Q1. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
A user named User1 attempts to log on to DC1, but receives the error message shown in the exhibit. (Click the Exhibit button.)
You need to ensure that User1 can log on to DC1. What should you do?
A. Add User1 to the Remote Management Users group.
B. Grant User1 the Allow log on locally user right.
C. Modify the Logon Workstations setting of the User1 account.
D. Modify the Account is sensitive and cannot be delegated setting of the User1 account.
Answer: B
Explanation:
Domain controllers, by default, restrict the types of user accounts that have the ability to log on locally.
References: Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2, Chapter 6: Create and Manage Group Policy, Objective 6.2: Configure Security Policies, p. 321 Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2, Chapter 2: Configure server roles and features, Objective 2.3: Configure servers for remote management, p. 114
http://technet.microsoft.com/en-us/library/ee957044(v=ws.10).aspx
Q2. - (Topic 2)
Your network contains a production Active Directory forest named contoso.com and a test Active Directory forest named contoso.test. A trust relationship does not exist between the forests.
In the contoso.test domain, you create a backup of a Group Policy object (GPO) named GPO1.
You transfer the backup of GPO1 to a domain controller in the contoso.com domain.
You need to create a GPO in contoso.com based on the settings of GPO1.You must achieve this goal by using the minimum amount of Administrative effort.
What should you do?
A. From Windows PowerShell, run the Get- GPO cmdlet and the Copy- GPO cmdlet.
B. From Windows PowerShell, run the New- GPO cmdlet and the Import- GPO cmdlet.
C. From Group Policy Management, create a new starter GPO. Right-click the new starter GPO, and then click Restore from Backup.
D. From Group Policy Management, right-click the Croup Policy Objects container, and then click Manage Backups.
Answer: B
Explanation:
A. Copy-GPO requires domain trust / copy from one domain to another domain within the same forest.
B. The Import-GPO cmdlet imports the settings from a GPO backup into a specified target GPO. The target GPO can be in a different domain or forest than that from which the backup was made and it does not have to exist prior to the operation.
C. This would create a starter GPO, not a GPO.
D: You can also restore GPOs. This operation takes a backed-up GPO and restores it to the same domain from rom the GPO’s original which it was backed up. You cannot restore a GPO from backup into a domain different f domain. The New-GPO cmdlet creates a new GPO with a specified name. By default, the newly created GPO is not linked to a site, domain, or organizational unit (OU). The Import-GPO cmdlet imports the settings from a GPO backup into a specified target GPO. The target GPO can be in a different domain or forest than that from which the backup was made and it does not have to exist prior to the operation. The Restore-GPO cmdlet restores a GPO backup to the original domain from which it was saved. If the original domain is not available, or if the GPO no longer exists in the domain, the cmdlet fails.
Since the GPO’s original domain is different and there is no trust relationship between forests, you should execute the New-GPO command and import the already existing command into the ‘new’ domain.
Q3. - (Topic 2)
You have a server named Server2 that runs Windows Server 2012 R2.
A network technician installs a new disk on Server2 and creates a new volume.
The properties of the new volume are shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can enable NTFS disk quotas for volume D.
What should you do first?
A. Format volume D
B. Install the File Server Resource Manager role service
C. Run the convert.exe command
D. Convert the disk to a dynamic disk
Answer: A
Explanation:
To be able to use a NEW disk so that you can enable NTFS disk quotas, in other word REFS to NTFS, it requires formatting first.
Q4. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 installed.
You have received instructions to install the Remote Desktop Services server role on a server, named ENSUREPASS-SR07. You want to achieve this remotely from a server, named ENSUREPASS-SR06.
Which of the following actions should you take?
A. You should consider accessing the Server Manager console on ENSUREPASS-SR07.
B. You should consider accessing the Server Manager console on ENSUREPASS-SR06.
C. You should consider accessing the TS Manager console on ENSUREPASS-SR07
D. You should consider accessing the TS Manager console on ENSUREPASS-SR06.
Answer: B
Q5. DRAG DROP - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2 and is configured as the only domain controller.
You need to retrieve a list of all the user accounts. The list must include the last time each user was authenticated successfully.
Which Windows PowerShell command should you run?
