Q1. You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2. Cluster1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
You configure a custom service on VM1 named Service1.
You need to ensure that VM1 will be moved to a different node if Service1 fails.
Which cmdlet should you run on Cluster1?
A. Add-ClusterVmMonitoredItem
B. Add-ClusterGenericServiceRole
C. Set-ClusterResourceDependency
D. Enable VmResourceMetering
Answer: A
Explanation:
The Add-ClusterVMMonitoredItem cmdlet configures monitoring for a service or an Event Tracing for Windows (ETW) event so that it is monitored on a virtual machine. If the service fails or the event occurs, then the system responds by taking an action based on the failover configuration for the virtual machine resource. For example, the configuration might specify that the virtual machine be restarted.
Q2. Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8.1.
The network contains a shared folder named FinancialData that contains five files.
You need to ensure that the FinancialData folder and its contents are copied to all of the client computers.
Which two Group Policy preferences should you configure? (Each correct answer presents part of the solution. Choose two.)
A. Shortcuts
B. Network Shares
C. Environment
D. Folders
E. Files
Answer: D,E
Explanation:
Folder preference items allow you to create, update, replace, and delete folders and their contents. (To configure individual files rather than folders, see Files Extension.) Before you create a Folder preference item, you should review the behavior of each type of action possible with this extension. File preference items allow you to copy, modify the attributes of, replace, and delete files. (To configure folders rather than individual files, see Folders Extension.) Before you create a File preference item, you should review the behavior of each type of action possible with this extension.
Q3. Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2.
You enable and configure Routing and Remote Access (RRAS) on Server1.
You create a user account named User1.
You need to ensure that User1 can establish VPN connections to Server1.
What should you do?
A. Modify the members of the Remote Management Users group.
B. Add a RADIUS client.
C. Modify the Dial-in setting of User1.
D. Create a connection request policy.
Answer: C
Explanation:
Access permission is also granted or denied based on the dial-in properties of each user account.
http://technet.microsoft.com/en-us/library/cc772123.aspx
Q4. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a member server that runs Windows Server 2012 R2 and has the Windows Deployment Services (WDS) server role installed.
You create a new multicast session in WDS and connect 50 client computers to the session.
When you open the Windows Deployment Services console, you discover that all of the computers are listed as pending devices.
You need to ensure that any of the computers on the network can join a multicast transmission without requiring administrator approval.
What should you configure?
To answer, select the appropriate tab in the answer area.
Answer:
Q5. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 P.2. Server1 has the Network Policy and Access Services server role installed.
You plan to deploy 802. lx authentication to secure the wireless network.
You need to identify which Network Policy Server (NPS) authentication method supports certificate-based mutual authentication for the 802.1x deployment.
Which authentication method should you identify?
A. MS-CHAP
B. PEAP-MS-CHAPv2
C. EAP-TLS
D. MS-CHAP v2
Answer: C
Explanation:
802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:
. EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates, smart cards, or credentials.
. EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificate-based security environments, and it provides the strongest authentication and key determination method.
. EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a mutual authentication method that supports password-based user or computer authentication.
. PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP authentication protocols.
Q6. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You have a Group Policy object (GPO) named GPO1 that contains hundreds of settings. GPO1 is linked to an organizational unit (OU) named OU1. OU1 contains 200 client computers.
You plan to unlink GPO1 from OU1.
You need to identify which GPO settings will be removed from the computers after GPO1 is unlinked from OU1.
Which two GPO settings should you identify? (Each correct answer presents part of the solution. Choose two.)
A. The managed Administrative Template settings
B. The unmanaged Administrative Template settings
C. The System Services security settings
D. The Event Log security settings
E. The Restricted Groups security settings
Answer: A,D
Explanation:
There are two kinds of Administrative Template policy settings: Managed and Unmanaged . The Group Policy service governs Managed policy settings and removes a policy setting when it is no longer within scope of the user or computer.
References: http: //technet. microsoft. com/en-us/library/cc778402(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/bb964258. aspx
Q7. DRAG DROP
Your network contains an Active Directory forest named contoso.com. The forest contains a Network Policy Server (NPS) server named NPS1 and a VPN server named VPN1. VPN1 forwards all authentication requests to NPS1.
A partner company has an Active Directory forest named adatum.com. The adatum.com forest contains an NPS server named NPS2.
You plan to grant users from adatum.com VPN access to your network.
You need to authenticate the users from adatum.com on VPN1.
What should you create on each NPS server?
To answer, drag the appropriate objects to the correct NPS servers. Each object may be
used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q8. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1.
You run ntdsutil as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can access the contents of the mounted snapshot. What should you do?
A. From the snapshot context of ntdsutil, run activate instance "NTDS".
B. From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds\ntds. dit -Idapport 389.
C. From the snapshot context of ntdsutil, run mount {79f94f82-5926-4f44-8af0-2f56d827a57d}.
D. From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds\ntds. dit -Idapport 33389.
Answer: D
Explanation:
By default, only members of the Domain Admins group and the Enterprise Admins group are allowed to view the snapshots because they contain sensitive AD DS data. If you want to access snapshot data from an old domain or forest that has been deleted, you can allow nonadministrators to access the data when you run Dsamain.exe. If you plan to view the snapshot data on a domain controller, specify ports that are different from the ports that the domain controller will use. A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP port and UDP [7] port 389. The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to wait for a response before sending the next request, and the server may send the responses in any order. All information is transmitted using Basic Encoding Rules (BER).
References:
http: //technet. microsoft. com/en-us/library/cc753609(v=ws. 10). aspx
Q9. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Server1 has a folder named Folder1 that is used by the human resources department.
You need to ensure that an email notification is sent immediately to the human resources manager when a user copies an audio file or a video file to Folder1.
What should you configure on Server1?
A. a storage report task
B. a file screen exception
C. a file screen
D. a file group
Answer: C
Explanation:
Create file screens to control the types of files that users can save, and generate notifications when users attempt to save unauthorized files.
With File Server Resource Manager (FSRM) you can create file screens that prevent users
from saving unauthorized files on volumes or folders.
File Screen Enforcement:
You can create file screens to prevent users from saving unauthorized files on volumes or
folders. There are two types of file screen enforcement: active and passive enforcement.
Active file screen enforcement does not allow the user to save an unauthorized file.
Passive file screen enforcement allows the user to save the file, but notifies the user that
the file is not an authorized file. You can configure notifications, such as events logged to
the event log or e-mails sent to users and administrators, as part of active and passive file
screen enforcement.
Q10. Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers named DC1, DC2, DC3, DC4, DC5, and DC6. Each domain controller has the DNS Server server role installed and hosts an Active Directory-integrated zone for contoso.com.
You plan to create a new Active Directory-integrated zone named litwareinc.com that will be used for testing.
You need to ensure that the new zone will be available only on DC5 and DCG.
What should you do first?
A. Change the zone replication scope.
B. Create an Active Directory connection object.
C. Create an Active Directory site link.
D. Create an application directory partition.
Answer: D
Explanation:
You can store Domain Name System (DNS) zones in the domain or application directory partitions of Active Directory Domain Services (AD DS). A partition is a data structure in AD DS that distinguishes data for different replication purposes. When you create an application directory partition for DNS, you can control the scope of replication for the zone that is stored in that partition.