified volume.
QUESTION 102
You need to deploy IP Address Management (IPAM) to manage DNS and DHCP.
On which server should you install IPAM?

A.
B.
C.
D.
DC1
DC2
DC3
Server1
Correct Answer: D
Explanation
Explanation:
IPAM cannot be installed on Domain Controllers. All other servers have the DC role
QUESTION 103
You have a server named Server1 that runs Windows Server 2012 R2. Server1 is backed up by using Windows Server Backup.
The backup configuration is shown in the exhibit.
You discover that only the last copy of the backup is maintained.
You need to ensure that multiple backup copies are maintained.
What should you do?
A.
B.
C.
D.
Modify the backup destination.

Configure the Optimize Backup Performance settings.
Modify the Volume Shadow Copy Service (VSS) settings.
Modify the backup times.
Correct Answer: A
Explanation
Explanation:
The destination in the exhibit shows a network share is used. If a network share is being used only the latest copy will be saved
http://windows.microsoft.com/en-us/windows7/where-should-i-save-my-backup
QUESTION 104
Server1 is located in the perimeter network and has the DNS Server server role installed. Server1 has a zone named contoso.com.
You apply a security template to Server1. After you apply the template, users report that they can no longer resolve names from contoso.com.
On Server1, you open DNS Manager as shown in the DNS exhibit. (Click the Exhibit button.)
On Server1, you open Windows Firewall with Advanced Security as shown in the Firewall exhibit. (Click the Exhibit button.)
You need to ensure that users can resolve contoso.com names. What should you do?
A.
B.
C.
D.
E.
From Windows Firewall with Advanced Security, disable the DNS (TCP, Incoming) rule and the DNS (UDP, Incoming) rule.
From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.
From DNS Manager, unsign the contoso.com zone.
From DNS Manager, modify the Start of Authority (SOA) of the contoso.com zone.
From Windows Firewall with Advanced Security, modify the profiles of the DNS (TCP, Incoming) rule and the DNS (UDP, Incoming) rule.
Correct Answer: E
Explanation
Explanation:
To configure Windows Firewall on a managed DNS server On the Server Manager menu, click Tools and then click Windows Firewall with Advanced Security.
Right-click Inbound Rules, and then click New Rule. The New Inbound Rule Wizard will launch.
In Rule Type, select Predefined, choose DNS Service from the list, and then click Next.
In Predefined Rules, under Rules, select the checkboxes next to the following rules:
Click Next, choose Allow the connection, and then click Finish. Right-click Inbound Rules, and then click New Rule. The New Inbound Rule Wizard will launch.
etc.
QUESTION 105
Your network contains an Active Directory domain named corp.contoso.com.
You deploy Active Directory Rights Management Services (AD RMS).
You have a rights policy template named Template1. Revocation is disabled for the template.
A user named User1 can open content that is protected by Template1 while the user is connected to the corporate network.
When User1 is disconnected from the corporate network, the user cannot open the protected content even if the user previously opened the content.
You need to ensure that the content protected by Template1 can be opened by users who are disconnected from the corporate network.
What should you modify?
A.
B.
C.
D.
The User Rights settings of Template1

The templates file location of the AD RMS cluster
The Extended Policy settings of Template1
The exclusion policies of the AD RMS cluster
Correct Answer: C
Section: (none)
Explanation
Explanation:
You can add trust policies so that AD RMS can process licensing requests for content that was rights protected
QUESTION 106
Your company recently deployed a new Active Directory forest named contoso.com.
The forest contains two Active Directory sites named Site1 and Site2.
The first domain controller in the forest runs Windows Server 2012 R2.
You need to force the replication of the SYSVOL folder from Site1 to Site2.
A.
B.
C.
D.

DFS Management
Repadmin
Dfsrdiag
Correct Answer: D
Explanation
Explanation:
In Windows Server 2012 R2, Windows Server 2008 R2, or Windows Server 2008, you can force replication immediately by using DFS Management, as described
in Edit Replication Schedules.
You can also force replication by using the Dfsrdiag SyncNow command.
You can force polling by using the Dfsrdiag PollAD command.
http://technet.microsoft.com/en-us/library/cc773238(v=ws.10).aspx#BKMK_072
QUESTION 107
You have 30 servers that run Windows Server 2012 R2.
All of the servers are backed up daily by using Windows Azure Online Backup.
You need to perform an immediate backup of all the servers to Windows Azure Online Backup.
Which Windows PowerShell cmdlets should you run on each server?
A.
B.
C.
D.
Get-OBPolicy | StartOBBackup
Start-OBRegistration | StartOBBackup
Get-WBPolicy | Start-WBBackup
Get-WBBackupTarget | Start-WBBackup
Correct Answer: A
Explanation
Explanation:
A. starts a backup job using a policy
B. Registers the current computer to Windows Azure Backup.
C. Not using Azure
D. Not using Azure
QUESTION 108
The Branch site contains a member server named Server1 that runs Windows Server 2012 R2.
You need to identify which domain controller authenticated the computer account of Server1.
What should you do?
A.
B.
C.
D.
Verify the value of the %LOGONSERVER% environment variable.

Run nltest /sc_query.
Verify the value of the %SESSIONNAME% environment variable.
Run nltest /dsgetsite.
Correct Answer: A
Section: (none)
Explanation
Explanation:
A. %LOGONSERVER% is the domain controller that authenticated the current user.
B. Reports on the state of the secure channel the last time that you used it. (The secure channel is the one that the NetLogon service established.)
This parameter lists the name of the domain controller that you queried on the secure channel, also.
D. Returns the name of the site in which the domain controller resides.
QUESTION 109
Server1 is a file server that has the Hyper-V server role installed. Server1 hosts several virtual machines.
The virtual machine configuration files are stored on drive D and the VHD files are stored on drive E.
You plan to replace drive E with a larger volume. You need to ensure that the virtual machines on Server1 remain available while drive E is being replaced.
What should you do?
A.
B.
C.
D.

Add Server1 and Server2 as nodes in a failover cluster.
Correct Answer: D
Explanation
Explanation:
Hyper-V in Windows Server 2012 R2 introduces support for moving virtual machine storage without downtime by making it possible to move the storage while the
virtual machine remains running.
QUESTION 110
The domain contains a file server named File1 that runs a Server Core Installation of Windows Server 2012 R2.
File1 has a volume named D that contains home folders. File1 creates a shadow copy of volume D twice a day.
You discover that volume D is almost full.
You add a new volume named H to File1.
You need to ensure that the shadow copies of volume D are stored on volume H.
Which command should you run?
A.
B.
C.
D.
The Set-Volume cmdlet with the -driveletter parameter

The vssadmin.exe create shadow command
The Set-Volume cmdlet with the -path parameter
The vssadmin.exe add shadowstorage command
Correct Answer: D
Explanation
Explanation:
A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a letter used to identify a drive or volume in the system.
B. Displays current volume shadow copy backups and all installed shadow copy writers and providers. Shadow Creates a new shadow copy of a specified volume.
C. Sets or changes the file system label of an existing volume -Path Contains valid path information.
D. Displays current volume shadow copy backups and all installed shadow copy writers and providers.
AddShadowStroage Adds a shadow copy storage association for a specified volume.
QUESTION 111
Your network contains a perimeter network and an internal network.
The internal network contains an Active Directory Federation Services (AD FS) 2.1 infrastructure.
The infrastructure uses Active Directory as the attribute store.
You plan to deploy a federation server proxy to a server named Server2 in the perimeter network.
You need to identify which value must be included in the certificate that is deployed to Server2.
What should you identify?
A.
B.
C.
D.
The FQDN of the AD FS server

The name of the Federation Service
The name of the Active Directory domain
The public IP address of Server2
Correct Answer: B
Section: (none)
Explanation
Explanation:
Checklist: Setting Up a Federation Server Proxy
(https://technet.microsoft.com/en-us/library/dd807100.aspx)
Certificate Requirements for Federation Server Proxies
It is important to verify that the subject name in the server authentication certificate matches the Federation Service name value that is specified in the AD FS
Management snap-in. To locate this value, open the snap-in, right-click Service, click Edit Federation Service Properties, and then find the value in Federation
Service name text box.
https://technet.microsoft.com/en-us/library/dd807054.aspx
QUESTION 112
Server1 has the File Server Resource Manager role service installed.
You are creating a file management task as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that the Include all folders that store the following kinds of data list displays an entry named Corporate Data.
What should you do?

A.
B.
C.
D.
Modify the properties of the System Files file group.

Create a new classification property.
Create a new file group.
Modify the Folder Usage classification property.
Correct Answer: B
Explanation
Explanation:
B. Classification properties are used to assign values to files.
http://technet.microsoft.com/en-us/library/dd758765(v=WS.10).aspx
QUESTION 113
The forest contains an Active Directory Rights Management Services (AD RMS) cluster.
A partner company has an Active Directory forest named litwareinc.com.
The partner company does not have AD RMS deployed.
You need to ensure that users in litwareinc.com can consume rights-protected content from adatum.com.
Which type of trust policy should you create?
A.
B.
C.
D.
At federated trust
A trusted user domain
A trusted publishing domain
Windows Live ID
Correct Answer: A
Section: (none)
Explanation
Explanation:
In AD RMS rights can be assigned to users who have a federated trust with Active Directory Federation Services (AD FS). This enables an organization to share
access to rights-protected content with another organization without having to establish a separate Active Directory trust or Active Directory Rights Management
Services (AD RMS) infrastructure.
http://technet.microsoft.com/en-us/library/cc738707(v=WS.10).aspx
QUESTION 114
The Branch site contains a perimeter network.

For security reasons, client computers in the perimeter network can communicate with client computers in the Branch site only.
You plan to deploy a new RODC to the perimeter network in the Branch site.
You need to ensure that the new RODC will be able to replicate from DC10.
What should you do first on DC10?
A.
B.
C.
D.
Run the Add-ADDSReadOnlyDomainControllerAccount cmdlet.

Create an Active Directory site.
Create an Active Directory subnet.
Correct Answer: A
Explanation
Explanation:
Add-ADDSReadOnlyDomainControllerAccount Creates a read-only domain controller (RODC) account that can be used to install an RODC in Active Directory.
Note:
* Notes
Once you have added the RODC account, you can add an RODC to a server computer by using the Install-ADDSDomainController cmdlet with the ReadOnlyReplica switch parameter.
* Example
Adds a new read-only domain controller (RODC) account to the corp.contoso.com domain using the North America site as the source site for the replication source
domain controller.
C:\PS>Add-ADDSReadOnlyDomainControllerAccount -DomainControllerAccountName RODC1 - DomainName corp.contoso.com -SiteName NorthAmerica
Incorrect:
Not B: There already is a branch site.
Reference: Add-ADDSReadOnlyDomainControllerAccount
QUESTION 115
The forest contains a single domain. The forest functional level is Windows Server 2012 R2.
You have a domain controller named DC1. On DC1, you create a new Group Policy object (GPO) named GPO1.
You need to verify that GPO1 was replicated to all of the domain controllers.
A.
B.
C.
D.
Group Policy Management

DFS Management
Active Directory Administrative Center
Correct Answer: A
Explanation
Explanation:
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/3e580e00-d6194d25-b22d-18f0170279c4
QUESTION 116
DC1 has the DNS Server server role installed.
The network contains client computers that run either Linux, Windows 7, or Windows 8.
You have a zone named adatum.com as shown in the exhibit. (Click the Exhibit button.)
You plan to configure Name Protection on all of the DHCP servers.

You need to configure the adatum.com zone to support Name Protection.
What should you do?
A. Sign the zone.
B.
C.
D.
E.
Store the zone in Active Directory.

Modify the Security settings of the zone.
Configure Dynamic updates.
Add a DNS key record
Correct Answer: BD
Explanation
Explanation:
Name protection requires secure update to work.
Without name protection DNS names may be hijacked.
You can use the following procedures to allow only secure dynamic updates for a zone. Secure dynamic update is supported only for Active Directory-integrated
zones. If the zone type is configured differently, you must change the zone type and directory-integrate the zone before securing it for Domain Name System (DNS)
dynamic updates.
1. (B) Convert primary DNS server to Active Directory integrated primary
2. (D) Enable secure dynamic updates
QUESTION 117
Your network contains two DNS servers named DNS1 and DNS2 that run Windows Server 2012 R2.
DNS1 has a primary zone named contoso.com. DNS2 has a secondary copy of the contoso.com zone.
You need to log the zone transfer packets sent between DNS1 and DNS2.
A.
B.
C.
D.
Monitoring from DNS Manager

Logging from Windows Firewall with Advanced Security
A Data Collector Set (DCS) from Performance Monitor
Debug logging from DNS Manager
Correct Answer: D
Section: (none)
Explanation
Explanation:
Debug logging allows you to log the packets sent and received by a DNS server. Debug logging is disabled by default, and because it is resource intensive, you
should only activate it temporarily when you need more specific detailed information about server performance.
QUESTION 118
The forest contains one domain named contoso.com.
The domain contains three domain controllers.
DC1 has all of the operations master roles installed.

You transfer all of the operations master roles to DC2, and then you uninstall Active Directory from DC1.
You need to ensure that you can use Password Settings objects (PSOs) in the domain.
What should you do?
A.
B.
C.
D.
Change the domain functional level.

Upgrade DC2.
Run the dcgpofix.exe command.
Transfer the schema master role.
Correct Answer: A
Explanation
Explanation:
A. The domain functional level must be Windows Server 2008 to use PSO's
B. DC1 needs to be upgraded
C. Recreates the default Group Policy Objects (GPOs) for a domain
D. Schema isn't up to right level
http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx
QUESTION 119
The domain contains a server named Server3 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. DHCP is configured as shown in
the exhibit.
Scope1, Scope2, and Scope3 are configured to assign the IP addresses of two DNS servers to DHCP clients.
The remaining scopes are NOT configured to assign IP addresses of DNS servers to DHCP clients.
You need to ensure that only Scope1, Scope3, and Scope5 assign the same DNS servers to DHCP clients.
The solution must minimize administrative effort.
What should you do?
A.
B.
C.
D.
Create a superscope and scope-level policies.

Configure the Scope Options.
Create a superscope and a filter.
Configure the Server Options.
Correct Answer: B
Explanation
Explanation:
Any DHCP scope options configured for assignment to DHCP clients
QUESTION 120
You have a server named Server1 that runs Windows Server 2012 R2. Server1 fails.
You identify that the master boot record (MBR) is corrupt.
You need to repair the MBR.
A.
B.
C.
D.
Bcdedit
Bcdboot
Bootrec
Fixmbr
Correct Answer: C
Explanation
Explanation:
A. BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including creating new stores, modifying existing stores,
adding boot menu options, and so on. BCDEdit serves essentially the same purpose as Bootcfg.exe on earlier versions of Windows
B. The BCDboot tool is a command-line tool that enables you to manage system partition files.
C. Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks for installations that are compatible with Windows Vista or
Windows 7. Additionally, this option displays the entries that are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7
installations that the Boot Manager menu does not list.
D. Repairs the master boot record of the boot disk. The fixmbr command is only available when you are using the Recovery Console.
Fixmbr option in Server 2008 and 2012 is a bootrec option
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/enus/bootcons_fix mbr.mspx?mfr=true
http://www.youtube.com/watch?v=kFU8kngy6O0
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/bbf4f440-50ce4ea2-a3eaa96dc2500352
QUESTION 121
You configure a user named User1 as a delegated administrator of DC10.

You need to ensure that User1 can log on to DC10 if the network link between the Main site and the Branch site fails.
What should you do?
A.
B.
C.
D.
Add User1 to the Domain Admins group.

On DC10, run ntdsutil and configure the settings in the Roles context.
Run repadmin and specify the /prp parameter.
On DC1, modify the User Rights Assignment in Default Domain Controllers Group Policy object (GPO).
Correct Answer: C
Section: (none)
Explanation
Explanation:
repadmin /prp will allow the password caching of the local administrator to the RODC.
This command lists and modifies the Password Replication Policy (PRP) for read-only domain controllers (RODCs).
https://technet.microsoft.com/en-us/library/cc755310%28v=ws.10%29.aspx
QUESTION 122
You perform a full installation of Windows Server 2012 R2 on a virtual machine named Server1.
You plan to use Server1 as a reference image.
You need to minimize the amount of storage space used by the Windows Server 2012 R2 installation.
Which cmdlet should you use?
A.
B.
C.
D.
Remove-Module
Optimize-VHD
Optimize-Volume
Uninstall-WindowsFeature
Correct Answer: B
Explanation
Explanation:
The Optimize-VHD cmdlet optimizes the allocation of space in or more virtual hard disk files, except for fixed virtual hard disks. The Compact operation is used to
optimize the files.
This operation reclaims unused blocks as well as rearranges the blocks to be more efficiently packed, which reduces the size of a virtual hard disk file.
Reference: Optimize-VHD
QUESTION 123
Server1 has a scope named Scope1. A policy named Policy1 is configured for Scope1.
Policy1 is configured to provide Hyper-V virtual machines a one-day lease.
All other computers receive an eight-day lease.
You implement an additional DHCP server named Server2 that runs Windows Server 2012 R2.
On Server1, you configure Scopel for DHCP failover.
You discover that virtual machines that receive IP addresses from Server2 have a lease duration of eight days.
You need to ensure that when Server2 assigns IP addresses to the Hyper-V virtual machines, the lease duration is one day.
The solution must ensure that other computers that receive IP addresses from Server2 have a lease duration of eight days.
What should you do?
A.
B.
C.
D.
On Server2, right-click Scope1, and then click Reconcile.

On Server1, right-click Scope1, and then click Replicate Scope.
On Server2, create a new DHCP policy.
On Server1, delete Policy1, and then recreate the policy.
Correct Answer: B
Explanation
Explanation:
Scope 1 has been set up for DHCP failover. Now we need to replicate it from Server1 to Server2.
QUESTION 124
You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure.
The infrastructure uses Active Directory as the attribute store.
Some users report that they fail to authenticate to the AD FS infrastructure.
You discover that only users who run third-party web browsers experience issues.
You need to ensure that all of the users can authenticate to the AD FS infrastructure successfully.
Which Windows PowerShell command should you run?
A.
B.
C.
D.
Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00

Set-ADFSProperties -AddProxyAuthenticationRules None
Set-ADFSProperties -SSOLifetime 1:00:00
Set-ADFSProperties -ExtendedProtectionTokenCheck None
Correct Answer: D
Section: (none)
Explanation
Explanation:
http://technet.microsoft.com/en-us/library/hh237448(v=ws.10)
QUESTION 125
All servers run Windows Server 2012 R2. The domain contains a file server named Server1.
The domain contains a domain controller named DC1.
Server1 contains three shared folders.
The folders are configured as shown in the following table.
Folder2 has a conditional expression of User.Department= = MMarketing".

You discover that a user named User1 cannot access \\Server1\folder2. User1 can access \\Server1\folderl and \\Server1\folder3.
You verify the group membership of User1 as shown in the Member Of exhibit. (Click the Exhibit button.)
You verify the organization information of User1 as shown in the Organization exhibit. (Click the Exhibit button.)
You verify the general properties of User1 as shown in the General exhibit. (Click the Exhibit button.)
You need to ensure that User1 can access the contents of \\Server1\folder2.
What should you do?
A.
B.
C.
D.
From a Group Policy object (GPO), set the Support for Dynamic Access Control and Kerberos armoring setting to Always provide claims.
Change the department attribute of User1.
Grant the Full Control NTFS permissions on Folder2 to User1.
Remove Userl1from the Accounting global group.
Correct Answer: B
Explanation
Explanation:
Conditional Expression and users Department must match
QUESTION 126
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain
controllers. The domain controllers are configured as shown in the following table.

For security reasons, client computers in the perimeter network can communicate with client computers in the Branch site only. You plan to deploy a new RODC to
the perimeter network in the Branch site. You need to ensure that the new RODC will be able to replicate from DC10. What should you do first on DC10?
A.
B.
C.
D.
Enable the Bridge all site links setting.

Create an Active Directory site link bridge.
Create an Active Directory site.
Correct Answer: C
Explanation
Explanation:
A. Site link transitivity is controlled by the Bridge all site links option on the properties pages of transport folders (such as IP or SMTP) in the Active Directory Sites
and Services snapin. Site link transitivity is enabled by default.
B.
C.
If you cannot place a writable Windows Server 2008 domain controller in the nearest site to the RODC, RODC replication depends on a site link bridge between the
site links that contain the site of the RODC and the site of the writable Windows Server 2008 domain controller.
D.
AD Site not readed for RODC
QUESTION 127
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows
Server 2012 R2. Server1 has Microsoft SQL Server 2012 installed.
You install the Active Directory Federation Services server role on Server2. You need to configure Server2 as the first Active Directory Federation Services (AD FS)
server in the domain. The solution must ensure that the AD FS database is stored in a SQL Server database on Server1.
A.
B.
C.
D.
From a command prompt, run fsutil.exe.

