Q1. Your network contains two Active Directory forests named contoso.com and adatum.com.
Each forest contains one domain. Contoso.com has a two-way forest trust to adatum.com.
Selective authentication is enabled on the forest trust.
Contoso contains 10 servers that have the File Server role service installed.
Users successfully access shared folders on the file servers by using permissions granted
to the Authenticated Users group.
You migrate the file servers to adatum.com.
Contoso users report that after the migration, they are unable to access shared folders on
the file servers.
You need to ensure that the Contoso users can access the shared folders on the file
servers.
What should you do?
A. Disable selective authentication on the existing forest trust
B. Disable SID filtering on the existing forest trust
C. Run netdom and specify the /quarantine attribute
D. Replace the existing forest trust with an external trust.
Answer: B
Q2. Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the IP Address Management (IPAM) Server feature installed. You install the IPAM client on Server2.
You open Server Manager on Server2 as shown in the exhibit. (Click the Exhibit button.)
You need to manage IPAM from Server2.
What should you do first?
A. On Server2, open Computer Management and connect to Server1.
B. On Server1, add the Server2 computer account to the IPAM ASM Administrators group.
C. On Server2, add Server1 to Server Manager.
D. On Server1, add the Server2 computer account to the IPAM MSM Administrators group.
Answer: C
Q3. OTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2. You enable the EventLog-Application event trace session.
You need to set the maximum size of the log file used by the trace session to 10 MB. From which tab should you perform the configuration? To answer, select the appropriate tab in the answer area.
Answer:
29. RAG DROP
Your network contains an Active Directory domain named contoso.com. The domain
contains two DHCP servers named DHCP1 and DHCP2 that run Windows Server 2012. You install the IP Address Management (IPAM) Server feature on a member server named Server1 and you run the Run Invoke-IpamGpoProvisioningcmdlet.
You need to manage the DHCP servers by using IPAM on Server1. Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Q4. You have a server named Server1 that runs Windows Server 2012 R2.
You plan to enable Hyper-V Network Virtualization on Server1.
You need to install the Windows Network Virtualization Filter Driver on Server1.
Which Windows PowerShell cmdlet should you run?
A. Set-NetVirtualizationGlobal
B. Enable-NetAdapterBinding
C. Add - WindowsFeature
D. Set-NetAdapterVmq
Answer: B
Explanation: Hyper-V Network Virtrtualization runs multiple virtual networks on a physical network. And each virtual network operates as if it is running as a physical network. The The Set-NetAdaptercmdlet sets the basic properties of a network adapter such as virtual LAN (VLAN) identifier (ID) and MAC address. Thus if you add the binding parameter to the command then you will be able to install the Windows Network Virtualization Filter Driver. Step one:Enable Windows Network Virtualization (WNV). This is a binding that is applied to the NIC that you External Virtual Switch is bound to. This can be a physical NIC, it can be an LBFO NIC team. Either way, it is the network adapter that your External Virtual Switch uses to exit the server.This also means that if you have multiple virtual networks or multiple interfaces that you can pick and choose and it is not some global setting.If you have one External Virtual Switch this is fairly easy: $vSwitch = Get-VMSwitch -SwitchType External# Check if Network Virtualization is bound# This could be done by checking for the binding and seeing if it is enabledForEach-Object -InputObject $vSwitch {if ((Get-NetAdapterBinding -ComponentID "ms_netwnv" -InterfaceDescription $_.NetAdapterInterfaceDescription).Enabled -eq $false){ # Lets enable itEnable-NetAdapterBinding -InterfaceDescription $_.NetAdapterInterfaceDescription -ComponentID "ms_netwnv"}}
Q5. You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server 2012 R2.
You need to force every node in Cluster1 to contact immediately the Windows Server Update Services (WSUS) server on your network for updates.
Which tool should you use?
A. The Add-CauClusterRolecmdlet
B. TheWuauclt command
C. TheWusa command
D. The Invoke-CauScancmdlet
Answer: D
Explanation:
The Invoke-CauScancmdlet performs a scan of cluster nodes for applicable updates and returns a list of the initial set of updates that would be applied to each node in a specified cluster.
