Q1. HOTSPOT
Your network contains an Active Director domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2.
You have two user accounts named User1 and User2. User1 and User2 are the members of a group named Group1. User1 has the Department value set to Accounting, user2 has the Department value set to Marketing. Both users have the Employee Type value set to Contract Employee.
You create the auditing entry as shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.
Answer:
Q2. You have a server named WSUS1 that runs Windows Server 2012 R2. WSUS1 has the Windows Server Update Services server role installed and has one volume.
You add a new hard disk to WSUS1 and then create a volume on the hard disk.
You need to ensure that the Windows Server Update Services (WSUS) update files are stored on the new volume.
What should you do?
A. From the Update Services console, configure the Update Files and Languages option.
B. From the Update Services console, run the Windows Server Update Services Configuration Wizard.
C. From a command prompt, run wsusutil.exe and specify the export parameter.
D. From a command prompt, run wsusutil.exe and specify the movecontent parameter.
Answer: D
Explanation:
Local Storage Considerations
If you decide to store update files on your server, the recommended minimum disk size is 30 GB. However, depending on the synchronization options you specify, you might need to use a larger disk. For example, when specifying advanced synchronization options, as in the following procedure, if you select options to download multiple languages and/or the option to download express installation files, your server disk can easily reach 30 GB.
Therefore if you choose any of these options, install a larger disk (for example, 100 GB).
If your disk gets full, you can install a new, larger disk and then move the update files to the new location. To do this, after you create the new disk drive, you will need to run the WSUSutil.exetool (with the movecontent command) to move the update files to the new disk. For this procedure, see Managing WSUS from the Command Line.
For example, if D:\WSUS1 is the new path for local WSUS update storage, D:\move. log is the path to the log file, and you wanted to copy the old files to the new location, you would type: wsusutil.exe movecontent D:\WSUS1\ D:\move. Log.
Note: If you do not want to use WSUSutil.exe to change the location of local WSUS update storage, you can also use NTFS functionality to add a partition to the current location of local WSUS update storage. For more information about NTFS, go to Help and Support Center in Windows Server 2003.
Syntax
At the command line %drive%\Program Files\Update Services\Tools>, type:
wsusutilmovecontentcontentpathlogfile -skipcopy [/?]
The parameters are defined in the following table.
contentpath - the new root for content files. The path must exist.
logfile - the path and file name of the log file to create.
-skipcopy - indicates that only the server configuration should be changed, and that the content files should not be copied.
/help or /? - displays command-line help for movecontent command.
References:
http: //blogs.technet.com/b/sus/archive/2008/05/19/wsus-how-to-change-the-location-where-wsus-stores-updates-locally.aspx
http: //technet.microsoft.com/en-us/library/cc720475(v=ws.10).aspx http: //technet.microsoft.com/en-us/library/cc708480%28v=ws.10%29.aspx http: //technet.microsoft.com/en-us/library/cc720466(v=ws.10).aspx http: //technet.microsoft.com/en-us/library/cc708480%28v=ws.10%29.aspx
Q3. HOTSPOT
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains two Active Directory sites named Site1 and Site2.
You plan to deploy a read-only domain controller (RODC) named DC10 to Site2. You pre-create the DC10 domain controller account by using Active Directory Users and Computers.
You need to identify which domain controller will be used for initial replication during the promotion of the RODC.
Which tab should you use to identify the domain controller?
To answer, select the appropriate tab in the answer area.
Answer:
Q4. Your network contains a single Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The domain contains 400 desktop computers that run Windows 8 and 10 desktop computers that run Windows XP Service Pack 3 (SP3). All new desktop computers that are added to the domain run Windows 8.
All of the desktop computers are located in an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1. GPO1 contains startup script settings. You link GPO1 to OU1.
You need to ensure that GPO1 is applied only to computers that run Windows XP SP3.
What should you do?
A. Create and link a WML filter to GPO1
B. Run the Set-GPInheritance cmdlet and specify the -target parameter.
C. Run the Set-GPLink cmdlet and specify the -target parameter.
D. Modify the Security settings of OU1.
Answer: A
Explanation:
WMI Filtering is used to get information of the system and apply the GPO on it with the condition is met.
Security filtering: apply a GPO to a specific group (members of the group)
Q5. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\.
All of the domain controllers have a third-party application installed.
The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning.
You need to prepare a domain controller for cloning.