From Windows PowerShell, run Install-ADFSFarm.
From Server Manager, install the Federation Service Proxy.
From Server Manager, install the AD FS Web Agents.
Correct Answer: B
Explanation
Explanation:
A. Performs tasks that are related to file allocation table (FAT) and NTFS file systems, such as managing reparse points, managing sparse files, or dismounting a
volume.
B. Creates the first node of a new federation server farm
C. Not installing Proxy
D. Not Installing web agents
Parameter: -SQLConnectionString<String> Specifies the SQL Server database that will store the AD FS configuration settings. If not specified, the AD FS installer
uses the Windows Internal Database to store configuration settings.
QUESTION 128
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains three domain controllers. The
domain controllers are configured as shown in the following table.
You plan to test an application on a server named Server1. Server1 is currently located in Site1. After the test, Server1 will be moved to Site2. You need to ensure
that Server1 attempts to authenticate to DC3 first, while you test the application. What should you do?
A.
B.
C.
D.
Create a new site and associate the site to an existing site link object.
Modify the priority of site-specific service location (SRV) DNS records for Site2.
Create a new subnet object and associate the subnet object to an existing site.
Modify the weight of site-specific service location (SRV) DNS records Site1.
Correct Answer: B
Explanation
Explanation:
Service Location (SRV) Resource Record
Priority A number between 0 and 65535 that indicates the priority or level of preference given for this record to the host that is specified in Host offering this service.
Priority indicates this host's priority with respect to the other hosts in this domain that offer the same service and are specified by different service location (SRV)
resource records.
Incorrect:
Not D:
Weight: A number between 1 and 65535 to be used as a load-balancing mechanism. When you select among more than one target SRV host for the type of service
(specified in Service) that use the same Priority number, you can use this field to weight preference toward specific hosts. Where several hosts share equal priority,
SRV-specified hosts with higher weight values that are entered here should be returned first to resolver clients in SRV query results.
Reference: Service Location (SRV) Resource Record Dialog Box
QUESTION 129
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1.
The File Server Resource Manager role service is installed on Server1. All servers run Windows Server 2012 R2. A Group Policy object (GPO) named GPO1 is
linked to the organizational unit (OU) that contains Server1. The following graphic shows the configured settings in GPO1. Server1 contains a folder named Folder1.
Folder1 is shared as Share1.
You attempt to configure access-denied assistance on Server1, but the Enable access-denied assistance option cannot be selected from File Server Resource
Manager.
You need to ensure that you can configure access-denied assistance on Server1 manually by using File Server Resource Manager.
Which two actions should you perform?
A.
B.
C.
D.
Set the Enable access-denied assistance on client for all file types policy setting to Disabled for GPO1.
Set the Customize message for Access Denied errors policy setting to Not Configured for GPO1.
Set the Enable access-denied assistance on client for all file types policy setting to Enabled for GPO1.
Set the Customize message for Access Denied errors policy setting to Enabled for GPO1.
Correct Answer: BC
Explanation
Explanation:
B: Having the Customize messages for Access Denied errors set to Disabled as the exhibit shows is what is causing the option to be grayed out in FSRM. By
setting this to Not Configured, you would then have the ability to MANUALLY ENABLE it in FSRM, like the question is stating you should do.
C: Enable access-denied assistance needs to be set to Enabled, as it is outlined in the technet article for configuring this feature. If you only do the first step and
not this, access-denied assistance will still not work.
QUESTION 130
Your company has a main office and a remote office. The remote office is used for disaster recovery. The network contains an Active Directory domain named
contoso.com. The domain contains member servers named Server1, Server2, Server3, and Server4. All servers run Windows Server 2012 R2. Server1 and
Server2 are located in the main office. Server3 and Server4 are located in the remote office.
All servers have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Storage is replicated between
the main office and the remote site. You need to ensure that Cluster1 is available if two nodes in the same office fail. What are two possible quorum configurations
that achieve the goal? (Each correct answer presents a complete solution. Choose two.)
A.
B.
C.
D.
Node Majority
No Majority: Disk Only
Node and File Share Majority
Node and Disk Majority
Correct Answer: AB
Explanation
Explanation:
Depending on the quorum configuration option that you choose and your specific settings, the cluster will be configured in one of the following quorum modes:
* (A) Node majority (no witness) Only nodes have votes. No quorum witness is configured. The cluster quorum is the majority of voting nodes in the active cluster
membership.
* (B) No majority (disk witness only) No nodes have votes. Only a disk witness has a vote. The cluster quorum is determined by the state of the disk witness. The
cluster has quorum if one node is available and communicating with a specific disk in the cluster storage. Generally, this mode is not recommended, and it should
not be selected because it creates a single point of failure for the cluster.
* Node majority with witness (disk or file share)
Nodes have votes. In addition, a quorum witness has a vote. The cluster quorum is the majority of voting nodes in the active cluster membership plus a witness
vote. A quorum witness can be a designated disk witness or a designated file share witness.
Note:
* Quorum in Windows 2008 R2 referred to a consensus , that is, a majority of votes is required in order to reach quorum and maintain stability of the cluster. A new
option created in Windows Server 2012 R2 which was also back ported to Windows Server 2008 R2 SP1 was the ability to stop a node being able to participate in
the voting process.
* Dynamic quorum is the ability of the cluster to recalculate quorum on the fly and still maintain a working cluster. This is a huge improvement as we are now able to
continue to run a cluster even if the number of nodes remaining in the cluster is less than 50%. This was not possible before but the dynamic quorum concept now
allows us to do this. In fact we can reduce the cluster down to the last node (known as last man standing) and still maintain quorum. Reference: Configure and
Manage the Quorum in a Windows Server 2012 R2 Failover Cluster
QUESTION 131
You have a server named Server1 that runs Windows Server 2012 R2. The storage on Server1 is configured as shown in the following table.
You plan to implement Data Deduplication on Server1. You need to identify on which drives you can enable Data Deduplication. Which three drives should you
identify? (Each correct answer presents part of the solution. Choose three.)
A.
B.
C.
D.
E.
C
D
E
F
G
Correct Answer: BDE

Explanation
Explanation:
Volumes that are candidates for deduplication must conform to the following requirements:
* (not A) Must not be a system or boot volume. Deduplication is not supported on operating system volumes.
* Can be partitioned as a master boot record (MBR) or a GUID Partition Table (GPT), and must be formatted using the NTFS file system.
* Can reside on shared storage, such as storage that uses a Fibre Channel or an SAS array, or when an iSCSI SAN and Windows Failover Clustering is fully
supported.
* Do not rely on Cluster Shared Volumes (CSVs). You can access data if a deduplicationenabled volume is converted to a CSV, but you cannot continue to process
files for deduplication.
* (not C) Do not rely on the Microsoft Resilient File System (ReFS).
* Must be exposed to the operating system as non-removable drives. Remotely-mapped drives are not supported.
QUESTION 132
You have 20 servers that run Windows Server 2012 R2.
You need to create a Windows PowerShell script that registers each server in Windows Azure Online Backup and sets an encryption passphrase. Which two
PowerShell cmdlets should you run in the script? (Each correct answer presents part of the solution. Choose two.)
A.
B.
C.
D.
E.
New-OBPolicy
New-OBRetentionPolicy
Add-OBFileSpec
Start-OBRegistration
Set OBMachineSetting
Correct Answer: DE
Explanation
Explanation:
D: Start-OBRegistration
Registers the current computer with Windows Azure Online Backup using the credentials (username and password) created during enrollment.
E: The Set-OBMachineSetting cmdlet sets a OBMachineSetting object for the server that includes proxy server settings for accessing the internet, network
bandwidth throttling settings, and the encryption passphrase that is required to decrypt the files during recovery to another server.
Incorrect:
Not C: The Add-OBFileSpec cmdlet adds the OBFileSpec object, which specifies the items to include or exclude from a backup, to the backup policy (OBPolicy
object).
The OBFileSpec object can include or exclude multiple files, folders, or volumes.
QUESTION 133
The domain contains a server named Server1 that runs Windows Server 2012 R2.
You need to ensure that a WIM file that is located on a network share is used as the installation source when installing server roles and features on Server1.
A.
B.
C.
D.
Run the dism.exe command and specify the /remove-package parameter.

Run the Remove-WindowsFeature cmdlet.
Enable and configure the Specify settings for optional component installation and component repair policy setting by using a Group Policy object (GPO).
Enable the Enforce upgrade component rules policy setting by using a Group Policy object (GPO).
E. Run the Remove-WindowsPackage cmdlet.

Correct Answer: AC
Explanation
Explanation:
A: To remove packages from an offline image by using DISM Example:
At a command prompt, specify the package identity to remove it from the image.
You can remove multiple packages on one command line.
DISM /Image:C:\test\offline /Remove-Package
/PackageName:Microsoft.Windows.Calc.Demo~6595b6144ccf1df~x86~en~1.0.0.0 /PackageName:Microsoft-WindowsMediaPlayerPackage~31bf3856ad364e35~x86~~6.1.6801.0
C:
* You can use Group Policy to specify a Windows image repair source to use within your network. The repair source can be used to restore Windows features or to
repair a corrupted Windows image.
* Set Group Policy
You can use Group Policy to specify when to use Windows Update, or a network location as a repair source for features on demand and automatic corruption
repair. To configure Group Policy for Feature on Demand
Open the group policy editor. For example, on a computer that is running Windows?8, click Search, click Settings, type Edit Group Policy, and then select the Edit
Group Policy setting. Click Computer Configuration, click Administrative Templates, click System, and then double-click the Specify settings for optional component
uninstallation and component repair setting. Select the settings that you want to use for Features on Demand.
Note:
* The Windows Imaging Format (WIM) is a file-based disk image format. It was developed by Microsoft to help deploy Windows Vista and subsequent versions of
Windows operating system family, as well as Windows Fundamentals for Legacy PCs.
QUESTION 134
You have a domain outside the forest named litwareinc.com.
- Users in litwareinc.com must be able to access resources on a server named Server1 in contoso.com.
- Users in the contoso.com forest must be prevented from accessing any resources in litwareinc.com.
- Users in litwareinc.com must be prevented from accessing any other resources in the contoso.com forest.
A. Configure SID filtering on the trust.
B. Configure forest-wide authentication on the trust.
C.
D.
E.
F.
Create a one-way forest trust.

Create a one-way external trust
Modify the permission on the Server1 object.
Configure selective authentication on the trust.
Correct Answer: DEF

Explanation
Explanation:
D (not C): litwareinc.com is outside the forest so we need an external trust (not a forest trust).
E: Must grant the required permissions on Server1.
F(not B): For external trust we must either select Domain-Wide or Selective Authentication (forst- wide authentication is not an option)
BCE
Note:
* You can create an external trust to form a one-way or two-way, nontransitive trust with domains that are outside your forest. External trusts are sometimes
necessary when users need access to resources in a Windows NT 4.0 domain or in a domain that is located in a separate forest that is not joined by a forest trust.
/ To select the scope of authentication for users that are authenticating through a forest trust, click the forest trust that you want to administer, and then click
Properties . On the Authentication tab, click either Forest-wide authentication or Selective authentication . / To select the scope of authentication for users that are
authenticating through an external trust, click the external trust that you want to administer, and then click Properties . On the Authentication tab, click either
Domain-wide authentication or Selective authentication .
* The forest-wide authentication setting permits unrestricted access by any users in the trusted forest to all available shared resources in any of the domains in the
trusting forest.
* Forest-wide authentication is generally recommended for users within the same organization.
Reference: Select the Scope of Authentication for Users
QUESTION 135
All client computers run Windows 8.
You need to configure a custom Access Denied message that will be displayed to users when they are denied access to folders or files on Server1.
A.
B.
C.
D.
A classification property
The File Server Resource Manager Options
A file management task
A file screen template
Correct Answer: B
Explanation
Explanation:
File Server Resource Manager is a suite of tools that allows administrators to understand, control, and manage the quantity and type of data stored on their servers.
By using File Server Resource Manager, administrators can place quotas on folders and volumes, actively screen files, and generate comprehensive storage
reports.
This set of advanced instruments not only helps the administrator to efficiently monitor existing storage resources but it also aids in the planning and implementation
of future policy changes.
http://technet.microsoft.com/en-us/library/cc755603%28v=ws.10%29.aspx
QUESTION 136
The forest contains three Active Directory sites named SiteA, SiteB, and SiteC.
The sites contain four domain controllers.
You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB.
You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable.
What should you do?
A.
B.
C.
D.

Decrease the cost of the site link between SiteB and SiteC.
Create a site link bridge.
Disable site link bridging.
Correct Answer: B
Explanation
Explanation:
By decreasing the cost between SiteB and SiteC, the SiteC users will be authenticated by SiteB domain controllers.
Note:
* A site link bridge connects two or more site links and enables transitivity between site links. Each site link in a bridge must have a site in common with another site
link in the bridge.
* By default, all site links are transitive.
QUESTION 137
The domain contains a. DC2 has the DHCP Server server role installed.
DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
You discover that client computers cannot obtain IPv4 addresses from DC2.
You need to ensure that the client computers can obtain IPv4 addresses from DC2.
What should you do?
A.
B.
C.
D.
Disable the Deny filters.

Enable the Allow filters.
Authorize DC2.
Restart the DHCP Server service
Correct Answer: C
Explanation
Explanation:
From the exhibit we see a red marker on the IPv4 server icon. The DHCP server is not authorized.
Authorize DHCP Server
The final step is to authorize the server.
Right-click your FQDN and select Authorize.
Refresh the view by right-clicking your FQDN and selecting Refresh.
You should now see green check mark next to IPv4.
Example:
QUESTION 138
All servers run Windows Server 2012 R2. The domain contains four servers.
You need to deploy IP Address Management (IPAM) to manage DNS and DHCP.
On which server should you install IPAM?
A.
B.
C.
D.
Server1
Server2
Server3
Server4
Correct Answer: D
Explanation
Explanation:
IPAM cannot be installed on Domain Controllers. All other servers have the DC role
Exam B
QUESTION 1
The contoso.com domain only contains domain controllers that run Windows Server 2012 R2.
The forest contains a child domain named child.contoso.com.
The child.contoso.com domain only contains domain controllers that run Windows Server 2008 R2.
The child.contoso.com domain contains a member server named Server1 that runs Windows Server 2012 R2.
You have access to four administrative user accounts in the forest. The administrative user accounts are configured as shown in the following table.
You need to ensure that you can add a domain controller that runs Windows Server 2012 R2 to the child.contoso.com domain.
Which account should you use to run adprep.exe?
A.
B.
C.
D.
Admin1
Admin2
Admin3
Admin4
Correct Answer: C
Section: (none)
Explanation
QUESTION 2
The domain contains two servers named Node1 and Node2. Node1 and Node2 run Windows Server 2012 R2.
Node1 and Node2 are configured as a two-node failover cluster named Cluster2.
The computer accounts for all of the servers reside in an organizational unit (OU) named Servers.
A user named User1 is a member of the local Administrators group on Node1 and Node2.
User1 creates a new clustered File Server role named File1 by using the File Server for general use option.
A report is generated during the creation of File1 as shown in the exhibit. (Click the Exhibit button.)
File1 fails to start.

You need to ensure that you can start File1.
What should you do?
A. Log on to the domain by using the built-in Administrator for the domain, and then recreate the clustered File Server role by using the File Server for general use
option.
B. Recreate the clustered File Server role by using the File Server for scale-out Application data option.
C. Assign the computer account permissions of Cluster2 to the Servers OU.
D. Assign the user account permissions of User1 to the Servers OU.
E. Increase the value of the ms-DS-MachineAccountQuota attribute of the domain.
Correct Answer: B
Explanation
Explanation:
* You can deploy and configure a clustered file server by using either of the following methods:
/ Scale-Out File Server for application data
/ File Server for general use
* Scale-Out File Server is a feature that is designed to provide scale-out file shares that are continuously available for file-based server application storage. Scaleout file shares provides the ability to share the same folder from multiple nodes of the same cluster.
QUESTION 3
You start Server1 by using Windows PE.
You need to repair the Boot Configuration Data (BCD) store on Server1.
A.
B.
C.
D.
Bootim
Bootsect
Bootrec
Bootcfg
Correct Answer: C
Explanation
Explanation:
How To Rebuild the BCD in Windows
1. Start Advanced Startup Options if you're using Windows 8.
2. Open Command Prompt from Advanced Startup Options or System Recovery Options menu.
3. At the prompt, type the bootrec command as shown below and then press Enter:
bootrec /rebuildbcd.
The bootrec command will search for Windows installations not included in the Boot Configuration Data and then ask you if you'd like to add one or more to it.
Incorrect:
Not B. Bootsect.exe updates the master boot code for hard disk partitions to switch between BOOTMGR and NTLDR. You can use this tool to restore the boot
sector on your computer. This tool replaces FixFAT and FixNTFS.
Not D. The bootcfg command is a Microsoft Windows Server 2003 utility that modifies the Boot.ini file.
http://pcsupport.about.com/od/fixtheproblem/ht/rebuild-bcd-store-windows.htm
QUESTION 4
The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a file server role named FS1 and a generic service role named SVC1.
Server1 is the preferred node for FS1. Server2 is the preferred node for SVC1.
You plan to run a disk maintenance tool on the physical disk used by FS1.
You need to ensure that running the disk maintenance tool does not cause a failover to occur.
What should you do before you run the tool?
A.
B.
C.
D.
Run cluster.exe and specify the pause parameter.

Run cluster.exe and specify the offline parameter.
Run Suspend-ClusterResource
Run Suspend-ClusterNode.
Correct Answer: B
Section: (none)
Explanation
QUESTION 5
domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 is an enterprise root certification authority (CA) for contoso.com.
Your user account is assigned the certificate manager role and the auditor role on the contoso.com CA.
Your account is a member of the local Administrators group on Server1.

You enable CA role separation on Server1.
You need to ensure that you can manage the certificates on the CA.
What should you do?
A.
B.
C.
D.
Remove your user account from the local Administrators group.

Assign the CA administrator role to your user account.
Assign your user account the Bypass traverse checking user right.
Remove your user account from the Manage auditing and security log user right.
Correct Answer: D
Section: (none)
Explanation
Explanation:
The separation of CA roles can be enforced using role separation. Once enforced, role separation only allows a user to be assigned a single role. If a user is
assigned to more than one role and attempts to perform an operation on the CA, the operation is denied. For this reason, before role separation is enabled, a user
should be assigned only one CA role.
QUESTION 6
An administrator installs the IP Address Management (IPAM) Server feature on a server named Server2.
The administrator configures IPAM by using Group Policy based provisioning and starts server discovery.
You plan to create Group Policies for IPAM provisioning.
You need to identify which Group Policy object (GPO) name prefix must be used for IPAM Group Policies.
A.
B.
C.
D.
From Server Manager, review the IPAM overview.

Run the ipamgc.exe tool.
From Task Scheduler, review the IPAM tasks.
Run the Get-IpamConfiguration cmdlet.
Correct Answer: D
Explanation
Explanation:
Tricky question. If you review the IPAM Overview, there is nothing that points to that info. But, if you go to the Config.
Summary/Access Provisioning Method, you will see the prefix.
Better Get-IpamConfiguration cmdlet which shows it on the third column.
The answer is D.
QUESTION 7
The system properties of Server1 are shown in the exhibit. (Click the Exhibit button.)
You need to configure Server1 as an enterprise subordinate certification authority (CA).

A. Add RAM to the server.
B. Set the Startup Type of the Certificate Propagation service to Automatic.
C. Install the Certification Authority Web Enrollment role service.

D. Join Server1 to the contoso.com domain.
Correct Answer: D
Section: (none)
Explanation
Explanation:
Enterprise CAs must be domain members. From the exhibit we see that it is only a Workgroup member.
Note:
A new CA can be the root CA of a new PKI or subordinate to another in an existing PKI.
Enterprise subordinate certification authority.
An enterprise subordinate CA must get a CA certificate from an enterprise root CA but can then issue certificates to all users and computers in the enterprise.
These types of CAs are often used for load balancing of an enterprise root CA.
QUESTION 8
Cluster1 has access to four physical disks.
The disks are configured as shown in the following table.
You need to identify which disk can be added to a Clustered Storage Space in Cluster1.
Which disk should you identify?
A.
B.
C.
D.
Disk1
Disk2
Disk3
Disk4
Correct Answer: B
Explanation
QUESTION 9
Server1 has the File Server Resource Manager role service installed.
You attempt to delete a classification property and you receive the error message as shown in the exhibit. (Click the Exhibit button.)
You need to delete the is Confidential classification property.

What should you do?
A.
B.
C.
D.
Delete the classification rule that is assigned the is Confidential classification property.
Disable the classification rule that is assigned the is Confidential classification property.
Set files that have an is Confidential classification property value of Yes to No.
Clear the is Confidential classification property value of all files.
Correct Answer: A
Section: (none)
Explanation
Explanation:
What is the File Classification Infrastructure?
The Windows Server 2008 R2 File Classification Infrastructure (FCI) automates classification processes so that you can manage your data more effectively.
You can save money and reduce risk by storing and retaining files based on their business value or impact. The built-in solution for file classification provides
expiration, custom tasks, and reporting. The extensible infrastructure enables you to meet additional customer classification needs by building rich end-to-end
classification solutions that are built on the classification foundation of Windows Server in a consistent and supported way and within the existing Windows file
serving platforms.
QUESTION 10
You download and install the Windows Azure Online Backup Service Agent on Server1.
You need to ensure that you can configure an online backup from Windows Server Backup.
A.
B.
C.
D.

From Computer Management, add the Server1 computer account to the Backup Operators group.
From the Services console, modify the Log On settings of the Windows Azure Online Backup Service Agent.
Correct Answer: A
Explanation
Explanation:
B. To register a server for use with Windows Azure Backup you must run the register server wizard
QUESTION 11
An Active Directory site exists for each office. All domain controllers run Windows Server 2012 R2.

A.
B.
C.
D.

Repadmin
Ntdsutil
Correct Answer: C
Section: (none)
Explanation
Explanation:
Repadmin.exe is a command line tool that is designed to assist administrators in diagnosing, monitoring, and troubleshooting Active Directory replication problems.
Reference: Repadmin Introduction and Technology Overview Note: If you see question about AD Replication, First preference is AD sites and services, then
Repadmin and then DNSLINT.
QUESTION 12

A.
B.
C.
D.

Ntdsutil
DNS Manager
Correct Answer: C
Section: (none)
Explanation
Explanation:
The primary tool that you use to manage DNS servers is DNS Manager, the DNS snap-in in Microsoft Management Console (MMC), which appears as DNS in
Administrative Tools on the Start menu. You can use DNS Manager along with other snapins in MMC, further integrating DNS administration into your total network
management. It is also available in Server Manager on computers with the DNS Server role installed. You can use DNS Manager to perform the following basic
administrative server tasks:
* Performing initial configuration of a new DNS server.
* Connecting to and managing a local DNS server on the same computer or remote DNS servers on other computers.
* Adding and removing forward and reverse lookup zones, as necessary.
* Adding, removing, and updating resource records in zones.
* Modifying how zones are stored and replicated between servers.
* Modifying how servers process queries and handle dynamic updates. Modifying security for specific zones or resource records. In addition, you can also use DNS
Manager to perform the following tasks:
* Perform maintenance on the server.
You can start, stop, pause, or resume the server or manually update server data files.
* Monitor the contents of the server cache and, as necessary, clear it.
* Tune advanced server options.
Configure and perform aging and scavenging of stale resource records that are stored by the server.
Reference: DNS Tools
QUESTION 13

For security reasons, client computers in the perimeter network can communicate with client computers in the Branch site only.
You plan to deploy a new RODC to the perimeter network in the Branch site.
You need to ensure that the new RODC will be able to replicate from DC10.
What should you do first on DC10?
A.
B.
C.
D.
Run dcpromo and specify the /createdcaccount parameter.

Run the Add-ADDSReadOnlyDomainControllerAccount cmdlet.
Enable the Bridge all site links setting.
Correct Answer: C
Explanation
Explanation:
Creates a read-only domain controller (RODC) account that can be used to install an RODC in Active Directory.
Note:
* Notes
Once you have added the RODC account, you can add an RODC to a server computer by using the Install-ADDSDomainController cmdlet with the ReadOnlyReplica switch parameter.
* Example
Adds a new read-only domain controller (RODC) account to the corp.contoso.com domain using the North America site as the source site for the replication source
domain controller.
C:\PS>Add-ADDSReadOnlyDomainControllerAccount -DomainControllerAccountName RODC1 - DomainName corp.contoso.com -SiteName NorthAmerica
Reference: Add-ADDSReadOnlyDomainControllerAccount
QUESTION 14
Server1 has the DNS Server server role installed.
You need to store the contents of all the DNS queries received by Server1.
A.
B.
C.
D.
Logging from Windows Firewall with Advanced Security

Debug logging from DNS Manager
A Data Collector Set (DCS) from Performance Monitor
Monitoring from DNS Manager
Correct Answer: B
Section: (none)
Explanation
Explanation:
Debug logging allows you to log the packets sent and received by a DNS server.
Debug logging is disabled by default, and because it is resource intensive, you should only activate it temporarily when you need more specific detailed information
about server performance.
Reference: Active Directory 2008: DNS Debug Logging Facts...
QUESTION 15
You have a server named LON-DC1 that runs Windows Server 2012 R2.
An iSCSI virtual disk named VirtuahSCSIl.vhd exists on LON-DC1 as shown in the exhibit. (Click the Exhibit button.)
You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target.
VirtuahSCSI1.vhd is removed from LON-DC1.
You need to assign VirtualiSCSI2.vhd a logical unit value of 0.
What should you do?
A.
B.
C.
D.
Run the Set-IscsiVirtualDisk cmdlet and specify the -DevicePath parameter.

