Microsoft.Braindumps.70-412.v2014-04-02.by.ROBIN...2014/04/03 · Guaranteed success with TestInsides practice guides 3 Microsoft 70-412 : Practice Test B. An authentication key that

Microsoft.Braindumps.70-412.v2014-04-02.by.ROBIN.321q

Number: 70-412Passing Score: 700Time Limit: 120 minFile Version: 20.5

http://www.gratisexam.com/

Exam Code: 70-412

Exam Name: Configuring Advanced Windows Server 2012 Services

Exam A

QUESTION 11 - (Topic 1)

You have a DHCP server named Server1. Server1 has one network adapter. Server1 is located on a subnetnamed Subnet1. Server1 has scope named Scope1. Scope1 contains IP addresses for the 192.168.1.0/24network.

Your company is migrating the IP addresses on Subnet1 to use a network ID of 10.10.0.0/16.

On Server1, you create a scope named Scope2. Scope2 contains IP addresses for the 10.10.0.0/16 network.

You need to ensure that clients on Subnet1 can receive IP addresses from either scope.

What should you create on Server1?

A. A multicast scopeB. A scopeC. A superscopeD. A split-scope

Correct Answer: CSection: (none)Explanation

Explanation/Reference:Explanation:A. Multicasting is the sending of network traffic to a group of endpoints destination hosts. Only those membersin the group of endpoints hosts that are listening for the multicast traffic (the multicast group) process themulticast traffic B. A scope is an administrative grouping of IP addresses for computers on a subnet that usethe Dynamic Host Configuration Protocol (DHCP) service. The administrator first creates a scope for eachphysical subnet and then uses the scope to define the parameters used by clients.C. A superscope is an administrative feature of Dynamic Host Configuration Protocol (DHCP) servers runningWindows Server 2008 that you can create and manage by using the DHCP Microsoft Management Console(MMC) snap-in. By using a superscope, you can group multiple scopes as a single administrative entity.D.http://technet.microsoft.com/en-us/library/dd759152.aspx http://technet.microsoft.com/en-us/library/dd759218.aspx http://technet.microsoft.com/en-us/library/dd759168.aspx


Your network contains an Active Directory domain named adatum.com. The domain contains a domaincontroller named DC1 that runs Windows Server 2012 R2.

On Dc1, you open DNS Manager as shown in the exhibit. (Click the Exhibit button.)

You need to change the zone type of the contoso.com zone from an Active Directory- integrated zone to astandard primary zone.

What should you do before you change the zone type?

A. Unsign the zone.B. Modify the Zone Signing Key (ZSK).C. Modify the Key Signing Key (KSK).D. Change the Key Master.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:Explanation:A. Lock icon indicating that it is currently signed with DNSSEC, zone must be unsignes

Guaranteed success with TestInsides practice guides 3 Microsoft 70-412 : Practice Test

B. An authentication key that corresponds to a private key used to sign a zone. C. The KSK is an authenticationkey that corresponds to a private key used to sign one or more other signing keys for a given zone. Typically,the private key corresponding to a KSK will sign a ZSK, which in turn has a corresponding private key that willsign other zone data.D.http://technet.microsoft.com/en-us/library/hh831411.aspx http://technet.microsoft.com/en-us/library/ee649132(v=ws.10).aspx


You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server roleinstalled.

You need to configure Server1 to resolve queries for single-label DNS names.

Which two actions should you perform? (Each correct answer presents part of the solution.Choose two.)

A. Run the Set-DNSServerGlobalNameZone cmdlet.B. Modify the DNS suffix search list setting.C. Modify the Primary DNS Suffix Devolution setting.D. Create a zone named ".".E. Create a zone named GlobalNames.F. Run the Set-DNSServerRootHint cmdlet.

Correct Answer: AESection: (none)Explanation

Explanation/Reference:Explanation:

http://technet.microsoft.com/en-us/library/cc731744.aspx http://technet.microsoft.com/en-us/library/jj649907(v=wps.620).aspx



Your network contains an Active Directory domain named contoso.com. The domain contains two servers

named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the IP Address Management(IPAM) Server feature installed. Server2 has the DHCP Server server role installed.

A user named User1 is a member of the IPAM Users group on Server1.

You need to ensure that User1 can use IPAM to modify the DHCP scopes on Server2. The solution mustminimize the number of permissions assigned to User1.

To which group should you add User1?

A. DHCP Administrators on Server2B. IPAM ASM Administrators on Server1C. IPAMUG in Active DirectoryD. IPAM MSM Administrators on Server1


Explanation/Reference:Explanation:The user need rights to change DHCP not IPAMC. Members of the DHCP Administrators group can view and modify any data at the DHCP server.http://technet.microsoft.com/en-us/library/jj878348.aspx http://technet.microsoft.com/en-us/library/cc737716(v=ws.10).aspx


You have a server named DC2 that runs Windows Server 2012 R2. DC2 contains a DNS zone namedadatum.com.


The adatum.com zone is shown in the exhibit. (Click the Exhibit button.)

You need to configure DNS clients to perform DNSSEC validation for the adatum.com DNS domain.

What should you configure?

A. The Network Location settingsB. A Name Resolution PolicyC. The DNS Client settingsD. The Network Connection settings

Correct Answer: BSection: (none)Explanation

Explanation/Reference:Explanation:A.B. The Name Resolution Policy Table (NRPT) is a table that contains rules you can configure to specify DNSsettings or special behavior for names or namespaces. The NRPT can be configured using Group Policy or byusing the Windows Registry. C. client component that resolves and caches Domain Name System (DNS)domain names. When the DNS Client service receives a request to resolve a DNS name that it does notcontain in its cache, it queries an assigned DNS server for an IP address for the nameD. Network connections make it possible for computers to access resources on the network and the internethttp://technet.microsoft.com/en-us/library/hh831411.aspx#config_client1



Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Server1 and Server2 that run Windows Server 2012 R2. Server1 has the DHCP Server server roleinstalled. Server2 has the Hyper-V server role installed. Server2 has an IP address of 192.168.10.50.

Server1 has a scope named Scope1 for the 192.168.10.0/24 network.

You plan to deploy 20 virtual machines on Server2 that will be connected to the external network. The MACaddresses for the virtual machines will begin with 00-15-SD-83-03.

You need to configure Server1 to offer the virtual machines IP addresses from 192.168.10.200 to

192.168.10.21g. Physical computers on the network must be offered IP addresses outside this range. You wantto achieve this goal by using the minimum amount of administrative effort.

What should you do from the DHCP console?

A. Create reservations.B. Create a policy.C. Delete Scope1 and create two new scopes.D. Configure Allow filters and Deny filters.


Explanation/Reference:Explanation:A. With client reservations, it is possible to reserve a specific IP address for permanent use by a DHCP client.A new feature in Windows Server 2012 R2 called policy based assignment allows for even greater flexibility.B. Policy based assignment allows the policy to be scoped to a MAC address and IP range C.D. A DHCP server offers its services to the DHCP clients based on the availability of MAC address filtering.Once the Allow filter is set, all DHCP operations are based on the access controls (allow/deny).http://blogs.technet.com/b/teamdhcp/archive/2012/08/22/granular-dhcp-server- administration-using-dhcppolicies-in-windows-server-2012.aspx http://technet.microsoft.com/en-us/library/hh831538.aspx http://technet.microsoft.com/en-us/library/ee405265(v=ws.10).aspx


Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed.

You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1and Server2.

You need to ensure that Tech 1 can use Server Manager on Server1 to manage IPAM on Server2.

To which group on Server2 should you add Tech1.

A. Remote Management UsersB. IPAM MSM AdministratorsC. IPAM AdministratorsD. WinRM Remote WM1 Users

Correct Answer: DSection: (none)Explanation

Explanation/Reference:


Your network contains two Active Directory forests named contoso.com and adatum.com. All of the domaincontrollers in both of the forests run Windows Server 2012 R2. The adatum.com domain contains a file servernamed Servers.

Adatum.com has a one-way forest trust to contoso.com.

A contoso.com user name User10 attempts to access a shared folder on Servers and receives the errormessage shown in the exhibit. (Click the Exhibit button.)

You verify that the Authenticated Users group has Read permissions to the Data folder.

You need to ensure that User10 can read the contents of the Data folder on Server5 in the adatum.comdomain.

What should you do?

A. Grant the Other Organization group Read permissions to the Data folder.B. Modify the list of logon workstations of the contoso\User10 user account.C. Enable the Netlogon Service (NP-In) firewall rule on Server5.D. Modify the permissions on the Server5 computer object in Active Directory.


Explanation/Reference:Explanation:To resolve the issue, I had to open up AD Users and Computers --> enable Advanced Features --> Select theComputer Object --> Properties --> Security --> Add the Group I want to allow access to the computer (in thiscase, DomainA\Domain users) and allow "Allowed to Authenticate". Once I did that, everything worked:http://technet.microsoft.com/en-us/library/cc816733(v=ws.10).aspx

QUESTION 99 HOTSPOT - (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains two ActiveDirectory sites named Site1 and Site2.

You discover that when the account of a user in Site1 is locked out, the user can still log on to the servers inSite2 for up to 15 minutes by using Remote Desktop Services (RDS).

You need to reduce the amount of time it takes to synchronize account lockout information across the domain.

Which attribute should you modify?

To answer, select the appropriate attribute in the answer area.

A.B.C.D.

Correct Answer: Section: (none)Explanation

Explanation/Reference:Guaranteed success with TestInsides practice guides 13 Microsoft 70-412 : Practice Test


Your network contains an Active Directory forest. The forest contains two domains named contoso.com andfabrikam.com. The functional level of the forest is Windows Server 2003.

You have a domain outside the forest named adatum.com.

You need to configure an access solution to meet the following requirements:

Users in adatum.com must be able to access resources in contoso.com. Users in adatum.com must beprevented from accessing resources in

fabrikam.com.Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com.

What should you create?

A. a one-way external trust from adatum.com to fabrikam.comB. a one-way realm trust from fabrikam.com to adatum.comC. a one-way realm trust from adatum.com to fabrikam.comD. a one-way external trust from fabrikam.com to adatum.com


Explanation/Reference:Explanation:A. A one-way trust is a unidirectional authentication path that is created between two domains. This means thatin a one-way trust between Domain A and Domain B, users in Domain A can access resources in Domain B.

However, users in Domain B cannot access resources in Domain A. This would allow adatum.com usersaccess to Contoso which is desired B. This would allow contoso.com users access to adatum which must beprevented and used for non windows realm to ADC. This would allow adatum.com users access to contoso which is desired but realm trust types are used fornon windows realm to ADD. This would allow adatum users access to contoso which must be prevented and You need to make trustrelationship where domain contoso.com trusts adatum.com.

NOTE: On exam the domain names were changed, so understand the question well http://technet.microsoft.com/en-us/library/cc728024(v=ws.10).aspx


Your network contains an Active Directory domain named contoso.com. The domain contains a main office anda branch office. An Active Directory site exists for each office.

All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers.

The domain controllers are configured as shown in the following table.

DC1 hosts an Active Directory-integrated zone for contoso.com.

You add the DNS Server server role to DC2.

You discover that the contoso.com DNS zone fails to replicate to DC2.

You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2.

You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication.

Which tool should you use?

A. Active Directory Sites and ServicesB. NtdsutilC. DNS ManagerD. Active Directory Domains and Trusts


Explanation/Reference:Explanation:A. To control replication between two sites, you can use the Active Directory Sites and Services snap-in toconfigure settings on the site link object to which the sites are added. By configuring settings on a site link, youcan control when replication occurs between two or more sites, and how often

Incorrect:

Not B. Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory DomainServices (AD DS) and Active Directory Lightweight Directory Services (AD LDS). You can use the ntdsutilcommands to perform database maintenance of AD DS, manage and control single master operations, andremove metadata left behind by domain controllers that were removed from the network without being properlyuninstalled. Not C. DNS Manager is the tool you'll use to manage local and remote DNS Servers


Not D. Active Directory Domains and Trusts is the Microsoft Management Console (MMC) snap-in that you canuse to administer domain trusts, domain and forest functional levels, and user principal name (UPN) suffixes.NOTE: If you see question about AD Replication, First preference is AD sites and services, then Repadmin andthen DNSLINT.



The contoso.com domain contains domain controllers that run either Windows Server 2008 or Windows Server2008 R2. The functional level of the domain is Windows Server 2008.

The fabrikam.com domain contains domain controllers that run either Windows Server 2003 or WindowsServer 2008. The functional level of the domain is Windows Server 2003.

The contoso.com domain contains a member server named Server1 that runs Windows Server 2012 R2.

You install the Active Directory Domain Services server role on Server1.

You need to add Server1 as a new domain controller in the contoso.com domain.

What should you do?

A. Run the Active Directory Domain Services Configuration Wizard.B. Run adprep.exe /domainprep, and then run dcpromo.exe.C. Raise the functional level of the forest, and then run dcprorno.exe.D. Modify the Computer Name/Domain Changes properties.

Correct Answer: ASection: (none)

Explanation

Explanation/Reference:Explanation:Windows Server 2012 R2 requires a Windows Server 2003 forest functional level. That is, before you can add adomain controller that runs Windows Server 2012 R2 to an existing Active Directory forest, the forest functionallevel must be Windows Server 2003 or higher.

http://blogs.technet.com/b/askpfeplat/archive/2012/09/03/introducing-the-first-windowsserver-2012-domaincontroller.aspxhttp://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx http://technet.microsoft.com/en-us/library/jj574134.aspx



Your network contains an Active Directory forest. The forest contains two domains named contoso.com andfabrikam.com. The forest functional level is Windows 2000.

The contoso.com domain contains domain controllers that run either Windows Server 2008 or Windows Server2008 R2. The domain functional level is Windows Server 2008.

The fabrikam.com domain contains domain controllers that run either Windows 2000 Server or WindowsServer 2003. The domain functional level is Windows 2000 native.

The contoso.com domain contains a member server named Server1 that runs Windows Server 2012 R2.

You need to add Server1 as a new domain controller in the contoso.com domain.

What should you do first?

A. Raise the functional level of the contoso.com domain to Windows Server 2008 R2.B. Upgrade the domain controllers that run Windows Server 2008 to Windows Server 2008 R2.C. Raise the functional level of the fabrikam.com domain to Windows Server 2003.D. Decommission the domain controllers that run Windows 2000.E. Raise the forest functional level to Windows Server 2003.


Explanation/Reference:Explanation:D. Server 2003 is the minimum Domain Functional level for any domain in the forest Windows Server 2012 R2requires a Windows Server 2003 forest functional level. That is, before you can add a domain controller thatruns Windows Server 2012 R2 to an existing Active Directory forest, the forest functional level must beWindows Server 2003 or higher. http://technet.microsoft.com/en-us/library/cc771294.aspx


Your network contains an Active Directory domain named adatum.com. The domain contains two domaincontrollers that run Windows Server 2012 R2. The domain controllers are configured as shown in the followingtable.

You log on to DC1 by using a user account that is a member of the Domain Admins group, and then you createa new user account named User1.

You need to prepopulate the password for User1 on DC2.


A. Connect to DC2 from Active Directory Users and Computers.B. Add DC2 to the Allowed RODC Password Replication Policy group.C. Add the User1 account to the Allowed RODC Password Replication Policy group.D. Run Active Directory Users and Computers as a member of the Enterprise Admins group.


Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre


Your company has offices in Montreal, New York, and Amsterdam.

The network contains an Active Directory forest named contoso.com. An Active Directory site exists for eachoffice. All of the sites connect to each other by using the DEFAULTIPSITE1INK site link.

You need to ensure that only between 20:00 and 08:00, the domain controllers in the

Montreal office replicate the Active Directory changes to the domain controllers in the Amsterdam office.

The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate theActive Directory changes any time of day.

What should you do?

A. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam fromDEFAULTIPSITE1INK. Modify the schedule of DEFAULTIPSITE1INK.

B. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify theschedule of DEFAU LTIPSITE1INK.

C. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam fromDEFAULTIPSITE1INK. Modify the schedule of the new site link.

D. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify theschedule of the new site link.


Explanation/Reference:Explanation:Very Smartly reworded with same 3 offices. In the exam correct answer is "Create a new site link that containsNewyork to Montreal. Remove Montreal from DEFAULTIPSITE1INK.Modify the schedule of the new site link".http://technet.microsoft.com/en-us/library/cc755994(v=ws.10).aspx


Your network contains two Active Directory forests named contoso.com and adatum.com. A two-way foresttrust exists between the forests.

The contoso.com forest contains an enterprise certification authority (CA) named Server1.

You implement cross-forest certificate enrollment between the contoso.com forest and the adatum.com forest.

On Server1, you create a new certificate template named Template1.

You need to ensure that users in the adatum.com forest can request certificates that are based on Template1.


A. DumpADO.ps1B. RepadminC. Add-CATemplateD. CertutilE. PKISync.ps1

Correct Answer: ESection: (none)Explanation

Explanation/Reference:Explanation:A.B. Repadmin.exe helps administrators diagnose Active Directory replication problems between domaincontrollers running Microsoft Windows operating systems.C. Adds a certificate template to the CA.D. use Certutil.exe to dump and display certification authority (CA) configuration information, configureCertificate Services, backup and restore CA components, and verify certificates, key pairs, and certificatechains.E. PKISync.ps1 copies objects in the source forest to the target forest

http://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx#BKMK_Consolidating http://technet.microsoft.com/en-us/library/cc770963(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh848372.aspx http://technet.microsoft.com/library/cc732443.aspx http://technet.microsoft.com/en-us/library/ff961506(v=ws.10).aspx


Your network contains an Active Directory domain named adatum.com. The domain contains four servers. Theservers are configured as shown in the following table.

You plan to deploy an enterprise certification authority (CA) on a server named Server5. Server5 will be used toissue certificates to domain-joined computers and workgroup computers.

You need to identify which server you must use as the certificate revocation list (CRL) distribution point forServer5.

Which server should you identify?

A. Server3B. Server2C. Server4D. Server1


Explanation/Reference:Explanation:A. We cannot use AD DS because workgroup computers must access CRL distribution pointB. We cannot use File Share because workgroup computers must access CRL distribution pointC. Public facing web server can be usedD. AD DS, Web & File Share onlyhttp://technet.microsoft.com/en-us/



You have a server named Server1 that has the Active Directory Certificate Services server role installed.

Server1 uses a hardware security module (HSM) to protect the private key of Server1.

You need to ensure that the Active Directory Certificate Services (AD CS) database, log files, and private keyare backed up.

You perform regular backups of the HSM module by using a backup utility provided by the HSM manufacturer.

What else should you do?

A. Run the certutil.exe command and specify the -backupkey parameter.B. Run the certutil.exe command and specify the -backupdb parameter.C. Run the certutil.exe command and specify the -backup parameter.D. Run the certutil.exe command and specify the -dump parameter.


Explanation/Reference:Explanation:A. Backup the Active Directory Certificate Services certificate and private key B. Backup the Active DirectoryCertificate Services database C. Backup Active Directory Certificate ServicesD. Dump configuration information or fileshttp://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupKey http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupDB http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backup http://technet.microsoft.com/library/cc732443.aspx#BKMK_dump


Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 R2. Server1 has the Active Directory Federation Services (AD FS)server role installed.

Adatum.com is a partner organization.

You are helping the administrator of adatum.com set up a federated trust between adatum.com andcontoso.com. The administrator of adatum.com asks you to provide a file containing the federation metadata ofcontoso.com.

You need to identify the location of the federation metadata file. Which node in the AD FS console should youselect?

To answer, select the appropriate node in the answer area.

A.B.C.D.




Your network contains three Active Directory forests. Each forest contains an Active Directory RightsManagement Services (AD RMS) root cluster.

All of the users in all of the forests must be able to access protected content from any of the forests.

You need to identify the minimum number of AD RMS trusts required.

How many trusts should you identify?

A. 2B. 3C. 4

D. 6


Explanation/Reference:Explanation:3 Forests. Bi Direcrional test needed means each forest needs 2 other forests TUD file.3 x 2 =6http://technet.microsoft.com/en-us/library/ee221071(v=ws.10).aspx


Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012R2.

The domain contains a domain controller named DC1 that is configured as an enterprise root certificationauthority (CA).

All users in the domain are issued a smart card and are required to log on to their domain- joined clientcomputer by using their smart card.

A user named User1 resigned and started to work for a competing company.

You need to prevent User1 immediately from logging on to any computer in the domain. The solution must notprevent other users from logging on to the domain.


A. Active Directory Sites and ServicesB. Active Directory Administrative CenterC. Server ManagerD. Certificate Templates


Explanation/Reference:Explanation:B. Disable user1 from ADAC

Note:To disable or enable a user account using Active Directory Administrative Center To open Active DirectoryAdministrative Center, click Start , click Administrative Tools , and then click Active Directory AdministrativeCenter . To open Active Directory Users and Computers in Windows Server® 2012, click Start , type dsac.exe .

In the navigation pane, select the node that contains the user account whose status you want to change.In the management list, right-click the user whose status you want to change. Depending on the status of theuser account, do one of the following:


Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-Vserver role installed. Server1 hosts 10 virtual machines that run Windows Server 2012 R2.

You add a new server named Server2. Server2 has faster hard disk drives, more RAM, and a differentprocessor manufacturer than Server1.

You need to move all of the virtual machines from Server1 to Server2. The solution must minimize downtime.

What should you do for each virtual machine?

A. Perform a quick migration.B. Perform a storage migration.C. Export the virtual machines from Server1 and import the virtual machines to Server2.D. Perform a live migration.


Explanation/Reference:Explanation:C. Other options require same CPU family and cluster http://technet.microsoft.com/en-us/library/hh848491.aspxhttp://technet.microsoft.com/en-us/library/hh848495.aspx http://technet.microsoft.com/en-us/library/jj628158.aspx The different processor manufacturer is the key here. Storage, Live, and Quick all require samemanufacturer.


You have a datacenter that contains six servers. Each server has the Hyper-V server role installed and runsWindows Server 2012 R2. The servers are configured as shown in the following table.

Host4 and Host5 are part of a cluster named Cluster1. Cluster1 hosts a virtual machine named VM1.

You need to move VM1 to another Hyper-V host. The solution must minimize the downtime of VM1.

To which server and by which method should you move VM1?

A. To Host3 by using a storage migrationB. To Host6 by using a storage migrationC. To Host2 by using a live migrationD. To Host1 by using a quick migration


Explanation/Reference:Explanation:A. Host3 is the only option to allow minimum downtime and has same processor manufacturersB. Live Storage Migration requires same processor manufacturers C. Live migration requires same same

processor manufacturers D. Quick migration has downtimeNOTE: Exam may have more options but same answer

http://technet.microsoft.com/en-us/library/dd446679(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh831656.aspx http://technet.microsoft.com/en-us/library/jj628158.aspx


Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012 R2.

Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in afailover cluster named Cluster1.

Cluster1 hosts an Application named App1.

You need to ensure that Server2 handles all of the client requests to the cluster for App1. The solution mustensure that if Server2 fails, Server1 becomes the active node for App1.


A. Affinity-NoneB. Affinity-SingleC. The cluster quorum settingsD. The failover settingsE. A file server for general useF. The Handling priorityG. The host priorityH. Live migrationI. The possible ownerJ. The preferred ownerK. Quick migrationL. the Scale-Out File Server

Correct Answer: JSection: (none)Explanation

Explanation/Reference:Explanation:http://blogs.msdn.com/b/clustering/archive/2008/10/14/9000092.aspx

The preferred owner in a 2 server cluster will always be the active node unless it is down.




You add two additional nodes to Cluster1.

You need to ensure that Cluster1 stops running if three nodes fail.




Explanation/Reference:Explanation:C. The quorum configuration in a failover cluster determines the number of failures that the cluster can sustain.http://technet.microsoft.com/en-us/library/cc731739.aspx




You configure File Services and DHCP as clustered resources for Cluster1. Server1 is the active node for bothclustered resources.

You need to ensure that if two consecutive heartbeat messages are missed between Server1 and Server2,Server2 will begin responding to DHCP requests. The solution must ensure that Server1 remains the activenode for the File Services clustered resource for up to five missed heartbeat messages.


A. Affinity-NoneB. Affinity-SingleC. The cluster quorum settingsD. The failover settingsE. A file server for general useF. The Handling priorityG. The host priority

H. Live migrationI. The possible ownerJ. The preferred ownerK. Quick migrationL. the Scale-Out File Server


Explanation/Reference:Explanation:A. The number of heartbeats that can be missed before failover occurs is known as the heartbeat thresholdhttp://technet.microsoft.com/en-us/library/dn265972.aspx http://technet.microsoft.com/en-us/library/dd197562(v=ws.10).aspx http://blogs.msdn.com/b/clustering/archive/2012/11/21/10370765.aspx




You add two additional nodes to Cluster1.

You have a folder named Folder1 on Server1 that contains Application data.

You plan to provide continuously available access to Folder1.

You need to ensure that all of the nodes in Cluster1 can actively respond to the client requests for Folder1.



Correct Answer: LSection: (none)Explanation

Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/hh831349.aspx

Scale-Out File Server for Application data (Scale-Out File Server) This clustered file server is introduced inWindows Server 2012 R2 and lets you store server Application data, such as Hyper-V virtual machine files, onfile shares, and obtain a similar level of reliability, availability, manageability, and high performance that youwould expect from a storage area network. All file shares are online on all nodes simultaneously. File sharesassociated with this type of clustered file server are called scale-out file shares. This is sometimes referred toas active-active.


Information and details provided in a question App1y only to that question.


Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured asnodes in an NLB cluster named Cluster1.

Cluster1 hosts a secure web Application named WebApp1. WebApp1 saves user state information locally oneach node.

You need to ensure that when users connect to WebApp1, their session state is maintained.





Explanation:http://technet.microsoft.com/en-us/library/bb687542.aspx


Your company has a main office and a branch office.

The main office contains a file server named Server1. Server1 has the BranchCache for Network Files roleservice installed. The branch office contains a server named Server2. Server2 is configured as a BranchCachehosted cache server.

You need to preload the data from the file shares on Server1 to the cache on Server2.

You generate hashes for the file shares on Server1.

Which cmdlet should you run next?

A. Add-BCDataCacheExtensionB. Set-BCCacheC. Publish-BCFileContentD. Export-BCCachePackage


Explanation/Reference:Explanation:A. increases the amount of cache storage space that is available on a hosted cache server by adding a newcache file.B. Modifies the cache file configuration.C. Generates hashes, also called content information, for files in shared folders on a file server that haveBranchCache enabled and the BranchCache for Network Files role service installed.D. Exports a cache package

http://technet.microsoft.com/en-us/library/hh848405.aspx http://technet.microsoft.com/en-us/library/hh848413.aspx http://technet.microsoft.com/en-us/library/hh848412.aspx http://technet.microsoft.com/en-us/library/hh848409.aspx http://technet.microsoft.com/fr-fr/library/jj572970.aspx



Your company has a main office and a branch office. The main office is located in Detroit.The branch office is located in Seattle.

The network contains an Active Directory domain named adatum.com. Client computers run either Windows 7Enterprise or Windows 8 Enterprise.

The main office contains 1,000 client computers and 50 servers. The branch office contains 20 clientcomputers.

All computer accounts for the branch office are located in an organizational unit (OU) namedSeattleComputers. A Group Policy object (GPO) named GPO1 is linked to the SeattleComputers OU.

You need to configure BranchCache for the branch office.

A.B.C.D.



QUESTION 3131 DRAG DROP - (Topic 1)

Your network contains an Active Directory domain named contoso.com. All file servers in the domain runWindows Server 2012 R2.

The computer accounts of the file servers are in an organizational unit (OU) named OU1. A Group Policy object(GPO) named GPO1 is linked to OU1.

You plan to modify the NTFS permissions for many folders on the file servers by using central access policies.

You need to identify any users who will be denied access to resources that they can currently access once thenew permissions are implemented.

In which order should you Perform the five actions?

A.B.C.D.




You have a file server named Server1 that runs Windows Server 2012 R2.

Data Deduplication is enabled on drive D of Server1.

You need to exclude D:\Folder1 from Data Deduplication.


A. Disk Management in Computer ManagementB. File and Storage Services in Server ManagerC. the classification rules in File Server Resource Manager (FSRM)D. the properties of D:\Folder1


Explanation/Reference:Explanation:B. Data deduplication exclusion on a Volume are set from File & Storage Services, Server Manager orPowerShellhttp://technet.microsoft.com/en-us/library/hh831434.aspx


You manage an environment that has many servers. The servers run Windows Server 2012 R2 and use iSCSIstorage.

Administrators report that it is difficult to locate available iSCSI resources on the network.

You need to ensure that the administrators can locate iSCSI resources on the network by using a centralrepository.

Which feature should you deploy?

