Q1. - (Topic 1)
You have a server named Server1. Server1 runs Windows Server 2012 R2.
Server1 has a thin provisioned disk named Disk1.
You need to expand Disk1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From File and Storage Services, extend Disk1.
B. From File and Storage Services, add a physical disk to the storage pool.
C. From Disk Management, extend the volume.
D. From Disk Management, delete the volume, create a new volume, and then format the volume.
E. From File and Storage Services, detach Disk1.
Answer: A,B
Explanation:
Step 1 (B): if required add physical disk capacity.
Step 2 (A): Dynamically extend the virtual disk (not volume).
The File and Storage Services role and the Storage Services role service are installed by
default, but without any additional role services. This basic functionality enables you to use
Server Manager or Windows PowerShell to manage the storage functionality of your
servers.
Windows Server 2012 Storage Space subsystem now virtualizes storage by abstracting
multiple physical disks into a logical construct with specified capacity.
The process is to group selected physical disks into a container, the so-called storage pool,
such that the total capacity collectively presented by those associated physical disks can
appear and become manageable as a single and seemingly continuous space.
Subsequently storage administrator creates a virtual disk based on a storage pool,
configure a storage layout which is essentially a RAID level, and expose the storage of the
virtual disk as a drive letter or a mapped folder in Windows Explorer.
The system administrator uses File and Storage Services in Server Manager or the Disk
Management tool tore scan the disk, bring the disk online, and extend the disk size.
Q2. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed.
You have created and linked a new Group Policy object (GPO) to an organizational unit (OU), named ENSUREPASSServ, which host the computer accounts for servers in the Contoso.com domain.
You have been tasked with adding a group to a local group on all servers in the Contoso.com domain. This group should not, however, be removed from the local group.
Which of the following actions should you take?
A. You should consider adding a restricted group.
B. You should consider adding a global group.
C. You should consider adding a user group.
D. You should consider adding a server group.
Answer: A
Explanation:
Restricted groups in Group policies are a simple way of delegating permissions or group
membership centrally to any domain computer or server. Using restricted groups it is easier
to enforce the lowest possible permissions to any given account.
Computer Configuration\Windows Settings\Security Settings\Restricted Groups
Restricted groups allow an administrator to define two properties for security-sensitive
groups (that is, “restricted” groups). The two properties are Members and Member Of .
The Members list defines who should and should not belong to the restricted group.
The Member Of list specifies which other groups the restricted group should belong to.
When a restricted Group Policy is enforced, any current member of a restricted group that
is not on the Members list is removed.
Q3. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. The domain contains a virtual machine named VM1.
A developer wants to attach a debugger to VM1.
You need to ensure that the developer can connect to VM1 by using a named pipe.
Which virtual machine setting should you configure?
A. BIOS
B. Network Adapter
C. COM 1
D. Processor
Answer: C
Explanation:
Named pipe. This option connects the virtual serial port to a Windows named pipe on the host operating system or a computer on the network. A named pipe is a portion of memory that can be used by one process to pass information to another process, so that the output of one is the input of the other. The second process can be local (on the same computer as the first) or remote (on a networked computer). For example, a local named pipe path could be \\.\pipe\mypipename. Named pipes can be used to create a virtual null modem cable between two virtual machines, or between a virtual machine and a debugging program on the host operating system that supports the use of named pipes. By connecting two virtual serial ports to the same named pipe, you can create a virtual null modem cable connection. Named pipes are useful for debugging or for any program that requires a null modem connection.
Named pipes can be used to connect to a virtual machine by configuring COM 1.
References: http://support.microsoft.com/kb/819036 http://support.microsoft.com/kb/141709
Q4. - (Topic 3)
You have a server that runs Windows Server 2012 R2. The server contains the disks configured as shown in the following table.
You need to create a volume that can store up to 3 TB of user files. The solution must ensure that the user files are available if one of the disks in the volume fails. What should you create?
A. a storage pool on Disk 2 and Disk 3
B. a spanned volume on Disk 2 and Disk 3
C. a mirrored volume on Disk 1 and Disk 3
D. a mirrored volume on Disk 2 and Disk 3
E. a RAID-5 volume on Disk 1, Disk 2, and Disk 3
F. a storage pool on Disk 1 and Disk 3
G. a spanned volume on Disk 0 and Disk 4
H. a mirrored volume on Disk 1 and Disk 4
Answer: D
Q5. - (Topic 3)
Your network contains one Active Directory domain named contoso.com. The domain contains
2,000 client computers used by students. You recently discover an increase in calls to the helpdesk that relate to security policy to meet the following requirement:
. Modify the UserName of the built-in account named Administrator . Support a time mismatch between client computers and domain controllers of up to three minutes.