Run the iscsicpl command and specify the virtualdisklun parameter.
Modify the properties of the itgt ISCSI target.
Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter.
Correct Answer: D
Explanation
Explanation:
Set-VirtualDisk
Modifies the attributes of an existing virtual disk.
Applies To: Windows Server 2012 R2
-UniqueId<String>
Specifies an ID used to uniquely identify a Disk object in the system. The ID persists through restarts.
Note: Logical unit numbers (LUNs) created on an iSCSI disk storage subsystem are not directly assigned to a server. For iSCSI, LUNs are assigned to logical
entities called targets.
Incorrect:
Not A: Set-IscsiVirtualDisk
Modifies the settings for the specified iSCSI virtual disk.
-Path<String> (alias: DevicePath)
Specifies the path of the virtual hard disk (VHD) file that is associated with the iSCSI virtual disk. Filter the iSCSI Virtual Disk object using this parameter. Not B:
iscsicpl.exe could is the Microsoft iSCSI Initiator Configuration Tool. Microsoft Internet iSCSI Initiator enables you to connect a host computer that is running
Windows 7 or Windows Server 2008 R2 to an external iSCSI-based storage array through an Ethernet network adapter.
QUESTION 16
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2.
Server1 contains a virtual machine named VM1 that runs Windows Server 2012 R2.
You fail to start VM1 and you suspect that the boot files on VM1 are corrupt.
On Server1, you attach the virtual hard disk (VHD) of VM1 and you assign the VHD a drive letter of F.
You need to repair the corrupt boot files on VM1.
A. bootrec.exe /rebuildbcd
B. bootrec.exe /scanos
C. bcdboot.exe f:\windows /s c:
D. bcdboot.exe c:\windows /s f:
Correct Answer: D
Explanation
Bcdboot
Enables you to quickly set up a system partition, or to repair the boot environment located on the system
partition. The system partition is set up by copying a simple set of Boot Configuration Data (BCD) files to an
existing empty partition.
QUESTION 17
The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed.
Server1 has a zone named contoso.com.
The zone is configured as shown in the exhibit. (Click the Exhibit button.)
You need to assign a user named User1 permission to add and delete records from the contoso.com zone only.
A.
B.
C.
D.
Enable the Advanced view from DNS Manager.

Add User1 to the DnsUpdateProxy group.
Run the New Delegation Wizard.
Configure the zone to be Active Directory-integrated.
Correct Answer: D
Explanation
Explanation:
Secure dynamic updates are only supported or configurable for resource records in zones that are stored in Active Directory Domain Services (AD DS).
Note: To modify security for a resource record
Open DNS Manager.
In the console tree, click the applicable zone.
In the details pane, click the record that you want to view.
On the Action menu, click Properties.
On the Security tab, modify the list of member users or groups that are allowed to securely update the applicable record and reset their permissions as needed.
QUESTION 18
Your network contains two servers named HV1 and HV2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed.
HV1 hosts 25 virtual machines. The virtual machine configuration files and the virtual hard disks are stored in D:\VM.
You shut down all of the virtual machines on HV1.
You copy D:\VM to D:\VM on HV2.
You need to start all of the virtual machines on HV2.
What should you do?
A. Run the Import-VMInitialReplication cmdlet.
B. From HV1, export all virtual machines to D:\VM.
Copy D:\VM to D:\VM on HV2 and overwrite the existing files.
On HV2, run the Import Virtual Machine wizard.
C. From HV1, export all virtual machines to D:\VM.
Copy D:\VM to D:\VM on HV2 and overwrite the existing files.
On HV2, run the New Virtual Machine wizard.
D. Run the Import-VM cmdlet.
Correct Answer: D
Explanation
Explanation:
QUESTION 19
Your company recently deployed a new Active Directory forest named contoso.com.
The first domain controller in the forest runs Windows Server 2012 R2.
You need to identify the time-to-live (TTL) value for domain referrals to the NETLOGON and SYSVOL shared folders.
A.
B.
C.
D.
Ultrasound
Replmon
Dfsdiag
Frsutil
Correct Answer: C
Explanation
http://blogs.technet.com/b/josebda/archive/2009/07/15/five-ways-to-check-your-dfs-namespaces-dfs-n-configuration-with-the-dfsdiag-exe-tool.aspx
QUESTION 20
Your network contains two servers that run Windows Server 2012 R2 named Server1 and Server2.
Both servers have the File Server role service installed. On Server2, you create a share named Backups.
From Windows Server Backup on Server1, you schedule a full backup to run every night.
You set the backup destination to \\Server2 \Backups.
After several weeks, you discover that \\Server2\Backups only contains the last backup that completed on Server1.
You need to ensure that multiple backups of Server1 are maintained.
What should you do?
A.
B.
C.
D.
Modify the Volume Shadow Copy Service (VSS) settings.

Modify the properties of the Windows Store Service (WSService) service.
Change the backup destination,
Configure the permission of the Backups share.
Correct Answer: C
Explanation
QUESTION 21
The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has an enterprise root certification authority (CA) for contoso.com.
You deploy another member server named Server2 that runs Windows Server 2012 R2 and has the Web Server (IIS) server role installed.
You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point for the CA.
The solution must ensure that CRLs are published automatically to Server2.
A.
B.
C.
D.
E.
Create an http:// CRL distribution point (CDP) entry.

Configure a CA exit module.
Create a file:// CRL distribution point (CDP) entry
Configure an enrollment agent.
Configure a CA policy module.
Correct Answer: AE
Section: (none)
Explanation
Explanation:
A: To specify CRL distribution points in issued certificates Open the Certification Authority snap-in.
In the console tree, click the name of the CA.
On the Action menu, click Properties , and then click the Extensions tab. Confirm that Select extension is set to CRL Distribution Point (CDP) .
Do one or more of the following. (The list of CRL distribution points is in the Specify locations from which users can obtain a certificate revocation list (CRL) box.) /
To indicate that you want to use a URL as a CRL distribution point Click the CRL distribution point, select the Include in the CDP extension of issued certificates
check box, and then click OK . Click Yes to stop and restart Active Directory Certificate Services (AD CS).
E: You can specify CRL Distribution Points (CDPs) in CAPolicy.inf. Note that any CDP in CAPolicy.inf will take precedence for certificate verifiers over the CDP's
specified in the CA policy module.
Note:
CRLDistributionPoint
You can specify CRL Distribution Points (CDPs) for a root CA certificate in the CAPolicy.inf. This section does not configure the CDP for the CA itself. After the CA
has been installed you can configure the CDP URLs that the CA will include in each certificate that it issues. The URLs specified in this section of the CAPolicy.inf
file are included in the root CA certificate itself.
Example:
[CRLDistributionPoint]
URL=http://pki.wingtiptoys.com/cdp/WingtipToysRootCA.crl
QUESTION 22
The domain contains two domain controllers named DC1 and DC2.
You install Windows Server 2012 R2 on a new computer named DC3.
You need to manually configure DC3 as a domain controller.
A.
B.
C.
D.
winrm.exe
Server Manager
dcpromo.exe
Correct Answer: B
Section: (none)
Explanation
Explanation:
When you try to DCpromo a Server 2012, you get this message:
QUESTION 23
Your network contain an active directory domain named Contoso.com.
The domain contains two servers named server1 and server2 that run Windows Server 2012 R2.
You create a security template named template1 by using the security template snap-in.
You need to apply template1 to server2.
A.
B.
C.
D.
Security Configuration and Analysis

Server Manager
Security Template
Computer management
Correct Answer: A
Section: (none)
Explanation
QUESTION 24
You need to create a custom Active Directory Application partition.
A. Netdom
B. Ntdsutil
C. Dsmod
D. Dsamain
Correct Answer: B
Section: (none)
Explanation
Explanation:
* To create or delete an application directory partition Open Command Prompt.
Type:ntdsutil
At the ntdsutil command prompt, type:domain management
At the domain management command prompt, type:connection
At the server connections command prompt, type:connect to server ServerName
At the server connections command prompt, type:quit
At the domain management command prompt, do one of the following:
* partition management
Manages directory partitions for Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS).
This is a subcommand of Ntdsutil and Dsmgmt. Ntdsutil and Dsmgmt are command-line tools that are built into Windows Server 2008 and Windows Server 2008
R2.
/ partition management create nc %s1 %s2
Creates the application directory partition with distinguished name %s1, on the Active Directory domain controller or AD LDS instance with full DNS name %s2. If
you specify "NULL" for %s2, this command uses the currently connected Active Directory domain controller. Use this command only with AD DS. For AD LDS, use
create nc %s1 %s2 %s3.
Note:
* An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication
of a particular application directory partition hosts a replica of that partition.
QUESTION 25
You create an Active Directory snapshot of DC1 each day.
You need to view the contents of an Active Directory snapshot from two days ago.
A.
B.
C.
D.
Stop the Active Directory Domain Services (AD DS) service.

Run the ntdsutil.exe command.
Run the dsamain.exe command.
Start the Volume Shadow Copy Service (VSS).
Correct Answer: B
Explanation
QUESTION 26
You need to configure Server1 to create an entry in an event log when the processor usage exceeds 60 percent.
Which type of data collector should you create?
A.
B.
C.
D.
an event trace data collector

a performance counter data collector
a performance counter alert
a configuration data collector
Correct Answer: C
Section: (none)
Explanation
QUESTION 27
Your network contains two servers named Server1 and Server2.
Both servers run Windows Server 2012 R2, On Server1, you create a Data Collector Set (DCS) named Data1.
You need to export Data1 to Server2.
A.
B.
C.
D.
Right-click Data1 and click Data Manager...

Right-click Data1 and click Save template...
Right-click Data1 and click Properties.
Right-click Data1 and click Export list...
Correct Answer: B
Explanation
Explanation:
QUESTION 28
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise.
A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately.
A.
B.
C.
D.
The Set-AdComputercmdlet
Group Policy Object Editor
Group Policy Management Console (GPMC)
Correct Answer: D
Explanation
Explanation:
In the previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer. Starting with Windows Server?2012 and
Windows?8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management
Console (GPMC). Or you can use the Invoke-GPUpdate cmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the
computers are located in the default computers container.
Note: Group Policy Management Console (GPMC) is a scriptable Microsoft Management Console (MMC) snap-in, providing a single administrative tool for
managing Group Policy across the enterprise. GPMC is the standard tool for managing Group Policy.
Incorrect:
Not B: Secedit configures and analyzes system security by comparing your current configuration to at least one template.
Reference: Force a Remote Group Policy Refresh (GPUpdate)
QUESTION 29
Network Access Protection (NAP) is deployed to the domain.
You need to create NAP event trace log files on a client computer.
A.
B.
C.
D.
Logman
Tracert
Register-EngineEvent
Register-ObjectEvent
Correct Answer: A
Explanation
QUESTION 30
The domain contains a server named Server1. Server1 runs Windows Server 2012 R2.
You create a group Managed Service Account named gService1.
You need to configure a service named Service1 to run as the gService1 account.
How should you configure Service1?
A.
B.
C.
D.
From a command prompt, run sc.exe and specify the theconfig parameter.
From the Services console, configure the General settings.
From Windows PowerShell, run Set-Service and specify the -StartupType parameter.
From the Services console, configure the Log On settings.
Correct Answer: A
Section: (none)
Explanation
Explanation:
Executing the sc.exe command with the config parameter will modify service configuration.
QUESTION 31
Server1 has 2 dual-core processors and 16 GB of RAM.
You install the Hyper-V server role in Server1.
You plan to create two virtual machines on Server1.
You need to ensure that both virtual machines can use up to 8 GB of memory.
The solution must ensure that both virtual machines can be started simultaneously.
What should you configure on each virtual machine?
A.
B.
C.
D.
Dynamic Memory
NUMA topology
Memory weight
Ressource Control
Correct Answer: A
Section: (none)
Explanation
QUESTION 32
You perform a Server Core Installation of Windows Server 2012 R2 on a server named Server1.
You need to add a graphical user interface (GUI) to Server1.
A.
B.
C.
D.
the dism.exe command

the ocsetup.exe command
the setup.exe command
the Install-Module cmdlet
Correct Answer: A
Section: (none)
Explanation
Explanation:
The DISM command is called by the Add-WindowsFeature command. Here is the systax for DISM:
Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:ServerGui-Shell /featurename:Server-Gui-Mgmt
QUESTION 33
The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain.
Two Group Policy objects (GPOs) named GPO1 and GPO2 are created. GPO1 is linked to OU1.
GPO2 is linked to OU2. OU1 contains a client computer named Computer1.
OU2 contains a user named User1.
You need to ensure that the GPOs Applied to Computer1areApplied to User1 when User1 logs on.
A.
B.
C.
D.
Item-level targeting
Block Inheritance
GPO links
The Enforced setting
Correct Answer: A
Section: (none)
Explanation
QUESTION 34
The domain contains client computers that run either Windows XP, Windows 7, or Windows 8.
Network Policy Server (NPS) is deployed to the domain.
You plan to create a system health validator (SHV).
You need to identify which policy settings can be Applied to all of the computers.
Which three policy settings should you identify? (Each correct answer presents part of the solution. Choose three.)
A.
B.
C.
D.
E.
A firewall is enabled for all network connections.

An antispyware application is on.
Automatic updating is enabled.
Antivirus is up to date.
Antispyware is up to date.
Correct Answer: ACD

Explanation
Explanation:
* System health agent (SHA) is a NAP component.
* System health agent (SHA)
A component that checks the state of the client computer to determine whether the settings monitored by the SHA are up-to-date and configured correctly. For
example, the Windows Security Health Agent (WSHA) can monitor Windows Firewall, whether antivirus software is installed, enabled, and updated, whether
antispyware software is installed, enabled, and updated, and whether Microsoft Update Services is enabled and the computer has the most recent security updates
from Microsoft Update Services. There might also be SHAs (and corresponding system health validators) available from other companies that provide different
functionality.
QUESTION 35
Your network contains a Hyper-V host named Server1 that hosts 20 virtual machines.
You need to view the amount of memory resources and processor resources each virtual machine uses currently.
Which tool should you use on Server1?
A.
B.
C.
D.
Hyper-V Manager
Windows System Resource Manager (WSRM)
Task Manager
Resource Monitor
Correct Answer: A
Section: (none)
Explanation
Explanation:
You get it from the Hyper-V Manager
QUESTION 36
You create a Data Collector Set (DCS) named DCS1.
You need to configure DCS1 to log data to D:\logs.
What should you do?
A.
B.
C.
D.
Right-click DCS1 and click Data Manager...

Right-click DCS1 and click Save Template...
Right-click DCS1 and click Properties.
Right-click DCS1 and click Export list...
Correct Answer: C
Explanation
Explanation:
It is under the Directory tab from the DCS properties.
QUESTION 37
All servers run Windows Server 2012 R2. The domain contains a server named Server1.
You open Review Options in the Active Directory Domain Services Configuration Wizard, and then you click View script.
You need to ensure that you can use the script to promote Server1 to a domain controller.
Which file extension should you use to save the script?
A.
B.
C.
D.
.xml
.ps1
.bat
.cmd
Correct Answer: B
Explanation
Explanation:
The View Script button is used to view the corresponding PowerShell script The PowerShell script extension is .ps1,
The Answer could logically be either a .cmd file or a .bat file.
According to http://www.fileinfo.com/:
PAL - Settings file created by Corel Painter or Palette of colors used by Dr. Halo bitmap images
BAT - DOS batch file used to execute commands with the Windows Command Prompt (cmd.exe); contains aseries of line commands that typically might be
entered at the DOS command prompt; most commonly used tostart programs and run maintenance utilities within Windows.
XML - XML (Extensible Markup Language) data file that uses tags to define objects and object attributes;formatted much like an .HTML document, but uses custom
tags to define objects and the data within eachobject; can be thought of as a text-based database.
CMD - Batch file that contains a series of commands executed in order; introduced with Windows NT, but canbe run by DOS or Windows NT systems; similar to a
.BAT file, but is run by CMD.EXE instead of COMMAND.COM.
QUESTION 38
You have a standard primary zone named adatum.com.
You need to provide a user named User1 the ability to modify records in the zone.
users must be prevented from modifying records in the zone.
A.
B.
C.
D.
Run the Zone Signing Wizard for the zone.

From the properties of the zone, change the zone type.
Run the new Delegation Wizard for the zone.
From the properties of the zone, modify the Start Of Authority (SOA) record.
Correct Answer: C
Explanation
QUESTION 39
All domain controllers run Windows Server 2012. One of the domain controllers is named DC1.
The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings.
A server named Server1 is a DNS server that runs a UNIX-based operating system.
You plan to use Server1 as a secondary DNS server for the contoso.com zone.
You need to ensure that Server1 can host a secondary copy of the contoso.com zone.
What should you do?
A. From Windows PowerShell, run the Set-DnsServerForwarder cmdlet and specify the contoso.com zone as a target.
B. From Windows PowerShell, run the Set-DnsServerSetting cmdlet and specify DC1 as a target.
C. From Windows PowerShell, run the Set-DnsServerPrimaryZone cmdlet and specify the contoso.com zone as a target.
D. From DNS Manager, modify the Advanced settings of DC1.

Correct Answer: C
Explanation
Explanation:
C. The Set-DnsServerSecondaryZone cmdlet changes settings for an existing secondary zone on a Domain Name System (DNS) server.
http://technet.microsoft.com/en-us/library/jj649920(v=wps.620).aspx
QUESTION 40
Both servers run Windows Server 2012 R2.
The NLB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com.
You plan to perform maintenance on Server1.
You need to ensure that all new connections to App1 are directed to Server2.
The solution must not disconnect the existing connections to Server1.
A.
B.
C.
D.
The Set-NlbCluster cmdlet

The Set-NlbClusterNode cmdlet
The Stop-NlbCluster cmdlet
The Stop-NlbClusterNode cmdlet
Correct Answer: D
Explanation
Explanation:
The Stop-NlbClusterNode cmdlet stops a node in an NLB cluster. When you use the stop the nodes in the cluster, client connections that are already in progress
are interrupted.
To avoid interrupting active connections, consider using the -drain parameter, which allows the node to continue servicing active connections but disables all new
traffic to that node.
-Drain <SwitchParameter>
Drains existing traffic before stopping the cluster node. If this parameter is omitted, existing traffic will be dropped.
QUESTION 41
Your network contains an Active directory forest named contoso.com.
The forest contains two child domains named east.contoso.com and west.contoso.com.
You install an Active Directory Rights Management Services (AD RMS) cluster in each child domain.
You discover that all of the users in the contoso.com forest are directed to the AD RMS cluster in east.contoso.com.
You need to ensure that the users in west.contoso.com are directed to the AD RMS cluster in west.contoso.com and that the users in east.contoso.com are
directed to the AD RMS cluster in east.contoso.com.
What should you do?
A.
B.
C.
D.
Modify the Service Connection Point (SCP).

Configure the Group Policy object (GPO) settings of the users in the west.contoso.com domain.
Configure the Group Policy object (GPO) settings of the users in the east.contoso.com domain.
Modify the properties of the AD RMS cluster in west.contoso.com.
Correct Answer: B
Explanation
Explanation:
The west.contoso.com are the ones in trouble that need to be redirected to the west.contoso.com not the east.contoso.com.
Note: It is recommended that you use GPO to deploy AD RMS client settings and that you only deploy settings as needed.
QUESTION 42
From Server Manager, you install the Active Directory Certificate Services server role on Server1.
A domain administrator named Admin1 logs on to Server1.
When Admin1 runs the Certification Authority console, Admin1 receive the following error message.
You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.
What should you do?
A.
B.
C.
D.
Install the Active Directory Certificate Services (AD CS) tools.

Run the regsvr32.exe command.
Modify the PATH system variable.
Configure the Active Directory Certificate Services server role from Server Manager.
Correct Answer: D
Explanation
Explanation:
The error message is related to missing role configuration.
* Cannot Manage Active Directory Certificate Services Resolution: configure the two Certification Authority and Certification Authority Web Enrollment Roles:
QUESTION 43
The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed.
All servers run Windows Server 2012.d
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)
A.
B.
C.
D.
E.
Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.

Edit the multi-factor authentication global authentication policy settings.
Run Enable-AdfsDeviceRegistration.
Run Set-AdfsProxyProperties HttpPort 80.
Edit the primary authentication global authentication policy settings.
Correct Answer: CE
Explanation
Explanation:
* To enable Device Registration Service On your federation server, open a Windows PowerShell command window and type:
Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm..
Enable seamless second factor authentication
Seamless second factor authentication is an enhancement in AD FS that provides an added level of access protection to corporate resources and applications from
external devices that are trying to access them. When a personal device is Workplace Joined, it becomes a `known' device and administrators can use this
information to drive conditional access and gate access to resources. To enable seamless second factor authentication, persistent single sign-on (SSO) and
conditional access for Workplace Joined devices
In the AD FS Management console, navigate to Authentication Policies. Select Edit Global Primary Authentication. Select the check box next to Enable Device
Authentication, and then click OK.
QUESTION 44
You need to create an IPv6 scope on Server1.
The scope must use an address space that is reserved for private networks. The addresses must be routable.
Which IPV6 scope prefix should you use?
A.
B.
C.
D.
2001:123:4567:890A::
FE80:123:4567::
FF00:123:4567:890A::
FD00:123:4567::
Correct Answer: D
Explanation
Explanation:
QUESTION 45
Users frequently access the website of an external partner company. The URL of the website is http://partners.adatum.com.
The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change.
After the change is complete, the users on your internal network report that they fail to access the website.
However, some users who work from home report that they can access the website.
You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.
What should you do?
A.
B.
C.
D.
Run dnscmd and specify the CacheLockingPercent parameter.

Run Set-DnsServerGlobalQueryBlockList.
Run ipconfig and specify the Renew parameter.
Run Set-DnsServerCache.
Correct Answer: D
Section: (none)
Explanation
Explanation:
Run Set-DnsServerCache with the -LockingPercent switch. dnscmd technically works also.
QUESTION 46
You have a server named Server1.
You install the IP Address Management (IPAM) Server feature on Server1.
You need to provide a user named User1 with the ability to set the access scope of all the DHCP servers that are managed by IPAM.
The solution must use the principle of least privilege.
Which user role should you assign to User1?
A.
B.
C.
D.
DNS Record Administrator Role

IPAM DHCP Reservations Administrator Role
IPAM Administrator Role
IPAM DHCP Administrator Role
Correct Answer: D
Explanation
Explanation:
The IPAM DHCP administrator role completely manages DHCP servers.
QUESTION 47
You have a virtual machine named VM1 that runs on a host named Host1.
You configure VM1 to replicate to another host named Host2. Host2 is located in the same physical location as Host1.
You need to add an additional replica of VM1.
The replica will be located in a different physical site.
What should you do?
A. From VM1 on Host2, click Extend Replication.
B. On Host1, configure the Hyper-V settings.
C. From VM1 on Host1, click Extend Replication.