A. The iSCSI Target Server role service

B. The iSNS Server service featureC. The Windows Standards-Based Storage Management feature D. The iSCSI Target Storage Provider feature


Explanation/Reference:Explanation:A. iSNS facilitates automated discovery, management, and configuration of iSCSI and Fibre Channel devices(using iFCP gateways) on a TCP/IP network.B.C. Windows Server 2012 R2 enables storage management that is comprehensive and fully scriptable, andadministrators can manage it remotely D. iSCSI Target Server enables you to network boot multiple computersfrom a single operating system image that is stored in a centralized location

http://technet.microsoft.com/en-us/library/cc772568.aspx http://technet.microsoft.com/en-us/library/hh831751.aspx http://technet.microsoft.com/en-us/library/dn305893.aspx


Your network contains an Active Directory domain named contoso.com. The network contains a file servernamed Server1 that runs Windows Server 2012 R2.

You create a folder named Folder1. You share Folder1 as Share1. The NTFS permissions on Folder1 areshown in the Folder1 exhibit. (Click the Exhibit button.)

The Everyone group has the Full control Share permission to Folder1.

You configure a central access policy as shown in the Central Access Policy exhibit. (Click the Exhibit button.)

Members of the IT group report that they cannot modify the files in Folder1.

Guaranteed success with TestInsides practice guides 43 Microsoft 70-412 : Practice TestYou need to ensure that the IT group members can modify the files in Folder1. The solution must use centralaccess policies to control the permissions.


A. On the Classification tab of Folder1, set the classification to Information Technology.B. On the Security tab of Folder1, add a conditional expression to the existing permission entry for the IT

group.

C. On Share1, assign the Change Share permission to the IT group.D. On the Security tab of Folder1, remove the permission entry for the IT group.E. On the Security tab of Folder1, assign the Modify permission to the Authenticated Users group.


Explanation/Reference:Explanation:Central access policies for files enable organizations to centrally deploy and manage authorization policies thatinclude conditional expressions that use user groups, user claims, device claims, and resource properties.(Claims are assertions about the attributes of the object with which they are associated). For example, toaccess high-business-impact (HBI) data, a user must be a full-time employee, obtain access from a manageddevice, and log on with a smart card. These policies are defined and hosted in Active Directory DomainServices (AD DS). http://technet.microsoft.com/en-us/library/hh846167.aspx




You have a server named File1 that runs Windows Server 2012 R2. Fuel has the File Server role serviceinstalled.

You plan to back up all shared folders by using Microsoft Online Backup.

You download and install the Microsoft Online Backup Service Agent on File1.

You need to ensure that you use Windows Server Backup to back up data to Microsoft Online Backup.

What should you do?

A. From Computer Management, add the File1 computer account to the Backup Operators group.B. From Windows Server Backup, run the Register Server Wizard.C. From a command prompt, run wbadmin.exe enable backup.D. From the Services console, modify the Log On settings of the Microsoft Online Backup Service Agent.


Explanation/Reference:Explanation:A. Enables you to back up and restore your operating system, volumes, files, folders, and applications from acommand prompt.B. To register a server for use with Windows Azure Backup you must run the register server wizardC.D.http://technet.microsoft.com/en-us/library/hh831677.aspx


Your network contains an Active Directory domain named contoso.com.

You are creating a custom Windows Recovery Environment (Windows RE) image.

You need to ensure that when a server starts from the custom Windows RE image, a drive is mappedautomatically to a network share.

What should you modify in the image?

A. startnet.cmdB. Xsl-mappings.xmlC. Win.iniD. smb.types.ps1xml


Explanation/Reference:Explanation:The best way to define what to start is using starnet.cmd http://technet.microsoft.com/en-us/library/cc766521(v=ws.10).aspx


You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012 R2.

You need to ensure that users can access previous versions of files that are shared on Server1 by using thePrevious Versions tab.


A. DiskpartB. WbadminC. VssadminD. Storrept


Explanation/Reference:Explanation:A. Enables you to back up and restore your operating system, volumes, files, folders, and applications from acommand prompt.B. DiskPart is a text-mode command interpreter that enables you to manage objects (disks, partitions, volumes,or virtual hard disks) by using scripts or direct input from a command prompt.C. The storrept command is installed with File Server Resource Manager and includes subcommands forcreating and managing storage reports and storage report tasks, as well as for configuring generaladministrative options for File Server Resource Manager. D. Displays current volume shadow copy backupsand all installed shadow copy writers and providers. To view the command syntax for any of the commands inthe following table, click the command name.

http://technet.microsoft.com/en-us/library/cc754015(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc770877(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc753567(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc754968.aspx


You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows DeploymentServices server role installed.

You back up Server1 each day by using Windows Server Backup.

The disk array on Server1 fails.

You replace the disk array.

You need to restore Server1 as quickly as possible.

What should you do?

A. Start Server1 from the Windows Server 2012 R2 installation media.B. Start Server1and press F8.C. Start Server1 and press Shift+F8.D. Start Server1 by using the PXE.


Explanation/Reference:Explanation:A. Recovery of the OS uses the Windows Setup Dischttp://technet.microsoft.com/en-us/library/cc753920.aspx http://www.windowsnetworking.com/articles_tutorials/Restoring-Windows-Server-Bare- Metal.html


Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2.

Both servers have the Hyper-V server role installed. Server1 and Server2 are located in different offices. Theoffices connect to each other by using a high-latency WAN link.

Server2 hosts a virtual machine named VM1.

You need to ensure that you can start VM1 on Server1 if Server2 fails. The solution must minimize hardwarecosts.

What should you do?

A. On Server1, install the Multipath I/O (MPIO) feature. Modify the storage location of the VHDs for VM1.B. From the Hyper-V Settings of Server2, modify the Replication Configuration settings.

Enable replication for VM1.C. On Server2, install the Multipath I/O (MPIO) feature. Modify the storage location of the VHDs for VM1.D. From the Hyper-V Settings of Server1, modify the Replication Configuration settings.

Enable replication for VM1.


Explanation/Reference:Explanation:You first have to enable replication on the Replica server--Server1--by going to the server and modifying the"Replication Configuration" settings under Hyper-V settings. You then go to VM1--which presides on Server2--and run the "Enable Replication" wizard on VM1.



You have a server named Server1 that runs Windows Server 2012 R2.

You modify the properties of a system driver and you restart Server1.

You discover that Server1 continuously restarts without starting Windows Server 2012 R2.

You need to start Windows Server 2012 R2 on Server1 in the least amount of time. The solution must minimizethe amount of data loss.

Which Advanced Boot Option should you select?

A. Last Know Good Configuration (advanced)B. Repair Your ComputerC. Disable automatic restart on system failureD. Disable Driver Signature Enforcement


Explanation/Reference:Explanation:http://windows.microsoft.com/en-ph/windows-vista/using-last-known-good-configuration


Your network contains an Active Directory domain named contoso.com. The domain contains three serversnamed Server1, Server2, and Server3 that run Windows Server 2012 R2. All three servers have the Hyper-Vserver role installed and the Failover Clustering feature installed.

Server1 and Server2 are nodes in a failover cluster named Cluster1. Several highly available virtual machinesrun on Cluster1. Cluster1 has the Hyper-V Replica Broker role installed. The Hyper-V Replica Broker currentlyruns on Server1.

Server3 currently has no virtual machines.

You need to configure Cluster1 to be a replica server for Server3 and Server3 to be a replica server forCluster1.

Which two tools should you use? (Each correct answer presents part of the solution.Choose two.)

A. The Hyper-V Manager console connected to Server3B. The Failover Cluster Manager console connected to Server3

C. The Hyper-V Manager console connected to Server1.D. The Failover Cluster Manager console connected to Cluster1E. The Hyper-V Manager console connected to Server2

Correct Answer: ADSection: (none)Explanation

Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/jj134240.aspx



You have a file server named Server1 that runs Windows Server 2012 R2. The folders on Server1 areconfigured as shown in the following table.

A new corporate policy states that backups must use Microsoft Online Backup whenever possible.

You need to identify which technology you must use to back up Server1. The solution must use MicrosoftOnline Backup whenever

What should you identify?

To answer, drag the appropriate backup type to the correct location or locations. Each backup type may beused once, more than once, or not at all. You may need to drag the split bar between panes or scroll to viewcontent.

A.B.C.D.




You have a DNS server named Server1 that runs Windows Server 2012 R2. Server1 has a signed zone forcontoso.com.

You need to configure DNS clients to perform DNSSEC validation for the contoso.com DNS domain.


A. The Network Connection settingsB. A Name Resolution PolicyC. The Network Location settingsD. The DNS Client settings

Correct Answer: B

Section: (none)Explanation

Explanation/Reference:Explanation:B. In a DNSSEC deployment, validation of DNS queries by client computers is enabled through configuration ofIPSEC & NRPT

http://technet.microsoft.com/en-us/library/ee649182(v=ws.10).aspx http://technet.microsoft.com/en-us/library/ee649136(v=ws.10).aspx


Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC1 that runs Windows Server 2012 R2.

On Dc1, you open DNS Manager as shown in the exhibit. (Click the Exhibit button.)

You need to change the replication scope of the contoso.com zone.

What should you do before you change the replication scope?

A. Modify the Zone Transfers settings.B. Add DC1 to the Name Servers list.C. Add your user account to the Security settings of the zone.D. Unsign the zone.


Explanation/Reference:Explanation:D. Lock icon signifies that the Zone has been signed. Changes to the zone are blocked when signedhttp://www.microsoft.com/en-us/download/dlx/ThankYou.aspx?id=29018


Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC1 and a member server named Server1. Server1 has the IP Address Management (IPAM)Server feature installed.

On Dc1, you configure Windows Firewall to allow all of the necessary inbound ports for IPAM.

On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.)


You need to ensure that you can use IPAM on Server1 to manage DNS on DC1.

What should you do?

A. Modify the outbound firewall rules on Server1.B. Modify the inbound firewall rules on Server1.C. Add Server1 to the Remote Management Users group.D. Add Server1 to the Event Log Readers group.


Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/jj878313.aspx



Your network contains an Active Directory domain named contoso.com. The domain contains servers namedServer1 and Server2 that run Windows Server 2012 R2. Server1 has the IP Address Management (IPAM)Server feature installed.

You install the IPAM client on Server2.

You open Server Manager on Server2 as shown in the exhibit. (Click the Exhibit button.)

You need to manage IPAM from Server2.


A. On Server1, add the Server2 computer account to the IPAM MSM Administrators group.B. On Server2, open Computer Management and connect to Server1.C. On Server2, add Server1 to Server Manager.D. On Server1, add the Server2 computer account to the IPAM ASM Administrators group.




http://technet.microsoft.com/en-us/library/hh831453.aspx


Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named Dc1. DC1 has the DNS Server server role installed.

The network has two sites named Site1 and Site2. Site1 uses 10.10.0.0/16 IP addresses and Site2 uses10.11.0.0/16 IP addresses. All computers use DC1 as their DNS server.

The domain contains four servers named Server1, Server2, Server3, and Server4. All of the servers run aservice named Service1.

DNS host records are configured as shown in the exhibit. (Click the Exhibit button.)

You discover that computers from the 10.10.1.0/24 network always resolve Service1 to the IP address ofServer1.

You need to configure DNS on DC1 to distribute computers in Site1 between Server1 and Server2 when thecomputers attempt to resolve Service1.

What should run on DC1?

A. dnscmd /config /bindsecondaries 1B. dnscmd /config /localnetpriority 0C. dnscmd /config /localnetprioritynetmask 0x0000ffffD. dnscmd /config /roundrobin 0


Explanation/Reference:Explanation:A. Specifies use of fast transfer format used by legacy Berkeley Internet Name Domain (BIND) servers. 1enablesB. Disables netmask ordering.C. You can use the Dnscmd /Config /LocalNetPriorityNetMask 0x0000FFFF command to use class B ( or 16bit) for netmask ordering for DNS round robin D. Disables round robin rotation.http://technet.microsoft.com/en-us/library/cc737355(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc738473(v=ws.10).aspx http://support.microsoft.com/kb/842197


http://technet.microsoft.com/en-us/library/cc779169(v=ws.10).aspx



The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.

Both servers have the DHCP Server server role installed. Server1 is located in the main office site. Server2 islocated in the branch office site.

Server1 provides IPv4 addresses to the client computers in the main office site. Server2 provides IPv4addresses to the client computers in the branch office site.

You need to ensure that if either Server1 or Server2 are offline, the client computers can still obtain IPv4addresses.

The solution must meet the following requirements:

The storage location of the DHCP databases must not be a single point of failure. Server1 must provide IPv4addresses to the client computers in the branch office site only if Server2 is offline.Server2 must provide IPv4 addresses to the client computers in the main office site only if Server1 is offline.

Which configuration should you use?

A. load sharing mode failover partnersB. A failover clusterC. Hot standby mode failover partnersD. A Network Load Balancing (NLB) cluster


Explanation/Reference:Explanation:A. The load sharing mode of operation is best suited to deployments where both servers in a failoverrelationship are located at the same physical site. B. Hot standby mode of operation is best suited todeployments where a central office or

data center server acts as a standby backup server to a server at a remote site, which is local to the DHCPclientsC. Needs to be a DHCP Failover optionD. Needs to be a DHCP Failover optionhttp://technet.microsoft.com/en-us/library/hh831385.aspx http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failover-hot-standby- mode.aspx


You have a DHCP server named Server1. Server1 has an IP address 192.168.1.2 is located on a subnet thathas a network ID of 192.168.1.0/24.

On Server1, you create the scopes shown in the following table.

You need to ensure that Server1 can assign IP addresses from both scopes to the DHCP clients on the localsubnet.

What should you create on Server1?

A. A scopeB. A superscopeC. A split-scopeD. A multicast scope


Explanation/Reference:Explanation:A. A scope is an administrative grouping of IP addresses for computers on a subnet that use the Dynamic HostConfiguration Protocol (DHCP) service. The administrator first creates a scope for each physical subnet andthen uses the scope to define the parameters used by clients.B. A superscope is an administrative feature of Dynamic Host Configuration Protocol (DHCP) servers runningWindows Server 2008 that you can create and manage by using the DHCP Microsoft Management Console(MMC) snap-in. By using a superscope, you can group multiple scopes as a single administrative entity.C.D. Multicasting is the sending of network traffic to a group of endpointsdestination hosts. Only those membersin the group of endpoints hosts that are listening for the multicast traffic (the multicast group) process themulticast traffic http://technet.microsoft.com/en-us/library/dd759168.aspx http://technet.microsoft.com/en-us/library/dd759152.aspx


Your network contains servers that run Windows Server 2012 R2. The network contains a large number ofiSCSI storage locations and iSCSI clients.

Guaranteed success with TestInsides practice guides 63 Microsoft 70-412 : Practice TestYou need to deploy a central repository that can discover and list iSCSI resources on the network automatically.

Which feature should you deploy?

A. the Windows Standards-Based Storage Management featureB. the iSCSI Target Server role serviceC. the iSCSI Target Storage Provider featureD. the iSNS Server service feature


Explanation/Reference:Explanation:A. Windows Server 2012 R2 enables storage management that is comprehensive and fully scriptable, andadministrators can manage it remotely. A WMI-based interface provides a single mechanism through which tomanage all storage, including non-Microsoft intelligent storage subsystems and virtualized local storage (knownas Storage Spaces). Additionally, management applications can use a single Windows API to manage differentstorage types by using standards-based protocols such as Storage Management Initiative Specification (SMI-S).B. Targets are created in order to manage the connections between an iSCSI device and the servers that needto access it. A target defines the portals (IP addresses) that can be used to connect to the iSCSI device, as wellas the security settings (if any) that the iSCSI device requires in order to authenticate the servers that arerequesting access to its resources.C. iSCSI Target Storage Provider enables applications on a server that is connected to an iSCSI target toperform volume shadow copies of data on iSCSI virtual disks. It also enables you to manage iSCSI virtual disksby using older applications that require a Virtual Disk Service (VDS) hardware provider, such as the Diskraidcommand. D. The Internet Storage Name Service (iSNS) protocol is used for interaction between iSNS servers

and iSNS clients. iSNS clients are computers, also known as initiators, that are attempting to discover storagedevices, also known as targets, on an Ethernet network.

http://technet.microsoft.com/en-us/library/cc726015.aspx http://technet.microsoft.com/en-us/library/cc772568.aspx


Your network contains an Active Directory domain named contoso.com. The domain contains a file servernamed Server1. All servers run Windows Server 2012 R2.

All domain user accounts have the Division attribute automatically populated as part of the user provisioningprocess. The Support for Dynamic Access Control and Kerberos armoring policy is enabled for the domain.

You need to control access to the file shares on Server1 based on the values in the Division attribute and theDivision resource property.

Which three actions should you perform in sequence?

A.B.C.D.




You have a file server named FS1 that runs Windows Server 8.

Data Deduplication is enabled on FS1.

You need to configure Data Deduplication to run at a normal priority from 20:00 to 06:00 daily.


A. File and Storage Services in Server ManagerB. The Data Deduplication process in Task ManagerC. Disk Management in Computer ManagementD. The properties of drive C


Explanation/Reference:Explanation:A. In Windows Server 2012 R2, deduplication can be enabled locally or remotely by using Windows PowerShellor Server Manager.http://technet.microsoft.com/en-us/library/hh831700.aspx


Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8Enterprise.

You have a remote site that only contains client computers. All of the client computer accounts are located in anorganizational unit (CU) named Remote1. A Group Policy object (GPO) named GPO1 is linked to the Remote1OU.

You need to configure BranchCache for the remote site.

Which two settings should you configure in GPO1?

To answer, select the two appropriate settings in the answer area.

A.B.C.D.




Your company has a main office and a branch office. An Active Directory site exists for each office.

The network contains an Active Directory forest named contoso.com. The contoso.com domain contains threemember servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2.

In the main office, you configure Server1 as a file server that uses BranchCache.

In the branch office, you configure Server2 and Server3 as BranchCache hosted cache servers.

You are creating a Group Policy for the branch office site.

In the branch office, you need to configure the client computers that run Windows 8 to use Server2 and Server3as BranchCache.

A.B.C.D.




Your network contains two Active Directory forests named contoso.com and fabrikam.com. A two-way foresttrust exists between the forests.

The contoso.com forest contains an enterprise certification authority (CA) named CAl.

You implement cross-forest certificate enrollment between the contoso.com forest and the fabrikam.com forest.

On CA1, you create a new certificate template named Template1.

You need to ensure that users in the fabrikam.com forest can request certificates that are based on Template1.


A. Sync-ADObjectB. Pkiview.mscC. CertificateServices.ps1D. CertutilE. PKISync.ps1


Explanation/Reference:Explanation:A. Replicates a single object between any two domain controllers that have partitions in common.B. Monitoring and troubleshooting the health of all certification authorities (CAs) in a public key infrastructure(PKI) are essential administrative tasks facilitated by the Enterprise PKI snap-in.C.D. Use Certutil.exe to dump and display certification authority (CA) configuration information, configureCertificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate

chains.E. PKISync.ps1 copies objects in the source forest to the target forest

http://technet.microsoft.com/en-us/library/hh852296.aspx http://technet.microsoft.com/en-us/library/cc732261(v=ws.10).aspx http://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx



Your network contains an Active Directory domain named contoso.com. The domain contains an enterprisecertification authority (CA).

The domain contains a server named Server1 that runs Windows Server 2012 R2. You install the ActiveDirectory Federation Services server role on Server1.

You plan to configure Server1 as an Active Directory Federation Services (AD FS) server. The FederationService name will be set to adfs1.contoso.com.

You need to identify which type of certificate template you must use to request a certificate for AD FS.

A.B.C.D.




Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 R2. The system properties of Server1 are shown in the exhibit. (Clickthe Exhibit button.)

You need to configure Server1 as an enterprise subordinate certification authority (CA).


A. Add RAM to the server.B. Set the Startup Type of the Certificate Propagation service to Automatic.C. Install the Certification Authority Web Enrollment role service.D. Join Server1 to the contoso.com domain.




Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server roleinstalled and is configured as an enterprise certification authority (CA).

You need to ensure that all of the users in the domain are issued a certificate that can be used for the followingpurposes:

Email securityClient authenticationEncrypting File System (EFS)


A. From a Group Policy, configure the Certificate Services Client Auto-Enrollment settings.B. From a Group Policy, configure the Certificate Services Client Certificate Enrollment Policy settings.C. Modify the properties of the User certificate template, and then publish the template.D. Duplicate the User certificate template, and then publish the template.E. From a Group Policy, configure the Automatic Certificate Request Settings settings.


Explanation/Reference:Explanation:The default user template supports all of the requirements EXCEPT auto enroll as shown below:

However a duplicated template from users has the ability to autoenroll:


The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.

http://technet.microsoft.com/en-us/library/dd851772.aspx



Your network contains an Active Directory domain named contoso.com. The domain contains two ActiveDirectory sites named Site1 and Site2.

You need to configure the replication between the sites to occur by using change notification.

Which attribute should you modify?

A.B.C.D.





All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domaincontrollers are configured as shown in the following table.







A. DnslintB. A DNS ManagerC. Active Directory Users and ComputersD. Dnscmd


Explanation/Reference:Explanation:DNSLint has three functions that verify Domain Name System (DNS) records and generate an HTML report.The three functions are:dnslint /d: This diagnoses potential causes of "lame delegation" and other related DNS problems.dnslint /ql: This verifies a user-defined set of DNS records on multiple DNS servers. dnslint /ad: This verifiesDNS records specifically used for Active Directory replication.

Note: The problem could also be related to site links. However, no option addresses that problem.

Reference: Description of the DNSLint utility


Topic 2, Volume B


Your network contains an Active Directory forest named adatum.com. The forest contains a single domain. Thedomain contains four servers. The servers are configured as shown in the following table.

You need to update the schema to support a domain controller that will run Windows Server 2012 R2.

On which server should you run adprep.exe?

A. Server1B. DC3C. DC2D. DC1


Explanation/Reference:Explanation:C. DC3 is the only server that could be assumed to be 64bit http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx#BKMK_WS2012



Your network contains an Active Directory domain named contoso.com. The domain contains domaincontrollers that run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2.

You plan to implement a new Active Directory forest. The new forest will be used for testing and will be isolatedfrom the production network.

In the test network, you deploy a server named Server1 that runs Windows Server 2012 R2.

You need to configure Server1 as a new domain controller in a new forest named contoso.test.

The solution must meet the following.

Select two options below.

A. There is no need to set the Forest Functional Level.B. Set Forest Functional Level to Windows 2003.C. Set Forest Functional Level to Windows 2008D. Set Forest Functional Level to Windows 2008 R2.E. Set Forest Functional Level to Windows 2012.F. There is no need to set the Domain Functional Level.G. Set Domain Functional Level to Windows 2003.H. Set Domain Functional Level to Windows 2008

Guaranteed success with TestInsides practice guides 82 Microsoft 70-412 : Practice TestI. Set Domain Functional Level to Windows 2008 R2.J. Set Domain Functional Level to Windows 2012.

Correct Answer: BGSection: (none)Explanation

Explanation/Reference:Explanation:When you deploy AD DS, set the domain and forest functional levels to the highest value that your environmentcan support. This way, you can use as many AD DS features as possible. For example, if you are sure that youwill never add domain controllers that run Windows Server 2003 to the domain or forest, select the WindowsServer 2008 functional level during the deployment process. However, if you might retain or add domaincontrollers that run Windows Server 2003, select the Windows Server 2003 functional level. When you deploy anew forest, you are prompted to set the forest functional level and then set the domain functional level. Youcannot set the domain functional level to a value that is lower than the forest functional level.


Your network contains two Active Directory forests named contoso.com and fabrikam.com. The contoso.comforest contains two domains named corp.contoso.com and contoso.com.

You establish a two-way forest trust between contoso.com and fabrikam.com.

Users from the corp.contoso.com domain report that they cannot log on to client computers in thefabrikam.com domain by using their corp.contoso.com user account.

When they try to log on, they receive following error message: "The computer you are signing into is protectedby an authentication firewall. The specified account is not allowed to authenticate to the computer."

Corp.contoso.com users can log on successfully to client computers in the contoso.com domain by using theircorp.contoso.com user account credentials.

You need to allow users from the corp.contoso.com domain to log on to the client computers in thefabrikam.com forest.

What should you do?

A. Configure Windows Firewall with Advanced Security.B. Enable SID history.C. Configure forest-wide authentication.D. Instruct the users to log on by using a user principal name (UPN).


Explanation/Reference:Explanation:C. The forest-wide authentication setting permits unrestricted access by any users in the trusted forest to allavailable shared resources in any of the domains in the trusting forest. http://technet.microsoft.com/en-us/library/cc785875(v=ws.10).aspx


Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Both

servers have the Hyper-V server role installed. The servers have the hardware configurations shown in thefollowing table.

Server1 hosts five virtual machines that run Windows Server 2012 R2.

You need to move the virtual machines from Server1 to Server2. The solution must minimize downtime.

What should you do for each virtual machine?

A. Export the virtual machines from Server1 and import the virtual machines to Server2.B. Perform a live migration.C. Perform a quick migration.D. Perform a storage migration.


Explanation/Reference:Explanation: Explanation/Reference:None of these migration options will work between different Processors ( AMD/Intel). The only option remainingis to export and re-import the VMs


Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Server1 and Server2. Both servers have the Hyper-V server role installed.

You plan to replicate virtual machines between Server1 and Server2. The replication will be encrypted by usingSecure Sockets Layer (SSL).

You need to request a certificate on Server1 to ensure that the virtual machine replication is encrypted.

Which two intended purposes should the certificate for Server1 contain? (Each correct answer presents part ofthe solution. Choose two.)

A. Client AuthenticationB. Kernel Mode Code SigningC. Server AuthenticationD. IP Security end systemE. KDC Authentication


Explanation/Reference:Explanation:http://blogs.technet.com/b/virtualization/archive/2012/03/13/hyper-v-replica-certificate- requirements.aspx


Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the Hyper-V serverrole installed.

The network contains an enterprise certification authority (CA). All servers are enrolled automatically for acertificate-based on the Computer certificate template.

On Server1, you have a virtual machine named VM1. VM1 is replicated to Server2.

You need to encrypt the replication of VM1.


A. On Server1, modify the settings of VM1.B. On Server2, modify the settings of VM1.C. On Server2, modify the Hyper-V Settings.D. On Server1, modify the Hyper-V Settings.E. On Server1, modify the settings of the virtual switch to which VM1 is connected.F. On Server2, modify the settings of the virtual switch to which VM1 is connected.

Correct Answer: BFSection: (none)Explanation


http://technet.microsoft.com/en-us/library/jj134240.aspx

Once you change the Hyper-V Settings of Server 2 to encrypt replications with a certificate, you then need tochange the replication information of VM1 to use the secure connection.



Your network contains an Active Directory domain named contoso.com. The domain contains a file servernamed Server1 that runs Windows Server 2012 R2.

You create a user account named User1 in the domain.

You need to ensure that User1 can use Windows Server Backup to back up Server1. The solution mustminimize the number of administrative rights assigned to User1.

What should you do?

A. Add User1 to the Backup Operators group.B. Add User1 to the Power Users group.

C. Assign User1 the Backup files and directories user right and the Restore files and directories user right.D. Assign User1 the Backup files and directories user right.


Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/cc787956(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc756898(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc771990.aspx

Backup Operators have these permissions by default:

However the question explicitly says we need to minimize administrative rights. Since the requirement is forbacking up the data only--no requirement to restore or shutdown--then assigning the "Back up files anddirectories user right" would be the correct answer.


You have a server named Server1 that runs Windows Server 2012 R2 and is used for testing.

A developer at your company creates and installs an unsigned kernel-mode driver on Server1. The developerreports that Server1 will no longer start.

You need to ensure that the developer can test the new driver.

The solution must minimize the amount of data loss.

Which Advanced Boot Option should you select?

A. Disable Driver Signature EnforcementB. Disable automatic restart on system failureC. Last Know Good Configuration (advanced)D. Repair Your Computer


Explanation/Reference:Explanation:A. By default, 64-bit versions of Windows Vista and later versions of Windows will load a kernel-mode driveronly if the kernel can verify the driver signature. However, this default

behavior can be disabled to facilitate early driver development and non-automated testing. B. specifies thatWindows automatically restarts your computer when a failure occurs C. Developer would not be able to test thedriver as needed D. Removes or repairs critical windows files, Developer would not be able to test the driver asneeded and some file losshttp://technet.microsoft.com/en-us/library/jj134246.aspx http://msdn.microsoft.com/en-us/library/windows/hardware/ff547565(v=vs.85).aspx


You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server 2012R2.

You need to schedule the installation of Windows updates on the cluster nodes.


A. The Wusa command

B. The Invoke-CauScan cmdletC. The Add-CauClusterRole cmdletD. The Wuauclt command






You add two additional nodes in Cluster1.