What should you do?
A. In D:\Windows\NTDS\, create an XML file named DCCloneConfig.xml and add the application information to the file.
B. In the root of a USB flash drive, add the application information to an XML file named DefaultDCCIoneAllowList.xml.
C. In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and add the application information to the file.
D. In C:\Windows\System32\Sysprep\Actionfiles\, add the application information to an XML file named Respecialize.xml.
Answer: C
Explanation:
Place the CustomDCCloneAllowList.xml file in the same folder as the Active Directory database (ntds. dit) on the source Domain Controller.
References:
http: //blogs. dirteam. com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active-directory-domain-services-in-windows-server-2012-part-13-domain-controller-cloning. aspx
http: //www. thomasmaurer. ch/2012/08/windows-server-2012-hyper-v-how-to-clone-a-virtual-domain-controller
http: //technet. microsoft. com/en-us/library/hh831734. aspx
Q6. You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed.
You start a virtual machine named VM1 as shown in the exhibit. (Click the Exhibit button.)
You need to configure a pre-staged device for VM1 in the Windows Deployment Services console.
Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.)
A. 979708BFC04B45259FE0C4150BB6C618
B. 979708BF-C04B-4525-9FE0-C4150BB6C618
C. 00155D000F1300000000000000000000
D. 0000000000000000000000155D000F13
E. 00000000-0000-0000-0000-C4150BB6C618
Answer: B,D
Explanation:
Use client computer's media access control (MAC) address preceded with twenty zeros or the globally unique identifier (GUID) in the format: {XXXXXXXX-XXXX-XXXX-XXX-XXXXXXXXXXXX}.
Reference: http: //technet. microsoft. com/en-us/library/cc754469. aspx
Q7. Your network contains a Hyper-V host named Server1 that hosts 20 virtual machines.
You need to view the amount of memory resources and processor resources each virtual machine uses currently.
Which tool should you use on Server1?
A. Hyper-V Manager
B. Task Manager
C. Windows System Resource Manager (WSRM)
D. Resource Monitor
Answer: A
Q8. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DLL.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder1.
You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?
A. From the File Server Resource Manager console, create a local classification property.
B. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share - Applications option.
C. From the File Server Resource Manager console, modify the Access-Denied Assistance settings.
D. From the File Server Resource Manager console, set a folder management property.
Answer: D
Q9. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The network contains several group Managed Service Accounts that are used by four member servers.
You need to ensure that if a group Managed Service Account resets a password of a domain user account, an audit entry is created.
You create a Group Policy object (GPO) named GPO1.
What should you do next?
A. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Link GPO1 to the Domain Controllers organizational unit (OU).
B. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Move the member servers to a new organizational unit (OU). Link GPO1 to the new OU.
C. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Link GPO1 to the Domain Controllers organizational unit (OU).
D. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Move the member servers to a new organizational unit (OU). Link GPO1 to the new OU.
Answer: A
Explanation:
Audit User Account Management This security policy setting determines whether the operating system generates audit events when the following user account management tasks are performed:
. A user account is created, changed, deleted, renamed, disabled, enabled, locked out, or unlocked.
A user account password is set or changed.
Security identifier (SID) history is added to a user account.
The Directory Services Restore Mode password is set.
Permissions on accounts that are members of administrators groups are changed.
Credential Manager credentials are backed up or restored.
This policy setting is essential for tracking events that involve provisioning and managing user accounts.
Q10. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. All servers run Windows Server 2012 R2.
You need to collect the error events from all of the servers on Server1. The solution must ensure that when new servers are added to the domain, their error events are collected automatically on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On Server1, create a collector initiated subscription.
B. On Server1, create a source computer initiated subscription.
C. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.
D. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.
Answer: B,C
Explanation:
To set up a Source-Initiated Subscription with Windows Server 2003/2008 so that events of interest from the Security event log of several domain controllers can be forwarded to an administrative workstation.
* Group Policy The forwarding computer needs to be configured with the address of the server to which the events are forwarded. This can be done with the following group policy setting:
Computer configuration-Administrative templates-Windows components-Event forwarding-Configure the server address, refresh interval, and issue certificate authority of a target subscription manager.
* Edit the GPO and browse to Computer Configuration | Policies | Administrative Templates | Windows Components | Event Forwarding - Configure the server address, refresh interval, and issuer certificate authority of a target Subscription Manager.