D. On Host2, configure the Hyper-V settings.
Correct Answer: A
Section: (none)
Explanation
Explanation:
http://blogs.technet.com/b/virtualization/archive/2013/12/10/hyper-v-replica-extend-replication.aspx
Once that is done, go to replica site and from Hyper-V UI manager select the VM for which you want to extend the replication.
Right click on VM and select Replication->Extend Replication. This will open Extend Replication Wizard which is similar to Enable Replication Wizard.
NOTE: You configure a server to receive replication with Hyper-V Manager, in this situation the replica site is assumed to be the Replica Server.
Therefore you extend replication from VM1 on Host2.
QUESTION 48
Your network contains 20 iSCSI storage appliances that will provide storage for 50 Hyper-V hosts running Windows Server 2012 R2.
You need to configure the storage for the Hyper-V hosts.
A.
B.
C.
D.
Install the iSCSI Target Server role service and configure iSCSI targets.
Install the iSNS Server service feature and create a Discovery Domain.
Start the Microsoft iSCSI Initiator Service and configure the iSCSI Initiator Properties.
Install the Multipath I/O (MPIO) feature and configure the MPIO Properties.
Correct Answer: B
Explanation
Explanation:
QUESTION 49
You create a new virtual disk in a storage pool by using the New Virtual Disk Wizard.
You discover that the new virtual disk has a write-back cache of 1 GB.
You need to ensure that the virtual disk has a write-back cache of 5 GB.
What should you do?
A.
B.
C.
D.
Detach the virtual disk, and then run the Resize-VirtualDisk cmdlet.
Detach the virtual disk, and then run the Set-VirtualDisk cmdlet.
Delete the virtual disk, and then run the New-StorageSubSystemVirtualDisk cmdlet.
Delete the virtual disk, and then run the New-VirtualDisk cmdlet.
Correct Answer: D
Section: (none)
Explanation
Explanation:
You must set the write-back cache during the initial new disk creation. This setting is not configurable once the VHD has been created.
QUESTION 50
The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role
installed.
Server2 is a file server.
Your company introduces a Bring Your Own Device (BYOD) policy.
You need to ensure that users can use a personal device to access domain resources by using Single Sign-On (SSO) while they are connected to the internal
network.
A.
B.
C.
D.
E.
Enable the Device Registration Service in Active Directory.

Publish the Device Registration Service by using a Web Application Proxy.
Configure Active Directory Federation Services (AD FS) for the Device Registration Service.
Create and configure a sync share on Server2.
Install the Work Folders role service on Server2.
Correct Answer: AC
Explanation
Explanation:
* Workplace Join leverages a feature included in the Active Directory Federation Services (AD FS) Role in Windows Server 2012 R2, called Device Registration
Service (DRS). DRS provisions a device object in Active Directory when a device is Workplace Joined. Once the device object is in Active Directory, attributes of
that object can be retrieved and used to provide conditional access to resources and applications. The device identity is represented by a certificate which is set on
the personal device by DRS when the device is Workplace Joined.
* In Windows Server 2012 R2, AD FS and Active Directory Domain Services have been extended to comprehend the most popular mobile devices and provide
conditional access to enterprise resources based on user+device combinations and access policies. With these policies in place, you can control access based on
users, devices, locations, and access times.
QUESTION 51
You install the DHCP Server server role on Server1 and Server2.
You install the IP Address Management (IPAM) Server feature on Server1.
You notice that you cannot discover Server1 or Server2 in IPAM.
You need to ensure that you can use IPAM to discover the DHCP infrastructure.
A.
B.
C.
D.
E.
On Server2, create an IPv4 scope.

On Server1, run the Add-IpamServerInventory cmdlet.
On Server2, run the Add-DhcpServerInDc cmdlet
On both Server1 and Server2, run the Add-DhcpServerv4Policy cmdlet.
On Server1, uninstall the DHCP Server server role.
Correct Answer: CE
Explanation
Explanation:
https://technet.microsoft.com/en-us/library/jj878313.aspx
IPAM discovers DHCP servers that are authorized in the Active Directory domains you specify and that respond to a DHCPInform message.
https://technet.microsoft.com/en-us/library/jj590712%28v=wps.630%29.aspx
Add-DhcpServerInDC
Adds the computer running the DHCP server service to the list of authorized Dynamic Host Configuration Protocol (DHCP) server services in Active Directory (AD).
IPAM must be installed on a domain member computer. You cannot install IPAM on a domain controller. If IPAM is installed on the same server with DHCP, then
DHCP server discovery will be disabled.
QUESTION 52
Your network contains two Active Directory forests named contoso.com and corp.contoso.com.
User1 is a member of the DnsAdmins domain local group in contoso.com.

User1 attempts to create a conditional forwarder to corp.contoso.com but receive an error message shown in the exhibit. (Click the Exhibit button.)
You need to configure bi-directional name resolution between the two forests.
A. Add User1 to the DnsUpdateProxy group.
B. Configure the zone to be Active Directory-integrated.
C. Enable the Advanced view from DNS Manager.

D. Run the New Delegation Wizard.
Correct Answer: B
Section: (none)
Explanation
Explanation:
The zone must be Active Directory-integrated.
QUESTION 53
Each forest contains one domain. Contoso.com has a two-way forest trust to adatum.com.
Selective authentication is enabled on the forest trust.
Contoso contains 10 servers that have the File Server role service installed.
Users successfully access shared folders on the file servers by using permissions granted to the Authenticated Users group.
You migrate the file servers to adatum.com.
Contoso users report that after the migration, they are unable to access shared folders on the file servers.
You need to ensure that the Contoso users can access the shared folders on the file servers.
What should you do?
A.
B.
C.
D.
Disable selective authentication on the existing forest trust.

Disable SID filtering on the existing forest trust.
Run netdom and specify the /quarantine attribute.
Replace the existing forest trust with an external trust.
Correct Answer: A
Explanation
Explanation:
http://technet.microsoft.com/nl-nl/library/cc755321%28v=ws.10%29.aspx
Impact of Selective Authentication
Because all verification of incoming interforest authentication requests is done locally on the receiving domain controller in the trusting forest, access to resources in
the trusting forest is likely to be extremely limited for a broad set of users on the network (which is the purpose of this security setting). Consequently, implementing
selective authentication might require user education, particularly due to the following reasons:
Users browsing network resources through My Network Places to resources located in a trusting forest might get access denied messages when attempting to
access those resources.
Resources in the trusting forest that were once available to users in a trusted forest might no longer be available.
QUESTION 54
You have a server named FS1 that runs Windows Server 2012 R2.
You install the File and Storage Services server role on FS1. From Windows Explorer, you view the properties of a shared folder named Share1 and you discover
that the Classification tab is missing.
You need to ensure that you can assign classifications to Share1 from Windows Explorer manually.
What should you do?
A.
B.
C.
D.
From Folder Options, select Show hidden files, folders, and drives.
From Folder Options, clear Use Sharing Wizard (Recommend).
Install the File Server Resource Manager role service.
Install the Enhanced Storage feature.
Correct Answer: C
Section: (none)
Explanation
QUESTION 55
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 are configured as shown in the following
table.
You need to ensure that when new targets are added to Server1, the targets are registered on Server2 automatically.
A.
B.
C.
D.
Configure the Discovery settings of the iSCSI initiator.

Configure the security settings of the iSCSI target.
Run the Set-Wmilnstance cmdlet.
Run the Set-IscsiServerTarget cmdlet.
Correct Answer: C
Explanation
Explanation:
http://blogs.technet.com/b/filecab/archive/2012/06/08/iscsi-target-cmdlet-reference.aspx
11.Manage iSNS server registration
The iSNS server registration can be done using the following cmdlets, which manages the WMI objects.
To add an iSNS server:
Set-WmiInstance -Namespace root\wmi -Class WT_iSNSServer Arguments
@{ServerName="ISNSservername"}
QUESTION 56
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is
configured as a standalone certification authority (CA).
You install a second server named Server2.
You install the Online Responder role service on Server2.
You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signing certificate to Server2.
What should you run on Server1?
A.
B.
C.
D.
The certreq.exe command and specify the -policy parameter

The certutil.exe command and specify the -getkey parameter
The certutil.exe command and specify the -setreg parameter
The certreq.exe command and specify the -retrieve parameter
Correct Answer: C
Explanation
Explanation:
To prepare a computer running Windows Server to issue OCSP Response Signing certificates
On the server hosting the CA, open a command prompt, and type:
certutil -v -setreg policy\EnableRequestExtensionList +1.3.6.1.5.5.7.48.1.5 Stop and restart the CA. You can do this at a command prompt by running the following
commands:
net stop certsvc
net start certsvc
https://technet.microsoft.com/en-us/library/cc732526.aspx
QUESTION 57
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA).
All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card.
A user named User1 resigned and started to work for a competing company.
You need to prevent User1 immediately from logging on to any computer in the domain.
The solution must not prevent other users from logging on to the domain.
A.
B.
C.
D.

The Certificates snap-in
Server Manager
Correct Answer: A
Explanation
Explanation:
Disabling or enabling a user account
To open Active Directory Users and Computers, click Start , click Control Panel , double-click Administrative Tools , and then double-click Active Directory Users
and Computers.
To open Active Directory Users and Computers in Windows Server 2012, click Start , type dsa.msc .
In the console tree, click Users .
In the details pane, right-click the user.
Depending on the status of the account, do one of the following:
To disable the account, click Disable Account .
To enable the account, click Enable Account .
QUESTION 58
The domain contains a server named Server1 that runs a Server Core installation of Windows Server 2012 R2.
You need to deploy a certification authority (CA) to Server1.
The CA must support the auto- enrollment of certificates.
Which two cmdlets should you run? (Each correct answer presents part of the solution. Choose two.)
A.
B.
C.
D.
Add-CAAuthoritylnformationAccess
Install-AdcsCertificationAuthority
Add-WindowsFeature
Install-AdcsOnlineResponder
E. Install-AdcsWebEnrollment
Correct Answer: BC
Explanation
Explanation:
It seems B and C.
You must install the CA role before you run Install-AdcsCertificationAuthority.
Detailed Description
The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the AD CS CA role service.
To remove the certification authority role service use the Uninstall-AdcsCertificationAuthority cmdlet.
You can import the cmdlet by running the following commands from Windows PowerShell:
Import-Module ServerManager
Add-WindowsFeature Adcs-Cert-Authority
QUESTION 59
Server1 has the Active Directory Rights Management Services server role installed.
The domain contains a domain local group named Group1.
You create a rights policy template named Template1.
You assign Group1 the rights to Template1.
You need to ensure that all the members of Group1 can use Template1.
What should you do?
A.
B.
C.
D.
Configure the email address attribute of Group1.

Convert the scope of Group1 to global.
Convert the scope of Group1 to universal.
Configure the email address attribute of all the users who are members of Group1.
Correct Answer: D
Explanation
Explanation:
When a user or group is created in Active Directory, the mail attribute is an optional attribute that can be set to include a primary email address for the user or
group. For AD RMS to work properly, this attribute must be set because all users must have an email attribute to protect and consume content.
http://social.technet.microsoft.com/wiki/contents/articles/13130.ad-rms-troubleshooting-guide.aspx
QUESTION 60
From Server Manager, you install the Active Directory Certificate Services server role on Server1.
A domain administrator named Admin1 logs on to Server1.
When Admin1 runs the Certification Authority console, Admin1 receive the following error message.
You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.
What should you do?
A.
B.
C.
D.
Run the Install-AdcsCertificationAuthority cmdlet.

Install the Active Directory Certificate Services (AD CS) tools.
Modify the PATH system variable.
Add Admin1 to the Cert Publishers group.
Correct Answer: A
Explanation
Explanation:
http://clintboessen.blogspot.nl/2013/11/cannot-manage-active-directory.html
QUESTION 61
The domain contains a member server named Server1.
A technician performs maintenance on Server1.
After the maintenance is complete, you discover that you cannot connect to the IPAM server on Server1.
You open the Services console as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can connect to the IPAM server.
Which service should you start?
A.
B.
C.
D.
Windows Process Activation Service

windows Event Collector
Windows Internal Database
Windows Store Service (WSService)
Correct Answer: C
Explanation
Explanation:
IPAM only supports Windows Internal Database (not SQL Server, MySQL, or any other third-party solution). Because of this I believe the answer is C. As long as
the Windows Process Activation Service is not disabled and is properly set as a dependency for Windows Internal Database, it will start automatically when you
start the Windows Internal Database service.
QUESTION 62
The forest contains two domains named contoso.com and childl.contoso.com.
The domains contain three domain controllers.
You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in both domains.
A.
B.
C.
D.
E.
Raise the domain functional level of contoso.com.

Raise the domain functional level of child1.contoso.com.
Raise the forest functional level of contoso.com.
Correct Answer: AE
Section: (none)
Explanation
Explanation:
To use claims-based authorization, you need the following:
Windows Server 2012 must be installed on the file server that hosts the resources that DAC protects.
At least one Windows Server 2012 domain controller must be accessible by the requesting client.
If you use claims across a forest, you must have a Windows Server 2012 domain controller in each domain.
If you use device claims, clients must run Windows 8.
A question in the same book indicates:

Identify the minimum domain function level (2003, 2008, 2008 R2, or 2012) for the specified feature
KDC support for claims - 2012
So the answer is A and E.
E because you must upgrade the domain controller to 2012 R2 to raise the functional level of the domain to the necessary level, and A because 2012 domain
functional level is required for KDC support for claims.
Upgrading dc11.child1.contoso.com is not necessary because there is already a Server 2012 R2 server in the child domain (dc10).
QUESTION 63
Server1 has an IPv6 scope named Scope1.
You implement an additional DHCP server named Server2 that runs Windows Server 2012 R2.
You need to provide high availability for Scope1. The solution must minimize administrative effort.
What should you do?
A. Install and configure Network Load Balancing (NLB) on Server1 and Server2.
B. Create a scope on Server2.
C. Configure DHCP failover on Server1.
D. Install and configure Failover Clustering on Server1 and Server2.

Correct Answer: C
Explanation
http://blogs.technet.com/b/canitpro/archive/2013/07/10/step-by-step-dhcp-high-availability-with-windowsserver-2012-r2.aspx
Configure DHCP failover on the server that created the scope.
In this case Server1 created Scope1 therefore DHCP Failover should be configured on Server1
QUESTION 64
Your company has two offices. The offices are located in Seattle and Montreal.
The network contains an Active Directory domain named contoso.com.
The domain contains two DHCP servers named Server1 and Server2. Server1 is located in the Seattle office. Server2 is located in the Montreal office.
You need to create a DHCP scope for video conferencing in the Montreal office.
The scope must be configured as shown in the following table.
Which Windows PowerShell cmdlet should you run?

A.
B.
C.
D.
Add-DchpServerv4SuperScope
Add-DchpServerv4MulticastScope
Add-DHCPServerv4Policy
Add-DchpServerv4Scope
Correct Answer: B
Explanation
Explanation:
Add-DhcpServerv4MulticastScope: Adds a multicast scope on the DHCP server.

QUESTION 65
You have an Active Directory Rights Management Services (AD RMS) cluster.
You need to prevent users from encrypting new content.
The solution must ensure that the users can continue to decrypt content that was encrypted already.
A.
B.
C.
D.
E.
From the Active Directory Rights Management Services console, enable decommissioning.
From the Active Directory Rights Management Services console, create a user exclusion policy.
Modify the NTFS permissions of %systemdrive%\inetpub\wwwroot\_wmcs\licensing.
Modify the NTFS permissions of %systemdrive%\inetpub\wwwroot\_wmcs\decommission.
From the Active Directory Rights Management Services console, modify the rights policy templates.
Correct Answer: AD
Section: (none)
Explanation
Explanation:
The answer should be A & D
Decommission AD RMS
Decommission AD RMS Root Cluster
If you were to create a user exclusion policy, then that would exclude them from being able to access certain entities. Therefore, not being able to access
decrypted content to begin with.
QUESTION 66
The domain contains a server named Server1 that runs Windows Server 2012.
Server1 is the enterprise root certification authority (CA) for contoso.com.
You need to enable CA role separation on Server1.
A.
B.
C.
D.
The Certutil command

The Authorization Manager console
The Certsrv command
The Certificates snap-in
Correct Answer: A
Section: (none)
Explanation
certutil -setreg ca\RoleSeparationEnabled 1
QUESTION 67
You have five servers that run Windows Server 2012 R2.
The servers have the Failover Clustering feature installed.
You deploy a new cluster named Cluster1. Cluster1 is configured as shown in the following table.
Server1, Server2, and Server3 are configured as the preferred owners of the cluster roles.
You plan to perform hardware maintenance on Server3.
You need to ensure that if the WAN link between Site1 and Site2 fails while you are performing maintenance on Server3, the cluster resource will remain available
in Site1.
What should you do?
A.
B.
C.
D.
Add a file share witness in Site1.

Enable DrainOnShutdown on Cluster1.
Remove the node vote for Server4 and Server5.
Remove the node vote for Server3.
Correct Answer: C
Section: (none)
Explanation
Explanation:
C is the answer.
Though A would seem to work, it does not provide with a reasonable solution to this question.
In this case, it is outside the scope of the problem. To minimize administrative effort, C is the best answer to this question.
QUESTION 68
You deploy a server named Server1 that runs Windows Server 2012 R2.
A local administrator installs the Active Directory Rights Management Services server role on Server1.
You need to ensure that AD RMS clients can discover the AD RMS cluster automatically.
What should you do?
A. Run the Active Directory Rights Management Services console by using an account that is a member of the Schema Admins group, and then configure the
proxy settings.
B. Run the Active Directory Rights Management Services console by using an account that is a member of the Schema Admins group, and then register the
Service Connection Point (SCP).
C. Run the Active Directory Rights Management Services console by using an account that is a member of the Enterprise Admins group, and then register the
Service Connection Point (SCP).
D. Run the Active Directory Rights Management Services console by using an account that is a member of the Enterprise Admins group, and then configure the
proxy settings.
Correct Answer: C
Section: (none)
Explanation
Explanation:
* The Active Directory Rights Management Services (AD RMS) Service Connection Point (SCP) is an object in Active Directory that holds the web address of the
AD RMS certification cluster. AD RMS-enabled applications use the SCP to discover the AD RMS service; it is the first connection point for users to discover the AD
RMS web services.
* To register the SCP you must be a member of the local AD RMS Enterprise Administrators group and the Active Directory Domain Services (AD DS) Enterprise
Admins group, or you must have been given the appropriate authority.
QUESTION 69
Server1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery.
You create a new Active Directory group named Group1.
You need to ensure that the members of Group1 can request a Key Recovery Agent certificate.
The solution must minimize the permissions assigned to Group1.
Which two permissions should you assign to Group1? (Each correct answer presents part of the solution. Choose two.)
A.
B.
C.
D.
E.
Read
Auto enroll
Write
Enroll
Full control
Correct Answer: AD
Explanation
Explanation:
* In Template, type a new template display name, and then modify any other optional properties as needed.
On the Security tab, click Add, type the name of the users you want to issue the key recovery agent certificates to, and then click OK. Under Group or user names,
select the user names that you just added. Under Permissions, select the Read and Enroll check boxes, and then click OK.
QUESTION 70
You have a server named DNS1 that runs Windows Server 2012 R2.
You discover that the DNS resolution is slow when users try to access the company intranet home page by using the URL http://companyhome.
You need to provide single-label name resolution for CompanyHome that is not dependent on the suffix search order.
Which three cmdlets should you run? (Each correct answer presents part of the solution. Choose three.)
A.
B.
C.
D.
E.
F.
Add-DnsServerPrimaryZone
Add-DnsServerResourceRecordCName
Set-DnsServerDsSetting
Set-DnsServerGlobalNameZone
Set-DnsServerEDns
Add-DnsServerDirectory Partition
Correct Answer: ABD

Explanation
Explanation:
*The Add-DnsServerPrimaryZone cmdlet adds a specified primary zone on a Domain Name System (DNS) server.
* The Add-DnsServerResourceRecordCName cmdlet adds a canonical name (CNAME) resource record to a specified Domain Name System (DNS) zone. A
CNAME record allows you to use more than one resource record to refer to a single host *The Set-DnsServerGlobalNameZone cmdlet enables or disables singlelabel Domain Name System (DNS) queries. It also changes configuration settings for a GlobalNames zone. The GlobalNames zone supports short, easy-to-use
names instead of fully qualified domain names (FQDNs) without using Windows Internet Name Service (WINS) technology. For instance, DNS can query
SarahJonesDesktop instead of SarahJonesDesktop.contoso.com.
QUESTION 71
Your network contains three servers named HV1, HV2, and Server1 that run Windows Server 2012 R2.
HV1 and HV2 have the Hyper-V server role installed. Server1 is a file server that contains 3 TB of free disk space.
HV1 hosts a virtual machine named VM1.
The virtual machine configuration file for VM1 is stored in D:\VM and the virtual hard disk file is stored in E:\VHD.
You plan to replace drive E with a larger volume.
You need to ensure that VM1 remains available from HV1 while drive E is being replaced.
What should you do?
A.
B.
C.
D.
Perform a live migration to HV2.

Add HV1 and HV2 as nodes in a failover cluster. Perform a storage migration to HV2.
Add HV1 and HV2 as nodes in a failover cluster. Perform a live migration to HV2.
Perform a storage migration to Server1.
Correct Answer: D
Explanation
Explanation:
Using a minimum amount of adminitrative effort is the always key for this type of questions.
They will give multiple possible solutions, but with that key in mind, D is the answer.
A,C is not the answer because VM1 has to remain in HV1
B is possible, but it takes lots of effort to set up cluster.
D seems the best answer. You just do storage migration lively to another server, then bring back when large disk is insert to hot swap bay.
QUESTION 72
The domain contains an IP Address Management (IPAM) server that uses a Windows Internal Database.
You install a Microsoft SQL Server 2012 instance on a new server.
You need to migrate the IPAM database to the SQL Server instance.
Which cmdlet should you run?
A. Disable-IpamCapability
B. Set-IpamConfiguration
C. Update-IpamServer
D. Move-IpamDatabase
Correct Answer: D
Explanation
Explanation:
The Move-IpamDatabase cmdlet migrates the IP Address Management (IPAM) database to a Microsoft SQL Server database. You can migrate from Windows
Internal Database (WID) or from a SQL Server database. The cmdlet creates a new IPAM schema and copies all data from the existing IPAM database. After the
cmdlet completes copying data, it changes IPAM configuration settings to refer to the new database as the IPAM database.
QUESTION 73
The domain contains a certification authority (CA).
You suspect that a certificate issued to a Web server is compromised.
You need to minimize the likelihood that users will trust the compromised certificate.
A.
B.
C.
D.
E.
Stop the Certificate Propagation service.

Modify the validity period of the Web Server certificate template.
Run certutil and specify the -revoke parameter.
Run certutil and specify the -deny parameter.
Publish the certificate revocation list (CRL).
Correct Answer: CE
Section: (none)
Explanation
Explanation:
First revoke the certificate, then publish the CRL.
QUESTION 74
Server1 is an enterprise root certification authority (CA) for contoso.com.
You need to ensure that the members of a group named Group1 can request code signing certificates.
The certificates must be issued automatically to the members.
A.
B.
C.
D.
E.
From Certificate Templates, modify the certificate template.

From Certification Authority, add a certificate template to be issued.
From Certificate Authority, modify the CA properties.
From Certificate Templates, duplicate a certificate template.
From Certificate Authority, stop and start the Active Directory Certificate Services (AD CS) service.
Correct Answer: AD
Section: (none)
Explanation
Explanation:
The correct answers should be A and D: First duplicate it, then modify it
http://blogs.technet.com/b/deploymentguys/archive/2013/06/14/signing-windows-8-applications-using-an-internal-pki.aspx
The section on Creating a Custom Certificate Template shows steps to create and states
New certificate templates are created by copying an existing template and using the existing templates properties as the default for the new template. Copy the
existing certificate template closest to the configuration of the intended new template to minimize the work necessary.
This is step 2 in the creation process. Step 4 is to make desired changes.
Building an Enterprise Root Certification Authority in Small and Medium Businesses
QUESTION 75
The forest contains four domains. All servers run Windows Server 2012 R2.
Each domain has a user named User1.
You have a file server named Server1 that is used to synchronize user folders by using the Work Folders role service.
Server1 has a work folder named Sync1.
You need to ensure that each user has a separate folder in Sync1.
What should you do?
A.
B.
C.
D.
From Windows Explorer, modify the Sharing properties of Sync1.

