Q1. Your network contains one Active Directory forest named contoso.com. The forest contains two child domains and six domain controllers. The domain controllers are configured as shown in the following table.
You need to ensure that all Active Directory changes are replicated to all of the domain controllers in the forest within 30 minutes.
What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Answer: B
Reference: Technet, Set-ADReplicationSite
https://technet.microsoft.com/en-us/library/hh852305(v=wps.630).aspx
Q2. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed.
You need to make configuration changes to the Windows Token-based Agent role service.
Which tool should you use?
To answer, select the appropriate tool in the answer area.
Answer:
Q3. Your network contains an Active Directory forest named contoso.com. The forest contains four domains. All servers run Windows Server 2012 R2.
Each domain has a user named User1.
You have a file server named Server1 that is used to synchronize user folders by using the Work Folders role service.
Server1 has a work folder named Sync1.
You need to ensure that each user has a separate folder in Sync1.
What should you do?
A. From Windows Explorer, modify the Sharing properties of Sync1.
B. Run the Set-SyncServerSetting cmdlet.
C. From File and Storage Services in Server Manager, modify the properties of Sync1.
D. Run the Set-SyncShare cmdlet.
Answer: D
Explanation:
The Set-SyncShare cmdlet modifies the settings for a sync share.
Example: Modify a sync share to add a user group
This example modifies settings on the share named Share01, and enables the user group
named ContosoEngGroup to access the share.
The first command uses the Get-SyncShare cmdlet to retrieve the sync share for Share01,
and assigns the results to the variable $Current.
The second command uses the Set-SyncShare cmdlet to modify the sync share and add
the current user and the ContosoEngGroup to the list of users allowed to access the share.
PS C:\> $Current = Get-SyncShare Share01
PS C:\> Set-SyncShare Share01 -User $Current.user,"ContosoEngGroup"
PS C:\> Get-SyncShare Share01 // See %username below% !!
ConflictResolutionPolicy : KeepLatest
Description :
DevicePolicy : Share01
Enabled : True ExclusiveAccessToUser : False Name : Share01 Path : K:\Share01 StagingFolder : K:\EcsStagingArea\Share01 StagingQuota : 1099511627776 StagingQuotaPerUser : 10737418240 Type : User Data User : {HRGroup, EngGroup} UserFolderName : %username% // <-- This line!! PSComputerName
Reference: Set-SyncShare
http://technet.microsoft.com/en-US/library/dn296649.aspx
Q4. HOTSPOT
You run Get-ISCSIServerTarget and you receive the following output.
Use the drop-down menus to select the answer choice that completes each statement.
Answer:
Q5. HOTSPOT
Your network contains an Active Directory domain named contoso.com.
You have a Dynamic Access Control policy named Policy1.
You create a new Central Access Rule named Rule1.
You need to add Rule1 to Policy1.
What command should you run?
To answer, select the appropriate options in the answer area.
Answer:
Q6. Your network contains an Active Directory forest. The forest contains one domain named adatum.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
DC2 has all of the domain-wide operations master roles. DC3 has all of the forest-wide operation master roles.
You need to ensure that you can use Password Settings objects (PSOs) in the domain.
What should you do first?
A. Uninstall Active Directory from DC1.
B. Change the domain functional level.
C. Transfer the domain-wide operations master roles.
D. Transfer the forest-wide operations master roles.
Answer: A
Explanation:
In Windows Server 2008 and later, you can use fine-grained password policies to specify multiple password policies and apply different password restrictions and account lockout policies to different sets of users within a single domain.
Note: In Microsoft Windows 2000 and Windows Server 2003 Active Directory domains, you could apply only one password and account lockout policy, which is specified in the domain's Default Domain Policy, to all users in the domain. As a result, if you wanted different password and account lockout settings for different sets of users, you had to either create a password filter or deploy multiple domains. Both options were costly for different reasons.
Reference: AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide
Q7. Your network contains an Active Directory domain named adatum.com. The domain contains two domain controllers that run Windows Server 2012 R2. The domain controllers are configured as shown in the following table.
You log on to DC1 by using a user account that is a member of the Domain Admins group, and then you create a new user account named User1.