You have a folder named Folder1 on Server1 that hosts Application data. Folder1 is a folder target in aDistributed File System (DFS) namespace.

You need to provide highly available access to Folder1. The solution must support DFS Replication to Folder1.


A. Affinity-NoneB. Affinity-SingleC. The cluster quorum settingsD. The failover settingsE. A file server for general useF. The Handling priorityG. The host priorityH. Live migrationI. The possible ownerJ. The preferred ownerK. Quick migrationL. The Scale-Out File Server





Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as

nodes in an NLB cluster named Cluster1.

Port rules are configured for all clustered Applications.

You need to ensure that Server2 handles all client requests to the cluster that are NOT covered by a port rule.


A. Affinity-NoneB. Affinity-SingleC. The cluster quorum settingsD. The failover settingsE. A file server for general useF. The Handling priorityG. The host priorityH. Live migrationI. The possible ownerJ. The preferred ownerK. Quick migrationL. The Scale-Out File Server

Correct Answer: GSection: (none)Explanation

Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/bb742455.aspx



Your network contains an Active Directory domain named contoso.com. A previous administrator implementeda Proof of Concept installation of Active Directory Rights Management Services (AD RMS). After the proof ofconcept was complete, the Active Directory Rights Management Services server role was removed.

You attempt to deploy AD RMS. During the configuration of AD RMS, you receive an error message indicatingthat an existing AD RMS Service Connection Point (SCP) was found.

You need to remove the existing AD RMS SCP.


A. ADSI EditB. Active Directory Users and ComputersC. Active Directory Domains and TrustsD. Active Directory Sites and ServicesE. ServicesF. Authorization ManagerG. TPM ManagementH. Certification Authority



Explanation:http://technet.microsoft.com/en-us/library/jj835767(v=ws.10).aspx







Users in adatum.com must be able to access resources in contoso.com. Users in adatum.com must beprevented from accessing resources in fabrikam.com.Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com.


A. a one-way realm trust from contoso.com to adatum.com

B. a one-way realm trust from adatum.com to contoso.comC. a one-way external trust from contoso.com to adatum.comD. a one-way external trust from adatum.com to contoso.com


Explanation/Reference:Explanation: Users in adatum.com must be able to access resources in contoso.com.Contoso needs to trust adatum.We create a one-way external trust from contoso to adatum.


Your network contains an Active Directory domain named contoso.com. The domain contains a main office anda branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012R2.

The domain contains two domain controllers.







A. DnscmdB. DnslintC. RepadminD. NtdsutilE. DNS ManagerF. Active Directory Sites and ServicesG. Active Directory Domains and TrustsH. Active Directory Users and Computers

Correct Answer: FSection: (none)Explanation

Explanation/Reference:Explanation:To control replication between two sites, you can use the Active Directory Sites and Services snap-in toconfigure settings on the site link object to which the sites are added. By configuring settings on a site link, youcan control when replication occurs between two or more sites, and how often


You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server ResourceManager role service installed.

You attempt to delete a classification property and you receive the error message as shown in the exhibit. (Clickthe Exhibit button.)

You need to delete the isConfidential classification property.

What should you do?

A. Delete the classification rule that is assigned the isConfidential classification property.B. Disable the classification rule that is assigned the isConfidential classification property.C. Set files that have an isConfidential classification property value of Yes to No.D. Clear the isConfidential classification property value of all files.




You have a server named Server 1 that runs Windows Server 2012 R2. Server1 has five network adapters.Three of the network adapters are connected to a network named LAN1. The two other network adapters areconnected to a network named LAN2. You create a network adapter team named Team1 from two of theadapters connected to LAN1. You create a network adapter team named Team2 from the two adaptersconnected to LAN2. A company policy states that all server IP addresses must be assigned by using a reservedaddress in DHCP. You need to identify how many DHCP reservations you must create for Server1.

How many reservations should you identify?

A. 2B. 3C. 5D. 7


Explanation/Reference:Explanation:3 adapter on LAN 12 adapters on LAN 22 adapters on LAN 1 used in a team, so that's 3 - 2 leaving 1. 2 adapaters on LAN 2 used in a team, so that's 2- 2 leaving 0. 1 team on LAN 1 + 1 team on LAN 2 + remaining adapter on LAN 1 = 3.


QUESTION 7777 - (Topic 2)Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 R2. Server1 has the IP Address Management (IPAM) Server featureinstalled. IPAM is configured currently for Group Policy-based provisioning.

You need to change the IPAM provisioning method on Server1.

What should you do?

A. Run the ipamgc.exe command.B. Run the Set-IPAMConfiguration cmdlet.C. Reinstall the IP Address Management (IPAM) Server feature.D. Delete IPAM Group Policy objects (GPOs) from the domain.


Explanation/Reference:Explanation:You cannot change the provisioning method after completing the initial setup.


Your network contains an Active Directory domain named contoso.com. Domain controllers run either WindowsServer 2008, Windows Server 2008 R2, or Windows Server 2012 R2. You have a Password Settings object(PSOs) named PSO1.

You need to view the settings of PSO1.Which tool should you use?

A. Get-ADDomainControllerPasswordReplicationPolicyB. Get-ADDefaultDomainPasswordPolicyC. Server ManagerD. Get-ADFineGrainedPasswordPolicy


Explanation/Reference:Explanation:A. Gets the members of the allowed list or denied list of a read-only domain controller's password replicationpolicyB. Gets the default password policy for an Active Directory domain.C. PSO's managed from AD AC or Powershell OnlyD. Gets one or more Active Directory fine grained password policies.

http://technet.microsoft.com/en-us/library/ee617207.aspx http://technet.microsoft.com/en-us/library/ee617244.aspx http://technet.microsoft.com/en-us/library/ee617231.aspx


Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed.

You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1and Server2. You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2.To which group on Server2 should you add Tech1? To answer, select the appropriate group in the answer area.

A.B.C.D.




You have a server named Server2 that runs Windows Server 2012 R2. You have storage provisioned onServer2 as shown in the exhibit. (Click the Exhibit button.)

You need to configure the storage so that it appears in Windows Explorer as a drive letter on Server1.

Which three actions should you perform in sequence? To answer, move the three appropriate actions from thelist of actions to the answer area and arrange them in the correct order.

A.B.C.D.




Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Server1 and Server2 Both servers have the IP Address Management (IPAM) Server feature installed.

You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1and Server2.

You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2.

To which group on Server2 should you add Tech1.

A. IPAM MSM AdministratorsB. IPAM AdministratorsC. winRMRemoteWMIUsers_D. Remote Management Users


Explanation/Reference:Explanation:A. IPAM MSM Administrators can't access remotelyB. IPAM Administrators can't access remotely

C. If you are accessing the IPAM server remotely using Server Manager IPAM client RSAT, then you must be amember of the WinRMRemoteWMIUsers group on the IPAM server, in addition to being a member of theappropriate IPAM security group (or local Administrators group).http://msdn.microsoft.com/en-us/library/windows/desktop/aa384295(v=vs.85).aspx http://www.microsoft.com/en-us/download/details.aspx?id=29012


Your network contains two Active Directory forests named contoso.com and adatum.com. Both forests containmultiple domains. All domain controllers run Windows Server 2012 R2.

Contoso.com has a one-way forest trust to adatum.com.

A domain named paris.eu.contoso.com hosts several legacy Applications that use NTLM authentication.

Users in a domain named london.europe.adatum.com report that it takes a long time to be authenticated whenthey attempt to access the legacy Applications hosted in paris.eu.contoso.com.

You need to reduce how long it takes for the london.europe.adatum.com users to be authenticated inparis.eu.contoso.com.

What should you do?

A. Create a shortcut trust.B. Create an external trust between the forest root domains.C. Disable SID filtering on the existing trust.D. Create an external trust.


Explanation/Reference:Explanation:A. Shortcut trusts are one-way or two-way, transitive trusts that can be used when administrators need tooptimize the authentication process. Authentication requests must first travel a trust path between domaintrees, and in a complex forest this can take time,

which can be reduced with shortcut trusts.B. Use external trusts to provide access to resources located on a Windows NT 4.0 domain or a domainlocated in a separate forest that is not joined by a forest trust.C. Filters users or SIDs from one domainD. Use external trusts to provide access to resources located on a Windows NT 4.0 domain or a domainlocated in a separate forest that is not joined by a forest trust

http://technet.microsoft.com/en-us/library/cc737939(v=ws.10).aspx http://technet.microsoft.com/en-us/library/

cc775736(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc772633(v=ws.10).aspx



You are creating a central access rule named TestFinance that will be used to audit members of theAuthenticated Users group for access failure to shared folders in the finance department.

You need to ensure that access requests are unaffected when the rule is published.

What should you do?

A. Add a User condition to the current permissions entry for the Authenticated Users principal.B. Set the Permissions to Use the following permissions as proposed permissions.C. Add a Resource condition to the current permissions entry for the Authenticated Users principal.D. Set the Permissions to Use following permissions as current permissions.






Windows Server 2012 R2 is installed on volume C.

You need to ensure that Safe Mode with Command Prompt loads the next time Server1 restarts.


A. The Restart-Server cmdletB. The Bootcfg commandC. The Restart-Computer cmdletD. The Bcdedit command



A. Restart-Server is not a CMDLETB. modifies the Boot.ini fileC. Restarts computerD. Boot Configuration Data (BCD) files provide a store that is used to describe boot applications and bootapplication settings.

http://support.microsoft.com/kb/317521http://technet.microsoft.com/en-us/library/hh849837.aspx http://technet.microsoft.com/en-us/library/cc731662(v=ws.10).aspx

You can see with msconfig tool that boot options have changed as follows:NOTE: Alternate Shell may be used

After reboot you should remove the safeboot option using bcdedit:- bcdedit /deletevalue safeboot



You have a server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. Shadowscopies are enabled on all volumes.

You need to delete a specific shadow copy. The solution must minimize server downtime.


A. VssadminB. DiskpartC. WbadminD. Shadow


Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/cc788026(v=ws.10).aspx


Your network contains two Web servers named Server1 and Server2.

Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster.

You configure the nodes to use the port rule shown in the exhibit. (Click the Exhibit button.)

You need to configure the NLB cluster to meet the following requirements:

HTTPS connections must be directed to Server1 if Server1 is available. HTTP connections must be loadbalanced between the two nodes.

Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A. From the host properties of Server1, set the Handling priority of the existing port rule to 2.B. From the host properties of Server1, set the Handling priority of the existing port rule to Guaranteed

success with TestInsides practice guides 111 Microsoft 70-412 : Practice Test1.

C. From the host properties of Server2, set the Priority (Unique host ID) value to 1.D. Create a port rule for TCP port 80. Set the Filtering mode to Multiple host and set the Affinity to None.E. From the host properties of Server2, set the Handling priority of the existing port rule to 2.F. Create an additional port rule for TCP port 443. Set the Filtering mode to Multiple host and set the Affinity to

Single.

Correct Answer: BDESection: (none)Explanation

Explanation/Reference:Explanation: Handling priority: When Single host filtering mode is being used, this parameter specifies the localhost's priority for handling the networking traffic for the associated port rule. The host with the highest handling

priority (lowest numerical value) for this rule among the current members of the cluster will handle all of thetraffic for this rule. The allowed values range from 1, the highest priority, to the maximum number of hostsallowed (32). This value must be unique for all hosts in the cluster.E (not C): Lower priority (2) for Server 2.D: HTTP is port 80.Multiple hosts. This parameter specifies that multiple hosts in the cluster handle network traffic for theassociated port rule. This filtering mode provides scaled performance in addition to fault tolerance bydistributing the network load among multiple hosts. You can specify that the load be equally distributed amongthe hosts or that each host handle a specified load weight.Reference: Network Load Balancing parameters


Your network contains two Active Directory forests named contoso.com and litwareinc.com. A two-way foresttrusts exists between the forest. Selective authentication is enabled on the trust.

The contoso.com forest contains a server named Server1.

You need to ensure that users in litwareinc.com can access resources on Server1.

What should you do?

A. Install Active Directory Rights Management Services on a domain controller in contoso.com.B. Modify the permission on the Server1 computer account.C. Install Active Directory Rights Management Services on a domain controller in litwareinc.com.D. Configure SID filtering on the trust.


Explanation/Reference:Explanation: Explanation/Reference:Selective authentication between forestsIf you decide to set selective authentication on an incoming forest trust, you need to manually assignpermissions on each computer in the domain as well as the resources to which you want users in the secondforest to have access. To do this, set a control access right Allowed to authenticate on the computer object thathosts the resource in Active Directory Users and Computers in the second forest. Then, allow user or groupaccess to the particular resources you want to share.

Reference: Accessing resources across forests


Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC1 that runs Windows Server 2012 R2. DC1 has the DHCP Server server role installed.

DHCP is configured as shown in the exhibit. (Click the Exhibit button.)

You discover that client computers cannot obtain IPv4 addresses from DC1.

You need to ensure that the client computers can obtain IPv4 addresses from DC1.

What should you do?

A. Activate the scope.B. Authorize DC1.C. Disable the Allow filters.D. Disable the Deny filters.


Explanation/Reference:Explanation: Explanation/Reference:There is no items in the deny List. So it means that client computers MAC addresses is not listed in the allowlist. So we have to disable the "Allow Filters" http://technet.microsoft.com/en-us/library/ee956897(v=ws.10).aspx


Your network contains an Active Directory domain named contoso.com. The domain contains a file servernamed Server1 and a domain controller named DC1. All servers run Windows Server 2012 R2.

A Group Policy object (GPO) named GPO1 is linked to the domain.

Server1 contains a folder named Folder1. Folder1 is shared as Share1.

You need to ensure that authenticated users can request assistance when they are denied access to theresources on Server1.


A. Assign the Read Attributes NTFS permission on Folder1 to the Authenticated Users group.B. Install the File Server Resource Manager role service on Server1.C. Configure the Customize message for Access Denied errors policy setting of GPO1.D. Enable the Enable access-denied assistance on client for all file types policy setting for GPO1.E. Install the File Server Resource Manager role service on DC1.

Correct Answer: BDSection: (none)Explanation

Explanation/Reference:Explanation: Explanation/Reference:http://technet.microsoft.com/en-us/library/hh831402.aspx#BKMK_1


Your network contains an Active Directory domain named adatum.com. All domain controllers run WindowsServer 2008 R2.

The domain contains a file server named Server6 that runs Windows Server 2012 R2. Server6 contains afolder named Folder1. Folder1 is shared as Share1.

The NTFS permissions on Folder1 are shown in the exhibit. (Click the Exhibit button.)

The domain contains two global groups named Group1 and Group2.

You need to ensure that only users who are members of both Group1 and Group2 are denied access toFolder1.


A. Remove the Deny permission for Group1 from Folder1.B. Deny Group2 permission to Folder1.C. Install a domain controller that runs Windows Server 2012 R2.D. Create a conditional expression.E. Deny Group2 permission to Share1.F. Deny Group1 permission to Share1.

Correct Answer: CDSection: (none)Explanation

Explanation/Reference:Explanation: Explanation/Reference:Conditional Expressions for Permission EntriesWindows Server 2008 R2 and Windows 7 enhanced Windows security descriptors by introducing a conditionalaccess permission entry. Windows Server 2012 R2 takes advantage of conditional access permission entriesby inserting user claims, device claims, and resource properties, into conditional expressions. Windows Server2012 R2 security evaluates these expressions and allows or denies access based on results of the evaluation.Securing access to resources through claims is known as claims-based access


control. Claims-based access control works with traditional access control to provide an additional layer ofauthorization that is flexible to the varying needs of the enterprise environment.http://social.technet.microsoft.com/wiki/contents/articles/14269.introducing-dynamic- access-control-en-us.aspx


Your network contains an Active Directory forest. The forest contains a single domain named contoso.com. Theforest contains two Active Directory sites named Main and Branch1. The sites connect to each other by using asite link named Main-Branch1. There are no other site links.

Each site contains several domain controllers. All domain controllers run Windows Server 2012 R2.

Your company plans to open a new branch site named Branch2. The new site will have a WAN link thatconnects to the Main site only. The site will contain two domain controllers that run Windows Server 2012 R2.

You need to create a new site and a new site link for Branch2. The solution must ensure that the domaincontrollers in Branch2 only replicate to the domain controllers in Branch1 if all of the domain controllers in Mainare unavailable.

Which three actions should you perform?

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them inthe correct order.


A.B.C.D.




Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2 that run Windows Server 2012 R2.

You configure a new failover cluster named Cluster1. Server1 and Server2 are nodes in Cluster1.

You need to configure the disk that will be used as a witness disk for Cluster1.

How should you configure the witness disk?

To answer, drag the appropriate configurations to the correct location or locations. Each configuration may beused once, more than once, or not at all. You may need to drag the split bar between panes or scroll to viewcontent.

A.B.C.D.





Your network contains an Active Directory forest named contoso.com that contains a single domain. The forestcontains three sites named Site1, Site2, and Site3.

Domain controllers run either Windows Server 2008 R2 or Windows Server 2012 R2. Each site contains twodomain controllers. Site1 and Site2 contain a global catalog server.

You need to create a new site link between Site1 and Site2. The solution must ensure that the site link supportsthe replication of all the naming contexts.

From which node should you create the site link?


A.B.C.D.




Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2012R2. All domain controllers have the DNS Server server role installed.

You have a domain controller named DC1.

On DC1, you create an Active Directory-integrated zone named adatum.com and you sign the zone by usingDNSSEC.

You deploy a new read-only domain controller (RODC) named R0DC1.

You need to ensure that the contoso.com zone replicates to RODC1.

What should you configure on DC1?

To answer, select the appropriate tab in the answer area.

A.B.C.D.





Server1 has a single volume that is encrypted by using BitLocker Drive Encryption (BitLocker).

BitLocker is configured to save encryption keys to a Trusted Platform Module (TPM). Server1 is configured toperform a daily system image backup.

The motherboard on Server1 is upgraded.

After the upgrade, Windows Server 2012 R2 on Server1 fails to start.

You need to start the operating system on Server1 as soon as possible.

What should you do?

A. Start Server1 from the installation media. Run startrec.exe.B. Move the disk to a server that has a model of the old motherboard. Start the server from the installation

media. Run bcdboot.exe.C. Move the disk to a server that has a model of the old motherboard. Start the server. Run tpm.msc.

D. Start Server1 from the installation media. Perform a system image recovery.


Explanation/Reference:Explanation: Explanation/Reference:Encryption keys are lost. Nothing mentioned about password/keys recovery. My point is that the only way is torestore the server from a backup. http://social.technet.microsoft.com/Forums/windows/en-US/6b34b4da-b1e2-4038-8d6d- 192f973cadea/usingsystem-image-with-a-bitlocker-system-drive


You have a test server named Server1 that is configured to dual-boot between Windows Server 2008 R2 andWindows Server 2012 R2.

You start Server1 and you discover that the boot entry for Windows Server 2008 R2 no longer appears on theboot menu.

You start Windows Server 2012 R2 on Server1 and you discover the disk configurations shown in the followingtable.

You need to restore the Windows Server 2008 R2 boot entry on Server1.

What should you do?

A. Run bootrec.exe and specify the /scanos parameter.B. Run bcdedit.exe and specify the /create store parameter.C. Run bootcfg.exe and specify the /copy parameter.D. Run bootrec.exe and specify the /rebuildbcd parameter.


Explanation/Reference:Explanation: Explanation/Reference:Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks for installationsthat are compatible with Windows Vista or Windows 7. Additionally, this option displays the entries that arecurrently not in the BCD store. Use this option when there are Windows Vista or Windows 7 installations thatthe Boot Manager menu does not list.

* /RebuildBcd

The /RebuildBcd option scans all disks for installations that are compatible with Windows Vista or Windows 7.Additionally, this option lets you select the installations that you want to add to the BCD store. Use this optionwhen you must completely rebuild the BCD.

Incorrect:

Not A. BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes,including creating new stores, modifying existing stores, adding boot menu options, /Createstore Creates a newempty boot configuration data store. The created store is not a system store.Not B. Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks forinstallations that are c mpatible with Windows Vista or Windows 7. Additionally, this option displays the entriesthat are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7installations that the Boot Manager menu does not list.

Reference: Use the Bootrec.exe tool in the Windows Recovery Environment to troubleshoot and repair startupissues in Windows


You have 3 server named LON-DC1 that runs Windows Server 2012 R2.

An iSCSI virtual disk named VirtualiSCSIl.vhd exists on LON-DC1 as shown in the exhibit.(Click the Exhibit button.)

You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target.

VirtualiSCSI1.vhd is removed from LON-DC1.

You need to assign VirtualiSCSI2.vhd a logical unit value of 0.

What should you do?

A. Modify the properties of the VirtualiSCSI2.vhd iSCSI virtual disk.B. Run the Add-IscsiVirtualDiskTargetMapping cmdlet and specify the -Lun parameter.C. Run the iscsicli command and specify the reportluns parameter.D. Run the iscsicpl command and specify the virtualdisklun parameter.


Explanation/Reference:Explanation: Explanation/Reference:http://technet.microsoft.com/en-us/library/jj612800(v=wps.620).aspx



Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. Theforest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domaincontrollers. The domain controllers are configured as shown in the following table.

An IP site link exits between each site.

You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB.

You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of thedomain controllers in SiteB are unavailable.

What should you do?

A. Create a site link bridge.B. Create additional connection objects for DC3 and DC4.C. Create additional connection objects for DC1 and DC2.D. Increase the cost of the site link between SiteA and SiteC.


Explanation/Reference:Explanation: Explanation/Reference:http://technet.microsoft.com/en-us/library/dd277430.aspx#XSLTsection126121120120



You have a file server named Server1 that runs Windows Server 2012 R2. The folders on Server1 areconfigured as shown in the following table.

A new corporate policy states that backups must use Windows Azure Online Backup whenever possible.

You need to identify which technology you must use to back up Server1. The solution must use Windows AzureOnline Backup whenever possible.

What should you identify?

To answer, drag the appropriate backup type to the correct location or locations. Each backup type may beused once, more than once, or not at all. You may need to drag the split bar between panes or scroll to viewcontent.

A.B.C.D.




You have a server named File1 that runs Windows Server 2012 R2. File1 has the File Server role serviceinstalled.

You plan to back up all shared folders by using Windows Azure Online Backup.

You download and install the Windows Azure Online Backup Service Agent on File1.

You need to ensure that you use Windows Server Backup to back up data to Windows Azure Online Backup.

What should you do?

A. From Computer Management, add the File1 computer account to the Backup Operators group.B. From the Services console, modify the Log On settings of the Windows Azure Online Backup Service

Agent.C. From Windows Server Backup, run the Register Server Wizard.

D. From a command prompt, run wbadmin.exe enable backup.


Explanation/Reference:Explanation: Explanation/Reference:http://blogs.technet.com/b/windowsserver/archive/2012/03/28/microsoft-online-backup- service.aspx

QUESTION 101

101 DRAG DROP - (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains four memberservers named Server1, Server2, Server3, and Server4.

Server1 and 5erver2 run Windows Server 2008 R2. Server1 and Server2 have the Hyper-V server role and theFailover Clustering feature installed. Failover Clustering is configured to provide highly available virtualmachines by using a cluster named Cluster1. Cluster1 hosts 10 virtual machines.

Server3 and Server4 run Windows Server 2012 R2.

You install the Hyper-V server role and the Failover Clustering feature on Server3 and

Server4. You create a cluster named Cluster2.

You need to migrate cluster resources from Cluster1 to Cluster2. The solution must minimize downtime on thevirtual machines.

Which five actions should you perform?

To answer, move the appropriate five actions from the list of actions to the answer area and arrange them inthe correct order.

A.

B.C.D.












A. NtdsutilB. RepadminC. DnslintD. Active Directory Domains and Trusts





Windows Server 2012 R2 is installed on volume C.

You need to ensure that Safe Mode with Networking loads the next time Server1 restarts.


A. The Msconfig commandB. The Restart-Server cmdletC. The Restart-Computer cmdletD. The Bootcfg command


Explanation/Reference:Explanation:A. Use system config to configure boot options

B. Not a valid cmdletC. Restarts ("reboots") the operating system on local and remote computers. No boot optionsD. modifies the Boot.ini file no option for safe mode/networking for win8/2012

http://technet.microsoft.com/en-us/library/hh849837.aspx http://support.microsoft.com/kb/317521http://technet.microsoft.com/en-us/library/cc725967.aspx


Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC1 that runs Windows Server 2012 R2. DC1 has the DNS Server server role installed.

The network contains client computers that run either Linux, Windows 7, or Windows 8.

You have a standard primary zone named adatum.com as shown in the exhibit. (Click the Exhibit button.)

You plan to configure Name Protection on all of the DHCP servers.

You need to configure the adatum.com zone to support Name Protection.

Which two configurations should you perform from DNS Manager? (Each correct answer presents part of thesolution. Choose two.)

A. Sign the zone.B. Store the zone in Active Directory.C. Modify the Security settings of the zone.D. Configure Dynamic updates.



Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/ee941152(v=ws.10).aspx




Server1 and Server2 have the Hyper-V server role installed. Server1 and Server2 are configured as Hyper-Vreplicas of each other.

Server1 hosts a virtual machine named VM1. VM1 is replicated to Server2.

You need to verify whether the replica of VM1 on Server2 is functional. The solution must ensure that VM1remains accessible to clients.

What should you do from Hyper-V Manager?

A. On Server1, execute a Planned Failover.B. On Server1, execute a Test Failover.C. On Server2, execute a Planned Failover.D. On Server2, execute a Test Failover.


Explanation/Reference:Explanation:A. Server 1 is houses VM1 and it is replicated to Server2 - wrong server to failover and this is not a planned failover caseB. Wrong server correct failover typeC. Wrong server, wrong failover typeD. Right server and failover type

http://blogs.technet.com/b/virtualization/archive/2012/07/31/types-of-failover-operations-in- hyper-v-replica-partii-planned-failover.aspx

http://blogs.technet.com/b/virtualization/archive/2012/07/26/types-of-failover-operations-in- hyper-v-replica.aspx



You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server 2012R2.

You need to force every node in Cluster1 to contact immediately the Windows Server Update Services (WSUS)server on your network for updates.


A. The Add-CauClusterRole cmdlet

B. The Wuauclt commandC. The Wusa commandD. The Invoke-CauScan cmdlet


Explanation/Reference:Explanation:A. Adds the Cluster-Aware Updating (CAU) clustered role that provides the self-updating functionality to thespecified cluster.B. the wuauclt utility allows you some control over the functioning of the Windows Update AgentC. The Wusa.exe file is in the %windir%\System32 folder. The Windows Update Standalone Installer uses theWindows Update Agent API to install update packages.Update packages have an .msu file name extension.The .msu file name extension is associated with the Windows Update Standalone Installer. D. Performs a scanof cluster nodes for applicable updates and returns a list of the initial set of updates that would be applied toeach node in a specified cluster.

http://technet.microsoft.com/en-us/library/hh847235(v=wps.620).aspx http://technet.microsoft.com/en-us/library/cc720477(v=ws.10).aspx http://support.microsoft.com/kb/934307http://technet.microsoft.com/en-us/library/hh847228(v=wps.620).aspx


Your network contains an Active Directory domain named contoso.com. The network contains a file servernamed Server1 that runs Windows Server 2012 R2.

You are configuring a central access policy for temporary employees.

You enable the Department resource property and assign the property a suggested value of Temp.

You need to configure a target resource condition for the central access rule that is scoped to resourcesassigned to Temp only.

Which condition should you use?

A. (Temp.Resource Equals "Department")B. (Resource.Temp Equals "Department")C. (Resource.Department Equals "Temp")D. (Department.Value Equals "Temp")


Explanation/Reference:Explanation:http://technet.microsoft.com/fr-fr/library/hh846167.aspx


Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the ActiveDirectory Certificate Services server role installed and is configured as a standalone certification authority (CA).

You install a second server named Server2. You install the Online Responder role service on Server2.

You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signingcertificate to Server2.

What should you do?

A. On Server1, run the certutil.exe command and specify the -setreg parameter.B. On Server2, run the certutil.exe command and specify the -policy parameter.C. On Server1, configure Security for the OCSP Response Signing certificate template.D. On Server2, configure Issuance Requirements for the OCSP Response Signing certificate template.


Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/cc732526.aspx


Your network contains an Active Directory domain named adatum.com. The domain contains a server namedCA1 that runs Windows Server 2012 R2. CA1 has the Active Directory Certificate Services server role installedand is configured to support key archival and recovery.

You need to ensure that a user named User1 can decrypt private keys archived in the Active DirectoryCertificate Services (AD CS) database. The solution must prevent User1 from retrieving the private keys fromthe AD CS database.

What should you do?

A. Assign User1 the Issue and Manage Certificates permission to Server1.B. Assign User1 the Read permission and the Write permission to all certificate templates.C. Provide User1 with access to a Key Recovery Agent certificate and a private key.D. Assign User1 the Manage CA permission to Server1.