Run the Set-SyncServerSetting cmdlet.
From File and Storage Services in Server Manager, modify the properties of Sync1.
Run the Set-SyncShare cmdlet.
Correct Answer: D
Section: (none)
Explanation
Explanation:
http://technet.microsoft.com/en-US/library/dn296649.aspx
PS C:\> Set-SyncShare Share01 -User "ContosoGroup"
QUESTION 76
Cluster1 contains a cluster disk resource.
A developer creates an application named App1.
App1 is NOT a cluster-aware application.
App1 runs as a service. App1 stores date on the cluster disk resource.
You need to ensure that App1 runs in Cluster1.
The solution must minimize development effort.
A.
B.
C.
D.
Add-ClusterGenericServiceRole
Add-ClusterGenericApplicationRole
Add-ClusterScaleOutFileServerRole
Add-ClusterServerRole
Correct Answer: A
Section: (none)
Explanation
Explanation:
I think its A.
The questions says App1 runs as a service
Configure high availability for a service that was not originally designed to run in a failover cluster.
If you run an application as a Generic Application, the cluster software will start the application, then periodically query the operating system to see whether the
application appears to be running. If so, it is presumed to be online, and will not be restarted or failed over
QUESTION 77

A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS).
After the proof of concept was complete, the Active Directory Rights Management Services server role was removed.
You attempt to deploy AD RMS.
During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found.
You need to remove the existing AD RMS SCP.
A.
B.
C.
D.
E.

Authorization Manager
Active Directory Rights Management Services
Correct Answer: E
Explanation
Explanation:
ADRMS will registered the Service Connection Point (SCP) in Active Directory and you will need to unregister first before you remove the ADRMS server role.
If your ADRMS server is still alive, you can easily manually remove the SCP by below:
QUESTION 78
You have a server named SCI that runs a Server Core Installation of Windows Server 2012 R2.
Shadow copies are enabled on all volumes.
You need to delete a specific shadow copy. The solution must minimize server downtime.
A.
B.
C.
D.
Shadow
Diskshadow
Wbadmin
Diskpart
Correct Answer: B
Explanation
Explanation:
DiskShadow.exe is a tool that exposes the functionality offered by the Volume Shadow Copy Service (VSS).
The diskshadow command delete shadows deletes shadow copies.
QUESTION 79
The domain contains four servers named Server1, Server2, Server3, and Server4 that run Windows Server 2012 R2.
All servers have the Hyper-V server role and the Failover Clustering feature installed.
You need to replicate virtual machines from Cluster1 to Cluster2.

A.
B.
C.
D.
E.
From Hyper-V Manager on a node in Cluster2, create three virtual machines.

From Cluster2, add and configure the Hyper-V Replica Broker role.
From Failover Cluster Manager on Cluster1, configure each virtual machine for replication.
From Cluster1, add and configure the Hyper-V Replica Broker role.
From Hyper-V Manager on a node in Cluster2/ modify the Hyper-V settings.
Correct Answer: BCD

Explanation
Explanation:
These are two clusters, to replicate any VM to a cluster you need to configure the Replica Broker role on each cluster the last step should be enabling replication on
the VMs.
Although Hyper-V Replica will work if you configure only the Replica server (to receive replication from primary servers), it is a GOOD PRACTICE to also configure
the primary servers to receive replication. This allows you to reverse the replication direction after a failover, which provides replication protection for the newly
active Replica server.
So as we all know that is clustered environment you configure replica via replica broker so BCD actually make sense as it is the prefered way according to
microsoft.
QUESTION 80
Each day, Server1 is backed up fully to an external disk.
On Server1, the disk that contains the operating system fails.
You replace the failed disk.
You need to perform a bare-metal recovery of Server1 by using the Windows Recovery Environment (Windows RE).
What should you do?
A.
B.
C.
D.
Run the Start-WBVolumeRecovery cmdlet and specify the -backupset parameter.

Run the Get-WBBareMetalRecovery cmdlet and specify the -policy parameter.
Run the wbadmin.exe start recovery command and specify the -recoverytarget parameter.
Run the wbadmin.exe start sysrecovery command and specify the -backuptarget parameter.
Correct Answer: D
Explanation
Explanation:
wbadmin start sysrecovery
Performs a system recovery (bare metal recovery) using the parameters that you specify.
This subcommand can be run only from the Windows Recovery Environment, and it is not listed by default in the usage text of Wbadmin.
QUESTION 81
You have a server named LON-DC1 that runs Windows Server 2012 R2.
An iSCSI virtual disk named VirtualiSCSI1.vhd exists on LON-DC1 as shown in the exhibit. (Click the Exhibit button.)
You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target.
VirtualiSCSIl.vhd is removed from LON-DC1.
You need to assign VirtualiSCSI2.vhd a logical unit value of 0.
What should you do?
A.
B.
C.
D.
Modify the properties of the itgt ISCSI target.

Modify the properties of the VirtualiSCSI2.vhd iSCSI virtual disk.
Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter.
Run the iscsicli command and specify the reportluns parameter.
Correct Answer: B
Explanation
Explanation:
The virtual disk has the option to change the lun ID, no other option available in the answers appear to allow this change.
Note: Logical unit numbers (LUNs) created on an iSCSI disk storage subsystem are not directly assigned to a server. For iSCSI, LUNs are assigned to logical
entities called targets.
QUESTION 82
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA).
All users in the domain are issued a smart card and are required to log on to their domain- joined client computer by using their smart card.
A user named User1 resigned and started to work for a competing company. You need to prevent User1 immediately from logging on to any computer in the
domain. The solution must not prevent other users from logging on to the domain.
A. Active Directory Users and Computers
B. Certificate Templates
C. The Security Configuration Wizard
D. The Certificates snap-in

Correct Answer: A
Section: (none)
Explanation
QUESTION 83
DC1 has the DNS Server server role installed.
The network contains client computers that run either Linux, Windows 7, or Windows 8.
You have a zone named adatum.com as shown in the exhibit. (Click the Exhibit button.)
You plan to configure Name Protection on all of the DHCP servers.

You need to configure the adatum.com zone to support Name Protection.
What should you do?
A. Sign the zone.
B.
C.
D.
E.
Store the zone in Active Directory.

Modify the Security settings of the zone.
Configure Dynamic updates.
Add a DNSKEY record.
Correct Answer: BD
Explanation
Explanation:
QUESTION 84
Server1 and Server2 are nodes in a failover cluster named Cluster1.
The network contains two servers named Server3 and Server4 that run Windows Server 2012 R2.
Server3 and Server4 are nodes in a failover cluster named Cluster2.
You need to move all of the applications and the services from Cluster1 to Cluster2.
What should you do first from Failover Cluster Manager?
A. On a server in Cluster2, configure Cluster-Aware Updating.
B. On a server in Cluster2, click Move Core Cluster Resources, and then click Best Possible Node.
C. On a server in Cluster1, click Move Core Cluster Resources, and then click Best Possible Node.
D. On a server in Cluster1, click Migrate Roles.
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 85
Your network contains three servers named Server1, Server2, and Server3.
You need to ensure that Server1 can provide iSCSI storage for Server2 and Server3.
A.
B.
C.
D.
Start the Microsoft iSCSI Initiator Service and configure the iSCSI Initiator Properties.
Install the iSNS Server service feature and create a Discovery Domain.
Install the Multipath I/O (MPIO) feature and configure the MPIO Properties.
Install the iSCSI Target Server role service and configure iSCSI targets.
Correct Answer: D
Explanation
iSCSI: it is an industry standard protocol allow sharing block storage over the Ethernet. The server shares the storage is called iSCSI Target. The server (machine)
consumes the storage is called iSCSI initiator. Typically, the iSCSI initiator is an application server. For example, iSCSI Target provides storage to a SQL server, the
SQL server will be the iSCSI initiator in this deployment.
Target: It is an object which allows the iSCSI initiator to make a connection. The Target keeps track of the initiators which are allowed to be connected to it. The
Target also keeps track of the iSCSI virtual disks which are associated with it. Once the initiator establishes the connection to the Target, all the iSCSI virtual disks
associated with the Target will be accessible by the initiator.
iSCSI Target Server: The server runs the iSCSI Target. It is also the iSCSI Target role name in Windows Server 2012.
http://blogs.technet.com/b/filecab/archive/2012/05/21/introduction-of-iscsi-target-in-windows-server-2012.aspx
QUESTION 86
The domain contains a file server named FS1 that runs Windows Server 2012 R2 and has the File Server Resource Manager role service installed.
All client computers run Windows 8.

File classification and Access-Denied Assistance are enabled on FS1.
You need to ensure that if users receive an Access Denied message, they can request assistance by email from the Access Denied dialog box.
A.
B.
C.
D.
A file management task

A classification property
The File Server Resource Manager Options
A report task
Correct Answer: C
Explanation
Explanation:
QUESTION 87
Which security groups must a user account be a member of to modify the AD RMS SCP? (Choose two answers. Each answer forms part of a complete solution.)
A.
B.
C.
D.
Domain Admins
AD RMS Enterprise Administrators
Enterprise Admins
Cryptographic Operators.
Correct Answer: BC
Explanation
QUESTION 88
Which of the following would you configure if you wanted to block computers running Windows 7 and earlier operating systems from consuming AD RMS-protected
content?
A.
B.
C.
D.
Trusted publishing domain

Trusted user domain
Exclusion policies
Super Users
Correct Answer: C
Explanation
QUESTION 89
Which of the following must you back up or have a copy of to be able to ensure that you can restore an AD RMS cluster in the event that a single server hosting all
AD RMS components suffers complete data loss? (Choose three answers.)
A.
B.
C.
D.
Cluster key password

Trusted publishing domain
Trusted user domain
AD RMS databases
Correct Answer: ABD

Explanation
QUESTION 90
You want to enable key archiving on a CA.
You need to issue a certificate from a specific template to the user who will recover private keys.
Which certificate template will you use as the basis for this certificate?
A.
B.
C.
D.
Kerberos authentication
Code signing
OCSP response signing
Key recovery agent
Correct Answer: D
Explanation
QUESTION 91
Which group policy item should you configure to enable automatic reenrollment of certificates?
A.
B.
C.
D.
Certificate Path Validation Settings

Certificate Services Client - Certificate Enrollment Policy
Certificate Services Client - Auto-Enrollment
Trusted Root Certification Authorities
Correct Answer: C
Explanation
QUESTION 92
You need to ensure that clients will check at least every 30 minutes as to whether a certificate has been revoked. Which of the following should you configure to
accomplish this goal?
A. Key recovery agent
B. CRL publication interval
C. Delta CRL publication interval

D. Certificate templates.
Correct Answer: C
Explanation
QUESTION 93
Which of the following revocation statuses can you change to alter the status of a certificate from revoked to valid?
A.
B.
C.
D.
Certificate Hold
CA Compromise
Key Compromise
Change Of Affiliation
Correct Answer: A
Explanation
QUESTION 94
Which of the following CA types would you deploy if you wanted to deploy a CA at the top of a hierarchy that could issue signing certificates to other CAs and which
would be taken offline if not issuing, renewing, or revoking signing certificates?
A.
B.
C.
D.
Enterprise root
Enterprise subordinate
Standalone root
Standalone subordinate
Correct Answer: C
Explanation
QUESTION 95
Which of the following CA types must be deployed on domain-joined computers?
A.
B.
C.
D.
Enterprise root
Enterprise subordinate
Standalone root
Standalone subordinate
Correct Answer: AB
Explanation
QUESTION 96
Which permission should you assign on a CA to a group of users that you want to be able to respond to certificate requests but you do not want to provide them
with the ability to change CA security settings?
A.
B.
C.
D.
Read
Issue And Manage Certificates
Manage CA
Request Certificates
Correct Answer: B
Explanation
QUESTION 97
Which permission should you assign on a CA to a group of users that you want to allow to alter the list of recovery agents?
A. Read
B. Issue And Manage Certificates
C. Manage CA
D. Request Certificates.
Correct Answer: C
Explanation
QUESTION 98
You are configuring AD FS. Which server should you deploy on your organization's perimeter network?
A.
B.
C.
D.
Web appplication proxy

Relying-party server
Federation server
Claims-provider server
Correct Answer: A
Section: (none)
Explanation
QUESTION 99
The Wingtip Toys forest hosts a web application that users in the Tailspin Toys forest need to access.
You are the system administrator at Tailspin Toys. A single federation server is present in each forest and you are configuring a federated trust.
Which of the following statements are true about the deployment solution? (Choose all that apply.)
A.
B.
C.
D.
The AD FS server in the Wingtip Toys forest will function as the claims-provider server.
The AD FS server in the Wingtip Toys forest will function as the relying-party server.
You need to configure a relying-party trust on the AD FS server in the Tailspin Toys forest.
You need to configure a claims-provider trust on the AD FS server in the Tailspin Toys forest.
Correct Answer: BC
Explanation
QUESTION 100
The Wingtip Toys forest hosts a web application that users in the Tailspin Toys forest need to access.
You are the system administrator at Wingtip Toys. A single federation server is present in each forest and you are configuring a federated trust.
Which of the following statements are true about the deployment solution? (Choose all that apply.)
A.
B.
C.
D.
The AD FS server in the Tailspin Toys forest will function as the claims-provider server.
The AD FS server in the Tailspin Toys forest will function as the relying-party server.
Configure a relying-party trust on the Wingtip Toys AD FS server.
Configure a claims-provider trust on the Wingtip Toys AD FS server.
Correct Answer: AD
Section: (none)
Explanation
QUESTION 101
Which of the following authentication types must you enable to support Workplace Join?
A.
B.
C.
D.
Forms
Windows
Certificate
Device
Correct Answer: D
Section: (none)
Explanation
QUESTION 102
Which of the following is the minimum domain functional level required before you can promote a member server running Windows Server 2012 R2 so that it
functions as a domain controller?
A. Windows Server 2003
B. Windows Server 2008

C. Windows Server 2008 R2
D. Windows Server 2012
Correct Answer: A
Section: (none)
Explanation
QUESTION 103
You are considering adding a child domain to the dandenong.melbourne.victoria. australia.contoso.com domain tree.
Which of the following represents the maximum length in characters, including periods, of an Active Directory domain name?
A.
B.
C.
D.
64 characters
128 characters
256 characters
512 characters
Correct Answer: A
Explanation
QUESTION 104
You are about to promote a server running the Windows Server 2012 R2 operating system to domain controller.
The domain is currently running at the Windows Server 2008 domain functional level.
Your account is a member of the Domain Admins group.
Which additional groups should your account be a member of to ensure that the environment is appropriately configured for this domain controller running Windows
Server 2012 R2? (Choose two. Each answer forms part of a complete solution.)
A.
B.
C.
D.
Schema Admins
Enterprise Admins
Account Operators
Server Operators
Correct Answer: AB
Explanation
QUESTION 105
The root domain of the Adatum forest is Adatum.local. The contoso.com domain tree is part of the Adatum forest.
Don has an account in the australia.contoso.com domain and is signing on to a computer that is a member of the computers.adatum.local domain.
No additional UPNs have been configured.
Which UPN suffix will Don use to sign on to this computer?
A.
B.
C.
D.
@adatum.com
@adatum.local
@computers.adatum.local
@australia.contoso.com
Correct Answer: B
Explanation
QUESTION 106
You have configured a forest trust relationship between the Adatum forest and the Contoso forest.
You want to ensure that users from the Contoso forest can authenticate only when needing to access resources in the Adatum forest using the
[email protected] UPN rather than any other UPN that is available for them.
Which of the following should you use to accomplish this goal?
A. SID filtering
B. Name suffix routing

C. Shortcut trust
D. External trust
Correct Answer: B
Explanation
QUESTION 107
There are 42 domains in the tailspintoys.com forest. Users in the Melbourne.victoria. australia.tailspintoys.com find the process of authenticating to resources in the
Copenhagen. denmark.europe.tailspintoys.com domain to be much too slow.
Which of the following steps can you take to speed up authentication between these domains?
A.
B.
C.
D.
Create a forest trust.

Create an external trust.
Create a shortcut trust.
Configure name suffix routing.
Correct Answer: C
Explanation
QUESTION 108
Your organization is deploying a second Active Directory forest because a substantial number of users need to access a resource that requires significant changes
to the Active Directory schema, which are not compatible with your current forest's schema.
You want users in your forest to be able to access any resource in any domain in the new forest.
Which of the following should you do to accomplish this goal?
A.
B.
C.
D.
Configure a forest trust.

Configure an external trust.
Correct Answer: A
Explanation
QUESTION 109
You want to configure a security relationship by which users in the Melbourne domain of the Adatum.com forest are able to access resources in the Sydney domain
of the Contoso forest. Users do not require access to resources in any other domains in either forest.
Which of the following should you configure to accomplish this goal?
A.
B.
C.
D.
Configure a forest trust.

Configure an external trust.
Correct Answer: B
Section: (none)
Explanation
QUESTION 110
At present, the subnet 192.168.15.0/24 is associated with the Brisbane site.
You want to instead associate this subnet with the Melbourne site.
Which of the following steps can you take to resolve this problem?
A.
B.
C.
D.
Use the Active Directory Sites And Services console to edit the properties of the 192.168.15.0/24 subnet.
Use the Active Directory Sites And Services console to edit the properties of the Melbourne site.
Use the Active Directory Sites And Services console to edit the properties of the Brisbane site.
Use the Active Directory Domains And Trusts console to edit the properties of the 192.168.15.0/24 subnet.
Correct Answer: A
Explanation
QUESTION 111
You are configuring secondary links for the connections between the Melbourne and Sydney sites and between the Melbourne and Adelaide sites.
The existing Melbourne to Sydney site link is called MEL-SYD-ALPHA and has a site link cost of 100.
The existing Melbourne to Adelaide site link is called MEL-ADL-ALPHA and has a site link cost of 100.
You want the secondary site links to be used only when the existing site links are unavailable.
The new site links are named MEL-SYD-BETA and MEL-ADL-BETA.
Which of the following steps should you take to accomplish this goal?
A.
B.
C.
D.
Configure the site link cost for the MEL-SYD-BETA with a value of 110.
Configure the site link cost for the MEL-ADL-BETA with a value of 110.
Configure the site link cost for the MEL-ADL-BETA with a value of 90.
Configure the site link cost for the MEL-SYD-BETA with a value of 90.
Correct Answer: AB
Section: (none)
Explanation
QUESTION 112
You have moved several domain controllers out of your organization's head office site to a new secondary datacenter that has its own site.
Which of the following consoles should be used to update the site association of these domain controllers?
A.
B.
C.
D.
Active Directory Administrative Center

Active Directory Sites And Services
Active Directory Domains And Trusts
Correct Answer: C
Explanation
QUESTION 113
Which of the following services would you restart on a domain controller if you wanted to trigger a reregistration of the domain controller's _ldap and _kerberos SRV
records?
A.
B.
C.
D.
DNS Server
Server
Workstation
Netlogon
Correct Answer: D
Section: (none)
Explanation
QUESTION 114
You modify the properties of a system driver and you restart Server1.
You discover that Server1 continuously restarts without starting Windows Server 2012 R2.
You need to start Windows Server 2012 R2 on Server1 in the least amount of time.
The solution must minimize the amount of data loss.
Which Advanced Boot Option should you select?
A.
B.
C.
D.
Repair Your Computer

Last Known Good Configuration (advanced)
Disable Driver Signature Enforcement
Disable automatic restart on system failure
Correct Answer: B
Explanation
Explanation:
Try using Last Known Good Configuration if you can't start Windows, but it started correctly the last time you turned on the computer.
QUESTION 115
Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1.
Cluster1 hosts 10 virtual machines.

All of the virtual machines run Windows Server 2012 R2 and are members of the domain.
You need to ensure that the first time a service named Service1 fails on a virtual machine, the virtual machine is moved to a different node.
You configure Service1 to be monitored from Failover Cluster Manager.
What should you configure on the virtual machine?
A.
B.
C.
D.
From the Recovery settings of Service1, set the First failure recovery action to Take No Action.
From the General settings, modify the Startup type.
From the Recovery settings of Service1, set the First failure recovery action to Restart the Service.
From the General settings, modify the Service status.
Correct Answer: A
Explanation
Explanation:
When a monitored service fails the Recovery features of the service will take action.
Example:
Service Recovery
In this case for the first failure the service will be restarted by the Service Control Manager inside the guest operating system, if the service fails for a second time
the service will again be restarted via guest operating system. In case of a third failure the Service Control Manager will take no action and the Cluster service
running on the Hyper-V host will takeover recovery actions.
QUESTION 116
You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2.
Cluster1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
You configure a custom service on VM1 named Service1.
You need to ensure that VM1 will be moved to a different node if Service1 fails.
Which cmdlet should you run on Cluster1?
A.
B.
C.
D.
Add-ClusterVmMonitoredItem
Set-ClusterResourceDependency
Enable- VmResourceMetering
Add-ClusterGenericServiceRole
Correct Answer: A
Explanation
Explanation:
* The Add-ClusterVMMonitoredItem cmdlet configures monitoring for a service or an Event Tracing for Windows (ETW) event so that it is monitored on a virtual
machine.
If the service fails or the event occurs, then the system responds by taking an action based on the failover configuration for the virtual machine resource.
For example, the configuration might specify that the virtual machine be restarted or failover.
* The decision on whether to failover or restart on the same node is configurable and determined by the failover properties for the virtual machine.
QUESTION 117
You have an enterprise certification authority (CA) named CA1. You have a certificate template named UserAutoEnroll that is based on the User certificate
template. Domain users are configured to autoenroll for UserAutoEnroll. A user named User1 has an email address defined in Active Directory. A user named
User2 does not have an email address defined in Active Directory. You discover that User1 was issued a certificate based on UserAutoEnroll template
automatically. A request by user2 for a certificate based on the UserAutoEnroll template fails. You need to ensure that all users can autoenroll for certificated based
on the UserAutoEnroll template.
Which setting should you configure from the properties on the UserAutoEnroll certificate template?
A.
B.
C.
D.
Issuance Requirements
Request Handling
Cryptography
Subject Name
Correct Answer: D
Section: (none)
Explanation
Explanation:
Template properties - Subject Name tab
E-mail name. If the E-mail name field is populated in the Active Directory user object, that e-mail name will be used for user accounts.
The e-mail name is required for user certificates. If the e-mail name is not populated for a user in AD DS, the certificate request by that user will fail.
https://technet.microsoft.com/en-us/library/Cc725621(v=WS.10).aspx
QUESTION 118
Note: This questions is part of series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the
series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains one Active Directory forest named contoso.com.
The forest contains two child domains and six domain controllers.
You create a trust between contoso.com and a domain in another forest at a partner company.
You need to prevent the sales.contoso.com and the manufacturing.contoso.com names from being used in authentication requests across the forest trust.
A.
B.
C.
D.
E.
Set-ADSite
Set-ADReplicationSite
Set-ADDomain
Set-ADReplicationSiteLink
Set-ADGroup
F. Set-ADForest
G. Netdom
Correct Answer: G
Explanation
Explanation:
You can use this procedure to prevent authentication requests for specific name suffixes from being routed to a forest, or you can use this procedure to allow
authentication requests for specific name suffixes to be routed to a forest.
You can enable or disable an existing name suffix for routing by using the New Trust Wizard in Active Directory Domains and Trusts or by using the Netdom
command-line tool. For more information about how to use the Netdom command-line tool to modify name suffix routing settings, see "Netdom.exe: Windows
Domain Manager" in the Windows Server 2003 Technical Reference on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=41700).
QUESTION 119
your network contains one Active Directory forest named contoso.com.
The domain contains the domain controllers is configured as shown in the following table.
Name
DC1
DC2
DC3
DC4
Site
Site1
Site2
Site3
Site4
The replication topology is configured as shown in the following output.