Which Two security settings should you modify?
A. Account Policies
B. Password Policy
C. Account Lockout Policy
D. Kerberos Policy
E. Local Policies
F. Audit Policy
G. User Rights Assignment
H. Security Options
Answer: D,H
Explanation:
In Group Policy Object Editor, click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click Security Options. In the details pane, double-click Accounts: Rename administrator account.
Q6. - (Topic 3)
You have a server named Server1 that has the Print and Document Services server role installed.
You need to provide users with the ability to manage print jobs on Server1 by using a web browser.
What should you do?
A. Start the Printer Extensions and Notifications service and set the service to start automatically.
B. Install the LPD Service role service.
C. Start the Computer Browser service and set the service to start automatically.
D. Install the Internet Printing role service.
Answer: D
Explanation:
References: Internet printing makes it possible for computers running Windows Server 2008 to use printers located anywhere in the world by sending print jobs using Hypertext Transfer Protocol (HTTP). http://technet.microsoft.com/en-us/library/cc731368(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc731857.aspx
Q7. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
You have received instructions to convert a basic disk to a GPT disk.
Which of the following is TRUE with regards to GPT disks? (Choose all that apply.)
A. To convert a basic disk to a GPT disk, the disk must not contain any partitions or volumes.
B. You can convert a basic disk to a GPT disk, regardless of partitions or volumes.
C. GPT is required for disks larger than 2 TB.
D. GPT is required for disks smaller than 2 TB.
E. The GPT partition style can be used on removable media.
F. GPT disks make use of the standard BIOS partition table.
Answer: A,C
Explanation:
A. For a drive to be eligible for conversion to dynamic, all basic data partitions on the drive must be contiguous.
C. GPT allows a much larger partition size greater than 2 terabytes (TB) D. 2 terabytes is the limit for MBR disks.
E. Dynamic disks are not supported on portable computers, removable disks, detachable disks that use USB or IEEE 1394 interfaces.
F. Windows only supports booting from a GPT disk on systems that contain Unified Extensible Firmware Interface (UEFI) boot firmware. Master boot record (MBR) disks use the standard BIOS partition table. GUID partition table (GPT) disks use unified extensible firmware interface (UEFI). One advantage of GPT disks is that you can have more than four partitions on each disk. GPT is also required for disks larger than 2 terabytes. Portable computers and removable media. Dynamic disks are not supported on portable computers, removable disks, detachable disks that use Universal Serial Bus (USB) or IEEE 1394 (also called FireWire) interfaces, or on disks connected to shared SCSI buses. If you are using a portable computer and right-click a disk in the graphical or list view in Disk Management, you will not see the option to convert the disk to dynamic. Dynamic disks are a separate form of volume management that allows volumes to have noncontiguous extents on one or more physical disks. Dynamic disks and volumes rely on the Logical Disk Manager (LDM) and Virtual Disk Service (VDS) and their associated features. These features enable you to perform tasks such as converting basic disks into dynamic disks, and creating fault-tolerant volumes. To encourage the use of dynamic disks, multi-partition volume support was removed from basic disks, and is now exclusively supported on dynamic disks. GPT disks can be converted to MBR disks only if all existing partitioning is first deleted, with associated loss of data.
Q. What happens when a basic disk is converted to dynamic?
A. For a drive to be eligible for conversion to dynamic, all basic data partitions on the drive must be contiguous. If other unrecognized partitions separate basic data partitions, the disk cannot be converted. This is one of the reasons that the MSR must be created before any basic data partitions. The first step in conversion is to separate a portion of the MSR to create the configuration database partition. All non-bootable basic partitions are then combined into a single data container partition. Boot partitions are retained as separate data container partitions. This is analogous to conversion of primary partitions. Windows XP and later versions of the Windows operating system differs from Windows 2000 in that basic and extended partitions are preferentially converted to a single 0x42 partition, rather than being retained as multiple distinct 0x42 partitions as on Windows 2000.