Explanation:http://social.technet.microsoft.com/wiki/contents/articles/7573.active-directory-certificateservices-pki-keyarchival-and-management.aspx#Protecting_Key_Recovery_Agent_Keys


Your network contains an Active Directory domain named contoso.com. The domain contains two sites namedSite1 and Site2 and two domain controllers named DC1 and DC2. Both domain controllers are located in Site1.

You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2.

A technician connects DC3 to Site2.

You discover that users in Site2 are authenticated by all three domain controllers.

You need to ensure that the users in Site2 are authenticated by DC1 or DC2 only if DC3 is unavailable.

What should you do?

A. From Network Connections, modify the IP address of DC3.B. In Active Directory Sites and Services, modify the Query Policy of DC3.C. From Active Directory Sites and Services, move DC3.D. In Active Directory Users and Computers, configure the insDS-PrimaryComputer attribute for the users in

Site2.


Explanation/Reference:Explanation:A. Modifying IP will not effect authentication

B. A query policy prevents specific Lightweight Directory Access Protocol (LDAP) operations from adverselyimpacting the performance of the domain controller and also makes the domain controller more resilient todenial-of-service attacks.C. DC3 needs to be moved to Site2 in AD DSD.http://technet.microsoft.com/en-us/library/cc778098(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc759326(v=ws.10).aspx


Your network contains two Active Directory forests named contoso.com and adatum.com.

Contoso.com contains one domain. Adatum.com contains a child domain named child.adatum.com.

Contoso.com has a one-way forest trust to adatum.com. Selective authentication is enabled on the forest trust.

Several user accounts are migrated from child.adatum.com to adatum.com.

Users report that after the migration, they fail to access resources in contoso.com. The users successfullyaccessed the resources in contoso.com before the accounts were migrated.

You need to ensure that the migrated users can access the resources in contoso.com.

What should you do?

A. Replace the existing forest trust with an external trust.B. Run netdom and specify the /quarantine attribute.C. Disable SID filtering on the existing forest trust.D. Disable selective authentication on the existing forest trust.


Explanation/Reference:Explanation:A.B. Enables administrators to manage Active Directory domains and trust relationships from

the command prompt, /quarantine Sets or clears the domain quarantine C. Need to gain access to theresources in contoso.com D. Selective authentication over a forest trust restricts access to only those users in atrusted forest who have been explicitly given authentication permissions to computer objects (resourcecomputers) that reside in the trusting forest

http://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc758152(v=ws.10).aspx


You have four servers that run Windows Server 2012 R2. The servers have the Failover Clustering featureinstalled. You deploy a new cluster named Cluster1. Cluster1 is configured as shown in the following table.

Site2 is a disaster recovery site.

Server1, Server2, and Server3 are configured as the preferred owners of the cluster roles.Dynamic quorum management is disabled.

You plan to perform hardware maintenance on Server3.

You need to ensure that if the WAN link between Site1 and Site2 fails while you are performing maintenance onServer3, the cluster resource will remain available in Site1.

What should you do?

A. Enable dynamic quorum management.B. Remove the node vote for Server3.C. Add a file share witness in Site1.D. Remove the node vote for Server4 and Server5.


Explanation/Reference:Explanation:http://msdn.microsoft.com/en-us/library/hh270280.aspx#VotingandNonVotingNodes


Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer2 that runs Windows Server 2012 R2.

You are a member of the local Administrators group on Server2.

You install an Active Directory Rights Management Services (AD RMS) root cluster on Server2.

You need to ensure that the AD RMS cluster is discoverable automatically by the AD RMS client computers andthe users in contoso.com.

Which additional configuration settings should you configure? To answer, select the appropriate tab in theanswer area.

A.B.C.D.




You have a test server named Server1 that is configured to dual-boot between Windows Server 2008 R2 andWindows Server 2012 R2. You start Server1 and you discover that the boot entry for Windows Server 2008 R2no longer appears on the boot menu. You start Windows Server 2012 R2 on Server1 and you discover the diskconfigurations shown in the following table.

You need to restore the Windows Server 2008 R2 boot entry on Server1.

What should you do?

A. Run bcdedit.exe and specify the /createstore parameter.B. Run bootrec.exe and specify the /scanos parameter.

C. Run bcdboot.exe d:\windows.D. Run bootrec.exe and specify the /rebuildbcd parameter.


Explanation/Reference:Explanation:* Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks forinstallations that are compatible with Windows Vista or Windows 7. Additionally, this option displays the entriesthat are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7installations that the Boot Manager menu does not list.

* /RebuildBcd

The /RebuildBcd option scans all disks for installations that are compatible with Windows Vista or Windows 7.Additionally, this option lets you select the installations that you want to add to the BCD store. Use this optionwhen you must completely rebuild the BCD.

Incorrect:Not A. BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes,including creating new stores, modifying existing stores, adding boot menu options, /Createstore Creates a newempty boot configuration data store. The created store is not a system store.Not B. Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks forinstallations that are c mpatible with Windows Vista or Windows 7. Additionally, this option displays the entriesthat are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7installations that the Boot Manager menu does not list.

Reference: Use the Bootrec.exe tool in the Windows Recovery Environment to troubleshoot and repair startupissues in Windows




Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured asnodes in an NLB cluster named Cluster1. Both servers connect to the same switch.

Cluster1 hosts a secure web Application named WebApp1. WebApp1 saves user state information in a centraldatabase.

You need to ensure that the connections to WebApp1 are distributed evenly between the nodes. The solutionmust minimize port flooding.

What should you configure? To answer, configure the appropriate affinity and the appropriate mode forCluster1 in the answer area.

A.B.C.D.




You have 3 server named Server1 that runs Windows Server 2012 R2.


You are asked to test Windows Azure Online Backup to back up Server1.

You need to back up Server1 by using Windows Azure Online Backup.

Which four actions should you perform in sequence?

To answer, move the appropriate four actions from the list of actions to the answer area and arrange them inthe correct order.

A.B.C.D.




Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2012R2. All domain controllers have the DNS Server server role installed.


On DC1, you create an Active Directory-integrated zone named adatum.com and you sign the zone by usingDNSSEC.

You deploy a new read-only domain controller (RODC) named RODC1.

You need to ensure that the contoso.com zone replicates to RODC1.



A.B.C.D.




Your network contains an Active Directory domain named contoso.com. The domain contains four memberservers named Server1, Server2, Servers, and Server4. All servers run Windows Server 2012 R2.

Server1 and Server2 are located in a site named Site1. Server3 and Server4 are located in a site named Site2.The servers are configured as nodes in a failover cluster named Cluster1.

Cluster1 is configured to use the Node Majority quorum configuration.

You need to ensure that Server1 is the only server in Site1 that can vote to maintain quorum.

What should you run from Windows PowerShell?

To answer, drag the appropriate commands to the correct location. Each command may be used once, morethan once, or not at all. You may need to drag the split bar between panes or scroll to view content.

A.B.C.D.




Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.

You need to create an IPv6 scope on Server1. The scope must use an address space that is reserved forprivate networks. The addresses must be routable.

Which IPV6 scope prefix should you use?

A. FF00::B. 2001::C. FD00:123:4567::D. FE80::


Explanation/Reference:Explanation: Prefixes in the fd00::/8 range have similar properties as those of the IPv4 private address ranges:* They are not allocated by an address registry and may be used in networks by anyone without outsideinvolvement.* They are not guaranteed to be globally unique.* Reverse Domain Name System (DNS) entries (under ip6.arpa) for fd00::/8 ULAs cannot be delegated in theglobal DNS.

As fd00::/8 ULAs are not meant to be routed outside their administrative domain (site or organization),administrators of interconnecting networks normally do not need to worry about the uniqueness of ULAprefixes.


Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. Thedomain contains three domain controllers. The domain controllers are configured as shown in the followingtable.

You discover that when you run Group Policy Results from Group Policy Management, the settings from site-linked Group Policy objects (GPOs) fail to appear in the results.

You need to ensure that the settings from site-linked GPOs appear in the results.


A. Run adprep on DC3 by using Windows Server 2012 R2 installation media.B. Transfer the infrastructure master role to DC3.C. Upgrade DC2 to Windows Server 2012 R2.D. Run adprep on DC1 by using Windows Server 2003 installation media.


Explanation/Reference:Explanation: In this scenario a Windows 2012 server has been added to a Windows 2003 network.

Note:* Before adding your new Windows 2012 Domain Controller, or attempting to perform an in- place upgrade ofan existing Windows 2008 or 2008 R2 DC, you must make sure that the Schema is upgraded to support yournew Windows 2012 DC, and that you prepare each domain where you plan to install Windows 2012 DCs. To dothis we can use the ADPREP.exe tool found in the support\adprep folder on your installation media.* Starting with Windows 2012 there is only one version of ADPREP available, and that is a 64-bit version.* Adprep is the utility--included in the OS installation media--that performs several crucial functions to upgradeAD to support that OS. The utility has three major options: /forestprep, /domainprep, and /rodcprep. The /forestprep option runs first, extending the AD schema with new object and attribute classes that the new ADversion needs. The /domainprep option creates new well-known objects in AD, App1ies security changes, andmiscellaneous other bits. Finally, /rodcprep makes forest-wide security changes to allow read-only domain

controller (RODC) functionality. The Windows Server 2012 R2 version of adprep.exe can run on any server thatruns a 64-bit version of Windows Server 2008 or later.

Reference: How to add a Windows Server 2012 R2 domain controller to an existing Windows 2008 domain

http://technet.microsoft.com/en-us/library/bb726995.aspx

http://www.ipuptime.net/Multicast.aspx

http://technet.microsoft.com/en-us/library/gg144561(v=exchg.141).aspx

http://en.wikipedia.org/wiki/Unique_local_address

Topic 3, Volume C


Your network contains an Active Directory domain named contoso.com. The domain

contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server roleinstalled.

Server1 is configured to use a DNS server from an Internet Service Provider (ISP) as a forwarder.

Corporate management requires that client computers only resolve names of contoso.com computers.

You need to configure Server1 to resolve names in the contoso.com zone only.

What should you do on Server1?

A. From DNS Manager, modify the root hints of Server1.B. From Windows PowerShell, run the Remove-DnsServerForwarder cmdlet.C. From Windows PowerShell, run the Set-NetDnsTransitionConfiguration cmdlet.D. From DNS Manager, modify the Advanced properties of Server1.


Explanation/Reference:Explanation: If the DNS server does not know the address of the requested site, then it will forward the requestto another DNS server. In order to do so, the DNS server must know of the IP address of another DNS serverthat it can forward the request to. This is the job of root hints. Root hints provides a list of IP addresses of DNSservers that are considered to be authoritative at the root level of the DNS hierarchy(also known as root nameserver).

http://technet.microsoft.com/en-us/library/ee649221(v=ws.10).aspx http://technet.microsoft.com/en-us/library/jj649867.aspx http://technet.microsoft.com/en-us/library/jj613703.aspx



Each day, Server1 is backed up fully to an external disk.

On Server1, the disk that contains the operating system fails.

You replace the failed disk.

You need to perform a bare-metal recovery of Server1 by using the Windows Recovery Environment (WindowsRE).

What should you use?

A. The Wbadmin.exe commandB. The Repair-bde.exe commandC. The Get-WBBareMetalRecovery cmdletD. The Start-WBVolumeRecovery cmdlet


Explanation/Reference:Explanation:A. Enables you to back up and restore your operating system, volumes, files, folders, and applications from acommand prompt.B. Accesses encrypted data on a severely damaged hard disk if the drive was encrypted by using BitLocker.Repair-bde can reconstruct critical parts of the drive and salvage recoverable data as long as a valid recoverypassword or recovery key is used to decrypt the data.C. Gets the value that indicates whether the ability to perform bare metal recoveries from backups has beenadded to the backup policy (WBPolicy object).D. Starts a volume recovery operation.


Your company has a main office and a remote office. The remote office is used for disaster recovery.

The network contains an Active Directory domain named contoso.com. The domain contains member serversnamed Server1, Server2, Server3, and Server4. All servers run Windows Server 2012 R2.

Server1 and Server2 are located in the main office. Server3 and Server4 are located in the remote office.

All servers have the Failover Clustering feature installed. The servers are configured as

nodes in a failover cluster named Cluster1. Storage is replicated between the main office and the remote site.

You need to ensure that Cluster1 is available if two nodes in the same office fail.

What are two possible quorum configurations that achieve the goal? (Each correct answer presents a completesolution. Choose two.)

A. Node MajorityB. No Majority: Disk OnlyC. Node and File Share MajorityD. Node and Disk Majority

Correct Answer: ABSection: (none)Explanation

Explanation/Reference:Explanation: Depending on the quorum configuration option that you choose and your specific settings, thecluster will be configured in one of the following quorum modes:

* (A) Node majority (no witness)Only nodes have votes. No quorum witness is configured. The cluster quorum is the majority of voting nodes inthe active cluster membership.* (B) No majority (disk witness only)No nodes have votes. Only a disk witness has a vote. The cluster quorum is determined by the state of the diskwitness.The cluster has quorum if one node is available and communicating with a specific disk in the cluster storage.Generally, this mode is not recommended, and it should not be selected because it creates a single point offailure for the cluster.* Node majority with witness (disk or file share)Nodes have votes. In addition, a quorum witness has a vote. The cluster quorum is the majority of voting nodesin the active cluster membership plus a witness vote. A quorum witness can be a designated disk witness or adesignated file share witness.

Note:* Quorum in Windows 2008 R2 referred to a consensus , that is, a majority of votes is required in order to reachquorum and maintain stability of the cluster. A new option created in Windows Server 2012 R2 which was alsoback ported to Windows Server 2008 R2 SP1 was the ability to stop a node being able to participate in thevoting process.* Dynamic quorum is the ability of the cluster to recalculate quorum on the fly and still maintain a workingcluster. This is a huge improvement as we are now able to continue to run a cluster even if the number ofnodes remaining in the cluster is less than 50%. This was not possible before but the dynamic quorum conceptnow allows us to do this. In fact we can reduce the cluster down to the last node (known as last man standing)and still maintain quorum.


Reference: Configure and Manage the Quorum in a Windows Server 2012 R2 Failover Cluster


Your network contains an Active Directory domain named contoso.com. The domain contains four serversnamed Server1, Server2, Server3, and Server4 that run Windows Server 2012 R2. All servers have the Hyper-V server role and the Failover Clustering feature installed.

The servers are configured as shown in the following table.


A. From Hyper-V Manager on a node in Cluster2, create three virtual machines.B. From Hyper-V Manager on a node in Cluster2, modify the Hyper-V settings.C. From Failover Cluster Manager on Cluster1, configure each virtual machine for replication.D. From Cluster1, add and configure the Hyper-V Replica Broker role.E. From Cluster2, add and configure the Hyper-V Replica Broker role.

Correct Answer: ACESection: (none)

Explanation

Explanation/Reference:Explanation: A: Need to have same number of replicated VMs in the replicated site.C: Once the hosting server is configured for Replica, you can enable replication for each virtual machine thatyou want to be replicated.

E: The Hyper-V Replica Broker is placed in the replicated cluster


Note:

* Each node of the failover cluster that is involved in Replica must have the Hyper-V server role installed.* Windows Server 2012 R2 Hyper-V Replica is a built-in mechanism for replicating Virtual Machines (VMs). Itcan replicate selected VMs in real-time or asynchronously from a primary site to a designated replica siteacross LAN/WAN. Here a replica site hosts a replicated VM while an associated primary site is where thesource VM runs. And either a replica site or a primary site can be a Windows Server 2012 R2 Hyper-V host or aWindows Server 2012 R2 Failover Cluster.


Your network contains an Active Directory domain named contoso.com. The domain contains a file servernamed Server1. The File Server Resource Manager role service is installed on Server1. All servers runWindows Server 2012 R2.

A Group Policy object (GPO) named GPO1 is linked to the organizational unit (OU) that contains Server1. Thefollowing graphic shows the configured settings in GPO1.

Server1 contains a folder named Folder1. Folder1 is shared as Share1.

You attempt to configure access-denied assistance on Server1, but the Enable access- denied assistanceoption cannot be selected from File Server Resource Manager.

You need to ensure that you can configure access-denied assistance on Server1 manually by using File ServerResource Manager.

Which two actions should you perform?

A. Set the Enable access-denied assistance on client for all file types policy setting to Disabled for GPO1.B. Set the Customize message for Access Denied errors policy setting to Not Configured for GPO1.C. Set the Enable access-denied assistance on client for all file types policy setting to Enabled for GPO1.

D. Set the Customize message for Access Denied errors policy setting to Enabled for GPO1.


Explanation/Reference:Explanation:D. ensure that you can configure access-denied assistance http://technet.microsoft.com/en-us/library/hh831402.aspx#BKMK_1


You have a server named Server1 that runs Windows Server 2012 R2. You download and install the WindowsAzure Online Backup Service Agent on Server1.

You need to ensure that you can configure an online backup from Windows Server Backup.


A. From Windows Server Backup, run the Register Server Wizard.B. From Computer Management, add the Server1 computer account to the Backup Operators group.C. From a command prompt, run wbadmin.exe enable backup.D. From the Services console, modify the Log On settings of the Windows Azure Online Backup Service

Agent.


Explanation/Reference:Explanation:A. Enables you to back up and restore your operating system, volumes, files, folders, and

applications from a command prompt.B. To register a server for use with Windows Azure Backup you must run the register server wizardC.D.http://technet.microsoft.com/en-us/library/hh831677.aspx


Your network contains an Active Directory forest named contoso.com. The forest contains two domains namedcontoso.com and childl.contoso.com. The domains contain three domain controllers.

The domain controllers are configured as shown in the following table.

You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring settingis enforced in the child1.contoso.com domain.


A. Upgrade DC1 to Windows Server 2012 R2.B. Upgrade DC11 to Windows Server 2012 R2.C. Raise the domain functional level ofchildl.contoso.com.D. Raise the domain functional level of contoso.com.E. Raise the forest functional level of contoso.com.


Explanation/Reference:Explanation:If you want to create access control based on claims and compound authentication, you need to deployDynamic Access Control. This requires that you upgrade to Kerberos clients and use the KDC, which supportthese new authorization types. With Windows Server 2012 R2, you do not have to wait until all the domaincontrollers and the domain functional level are upgraded to take advantage of new access control options http://technet.microsoft.com/en-us/library/hh831747.aspx.









A. NtdsutilB. DNS ManagerC. Active Directory Users and ComputersD. Active Directory Sites and Services


Explanation/Reference:Explanation: You can manually initiate replication using DNS Manager. Note: You can use DNS Manager, theDNS snap-in in Microsoft Management Console (MMC), to manage the local Domain Name System (DNS)server as well as remote DNS servers. Using DNS Manager or a command line, you can start, stop, or pause aDNS server. You can also pause and restart individual zones that are hosted by the server.

Incorrect:Not A: Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory DomainServices (AD DS) and Active Directory Lightweight Directory Services (AD LDS). You can use the ntdsutilcommands to perform database maintenance of AD DS, manage and control single master operations, andremove metadata left behind by domain controllers that were removed from the network without being properlyuninstalled. This tool is intended for use by experienced administrators.


Your company has a primary data center and a disaster recovery data center.

The network contains an Active Directory domain named contoso.com. The domain contains a server namedthat runs Windows Server 2012 R2. Server1 is located in the primary data center.

Server1 has an enterprise root certification authority (CA) for contoso.com.

You deploy another server named Server2 to the disaster recovery data center.

You plan to configure Server2 as a secondary certificate revocation list (CRL) distribution point.

You need to configure Server2 as a CRL distribution point (CDP).

Which tab should you use to configure the required CDP entry? To answer, select the appropriate tab in theanswer area.

A.B.C.D.




Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1and Server2 have the Hyper-V server role installed. Server1 and Server2 are configured as Hyper-V replicas ofeach other.




A. On Server1, execute a Planned Failover.B. On Server1, execute a Test Failover.C. On Server2, execute a Planned Failover.D. On Server2, execute a Test Failover.




Your network contains an Active Directory domain named contoso.com. The domain contains four serversnamed Server1, Server2, Server3, and Server4 that run Windows Server 2012 R2. All servers have the Hyper-V server role and the Failover Clustering feature installed.

You need to replicate virtual machines from Cluster1 to Cluster2.


A. From Hyper-V Manager on a node in Cluster2, create three virtual machines.B. From Cluster2, add and configure the Hyper-V Replica Broker role.C. From Failover Cluster Manager on Cluster1, configure each virtual machine for replication.D. From Cluster1, add and configure the Hyper-V Replica Broker role.E. From Hyper-V Manager on a node in Cluster2/ modify the Hyper-V settings.

Correct Answer: ACESection: (none)Explanation



Your network contains an Active Directory domain named adatum.com. The domain contains two sites namedSite1 and Site2 and two domain controllers named DC1 and DC2. DC1 is located in Site1 and DC2 is located inSite2.

You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2.

A technician connects DC3 to Site2.

You discover that users in Site2 are authenticated only by DC2.

You need to ensure that the users in Site2 are authenticated by both DC2 and DC3.

What should you do?

A. In Active Directory Users and Computers, configure the msDS-PrimaryComputer attribute for DC3.B. In Active Directory Users and Computers, configure the msDS-Site-Affinity attribute for DC3.C. From Active Directory Sites and Services, move DC3.D. From Active Directory Sites and Services, modify the site link between Site1 and Site2.




Your network contains an Active Directory domain named contoso.com. The domain contains a file servernamed Server1 that runs Windows Server 2012 R2. All client computers run Windows 8.

You need to configure a custom Access Denied message that will be displayed to users when they are deniedaccess to folders or files on Server1.


A. A classification propertyB. The File Server Resource Manager OptionsC. A file management taskD. A file screen template




You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012 R2.

Server1 has a volume named D that contains user data. Server1 has a volume named E that is empty.

Server1 is configured to create a shadow copy of volume D every hour.

You need to configure the shadow copies of volume D to be stored on volume E.

What should you run?

A. The Set-Volume cmdlet with the -driveletter parameterB. The Set-Volume cmdlet with the -path parameterC. The vssadmin.exe add shadowstorage commandD. The vssadmin.exe create shadow command

Correct Answer: CSection: (none)

Explanation

Explanation/Reference:Explanation:A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a letter used to identify adrive or volume in the system. B. Sets or changes the file system label of an existing volume -Path Containsvalid path information.C. Displays current volume shadow copy backups and all installed shadow copy writers and providers.AddShadowStroage Adds a shadow copy storage association for a specified volume.D. Displays current volume shadow copy backups and all installed shadow copy writers and providers. ShadowCreates a new shadow copy of a specified volume.

http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx



Server1 is backed up by using Windows Server Backup. The backup configuration is shown in the exhibit.(Click the Exhibit button.)

You discover that only the last copy of the backup is maintained.

You need to ensure that multiple backup copies are maintained.

What should you do?


A. Modify the backup destination.B. Configure the Optimize Backup Performance settings.C. Modify the Volume Shadow Copy Service (VSS) settings.D. Modify the backup times.


Explanation/Reference:Explanation:A, The destination in the exhibit shows a network share is used. If a network share is being used only the latestcopy will be savedhttp://windows.microsoft.com/en-us/windows7/where-should-i-save-my-backup


Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2012R2.

The domain contains four servers. The servers are configured as shown in the following table.

You need to deploy IP Address Management (IPAM) to manage DNS and DHCP.

On which server should you install IPAM?

A. DC1B. DC2C. DC3D. Server1


Explanation/Reference:Explanation: D. IPAM cannot be installed on Domain Controllers. All other servers have the DC rolehttp://technet.microsoft.com/en-us/library/hh831353.aspx


You have a server named Server1 that runs Windows Server 2012 R2. The storage on Server1 is configuredas shown in the following table.

You plan to implement Data Deduplication on Server1.

You need to identify on which drives you can enable Data Deduplication.

Which three drives should you identify? (Each correct answer presents part of the solution.Choose two.)

A. CB. DC. ED. FE. G

Correct Answer: BDESection: (none)Explanation

Explanation/Reference:Explanation: Volumes that are candidates for deduplication must conform to the following requirements:* (not A) Must not be a system or boot volume. Deduplication is not supported on operating system volumes.

* Can be partitioned as a master boot record (MBR) or a GUID Partition Table (GPT), and must be formattedusing the NTFS file system.

* Can reside on shared storage, such as storage that uses a Fibre Channel or an SAS array, or when an iSCSISAN and Windows Failover Clustering is fully supported.

* Do not rely on Cluster Shared Volumes (CSVs). You can access data if a deduplication- enabled volume isconverted to a CSV, but you cannot continue to process files for deduplication.


* (not C) Do not rely on the Microsoft Resilient File System (ReFS).

* Must be exposed to the operating system as non-removable drives. Remotely-mapped drives are notsupported.http://technet.microsoft.com/en-us/library/hh831700.aspx


You have a server named Server1 that runs Windows Server 2012 R2. Server1 is located in the perimeternetwork and has the DNS Server server role installed.

Server1 has a zone named contoso.com.

You App1y a security template to Server1.

After you App1y the template, users report that they can no longer resolve names from contoso.com.

On Server1, you open DNS Manager as shown in the DNS exhibit. (Click the Exhibit button.)

On Server1, you open Windows Firewall with Advanced Security as shown in the Firewall exhibit. (Click theExhibit button.)

You need to ensure that users can resolve contoso.com names.

What should you do?

A. From Windows Firewall with Advanced Security, disable the DNS (TCP, Incoming) rule and the DNS (UDP,Incoming) rule.

B. From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.C. From DNS Manager, unsign the contoso.com zone.D. From DNS Manager, modify the Start of Authority (SOA) of the contoso.com zone.E. From Windows Firewall with Advanced Security, modify the profiles of the DNS (TCP, Incoming) rule and

the DNS (UDP, Incoming) rule.




Your network contains an Active Directory domain named corp.contoso.com.

You deploy Active Directory Rights Management Services (AD RMS).

You have a rights policy template named Template1. Revocation is disabled for the template.

A user named User1 can open content that is protected by Template1 while the user is connected to thecorporate network.

When User1 is disconnected from the corporate network, the user cannot open the protected content even ifthe user previously opened the content.

You need to ensure that the content protected by Template1 can be opened by users who are disconnected

from the corporate network.

What should you modify?

A. The User Rights settings of Template1B. The templates file location of the AD RMS clusterC. The Extended Policy settings of Template1D. The exclusion policies of the AD RMS cluster


Explanation/Reference:Explanation:C. You can add trust policies so that AD RMS can process licensing requests for content that was rightsprotectedhttp://technet.microsoft.com/en-us/library/ee221071(v=ws.10).aspx





A. FF00::B. FE80:123:4567::C. FD00:123:4567::D. FF00:123:4567:890A::




Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 R2. Server1 has the Active Directory Federation Services server roleinstalled.

You need to make configuration changes to the Windows Token-based Agent role service.


To answer, select the appropriate tool in the answer area.

A.B.

C.D.





Server1 and Server2 have the Hyper-V server role installed. The servers are configured as shown in thefollowing table.

You add a third server named Server3 to the network. Server3 has Intel processors.

You need to move VM3 and VM6 to Server3. The solution must minimize downtime on the virtual machines.

Which method should you use to move each virtual machine?

To answer, select the appropriate method for each virtual machine in the answer area.

A.B.C.D.




Your network contains an Active Directory domain named contoso.com. The domain contains two DHCPservers named DHCP1 and DHCP2 that run Windows Server 2012 R2.

You install the IP Address Management (IPAM) Server feature on a member server named Server1 and yourun the Run Invoke-IpamGpoProvisioning cmdlet.

You need to manage the DHCP servers by using IPAM on Server1.

Which three actions should you perform?

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them inthe correct order.

A.B.C.D.





Server1 and Server2 have the Hyper-V server role and the Failover Clustering feature installed.

Server1 and Server2 are members of a cluster named Cluster1. Cluster1 hosts 10 virtual machines.

When you try to migrate a running virtual machine from one server to another, you receive

the following error message: "There was an error checking for virtual machine compatibility on the target node."

You need to ensure that the virtual machines can be migrated from one node to another.

From which node should you perform the configuration?


A.B.

C.D.












A. RepadminB. DnscmdC. DnslintD. DNS Manager


Explanation/Reference:Explanation:You can manually initiate DNS replication using DNS Manager. Note: You can use DNS Manager, the DNSsnap-in in Microsoft Management Console (MMC), to manage the local Domain Name System (DNS) server aswell as remote DNS servers. Using DNS Manager or a command line, you can start, stop, or pause a DNSserver. You can also pause and restart individual zones that are hosted by the server.Incorrect:Not A: Repadmin.exe helps administrators diagnose Active Directory replication problems between domaincontrollers running Microsoft Windows operating systems.


You have 20 servers that run Windows Server 2012 R2.

