Q1. Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
On a server named Corel, you perform a Server Core Installation of Windows Server 2012 R2. You join Corel to the adatum.com domain.
You need to ensure that you can use Event Viewer on Server1 to view the event logs on Core1.
What should you do on Core1?
A. Run the Enable-NetFirewallRulecmdlet.
B. Run the Disable-NetFirewallRulecmdlet.
C. Install Remote Server Administration Tools (RSAT).
D. Install Windows Management Framework.
Answer: A
Q2. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1. Cluster1 hosts a secure web Application named WebApp1. WebApp1 saves user state information locally on each node.
You need to ensure that when users connect to WebApp1, their session state is maintained.
What should you configure?
A. Affinity None
B. Affinity Single
C. The cluster quorum settings
D. The failover settings
E. A file server for general use
F. The Handling priority
G. The host priority
H. Live migration
I. The possible owner
J. The preferred owner
K. Quick migration
L. The Scale-Out File Server
Answer: B
Explanation:
Even though Network Load Balancing (NLB) hasn't changed significantly since Windows Server 2008 and isn't mentioned in this chapter, be sure to review the feature and its configurable options. For example, remember that in port rules for Network Load Balancing clusters, the Affinity setting determines how you want multiple connections from the same client handled by the NLB cluster. "Affinity: Single" redirects clients back to the same cluster host. "Affinity: Network" redirects clients from the local subnet to the cluster host. "Affinity: None" doesn't redirect multiple connections from the same client back to the same cluster host.
http://technet.microsoft.com/en-us/library/bb687542.aspx Using NLB Client Affinity NLB offers three types of client affinity to minimize response time to clients and provide generic support for preserving session state. Each affinity specifies a different method for distributing client requests. In Application Center, the New Cluster Wizard sets affinity to Single by default. Later, you can use the cluster Properties dialog box to modify the affinity. The following table describes the three types of affinity.
No Affinity With No affinity, NLB does not associate clients with a particular member. Every client request can be load balanced to any member. This affinity provides the best performance but might disrupt clients with established sessions, because subsequent requests might be load balanced to other members where the session information does not exist. Single Affinity In Single affinity, NLB associates clients with particular members by using the client's IP address. Thus, requests coming from the same client IP address always reach the same member. This affinity provides the best support for clients that use sessions on an intranet. These clients cannot use No affinity because their sessions could be disrupted. Additionally, these clients cannot use Class C affinity because intranet clients typically have IP addresses within a narrow range. It is likely that this range is so narrow that all clients on an intranet have the same Class C address, which means that one member might process all of the requests while other members remain idle. Class C Affinity With Class C affinity, NLB associates clients with particular members by using the Class C portion of the client's IP address. Thus, clients coming from the same Class C address range always access the same member. This affinity provides the best performance for clusters serving the Internet. Bb687542.note(en- us,TechNet.10).gif Note It is not efficient for Internet clients to use Single affinity because, in Single affinity, NLB load balances each client by the client's entire IP address, which can span a broad range. By using Class C affinity, NLB associates clients with only the same Class C portion of the IP address with particular members. Therefore, you essentially reduce the range of IP addresses by which NLB load balances clients.
Q3. You have a Hyper-V host named Server1 that runs Windows Server 2012 R2 Datacenter.
Server1 is located in an isolated network that cannot access the Internet.
On Server1, you install a new virtual machine named VM1. VM1 runs Windows Server
2012 R2 Essentials and connects to a private virtual network.
After 30 days, you discover that VM1 shuts down every 60 minutes.
You need to resolve the issue that causes VM1 to shut down every 60 minutes.
What should you do?
A. OnVM1, run slmgr.exe and specify the /ipk parameter.
B. OnServer1, run slmgr.exe and specify the /rearm-sku parameter.
C. Create a new internal virtual network and attach VM1 to the new virtual network.
D. On Server1, run Add-WindowsFeatureVolumeActivation.
Answer: A
Q4. Your network contains an Active Directory domain named contoso.com. The domain contains four servers. The servers are configured as shown in the following table.
You plan to deploy an enterprise certification authority (CA) on a server named Servers. Server5 will be used to issue certificates to domain-joined computers and workgroup computers.
You need to identify which server you must use as the certificate revocation list (CRL) distribution point for Server5.
Which server should you identify?
A. Server1
B. Server3
C. Server4
D. Server2
Answer: B
Explanation:
CDP (and AD CS) always uses a Web Server NB: this CDP must be accessible from outside the AD, but here we don't have to wonder about that as there's only one web server.
http://technet.microsoft.com/fr-fr/library/cc782183%28v=ws.10%29.aspx
Selecting a CRL Distribution Point Because CRLs are valid only for a limited time, PKI clients need to retrieve a new CRL periodically. Windows Server 2003 PKI Applications look in the CRL distribution point extension for a URL that points to a network location from which the CRL object can be retrieved. Because CRLs for enterprise CAs are stored in Active Directory, they can be accessed by means of LDAP. In comparison, because CRLs for stand-alone CAs are stored in a directory on the server, they can be accessed by means of HTTP, FTP, and so on as long as the CA is online. Therefore, you should set the CRL distribution point after the CA has been installed.
