Q1. Your network contains one Active Directory domain named contoso.com. The domain contains the domain controllers configured as shown in the following table.
The functional level of the domain and the forest is Windows Server 2008.
An administrator named Admin1 is a member of the Domain Admins group.
You need to ensure that Admin1 can deploy a Windows Server 2012 R2 domain controller to contoso.com.
What should you do?
A. Raise the forest functional level.
B. Run the Set-ADForestMode cmdlet.
C. Raise the domain functional level.
D. Run the adprep.exe command.
Answer: D
Explanation: Adprep.exe commands run automatically as needed as part of the AD DS installation process on servers that run Windows Server 2012 or later. The commands need to run in the following cases:
* Before you add the first domain controller that runs a version of Windows Server that is later than the latest version that is running in your existing domain.
* Before you upgrade an existing domain controller to a later version of Windows Server, if that domain controller will be the first domain controller in the domain or forest to run that version of Windows Server.
Reference: Running Adprep.exe
https://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx
Q2. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
An administrator installs the IP Address Management (IPAM) Server feature on a server named Server2. The administrator configures IPAM by using Group Policy based provisioning and starts server discovery.
You plan to create Group Policies for IPAM provisioning.
You need to identify which Group Policy object (GPO) name prefix must be used for IPAM Group Policies.
What should you do on Server2?
A. From Server Manager, review the IPAM overview.
B. Run the ipamgc.exe tool.
C. From Task Scheduler, review the IPAM tasks.
D. Run the Get-IpamConfiguration cmdlet.
Answer: D
Explanation:
Example:
http://i.imgur.com/YcHLXhr.jpg
Q3. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a Clustered Shared Volume (CSV).
A developer creates an application named App1. App1 is NOT a cluster-aware application. App1 stores data in the file system.
You need to ensure that App1 runs in Cluster1. The solution must minimize development effort.
Which cmdlet should you run?
A. Add-ClusterServerRole
B. Add-ClusterGenericServiceRole
C. Add ClusterScaleOutFileServerRole
D. Add ClusterGenericApplicationRole
Answer: D
Explanation:
Add-ClusterGenericApplicationRole
Configure high availability for an application that was not originally designed to run in a
failover cluster.
If you run an application as a Generic Application, the cluster software will start the
application, then periodically query the operating system to see whether the application
appears to be running. If so, it is presumed to be online, and will not be restarted or failed
over.
EXAMPLE 1.
Command Prompt: C:\PS>
Add-ClusterGenericApplicationRole -CommandLine NewApplication.exe
Name OwnerNode State
cluster1GenApp node2 Online Description
This command configures NewApplication.exe as a generic clustered application. A default name will be used for client access and this application requires no storage.
Reference: Add-ClusterGenericApplicationRole
http://technet.microsoft.com/en-us/library/ee460976.aspx
Q4. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has an enterprise root certification authority (CA) for contoso.com.
You deploy another member server named Server2 that runs Windows Server 2012 R2 and has the Web Server (IIS) server role installed.
You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point for the CA. The solution must ensure that CRLs are published automatically to Server2.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create an http:// CRL distribution point (CDP) entry.
B. Configure a CA exit module.
C. Create a file:// CRL distribution point (CDP) entry.
D. Configure a CA policy module.
E. Configure an enrollment agent.
Answer: A,D
Explanation:
A. To specify CRL distribution points in issued certificates Open the Certification Authority snap-in. In the console tree, click the name of the CA. On the Action menu, click Properties , and then click the Extensions tab. Confirm that Select extension is set to CRL Distribution Point (CDP) .
. Do one or more of the following. (The list of CRL distribution points is in the Specify locations from which users can obtain a certificate revocation list (CRL) box.)
/ To indicate that you want to use a URL as a CRL distribution point Click the CRL distribution point, select the Include in the CDP extension of issued certificates check box, and then click OK .
. Click Yes to stop and restart Active Directory Certificate Services (AD CS).
D. You can specify CRL Distribution Points (CDPs) in CAPolicy.inf. Note that any CDP in CAPolicy.inf will take precedence for certificate verifiers over the CDP's specified in the CA policy module.
Note:
CRLDistributionPoint
You can specify CRL Distribution Points (CDPs) for a root CA certificate in the CAPolicy.inf.
This section does not configure the CDP for the CA itself. After the CA has been installed
you can configure the CDP URLs that the CA will include in each certificate that it issues.
The URLs specified in this section of the CAPolicy.inf file are included in the root CA
certificate itself.