To answer, drag the appropriate cmdlet or property to the correct locations to complete the PowerShell command in the answer area. Each cmdlet or property may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q6. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. All user accounts are in an organizational unit (OU) named Employees.
You create a Group Policy object (GPO) named GP1. You link GP1 to the Employees OU.
You need to ensure that GP1 does not apply to the members of a group named Managers.
What should you configure?
A. The Security settings of Employees
B. The WMI filter for GP1
C. The Block Inheritance option for Employees
D. The Security settings of GP1
Answer: D
Explanation:
A. Wrong Group
B. Windows Management Instrumentation (WMI) filters allow you to dynamically determine
the scope of Group Policy objects (GPOs) based on attributes of the target computer.
C. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher
sites, domains, or organizational units from being automatically inherited by the child-level.
D. Set Managers to – Members of this security group are exempt from this Group Policy
object.
Security settings.
You use the Security Settings extension to set security options for computers and users
within the scope of a Group Policy object. You can define local computer, domain, and network security settings. Figure below shows an example of the security settings that allow everyone to be affected by this GPO except the members of the Management group, who were explicitly denied permission to the GPO by setting the Apply Group Policy ACE to Deny. Note that if a member of the Management group were also a member of a group that had an explicit Allow setting for the Apply Group Policy ACE, the Deny would take precedence and the GPO would not affect the user.
Q7. - (Topic 1)
Your network contains an Active Directory forest named contoso.com.
The forest contains two domains named contoso.com and child.contoso.com and two sites named Site1 and Site2. The domains and the sites are configured as shown in following table.
When the link between Site1 and Site2 fails, users fail to log on to Site2.
You need to identify what prevents the users in Site2 from logging on to the child.contoso.com domain.
What should you identify?
A. The placement of the global catalog server
B. The placement of the infrastructure master
C. The placement of the domain naming master
D. The placement of the PDC emulator
Answer: D
Explanation:
The exhibit shows that Site2 does not have a PDC emulator. This is important because of the close interaction between the RID operations master role and the PDC emulator role. The PDC emulator processes password changes from earlier-version clients and other domain controllers on a best-effort basis; handles password authentication requests involving passwords that have recently changed and not yet been replicated throughout the domain; and, by default, synchronizes time. If this domain controller cannot connect to the PDC emulator, this domain controller cannot process authentication requests, it may not be able to synchronize time, and password updates cannot be replicated to it. The PDC emulator master processes password changes from client computers and replicates these updates to all domain controllers throughout the domain. At any time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.
Q8. HOTSPOT - (Topic 1)
You have a server named Server1 that runs Windows Server 2012 R2.
You need to switch Server1 to a Server Core installation of Windows Server 2012 R2.
What command should you run?
To answer, select the appropriate options in the answer area.
Answer:
Q9. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1. Server1 runs Windows Server 2012 R2.
An administrator creates a security template named Template1.
You need to apply Template1 to Server1.
Which snap-in should you use?
A. Resultant Set of Policy
B. Security Configuration and Analysis
C. Authorization Manager
D. Security Templates
Answer: B
Explanation:
The Security Configuration and Analysis tool contains the Local Security Policy snap-in that is used to apply templates.
References:
http://technet.microsoft.com/en-us/library/bb742512.aspx http://technet.microsoft.com/en-us/library/cc739442%28v=WS.10%29.aspx
Q10. - (Topic 2)
You have a server named Server1 that runs Windows Server 2012 R2.Server1 has the Hyper-V server role installed.
The disks on Server1 are configured as shown in the exhibit. (Click the Exhibit button.)
You create a virtual machine on Server1.
You need to ensure that you can configure a pass-through disk for the virtual machine.
What should you do?
A. Convert Disk 1 to a GPT disk.
B. Delete partition E.
C. Convert Disk 1 to a dynamic disk.
D. Take Disk 1 offline.
Answer: D
Explanation:
References: Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2: Objective 3.2: Create and Configure virtual machine storage, Chapter 3: p. 159 Exam Ref 70-410: Installing and Configuring Server 2012: Objective 1.3: Installing and Configuring servers, Chapter 1: p. 42-43 http://blogs.technet.com/b/askcore/archive/2008/10/24/configuring-pass-through-disks-in-hyper-v.aspx