The system account writes the CRL to its distribution point, whether the CRL is published manually or is published according to an established schedule. Therefore you must ensure that the system accounts for CAs have permission to write to the CRL distribution point. Because the CRL path is also included in every certificate, you must define the CRL location and its access path before deploying certificates. If an Application performs revocation checking and a valid CRL is not available on the local computer, it rejects the certificate.
You can modify the CRL distribution point by using the Certification Authority MMC snap-in. In this way, you can change the location where the CRL is published to meet the needs of users in your organization. You must move the CRL distribution point from the CA configuration folder to a Web server to change the location of the CRL, and you must move each new CRL to the new distribution point, or else the chain will break when the previous CRL expires.
Note On root CAs, you must also modify the CRL distribution point in the CAPolicy.inf file so that the root CA certificate references the correct CDP and AIA paths, if specified. If you are using certificates on the Internet, you must have at least one HTTPs-accessible location for all certificates that are not limited to internal use.
http://technet.microsoft.com/en-us/library/cc771079.aspx Configuring Certificate Revocation It is not always possible to contact a CA or other trusted server for information about the validity of a certificate. To effectively support certificate status checking, a client must be able to access revocation data to determine whether the certificate is valid or has been revoked. To support a variety of scenarios, Active Directory Certificate Services (AD CS) supports industry-standard methods of certificate revocation. These include publication of certificate revocation lists (CRLs) and delta CRLs, which can be made available to clients from a variety of locations, including Active Directory Domain Services (AD DS), Web servers, and network file shares.
Q5. Your network contains an Active Directory domain named adatum.com.
You have a standard primary zone named adatum.com.
You need to provide a user named User1 the ability to modify records in the zone.
Other users must be prevented from modifying records in the zone.
What should you do first?
A. Run the Zone Signing Wizard for the zone
B. From the properties of the zone, change the zone type
C. Run the new Delegation Wizard for the zone
D. From the properties of the zone, modify the Start Of Authority (SOA) record
Answer: C
Q6. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a Clustered Shared Volume (CSV).
A developer creates an application named App1. App1 is NOT a cluster-aware application. App1 stores data in the file system.
You need to ensure that App1 runs in Cluster1. The solution must minimize development effort.
Which cmdlet should you run?
A. Add-ClusterServerRole
B. Add ClusterGenericApplicationRole
C. Add-ClusterGenericServiceRole
D. Add ClusterScaleOutFileServerRole
Answer: B
Q7. You have a print server named Print1 that runs Windows Server 2012 R2. Print1 has 10 shared printers.
You need to change the location of the spool folder.What should you modify?
A. The properties of the Print Spooler service
B. The Print Server Properties
C. The user environment variables
D. The PrintQueue.inf file
Answer: A
Q8. Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 and Server2 are nodes in a failover cluster named Cluster1. The network contains two servers named Server3 and Server4 that run Windows Server 2012 R2. Server3 and Server4 are nodes in a failover cluster named Cluster2.
You need to move all of the applications and the services from Cluster1 to Cluster2.
What should you do first from Failover Cluster Manager?
A. On a server in Cluster1, configure Cluster-Aware Updating.
B. On a server in Cluster2, configure Cluster-Aware Updating.
C. On a server in Cluster1, click Migrate Roles.
D. On a server in Cluster1, click Move Core Cluster Resources, and then click Select Node...
Answer: C
Explanation:
http://blogs.msdn.com/b/clustering/archive/2012/06/25/10323434.aspx
Q9. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
You are creating a central access rule named Test Finance that will be used to audit members of the Authenticated users group for access failure to shared folders in the finance department.
You need to ensure that access requests are unaffected when the rule is published.
What should you do?
A. Set the Permissions to Use the following permissions as proposed permissions.
B. Add a Resource condition to the current permissions entry for the Authenticated Users principal.
C. Set the Permissions to Use following permissions as current permissions.
D. Add a User condition to the current permissions entry for the Authenticated Users principal.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/jj134043.aspx
Q10. OTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2012 R2.
You are a member of the local Administrators group on Server2. You install an Active Directory Rights
Management Services (AD RMS) root cluster on Server2.
You need to ensure that the AD RMS cluster is discoverable automatically by the AD RMS client computers and the users in contoso.com.
Which additional configuration settings should you configure? To answer, select the appropriate tab in the answer area.
Answer:
308. OTSPOT
Your network contains an Active Directory domain named contoso.com.
You install the IP Address Management (IPAM) Server feature on a server named Server1
and select Manual as the provisioning method.
The IPAM database is located on a server named SQL1.
You need to configure IPAM to use Group Policy Based provisioning.
What command should you run first?
To answer, select the appropriate options in the answer area.