Cost : 100
DistinguishedName : CN=SiteLink1, CN=IP, CN=Inter-Site Transports, CN=Sites, CN=Configuration, Dc=Adatum, DC=com
Name : SiteLink1
ObjectClass : SiteLink
ObjectGUID : e1c8c335-b75f-4612-8a9e-58a0edead21f
ReplInterval : 60
SiteList : {CN=Site4, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com,
CN=Site2, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com}
Cost : 100
Name : SiteLink2
ObjectClass :SiteLink
ObjectGUID : 9516948e-cd56-4a9b-b6ba-cdf3dd7fe0d1
ReplInterval : 60
Cost : 100
Name : SiteLink3
ObjectGUID : 07a7a37e-a12c-40c4-8042-f5d2e737b8a9
ReplInterval : 60
Cost : 400
Name : SiteLink4
ObjectGUID : 508810dc-30fd-4845-982a-d4552fba2e04 ReplInterval : 45 SiteList : {CN=Site4, CN=Sites, CN=Configuration,
DC=Adatum, DC=Adatum, DC=com,
You discover that replication between Dc1 and DC3 takes a few hours.
You need to reduce the amount of time it takes to replicate Active Directory changes between DC1 and DC3.
What should you do?
A.
B.
C.
D.
Create a site link that connects Site1 and Site3, has a cost of 350, and replicates every 15 minutes.
Modify SiteLink4 to replicate every 15 minute.
Disable Site Link bridging.
Set the cost of SiteLink4 to 100.
Correct Answer: D
Explanation
QUESTION 120
your network contains one Active Directory forest named contoso.com.
Name
DC1
DC2
DC3
DC4
Site
Site1
Site2
Site3
Site4
The forest contains a member server named Server1.

Server1 has an IP address of 172.16.10.66.
The forest has the following Active Directory subnet configuration.
DistinguishedName : CN=172.16.10.0/26, CN=subnets, CN=Sites, CN=Configuration,
Location Dc=Adatum, DC=com
Name : 172.16.10.0/26
ObjectClass : subnet
ObjectGUID : db362a6c-c0a9-4703-aaee-191083ab9ea5
Site : CN=Site1, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com,
Name : 172.16.10.64/26
ObjectGUID : ef101558-3afa-41f1-9c5a-717453436fc1
Name : 172.16.10.192/26
ObjectGUID : 33137047-6711-4195-940f-a463bbdab8fb
Name : 172.16.10.128/26
ObjectGUID : ef5235ab-759b-4dc8-992a-c5ec1dae97a8
Use the drop down menus to select the answer choice that complete each statement.
Answer Area
If you promote Server1 to a domain controller, its server object will be created in [answer area]
Site1
Site2
Site3
Site4
If you perform an Active Directory search from a domain member that has an IP address of 172.16.10.116, you will attempt to connect [answer area]
DC1
DC2
DC3
DC4
A. When you promote Server1 to a domain controller, the server object is assigned to the following site: Site1
When you start on a member server with the IP address 172.16.10.116 an Active Directory lookup, attempting to connect to DC1 produce.
B. When you promote Server1 to a domain controller, the server object is assigned to the following site: Site2
C. When you promote Server1 to a domain controller, the server object is assigned to the following location: Site3
When you start on a member server with the IP address 172.16.10.116 an Active Directory lookup, attempting to connect with DC3 produce.
D. When you promote Server1 to a domain controller, the server object is assigned to the following location: site4
E. When you promote Server1 to a domain controller, the server object is assigned to the following site: Site1
When you start on a member server with the IP address 172.16.10.116 an Active Directory lookup, attempting to connect with DC3 produce.
F. When you promote Server1 to a domain controller, the server object is assigned to the following site: Site2
Correct Answer: B
Explanation
Explanation:
S1 - 172.16.10.66/26, /26 = 63 IP address, Site 2 is located in this subnet. You be automatically redirected on DC2 on your IP addressing.
QUESTION 121
You have a server named Server1 that runs Windows Server 2012 R2 and uses Windows Server Backup.
You need to identify whether the backups performed on Server1 support bare metal recovery.
A.
B.
C.
D.
Get-OBMachineSetting
GetWBVSSBackupOption
Get-WBPolicy
Get-OBPolicy
Correct Answer: C
Explanation
Explanation:
Get-OBMachineSetting is for Azure Backup, question asks about Windows Backup 't exist
GetWBVSSBackupOption cmdlet doesn
Get-WBPolicy is for Windows Backup
Get-OBPolicy is for Azure Backup, question asks Windows Backup

https://technet.microsoft.com/en-us/library/Ee706650.aspx
QUESTION 122
You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2.
Cluster1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
You notice that VM1 is marked as being in a critical state in the cluster.
You verify that VM1 is functioning correctly.
You need to ensure that VM1 is no longer marked as being in a critical state.
A.
B.
C.
D.
Remove-ClusterVmMonitoredItem
Remove-ClusterResourceDependency
Reset-ClusterVMMonitoredState
Clear-ClusterNode
Correct Answer: C
Explanation
Explanation:
Remove-ClusterVmMonitoredItem actually removes the monitoring so nothing will happen Remove-ClusterResourceDependency - self explanatory has to do with
dependencies, not critical state
Reset-ClusterVMMonitoredState - This cmdlet resets the Application Critical state of a virtual machine, so that the virtual machine is no longer marked as being in a
critical state in the cluster Clear-ClusterNode - This cmdlet helps ensure that the failover cluster configuration has been completely removed from a node that was
evicted.
https://technet.microsoft.com/en-us/%5Clibrary/Hh847312(v=WPS.630).aspx
QUESTION 123
You run Get-FSRMClassificationule and you receive the following output
ClassificationMechanism : Content Classfier
ContentRegularExpression : {\d{2,}}
ContentString :
ContentStringCaseSensitive :
Description :
Disabled : False
Flags :
Lastmodified : 4/18/2015 12:59:47 AM
Name : Rule2
Namespace : {D:\}
Parameters : {FSRMClearPropertyInternal = 0}
Property : Property2
PropertyValue : Value2
ReevaluateProperty : Overwrite
PSComputerName :
ClassficationMechanism : FolderClassifier
ContentRegularExpression :
ContentString :
ContentStringCaseSensitive :
Description :
Disabled : False
Flags :
Lastmodified : 4/15/2015 9:17:16 PM
Name : Rule1
Namespace : {D:\}
Parameters : {FSRMClearPropertyInternal = 0}
Property : Property1
PropertyValue : Value1
ReevaluateProperty : Aggregate
PSComputerName :
You have a file named file1 that is stored on drive D and has the following content "111000000000111111"
You run the classification with all of the rules
Use the drop-down menus top select the answer choice that completes each statement.
File1 has [answer choice]
Only Property1 set to value1
Only Property2 set to value2
Property1 set to value1 and property2 set to value2 Neither Property1 nor Property2 set
If you modify File1 [answer choice]
Only the value of Property1 is
the value of Property1 and Property2 are
Neither the value of Property1 nor the value of Property2 is
A. Only Property1 set to value1
Correct Answer: A

Explanation
QUESTION 124
You network contains one Active Directory domain. The domain contains two Hyper-V Hosts named Host1 and Host2 that run Windows Server 2012 R2. Host1
contains a virtual machine named DC5. DC5 is a domain controller that run Windows Server 2012 R2. You configure Active Directory to support domain controller
cloning for DC5, and then you shut down DC5.
You need to create a clone of DC5 on Host2
What should you run on each Hyper-V Host.? To answer Drag the appropriate commands or cmdlets to the correct Hyper-V hosts. Each command or cmdlet may
be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Command and cmdlets
Export-VM
Import-VM
Move-VM
New-ADDCCloneConfigFile
Answer Area
Host1: Command or cmdlet
Host2: Command or cmdlet
A. Host 1: New-ADDCCloneConfigFile
Host 2: Import-VM
Correct Answer: A
Explanation
Explanation:
http://blogs.technet.com/b/canitpro/archive/2013/06/12/step-by-step-domain-controller-cloning.aspx
- Create the cloneconfig file by running ADDCCloneConfig on the source first (Step 2)
- Export the source VM (Step 4-2)
- Import the source VM into the new host (Step 4-3)
QUESTION 125
You network contains one Active Directory domain named adatum.com. The domain contains a DNS server named Server1 that runs Windows Server 2012 R2.
All domain computers use Server1 for DNS.

You sign adatum.com by using DNSSEC.
You need to configure the domain computers to validate DNS responses for adatum.com records.
What should you configure in Group Policy?
A.
B.
C.
D.
Network List Manager Policies

Network Access Protection (NAP)
Name Resolution Policy
Public Key Policy
Correct Answer: C
Section: (none)
Explanation
Explanation:
Name resolution policy needs to be configured in group policy.
"In both example 1 and example 2, validation is not required for the secure.contoso.com zone because the Name Resolution Policy Table (NRPT) is not configured
to require validation.
QUESTION 126
You need to add an additional UPN Suffix.

A.
B.
C.
D.
E.
F.
G.
Set-ADSite
Set-ADDomain
Set-ADGroup
Set-ADForest
Netdom
Correct Answer: F
Section: (none)
Explanation
Explanation:
https://technet.microsoft.com/en-us/library/dd391925(v=ws.10).aspx
QUESTION 127
You need to replicate users who haven't authenticated against any domain controllers for the last 7 days.
A.
B.
C.
D.
E.
F.
G.
Set-ADSite
Set-ADDomain
Set-ADGroup
Set-ADForest
Netdom
Correct Answer: C
Section: (none)
Explanation
Explanation:
https://technet.microsoft.com/en-us/library/ee617212.aspx
QUESTION 128
You need to enable universal group membership caching for the Europe office and Asia office sites.
A.
B.
C.
D.
E.
F.
Set-ADSite
Set-ADDomain
Set-ADGroup
Set-ADForest
G. Netdom
Correct Answer: B
Section: (none)
Explanation
Explanation:
https://technet.microsoft.com/en-us/library/hh852305(v=wps.630).aspx
QUESTION 129
For the contoso.com domain, a company policy states that administrators must be able to retrieve a list of all the users who have not logged on to the network in the
last seven days from any domain controller.
You need to ensure that the users' last logon information from the last seven days is replicated to all of the domain controllers.
A.
B.
C.
D.
E.
F.
G.
Set-ADSite
Set-ADDomain
Set-ADGroup
Set-ADForest
Netdom
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 130
You have an enterprise certification authority (CA) named CA1.
You configure a recovery agent for CA1.
On CA1, you create a new certificate template named CertTemplate1, and then you configure CA1 to allow certificates to be requested based on CertTemplate1.
You need to ensure that new certificates issued based on CertTemplate1 can be recovered.
What should you do?
A.
B.
C.
D.
From the Certification Authority console, modify the enrollment agents of CA1.
From the Certification Authority console, modify the enrollment managers of CA1.
From the Certification Templated console, modify the Issuance Requirements setting of CertTemplate1.
From the Certification Templated console, modify the Request Handling setting of CertTemplate1.
Correct Answer: C
Section: (none)
Explanation
QUESTION 131
A. DC1 120 DC3 60

Correct Answer: A
Section: (none)
Explanation
QUESTION 132
Your network contains one Active Directory domain named contoso.com.
The domain contains an IP Address Management (IPAM) server named Server1.
Server1 manages several DHCP and DNS servers.
From Server Manager on Server1, you create a custom role for IPAM.
You need to assign the role to a group named IP_Admins.
What should you do?
A.
B.
C.
D.
From Windows PowerShell, run the Add-Member cmdlet.

From Server Manager, create an access policy.
From Windows PowerShell, run the Set-IpamConfiguration cmdlet.
From Server Manager, create an access scope.
Correct Answer: B
Explanation
Explanation:
A role is a collection of IPAM operations. You can associate a role with a user or group in Windows using an access policy.
Several built-in roles are provided, but you can also create customized roles to meet your business requirements.
https://technet.microsoft.com/en-us/library/dn741281.aspx
QUESTION 133
You have a subscription to Windows Azure.
You need to register the Microsoft Azure Backup Agent on Server1.
A.
B.
C.
D.
Install the Microsoft System Center 2012 Data Protection Manager (DPM) agent.
Create a backup vault.
Create Site Recovery vault.
Configure a passphrase for the Azure Backup Agent.
Correct Answer: B
Explanation
Explanation:
To back up files and data from your Windows Server to Azure, you must create a backup vault in the geographic region where you want to store the data.
The main steps include:
* the creation of the vault you will use to store backups
* downloading a vault credential
* the installation of a backup agent
https://azure.microsoft.com/sv-se/documentation/articles/backup-configure-vault/
QUESTION 134
You have a server named Server1 that runs Windows Server 2012 R2. A Microsoft Azure Backup of Server1 is created automatically every day.
You need to view the items that are included in the backup.
A.
B.
C.
D.
Get-OBPolicyState
Get-OBJob
Get-OBPolicy
Get-WBSummary
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 135
Your network contains one Active Directory domain. The domain contains two Hyper-V hosts named Host1 and Host2 that run Windows Server 2012 R2.
Host1 contains a virtual machine named VM1.
You plan to move VM1 to Host2.
You need to generate a report that lists any configuration issues on Host2 that will prevent VM1 from being moved successfully.
Which cmdlet should you use?
A.
B.
C.
D.
Move-VM
Test-VHD
Debug-VM
Compare-VM
Correct Answer: D
Explanation
Explanation:
QUESTION 136
You need to prevent administrators from accidentally deleting any of the sites in the forest.
A.
B.
C.
D.
E.
F.
G.
Set-ADSite
Set-ADDomain
Set-ADGroup
Set-ADForest
Netdom
Correct Answer: B
Explanation
Explanation:
The Set-ADReplicationSite sets the replication properties for an Active Directory site.
Parameter: -ProtectedFromAccidentalDeletion<Boolean> Specifies whether to prevent the object from being deleted.
When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter
are:
-- $False or 0
-- $True or 1
QUESTION 137
You have a failover cluster named Cluster1 that contains four nodes.
All of the nodes run Windows Server 2012 R2.
You need to schedule the installation of Windows updates on the cluster nodes.
A.
B.
C.
D.
the Add-CauClusterRole cmdlet

the Wusa command
the Wuauclt command
the Invoke-CauScan cmdlet
Correct Answer: A
Explanation
Explanation:
To enable self-updating mode, the CAU clustered role must also be added to the failover cluster. To do this by using the CAU UI, under Cluster Actions, use the
Configure Self- Updating Options action. Alternatively, run the Add-CauClusterRole Windows PowerShell cmdlet. Note: The process for installing service packs and
hotfixes on Windows Server 2012 differs from the process in earlier versions. In Windows Server 2012, you can use the Cluster- Aware Updating (CAU) feature.
CAU automates the software-updating process on clustered servers while maintaining availability.
QUESTION 138
Your network contains an Active Directory domain named contoso.com. A previous administrator implemented a Proof of Concept installation of Active Directory
Rights Management Services (AD RMS) on a server named Server1. After the proof of concept was complete, the Active Directory Rights Management Services
server role was removed.
You attempt to deploy AD RMS.
During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found.
You need to ensure that clients will only attempt to establish connections to the new AD RMS deployment.
Which should you do?
A.
B.
C.
D.
From DNS, remove the records for Server1.

From DNS, increase the priority of the DNS records for the new deployment of AD RMS.
From Active Directory, remove the computer object for Server1.
From Active Directory, remove the SCP.
Correct Answer: D
Section: (none)
Explanation
Explanation:
The Active Directory Rights Management Services (AD RMS) Service Connection Point (SCP) is an object in Active Directory that holds the web address of the AD
RMS certification cluster. AD RMS-enabled applications use the SCP to discover the AD RMS service; it is the first connection point for users to discover the AD
RMS web services. Only one SCP can exist in your Active Directory forest. If you try to install AD RMS and an SCP already exists in your forest from a previous AD
RMS installation that was not properly deprovisioned, the new SCP will not install properly. It must be removed before you can establish the new SCP.
http://social.technet.microsoft.com/wiki/contents/articles/710.the-ad-rms-service-connection-point.aspx
QUESTION 139
Your network contains one Active Directory domain named contoso.com. The domain contains the domain controllers configured as shown in the following table.
The functional level of the domain and the forest is Windows Server 2008. An administrator named Admin1 is a member of the Domain Admins group.
You need to ensure that Admin1 can deploy a Windows Server 2012 R2 domain controller to contoso.com.
What should you do?
A.
B.
C.
D.
Raise the forest functional level.

Run the Set-ADForestMode cmdlet.
Raise the domain functional level.
Run the adprep.exe command.
Correct Answer: D
Section: (none)
Explanation
Explanation:
Adprep.exe commands run automatically as needed as part of the AD DS installation process on servers that run Windows Server 2012 or later.
The commands need to run in the following cases:
* Before you add the first domain controller that runs a version of Windows Server that is later than the latest version that is running in your existing domain.
* Before you upgrade an existing domain controller to a later version of Windows Server, if that domain controller will be the first domain controller in the domain or
forest to run that version of Windows Server.
https://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx
QUESTION 140
You have a DNS server named Server1 that runs Windows Server 2012 R2. Server1 has the zones shown in the following output.
You need to delegate permissions to modify the records in the adatum.com zone to a group named Group1.
A.
B.
C.
D.
Enable the distribution of the trust anchors for adatum.com.

Unsign adatum.com.
Store adatum.com in Active Directory.
Update the server data file for adatum.com.
Correct Answer: A
Section: (none)
Explanation
Explanation:
From the exhibit we see that the adatum.com zone is signed. A trust anchor (or trust "point") is a public cryptographic key for a signed zone.
Trust anchors must be configured on every non- authoritative DNS server that will attempt to validate DNS data. You cannot distribute trust anchors until after a
zone is signed.
https://technet.microsoft.com/en-us/library/dn593672.aspx
QUESTION 141
Your network contains one Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server
2012 R2.
All domain computers have certificates that are issued by a certification authority (CA) named Contoso CA.
A user named User1 performs daily backups of the data on Server1 to a backup vault named Vault1.
A user named User2 performs daily backups of the data on Server2 to a vault named Vault2.
You have the administrative credentials for Server2. You need to restore the data from that last backup of Server1 to Server2.
Which two pieces of information do you require to complete the task? Each correct answer presents part of the solution.
A.
B.
C.
D.
E.
F.
G.
H.
the Microsoft Azure subscription credentials

the Vault2 credentials
the User1 credentials
the Vault1 credentials
the Server1 certificate
the Server2 certificate
the Server1 passphrase
the Server2 passphrase
Correct Answer: DG
Section: (none)
Explanation
Explanation:
We need the Vault1 credentials to be able to access the data in Vault1. We need the passphrase of Server1 to access the backup that was made on Server1.
http://blogs.technet.com/b/rmurphy/archive/2014/12/02/microsoft-azure-backup.aspx
QUESTION 142
Your network contains an Active Directory forest named contoso.com. Users frequently access the website of an external partner company.
The URL of the website is http://partners.adatum.com.
The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change.
After the change is complete, the users on your internal network report that they fail to access the website. However, some users who work from home report that
they can access the website. You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.
What should you do?
A.
B.
C.
D.
Run ipconfig and specify the FlushDns parameter.

Run ipconfig and specify the Renew parameter.
Run dnscmd and specify the ClearCache parameter.
Run Set-DnsServerResourceRecordAging.
Correct Answer: C
Section: (none)
Explanation
Explanation:
We cane clear the DNS cache on the DNS server with either Dnscmd /ClearCache (from command prompt) or Clear-DnsServerCache (from Windows PowerShell).
QUESTION 143
Your network contains one Active Directory domain named contoso.com. The domain contains three users named User1, User2, and User3.
You need to ensure that the users can log on to the domain by using the user principal names (UPNs) shown in the following table.

A.
B.
C.
D.
the Set-ADDomain cmdlet

the Add-DNSServerSecondaryZone cmdlet
the Setspn command
the Set-ADUser cmdlet
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 144
You have a server named Server1.
A Microsoft Azure Backup of Server1 is created automatically every day.
You rename Server1 to Server2.
You discover that backups are no longer created in Azure.
You need to backup the server to Azure.
What should you do?
A. From the Azure Management Portal, upload the Server2 certificate as a management certificate.
B. On Server2, run the Start-OBRegistration cmdlet.
C. On Server2, run the Add-WBBackupTarget cmdlet.
D. From the Azure Management Portal, modify the configuration on the backup vault.
Correct Answer: B
Section: (none)
Explanation
Explanation:
https://azure.microsoft.com/pt-pt/documentation/articles/backup-azure-backup-faq/
QUESTION 145
You need to verify whether a DNS response from a DNS server is signed by DNSSEC.
A.
B.
C.
D.
Nslookup.exe
Dnscmd.exe
Get-NetIPAddress
Resolve-DNSName
Correct Answer: D
Section: (none)
Explanation
QUESTION 146
Your network contains One Active Directory forest named adatum.com.
The site topology for the forest is shown in th exhibit (Click the Exhibit button).
Each site contains one domain controller. Site link bridging is disabled.
You need to ensure that changes made to Site1 replicate to Site5 within one replication cycle.
A.
B.
C.
D.
A site link bridge

A subnet
A site
A site link
Correct Answer: A
Section: (none)
Explanation
Explanation:
https://technet.microsoft.com/en-us/library/cc778718%28v=ws.10%29.aspx
QUESTION 147
You have the following microsoft azure backup policy
backup schedule : 9:00am, 12:00 pm,11:00 pm
every day
every 1 week(s)
dslist : {datasource
datasourceid:1576400609127590137
name:c:\
filespec:filespec
filespec:c:\
isexclude:false
isrecursive:true
}
policyname : f77828d2-69b6-4c4b-b98a-e5e20d9ab7e9
retentionpolicy : retention days : 30
week1yltrsschedule :
days: monday
times: 12:00:00,
retentention weeks: 60
month1yltrschedule :
days of month : [last,monday]
times: 23:00:00
retentention weeks: 90
yearly ltrschedule :
yearly schedule is not set
state : existing
policystate : valid
Answer Area:
Of the backups that are created daily at 9:00, a maximum of recovery points will be available for restore _____
- 30
- 60
- 90
- 122
- 366
- 512
If a backup is performed on monday,january 31, at 9:00,the backup will be retained for _____
- 30 days
- 60 weeks
- 90 month
A. - 30 - 30 days
Correct Answer: A
Section: (none)
Explanation
QUESTION 148
You havea dns server named server1 that runs Windows Server 2012 R2.
You need to disable recursion on Server1
What are three possible ways to achive the goal? Each correct answer presents a complete solution.
A.
B.
C.
D.
E.
F.
Create a reverse lookup zone named 0.in-addr.arpa.

Create a forward lookup zone named globalnames
From dns manager,modify the advanced properties of server1
From dns manager,modify the forwarders properties of server1
Create a forward lookup zones named ""
Run dnscmd.exe and specify the /config parameter
Correct Answer: CEF

Explanation
QUESTION 149
Your network uses the 192.168.2.0/23 address space.