You need to prepopulate the password for User1 on DC2.
What should you do first?
A. Connect to DC2 from Active Directory Users and Computers.
B. Add DC2 to the Allowed RODC Password Replication Policy group.
C. Add the User1 account to the Allowed RODC Password Replication Policy group.
D. Run Active Directory Users and Computers as a member of the Enterprise Admins group.
Answer: D
Explanation:
To prepopulate the password cache for an RODC by using Active Directory Users and Computers (see step 1 below).
Administrative credentials: To prepopulate the password cache for an RODC, you must be a member of the Domain Admins group.
Click Start, click Administrative Tools, and then click Active Directory Users and
Computers.
Ensure that Active Directory Users and Computers points to the writable domain
controller that is running Windows Server 2008, and then click Domain Controllers.
In the details pane, right-click the RODC computer account, and then click
Properties.
Click the Password Replication Policy tab.
Click Advanced.
Click Prepopulate Passwords.
Type the name of the accounts whose passwords you want to prepopulate in the
cache for the RODC, and then click OK.
When you are asked if you want to send the passwords for the accounts to the
RODC, click Yes.
Note: You can prepopulate the password cache for an RODC with the passwords of user and computer accounts that you plan to authenticate to it. When you prepopulate the RODC password cache, you trigger the RODC to replicate and cache the passwords for users and computers before the accounts try to log on in the branch office.
Incorrect: Not C. You don't need to add User1 to the Allowed RODC Password Replication Policy group. As a first step you should run Active.Directory Users and Computers as a member of the Domain/Enterprise Admins group.-
Reference: Password Replication Policy Administration
http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre
Q8. You have a server named Server1 that runs Windows Server 2012 R2.
You install the File and Storage Services server role on Server1.
From Windows Explorer, you view the properties of a folder named Folder1 and you discover that the Classification tab is missing.
You need to ensure that you can assign classifications to Folder1 from Windows Explorer manually.
What should you do?
A. From Folder Options, clear Hide protected operating system files (Recommended).
B. Install the File Server Resource Manager role service.
C. From Folder Options, select the Always show menus.
D. Install the Share and Storage Management Tools.
Answer: B
Explanation:
On the Classification tab of the file properties in Windows Server 2012, File Classification Infra-structure adds the ability to manually classify files. You can also classify folders so that any file added to the classified folder will inherit the classifications of the parent folder.
Reference: What's New in File Server Resource Manager in Windows Server.
Q9. Your network contains an Active Directory forest named contoso.com. The forest contains three domains. All domain controllers run Windows Server 2012 R2.
The forest has a two-way realm trust to a Kerberos realm named adatum.com.
You discover that users in adatum.com can only access resources in the root domain of contoso.com.
You need to ensure that the adatum.com users can access the resources in all of the domains in the forest.
What should you do in the forest?
A. Delete the realm trust and create a forest trust.
B. Delete the realm trust and create three external trusts.
C. Modify the incoming realm trust.
D. Modify the outgoing realm trust.
Answer: D
Explanation:
* A one-way, outgoing realm trust allows resources in your Windows Server domain (the domain that you are logged on to at the time that you run the New Trust Wizard) to be accessed by users in the Kerberos realm.
* You can establish a realm trust between any non-Windows Kerberos version 5 (V5) realm and an Active Directory domain. This trust relationship allows cross-platform interoperability with security services that are based on other versions of the Kerberos V5 protocol, for example, UNIX and MIT implementations. Realm trusts can switch from nontransitive to transitive and back. Realm trusts can also be either one-way or two-way.
Reference: Create a One-Way, Outgoing, Realm Trust
Q10. You have a server named Server1 that runs Windows Server 2012 R2.
Windows Server 2012 R2 is installed on volume C.
You need to ensure that Safe Mode with Networking loads the next time Server1 restarts.
Which tool should you use?
A. The Msconfig command
B. The Bootcfg command
C. The Restart-Computer cmdlet
D. The Restart-Server cmdlet
Answer: A
Explanation:
Use system config (Msconfig) to configure boot options.
Reference: System Configuration – aka MSCONFIG.