Q1. - (Topic 3)
A laptop with server 2012 R2 OS, you need to ensure that server 2012 R2 can use wireless network adapter.
What should you do first?
A. use server manager to install the Wireless Lan Service Role
B. use server manager to install the Wireless Network Role
C. use server manager to install the Wireless Lan Service Feature
D. use server manager to install the Wireless Network Feature
Answer: C
Q2. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed.
You have been instructed to add a new domain controller to Contoso.com’s existing environment.
Which of the following actions should you take?
A. You should consider making use of Server Manager.
B. You should consider making use of Authorization Manager.
C. You should consider making use of Remote Desktop Gateway Manager.
D. You should consider making use of Network Load Balancing Manager.
Answer: A
Q3. - (Topic 3)
Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2012 R2.
An application named Appl.exe is installed on all client computers. Multiple versions of Appl.exe are installed on different client computers. Appl.exe is digitally signed.
You need to ensure that only the latest version of Appl.exe can run on the client computers.
What should you create?
A. An application control policy packaged app rule
B. A software restriction policy certificate rule
C. An application control policy Windows Installer rule
D. An application control policy executable rule
Answer: D
Explanation:
A. A publisher rule for a Packaged app is based on publisher, name and version B. You can create a certificate rule that identifies software and then allows or does not allow the software torun, depending on the security level.
C. For .msi or .msp
D. Executable Rules, for .exe and can be based on Publisher, Product name, filename and version. Use Certificate Rules on Windows Executables for Software Restriction Policies This security setting determines if digital certificates are processed when a user or process attempts to run software with an .exe file name extension. This security settings is used to enable or disable certificate rules, a type of software restriction policies rule. With software restriction policies, you can create a certificate rule that will allow or disallow software that is signed by Authenticode to run, based on the digital certificate that is associated with the software. In order for certificate rules to take effect, you must enable this security setting. When certificate rules are enabled, software restriction policies will check a certificate revocation list (CRL) to make sure the software’s certificate and signature are valid. This may decrease performance when start signed programs. You can disable this feature. On Trusted Publishers Properties, clear the Publisher and Timestampcheck boxes.
Q4. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed.
Contoso.com has a server, named ENSUREPASS-SR15, which is configured as a file server.
You have received instructions to make sure that a user, named Mia Hamm, has the ability to generate a complete backup of ENSUREPASS-SR15 via Windows Server Backup.
Which of the following actions should you take?
A. You should consider making use of Computer Management to configure the local groups.
B. You should consider making use of Computer Management to configure the domain local groups.
C. You should consider making use of Computer Management to configure the global groups.
D. You should consider making use of Computer Management to configure the administrator groups.
Answer: D
Explanation:
To perform backups or recoveries by using Windows Server Backup, you must be a
member of the Administrators or Backup Operators groups.
You can only use Backup locally; you cannot backup a remote computer.
You can only back up and restore System State data on a local computer. You cannot back
up and restore System State data on a remote computer even if you are an administrator
on the remote computer.
Q5. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed.Server2 is a file server.
Your company introduces a Bring Your Own Device (BYOD) policy.
You need to ensure that users can use a personal device to access domain resources by using Single Sign-On (SSO) while they are connected to the internal network.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Enable the Device Registration Service in Active Directory.
B. Publish the Device Registration Service by using a Web Application Proxy.
C. Configure Active Directory Federation Services (AD FS) for the Device Registration Service.
D. Install the Work Folders role service on Server2.
E. Create and configure a sync share on Server2.
Answer: A,C
Explanation:
*Prepare your Active Directory forest to support devices. This is a one-time operation that you must run to prepare your Active Directory forest to support devices. To prepare the Active Directory forest On your federation server, open a Windows PowerShell command window and type: Initialize-ADDeviceRegistration *Enable Device Registration Service on a federation server farm node. To enable Device Registration Service:
1. On your federation server, open a Windows PowerShell command window and type: Enable-AdfsDeviceRegistration.
2. Repeat this step on each federation farm node in your AD FS farm.
Q6. HOTSPOT - (Topic 2)
The settings for a virtual machine named VM2 are configured as shown in the VM2 exhibit. (Click the Exhibit button.)