You need to create a Windows PowerShell script that registers each server in Windows Azure Online Backupand sets an encryption passphrase.

Which two PowerShell cmdlets should you run in the script? (Each correct answer presents part of the solution.Choose two.)

A. New-OBPolicyB. New-OBRetentionPolicyC. Add-OBFileSpecD. Start-OBRegistration

E. Set OBMachineSetting

Correct Answer: DESection: (none)Explanation

Explanation/Reference:Explanation: D: Start-OBRegistrationRegisters the current computer with Windows Azure Online Backup using the credentials (username andpassword) created during enrollment.E: The Set-OBMachineSetting cmdlet sets a OBMachineSetting object for the server that includes proxy serversettings for accessing the internet, network bandwidth throttling settings, and the encryption passphrase that isrequired to decrypt the files during recovery to another server.

Incorrect:Not C: TheAdd-OBFileSpeccmdlet adds theOBFileSpecobject, which specifies the items to include or excludefrom a backup, to the backup policy (OBPolicyobject). TheOBFileSpecobject can include or exclude multiplefiles, folders, or volumes. T

http://technet.microsoft.com/en-us/library/hh770416(v=wps.620).aspx http://technet.microsoft.com/en-us/library/hh770425(v=wps.620).aspx http://technet.microsoft.com/en-us/library/hh770424.aspx http://technet.microsoft.com/en-us/library/hh770398.aspx http://technet.microsoft.com/en-us/library/hh770409.aspx


Your company recently deployed a new Active Directory forest named contoso.com. The forest contains twoActive Directory sites named Site1 and Site2. The first domain controller in the forest runs Windows Server2012 R2.

You need to force the replication of the SYSVOL folder from Site1 to Site2.


A. Active Directory Sites and ServicesB. DFS ManagementC. RepadminD. Dfsrdiag


Explanation/Reference:Explanation:D. In Windows Server 2012 R2, Windows Server 2008 R2, or Windows Server 2008, you can force replicationimmediately by using DFS Management, as described in Edit Replication Schedules. You can also forcereplication by using the Dfsrdiag SyncNow command. You can force polling by using the Dfsrdiag PollADcommand. http://technet.microsoft.com/en-us/library/cc773238(v=ws.10).aspx#BKMK_072


You have 30 servers that run Windows Server 2012 R2.

All of the servers are backed up daily by using Windows Azure Online Backup.

You need to perform an immediate backup of all the servers to Windows Azure Online Backup.

Which Windows PowerShell cmdlets should you run on each server?

A. Get-OBPolicy | StartOBBackupB. Start-OBRegistration | StartOBBackupC. Get-WBPolicy | Start-WBBackupD. Get-WBBackupTarget | Start-WBBackup


Explanation/Reference:Explanation:A. starts a backup job using a policyB. Registers the current computer to Windows Azure Backup.C. Not using AzureD. Not using Azure

http://technet.microsoft.com/en-us/library/hh770406(v=wps.620).aspx http://technet.microsoft.com/en-us/library/hh770426.aspx



Your network contains an Active Directory domain named contoso.com. The domain contains domaincontrollers that run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2.

You plan to implement a new Active Directory forest. The new forest will be used for testing and will be isolatedfrom the production network.

In the test network, you deploy a server named Server1 that runs Windows Server 2012 R2.

You need to configure Server1 as a new domain controller in a new forest named contoso.test.


The functional level of the forest and of the domain must be the same as that of contoso.com.Server1 must provide name resolution services for contoso.test.

What should you do?

To answer, configure the appropriate options in the answer area.


A.B.C.D.




Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1and Server2 have the Hyper-V server role installed.

Server1 and Server2 have different processor models from the same manufacturer.

On Server1, you plan to create a virtual machine named VM1. Eventually, VM1 will be exported to Server2.

You need to ensure that when you import VM1 to Server2, you can start VM1 from saved snapshots.

What should you configure on VM1?


A.

B.C.D.




Your network contains an Active Directory domain named contoso.com. The domain contains a file servernamed Server1. Server1 is a BranchCache hosted cache server that is located in a branch office.

The network contains client computers that run either Windows 7 or Windows 8.

For the branch office, all of the user accounts and the client computer accounts are located in an organizational

unit (OU) named Branch1. A Group Policy object (GPO) named GPO1 is linked to Branch 1. GPO1 containsthe BranchCache settings.

You discover that users in the branch office who have client computers that run Windows 7 do not accesscached content from Server1. Users in the branch office who have Windows 8 computers access cachedcontent from Server1.

You need to configure the Windows 7 computers to use BranchCache on Server1. Which setting should youconfigure in GPO1?

To answer, select the appropriate setting in the answer area.

A.B.C.D.




Your network contains an Active Directory domain named contoso.com. All domain controllers run WindowsServer 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shownin the following table.

The Branch site contains a member server named Server1 that runs Windows Server 2012 R2.

You need to identify which domain controller authenticated the computer account of Server1.

What should you do?

A. Verify the value of the %LOGONSERVER% environment variable.B. Run nltest /sc_query.C. Verify the value of the %SESSIONNAME% environment variable.D. Run nltest /dsgetsite.


Explanation/Reference:Explanation:A. %LOGONSERVER% is the domain controller that authenticated the current user. B. Reports on the state ofthe secure channel the last time that you used it. (The secure channel is the one that the NetLogon service

established.) This parameter lists the name of the domain controller that you queried on the secure channel,also.C.

D. Returns the name of the site in which the domain controller resides. http://technet.microsoft.com/en-us/library/cc753915(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc731935(v=ws.10).aspx


Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Server1 and Server2 that run Windows Server 2012 R2. Server1 is a file server that has the Hyper-Vserver role installed.

Server1 hosts several virtual machines. The virtual machine configuration files are stored on drive D and theVHD files are stored on drive E.

You plan to replace drive E with a larger volume.

You need to ensure that the virtual machines on Server1 remain available while drive E is being replaced.

What should you do?

A. Perform a quick migration.B. Add Server1 and Server2 as nodes in a failover cluster.C. Perform a live migration.D. Perform a storage migration.


Explanation/Reference:Explanation:D. Hyper-V in Windows Server 2012 R2 introduces support for moving virtual machine storage withoutdowntime by making it possible to move the storage while the virtual machine remains running.http://technet.microsoft.com/en-us/library/hh831656.aspx


Your network contains an Active Directory domain named contoso.com. The domain contains two member

servers named Server1 and Server2. All servers run Windows Server 2012 R2.

Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in afailover cluster named Cluster1. Cluster1 has access to four physical disks. The disks are configured as shownin the following table.

You need to identify which disk can be added to a Clustered Storage Space in Cluster1.

Which disk should you identify?

A. Disk1B. Disk2C. Disk3D. Disk4




Your network contains an Active Directory domain named contoso.com. The domain contains a file servernamed File1 that runs a Server Core Installation of Windows Server 2012 R2.

File1 has a volume named D that contains home folders. File1 creates a shadow copy of volume D twice a day.

You discover that volume D is almost full.

You add a new volume named H to File1.

You need to ensure that the shadow copies of volume D are stored on volume H.

Which command should you run?

A. The Set-Volume cmdlet with the -driveletter parameterB. The vssadmin.exe create shadow commandC. The Set-Volume cmdlet with the -path parameterD. The vssadmin.exe add shadowstorage command



Explanation:A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a letter used to identify adrive or volume in the system. B. Displays current volume shadow copy backups and all installed shadow copywriters and providers. Shadow Creates a new shadow copy of a specified volume. C. Sets or changes the filesystem label of an existing volume -Path Contains valid path information.D. Displays current volume shadow copy backups and all installed shadow copy writers and providers.AddShadowStroage Adds a shadow copy storage association for a specified volume. http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx


Your network contains two DHCP servers named Server1 and Server2. Server1 fails.

You discover that DHCP clients can no longer receive IP address leases.

You need to ensure that the DHCP clients receive IP addresses immediately.

What should you configure from the View/Edit Failover Relationship settings? To answer, select the appropriatesetting in the answer area.

A.B.C.D.




Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. Theforest contains three Active Directory sites named SiteA, SiteB, and SiteC.

The sites contain four domain controllers. The domain controllers are configured as shown in the followingtable.



What should you do?

A. Create additional connection objects for DC3 and DC4.B. Decrease the cost of the site link between SiteB and SiteC.C. Create a site link bridge.D. Disable site link bridging.


Explanation/Reference:Explanation: By decreasing the cost between SiteB and SiteC, the SiteC users will be authenticated by SiteBdomain controllers.

Note:* A site link bridge connects two or more site links and enables transitivity between site links. Each site link in abridge must have a site in common with another site link in the bridge.* By default, all site links are transitive.


Your network contains four Active Directory forests. Each forest contains an Active Directory RightsManagement Services (AD RMS) root cluster.

All of the users in all of the forests must be able to access protected content from any of the forests.

You need to identify the minimum number of AD RMS trusts required.

How many trusts should you identify?

A. 3B. 6C. 12D. 16




Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC2 that runs Windows Server 2012 R2. DC2 has the DHCP Server server role installed.


You discover that client computers cannot obtain IPv4 addresses from DC2.

You need to ensure that the client computers can obtain IPv4 addresses from DC2.

What should you do?

A. Disable the Deny filters.B. Enable the Allow filters.

Guaranteed success with TestInsides practice guides 197 Microsoft 70-412 : Practice TestC. Authorize DC2.D. Restart the DHCP Server service





Server1 has a scope named Scope1. A policy named Policy1 is configured for Scope1. Policy1 is configured toprovide Hyper-V virtual machines a one-day lease. All other computers receive an eight-day lease.

You implement an additional DHCP server named Server2 that runs Windows Server 2012 R2.

On Server1, you configure Scope1 for DHCP failover.

You discover that virtual machines that receive IP addresses from Server2 have a lease duration of eight days.

You need to ensure that when Server2 assigns IP addresses to the Hyper-V virtual machines, the leaseduration is one day. The solution must ensure that other computers that receive IP addresses from Server2have a lease duration of eight days.

What should you do?

A. On Server2, create a new DHCP policy.B. on Server1, right-click Scope1, and then click Replicate Scope.C. On Server1, delete Policy1, and then recreate the policy.D. On Server2. right-click Scope1, and then click Reconcile.


Explanation/Reference:Explanation: The scope needs to be replicated from Server1 to Server2.



You need to ensure that a WIM file that is located on a network share is used as the installation source wheninstalling server roles and features on Server1.


A. Run the dism.exe command and specify the /remove-package parameter.B. Run the Remove-WindowsFeature cmdlet.C. Enable and configure the Specify settings for optional component installation and component repair policy

setting by using a Group Policy object (GPO).D. Enable the Enforce upgrade component rules policy setting by using a Group Policy object (GPO).E. Run the Remove-WindowsPackage cmdlet.

Correct Answer: ACSection: (none)Explanation

Explanation/Reference:Explanation: A: To remove packages from an offline image by using DISM Example:At a command prompt, specify the package identity to remove it from the image. You can remove multiplepackages on one command line.DISM /Image:C:\test\offline /Remove-Package/PackageName:Microsoft.Windows.Calc.Demo~6595b6144ccf1df~x86~en~1.0.0.0 /PackageName:Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~x86~~6.1.6801.0

C: * You can use Group Policy to specify a Windows image repair source to use within your network. The repairsource can be used to restore Windows features or to repair a corrupted Windows image.

* Set Group PolicyYou can use Group Policy to specify when to use Windows Update, or a network location as a repair source forfeatures on demand and automatic corruption repair.To configure Group Policy for Feature on DemandOpen the group policy editor. For example, on a computer that is running Windows® 8, click Search, clickSettings, type Edit Group Policy, and then select the Edit Group Policy setting.Click Computer Configuration, click Administrative Templates, click System, and

Guaranteed success with TestInsides practice guides 199 Microsoft 70-412 : Practice Testthen double-click the Specify settings for optional component uninstallation and component repair setting.Select the settings that you want to use for Features on Demand.

Note:* The Windows Imaging Format (WIM) is a file-based disk image format. It was developed by Microsoft to helpdeploy Windows Vista and subsequent versions of Windows operating system family, as well as WindowsFundamentals for Legacy PCs.



You have a domain outside the forest named litwareinc.com.


Users in litwareinc.com must be able to access resources on a server named Server1 in contoso.com.Users in the contoso.com forest must be prevented from accessing any resources in litwareinc.com.Users in litwareinc.com must be prevented from accessing any other resources in the contoso.com forest.


A. Configure SID filtering on the trust.B. Configure forest-wide authentication on the trust.C. Create a one-way forest trust.D. Create a one-way external trustE. Modify the permission on the Server1 object.F. Configure selective authentication on the trust.

Correct Answer: DEFSection: (none)Explanation

Explanation/Reference:Explanation: D (not C): litwareinc.com is outside the forest so we need an external trust (not a forest trust).E: Must grant the required permissions on Server1. F(not B): For external trust we must either select Domain-Wide or Selective Authentication

(forst-wide authentication is not an option)

BCENote:

* You can create an external trust to form a one-way or two-way, nontransitive trust with domains that areoutside your forest. External trusts are sometimes necessary when users need access to resources in aWindows NT 4.0 domain or in a domain that is located in a separate forest that is not joined by a forest trust. /To select the scope of authentication for users that are authenticating through a forest trust, click the foresttrust that you want to administer, and then click Properties . On the Authentication tab, click either Forest-wideauthentication or Selective authentication . / To select the scope of authentication for users that areauthenticating through an external trust, click the external trust that you want to administer, and then clickProperties . On the Authentication tab, click either Domain-wide authentication or Selective authentication .* The forest-wide authentication setting permits unrestricted access by any users in the trusted forest to allavailable shared resources in any of the domains in the trusting forest.* Forest-wide authentication is generally recommended for users within the same organization.

Reference: Select the Scope of Authentication for Users




Your network contains a perimeter network and an internal network. The internal network contains an ActiveDirectory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as theattribute store.

You plan to deploy a federation server proxy to a server named Server2 in the perimeter network.

You need to identify which value must be included in the certificate that is deployed to Server2.

Guaranteed success with TestInsides practice guides 201 Microsoft 70-412 : Practice TestWhat should you identify?

A. The FQDN of the AD FS serverB. The name of the Federation ServiceC. The name of the Active Directory domainD. The public IP address of Server2


Explanation/Reference:Explanation:A. It must contain the FQDNhttp://technet.microsoft.com/en-us/library/cc776786(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc782620(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc759635(v=ws.10).aspx


You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server ResourceManager role service installed.

You are creating a file management task as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that the Include all folders that store the following kinds of data list displays an entry namedCorporate Data.

What should you do?

A. Modify the properties of the System Files file group.B. Create a new classification property.

C. Create a new file group.D. Modify the Folder Usage classification property.


Explanation/Reference:Explanation:B. Classification properties are used to assign values to files. http://technet.microsoft.com/en-us/library/dd758765(v=WS.10).aspx


Your network contains an Active Directory forest named adatum.com. The forest contains an Active DirectoryRights Management Services (AD RMS) cluster.

A partner company has an Active Directory forest named litwareinc.com. The partner company does not haveAD RMS deployed.

You need to ensure that users in litwareinc.com can consume rights-protected content from adatum.com.

Which type of trust policy should you create?

A. At federated trustB. A trusted user domain

C. A trusted publishing domainD. Windows Live ID


Explanation/Reference:Explanation:A. In AD RMS rights can be assigned to users who have a federated trust with Active Directory FederationServices (AD FS). This enables an organization to share access to rights-protected content with anotherorganization without having to establish a separate Active Directory trust or Active Directory RightsManagement Services (AD RMS) infrastructure.http://technet.microsoft.com/en-us/library/dd772651(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc738707(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc757344(v=ws.10).aspx


Your network contains an Active Directory forest named adatum.com. All servers run Windows Server 2012 R2.The domain contains four servers. The servers are configured as shown in the following table.

You need to deploy IP Address Management (IPAM) to manage DNS and DHCP.

On which server should you install IPAM?

A. Server1B. Server2

C. Server3D. Server4





Data Deduplication is enabled on drive D of Server1.

You need to exclude D:\Folder1 from Data Deduplication.


A. Disk Management in Computer ManagementB. The properties of D:\Folder1C. The classification rules in File Server Resource Manager (FSRM)D. File and Storage Services in Server Manager





The Branch site contains a perimeter network.

For security reasons, client computers in the perimeter network can communicate with client computers in theBranch site only.

You plan to deploy a new RODC to the perimeter network in the Branch site.

You need to ensure that the new RODC will be able to replicate from DC10.

What should you do first on DC10?

A. Run the Add-ADDSReadOnlyDomainControllerAccount cmdlet.B. Create an Active Directory site.C. Run the Active Directory Domain Services Configuration Wizard.D. Create an Active Directory subnet.


Explanation/Reference:Explanation: Add-ADDSReadOnlyDomainControllerAccount Creates a read-only domain controller (RODC)account that can be used to install an RODC in Active Directory.

Note:* NotesOnce you have added the RODC account, you can add an RODC to a server computer by using the Install-ADDSDomainController cmdlet with the -ReadOnlyReplica switch parameter.* ExampleAdds a new read-only domain controller (RODC) account to the corp.contoso.com domain using the NorthAmerica site as the source site for the replication source domain controller.

C:\PS>Add-ADDSReadOnlyDomainControllerAccount -DomainControllerAccountName RODC1 -DomainNamecorp.contoso.com -SiteName NorthAmerica

Incorrect:Not B: There already is a branch site.

Reference: Add-ADDSReadOnlyDomainControllerAccount



You configure a user named User1 as a delegated administrator of DC10.

You need to ensure that User1 can log on to DC10 if the network link between the Main site and the Branch sitefails.

What should you do?

A. Add User1 to the Domain Admins group.B. Modify the properties of the DC10 computer account.C. Run repadmin and specify /replsingleobject parameter.D. On DC10, modify the User Rights Assignment in Local Policies.


Explanation/Reference:Explanation: Modify the following policy:Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow logon locally

Note:* User Rights Assignment policies determines which users or groups have logon rights or privileges on thecomputer.

* Delegated administrator accounts gain local administrative permissions to the RODC. These users canoperate with privileges equivalent to the local computer's Administrators group. They are not members of theDomain Admins or the domain built-in Administrators groups. This option is useful for delegating branch officeadministration without giving out domain administrative permissions. Configuring delegation of administration isnot required.



You plan to test an Application on a server named Server1. Server1 is currently located in Site1.

After the test, Server1 will be moved to Site2.

You need to ensure that Server1 attempts to authenticate to DC3 first, while you test the Application.

What should you do?

A. Create a new site and associate the site to an existing site link object.B. Modify the priority of site-specific service location (SRV) DNS records for Site2.C. Create a new subnet object and associate the subnet object to an existing site.D. Modify the weight of site-specific service location (SRV) DNS records Site1.


Explanation/Reference:Explanation: Service Location (SRV) Resource Record PriorityA number between 0 and 65535 that indicates the priority or level of preference given for this record to the hostthat is specified in Host offering this service. Priority indicates this host's priority with respect to the other hostsin this domain that offer the same service and are specified by different service location (SRV) resourcerecords.

Incorrect:Not D:Weight: A number between 1 and 65535 to be used as a load-balancing mechanism. When you select amongmore than one target SRV host for the type of service (specified in Service) that use the same Priority number,you can use this field to weight preference toward specific hosts. Where several hosts share equal priority,SRV-specified hosts with higher weight values that are entered here should be returned first to resolver clientsin SRV query results.

Reference: Service Location (SRV) Resource Record Dialog Box



Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server roleinstalled and configured.

For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll the smartcard certificates for the users.

You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollmentagent.

Which setting should you modify? To answer, select the appropriate setting in the answer area.

A.B.C.D.




Your network contains an Active Directory domain named contoso.com. The domain contains the two servers.The servers are configured as shown in the following table.

You investigate a report about the potential compromise of a private key for a certificate issued to Server2.

You need to revoke the certificate issued to Server2. The solution must ensure that the revocation can bereverted.

Which reason code should you select?

To answer, select the appropriate reason code in the answer area.

A.B.C.D.




Your network contains two Active Directory forests named contoso.com and adatum.com. All domaincontrollers run Windows Server 2012 R2.

A federated trust exists between adatum.com and contoso.com. The trust provides adatum.com users withaccess to contoso.com resources.

You need to configure Active Directory Federation Services (AD FS) claim rules for the federated trust.


In contoso.com, replace an incoming claim type named Group with an outgoing claim type named Role.In adatum.com, allow users to receive their tokens for the relying party by using their Active Directory groupmembership as the claim type.

The AD FS claim rules must use predefined templates.

Which rule types should you configure on each side of the federated trust?

To answer, drag the appropriate rule types to the correct location or locations. Each rule type may be usedonce, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

A.B.C.D.












A. Active Directory Domains and TrustsB. Active Directory Users and ComputersC. RepadminD. Ntdsutil


Explanation/Reference:Explanation: Repadmin.exe is a command line tool that is designed to assist administrators in diagnosing,monitoring, and troubleshooting Active Directory replication problems.

Reference: Repadmin Introduction and Technology Overview








A. Active Directory Users and ComputersB. Server ManagerC. The Certificates snap-inD. The Certification Authority console


Explanation/Reference:Explanation: You can use the Certification Authority console to configure CAs. This includes the following tasks:Scheduling certificate revocation list publication.Installing the CA certificate when necessary.Configuring exit module settings.Configuring policy module settings.Modifying security permissions and delegate control of CAs. Enabling optional Netscape-compatible Web-based revocation checking.

Reference: Configure Certification Authorities


You plan to deploy a failover cluster that will contain two nodes that run Windows Server 2012 R2.

You need to configure a witness disk for the failover cluster.

How should you configure the witness disk?

To answer, drag the appropriate configurations to the correct location or locations. Each configuration may beused once, more than once, or not at all. You may need to drag the split bar between panes or scroll to viewcontent.

A.B.C.D.








What should you do?

A. On DC10, run ntdsutil and configure the settings in the Local Roles context.B. Run repadmin and specify /replsingleobject parameter.C. Modify the properties of the DC10 computer account.D. On DC10, modify the User Rights Assignment in Local Policies.




* Delegated administrator accounts gain local administrative permissions to the RODC. These users canoperate with privileges equivalent to the local computer's Administrators group. They are not members of theDomain Admins or the domain built-in Administrators groups. This option is useful for delegating branch officeadministration without giving out


domain administrative permissions. Configuring delegation of administration is not required.



You plan to test an Application on a server named Server 1. Server1 is currently located in Site1.

After the test, Server1 will be moved to Site2.


What should you do?

A. Modify the priority of site-specific service location (SRV) DNS records for Site2.B. Create a new subnet object and associate the subnet object to an existing site.C. Create a new site and associate the site to an existing site link object.D. Modify the registry on DC3.


Explanation/Reference:Explanation: Service Location (SRV) Resource Record PriorityA number between 0 and 65535 that indicates the priority or level of preference given for this record to the hostthat is specified in Host offering this service.

Priority indicates this host's priority with respect to the other hosts in this domain that offer the same service andare specified by different service location (SRV) resource records.











A. Active Directory Users and ComputersB. NtdsutilC. DNS ManagerD. Active Directory Domains and Trusts


Explanation/Reference:Explanation: The primary tool that you use to manage DNS servers is DNS Manager, the DNS snap-in inMicrosoft Management Console (MMC), which appears as DNS in Administrative Tools on the Start menu. Youcan use DNS Manager along with other snap- ins in MMC, further integrating DNS administration into your totalnetwork management. It is also available in Server Manager on computers with the DNS Server role installed.You can use DNS Manager to perform the following basic administrative server tasks:* Performing initial configuration of a new DNS server.* Connecting to and managing a local DNS server on the same computer or remote DNS servers on othercomputers.* Adding and removing forward and reverse lookup zones, as necessary.* Adding, removing, and updating resource records in zones.* Modifying how zones are stored and replicated between servers.* Modifying how servers process queries and handle dynamic updates.

Modifying security for specific zones or resource records.

In addition, you can also use DNS Manager to perform the following tasks:* Perform maintenance on the server. You can start, stop, pause, or resume the server or manually updateserver data files.* Monitor the contents of the server cache and, as necessary, clear it.* Tune advanced server options.

Configure and perform aging and scavenging of stale resource records that are stored by the server.

Reference: DNS Tools


Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. Theforest functional level is Windows Server 2012 R2.


On DC1, you create a new Group Policy object (GPO) named GPO1.

You need to verify that GPO1 was replicated to all of the domain controllers.


A. Group Policy ManagementB. Active Directory Sites and ServicesC. DFS ManagementD. Active Directory Administrative Center


Explanation/Reference:Explanation:http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/3e580e00-d619- 4d25-b22d-18f0170279c4http://technet.microsoft.com/en-us/library/jj134176.aspx

Topic 4, Volume D


Your network contains two DNS servers named DN51 and DNS2 that run Windows Server 2012 R2.

DNS1 has a primary zone named contoso.com. DNS2 has a secondary copy of the contoso.com zone.

You need to log the zone transfer packets sent between DNS1 and DNS2.


A. Monitoring from DNS ManagerB. Logging from Windows Firewall with Advanced SecurityC. A Data Collector Set (DCS) from Performance MonitorD. Debug logging from DNS Manager


Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/cc776361(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc749337.aspx


Your network contains an Active Directory forest. The forest contains one domain named contoso.com. Thedomain contains three domain controllers. The domain controllers are configured as shown in the followingtable.

DC1 has all of the operations master roles installed.

You transfer all of the operations master roles to DC2, and then you uninstall Active Directory from DC1.

You need to ensure that you can use Password Settings objects (PSOs) in the domain.

What should you do?

A. Change the domain functional level.B. Upgrade DC2.C. Run the dcgpofix.exe command.D. Transfer the schema master role.


Explanation/Reference:Explanation:A. The domain functional level must be Windows Server 2008 to use PSO's B. DC1 needs to be upgradedC. Recreates the default Group Policy Objects (GPOs) for a domain

D. Schema isn't up to right level

http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc753104.aspx




You need to ensure that only Scope1, Scope3, and Scope5 assign the same DNS servers to DHCP clients.The solution must minimize administrative effort.

What should you do?

A. Create a superscope and scope-level policies.B. Configure the Scope Options.C. Create a superscope and a filter.D. Configure the Server Options.


Explanation/Reference:Explanation:B. Any DHCP scope options configured for assignment to DHCP clients http://technet.microsoft.com/en-us/library/dd759218.aspx http://technet.microsoft.com/en-us/library/cc757682(v=WS.10).aspx



When you install a custom Application on Server1 and restart the server, you receive the following errormessage: "The Boot Configuration Data file is missing some required information.

File: \Boot\BCD

Error code: 0x0000034."

You start Server1 by using Windows PE.

You need to ensure that you can start Windows Server 2012 R2 on Server1.


A. BootsectB. BootimC. BootrecD. Bootcfg



A. Bootsect.exe updates the master boot code for hard disk partitions to switch between BOOTMGR andNTLDR. You can use this tool to restore the boot sector on your computer.This tool replaces FixFAT and FixNTFS.B.C. Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks forinstallations that are compatible with Windows Vista or Windows 7. Additionally, this option displays the entriesthat are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7installations that the Boot Manager menu does not list.D. The bootcfg command is a Microsoft Windows Server 2003 utility that modifies the Boot.ini file.http://technet.microsoft.com/en-us/library/cc749177(v=ws.10).aspx http://support.microsoft.com/kb/927392/en-ushttp://answers.microsoft.com/en-us/windows/forum/windows_7-system/error-code- 0x0000034-in-windows-7/4dcb8d38-a206-40ed-bced-55e4a4de9bf2



Server1 fails.

You identify that the master boot record (MBR) is corrupt.

You need to repair the MBR.


A. BcdeditB. BcdbootC. BootrecD. Fixmbr


Explanation/Reference:Explanation:A. BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of

purposes, including creating new stores, modifying existing stores, adding boot menu options, and so on.BCDEdit serves essentially the same purpose as Bootcfg.exe on earlier versions of WindowsB. The BCDboot tool is a command-line tool that enables you to manage system partition filesC. Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks forinstallations that are compatible with Windows Vista or Windows 7. Additionally, this option displays the entriesthat are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7installations that the Boot Manager menu does not list.D. Repairs the master boot record of the boot disk. The fixmbr command is only available when you are usingthe Recovery Console. Fixmbr option in Server 2008 and 2012 is a bootrec option

http://technet.microsoft.com/en-us/library/cc709667(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd744347(v=ws.10).aspx http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en- us/bootcons_fixmbr.mspx?mfr=truehttp://www.youtube.com/watch?v=kFU8kngy6O0http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/bbf4f440-50ce- 4ea2-a3eaa96dc2500352


Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 R2. Server1 has the Active Directory Rights Management Servicesserver role installed.

Your company works with a partner organization that does not have its own Active Directory RightsManagement Services (AD RMS) implementation.