Example:
[CRLDistributionPoint]
URL=http://pki.wingtiptoys.com/cdp/WingtipToysRootCA.crl
Q5. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured.
For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll the smart card certificates for the users.
You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent.
Which setting should you modify? To answer, select the appropriate setting in the answer area.
Answer:
Q6. Your network contains an Active Directory domain named contoso.com. The domain
contains a certification authority (CA).
You suspect that a certificate issued to a Web server is compromised.
You need to minimize the likelihood that users will trust the compromised certificate.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Stop the Certificate Propagation service.
B. Modify the validity period of the Web Server certificate template.
C. Run certutil and specify the -revoke parameter.
D. Run certutil and specify the -deny parameter.
E. Publish the certificate revocation list (CRL).
Answer: C,E
Explanation: First revoke the certificate, then publish the CRL.
Q7. You have a server named Server1 that runs Windows Server 2012 R2.
Each day, Server1 is backed up fully to an external disk.
On Server1, the disk that contains the operating system fails.
You replace the failed disk.
You need to perform a bare-metal recovery of Server1 by using the Windows Recovery
Environment (Windows RE).
What should you do?
A. Run the Start-WBVolumeRecovery cmdlet and specify the -backupset parameter.
B. Run the Get-WBBareMetalRecovery cmdlet and specify the -policy parameter.
C. Run the wbadmin.exe start recovery command and specify the -recoverytarget parameter.
D. Run the wbadmin.exe start sysrecovery command and specify the -backuptarget parameter.
Answer: D
Explanation:
Performs a system recovery (bare metal recovery). This subcommand can be run only from the Windows Recovery Environment.
* -backupTarget Specifies the storage location that contains the backup or backups that you want to recover. This parameter is useful when the storage location is different from where backups of this computer are usually stored.
Reference: Wbadmin start sysrecovery
http://technet.microsoft.com/en-us/library/cc742118.aspx
Q8. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.
Cluster1 hosts an Application named App1.
You need to ensure that Server2 handles all of the client requests to the cluster for App1. The solution must ensure that if Server2 fails, Server1 becomes the active node for App1.
What should you configure?
A. Affinity-None
B. Affinity-Single
C. The cluster quorum settings
D. The failover settings
E. A file server for general use
F. The Handling priority
G. The host priority
H. Live migration
I. The possible owner
J. The preferred owner
K. Quick migration
L. the Scale-Out File Server
Answer: J
Explanation:
The preferred owner in a two-server cluster will always be the active node unless it is down.
Reference: Preferred Owners in a Cluster
http://blogs.msdn.com/b/clustering/archive/2008/10/14/9000092.aspx
Q9. HOTSPOT
Your network contains three application servers that run Windows Server 2012 R2. The application servers have the Network Load Balancing (NLB) feature installed.
You create an NLB cluster that contains the three servers.
You plan to deploy an application named App1 to the nodes in the cluster. App1 uses TCP port 8080 and TCP port 8081.
Clients will connect to App1 by using HTTP and HTTPS. When clients connect to App1 by using HTTPS, session state information will be retained locally by the cluster node that responds to the client request.
You need to configure a port rule for Appl.
Which port rule should you use?
To answer, select the appropriate rule in the answer area.
Answer:
Q10. Your network contains an Active Directory domain named contoso.com.
You deploy a server named Server1 that runs Windows Server 2012 R2.
A local administrator installs the Active Directory Rights Management Services server role
on Server1.
You need to ensure that AD RMS clients can discover the AD RMS cluster automatically.
What should you do?
A. Run the Active Directory Rights Management Services console by using an account that is a member of the Schema Admins group, and then configure the proxy settings.
B. Run the Active Directory Rights Management Services console by using an account that is a member of the Schema Admins group, and then register the Service Connection Point (SCP).
C. Run the Active Directory Rights Management Services console by using an account that is a member of the Enterprise Admins group, and then register the Service Connection Point (SCP).
D. Run the Active Directory Rights Management Services console by using an account that is a member of the Enterprise Admins group, and then configure the proxy settings.
Answer: C
Explanation:
* The Active Directory Rights Management Services (AD RMS) Service Connection Point (SCP) is an object in Active Directory that holds the web address of the AD RMS certification cluster. AD RMS-enabled applications use the SCP to discover the AD RMS service; it is the first connection point for users to discover the AD RMS web services.
* To register the SCP you must be a member of the local AD RMS Enterprise Administrators group and the Active Directory Domain Services (AD DS) Enterprise Admins group, or you must have been given the appropriate authority.
Reference: The AD RMS Service Connection Point