Q8. - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has 2 dual-
core processors and 16 GB of RAM.
You install the Hyper-V server role in Server1.
You plan to create two virtual machines on Server1.
You need to ensure that both virtual machines can use up to 8 GB of memory. The solution
must ensure that both virtual machines can be started simultaneously.
What should you configure on each virtual machine?
A. Dynamic Memory
B. NUMA topology
C. Memory weight
D. Resource Control
Answer: A
Q9. - (Topic 3)
You have a file server named Server1 that runs Windows Server 2012 R2. Server1 contains a folder named Folder1.
You share Folder1 as Share1 by using Advanced Sharing. Access-based enumeration is
enabled.
Share1 contains an application named Appl.exe.
You configure the NTFS permissions on Folder1 as shown in the following table.
The members of Group2 report that they cannot make changes to the files in Share1. The
members of Group1 and Group2 run Appl.exe successfully.
You need to ensure that the members of Group2 can edit the files in Share1.
What should you do?
A. Replace the NTFS permissions on all of the child objects.
B. Edit the Share permissions.
C. Edit the NTFS permissions.
D. Disable access-based enumeration.
Answer: C
Explanation:
Share permissions and NTFS permissions are independent in the sense that neither changes the other. The final access permissions on a shared folder are determined by taking into consideration both the share permission and the NTFS permission entries. The more restrictive permissions are then applied.
References: Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter8: File Services and Storage, Lesson 2: Provisioning and Managing Shared Storage, p.388
Q10. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You create and enforce the default AppLocker executable rules.
Users report that they can no longer execute a legacy application installed in the root of drive C.
You need to ensure that the users can execute the legacy application.
What should you do?
A. Create a new rule.
B. Delete an existing rule.
C. Modify the action of the existing rules.
D. Add an exception to the existing rules.
Answer: A
Explanation:
AppLocker is a feature that advances the functionality of the Software Restriction Policies
feature. AppLocker contains new capabilities and extensions that reduce administrative
overhead and help administrators control how users can access and use files, such as
executable files, scripts, Windows Installer files, and DLLs. By using AppLocker, you can:
Define rules based on file attributes that persist across application updates, such as the
publisher name (derived from the digital signature), product name, file name, and file
version. You can also create rules based on the file path and hash.
Assign a rule to a security group or an individual user.
Create exceptions to rules. For example, you can create a rule that allows all users to run
all Windows binaries except the Registry Editor (Regedit.exe).
Use audit-only mode to deploy the policy and understand its impact before enforcing it. .
Create rules on a staging server, test them, export them to your production environment,
and then import them into a Group Policy Object.
Simplify creating and managing AppLocker rules by using Windows PowerShell cmdlets for
AppLocker.
AppLocker default rules
AppLocker allows you to generate default rules for each of the rule types.
Executable default rule types:
Allow members of the local Administrators group to run all applications. Allow members of the Everyone group to run applications that are located in the Windows folder. Allow members of the Everyone group to run applications that are located in the Program Filesfolder. Windows Installer default rule types: Allow members of the local Administrators group to run all Windows Installer files. Allow members of the Everyone group to run digitally signed Windows Installer files. Allow members of the Everyone group to run all Windows Installer files located in the Windows\Installer folder. Script default rule types: Allow members of the local Administrators group to run all scripts. Allow members of the Everyone group to run scripts located in the Program Files folder. Allow members of the Everyone group to run scripts located in the Windows folder. DLL default rule types: (this on can affect system performance ) Allow members of the local Administrators group to run all DLLs. Allow members of the Everyone group to run DLLs located in the Program Files folder. Allow members of the Everyone group to run DLLs located in the Windows folder. You can apply AppLocker rules to individual users or to a group of users. If you apply a rule to a group of users, all users in that group are affected by that rule. If you need to allow a subset of a user group to use an application, you can create a special rule for that subset. For example, the rule “Allow Everyone to run Windows except Registry Editor” allows everyone in the organization to run the Windows operating system, but it does not allow anyone to run Registry Editor. The effect of this rule would prevent users such as Help Desk personnel from running a program that is necessary for their support tasks. To resolve this problem, create a second rule that applies to the Help Desk user group: “Allow Help Desk to run Registry Editor.” If you create a deny rule that does not allow any users to run Registry Editor, the deny rule will override the second rule that allows the Help Desk user group to run Registry Editor.