You need to create a trust policy for the partner organization.


Grant users in the partner organization access to protected content. Provide users in the partner organizationwith the ability to create protected

content.

Which type of trust policy should you create?

A. A federated trustB. Windows Live IDC. A trusted publishing domainD. A trusted user domain





The domain contains two domain controllers. The domain controllers are configured as shown in the followingtable.

On DC1, you create an Active Directory-integrated zone named Zone1. You verify that Zone1 replicates to DC2.

You use DNSSEC to sign Zone1.

You discover that the updates to Zone1 fail to replicate to DC2.

You need to ensure that Zone1 replicates to DC2.



A.B.C.D.




Your network contains four servers that run Windows Server 2012 R2.

Each server has the Failover Clustering feature installed. Each server has three network adapters installed. AniSCSI SAN is available on the network.

You create a failover cluster named Cluster1. You add the servers to the cluster.

You plan to configure the network settings of each server node as shown in the following table.

You need to configure the network settings for Cluster1.

What should you do?

To answer, drag the appropriate network communication setting to the correct cluster network. Each networkcommunication setting may be used once, more than once, or not at all. You may need to drag the split barbetween panes or scroll to view content.

A.B.C.D.




You have a server named Server1 that runs Windows Server 2012 R2. The volumes on Server1 are configuredas shown in the following table.

A new corporate policy states that backups must use Windows Azure Online Backup whenever possible.

You need to identify which backup methods you must use to back up Server1. The solution must use WindowsAzure Online Backup whenever possible.

Which backup type should you identify for each volume?

To answer, select the appropriate backup type for each volume in the answer area.

A.B.C.D.




Your network contains an Active Directory domain named contoso.com. All domain controllers run WindowsServer 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown

in the following table.



What should you do?

A. Add User1 to the Domain Admins group.B. On DC10, run ntdsutil and configure the settings in the Roles context.C. Run repadmin and specify the /prp parameter.D. On DC1, modify the User Rights Assignment in Default Domain Controllers Group Policy object (GPO).








For security reasons, client computers in the perimeter network can communicate with client computers in the

Branch site only.




A. Run dcpromo and specify the /createdcaccount parameter.B. Run the Active Directory Domain Services Configuration Wizard.C. Run the Add-ADDSReadOnlyDomainControllerAccount cmdlet.D. Enable the Bridge all site links setting.


Explanation/Reference:Explanation: Creates a read-only domain controller (RODC) account that can be used to install an RODC inActive Directory.









What should you do?

A. Create an SMTP site link between SiteB and SiteC.B. Decrease the cost of the site link between SiteB and SiteC.C. Disable site link bridging.D. Create additional connection objects for DC1 and DC2.


Explanation/Reference:Explanation: By decreasing the site link cost between SiteB and SiteC the SiteC users would be authenticatedby SiteB rather than by SiteA.








A. The Security Configuration WizardB. The Certification Authority consoleC. Active Directory Administrative CenterD. Certificate Templates


Explanation/Reference:Explanation: You can use the Certification Authority console to configure CAs. This includes the following tasks:

(B) Scheduling certificate revocation list publication.Installing the CA certificate when necessary.Configuring exit module settings.Configuring policy module settings.Modifying security permissions and delegate control of CAs. Enabling optional Netscape-compatible Web-based revocation checking.

Reference: Configure Certification Authorities


You perform a full installation of Windows Server 2012 R2 on a virtual machine named Server1. You plan touse Server1 as a reference image.

You need to minimize the amount of storage space used by the Windows Server 2012 R2 installation.

Which cmdlet should you use?

A. Remove-ModuleB. Optimize-VHDC. Optimize-VolumeD. Uninstall-WindowsFeature


Explanation/Reference:Explanation: The Optimize-VHD cmdlet optimizes the allocation of space in or more virtual hard disk files,except for fixed virtual hard disks. The Compact operation is used to optimize the files. This operation reclaimsunused blocks as well as rearranges the blocks to be more efficiently packed, which reduces the size of avirtual hard disk file.

Reference: Optimize-VHD







Server1 has a scope named Scope1. A policy named Policy1 is configured for Scope1. Policy1 is configured toprovide Hyper-V virtual machines a one-day lease. All other computers receive an eight-day lease.

You implement an additional DHCP server named Server2 that runs Windows Server 2012 R2.

On Server1, you configure Scope1 for DHCP failover.

You discover that virtual machines that receive IP addresses from Server2 have a lease duration of eight days.

You need to ensure that when Server2 assigns IP addresses to the Hyper-V virtual machines, the leaseduration is one day. The solution must ensure that other computers

that receive IP addresses from Server2 have a lease duration of eight days.

What should you do?

A. On Server2, right-click Scope1, and then click Reconcile.B. On Server1, right-click Scope1, and then click Replicate Scope.C. On Server2, create a new DHCP policy.D. On Server1, delete Policy1, and then recreate the policy.

Correct Answer: B


Explanation/Reference:Explanation: Explanation/Reference:Scope 1 has been set up for DHCP failover. Now we need to replicate it from Server1 to Server2.


You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server roleinstalled.

You need to store the contents of all the DNS queries received by Server1.


A. Logging from Windows Firewall with Advanced SecurityB. Debug logging from DNS ManagerC. A Data Collector Set (DCS) from Performance MonitorD. Monitoring from DNS Manager


Explanation/Reference:Explanation: The following DNS debug logging options are available:* Direction of packets

Send Packets sent by the DNS server are logged in the DNS server log file. Receive Packets received by theDNS server are logged in the log file.

* Content of packets

(D) Standard queries Specifies that packets containing standard queries (per RFC 1034) are logged in the DNSserver log file.

Updates Specifies that packets containing dynamic updates (per RFC 2136) are logged in the DNS server logfile.

Notifies Specifies that packets containing notifications (per RFC 1996) are logged in the DNS server log file.

Etc.

Reference: Using server debug logging options


Your network contains two Hyper-V hosts that are configured as shown in the following table.

You create a virtual machine on Server1 named VM1.

You plan to export VM1 from Server1 and import VM1 to Server2.

You need to ensure that you can start the imported copy of VM1 from snapshots.

What should you configure on VM1?


A.B.C.D.







What should you do?

A. On DC10, run ntdsutil and configure the settings in the Roles context.B. On DC10, run ntdsutil and configure the settings in the Local Roles context.C. Modify the properties of the DC10 computer account.D. Run repadmin and specify /replsingleobject parameter.E. On DC10, modify the User Rights Assignment in Local Policies.










What should you do?

A. Create an SMTP site link between SiteB and SiteC.B. Crate additional connection objects for DC1 and DC2.C. Decrease the cost of the site link between SiteB and SiteC.D. Create additional connection objects for DC3 and DC4.


Explanation/Reference:Explanation: Explanation/Reference:By decreasing the site link cost between SiteB and SiteC the SiteC users would be authenticated by SiteBrather than by SiteA.


Your network contains an Active Directory domain named contoso.com. All domain controllers run WindowsServer 2012 R2. The doma contains two domain controllers. The domain controllers are configured as shown inthe following table.






A. Enable the Bridge all site links setting.B. Create an Active Directory subnet.C. Run the Add-ADDSReadOnlyDomainControllerAccount cmdlet.D. Run the Uninstall-ADDSDomainController cmdlet.








You plan to test an Application on a server named Server1. Server1 is currently located in Site1. After the test,Server1 will be moved to Site2.


What should you do?

A. Modify the priority of site-specific service location (SRV) DNS records for Site2.B. Modify the weight of site-specific service location (SRV) DNS records Site1.C. Modify the registry on Server1.D. Create a new site and associate the site to an existing site link object.


Explanation/Reference:Explanation: Service Location (SRV) Resource Record PriorityA number between 0 and 65535 that indicates the priority or level of preference given for this record to the hostthat is specified in Host offering this service. Priority indicates this host's priority with respect to the other hostsin this domain that offer the same service and are specified by different service location (SRV) resourcerecords.

Incorrect:Not B:Weight: A number between 1 and 65535 to be used as a load-balancing mechanism. When you select amongmore than one target SRV host for the type of service (specified in Service) that use the same Priority number,you can use this field to weight preference toward specific hosts. Where several hosts share equal priority,SRV-specified hosts with higher weight values that are entered here should be returned first to resolver clientsin SRV query results.












A. Active Directory Users and ComputersB. Active Directory Sites and ServicesC. DnscmdD. DNS Manager


Explanation/Reference:Explanation: The primary tool that you use to manage DNS servers is DNS Manager, the


DNS snap-in in Microsoft Management Console (MMC), which appears as DNS in Administrative Tools on theStart menu. You can use DNS Manager along with other snap- ins in MMC, further integrating DNSadministration into your total network management. It is also available in Server Manager on computers withthe DNS Server role installed. You can use DNS Manager to perform the following basic administrative servertasks:* Performing initial configuration of a new DNS server.* Connecting to and managing a local DNS server on the same computer or remote DNS servers on othercomputers.

* Adding and removing forward and reverse lookup zones, as necessary.* Adding, removing, and updating resource records in zones.* Modifying how zones are stored and replicated between servers.* Modifying how servers process queries and handle dynamic updates.

Modifying security for specific zones or resource records. In addition, you can also use DNS Manager toperform the following tasks:

* Perform maintenance on the server. You can start, stop, pause, or resume the server or manually updateserver data files.* Monitor the contents of the server cache and, as necessary, clear it.* Tune advanced server options.

Configure and perform aging and scavenging of stale resource records that are stored by the server.

Reference: DNS Tools





Users in fabrikam.com must be able to access resources in adatum.com. Users in contoso.com must beprevented from accessing resources in

adatum.com.Users in adatum.com must be prevented from accessing resources in both fabrikam.com and contoso.com.


A. a one-way realm trust from fabrikam.com to adatum.comB. a one-way external trust from adatum.com to fabrikam.comC. a one-way external trust from fabrikam.com to adatum.comD. a one-way realm trust from adatum.com to fabrikam.com




You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses ActiveDirectory as the attribute store.

Some users report that they fail to authenticate to the AD FS infrastructure.

You discover that only users who run third-party web browsers experience issues.

You need to ensure that all of the users can authenticate to the AD FS infrastructure successfully.

Which Windows PowerShell command should you run?

A. Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00B. Set-ADFSProperties -AddProxyAuthenticationRules NoneC. Set-ADFSProperties -SSOLifetime 1:00:00D. Set-ADFSProperties -ExtendedProtectionTokenCheck None


Explanation/Reference:Explanation:A. Sets the valid token lifetime for proxy trust tokens (in minutes). This value is used by the federation serverproxy to authenticate with its associated federation server. B. Specifies a policy rule set that can be used toestablish authorization permissions for setting up trust proxies. The default value allows the AD FS 2.0 serviceuser account or any member of BUILTIN\Administrators to register a federation server proxy with theFederation Service.

C. Specifies the duration of the single sign-on (SSO) experience for Web browser clients (in minutes).D. pecifies the level of extended protection for authentication supported by the federation server. ExtendedProtection for Authentication helps protect against man-in-the-middle (MITM) attacks, in which an attackerintercepts a client's credentials and forwards them to a server.http://technet.microsoft.com/zh-cn/library/ee892317.aspx


Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012R2. The domain contains a file server named Server1. The domain contains a domain controller named DC1.Server1 contains three shared folders. The folders are configured as shown in the following table.

Folder2 has a conditional expression of User.Department= = MMarketing".

You discover that a user named User1 cannot access \\Server1\folder2. User1 can access \\Server1\folderl and\\Server1\folder3.

You verify the group membership of User1 as shown in the Member Of exhibit. (Click the Exhibit button.)

You verify the organization information of User1 as shown in the Organization exhibit.(Click the Exhibit button.)


You verify the general properties of User1 as shown in the General exhibit. (Click the Exhibit button.)


You need to ensure that User1 can access the contents of \\Server1\folder2.

What should you do?

A. From a Group Policy object (GPO), set the Support for Dynamic Access Control and Kerberos armoringsetting to Always provide claims.

B. Change the department attribute of User1.C. Grant the Full Control NTFS permissions on Folder2 to User1.D. Remove User11from the Accounting global group.



Explanation:B. Conditional Expression and users Department must match http://technet.microsoft.com/en-us/library/

jj134043.aspx



You install the File and Storage Services server role on Server1.

From Windows Explorer, you view the properties of a folder named Folder1 and you discover that theClassification tab is missing.

You need to ensure that you can assign classifications to Folder1 from Windows Explorer manually.

What should you do?

A. From Folder Options, clear Hide protected operating system files (Recommended).B. Install the File Server Resource Manager role service.C. From Folder Options, select the Always show menus.D. Install the Share and Storage Management Tools.


Explanation/Reference:Explanation:B. Classification Management is a feature of FSRMhttp://technet.microsoft.com/en-us/library/dd759252.aspx http://technet.microsoft.com/en-us/library/dd758759(v=WS.10).aspx








A. Enable the Bridge all site links setting.

B. Run the Active Directory Domain Services Configuration Wizard.C. Create an Active Directory site link bridge.D. Create an Active Directory site.


Explanation/Reference:Explanation:A. Site link transitivity is controlled by the Bridge all site links option on the properties pages of transport folders(such as IP or SMTP) in the Active Directory Sites and Services snap- in. Site link transitivity is enabled bydefault.B.C. If you cannot place a writable Windows Server 2008 domain controller in the nearest site to the RODC,RODC replication depends on a site link bridge between the site links that contain the site of the RODC and thesite of the writable Windows Server 2008 domain controller.D. AD Site not readed for RODC

http://technet.microsoft.com/en-us/library/dd736189(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc738789(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc732632(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc778718(v=WS.10).aspx






What should you do?

A. Modify the weight of site-specific service location (SRV) DNS records Site1.B. Create a new subnet object and associate the subnet object to an existing site.C. Modify the registry on DC3.D. Modify the priority of site-specific service location (SRV) DNS records for Site2.


Explanation/Reference:Explanation: Service Location (SRV) Resource Record Priority

A number between 0 and 65535 that indicates the priority or level of preference given for this record to the hostthat is specified in Host offering this service. Priority indicates this host's priority with respect to the other hostsin this domain that offer the same service and are specified by different service location (SRV) resourcerecords.

Incorrect:Not A:Weight: A number between 1 and 65535 to be used as a load-balancing mechanism. When you select amongmore than one target SRV host for the type of service (specified in Service) that use the same Priority number,you can use this field to weight preference toward specific hosts. Where several hosts share equal priority,SRV-specified hosts with


higher weight values that are entered here should be returned first to resolver clients in SRV query results.




Server1 has Microsoft SQL Server 2012 installed.

You install the Active Directory Federation Services server role on Server2.

You need to configure Server2 as the first Active Directory Federation Services (AD FS) server in the domain.The solution must ensure that the AD FS database is stored in a SQL Server database on Server1.


A. From a command prompt, run fsutil.exe.B. From Windows PowerShell, run Install-ADFSFarm.C. From Server Manager, install the Federation Service Proxy.D. From Server Manager, install the AD FS Web Agents.


Explanation/Reference:Explanation:B. Creates the first node of a new federation server farm

Parameter: -SQLConnectionString<String>Specifies the SQL Server database that will store the AD FS configuration settings. If not specified, the AD FSinstaller uses the Windows Internal Database to store configuration settings.

Incorrect:Not A. Performs tasks that are related to file allocation table (FAT) and NTFS file systems, such as managingreparse points, managing sparse files, or dismounting a volume.C. Not installing ProxyD. Not Installing web agents








A. Create an Active Directory subnet.B. Run the Active Directory Domain Services Configuration Wizard.C. Run dcpromo and specify the fcreatedcaccount parameter.D. Run the Add-ADDSReadOnlyDomainControllerAccount cmdlet.


Explanation/Reference:Explanation: Add-ADDSReadOnlyDomainControllerAccount Creates a read-only domain controller (RODC)account that can be used to install an

RODC in Active Directory.











A. Create an Active Directory site link bridge.B. Create an Active Directory site.C. Run the Uninstall-ADDSDomainController cmdlet.D. Run the Add-ADDSReadOnlyDomainControllerAccount cmdlet.











What should you do?

A. Create an SMTP site link between SiteB and SiteC.B. Create additional connection objects for DC3 and DC4.C. Decrease the cost of the site link between SiteB and SiteC.D. Create additional connection objects for DC1 and DC2.


Explanation/Reference:Explanation: By decreasing the site link cost between SiteB and SiteC the SiteC users would be authenticatedby SiteB rather than by SiteA.





What should you do?

A. Create a new site and associate the site to an existing site link object.B. Modify the registry on DC3.C. Modify the weight of site-specific service location (SRV) DNS records Site1.D. Modify the registry on Server1.E. Modify the priority of site-specific service location (SRV) DNS records for Site2.


Explanation/Reference:Explanation: Service Location (SRV) Resource Record PriorityA number between 0 and 65535 that indicates the priority or level of preference given for this record to the host

that is specified in Host offering this service. Priority indicates this host's priority with respect to the other hostsin this domain that offer the same service and are specified by different service location (SRV) resourcerecords.

Incorrect:Not C:Weight: A number between 1 and 65535 to be used as a load-balancing mechanism. When you select amongmore than one target SRV host for the type of service (specified in Service) that use the same Priority number,you can use this field to weight preference toward specific hosts. Where several hosts share equal priority,SRV-specified hosts with higher weight values that are entered here should be returned first to resolver clientsin SRV query results.




Server1 and Server2 have the Hyper-V server role installed. Server1 and Server2 are configured as Hyper-Vreplicas of each other.




A. On a server in Cluster2, click Migrate Roles.B. On a server in Cluster2, configure Cluster-Aware Updating.C. On a server in Cluster1, click Move Core Cluster Resources, and then click Select Node.D. On a server in Cluster1, configure Cluster-Aware Updating.


Explanation/Reference:Explanation: Note:* Cluster-Aware Updating (CAU) is an automated feature that allows you to update clustered servers with littleor no loss in availability during the update process. During an Updating Run, CAU transparently performs thefollowing tasks:Puts each node of the cluster into node maintenance mode

Moves the clustered roles off the node

Installs the updates and any dependent updates

Performs a restart if necessary

Brings the node out of maintenance mode

Restores the clustered roles on the node

Moves to update the next node

For many clustered roles (formerly called clustered applications and services) in the cluster, the automatic

update process triggers a planned failover, and it can cause a transient service interruption for connectedclients. However, in the case of continuously


available workloads in Windows Server 2012 R2, such as Hyper-V with live migration or file server with SMBTransparent Failover, CAU can coordinate cluster updates with no impact to the service availability.



Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in afailover cluster named Cluster1. Cluster1 has access to four physical disks. The disks are configured as shownin the following table.

You need to ensure that all of the disks can be added to a Cluster Shared Volume (CSV).


A. Enable BitLocker on Disk4.B. Format Disk3 to use NTFS.C. Format Disk2 to use NTFS.D. Disable BitLocker on Disk1.

Correct Answer: BCSection: (none)Explanation

Explanation/Reference:Explanation: Explanation/Reference:You cannot use a disk for a CSV that is formatted with FAT, FAT32, or Resilient File System (ReFS).


Your network contains an Active Directory forest named contoso.com. The contoso.com domain only containsdomain controllers that run Windows Server 2012 R2.

The forest contains a child domain named child.contoso.com. The child.contoso.com domain only containsdomain controllers that run Windows Server 2008 R2. The child.contoso.com domain contains a memberserver named Server1 that runs Windows Server 2012 R2.

You have access to four administrative user accounts in the forest. The administrative user accounts areconfigured as shown in the following table.

You need to ensure that you can add a domain controller that runs Windows Server 2012 R2 to thechild.contoso.com domain.

Which account should you use to run adprep.exe?

A. Admin1B. Admin2C. Admin3D. Admin4




Your network contains two servers named Server1 and Server 2. Both servers run

Windows Server 2012 R2 and have the Hyper-V server role installed.

Server1 hosts a virtual machine named VM1. The virtual machine configuration files and the virtual hard disksfor VM1 are stored in D: \VM1.

You shut down VM1 on Server1.

You copy D:\VM1 to D:\VM1 on Server2.

You need to start VM1 on Server2. You want to achieve this goal by using the minimum amount ofadministrative effort.

What should you do?

A. Run the Import-VMIntialReplication cmdlet.B. Create a new virtual machine on Server2 and attach the VHD from VM1 to the new virtual machine.C. From Hyper-V Manager, run the Import Virtual Machine wizard.D. Run the Import-IscsiVirtualDisk cmdlet.




Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Node1 and Node2. Node1 and Node2 run Windows Server 2012 R2. Node1 and Node2 are configuredas a two-node failover cluster named Cluster2.

The computer accounts for all of the servers reside in an organizational unit (OU) named Servers.

A user named User1 is a member of the local Administrators group on Node1 and Node2.

User1 creates a new clustered File Server role named File1 by using the File Server for general use option. Areport is generated during the creation of File1 as shown in the exhibit. (Click the Exhibit button.)

File1 fails to start.

You need to ensure that you can start File1.

What should you do?

A. Log on to the domain by using the built-in Administrator for the domain, and then recreate the clustered FileServer role by using the File Server for general use option.

B. Recreate the clustered File Server role by using the File Server for scale-out Application data option.C. Assign the computer account permissions of Cluster2 to the Servers OU.D. Assign the user account permissions of User1 to the Servers OU.E. Increase the value of the ms-DS-MachineAccountQuota attribute of the domain.




Your network contains an Active Directory forest. The forest contains one domain named adatum.com. Thedomain contains three domain controllers. The domain controllers are configured as shown in the followingtable.

DC2 has all of the domain-wide operations master roles. DC3 has all of the forest-wide operation master roles.

You need to ensure that you can use Password Settings objects (PSOs) in the domain.


A. Uninstall Active Directory from DC1.B. Change the domain functional level.C. Transfer the domain-wide operations master roles.D. Transfer the forest-wide operations master roles.




Your network contains an Active Directory forest named contoso.com. The forest contains three domains. Alldomain controllers run Windows Server 2012 R2.

The forest has a two-way realm trust to a Kerberos realm named adatum.com.

You discover that users in adatum.com can only access resources in the root domain of contoso.com.

You need to ensure that the adatum.com users can access the resources in all of the domains in the forest.

What should you do in the forest?

A. Delete the realm trust and create a forest trust.B. Delete the realm trust and create three external trusts.C. Modify the incoming realm trust.D. Modify the outgoing realm trust.





Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in afailover cluster named Cluster1. Cluster1 contains a Clustered Shared Volume (CSV).

A developer creates an Application named App1. App1 is NOT a cluster-aware Application.App1 stores data in the file system.

You need to ensure that App1 runs in Cluster1. The solution must minimize development effort.

Which cmdlet should you run?

A. Add-ClusterGenericServiceRole

B. Add-ClusterServerRoleC. Add-ClusterGenericApplicationRoleD. Add-ClusterScaleOutFileServerRole




Your network contains an Active Directory domain named contoso.com. The domain contains two domaincontrollers named DC1 and DC2 that run Windows Server 2012 R2.

DC1 and DC2 fail to replicate Active Directory information.

You confirm that DC1 and DC2 have network connectivity.

The NTDS Settings of DC2 are configured as shown in the NTDS Settings exhibit. (Click tie Exhibit button.)

DNS is configured as shown in the DNS exhibit. (Click the Exhibit button.)


You need to ensure that DC1 and DC2 can replicate immediately.


A. From DC1, restart the Netlogon service.B. From DC2, run nltest.exe /sync.C. From DC1, run ipconfig /flushdns.D. From DO, run repadmin /syncall.E. From DC2, run ipconfig /registerdns.F. From DC2, restart the Netlogon service.

Correct Answer: DESection: (none)Explanation

Explanation/Reference:Explanation: The DC2 name/alias is not available in DNS. First we register the DC2 name from DC with theipcpnfig /registerdns. (E)

Then we synchronizes a specified domain controller DC1 (DC2 would also work) with all of its replicationpartners with repadmin /syncall. (D)



You start Server1 by using Windows PE.

You need to repair the Boot Configuration Data (BCD) store on Server1.


A. BootimB. BootsectC. BootrecD. Bootcfg






A developer creates an application named App1. App1 is NOT a cluster-aware application.App1 stores data in the file system.



A. Add-ClusterServerRoleB. Add-ClusterGenericServiceRoleC. Add ClusterScaleOutFileServerRoleD. Add ClusterGenericApplicationRole


Explanation/Reference:Explanation: * Add-ClusterGenericApplicationRoleConfigure high availability for an application that was not originally designed to run in a

failover cluster.* If you run an application as a Generic Application, the cluster software will start the application, thenperiodically query the operating system to see whether the application appears to be running. If so, it ispresumed to be online, and will not be restarted or failed over.


Your network contains three Application servers that run Windows Server 2012 R2. The Application servershave the Network Load Balancing (NLB) feature installed.

You create an NLB cluster that contains the three servers.

You plan to deploy an Application named App1 to the nodes in the cluster. App1 uses TCP port 8080 and TCPport 8081.

Clients will connect to App1 by using HTTP and HTTPS. When clients connect to App1 by using HTTPS,session state information will be retained locally by the cluster node that responds to the client request.

You need to configure a port rule for App1.

Which port rule should you use?

To answer, select the appropriate rule in the answer area.

A.B.

C.D.




Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Server1 and Server2 that run Windows Server 2012 R2. The servers have the Hyper-V server roleinstalled.

A certification authority (CA) is available on the network.

A virtual machine named vml.contoso.com is replicated from Server1 to Server2. A virtual machine namedvm2.contoso.com is replicated from Server2 to Server1.


You need to configure Hyper-V to encrypt the replication of the virtual machines.

Which common name should you use for the certificates on each server?

To answer, configure the appropriate common name for the certificate on each server in the answer area.

A.B.C.D.

Correct Answer:





Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in afailover cluster named Cluster1. Cluster1 contains a file server role named FS1 and a generic service rolenamed SVC1. Server1 is the preferred node for FS1. Server2 is the preferred node for SVC1.

You plan to run a disk maintenance tool on the physical disk used by FS1.

You need to ensure that running the disk maintenance tool does not cause a failover to occur.

What should you do before you run the tool?

A. Run cluster.exe and specify the pause parameter.B. Run cluster.exe and specify the offline parameter.C. Run Suspend-ClusterResourceD. Run Suspend-ClusterNode.


Explanation/Reference:Explanation: Bringing an individual node down for planned maintenance is a common administrative task, to forexample install a Service Pack or hardware upgrades.

On a Windows Server 2008 R2 Failover Cluster, this is a manual process where you place a cluster node inPAUSED state, and then move individual Roles (workloads) to the other nodes in the cluster.

In Windows Server 2012 R2 conducting planned maintenance on Failover Clusters is dramatically simplified, asthese steps are automated in the Node Drain (or Node Maintenance Mode) feature.

Node Drain

Using Node Drain you can automate moving the Roles (workloads) off of a cluster node. Think of Node Drain isto as an enhanced, workload aware Node Pause.

Steps automated by Node Drain:

1) The cluster node is put in a PAUSED state, which prevents other workloads hosted on other nodes frommoving to the node.

2) The Roles (workloads) currently owned by the cluster node, are sorted according to their Priority order.(Priority of Roles is another new Failover Clustering functionality in Windows Server 2012 R2.)

3) The Roles are then distributed to the other active nodes in the cluster in priority order. Node Drain works withall workloads running on the cluster. For virtual machines, it leverages live migrations and memory-awareintelligent placement.

4) When all the Roles are moved off of the cluster node, Node Drain operation is completed.

Reference: Draining Nodes for Planned Maintenance with Windows Server 2012 R2




A developer creates an Application named App1. App1 is NOT a cluster-aware Application.App1 stores data in the file system.



A. Add-ClusterGenericApplicationRoleB. Add-ClusterGenericServiceRoleC. Add ClusterServerRoleD. Add-ClusterScaleOutFileServerRole




Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 R2. Server1 is an enterprise root certification authority (CA) forcontoso.com.

Your user account is assigned the certificate manager role and the auditor role on the contoso.com CA. Youraccount is a member of the local Administrators group on Server1.

You enable CA role separation on Server1.

You need to ensure that you can manage the certificates on the CA.

What should you do?

A. Remove your user account from the local Administrators group.B. Assign the CA administrator role to your user account.C. Assign your user account the Bypass traverse checking user right.D. Remove your user account from the Manage auditing and security log user right.





An administrator installs the IP Address Management (IPAM) Server feature on a server named Server2. Theadministrator configures IPAM by using Group Policy based provisioning and starts server discovery.

You plan to create Group Policies for IPAM provisioning.

You need to identify which Group Policy object (GPO) name prefix must be used for IPAM Group Policies.


A. From Server Manager, review the IPAM overview.B. Run the ipamgc.exe tool.C. From Task Scheduler, review the IPAM tasks.D. Run the Get-IpamConfiguration cmdlet.




