Q1. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1.
Port rules are configured for all clustered Applications.
You need to ensure that Server2 handles all client requests to the cluster that are NOT covered by a port rule.
What should you configure?
A. Affinity-None
B. Affinity-Single
C. The cluster quorum settings
D. The failover settings
E. A file server for general use
F. The Handling priority
G. The host priority
H. Live migration
I. The possible owner
J. The preferred owner
K. Quick migration
L. The Scale-Out File Server
Answer: G
Explanation:
Host Priorities Each cluster host is assigned a unique host priority in the range of 1 to 32, where lower numbers denote higher priorities. The host with the highest host priority (lowest numeric value) is called the default host. It handles all client traffic for the virtual IP addresses that is not specifically intended to be load-balanced. This ensures that server applications not configured for load balancing only receive client traffic on a single host. If the default host fails, the host with the next highest priority takes over as default host.
Reference: Network Load Balancing Technical Overview
http://technet.microsoft.com/en-us/library/bb742455.aspx
Q2. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. The system properties of Server1 are shown in the exhibit. (Click the Exhibit button.)
You need to configure Server1 as an enterprise subordinate certification authority (CA).
What should you do first?
A. Add RAM to the server.
B. Set the Startup Type of the Certificate Propagation service to Automatic.
C. Install the Certification Authority Web Enrollment role service.
D. Join Server1 to the contoso.com domain.
Answer: D
Explanation:
Enterprise CAs must be domain members. From the exhibit we see that it is only a
Workgroup member.
Note:
A new CA can be the root CA of a new PKI or subordinate to another in an existing PKI.
Enterprise subordinate certification authority.
An enterprise subordinate CA must get a CA certificate from an enterprise root CA but can
then issue certificates to all users and computers in the enterprise. These types of CAs are
often used for load balancing of an enterprise root CA.
Reference: Install a Subordinate Certification Authority
Q3. You have a server named Server1.
You install the IP Address Management (IPAM) Server feature on Server1.
You need to provide a user named User1 with the ability to set the access scope of all the DHCP servers that are managed by IPAM. The solution must use the principle of least privilege.
Which user role should you assign to User1?
A. DNS Record Administrator Role
B. IPAM DHCP Reservations Administrator Role
C. IPAM Administrator Role
D. IPAM DHCP Administrator Role
Answer: D
Explanation:
The IPAM DHCP administrator role completely manages DHCP servers.
C:\Users\Chaudhry\Desktop\1.jpg
Reference: What's New in IPAM
Q4. You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server 2012 R2.
You need to force every node in Cluster1 to contact immediately the Windows Server Update Services (WSUS) server on your network for updates.
Which tool should you use?
A. The Add-CauClusterRole cmdlet
B. The Wuauclt command
C. The Wusa command
D. The Invoke-CauScan cmdlet
Answer: A
Explanation:
The Add-CauClusterRole cmdlet adds the Cluster-Aware Updating (CAU) clustered role
that provides the self-updating functionality to the specified cluster. When the CAU
clustered role has been added to a cluster, the failover cluster can update itself on the
schedule that is specified by the user, without requiring an external computer to coordinate
the cluster updating process.
Incorrect:
Not B. The wuauclt utility allows you some control over the functioning of the Windows
Update Agent. It is updated as part of Windows Update.
The following are the command line for wuauclt.
OptionDescription
/a /ResetAuthorization
Initiates an asynchronous background search for applicable updates. If Automatic Updates
is disabled, this option has no effect.
/r /ReportNow
Sends all queued reporting events to the server asynchronously.
/? /h /help
Shows this help information.
Not D.
The Invoke-CauScan cmdlet performs a scan of cluster nodes for applicable updates and
returns a list of the initial set of updates that would be applied to each node in a specified
cluster.
Note: The Invoke-CauRun cmdlet performs a scan of cluster nodes for applicable updates
and installs those updates via an Updating Run on the specified cluster.
Reference: Add-CauClusterRole
http://technet.microsoft.com/en-us/library/hh847235(v=wps.620).aspx
Q5. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed.
You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2.
You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2.
To which group on Server2 should you add Tech1?
A. IPAM MSM Administrators
B. IPAM Administrators
C. winRMRemoteWMIUsers_
D. Remote Management Users
Answer: C
Explanation:
If you are accessing the IPAM server remotely using Server Manager IPAM client RSAT, then you must be a member of the WinRMRemoteWMIUsers group on the IPAM server, in addition to being a member of the appropriate IPAM security group (or local Administrators group).
Reference: IPAM Deployment Planning, IPAM specifications
Q6. A user named User1 is a member of the local Administrators group on Node1 and Node2.