You are configuring video conferencing infrastructure.
You need to configure the dhcp server to lease ip address for multicast address for video conferencing.
What command should you run on the dhcp server? To answer,select the apprperiate options in the answer area
add-dhcpserverv4multicastscope -name "vc scope" -startscope [Start Range] [End Range]
192.168.2.10 192.168.2.255
225.0.0.10 225.0.0.250
239.0.0.1 240.0.0.0
fd80:: fe80:
ff00:: ff02:
A. 225.0.0.10 225.0.0.250
Correct Answer: A
Explanation
Explanation:
https://technet.microsoft.com/en-us/library/cc758554(v=ws.10).aspx
QUESTION 150
Your network contans one active directory domain named contoso.com.
You perform daily backups of the data on Server1 to microsoft azure.
You need to restore the data from the 1st backup of Server1 to Server2.
A.
B.
C.
D.
On Server2, install the azure backup agent.

In the domain, add server1 to the backup operators group.
From the azure management portal, modify the configuration of the backup vault.
On Server2, install the windows server backup feature.
Correct Answer:
Section: (none)
Explanation
Answer: Pending
QUESTION 151
You have DHCP server named Server1 that runs Windows Server 2012 R2.
Server1 has two scope production and development.
Currently, all DHCP clients register their host name in a dns zone named contoso.com. You need to ensure that only the clients that obtain an ip address from the
development scope, register their host name in a dns zone named dev.contoso.com.
What should you do?
A.
B.
C.
D.
Modify the advanced settings of the dhcp server.

Run the set-dhcpserver4scope cmdlet.
Modify the dns settings of the development scope.
Run the add-dhcpserver4policy cmdlet.
Correct Answer:
Section: (none)
Explanation
Answer: Pending
QUESTION 152
Your network contains one active directory domain.the domain contains the servers configured as shown in the following table.
server1 domain controllers
dns server
server2 domain controllers
dns server
server3 dns server
server1 hasthe zones shown in the following table:
zone name zone type Isautocreated Isdsintegrated Isreverselookupzone Issigned
adatum.com primary false false false false
contoso.com primary false true false false
litwareinc.com secondary false true false false
server3 has the following output:
zone name zone type Isautocreated Isdsintegrated Isreverselookupzone Issigned contoso.com secondary false true false false
litwareinc.com primary false true false false
use the drop down list must select trhe answer choice that completes each assignment.
---you can protect [answer choice] by using dnssec:

only adatum.com
only contoso.com
only litwareinc.com
only contoso.com and adatum.com
contoso.com,adatum.com and litwareinc.com
---on server1,you configure permissions for the contoso.com zone.the permission will be efficitive on [answer choice]:
server1 only
server1 and server2 only
server1 and server3 only
server1,server2 and server3.
A. Answer: Pending
Correct Answer: A
Section: (none)
Explanation
QUESTION 153
Your network contains an active directory domain anmed contoso.com. The domain contains the server named server1 that runs Sindows Server 2012 R2. Server1
has the active directory rights management services server role installed. The domain contains a domain local group named group1 You create a rights policy
template named template1. You need to ensure that all the members of group1 can use template1.
What should you do?
A.
B.
C.
D.
Convert the scope of group1 to universal and assign group1 the rights to template1
Convert the scope of group1 to global and configure the email address attribute of group1.
Configure the email address attribute of group1 and configure the email address attribute of all the users are members of group1.
Configure the email address of all the users who are members of group1 and assign group1 the rights to template1.
Correct Answer: D
Section: (none)
Explanation
QUESTION 154
You have a server that runs Sindows Server 2012 R2.
You create a new work folder named share1.
You need to configure share1 to meet the follwoing requirements:
- Ensure that all synchronized copies of share1 are encrypted.
- Ensure that clients synchronize to share1 every 30 minutes.
- Ensure that share1 inherits the ntfs permissions of the parent folder.
Which command should you use to achive each requirements? To answer,drag the appropriate cmdlets to the correct requirements.each cmdlet may be used
once.more than once,or not at all. You may need to drag ther splitbacr between panes or scroll to view cmdlet?
Availible cmdlets:
enable-synshare
new-syncdevicepolicy
new-syncshare
set-syncdevicepolicy
set-syncserversetting
set-synshare
answer area:
ensure that all synchronized copies of share1 area encrypted _______________
ensure that clients synchronize to share1 every 30 minutes _______________
ensure that share1 inherits the ntfs permissions of the percentage _______________
A. ensure that all synchronized copies of share1 area encrypted -------set-syncshare
ensure that clients synchronize to share1 every 30 minutes -----set-syncserversetting
ensure that share1 inherits the ntfs permissions of the percentage ---set-syncshare
Correct Answer: A
Section: (none)
Explanation
QUESTION 155
Both servers run Windows Server 2012 R2.
The NLB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com.
You plan to perform maintenance on Server1.
You need to ensure that all new connections to App1 are directed to Server2.
The solution must not disconnect the existing connections to Server1.
A.
B.
C.
D.
The Set-NlbCluster cmdlet

The nlb.exe suspend command
The nlb.exe stop command
The Suspend-NlbClusterNode cmdlet
Correct Answer: D
Explanation
Explanation:
QUESTION 156
Your network contains one Active Directory forest named contoso.com. The forest contains a single domain. The domain contains the domain controllers is
configured as shown in the following table.
Name Site
DC1 Site1
DC2 Site2
DC3 Site3
DC4 Site4
The replication topology is configured as shown in the following output.
You discover that replication between Dc1 and DC3 takes a few hours.
You need to reduce the amount of time it takes to replicate Active Directory changes between DC1 and DC3.
What should you do?
Case Study Title (Case Study):
Cost : 100
Name : SiteLink1
ObjectGUID : e1c8c335-b75f-4612-8a9e-58a0edead21f
ReplInterval : 60
Cost : 100
Name : SiteLink2
ObjectClass :SiteLink
ObjectGUID : 9516948e-cd56-4a9b-b6ba-cdf3dd7fe0d1
ReplInterval : 60
Cost : 100
Name : SiteLink3
ObjectGUID : 07a7a37e-a12c-40c4-8042-f5d2e737b8a9
ReplInterval : 60
Cost : 400
Name : SiteLink4
ObjectGUID : 508810dc-30fd-4845-982a-d4552fba2e04
ReplInterval : 45
A.
B.
C.
D.
Create a site link that connects Site1 and Site3, has a cost of 350, and replicates every 15 minutes.
Modify SiteLink4 to replicate every 15 minute.
Disable Site Link bridging.
Set the cost of SiteLink4 to 100.
Correct Answer: D
Section: (none)
Explanation
n/a
QUESTION 157
You have a server named Server1 that runs Windows Server 2012 R2 and uses Windows Server Backup.
You need to identify whether the backups performed on Server1 support bare metal recovery.
A.
B.
C.
D.
Get-OBMachineSetting
Get-WBVSSBackupOptions
Get-WBPolicy
Get-OBPolicy
Correct Answer: C
Section: (none)
Explanation
Get-OBMachineSetting is for Azure Backup, question asks about Windows Backup
GetWBVSSBackupOption cmdlet doesnt exist
Get-WBPolicy is for Windows Backup
Get-OBPolicy is for Azure Backup, question asks Windows Backup (https://technet.microsoft.com/en-us/library/Ee706650.aspx)
QUESTION 158
You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2. Cluster1 hosts a virtual machine named VM1 that runs
Windows Server 2012 R2.
You notice that VM1 is marked as being in a critical state in the cluster.
You verify that VM1 is functioning correctly.
You need to ensure that VM1 is no longer marked as being in a critical state.
A.
B.
C.
D.
Remove-ClusterVmMonitoredItem
Remove-ClusterResourceDependency
Reset-ClusterVMMonitoredState
Clear-ClusterNode
Correct Answer: C
Section: (none)
Explanation
Remove-ClusterVmMonitoredItem actually removes the monitoring so nothing will happen
Remove-ClusterResourceDependency - self explanatory has to do with dependencies, not critical state
Reset-ClusterVMMonitoredState - This cmdlet resets the Application Critical state of a virtual machine, so that the virtual machine is no longer marked as being in a
critical state in the cluster (https://technet.microsoft.com/en-us/library/hh847312(v=wps.630).aspx)
Clear-ClusterNode - This cmdlet helps ensure that the failover cluster configuration has been completely removed from a node that was evicted.
QUESTION 159
You network contains one Active Directory domain named adatum.com. The domain contains a DNS server named Server1 that runs Windows Server 2012 R2. All
domain computers use Server1 for DNS.
You sign adatum.com by using DNSSEC.
You need to configure the domain computers to validate DNS responses for adatum.com records.
What should you configure in Group Policy?
A.
B.
C.
D.
Network List Manager Policies

Network Access Protection (NAP)
Name Resolution Policy
Public Key Policy
Correct Answer: C
Section: (none)
Explanation
Name resolution policy needs to be configured in group policy.
"In both example 1 and example 2, validation is not required for the secure.contoso.com zone because the Name Resolution Policy Table (NRPT) is not configured
to require validation. (https://technet.microsoft.com/en-us/library/jj200221.aspx) ( https://technet.microsoft.com/en-us/library/Ee649182(v=WS.10).aspx)
QUESTION 160
You have a server named Server1. A Microsoft Azure Backup of Server1 is created automatically every day.
You rename Server1 to Server2. you discover that backups are no longer created in Azure.
You need to backup the server to Azure.
What should you do?
A.
B.
C.
D.
From the Azure Management Portal, upload the Server2 certificae as a management certificate.
On Server2, run the Start-OBRegistration cmdlet.
On Server2, run the Add-WBBackupTarget cmdlet.
From the Azure Management Portal, modify the configuration on the backup vault.
Correct Answer: B
Section: (none)
Explanation
(https://azure.microsoft.com/pt-pt/documentation/articles/backup-azure-backup-faq)
QUESTION 161
You need to verify whether a DNS response from a DNS server is signed by DNSSEC.
A.
B.
C.
D.
nslookup.exe
dnscmd.exe
Get-NetIPAddress
Resolve-DNSName
Correct Answer: D
Section: (none)
Explanation
n/a
Exam F
QUESTION 1
Your network contains one Active Directory forest named adatum.com. The forest contains a single domain.
The site topology for the forest is shown in the exhibit.
Each site contains one domain controller.
You need to ensure that replication between site2 and site4 occurs in 15 minutes or less.
What command should you run? To answer select the appropriate options in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
See Example 2: Create a replication site link and set properties for it (https://technet.microsoft.com/en-us/library/hh852320(v=wps.630).aspx)
Lower the cost should be higher priority. Notice I put (Select Name.) I am not sure if this is written incorrectly or we need to actually refer to the site topolgy exhibit
which would appear int he exam. I would assume the name would be SiteLink2-SiteLink4 but that option is not there. So this is something you will have to pay
attention to when you do the exam.
QUESTION 2
Your network contains one Active Directory forest named contoso.com. The forest contains a single domain. The domain contains the domain controllers is
configured as shown in the following table.

Name Site
DC1 Site1
DC2 Site2
DC3 Site3
DC4 Site4
The forest contains a member server named Server1. Server1 has an IP address of 172.16.10.66.
The forest has the following Active Directory subnet configuration.
Name : 172.16.10.0/26
ObjectGUID : db362a6c-c0a9-4703-aaee-191083ab9ea5
Site : CN=Site1, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum,
DC=com,
Name : 172.16.10.64/26
ObjectGUID : ef101558-3afa-41f1-9c5a-717453436fc1
DC=com,
Name : 172.16.10.192/26
ObjectGUID : 33137047-6711-4195-940f-a463bbdab8fb
DC=com,
Name : 172.16.10.128/26
ObjectGUID : ef5235ab-759b-4dc8-992a-c5ec1dae97a8
DC=com,
Use the drop down menus to select the answer choice that complete each statement.
Hot Area:
Correct Answer:
Section: (none)
Explanation
n/a
QUESTION 3
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA).
The domain contains a server named Server1 that runs Windows Server 2012 R2. You install the Active Directory Federation Services server role on Server1.
You plan to configure Server1 as an Active Directory Federation Services (AD FS) server. The Federation Service name will be set to adfs1.contoso.com.
You need to identify which type of certificate template you must use to request a certificate for AD FS.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation:
http://blogs.msdn.com/b/alextch/archive/2011/06/27/installing-a-stand-along-adfs-service.aspx
QUESTION 4
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains two Active Directory sites named Site1 and Site2.
You need to configure the replication between the sites to occur by using change notification.
Which attribute should you modify?
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation:
http://blogs.technet.com/b/qzaidi/archive/2010/09/23/enable-change-notifications-between-sites-how-and-why.aspx
http://blogs.msdn.com/b/canberrapfe/archive/2012/03/26/active-directory-replication-change-notification-amp-you.aspx
QUESTION 5
Hotspot Question
The domain contains two servers named Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed.
You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2.
You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2.
To which group on Server2 should you add Tech1? To answer, select the appropriate group in the answer area.
Hot Area:
Correct Answer:

Explanation
http://www.microsoft.com/en-us/download/dlx/ThankYou.aspx?id=29012
Both WinRMRemoteWMIUsers_ and Remote Management Users have the exact same description. As such, I tested connecting with server manager remotely with
a non-administrative account. I tried before adding to either group and got this error:
I then added to Remote Management Users and got this error:
--Note that this is due to access to the event log only.

Next I removed from Remote Management Users and added to WinRMRemoteWMIUsers_ and got this error:
The error is exactly the same and the explanation is due to event log.
In summary, Either one of these answers is correct, however since the document explicitly says use the "WinRMRemoteWMIUsers_" group, then that's what we
gotta do.
QUESTION 6
Hotspot Question
Your company has a primary data center and a disaster recovery data center. The network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 runs Windows Server 2012 R2. Server1 is located in the primary data center. Server1 has an enterprise root
certification authority (CA) for contoso.com.

You deploy another server named Server2 to the disaster recovery data center.
You plan to configure Server2 as a secondary certificate revocation list (CRL) distribution point.
You need to configure Server2 as a CRL distribution point (CDP).
Which tab should you use to configure the required CDP entry? To answer, select the appropriate tab in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation:
http://technet.microsoft.com/zh-cn/library/jj125369.aspx
QUESTION 7
Hotspot Question
The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed.
You need to make configuration changes to the Windows Token-based Agent role service.
Which tool should you use? To answer, select the appropriate tool in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation:
QUESTION 8
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2.
All servers run Windows Server 2012. Server1 and Server2 have the Hyper-V server role installed. The servers are configured as shown in the following table.
You add a third server named Server3 to the network. Server3 has Intel processors.
You need to move VM3 and VM6 to Server3. The solution must minimize downtime on the virtual machines.
Which method should you use to move each virtual machine? To answer, select the appropriate method for each virtual machine in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation:
VM3: export/import is the only option due to different processor manufacturers
VM6: Live migration can be used as both have Intel CPU's Live Storage Migration requires same processor manufacturers Live migration requires same same
processor manufacturers Quick migration has downtime
QUESTION 9
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run
Windows Server 2012 R2.
Server1 and Server2 have the Hyper-V server role and the Failover Clustering feature installed. Server1 and Server2 are members of a cluster named Cluster1.
Cluster1 hosts 10 virtual machines.
When you try to migrate a running virtual machine from one server to another, you receive the following error message:
"There was an error checking for virtual machine compatibility on the target node."
You need to ensure that the virtual machines can be migrated from one node to another.
From which node should you perform the configuration? To answer, select the appropriate node in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation:
The Migrate to a physical computer with a different processor version setting ensures that the virtual machine uses only the features of the processor that are
available on all versions of a virtualization- capable processor by the same processor manufacturer. It does not provide compatibility between different processor
manufacturers.
http://www.shogan.co.uk/tag/esxi/.shogan.co.uk/tag/esxi/
QUESTION 10
Hotspot Question
Your company has a main office and a branch office. The main office is located in Detroit.
The branch office is located in Seattle. The network contains an Active Directory domain named adatum.com.
Client computers run either Windows 7 Enterprise or Windows 8 Enterprise.
The main office contains 1,000 client computers and 50 servers.
The branch office contains 20 client computers.
All computer accounts for the branch office are located in an organizational unit (OU) named SeattleComputers.
A Group Policy object (GPO) named GPO1 is linked to the SeattleComputers OU.
You need to configure BranchCache for the branch office.

Hot Area:
Correct Answer:

Explanation
Explanation:
Distributed Cache mode

If client computers are configured to use Distributed Cache mode, the cached content is distributed among client computers on the branch office network. No
infrastructure or services are required in the branch office beyond client computers running Windows 7.
Hosted Cache mode
In hosted cache mode, cached content is maintained on a computer running Windows Server 2008 R2 on the branch office network.
QUESTION 11
Hotspot Question
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8 Enterprise.
You have a remote site that only contains client computers. All of the client computer accounts are located in an organizational unit (CU) named Remote1.
A Group Policy object (GPO) named GPO1 is linked to the Remote1 CU.
You need to configure BranchCache for the remote site.

Which two settings should you configure in GPO1? To answer, select the two appropriate settings in the answer area.
Hot Area:
Correct Answer:

Explanation
Explanation:
QUESTION 12
Hotspot Question
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 have the Hyper-V server role installed.
Server1 and Server2 have different processor models from the same manufacturer. On Server1, you plan to create a virtual machine named VM1. Eventually, VM1
will be exported to Server2.
You need to ensure that when you import VM1 to Server2, you can start VM1 from saved snapshots.
What should you configure on VM1? To answer, select the appropriate node in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation:
Use the Processor Compatibility Mode only in cases where VMs will migrate from one Hyper-V- enabled processor type to another within the same vendor
processor family.
http://technet.microsoft.com/en-us/magazine/gg299590.aspx
QUESTION 13
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1.
Server1 is a BranchCache hosted cache server that is located in a branch office.
The network contains client computers that run either Windows 7 or Windows 8.
For the branch office, all of the user accounts and the client computer accounts are located in an organizational unit (OU) named Branch1.
A Group Policy object (GPO) named GPO1 is linked to Branch 1. GPO1 contains the BranchCache settings.
You discover that users in the branch office who have client computers that run Windows 7 do not access cached content from Server1.
Users in the branch office who have Windows 8 computers access cached content from Server1.
You need to configure the Windows 7 computers to use BranchCache on Server1.
Which setting should you configure in GPO1? To answer, select the appropriate setting in the answer area.
Hot Area:
Correct Answer:

Explanation
Explanation:
Hosted Cache mode
In hosted cache mode, cached content is maintained on a computer running Windows Server 2008 R2 on the branch office network.
QUESTION 14
Hotspot Question
Your network contains two DHCP servers named Server1 and Server2. Server1 fails.
You discover that DHCP clients can no longer receive IP address leases.
You need to ensure that the DHCP clients receive IP addresses immediately.
What should you configure from the View/Edit Failover Relationship settings? To answer, select the appropriate setting in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation:
http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failover-hot-standbymode.aspx
QUESTION 15
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the Active Directory Certificate Services server role installed and configured. For all users, you are deploying smart cards for logon.
You are using an enrollment agent to enroll the smart card certificates for the users.
You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent.
Which setting should you modify? To answer, select the appropriate setting in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation:
http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/162e1108-bd46-4b2b-9ea0-4fff8949a810
QUESTION 16
Hotspot Question
The domain contains the two servers.
You investigate a report about the potential compromise of a private key for a certificate issued to Server2.
You need to revoke the certificate issued to Server2. The solution must ensure that the revocation can be reverted.
Which reason code should you select? To answer, select the appropriate reason code in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation:
QUESTION 17
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2. The volumes on Server1 are configured as shown in the following table.
A new corporate policy states that backups must use Windows Azure Online Backup whenever possible.
You need to identify which backup methods you must use to back up Server1. The solution must use Windows Azure Online Backup whenever possible.
Which backup type should you identify for each volume? To answer, select the appropriate backup type for each volume in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation:
Why should Vol1 be Windows Server Backup?
http://msdn.microsoft.com/en-us/library/azure/jj573031.aspx
Drive description: Azure Backup supported:
BitLocker-protected volume Yes, but the volume must be unlocked before the backup can occur.
http://technet.microsoft.com/zh-cn/library/hh831419.aspx
QUESTION 18
Hotspot Question
Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2012 R2. All domain controllers have the DNS Server
server role installed.
You have a domain controller named DC1. On DC1, you create an Active Directory-integrated zone named adatum.com and you sign the zone by using DNSSEC.
You deploy a new read-only domain controller (RODC) named R0DC1.
You need to ensure that the contoso.com zone replicates to R0DC1.
What should you configure on DC1? To answer, select the appropriate tab in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation:
For additional servers to host a zone, zone transfers are required to replicate and synchronize all copies of the zone used at each server configured to host the
zone.
QUESTION 19
Hotspot Question

Server1 and Server2 have the Network Load Balancing (NLB) feature installed.
The servers are configured as nodes in an NLB cluster named Cluster1. Both servers connect to the same switch.
Cluster1 hosts a secure web application named WebApp1. WebApp1 saves user state information in a central database.
You need to ensure that the connections to WebApp1 are distributed evenly between the nodes.
The solution must minimize port flooding.
What should you configure? To answer, configure the appropriate affinity and the appropriate mode for Cluster1 in the answer area.
Hot Area:
Correct Answer:

Explanation
Explanation:
QUESTION 20
Hotspot Question
Your company has a main office and a branch office. An Active Directory site exists for each office. The network contains an Active Directory forest named
contoso.com.
The contoso.com domain contains three member servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2. I
n the main office, you configure Server1 as a file server that uses BranchCache. In the branch office, you configure Server2 and Server3 as BranchCache hosted
cache servers.
You are creating a Group Policy for the branch office site. In the branch office, you need to configure the client computers that run Windows B to use Server2 and
Server3 as BranchCache.
Hot Area:
Correct Answer:

Explanation
Explanation:
http://blogs.technet.com/b/wsnetdoc/archive/2012/06/01/highlighting-branchcache-hosted-cache-mode-in-windows-server-2012.aspx
QUESTION 21
Hotspot Question
Your network contains two Hyper-V hosts that are configured as shown in the following table.
You create a virtual machine on Server1 named VM1.

You plan to export VM1 from Server1 and import VM1 to Server2.
You need to ensure that you can start the imported copy of VM1 from snapshots.
What should you configure on VM1? To answer, select the appropriate node in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation:
* If the CPUs are from the same manufacturer but not from the same type, you may need to use Processor Compatibility.
*(incorrect) The network adapter is already disconnected.
QUESTION 22
Hotspot Question
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains two domain controllers.
On DC1, you create an Active Directory-integrated zone named Zone1.