You are employed as a network administrator at consoto.com. Contoso.com has in an Active Directory domainnamed contoso.com. All Servers on the contoso.com network have Windows Server 2012 R2 installed.

A contoso.com server, named Server1, hosts the Active Directory Certificate Services Server role and utilizes ahardware security module (HSM) to safeguard its private key.

You have been instructed to backup the Active Directory Certificate Services (ADCS) database, log files, and

private key regularly. You should not use a utility supplied by the hardware security module (HSM) creator.

Which of the following actions should you take?

A. You should consider scheduling an incremental backupB. You Should consider making use of the certutil.exe command.C. You should consider schedulling a differential backupD. You should consider schedulling a copy backup


Explanation/Reference:Explanation:A. ADCS needs to be backup up using certutilB. -Backup, -backupdb, -backupKey: You can use Certutil.exe to dump and display certification authority (CA)configuration information, configure Certificate Services, backup and restore CA components, and verifycertificates, key pairs, and certificate chains.C. ADCS needs to be backup up using certutilD. ADCS needs to be backup up using certutilhttp://technet.microsoft.com/library/cc732443.aspx http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backup http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupDBhttp://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupKey http://blogs.technet.com/b/pki/archive/2010/04/20/disaster-recovery-procedures-for-theactive-directorycertificate-services-adcs.aspx



You are employed as a senior network administrator at contoso.com contoso.com has an active directorydomain named contoso.com. All servers on the contoso.com network have Windows Server 2012 R2 installed.

You are currently running at training exercise for junior network administrators. You are discussing theDNSSEC NRPT rule properly.

Which of the following describes the purpose of this rule property?

A. It is used to indicate the namespace to which the policy applies.B. It is used to indicate whether the DNS client should check for DNSSEC validation in the response.C. It is used to indicate DNSSEC must be used to protect DNS traffic for queries belonging to the namespace.D. It is used to indicate whether DNS connections over DNSSEC will use encryption


Explanation/Reference:Explanation:A. NRPT is a table that contains rules you can configure to specify DNS settings or special behavior for namesor namespacesB. The DNS client's behavior is controlled by a policy(GPO) that determines whether the client should check forvalidation results for names within a given namespace.C.D. DNS does not provide any mechanism for the encryption of DNS queries and responses.http://technet.microsoft.com/en-us/library/ee649241(v=ws.10).aspx http://technet.microsoft.com/en-us/library/ee683904(v=ws.10).aspx http://technet.microsoft.com/en-us/library/ee649205(v=ws.10).aspx



You are employed as a network administrator at contoso.com . Contoso.com has an active directory domainnamed contoso.com All servers on the contoso.com network have Windows Server 2012 R2 installed.

Contoso.com has a server named server1, which is configured as a file server.

You have been instructed to enabled a feature that discovers and eradicates duplication within data withoutcompromising its reliability or accuracy.

Which of the following actions should you take?

A. You should consider having the Data Deduplication feature enabled.B. You should consider having the Storage Spaces feature enabled.C. You should consider having the Storage Management feature enabled.D. You should consider having the folder redirection feature enabled.



A. Data deduplication involves finding and removing duplication within data without compromising its fidelity orintegrityB. Storage Spaces in Windows Server 2012 R2 and Windows 8 enables cost-effective, optimally used, highlyavailable, scalable, and flexible storage solutions for business-critical (virtual or physical) deployments.C. Windows Server 2012 R2 enables storage management that is comprehensive and fully scriptable, andadministrators can manage it remotely. D. older Redirection lets administrators redirect the path of a folder to anew location.

http://technet.microsoft.com/en-us/library/hh831602.aspx http://technet.microsoft.com/en-us/library/hh831739.aspx http://technet.microsoft.com/en-us/library/hh831751.aspx http://technet.microsoft.com/en-us/library/cc732275.aspx http://blogs.technet.com/b/filecab/archive/2012/05/21/introduction-to-data-deduplication-inwindows-server-2012.aspx



You are employed as a network administrator at contoso.com. contoso.com has a single Active Directorydomain named contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.

Contoso.com has two servers, named server1 and server2 which are configured in a two- node fail over cluster.

You are currently configuration the quorum settings for the cluster. You want to make use of a quorum modethat allows each node to vote if it is available and in communication.

Which of the following is the mode you should use?

A. Node MajorityB. Node and Disk MajorityC. Node and File Share MajorityD. No Majority:Disk Only



A. Allows each node to voteB. Allows each node and a disk witness to voteC. Allows each node and a File share witness to vote D. Allows one node with a specified disk to have quorumhttp://technet.microsoft.com/en-us/library/cc770620(v=ws.10).aspx


You are employed as a network administrator at contoso.com. Contoso.com has a single Active Directorydomain named contoso.com. All servers on the contoso.com network have Windows Server 2012 R2 installed.

You are preparing to install a third-party application on a contoso.com server, named SERVER1. You find thatthe application is unable to install completely due to its driver not being digitally signed.

You want to make sure that the application can be installed successfully.

Which of the following actions should you take_?

A. You should consider downloading a signed driverB. You should consider having SERVER1 is restored to an earlier dateC. You should consider making use of the Disable Driver Signature Enforcement option from the Advanced

Boot Option.D. You should consider restarting SERVER1 in safe Mode


Explanation/Reference:Explanation:A. The 3rd Party installation would need to be repackaged with a signed driver B. The restore to an older datewould only work if the earlier date had Driver Sig Enforcement disabled.C. Disable Driver Signature Enforcement from Advanced Boot Options allows the OS to load without the signeddriver requirementsD. Safe Mode will not allow the unsigned driver to be installed, you need to select Disable


Driver Signature Enforcement to not required signed drivers http://technet.microsoft.com/en-us/library/bb491036.aspx http://windows.microsoft.com/en-us/windows-vista/advanced-startup-options-including- safe-mode


You are employed as a senior network administrator at contoso.com.Contoso.com has a single Active DirectoryDomain named contoso.com. All servers on the contoso.com network have Windows Server 2012 R2 installed.

You are running a training exercise for junior network administrator. You are currently discussing theDnslint.exe tool.

Which of the following should this tool be used for? (Choose all that apply)

A. To help diagnose common DNS name resolution issuesB. For developing scripts for configuring a DNS serverC. To administer the DNS server Service.D. To look for specific DNS record set and sure that they are consistent across multiple DNS servers.E. To verify that DNS records used specifially for Active Directory replication are correctF. To Create and delete zones and resource records.

Correct Answer: ADESection: (none)Explanation

Explanation/Reference:Explanation:http://support.microsoft.com/kb/321045


You work as an administrator at contoso.com. Contoso.com network consists of a single domain namedcontoso.com. All servers on the contoso.com network have Windows Server 2012 R2 installed.

Contoso.com has a server, named SERVER1, which has the AD DS,DHCP and DNS server roles installed.

Guaranteed success with TestInsides practice guides 286 Microsoft 70-412 : Practice TestContoso.com also has a server named SERVER2, which has the DHCP and Remote Access Server Roleinstalled.

You have configured SERVER3, which has the File and Storage Services Server role installed to automaticallyacquire an IP address.

You then create a filter on SERVER1

Which of the following is a reason for this configuration?

A. To make sure that SERVER1 issues Server3 an IP address.B. To make sure that SERVER1 does not issue SERVER3 an IP addressC. To make sure that SERVER3 acquires a constant IP address from SERVER2 only.

D. To make sure that SERVER3 is configured with a static IP address


Explanation/Reference:Explanation:A. MAC Address Filtering allows the ability to Deny a MAC addresses to be issued a IP from the DHCP serverB. Deny Filter would not allow SERVER1 to issue SERVER3 an IP C. A DHCP Reservation on SERVER2would be needed for a constant IP D. states it is configure to automatically acquire IP

http://technet.microsoft.com/en-us/library/cc779507(v=ws.10).aspx http://technet.microsoft.com/en-us/library/ee941155(v=ws.10).aspx


You are employed as a senior network administrator at ABC.com. ABC.com has an Active Directory domainnamed ABC.com. All servers on the ABC.com network have Windows Server 2012 R2 installed. The ABC.comdomain has an Active Directory site configured in London, and an Active Directory site in New York.

You have been instructed to make sure that the synchronization of account lockout data happens quicker.

A. You should consider editing the options attribute from WANLINK propertiesB. You should consider editing the options attribute from LANLIK propertiesC. You should consider editing the options attribute from the DEFAULTSITE1INK propertiesD. You should consider editing the proxyAddressess attribute from the DEFAULTIPSITE1INK properties.


Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/cc961787.aspx


You are employed as a senior network administrator at ABC.com. ABC.com has an Active Directory domainnamed ABC.com. All servers on the ABC.com network have Windows Server 2012 R2 installed.

ABC.com has two servers, named SERVER1 and SERVER2 which are configured in a two-node failovercluster.

Server1 includes a folder, named ABCAppData, which is configured as a Distributed File System (DFS) namespace folder target.

After configuring another two nodes in the failover cluster, you are instructed to make sure that access toABCAppData is highly available. You also have to make sure that application data is replicated to ABCAppDatavia DFS replication.

Which following actions should you take?

A. You should consider configuring a scale-out File ServerB. You should consider configuring the replication settings for the clusterC. You should consider configuring a file server for general useD. You should consider configuring the Quorum settings


Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/hh831349.aspx




The domain contains a domain controller named DC1 that is configured as an enterprise root certificationauthority (CA). All users in the domain are issued a smart card and are required to log on to their domainjoinedclient computer by using their smart card. A user named User1 resigned and started to work for a competingcompany.



A. Active Directory Administrative CenterB. Active Directory Sites and ServicesC. Active Directory Users and ComputersD. the Certification Authority consoleE. the Certificates snap-inF. Certificate TemplatesG. Server Manager

H. the Security Configuration Wizard

Correct Answer: ACDSection: (none)Explanation

Explanation/Reference:Explanation:A. ADAC - Active Directory Administrative Center used to manage users/computers

Disable user1 from ADAC

Note:To disable or enable a user account using Active Directory Administrative Center To open Active DirectoryAdministrative Center, click Start , click Administrative Tools , and then click Active Directory AdministrativeCenter . To open Active Directory Users and Computers in Windows Server® 2012, click Start , type dsac.exe .In the navigation pane, select the node that contains the user account whose status you want to change.In the management list, right-click the user whose status you want to change. Depending on the status of theuser account, do one of the following:


C. ADUC The old Active Directory Users and Computers used to manage users/Computers is still present inWindows 2012.

D: You can use the Certification Authority console to configure CAs. This includes the following tasks:

(D) Scheduling certificate revocation list publication.Installing the CA certificate when necessary.Configuring exit module settings.Configuring policy module settings.Modifying security permissions and delegate control of CAs. Enabling optional Netscape-compatible Web-based revocation checking.

Topic 5, Volume E


You have a server named LON-DC1 that runs Windows Server 2012 R2. An iSCSI virtual disk namedVirtuahSCSIl.vhd exists on LON-DC1 as shown in the exhibit. (Click the Exhibit button.)


Guaranteed success with TestInsides practice guides 292 Microsoft 70-412 : Practice TestVirtuahSCSI1.vhd is removed from LON-DC1.


What should you do?

A. Run the Set-IscsiVirtualDisk cmdlet and specify the -DevicePath parameter.B. Run the iscsicpl command and specify the virtualdisklun parameter.C. Modify the properties of the itgt ISCSI target.D. Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter.


Explanation/Reference:Explanation: Set-VirtualDiskModifies the attributes of an existing virtual disk.Applies To: Windows Server 2012 R2-UniqueId<String>Specifies an ID used to uniquely identify a Disk object in the system. The ID persists through restarts.

Note: Logical unit numbers (LUNs) created on an iSCSI disk storage subsystem are not directly assigned to aserver. For iSCSI, LUNs are assigned to logical entities called targets.

Incorrect:

Not A: Set-IscsiVirtualDiskModifies the settings for the specified iSCSI virtual disk.-Path<String> (alias: DevicePath)Specifies the path of the virtual hard disk (VHD) file that is associated with the iSCSI virtual disk. Filter theiSCSI Virtual Disk object using this parameter.

Not B: iscsicpl.exe could is the Microsoft iSCSI Initiator Configuration Tool. Microsoft Internet iSCSI Initiatorenables you to connect a host computer that is running Windows 7 or Windows Server 2008 R2 to an externaliSCSI-based storage array through an Ethernet network adapter.


Your network contains an Active Directory domain named adatum.com. The domain contains a file servernamed FS1 that runs Windows Server 2012 R2 and has the File Server Resource Manager role serviceinstalled. All client computers run Windows 8.

File classification and Access-Denied Assistance are enabled on FS1.

You need to ensure that if users receive an Access Denied message, they can request assistance by emailfrom the Access Denied dialog box.


A. A file management taskB. A classification propertyC. The File Server Resource Manager OptionsD. A report task




Your network contains three servers named Server1, Server2, and Server3. All servers run Windows Server2012 R2.

You need to ensure that Server1 can provide iSCSI storage for Server2 and Server3.


A. Start the Microsoft iSCSI Initiator Service and configure the iSCSI Initiator Properties.B. Install the iSNS Server service feature and create a Discovery Domain.C. Install the Multipath I/O (MPIO) feature and configure the MPIO Properties.D. Install the iSCSI Target Server role service and configure iSCSI targets.




Your network contains two servers named Server1 and Server2 that run Windows Server

2008 R2. Server1 and Server2 are nodes in a failover cluster named Cluster1. The network contains twoservers named Server3 and Server4 that run Windows Server 2012 R2. Server3 and Server4 are nodes in afailover cluster named Cluster2.

You need to move all of the applications and the services from Cluster1 to Cluster2.

What should you do first from Failover Cluster Manager?

A. On a server in Cluster2, configure Cluster-Aware Updating.B. On a server in Cluster2, click Move Core Cluster Resources, and then click Best Possible Node.C. On a server in Cluster1, click Move Core Cluster Resources, and then click Best Possible Node.D. On a server in Cluster1, click Migrate Roles.


Explanation/Reference:Explanation: In a Windows Server 2012 R2 cluster, In FCM, right-click the Clustername, click on More Actions,Move Core Cluster Resources and select either Best Possible Node or select the node of your choice.


You have a server named LON-DC1 that runs Windows Server 2012 R2. An iSCSI virtual disk namedVirtualiSCSI1.vhd exists on LON-DC1 as shown in the exhibit. (Click the

Exhibit button.)


VirtualiSCSIl.vhd is removed from LON-DC1.


What should you do?

A. Modify the properties of the itgt ISCSI target.B. Modify the properties of the VirtualiSCSI2.vhd iSCSI virtual disk.C. Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter.D. Run the iscsicli command and specify the reportluns parameter.


Explanation/Reference:Explanation: Set-VirtualDiskModifies the attributes of an existing virtual disk.Applies To: Windows Server 2012 R2-UniqueId<String>Specifies an ID used to uniquely identify a Disk object in the system. The ID persists through restarts.

Note: Logical unit numbers (LUNs) created on an iSCSI disk storage subsystem are not directly assigned to aserver. For iSCSI, LUNs are assigned to logical entities called targets.



You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 contains a virtualmachine named VM1 that runs Windows Server 2012 R2.

You fail to start VM1 and you suspect that the boot files on VM1 are corrupt.

On Server1, you attach the virtual hard disk (VHD) of VM1 and you assign the VHD a drive letter of F.

You need to repair the corrupt boot files on VM1.


A. bootrec.exe /rebuildbcdB. bootrec.exe /scanosC. bcdboot.exe f:\windows /s c:D. bcdboot.exe c:\windows /s f:




Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 R2 and has the DNS Server server role installed.

Server1 has a zone named contoso.com. The zone is configured as shown in the exhibit.(Click the Exhibit button.)

You need to assign a user named User1 permission to add and delete records from the contoso.com zoneonly.


A. Enable the Advanced view from DNS Manager.B. Add User1 to the DnsUpdateProxy group.C. Run the New Delegation Wizard.D. Configure the zone to be Active Directory-integrated.




Guaranteed success with TestInsides practice guides 298 Microsoft 70-412 : Practice TestYour network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1and Server2 are nodes in a failover cluster named Cluster1. The network contains two servers named Server3and Server4 that run Windows Server 2012 R2. Server3 and Server4 are nodes in a failover cluster namedCluster2.

You need to move all of the applications and the services from Cluster1 to Cluster2.

What should you do first from Failover Cluster Manager?

A. On a server in Cluster1, click Move Core Cluster Resources, and then click Select Node.B. On a server in Cluster2, configure Cluster-Aware Updating.C. On a server in Cluster1, configure Cluster-Aware Updating.D. On a server in Cluster2, click Migrate Roles.E. On a server in Cluster2, click Move Core Cluster Resources, and then click Best Possible Node.


Explanation/Reference:Explanation: In a Windows Server 2012 R2 cluster, In FCM, right-click the Clustername, click on More Actions,Move Core Cluster Resources and select either Best Possible Node or select the node of your choice.


Your network contains two servers named HV1 and HV2. Both servers run Windows

Server 2012 R2 and have the Hyper-V server role installed.

HV1 hosts 25 virtual machines. The virtual machine configuration files and the virtual hard disks are stored inD:\VM.

You shut down all of the virtual machines on HV1.

You copy D:\VM to D:\VM on HV2.

You need to start all of the virtual machines on HV2. You want to achieve this goal by using the minimumamount of administrative effort.

What should you do?

A. Run the Import-VMInitialReplication cmdlet.

B. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and overwrite the existingfiles. On HV2, run the Import Virtual Machine wizard.

C. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and overwrite the existingfiles. On HV2, run the New Virtual Machine wizard.

D. Run the Import-VM cmdlet.




Your company recently deployed a new Active Directory forest named contoso.com. The first domain controllerin the forest runs Windows Server 2012 R2.

You need to identify the time-to-live (TTL) value for domain referrals to the NETLOGON and SYSVOL sharedfolders.


A. UltrasoundB. ReplmonC. DfsdiagD. Frsutil





Server1 has Microsoft SQL Server 2012 installed.

You install the Active Directory Federation Services server role on Server2.

You need to configure Server2 as the first Active Directory Federation Services (AD FS) server in the domain.The solution must ensure that the AD FS database is stored in a SQL Server database on Server1.


A. From the AD FS console, run the AD FS Federation Server Configuration Wizard and select the Stand-alone federation server option.

B. From Server Manager, install the Federation Service Proxy.C. From Windows PowerShell, run Install-ADFSFarm.D. From Server Manager, install the AD FS Web Agents.


Explanation/Reference:Explanation: The Install-AdfsFarm cmdlet creates the first node of a new federation server farm.


Your network contains two servers that run Windows Server 2012 R2 named Server1 and Server2. Bothservers have the File Server role service installed.

On Server2, you create a share named Backups.

From Windows Server Backup on Server1, you schedule a full backup to run every night.

You set the backup destination to \\Server2 \Backups.

After several weeks, you discover that \\Server2\Backups only contains the last backup that completed onServer1.

You need to ensure that multiple backups of Server1 are maintained.

What should you do?

A. Modify the Volume Shadow Copy Service (VSS) settings.B. Modify the properties of the Windows Store Service (WSService) service.C. Change the backup destination.D. Configure the permission of the Backups share.




Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 R2. Server1 has an enterprise root certification authority (CA) forcontoso.com.

You deploy another member server named Server2 that runs Windows Server 2012 R2 and has the WebServer (IIS) server role installed.

You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point for the CA.The solution must ensure that CRLs are published automatically to Server2.


A. Create an http:// CRL distribution point (CDP) entry.B. Configure a CA exit module.C. Create a file:// CRL distribution point (CDP) entryD. Configure an enrollment agent.

E. Configure a CA policy module.



Explanation: A: To specify CRL distribution points in issued certificates Open the Certification Authority snap-in.In the console tree, click the name of the CA.On the Action menu, click Properties , and then click the Extensions tab. Confirm that Select extension is set toCRL Distribution Point (CDP) . Do one or more of the following. (The list of CRL distribution points is in theSpecify locations from which users can obtain a certificate revocation list (CRL) box.)

/ To indicate that you want to use a URL as a CRL distribution point Click the CRL distribution point, select theInclude in the CDP extension of issued certificates check box, and then click OK .Click Yes to stop and restart Active Directory Certificate Services (AD CS).

E: You can specify CRL Distribution Points (CDPs) in CAPolicy.inf. Note that any CDP in CAPolicy.inf will takeprecedence for certificate verifiers over the CDP's specified in the CA policy module.

Note:CRLDistributionPoint

You can specify CRL Distribution Points (CDPs) for a root CA certificate in the CAPolicy.inf. This section doesnot configure the CDP for the CA itself. After the CA has been installed you can configure the CDP URLs thatthe CA will include in each certificate that it issues. The URLs specified in this section of the CAPolicy.inf file areincluded in the root CA certificate itself.Example:[CRLDistributionPoint]URL=http://pki.wingtiptoys.com/cdp/WingtipToysRootCA.crl


Your network contains an Active Directory domain named adatum.com. You create a new Group Policy object(GPO) named GPO1.

You need to verify that GPO1 was replicated to all of the domain controllers.


A. GpupdateB. GpresultC. Group Policy ManagementD. Active Directory Sites and Services




Your network contains three Active Directory forests. The forests are configured as shown in the following table.

A two-way forest trust exists between contoso.com and divisionl.contoso.com. A two-way forest trust also existsbetween contoso.com and division2.contoso.com.

You plan to create a one-way forest trust from divisionl.contoso.com to division2.contoso.com.

You need to ensure that any cross-forest authentication requests are sent to the domain controllers in theappropriate forest after the trust is created.

How should you configure the existing forest trust settings?

In the table below, identify which configuration must be performed in each forest. Make only one selection ineach column. Each correct selection is worth one point.

A.B.C.D.




Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012R2.

Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains anapplication named App1 that is accessed by using the URL http://app1.contoso.com.

You plan to perform maintenance on Server1.

You need to ensure that all new connections to App1 are directed to Server2. The solution must not disconnectthe existing connections to Server1.


A. The Set-NlbCluster cmdletB. The Set-NlbClusterNode cmdletC. The Stop-NlbCluster cmdletD. The Stop-NlbClusterNode cmdlet


Explanation/Reference:Explanation: The Stop-NlbClusterNode cmdlet stops a node in an NLB cluster. When you use the stop thenodes in the cluster, client connections that are already in progress are interrupted. To avoid interrupting activeconnections, consider using the -drain parameter, which allows the node to continue servicing activeconnections but disables all new traffic to that node.

-Drain <SwitchParameter>Drains existing traffic before stopping the cluster node. If this parameter is omitted, existing traffic will bedropped.



You have a failover cluster named Cluster1 that contains two nodes named Server1 and Server2. Both serversrun Windows Server 2012 R2 and have the Hyper-V server role installed.

You plan to create two virtual machines that will run an application named App1. App1 will store data on avirtual hard drive named App1data.vhdx. App1data.vhdx will be shared by both virtual machines.

The network contains the following shared folders:

An SMB file share named Share1 that is hosted on a Scale-Out File Server. An SMB file share named Share2that is hosted on a standalone file server. An NFS share named Share3 that is hosted on a standalone fileserver.

You need to ensure that both virtual machines can use App1data.vhdx simultaneously.

What should you do?

To answer, select the appropriate configurations in the answer area.

A.B.C.D.





Your network contains an Active directory forest named contoso.com. The forest contains two child domainsnamed east.contoso.com and west.contoso.com.

You install an Active Directory Rights Management Services (AD RMS) cluster in each child domain.

You discover that all of the users in the contoso.com forest are directed to the AD RMS cluster ineast.contoso.com.

You need to ensure that the users in west.contoso.com are directed to the AD RMS cluster inwest.contoso.com and that the users in east.contoso.com are directed to the AD RMS cluster ineast.contoso.com.

What should you do?

A. Modify the Service Connection Point (SCP).B. Configure the Group Policy object (GPO) settings of the users in the west.contoso.com domain.C. Configure the Group Policy object (GPO) settings of the users in the east.contoso.com domain.D. Modify the properties of the AD RMS cluster in west.contoso.com.





From Server Manager, you install the Active Directory Certificate Services server role on Server1.

A domain administrator named Admin1 logs on to Server1.

When Admin1 runs the Certification Authority console, Admin1 receive the following error message.


You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error messagedoes not appear.

What should you do?

A. Install the Active Directory Certificate Services (AD CS) tools.B. Run the regsvr32.exe command.C. Modify the PATH system variable.D. Configure the Active Directory Certificate Services server role from Server Manager.




Your network contains an Active Directory domain named contoso.com. The domain contains a member servernamed Server1 that has the Active Directory Federation Services server role installed. All servers run WindowsServer 2012.d

You complete the Active Directory Federation Services Configuration Wizard on Server1.

You need to ensure that client devices on the internal network can use Workplace Join.

Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choosetwo.)

A. Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.B. Edit the multi-factor authentication global authentication policy settings.C. Run Enable-AdfsDeviceRegistration.D. Run Set-AdfsProxyProperties HttpPort 80.E. Edit the primary authentication global authentication policy settings.

Correct Answer: CESection: (none)Explanation


Explanation: * To enable Device Registration Service On your federation server, open a Windows PowerShellcommand window and type:Enable-AdfsDeviceRegistrationRepeat this step on each federation farm node in your AD FS farm..Enable seamless second factor authenticationSeamless second factor authentication is an enhancement in AD FS that provides an added level of accessprotection to corporate resources and applications from external devices that are trying to access them. Whena personal device is Workplace Joined, it becomes a `known' device and administrators can use thisinformation to drive conditional access and gate access to resources.To enable seamless second factor authentication, persistent single sign-on (SSO) and conditional access forWorkplace Joined devicesIn the AD FS Management console, navigate to Authentication Policies. Select Edit Global PrimaryAuthentication. Select the check box next to Enable Device Authentication, and then click OK.



You need to ensure that third-party devices can use Workplace Join to access domain resources on theInternet.

Which four actions should you perform in sequence?

To answer, move the appropriate four actions from the list of actions to the answer area and arrange them inthe correct order.

A.B.C.D.







A. 2001:123:4567:890A::B. FE80:123:4567::C. FF00:123:4567:890A::D. FD00:123:4567::




Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Server1 and Server2. All servers run Windows Server 2012 R2.

You install the DHCP Server server role on both servers.

On Server1, you have the DHCP scope configured as shown in the exhibit. (Click the Exhibit button.)

You need to configure the scope to be load-balanced across Server1 and Server2.

What Windows PowerShell cmdlet should you run on Server1?

To answer, select the appropriate options in the answer area.


A.B.C.D.




Your network contains an Active Directory domain named contoso.com. The domain contains two DHCPservers named Server1 and Server2. Both servers have multiple IPv4 scopes.

Server1 and Server2 are used to assign IP addresses for the network IDs of 172.20.0.0/16 and 131.107.0.0/16.

You install the IP Address Management (IPAM) Server feature on a server named IPAM1 and configure IPAM1to manage Server1 and Server2.

Some users from the 172.20.0.0 network report that they occasionally receive an IP address conflict errormessage.

You need to identify whether any scopes in the 172.20.0.0 network ID conflict with one another.

What Windows PowerShell cmdlet should you run?


A.B.C.D.




Your network contains an Active Directory forest named contoso.com.

Users frequently access the website of an external partner company. The URL of the website is http://partners.adatum.com.

The partner company informs you that it will perform maintenance on its Web server and that the IP addressesof the Web server will change.

After the change is complete, the users on your internal network report that they fail to access the website.However, some users who work from home report that they can access the website.

You need to ensure that your DNS servers can resolve partners.adatum.com to the correct

IP address immediately.

What should you do?

A. Run dnscmd and specify the CacheLockingPercent parameter.B. Run Set-DnsServerGlobalQueryBlockList.C. Run ipconfig and specify the Renew parameter.D. Run Set-DnsServerCache.


Explanation/Reference:Explanation: * To configure cache locking using a command line Open an elevated command prompt.Type the following command, and then press ENTER:dnscmd /Config /CacheLockingPercent <percent>Restart the DNS Server service.* Parameter <percent>Optional.Specifies the cache locking percent, from 0 to 100 in decimal format. If no value is entered, the cachelocking percent is set to 0.


You have a server named Server1.

You install the IP Address Management (IPAM) Server feature on Server1.

You need to provide a user named User1 with the ability to set the access scope of all the DHCP servers thatare managed by IPAM. The solution must use the principle of least privilege.

Which user role should you assign to User1?

A. DNS Record Administrator RoleB. IPAM DHCP Reservations Administrator RoleC. IPAM Administrator RoleD. IPAM DHCP Administrator Role


Explanation/Reference:Explanation: When you install IPAM Server, the following local role-based IPAM security groups are created:IPAM UsersIPAM MSM AdministratorsIPAM ASM AdministratorsIPAM IP Audit AdministratorsIPAM Administrators

QUESTION 267

267 - (Topic 5)

You have a virtual machine named VM1 that runs on a host named Host1.