The settings for Disk1.vhdx are configured as shown in the Disk1.vhdx exhibit. (Click the Exhibit button.)
The settings for Disk2.vhdx are configured as shown in the Disk2.vhdx exhibit. (Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise select No. Each correct selection is worth one point.
Answer:
Q7. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains hundreds of groups, many of which are nested in other groups.
The domain contains a user account named user1.User1 is a direct member of 15 groups.
You need to identify of which Active Directory groups User1 is a member, including the nested groups. The solution must minimize administrative effort.
Which tool should you use?
A. Active Directory Users and Computers
B. ADSI Edit
C. Get-ADUser
D. Dsget
Answer: D
Explanation: http://technet.microsoft.com/en-us/library/cc732535.aspx
Q8. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1. Server1 runs Windows Server 2012 R2.
On Server1, you create a printer named Printer1. You share Printer1 and publish Printer1 in Active Directory.
You need to provide a group named Group1 with the ability to manage Printer1.
What should you do?
A. From Print Management, configure the Sharing settings of Printer1.
B. From Active Directory Users and Computers, configure the Security settings of Server1-Printer1.
C. From Print Management, configure the Security settings of Printer1.
D. From Print Management, configure the Advanced settings of Printer1.
Answer: C
Explanation:
If you navigate to the Security tab of the Print Server Properties you will find the Permissions that you can set to Allow which will provide Group1 with the ability to manage Printer1.
Set permissions for print servers
Open Print Management.
In the left pane, click Print Servers, right-click the applicable print server and then
click Properties.
On the Security tab, under Group or users names, click a user or group for which
you want to set permissions.
Under Permissions for <user or group name>, select the Allow or Deny check
boxes for the permissions listed as needeD.
To edit Special permissions, click Advanced.
On the Permissions tab, click a user group, and then click Edit.
In the Permission Entry dialog box, select the Allow or Deny check boxes for the
permissions that you want to edit.
Q9. - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2.
You need to remove Windows Explorer, Windows Internet Explorer, and all related components and files from Server1.
What should you run on Server1?
A. Uninstall-WindowsFeature Server-Gui-Mgmt-Infra Remove
B. Uninstall-WindowsFeature Server-Gui-Shell Remove
C. msiexec.exe /uninstall iexplore.exe /x
D. msiexec.exe /uninstall explorer.exe /x
Answer: B
Explanation:
A. Would be a server core install
B. No IE or taskbar, explorer or control panel
C. Would leave components
D. Would leave components In Windows Server 2012 R2, you can remove the Server Graphical Shell, resulting in the “Minimal ServerInterface”. This is similar to a Server with a GUI installation, but Internet Explorer 10, Windows Explorer, the desktop, and the Start screen are not installed. Microsoft Management Console (MMC), Server Manager, and a subset of Control Panel are still present. If the server has a full installation of Windows Server, and I need to bring the server down to minimal server interface, I only need to remove the Server-GUI-Shell.
Q10. - (Topic 1)
Your network contains an Active Directory domain named adatum.com.
You discover that when users join computers to the domain, the computer accounts are created in the Computers container.
You need to ensure that when users join computers to the domain, the computer accounts are automatically created in an organizational unit (OU) named All_Computers.
What should you do?
A. From a command prompt, run the redircmp.exe command.
B. From ADSI Edit, configure the properties of the OU1 object.
C. From Ldp, configure the properties of the Computers container.
D. From Windows PowerShell, run the Move-ADObject cmdlet.
Answer: A
Explanation:
This command redirects the default container for newly created computers to a specified, target organizational unit (OU) so that newly created computer objects are created in the specific target OU instead of in All_Computers.
: http://technet.microsoft.com/en-us/library/cc770619.aspx