User1 creates a new clustered File Server role named File1 by using the File Server for general use option.
A report is generated during the creation of File1 as shown in the exhibit. (Click the Exhibit button.)
File1 fails to start.
You need to ensure that you can start File1.
What should you do?
A. Log on to the domain by using the built-in Administrator for the domain, and then recreate the clustered File Server role by using the File Server for general use option.
B. Assign the user account permissions of User1 to the Servers OU.
C. Assign the computer account permissions of Cluster2 to the Servers OU.
D. Increase the value of the ms-DS-MachineAccountQuota attribute of the domain.
E. Recreate the clustered File Server role by using the File Server for scale-out application data option.
Answer: B
Explanation:
Scenario: You have created a Windows Server 2012 Scale-Out File Server. The cluster,
including the network and storage, pass the cluster validation test. Everything looks and is
good. You create a File Server role for application data (SOFS) but it fails to start.
Problem: Basically, the cluster needs permissions to create a computer object (for the
SOFS) in the same Active Directory OU that the cluster object (Demo-FSC1) is stored in.
Resolution: Reconfigure the permissions on the Servers OU.
In this case we assign the user account permissions of User1 to the Servers OU.
Reference: Scale-Out File Server Role Fails To Start With Event IDs 1205, 1069, and 1194
http://www.aidanfinn.com/?p=14142
Q7. Your network contains one Active Directory domain named contoso.com. The domain contains an IP Address Management (IPAM) server named Server1. Server1 manages several DHCP and DNS servers.
From Server Manager on Server1, you create a custom role for IPAM.
You need to assign the role to a group named IP_Admins.
What should you do?
A. From Windows PowerShell, run the Add-Member cmdlet.
B. From Server Manager, create an access policy.
C. From Windows PowerShell, run the Set-IpamConfiguration cmdlet.
D. From Server Manager, create an access scope.
Answer: B
Explanation: A role is a collection of IPAM operations. You can associate a role with a user or group in Windows using an access policy. Several built-in roles are provided, but you can also create customized roles to meet your business requirements.
Reference: Manage IPAM, Access Control
https://technet.microsoft.com/en-us/library/dn741281.aspx
Q8. Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 have the Hyper-V server role installed. Server1 and Server2 are configured as Hyper-V replicas of each other.
Server2 hosts a virtual machine named VM5. VM5 is replicated to Server1.
You need to verify whether the replica of VM5 on Server1 is functional. The solution must ensure that VM5 remains accessible to clients.
What should you do from Hyper-V Manager?
A. On Server1, execute a Planned Failover.
B. On Server1, execute a Test Failover.
C. On Server2, execute a Planned Failover.
D. On Server2, execute a Test Failover.
Answer: B
Explanation:
Test Failover (TFO) is an operation initiated on your replica virtual machine (in this scenario on Server1) which allows you to test the sanity of the virtualized workload without interrupting your production workload or ongoing replication.
TFO is performed on the replica virtual machine by right-clicking on the VM and choosing the Test Failover operation (either from the Hyper-V Manager or from the Failover Clustering Manager).
Reference: Types of failover operations in Hyper-V Replica – Part I – Test Failover.
Q9. You have a server named Server1 that runs Windows Server 2012 R2.
Server1 is backed up by using Windows Server Backup. The backup configuration is shown in the exhibit. (Click the Exhibit button.)
You discover that only the last copy of the backup is maintained. You need to ensure that multiple backup copies are maintained. What should you do?
A. Modify the backup destination.
B. Configure the Optimize Backup Performance settings.
C. Modify the Volume Shadow Copy Service (VSS) settings.
D. Modify the backup times.
Answer: A
Explanation:
The destination in the exhibit shows a network share is used. If a network share is being used only the latest copy will be saved
Reference: Where should I save my backup? http://windows.microsoft.com/en-us/windows7/where-should-i-save-my-backup
Q10. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA).
All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card.
A user named User1 resigned and started to work for a competing company.
You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain.
Which tool should you use?
A. Active Directory Administrative Center
B. Certificate Templates
C. The Security Configuration Wizard
D. The Certificates snap-in
Answer: A
Explanation:
To disable or enable a user account using Active Directory Administrative Center
1. To open Active Directory Administrative Center, click Start , click Administrative Tools ,
and then click Active Directory Administrative Center .
To open Active Directory Users and Computers in Windows Server 2012, click Start , type
dsac.exe .
2. In the navigation pane, select the node that contains the user account whose status you
want to change.
3. In the management list, right-click the user whose status you want to change.
4. Depending on the status of the user account, do one of the following: . uk.co.certification.simulator.questionpool.PList@ed88a30
Reference: Disable or Enable a User Account