You configure VM1 to replicate to another host named Host2. Host2 is located in the same physical location asHost1.

You need to add an additional replica of VM1. The replica will be located in a different physical site.

What should you do?

A. From VM1 on Host2, click Extend Replication.B. On Host1, configure the Hyper-V settings.C. From VM1 on Host1, click Extend Replication.D. On Host2, configure the Hyper-V settings.





You need to ensure that you can use the NFS Share - Advanced option from the New Share Wizard in ServerManager.

Which two role services should you install?

To answer, select the appropriate two role services in the answer area.

A.B.C.D.



QUESTION 269269 - (Topic 5)Your network contains 20 iSCSI storage appliances that will provide storage for 50 Hyper-V hosts runningWindows Server 2012 R2.

You need to configure the storage for the Hyper-V hosts. The solution must minimize administrative effort.


A. Install the iSCSI Target Server role service and configure iSCSI targets.B. Install the iSNS Server service feature and create a Discovery Domain.C. Start the Microsoft iSCSI Initiator Service and configure the iSCSI Initiator Properties.D. Install the Multipath I/O (MPIO) feature and configure the MPIO Properties.




You have a server that runs Windows Server 2012 R2.

You create a new work folder named Share1.

You need to configure Share1 to meet the following requirements:

Ensure that all synchronized copies of Share1 are encrypted. Ensure that clients synchronize to Share1 every30 minutes. Ensure that Share1 inherits the NTFS permissions of the parent folder.

Which cmdlet should you use to achieve each requirement?

To answer, drag the appropriate cmdlets to the correct requirements. Each cmdlet may be used once, morethan once, or not at all. You may need to drag the split bar between panes or scroll to view content.

A.B.C.D.




You create a new virtual disk in a storage pool by using the New Virtual Disk Wizard. You discover that the newvirtual disk has a write-back cache of 1 GB.

You need to ensure that the virtual disk has a write-back cache of 5 GB.

What should you do?

A. Detach the virtual disk, and then run the Resize-VirtualDisk cmdlet.B. Detach the virtual disk, and then run the Set-VirtualDisk cmdlet.C. Delete the virtual disk, and then run the New-StorageSubSystemVirtualDisk cmdlet.D. Delete the virtual disk, and then run the New-VirtualDisk cmdlet.





You plan to install the Active Directory Federation Services server role on Server1 to allow for Workplace Join.

You run nslookup enterprise registration and you receive the following results:

You need to create a certificate request for Server1 to support the Active Directory Federation Services (ADFS) installation.

How should you configure the certificate request?

To answer, drag the appropriate names to the correct locations. Each name may be used once, more thanonce, or not at all. You may need to drag the split bar between panes or scroll to view content.

A.B.C.D.





Your network contains an Active Directory domain named contoso.com. The domain contains servers namedServer1 and Server2 that run Windows Server 2012 R2. Server1 has the Active Directory Federation Servicesserver role installed. Server2 is a file server.

Your company introduces a Bring Your Own Device (BYOD) policy.

You need to ensure that users can use a personal device to access domain resources by using Single Sign-On(SSO) while they are connected to the internal network.


A. Enable the Device Registration Service in Active Directory.B. Publish the Device Registration Service by using a Web Application Proxy.C. Configure Active Directory Federation Services (AD FS) for the Device Registration Service.D. Create and configure a sync share on Server2.E. Install the Work Folders role service on Server2.

Correct Answer: ACSection: (none)Explanation



You have two failover clusters named Cluster1 and Cluster2. All of the nodes in both of the clusters runWindows Server 2012 R2.

Cluster1 hosts two virtual machines named VM1 and VM2.

You plan to configure VM1 and VM2 as nodes in a new failover cluster named Cluster3.

You need to configure the witness disk for Cluster3 to be hosted on Cluster2.


To answer, move the appropriate three actions from the list of actions to the answer area and arrange them inthe correct order.

A.B.C.D.





Server1 and 5erver2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains anapplication named App1 that is accessed by using the URL http://app1.contoso.com.

You deploy a new server named Server3 that runs Windows Server 2012 R2. The contoso.com DNS zonecontains the records shown in the following table.

You need to add Server3 to the NLB cluster.

What command should you run?


A.B.C.D.




Your network contains an Active Directory domain named contoso.com. The domain contains four memberservers named Server1, Server2, Server3, and Server4. All servers run Windows Server 2012 R2.

Server1 and Server3 are located in a site named Site1. Server2 and Server4 are located in a site named Site2.The servers are configured as nodes in a failover cluster named Cluster1.

Dynamic quorum management is disabled.

Cluster1 is configured to use the Node Majority quorum configuration.

You need to ensure that users in Site2 can access Cluster1 if the network connection between the two sitesbecomes unavailable.

What should you run from Windows PowerShell?

To answer, drag the appropriate commands to the correct location. Each command may be used once, morethan once, or not at all. You may need to drag the split bar between panes or scroll to view content.

A.B.C.D.




Your network contains an Active Directory domain named contoso.com. All domain controllers run WindowsServer 2012 R2.

The network has the physical sites and TCP/IP subnets configured as shown in the following table.

You have a web application named App1 that is hosted on six separate Web servers. DNS has the host namesand IP addresses registered as shown in the following table.

You discover that when users connect to appl.contoso.com, they are connected frequently to a server that isnot on their local subnet.

You need to ensure that when the users connect to appl.contoso.com, they connect to a server on their localsubnet. The connections must be distributed across the servers that host appl.contoso.com on their subnet.

Which two settings should you configure?

To answer, select the appropriate two settings in the answer area.


A.B.C.D.




You have a server named Server1.


You need to provide a user named User1 with the ability to set the access scope of all the DHCP servers thatare managed by IPAM. The solution must use the principle of least privilege.

Which user role should you assign to User1?

A. IPAM Administrator RoleB. IPAM DHCP Administrator RoleC. IPAM ASM Administrator RoleD. DNS Record Administrator Role


Explanation/Reference:Explanation: IPAM ASM AdministratorsIPAM ASM Administrators is a local security group on an IPAM server that is created when you install the IPAMfeature. Members of this group have all the privileges of the IPAM Users security group, and can perform IPaddress space tasks in addition to IPAM common management tasks.Note: When you install IPAM Server, the following local role-based IPAM security groups are created:IPAM UsersIPAM MSM AdministratorsIPAM ASM AdministratorsIPAM IP Audit AdministratorsIPAM AdministratorsIncorrect:not A: Too much privileges.IPAM AdministratorsIPAM Administrators is a local security group on an IPAM server that is created when you install the IPAMfeature. Members of this group have privileges to view all IPAM data and perform all IPAM tasks.


Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2.

You install the DHCP Server server role on Server1 and Server2. You install the IP Address Management(IPAM) Server feature on Server1.

You notice that you cannot discover Server1 or Server2 in IPAM.

You need to ensure that you can use IPAM to discover the DHCP infrastructure.


A. On Server2, create an IPv4 scope.B. On Server1, run the Add-IpamServerInventory cmdlet.C. On Server2, run the Add-DhcpServerInDc cmdletD. On both Server1 and Server2, run the Add-DhcpServerv4Policy cmdlet.E. On Server1, uninstall the DHCP Server server role.

Correct Answer: BCSection: (none)Explanation

Explanation/Reference:Explanation:The Add-IpamServerInventory cmdlet adds a new infrastructure server to the IP Address Management (IPAM)server inventory. Use the fully qualified domain name (FQDN) of the server to add to the server inventory.The Add-DhcpServerInDC cmdlet adds the computer running the DHCP server service to the list of authorizedDynamic Host Configuration Protocol (DHCP) server services in the Active Directory (AD). A DHCP serverservice running on a domain joined computer needs to be authorized in AD so that it can start leasing IPaddresses on the network.

QUESTION 280

280 - (Topic 5)

Your network contains two Active Directory forests named contoso.com and corp.contoso.com.

User1 is a member of the DnsAdmins domain local group in contoso.com.

User1 attempts to create a conditional forwarder to corp.contoso.com but receive an error message shown inthe exhibit. (Click the Exhibit button.)

You need to configure bi-directional name resolution between the two forests.


A. Add User1 to the DnsUpdateProxy group.B. Configure the zone to be Active Directory-integrated.

C. Enable the Advanced view from DNS Manager.D. Run the New Delegation Wizard.




Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest containsone domain. Contoso.com has a two-way forest trust to adatum.com. Selective authentication is enabled on theforest trust.

Contoso contains 10 servers that have the File Server role service installed. Users successfully access sharedfolders on the file servers by using permissions granted to the Authenticated Users group.

You migrate the file servers to adatum.com.

Contoso users report that after the migration, they are unable to access shared folders on the file servers.

You need to ensure that the Contoso users can access the shared folders on the file servers.

What should you do?

A. Disable selective authentication on the existing forest trust.B. Disable SID filtering on the existing forest trust.C. Run netdom and specify the /quarantine attribute.D. Replace the existing forest trust with an external trust.




You have a server named FS1 that runs Windows Server 2012 R2.

You install the File and Storage Services server role on FS1.

From Windows Explorer, you view the properties of a shared folder named Share1 and you discover that theClassification tab is missing.

You need to ensure that you can assign classifications to Share1 from Windows Explorer manually.

What should you do?

A. From Folder Options, select Show hidden files, folders, and drives.B. From Folder Options, clear Use Sharing Wizard (Recommend).C. Install the File Server Resource Manager role service.

D. Install the Enhanced Storage feature.




Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1and Server2 are configured as shown in the following table.

You need to ensure that when new targets are added to Server1, the targets are registered on Server2automatically. What should you do on Server1?

A. Configure the Discovery settings of the iSCSI initiator.B. Configure the security settings of the iSCSI target.C. Run the Set-Wmilnstance cmdlet.D. Run the Set-IscsiServerTarget cmdlet.





Server1 contains a file share that must be accessed by only a limited number of users.

You need to ensure that if an unauthorized user attempts to access the file share, a custom

access-denied message appears, which contains a link to request access to the share. The message must notappear when the unauthorized user attempts to access other shares.

Which two nodes should you configure in File Server Resource Manager?

To answer, select the appropriate two nodes in the answer area.

A.B.C.D.





You are configuring a storage space on Server1.

You need to ensure that the storage space supports tiered storage.

Which settings should you configure?


A.B.C.D.




You have a server that runs Windows Server 2012 R2 and has the iSCSI Target Server role service installed.

Guaranteed success with TestInsides practice guides 337 Microsoft 70-412 : Practice TestYou run the New-IscsiVirtualDisk cmdlet as shown in the New-IscsiVirtualDisk exhibit.(Click the Exhibit button.)

To answer, complete each statement according to the information presented in the exhibits.Each correct selection is worth one point.

A.B.C.D.




Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the ActiveDirectory Certificate Services server role installed and is configured as a standalone certification authority (CA).

You install a second server named Server2. You install the Online Responder role service on Server2.

You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signingcertificate to Server2.

What should you run on Server1?

A. The certreq.exe command and specify the -policy parameterB. The certutil.exe command and specify the -getkey parameterC. The certutil.exe command and specify the -setreg parameterD. The certreq.exe command and specify the -retrieve parameter




Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest containsan Active Directory Rights Management Services (AD RMS) root

cluster. All servers run Windows Server 2012 R2.

You need to ensure that the rights account certificates issued in adatum.com are accepted by the AD RMS rootcluster in contoso.com.

What should you do in each forest?

To answer, drag the appropriate actions to the correct forests. Each action may be used once, more than once,or not at all. You may need to drag the split bar between panes or scroll to view content.

A.B.C.D.










A. Active Directory Users and ComputersB. Active Directory Sites and ServicesC. The Certificates snap-inD. Server Manager


Explanation/Reference:Explanation: Disabling or enabling a user accountTo open Active Directory Users and Computers, click Start , click Control Panel , double-click AdministrativeTools , and then double-click Active Directory Users and Computers .To open Active Directory Users and Computers in Windows Server 2012, click Start , type dsa.msc .In the console tree, click Users .In the details pane, right-click the user.Depending on the status of the account, do one of the following:To disable the account, click Disable Account .To enable the account, click Enable Account .


Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs a Server Core installation of Windows Server 2012 R2.

You need to deploy a certification authority (CA) to Server1. The CA must support the auto- enrollment ofcertificates.

Which two cmdlets should you run? (Each correct answer presents part of the solution.Choose two.)

A. Add-CAAuthoritylnformationAccessB. Install-AdcsCertificationAuthorityC. Add-WindowsFeatureD. Install-AdcsOnlineResponderE. Install-AdcsWebEnrollment

Correct Answer: BESection: (none)Explanation

Explanation/Reference:Explanation: * The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the AD CSCA role service.*The Install-AdcsWebEnrollment cmdlet performs initial installation and configuration of the CertificationAuthority Web Enrollment role service.


Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 R2. Server1 has the Active Directory Rights Management Servicesserver role installed.

The domain contains a domain local group named Group1.

You create a rights policy template named Template1. You assign Group1 the rights to Template1.

You need to ensure that all the members of Group1 can use Template1.

What should you do?

A. Configure the email address attribute of Group1.B. Convert the scope of Group1 to global.C. Convert the scope of Group1 to universal.D. Configure the email address attribute of all the users who are members of Group1.





From Server Manager, you install the Active Directory Certificate Services server role on

Server1.

A domain administrator named Admin1 logs on to Server1.

When Admin1 runs the Certification Authority console, Admin1 receive the following error message.

You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error messagedoes not appear.

What should you do?

A. Run the Install-AdcsCertificationAuthority cmdlet.B. Install the Active Directory Certificate Services (AD CS) tools.C. Modify the PATH system variable.D. Add Admin1 to the Cert Publishers group.




Your network contains an Active Directory forest named contoso.com. The forest contains four domains. Allservers run Windows Server 2012 R2.

Each domain has a user named User1.

You have a file server named Server1 that is used to synchronize user folders by using the

Work Folders role service.

Server1 has a work folder named Sync1.

You need to ensure that each user has a separate folder in Sync1.

What should you do?

A. From Windows Explorer, modify the Sharing properties of Sync1.B. Run the Set-SyncServerSetting cmdlet.C. From File and Storage Services in Server Manager, modify the properties of Sync1.D. Run the Set-SyncShare cmdlet.




Your network contains an Active Directory domain named contoso.com. The relevant servers in the domain areconfigured as shown in the following table.

You plan to create a shared folder on Server1 named Share1. Share1 must only be accessed by users who areusing computers that are joined to the domain.

You need to identify which servers must be upgraded to support the requirements of Share1.

In the table below, identify which computers require an upgrade and which computers do not require anupgrade. Make only one selection in each row. Each correct selection is worth one point.

A.B.C.D.



QUESTION 295

295 - (Topic 5)

You have five servers that run Windows Server 2012 R2. The servers have the Failover Clustering featureinstalled. You deploy a new cluster named Cluster1. Cluster1 is configured as shown in the following table.



You need to ensure that if the WAN link between Site1 and Site2 fails while you are performing maintenance onServers, the cluster resource will remain available in Site1.

What should you do?

A. Add a file share witness in Site1.B. Enable DrainOnShutdown on Cluster1.C. Remove the node vote for Server4 and Servers.D. Remove the node vote for Server3.




Your network contains an Active Directory domain named contoso.com. The domain contains a DNS servernamed Server1. Server1 is configured to resolve single-label names for DNS clients.

You need to view the number of queries for single-label names that are resolved by Server1.



A.B.C.D.




Your network contains an Active Directory domain named contoso.com. The domain contains a member servernamed Server1. Server1 has the IP Address Management (IPAM) Server feature installed.

A technician performs maintenance on Server1.

After the maintenance is complete, you discover that you cannot connect to the IPAM server on Server1.

You open the Services console as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that you can connect to the IPAM server.

Which service should you start?

A. Windows Process Activation ServiceB. windows Event CollectorC. Windows Internal Database

Guaranteed success with TestInsides practice guides 348 Microsoft 70-412 : Practice TestD. Windows Store Service (WSService)





You have a Dynamic Access Control policy named Policy1.

You create a new Central Access Rule named Rule1.

You need to add Rule1 to Policy1.



A.B.C.D.




Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC1 and a server named Server1. Both servers run Windows Server 2012 R2.

You configure the classification of a share on Server1 as shown in the Share1 Properties exhibit. (Click theExhibit button.)

You configure the resource properties in Active Directory as shown in the Resource Properties exhibit. (Clickthe Exhibit button.)


You need to ensure that the Impact classification can be assigned to Share1 immediately.

Which cmdlet should you run on each server?

To answer, select the appropriate cmdlet for each server in the answer area.


A.B.C.D.





Your network contains an Active Directory forest named contoso.com. The forest contains two domains namedcontoso.com and childl.contoso.com. The domains contain three domain controllers. The domain controllersare configured as shown in the following table.

You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring settingis enforced in both domains.


A. Raise the domain functional level of contoso.com.B. Raise the domain functional level ofchildl.contoso.com.C. Raise the forest functional level of contoso.com.D. Upgrade DC11 to Windows Server 2012 R2.E. Upgrade DC1 to Windows Server 2012 R2.

Correct Answer: AESection: (none)

Explanation

Explanation/Reference:Explanation: The root domain in the forest must be at Windows Server 2012 level. First upgrade DC1 to thislevel, then raise the contoso.com domain functional level to Windows Server 2012.


Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. Server1 has anIPv6 scope named Scope1.


You need to provide high availability for Scope1. The solution must minimize administrative effort.

What should you do?

A. Install and configure Network Load Balancing (NLB) on Server1 and Server2.B. Create a scope on Server2.C. Configure DHCP failover on Server1.D. Install and configure Failover Clustering on Server1 and Server2.




Your company has two offices. The offices are located in Seattle and Montreal.

The network contains an Active Directory domain named contoso.com. The domain contains two DHCPservers named Server1 and Server2. Server1 is located in the Seattle office. Server2 is located in the Montrealoffice. All servers run Windows Server 2012 R2.

You need to create a DHCP scope for video conferencing in the Montreal office. The scope must be configuredas shown in the following table.

Which Windows PowerShell cmdlet should you run?

A. Add-DchpServerv4SuperScopeB. Add-DchpServerv4MulticastScopeC. Add-DHCPServerv4PolicyD. Add-DchpServerv4Scope






Scope1, Scope2, and Scope3 are configured to assign the IP addresses of two DNS servers to DHCP clients.The remaining scopes are NOT configured to assign IP addresses of DNS servers to DHCP clients.

You need to ensure that only Scope1, Scope3, and Scopes assign the IP addresses of the DNS servers to theDHCP clients. The solution must minimize administrative effort.

What should you do?


A. Create a superscope and a filter.B. Create a superscope and scope-level policies.C. Configure the Server Options.D. Configure the Scope Options.




You have an Active Directory Rights Management Services (AD RMS) cluster.

You need to prevent users from encrypting new content. The solution must ensure that the users can continueto decrypt content that was encrypted already.


A. From the Active Directory Rights Management Services console, enable decommissioning.B. From the Active Directory Rights Management Services console, create a user exclusion policy.C. Modify the NTFS permissions of %systemdrive%\inetpub\wwwroot\_wmcs\licensing.D. Modify the NTFS permissions of

%systemdrive%\inetpub\wwwroot\_wmcs\decommission.E. From the Active Directory Rights Management Services console, modify the rights policy templates.

Correct Answer: BESection: (none)Explanation



Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012.

Server1 is the enterprise root certification authority (CA) for contoso.com.

You need to enable CA role separation on Server1.


A. The Certutil commandB. The Authorization Manager consoleC. The Certsrv commandD. The Certificates snap-in




Your network contains an Active Directory domain named contoso.com. The domain contains two servers

named Server1 and Server3. The network contains a standalone server named Server2.

All servers run Windows Server 2012 R2. The servers are configured as shown in the following table.

Server3 hosts an application named Appl. App1 is accessible internally by using the URL https://appl.contoso.com. App1 only supports Integrated Windows authentication.

You need to ensure that all users from the Internet are pre-authenticated before they can access Appl.

What should you do?

To answer, drag the appropriate servers to the correct actions. Each server may be used once, more thanonce, or not at all. You may need to drag the split bar between panes or scroll to view content.

A.B.C.D.




You have five servers that run Windows Server 2012 R2. The servers have the Failover Clustering featureinstalled. You deploy a new cluster named Cluster1. Cluster1 is configured as shown in the following table.



You need to ensure that if the WAN link between Site1 and Site2 fails while you are performing maintenance onServer3, the cluster resource will remain available in Site1.

What should you do?

A. Add a file share witness in Site1.B. Enable DrainOnShutdown on Cluster1.C. Remove the node vote for Server4 and Servers.D. Remove the node vote for Server3.





Server1 has access to disks that connect to a RAID controller, iSCSI disks, and disks connected to a SCSI

controller.

You plan to use a tiered storage space on Server1.

You need to identify which storage controller and volume type you must use for the tiered storage space.

Which storage components should you use?


A.B.C.D.




Your network contains an Active Directory domain named adatum.com. The domain contains three servers.The servers are configured as shown in the following table.

Server1 is configured as shown in the exhibit. (Click the Exhibit button.)

Template1 contains custom cryptography settings that are required by the corporate security team.

On Server2, an administrator successfully installs a certificate based on Template1.

The administrator reports that Template1 is not listed in the Certificate Enrollment wizard on Server3, even afterselecting the Show all templates check box.

You need to ensure that you can install a server authentication certificate on Server3. The certificate mustcomply with the cryptography requirements.


To answer, move the appropriate three actions from the list of actions to the answer area and arrange them inthe correct order.


A.B.C.D.





You deploy a server named Server1 that runs Windows Server 2012 R2.

A local administrator installs the Active Directory Rights Management Services server role on Server1.

You need to ensure that AD RMS clients can discover the AD RMS cluster automatically.

What should you do?

A. Run the Active Directory Rights Management Services console by using an account that is a member of theSchema Admins group, and then configure the proxy settings.

B. Run the Active Directory Rights Management Services console by using an account that is a member of theSchema Admins group, and then register the Service Connection Point (SCP).

C. Run the Active Directory Rights Management Services console by using an account that is a member of theEnterprise Admins group, and then register the Service Connection Point (SCP).

D. Run the Active Directory Rights Management Services console by using an account that is a member of theEnterprise Admins group, and then configure the proxy settings.

Correct Answer: CSection: (none)

Explanation



Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server roleinstalled and is configured to support key archival and recovery.

You create a new Active Directory group named Group1.

You need to ensure that the members of Group1 can request a Key Recovery Agent certificate. The solutionmust minimize the permissions assigned to Group1.

Which two permissions should you assign to Group1? (Each correct answer presents part of the solution.Choose two.)

A. ReadB. Auto enrollC. WriteD. EnrollE. Full control


Explanation/Reference:Explanation: * In Template, type a new template display name, and then modify any other

optional properties as needed.On the Security tab, click Add, type the name of the users you want to issue the key recovery agent certificatesto, and then click OK. Under Group or user names, select the user names that you just added. UnderPermissions, select the Read and Enroll check boxes, and then click OK.


Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC1 and a member server named Server1. All servers run Windows Server 2012 R2.


From the Provision IPAM wizard, you select the Group Policy Based provisioning method and enter a GPOname prefix of IPAM1.

You need to provision IPAM by using Group Policy.

What command should you run on Server1 to complete the process?


A.B.C.D.




You have a server named DNS1 that runs Windows Server 2012 R2.

You discover that the DNS resolution is slow when users try to access the company intranet home page byusing the URL http://companyhome.

You need to provide single-label name resolution for CompanyHome that is not dependent on the suffix searchorder.

Which three cmdlets should you run? (Each correct answer presents part of the solution.Choose three.)

A. Add-DnsServerPrimaryZoneB. Add-DnsServerResourceRecordCNameC. Set-DnsServerDsSettingD. Set-DnsServerGlobalNameZone

E. Set-DnsServerEDnsF. Add-DnsServerDirectory Partition

Correct Answer: ABDSection: (none)Explanation

Explanation/Reference:Explanation: *The Add-DnsServerPrimaryZone cmdlet adds a specified primary zone on a Domain NameSystem (DNS) server.* The Add-DnsServerResourceRecordCName cmdlet adds a canonical name (CNAME) resource record to aspecified Domain Name System (DNS) zone. A CNAME record allows you to use more than one resourcerecord to refer to a single host *The Set-DnsServerGlobalNameZone cmdlet enables or disables single-labelDomain Name System (DNS) queries. It also changes configuration settings for a GlobalNames zone.The GlobalNames zone supports short, easy-to-use names instead of fully qualified domain names (FQDNs)without using Windows Internet Name Service (WINS) technology. For instance, DNS can querySarahJonesDesktop instead of

SarahJonesDesktop.contoso.com.


Your network contains three servers named HV1, HV2, and Server1 that run Windows Server 2012 R2. HV1and HV2 have the Hyper-V server role installed. Server1 is a file server that contains 3 TB of free disk space.

HV1 hosts a virtual machine named VM1. The virtual machine configuration file for VM1 is stored in D:\VM andthe virtual hard disk file is stored in E:\VHD.

You plan to replace drive E with a larger volume.

You need to ensure that VM1 remains available from HV1 while drive E is being replaced. You want to achievethis goal by using the minimum amount of administrative effort.

What should you do?

A. Perform a live migration to HV2.B. Add HV1 and HV2 as nodes in a failover cluster. Perform a storage migration to HV2.C. Add HV1 and HV2 as nodes in a failover cluster. Perform a live migration to HV2.D. Perform a storage migration to Server1.





Server1 and 5erver2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains anapplication named App1 that is accessed by using the name appl.contoso.com.

The NLB cluster has the port rules configured as shown in the exhibit. (Click the Exhibit

button.)

To answer, complete each statement according to the information presented in the exhibit.Each correct selection is worth one point.


A.B.C.D.





You install the IP Address Management (IPAM) Server feature on a server named Server1 and select Manualas the provisioning method.

The IPAM database is located on a server named SQL1.

You need to configure IPAM to use Group Policy Based provisioning.

What command should you run first?


A.B.C.D.




Your network contains an Active Directory domain named contoso.com. The domain contains an IP AddressManagement (IPAM) server that uses a Windows Internal Database.

You install a Microsoft SQL Server 2012 instance on a new server.

You need to migrate the IPAM database to the SQL Server instance.


A. Disable-IpamCapabilityB. Set-IpamConfigurationC. Update-IpamServerD. Move-IpamDatabase




Your network contains an Active Directory domain named contoso.com. The domain contains a certificationauthority (CA).

You suspect that a certificate issued to a Web server is compromised.

You need to minimize the likelihood that users will trust the compromised certificate.


A. Stop the Certificate Propagation service.B. Modify the validity period of the Web Server certificate template.C. Run certutil and specify the -revoke parameter.D. Run certutil and specify the -deny parameter.E. Publish the certificate revocation list (CRL).

Correct Answer: CESection: (none)Explanation

Explanation/Reference:Explanation: First revoke the certificate, then publish the CRL.



Server1 is an enterprise root certification authority (CA) for contoso.com.

You need to ensure that the members of a group named Group1 can request code signing

certificates. The certificates must be issued automatically to the members.

Which two actions should you perform? (Each correct answer presents part of the solution.

Choose two.)

A. From Certificate Templates, modify the certificate template.B. From Certification Authority, add a certificate template to be issued.C. From Certificate Authority, modify the CA properties.D. From Certificate Templates, duplicate a certificate template.E. From Certificate Authority, stop and start the Active Directory Certificate Services (AD CS) service.

Correct Answer: ABSection: (none)Explanation

Explanation/Reference:Explanation: First modify the certificate template in Certificate Templates, then add it in Certification Authority.


Your network contains an Active Directory forest.

You implement Dynamic Access Control in the forest.

You have the claim types shown in the Claim Types exhibit. (Click the Exhibit button.)

The properties of a user named User1 are configured as shown in the User1 exhibit. (Click the Exhibit button.)


The output of Whoa mi /claims for a user named User2 is shown in the Whoa mi exhibit.(Click the Exhibit button.)


Select Yes if the statement can be shown to be true based on the available information; otherwise select No.Each correct selection is worth one point.

A.B.C.D.






You are creating a central access rule named TestFinance that will be used to grant members of theAuthenticated users group access to a folder stored on a Microsoft SharePoint Server 2013 server.

You need to ensure that the permissions are granted when the rule is published. What should you do?

A. Set the Permissions to Use the following permissions as proposed permissions.B. Set the Permissions to Use following permissions as current permissions.C. Add a Resource condition to the current permissions entry for the Authenticated Users principal.D. Add a User condition to the current permissions entry for the Authenticated Users principal.




Documents

Microsoft.Braindumps.70-412.v2014-04-02.by.ROBIN...2014/04/03 · Guaranteed success with TestInsides practice guides 3 Microsoft 70-412 : Practice Test B. An authentication key that