You verify that Zone1 replicates to DC2.
You use DNSSEC to sign Zone1.
You discover that the updates to Zone1 fail to replicate to DC2.
You need to ensure that Zone1 replicates to DC2.
What should you configure on DC1? To answer, select the appropriate tab in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 23
Hotspot Question
Your network contains three Application servers that run Windows Server 2012 R2. The Application servers have the Network Load Balancing (NLB) feature
installed.
You create an NLB cluster that contains the three servers.
You plan to deploy an Application named App1 to the nodes in the cluster. App1 uses TCP port 8080 and TCP port 8081.
Clients will connect to App1 by using HTTP and HTTPS.
When clients connect to App1 by using HTTPS, session state information will be retained locally by the cluster node that responds to the client request.
You need to configure a port rule for App1.
Which port rule should you use? To answer, select the appropriate rule in the answer area.
Hot Area:
Correct Answer:

Explanation
Explanation:
This should be the one on the lower left side.
- You connect only by TCP not UDP. So Protocol needs to be TCP only
- connections must be distributed evenly between hosts: So you need to choose multiple host and not Single Host.
- App1 does not use session state information. So Affinity must be none
I guess 8080 is for HTTP and 8081 for HTTPS in this configuration. HTTP/HTTPS use TCP, not UDP.
Multiple Hosts and Single for Affinity.
-Multiple Hosts is Load Balancing evenly. When you select this, NLB Weight property matters.
-Single Host is Active/Standby or Active/Passive. When you select this, NLB Handling Priority matters. The highest priority will serve all requests.
-Affinity:
None: Distribute evenly.
Single: When a client is connected to a particular NLB node, the client is connected to the same node next time. This is used for Stateful connection such as
request requiring HTTP session information.
Network: Similar to Single, but distribute request by Network ID. Hash IP network id (class A,B, C, etc) to a hash and distribute the request to a particular node.
Useful to assign a group of request from same IP network range or class.
QUESTION 24
Hotspot Question
The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. The servers have the Hyper- V server role installed.
A certification authority (CA) is available on the network. A virtual machine named vml.contoso.com is replicated from Server1 to Server2.
A virtual machine named vm2.contoso.com is replicated from Server2 to Server1.
You need to configure Hyper-V to encrypt the replication of the virtual machines.
Which common name should you use for the certificates on each server? To answer, configure the appropriate common name for the certificate on each server in
the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 25
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2.
You install the DHCP Server server role on both servers. On Server1, you have the DHCP scope configured as shown in the exhibit. (Click the Exhibit button.)
You need to configure the scope to be load-balanced across Server1 and Server2.
What Windows PowerShell cmdlet should you run on Server1? To answer, select the appropriate options in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 26
Hotspot Question
Your network contains three Active Directory forests. The forests are configured as shown in the following table.
A two-way forest trust exists between contoso.com and divisionl.contoso.com. A two-way forest trust also exists between contoso.com and division2.contoso.com.
You plan to create a one-way forest trust from divisionl.contoso.com to division2.contoso.com.
You need to ensure that any cross-forest authentication requests are sent to the domain controllers in the appropriate forest after the trust is created.
How should you configure the existing forest trust settings? In the table below, identify which configuration must be performed in each forest. Make only one
selection in each column. Each correct selection is worth one point.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 27
Hotspot Question
You have a failover cluster named Cluster1 that contains two nodes named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the Hyper-V
server role installed.
You plan to create two virtual machines that will run an application named App1. App1 will store data on a virtual hard drive named App1data.vhdx.
App1data.vhdx will be shared by both virtual machines.
The network contains the following shared folders:
- An SMB file share named Share1 that is hosted on a Scale-Out File Server.
- An SMB file share named Share2 that is hosted on a standalone file server.
- An NFS share named Share3 that is hosted on a standalone file server.
You need to ensure that both virtual machines can use App1data.vhdx simultaneously.
What should you do? To answer, select the appropriate configurations in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 28
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains two DHCP servers named Server1 and Server2. Both servers have
multiple IPv4 scopes.
Server1 and Server2 are used to assign IP addresses for the network IDs of 172.20.0.0/16 and 131.107.0.0/16.
You install the IP Address Management (IPAM) Server feature on a server named IPAM1 and configure IPAM1 to manage Server1 and Server2.
Some users from the 172.20.0.0 network report that they occasionally receive an IP address conflict error message.
You need to identify whether any scopes in the 172.20.0.0 network ID conflict with one another.
What Windows PowerShell cmdlet should you run? To answer, select the appropriate options in the answer area.
Hot Area:
Correct Answer:

Explanation
QUESTION 29
Hotspot Question
You have a file server named Server1 that runs Windows Server 2012 R2.
You need to ensure that you can use the NFS Share - Advanced option from the New Share Wizard in Server Manager.
Which two role services should you install? To answer, select the appropriate two role services in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 30
Hotspot Question
Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
Server1 and 5erver2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains an application named App1 that is accessed by using the URL
http://app1.contoso.com.
You deploy a new server named Server3 that runs Windows Server 2012 R2. The contoso.com DNS zone contains the records shown in the following table.
You need to add Server3 to the NLB cluster.

What command should you run? To answer, select the appropriate options in the answer area.
Hot Area:
Correct Answer:

Explanation
QUESTION 31
Hotspot Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The network has the physical sites and TCP/IP subnets configured as shown in the following table.
You have a web application named App1 that is hosted on six separate Web servers. DNS has the host names and IP addresses registered as shown in the
following table.
You discover that when users connect to app1.contoso.com, they are connected frequently to a server that is not on their local subnet.
You need to ensure that when the users connect to app1.contoso.com, they connect to a server on their local subnet. The connections must be distributed across
the servers that host app1.contoso.com on their subnet.
Which two settings should you configure? To answer, select the appropriate two settings in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 32
Hotspot Question
You have a file server named Server1 that runs Windows Server 2012 R2. Server1 contains a file share that must be accessed by only a limited number of users.
You need to ensure that if an unauthorized user attempts to access the file share, a custom access- denied message appears, which contains a link to request
access to the share.
The message must not appear when the unauthorized user attempts to access other shares.
Which two nodes should you configure in File Server Resource Manager? To answer, select the appropriate two nodes in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation:
http://technet.microsoft.com/en-us/library/hh831402.aspx#BKMK_1
QUESTION 33
Hotspot Question
You are configuring a storage space on Server1.
You need to ensure that the storage space supports tiered storage.
Which settings should you configure? To answer, select the appropriate options in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation:
QUESTION 34
Hotspot Question
You have a server that runs Windows Server 2012 R2 and has the iSCSI Target Server role service installed.
You run the New-IscsiVirtualDisk cmdlet as shown in the New-IscsiVirtualDisk exhibit.
To answer, complete each statement according to the information presented in the exhibits. Each correct selection is worth one point.
Hot Area:
Correct Answer:

Explanation
Explanation:
Because you just created the new disk with that powershell command, so its BRAND NEW and its dynamic, so only 4Mb.
QUESTION 35
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The relevant servers in the domain are configured as shown in the following table.
You plan to create a shared folder on Server1 named Share1. Share1 must only be accessed by users who are using computers that are joined to the domain.
You need to identify which servers must be upgraded to support the requirements of Share1.
In the table below, identify which computers require an upgrade and which computers do not require an upgrade. Make only one selection in each row. Each correct
selection is worth one point.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 36
Hotspot Question
The domain contains a DNS server named Server1. Server1 is configured to resolve single-label names for DNS clients.
You need to view the number of queries for single-label names that are resolved by Server1.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 37
Hotspot Question
You have a Dynamic Access Control policy named Policy1.
You create a new Central Access Rule named Rule1.
You need to add Rule1 to Policy1.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation:
QUESTION 38
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has access to disks that connect to a RAID controller, iSCSI disks, and disks
connected to a SCSI controller.
You plan to use a tiered storage space on Server1.
You need to identify which storage controller and volume type you must use for the tiered storage space.
Which storage components should you use? To answer, select the appropriate options in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 39
Hotspot Question
The domain contains a domain controller named DC1 and a member server named Server1. All servers run Windows Server 2012 R2.
You install the IP Address Management (IPAM) Server feature on Server1. From the Provision IPAM wizard, you select the Group Policy Based provisioning
method and enter a GPO name prefix of IPAM1.
You need to provision IPAM by using Group Policy.
What command should you run on Server1 to complete the process? To answer, select the appropriate options in the answer area.
Hot Area:
Correct Answer:

Explanation
QUESTION 40
Hotspot Question
Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains an application named App1 that is accessed by using the
name appl.contoso.com.
The NLB cluster has the port rules configured as shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.
Hot Area:
Correct Answer:

Explanation
QUESTION 41
Hotspot Question
You install the IP Address Management (IPAM) Server feature on a server named Server1 and select Manual as the provisioning method.
The IPAM database is located on a server named SQL1.
You need to configure IPAM to use Group Policy Based provisioning.
What command should you run first? To answer, select the appropriate options in the answer area.
Hot Area:
Correct Answer:

Explanation
Explanation:
You cannot change the provisioning method for the current installation of IPAM Server after it has been selected.
To change the provisioning method, you must uninstall and reinstall IPAM Server on the computer.
http://technet.microsoft.com/en-us/library/38e4074a-3caa-4eed-9b11-c4d77741bbdd#choose_method
QUESTION 42
Hotspot Question
You implement Dynamic Access Control in the forest.
You have the claim types shown in the Claim Types exhibit. (Click the Exhibit button.)
The properties of a user named User1 are configured as shown in the User1 exhibit. (Click the Exhibit button.)
The output of Whoa mi /claims for a user named User2 is shown in the Whoa mi exhibit.
(Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise select No. Each correct selection is worth one point.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 43
Hotspot Question
The domain contains a domain controller named DC1 and a server named Server1. Both servers run Windows Server 2012 R2.
You configure the classification of a share on Server1 as shown in the Share1 Properties exhibit. (Click the Exhibit button.)
You configure the resource properties in Active Directory as shown in the Resource Properties exhibit. (Click the Exhibit button.)
You need to ensure that the Impact classification can be assigned to Share1 immediately.
Which cmdlet should you run on each server? To answer, select the appropriate cmdlet for each server in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 44
Hotspot Questions
The domain contains domain controllers that run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2.
You plan to implement a new Active Directory forest. The new forest will be used for testing and will be isolated from the production network.
In the test network, you deploy a server named Server1 that runs Windows Server 2012 R2.
You need to configure Server1 as a new domain controller in a new forest named contoso.test.
- The functional level of the forest and of the domain must be the same as that of contoso.com.
- Server1 must provide name resolution services for contoso.test.
What should you do? To answer, configure the appropriate options in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 45
Hotspot Question
Your network contains one Active Directory domain. The domain contains an enterprise certification authority (CA).
You need to ensure that members of a group named Group1 can issue certificates for the User certificate template only.
Which two tabs should you use to perform the configuration? To answer, select the appropriate tabs in the answer area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 46
Hotspot Question
Your network contains one Active Directory forest. The forest has three sites configured as shown in the following table.
The forest contains the site links configured as shown in the following table.
A domain controller named DC2 has an IP address of 192.168.2.2. DC2 and is in Site2.
You run the following cmdlets.
New-ADReplicationSite Site3
New-ADReplacationSubnet -Name "192.168.3.0/24" -Site Site3
Use the drop-down menus to select the answer choice that completes each statement.
Hot Area:
Correct Answer:
Section: (none)
Explanation
QUESTION 47
Hotspot Question
Your network contains one Active Directory forest named adatum.com.
The forest contains the domain controllers configured as shown in the following table.
Recently, a domain controller named DC4 was deployed to adatum.com. DC4 is in the Default- First-Site-Name site.
The adatum.com site links are configured as follows.
The schedule for SiteLink1 is shown in the SiteLink1 exhibit. (Click the Exhibit button.)
The schedule for SiteLink2 is shown in the SiteLink2 exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Exam G
QUESTION 1
You network contains one Active Directory domain. The domain contains two Hyper-V Hosts named Host1 and Host2 that run Windows Server 2012 R2. Host1
contains a virtual machine named DC5. DC5 is a domain controller that run Windows Server 2012 R2.
You configure Active Directory to support domain controller cloning for DC5, and then you shut down DC5.
You need to create a clone of DC5 on Host2.
What should you run on each Hyper-V Host.?
To answer Drag the appropriate commands or cmdlets to the correct Hyper-V hosts. Each command or cmdlet may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
Select and Place:
Correct Answer:
Section: (none)
Explanation
http://blogs.technet.com/b/canitpro/archive/2013/06/12/step-by-step-domain-controller-cloning.aspx
- Create the cloneconfig file by running ADDCCloneConfig on the source first (Step 2)
- Export the source VM (Step 4-2)
- Import the source VM into the new host (Step 4-3)
QUESTION 2
Drag and Drop Question
You have a file server named Server1 that runs Windows Server 2012 R2. The folders on Server1 are configured as shown in the following table.
A new corporate policy states that backups must use Microsoft Online Backup whenever possible.
You need to identify which technology you must use to back up Server1. The solution must use Microsoft Online Backup whenever.
What should you identify? To answer, drag the appropriate backup type to the correct location or locations. Each backup type may be used once, more than once,
or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation:
QUESTION 3
You have 3 server named Server1 that runs Windows Server 2012 R2.
You are asked to test Windows Azure Online Backup to back up Server1.
You need to back up Server1 by using Windows Azure Online Backup.
Which four actions should you perform in sequence? To answer, move the appropriate four actions from the list of actions to the answer area and arrange them in
the correct order.
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation:
http://technet.microsoft.com/en-us/library/hh831761.aspx#BKMK_installagent
Note:
* Getting started with Windows Azure Online Backup is a simple two-step process:
1. Get a free preview Windows Azure Online Backup account (with 300 GB of cloud storage).
2. Login to the Windows Azure Online Backup portal and download and install the Windows Azure Online Backup agent for Windows Server 2012 R2 or System
Center 2012 SP1 Data Protection Manager. For Windows Server 2012 R2 Essentials, download and install the Windows Azure Online Backup integration module.
Once you have installed the agent or integration module you can use the existing user interfaces for registering the server to the service and setting up online
backup.
* Install the Windows Azure Online Backup agent
Before you can begin to use the online protection service, you must download and install the Windows Azure Online Backup agent on the Data Protection Manager
(DPM) server. You can download the Windows Azure Online Backup agent from the Windows Azure Online Backup portal.
To registering for online protection (box 4)
After you install the agent on the DPM server, you must register the DPM server for online protection. Click Register Online Protection on the tool ribbon to start the
Windows Azure Backup Registration wizard.
Etc. (finish the steps in the wizard).
Reference: Setting up Windows Azure Online Backup for DPM
QUESTION 4
Your network contains an Active Directory domain named contoso.com. The domain contains two DHCP servers named DHCP1 and DHCP2 that run Windows
Server 2012 R2.
You install the IP Address Management (IPAM) Server feature on a member server named Server1 and you run the Run Invoke-IpamGpoProvisioning cmdlet.
You need to manage the DHCP servers by using IPAM on Server1.
Which three actions should you perform? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct
order.
Select and Place:
Correct Answer:

Explanation
Explanation:
QUESTION 5
Your network contains two Active Directory forests named contoso.com and adatum.com. All domain controllers run Windows Server 2012 R2. A federated trust
exists between adatum.com and contoso.com. The trust provides adatum.com users with access to contoso.com resources.
You need to configure Active Directory Federation Services (AD FS) claim rules for the federated trust. The solution must meet the following requirements:
- In contoso.com, replace an incoming claim type named Group with an outgoing claim type named Role.
- In adatum.com, allow users to receive their tokens for the relying party by using their Active Directory group
membership as the claim type.
The AD FS claim rules must use predefined templates.
Which rule types should you configure on each side of the federated trust? To answer, drag the appropriate rule types to the correct location or locations. Each rule
type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation:
http://technet.microsoft.com/zh-cn/library/ee913586(v=WS.10).aspx
QUESTION 6
Your network contains four servers that run Windows Server 2012 R2. Each server has the Failover Clustering feature installed. Each server has three network
adapters installed.
An iSCSI SAN is available on the network.
You create a failover cluster named Cluster1.
You add the servers to the cluster.
You plan to configure the network settings of each server node as shown in the following table.
You need to configure the network settings for Cluster1.

What should you do? To answer, drag the appropriate network communication setting to the correct cluster network. Each network communication setting may be
used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation:
QUESTION 7
Your network contains an Active Directory domain named contoso.com. The domain contains four member servers named Server1, Server2, Servers, and
Server4.
All servers run Windows Server 2012 R2. Server1 and Server2 are located in a site named Site1. Server3 and Server4 are located in a site named Site2.
The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 is configured to use the Node Majority quorum configuration.
You need to ensure that Server1 is the only server in Site1 that can vote to maintain quorum.
What should you run from Windows PowerShell? To answer, drag the appropriate commands to the correct location. Each command may be used once, more than
once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 8
You have storage provisioned on Server2 as shown in the exhibit. (Click the Exhibit button.)
You need to configure the storage so that it appears in Windows Explorer as a drive letter on Server1.
Which three actions should you perform in sequence? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them
in the correct order.
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation:
http://blogs.technet.com/b/filecab/archive/2012/05/21/introduction-of-iscsi-target-in-windows-server-2012.aspx
QUESTION 9
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows
Server 2012 R2.
You configure a new failover cluster named Cluster1. Server1 and Server2 are nodes in Cluster1.
You need to configure the disk that will be used as a witness disk for Cluster1.
How should you configure the witness disk? To answer, drag the appropriate configurations to the correct location or locations. Each configuration may be used
once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation:
http://technet.microsoft.com/en-us/library/jj612870.aspx#BKMK_witness
QUESTION 10
You have a file server named Server1 that runs Windows Server 2012 R2. The folders on Server1 are configured as shown in the following table.
A new corporate policy states that backups must use Windows Azure Online Backup whenever possible.
You need to identify which technology you must use to back up Server1. The solution must use Windows Azure Online Backup whenever possible.
What should you identify? To answer, drag the appropriate backup type to the correct location or locations. Each backup type may be used once, more than once,
or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 11
Your network contains an Active Directory domain named contoso.com. The domain contains four member servers named Server1, Server2, Server3, and Server4.
Server1 and 5erver2 run Windows Server 2008 R2. Server1 and Server2 have the Hyper-V server role and the Failover Clustering feature installed. Failover
Clustering is configured to provide highly available virtual machines by using a cluster named Cluster1. Cluster1 hosts 10 virtual machines.
Server3 and Server4 run Windows Server 2012 R2.
You install the Hyper-V server role and the Failover Clustering feature on Server3 and Server4.
You create a cluster named Cluster2.
You need to migrate cluster resources from Cluster1 to Cluster2. The solution must minimize downtime on the virtual machines.
Which five actions should you perform? To answer, move the appropriate five actions from the list of actions to the answer area and arrange them in the correct
order.
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation:
http://blogs.technet.com/b/hugofe/archive/2012/12/06/best-practices-for-migration-of-cluster-windows-2008-r2-2012-as-melhores-praticas-para-migrar-um-cluster-
de-windows-2008-para-windows-2012.aspx
QUESTION 12
You have two failover clusters named Cluster1 and Cluster2. All of the nodes in both of the clusters run Windows Server 2012 R2.
Cluster1 hosts two virtual machines named VM1 and VM2.
You plan to configure VM1 and VM2 as nodes in a new failover cluster named Cluster3.
You need to configure the witness disk for Cluster3 to be hosted on Cluster2.
Which three actions should you perform in sequence? To answer, move the appropriate three actions from the list of actions to the answer area and arrange them
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 13
The domain contains four member servers named Server1, Server2, Server3, and Server4.
Server1 and Server3 are located in a site named Site1. Server2 and Server4 are located in a site named Site2.
Cluster1 is configured to use the Node Majority quorum configuration.
You need to ensure that users in Site2 can access Cluster1 if the network connection between the two sites becomes unavailable.
What should you run from Windows PowerShell? To answer, drag the appropriate commands to the correct location. Each command may be used once, more than
once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 14
Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains an Active Directory Rights Management Services
(AD RMS) root cluster.
You need to ensure that the rights account certificates issued in adatum.com are accepted by the AD RMS root cluster in contoso.com.
What should you do in each forest? To answer, drag the appropriate actions to the correct forests. Each action may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 15
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server3. The network contains a
standalone server named Server2. All servers run Windows Server 2012 R2. The servers are configured as shown in the following table.
Server3 hosts an application named App1. App1 is accessible internally by using the URL https://appl.contoso.com. App1 only supports Integrated Windows
authentication.
You need to ensure that all users from the Internet are pre-authenticated before they can access App1.
What should you do? To answer, drag the appropriate servers to the correct actions. Each server may be used once, more than once, or not at all. You may need to
drag the split bar between panes or scroll to view content.
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 16
Your network contains an Active Directory domain named adatum.com. The domain contains three servers. The servers are configured as shown in the following
table.
Server1 is configured as shown in the exhibit. (Click the Exhibit button.)
Template1 contains custom cryptography settings that are required by the corporate security team. On Server2, an administrator successfully installs a certificate
based on Template1.
The administrator reports that Template1 is not listed in the Certificate Enrollment wizard on Server3, even after selecting the Show all templates check box.
You need to ensure that you can install a server authentication certificate on Server3. The certificate must comply with the cryptography requirements.
Which three actions should you perform in sequence? To answer, move the appropriate three actions from the list of actions to the answer area and arrange them
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation:
Duplicate an existing template, modify the Compatibility Settings (to Windows Server 2008), and modify the Request Handling settings.

MicrosoftMicrosoft - ActualTests.70-412.v2015-12-30.by - GabbyDigital.362q.pdf - Actualtests.70 412.v2015!12!30.by - Gabbydigital.362q

Uploaded by

Copyright:

Available Formats

MicrosoftMicrosoft - ActualTests.70-412.v2015-12-30.by - GabbyDigital.362q.pdf - Actualtests.70 412.v2015!12!30.by - Gabbydigital.362q

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MicrosoftMicrosoft - ActualTests.70-412.v2015-12-30.by - GabbyDigital.362q.pdf - Actualtests.70 412.v2015!12!30.by - Gabbydigital.362q

Uploaded by

Copyright:

Available Formats

70-412

Connect to DC2 from Active Directory Users and Computers.

Start Server1 from the Windows Server 2012 R2 installation media.

A. On Server1, install the Multipath I/O (MPIO) feature.

Several highly available virtual machines run on Cluster1.

The Hyper-V Manager console connected to Server3

The Network Connection settings

You need to change the replication scope of the contoso.com zone.

Modify the Zone Transfers settings.

Section: Configure network services (15-20%)

Modify the outbound firewall rules on Server1.

You need to manage IPAM from Server2.

dnscmd /config /bindsecondaries 1

load sharing mode failover partners

the Windows Standards-Based Storage Management feature

Configure Windows Firewall with Advanced Security.

On Server2, modify the settings of VM1.

Add User1 to the Backup Operators group.

However the question explicitly says we need to minimize administrative rights.

D. Repair Your Computer

The solution must support DFS Replication to Folder1.

The possible owner

- Users in adatum.com must be able to access resources in contoso.com.

a one-way realm trust from contoso.com to adatum.com

F. Active Directory Sites and Services

Activate the scope.

Folder1 is shared as Share1.

Remove the Deny permission for Group1 from Folder1.

On Server1, execute a Planned Failover.

The Add-CauClusterRole cmdlet

D. (Department.Value Equals "Temp")

From Network Connections, modify the IP address of DC3.

Replace the existing forest trust with an external trust.

Enable dynamic quorum management.

Run the Set-DNSServerGlobalNameZone cmdlet.

Your network contains an Active Directory domain named contoso.com.

DHCP Administrators on Server2

The Network Location settings

Your network contains an Active Directory domain named contoso.com.

- Users in adatum.com must be prevented from accessing resources in fabrikam.com.

a one-way external trust from adatum.com to fabrikam.com

An Active Directory site exists for each office.

DC1 hosts an Active Directory-integrated zone for contoso.com.

Active Directory Sites and Services

Run the Active Directory Domain Services Configuration Wizard.

Run the certutil.exe command and specify the -backupkey parameter.

You need to identify the minimum number of AD RMS trusts required.

Perform a quick migration.

To Host3 by using a storage migration

Run bootrec.exe and specify the /scanos parameter.

An IP site link exits between each site.

Create a site link bridge.

The domain contains a main office and a branch office.

DC1 hosts an Active Directory-integrated zone for contoso.com.

DC1 hosts an Active Directory-integrated zone for contoso.com.

IPAM MSM Administrators

C. Disable SID filtering on the existing trust.

The Restart-Server cmdlet