Q1. You have a server named Server1 that runs a Server Core installation of Windows Server 2012 R2 Standard. You establish a Remote Desktop session to Server1.
You need to identify which task can be performed on Server1 from within the Remote Desktop session.
What should you identify?
A. Install a feature by using Server Manager.
B. Modify the network settings by using Sconfig.
C. Disable services by using Msconfig.
D. Join a domain by using the System Properties.
Answer: B
Explanation: In Windows Server 2012 R2, you can use the Server Configuration tool (Sconfig.cmd) to configure and manage several common aspects of Server Core installations. You must be a member of the Administrators group to use the tool. Sconfig.cmd is available in the Minimal Server Interface and in Server with a GUI mode.
http://technet.microsoft.com/en-us/library/jj647766.aspx Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 2: Deploying servers, p. 80
Q2. Your network contains two Hyper-V hosts named Host1 and Host2. Host1 contains a virtual machine named VM1. Host2 contains a virtual machine named VM2. VM1 and VM2 run Windows Server 2012 R2.
You install the Network Load Balancing feature on VM1 and VM2.
You need to ensure that the virtual machines are configured to support Network Load Balancing (NLB).
Which virtual machine settings should you configure on VM1 and VM2?
A. DHCP guard
B. MAC address
C. Router guard
D. Port mirroring
Answer: B
Explanation: When MAC addresses are not assigned to virtual machines, it could cause network problems.
References: Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 7: Hyper-V virtualization, Lesson 1: Deploying and configuring Hyper-V hosts, p. 313-319 http://blogs.msdn.com/b/clustering/archive/2010/07/01/10033544.aspx
Q3. OTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured.
For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll the smart card certificates for the users.
You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent.
Which setting should you modify? To answer, select the appropriate setting in the answer area.
Answer:
172. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.
Which tool should you use?
A. The Set-AdComputercmdlet
B. Group Policy Management Console (GPMC)
C. Server Manager
D. TheGpupdate command
Q4. You have a server named Print1 that runs Windows Server 2012 R2.On Print1, you share a printer named Printer1.
You need to ensure that only the members of the Server Operators group, the Administrators group, and the Print Operators group can send print jobs to Printer1.
What should you do?
A. Remove the permissions for the Creator Owner group
B. Assign the Print permission to the Server Operators group
C. Remove the permissions for the Everyone group
D. Assign the Print permission to the Administrators group
Answer: C
Explanation:
By default Everyone can print. This permissions need to be removed.
Q5. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012.
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)
A. Run Enable AdfsDeviceRegistration -PrepareActiveDirectory.
B. Edit the multi-factor authentication global authentication policy settings.
C. Edit the primary authentication global authentication policy settings.
D. Run Set-AdfsProxyPropertiesHttpPort 80.
E. Run Enable-AdfsDeviceRegistration.
Answer: C,E
Explanation:
* To enable Device Registration Service
On your federation server, open a Windows PowerShell command window and type:
Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm..
Enable seamless second factor authentication Seamless second factor authentication is an enhancement in AD FS that provides an added level of access protection to corporate resources and applications from external devices that are trying to access them. When a personal device is Workplace Joined, it becomes a ‘known’ device and administrators can use this information to drive conditional access and gate access to resources. To enable seamless second factor authentication, persistent single sign-on (SSO) and conditional access for Workplace Joined devices In the AD FS Management console, navigate to Authentication Policies. Select Edit Global Primary Authentication. Select the check box next to Enable Device Authentication, and then click OK.
Q6. Your network contains an Active Directory domain named contoso.com.
Network Policy Server (NPS) is deployed to the domain.
You plan to deploy Network Access Protection (NAP).
You need to configure the requirements that are validated on the NPS client computers.
What should you do?
A. From the Network Policy Server console, configure a health policy.
B. From the Network Policy Server console, configure a network policy.
C. From a Group Policy object (GPO), configure the NAP Client Configuration security setting.
D. From a Group Policy object (GPO), configure the Network Access Protection Administrative Templates setting.
E. From the Network Policy Server console, configure a Windows Security Health Validator (WSHV) policy.
Answer: E Explanation:
I feel the question is a bit unclear still.
http://technet.microsoft.com/en-us/library/cc731260.aspx
WSHV settings
If a client computer is noncompliant with one of the requirements of the WSHV, it is
considered noncompliant with the WSHV as a whole. If a computer is determined to be
noncompliant with the WSHV, the following actions might be taken:
I believe that the validation will take into account Health and Network, so it has to be both
of them.
I don't see A or D being a valid choice.
Leaving us with E. And, the site kinda confirm this.
Q7. Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows Server 2012 R2.
A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily.
During routine maintenance, you delete a group named Group1.
You need to recover Group1 and identify the names of the users who were members of Group1 prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?
A. Perform an authoritative restore of Group1.
B. Mount the most recent Active Directory backup.
C. Use the Recycle Bin to restore Group1.
D. Reactivate the tombstone of Group1.
Answer: A
Explanation:
The Active Directory Recycle Bin does not have the ability to track simple changes to objects. If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties. There is another approach you should be aware of. Tombstone reanimation (which has nothing to do with zombies) provides the only way to recover deleted objects without taking a DC offline, and it's the only way to recover a deleted object's identity information, such as its objectGUID and objectSid attributes. It neatly solves the problem of recreating a deleted user or group and having to fix up all the old access control list (ACL) references, which contain the objectSid of the deleted object. Restores domain controllers to a specific point in time, and marks objects in Active Directory as being authoritative with respect to their replication partners.
Q8. RAG DROP
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012.
The domain contains an organizational unit (OU) named OU1. OU1 contains an OU named OU2. OU2 contains a user named User1.
User1 is the member of a group named Group1. Group1 is in the Users container.
You create five Group Policy objects (GPO). The GPOs are configured as shown in the following table.
The Authenticated Users group is assigned the default permissions to all of the GPOs.
There are no site-level GPOs.
You need to identify which three GPOs will be applied to User1 and in which order the
GPOs will be applied to User1.
Which three GPOs should you identify in sequence?
To answer, move the appropriate three GPOs from the list of GPOs to the answer area and
arrange them in the correct order.
Answer:
Q9. You create a new virtual disk in a storage pool by using the New Virtual Disk Wizard.
You discover that the new virtual disk has a write-back cache of 1 GB.
You need to ensure that the virtual disk has a write-back cache of 5 GB.
What should you do?
A. Detach the virtual disk, and then run the Resize-VirtualDisk cmdlet
B. Detach the virtual disk, and then run the Set-VirtualDisk cmdlet
C. Delete the virtual disk, and then run the New-StorageSubSystemVirtualDisk cmdlet
D. Delete the virtual disk, and then run the New-VirtualDisk cmdlet
Answer: D
Q10. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. You create a user account named User1 in the domain.
You need to ensure that User1 can use Windows Server Backup to back up Server1.
The solution must minimize the number of administrative rights assigned to User1.
What should you do?
A. Assign User1 the Back up files and directories user right.
B. Add User1 to the Backup Operators group.
C. Add User1 to the Power Users group.
D. Assign User1 the Back up files and directories user right and the Restore files and directories user right.
Answer: A
Explanation:
Backup Operators have these permissions by default:
However the question explicitly says we need to minimize administrative rights. Since the
requirement is for backing up the data onlyno requirement to restore or shutdownthen assigning the "Back up files and directories user right" would be the correct.