Q6. You have a file server named Server1 that runs Windows Server 2012 R2. Server1 has following hardware configurations: 16 GB of RAM A single quad-core CPU Three network teams that have two network adapters each
You add additional CPUs and RAM to Server1. You repurpose Server1 as a virtualization host. You install the Hyper-V server role on Server1. You need to create four external virtual switches in Hyper-V.
Which cmdlet should you run first?
A. Add-NetLbfoTeamNic
B. Set-NetAdapter
C. Remove- NetLbfoTeam
D. Add-VMNetworkAdapter
Answer: D
Explanation:
Here we're talking about hardware network adapters which belong to NIC teams Each external virtual switch must be connected to a NIC or a NIC team, so we need 4 NICs or NIC teams but currently only have 3 teams available. =>we need to break a team first and then connect the two last external virtual switches to each of the 2 "liberated" NIC (an other solution could be to add one physical NIC and connect the last external virtual switch to it or add several (two or more) NICs, create a NIC team containing them and connect the external virtual switch to the NIC team) http://technet.microsoft.com/en-us/library/jj130848.aspx NIC Teaming (NetLBFO) Cmdlets in Windows PowerShell Remove-NetLbfoTeam: Removes the specified NIC team from the host. http://technet.microsoft.com/en-us/library/hh831648.aspx NIC Teaming Overview NIC Teaming, also known as load balancing and failover (LBFO), allows multiple network adapters on a computer to be placed into a team for the following purposes: Bandwidth aggregation Traffic failover to prevent connectivity loss in the event of a network component failure This feature has been a requirement for independent hardware vendors (IHVs) to enter the server network adapter market, but until now NIC Teaming has not been included in Windows Server operating systems. Requirements NIC Teaming requires the presence of a single Ethernet network adapter, which can be used for separating traffic that is using VLANs. All modes that provide fault protection through failover require at least two Ethernet network adapters. Windows Server?2012 supports up to 32 network adapters in a team.
Q7. Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2.
The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com.
Server1 and Server2 connect to each other by using a WAN link. Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com.
You need to configure Server1 to support the resolution of names in fabrikam.com. The solution must ensure that users in contoso.com can resolve names in fabrikam.com if the WAN link fails.
What should you do on Server1?
A. Create a stub zone.
B. Create a secondary zone.
C. Add a forwarder.
D. Create a conditional forwarder.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc771898(v=ws.10).aspx Stub zone doesn't host the records themselves Forwarder and conditional forwarders simply give instructions on where to forward DNS requests to.
Q8. Is the following statement true or false?
When a printer is installed on a network, default printer permissions are assigned that allow all users to print and change the status of documents sent to it.
A. True
B. False
Answer: B
Explanation:
Initial answer = true => false the key is all users and change the status of documents. Change the status document refers to the "Manage Document" permission and it's not a default permission for "all users". By default, so far, a user can only modify status of the jobs that he initiated himself. but i tested to make sure. I installed 2 fake printers (one by the network, and one using LPT1) and here's the default permissions i have got:
If we consider that Everyone can be used to designate "all users", the above screenshot is enough. but just to be sure, i'll add the "Domain Users" and "Authenticated Users" groups to the permissions to check which permission are assigned by default: exactly the same: only the permission to print documents:
Now we can be sure the answer is "FALSE".
NB: by default, only Administrators (and administrator) and "All Application Packages" have
both permissions (print & manage documents) http://technet.microsoft.com/en-us/library/cc773372%28v=ws.10%29.aspx Assigning printer permissions When a printer is
installed on a network, default printer permissions are assigned that allow all users to print,
and allow select groups to manage the printer, the documents sent to it, or both.
Because the printer is available to all users on the network, you might want to limit access
for some users by assigning specific printer permissions. For example, you could give all
non administrative users in a department the Print permission and give all managers the
Print and Manage Documents permissions. In this way, all users and managers can print
documents, but managers can also change the print status of any document sent to the
printer.
Q9. Your network contains an Active Directory domain named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.
You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From the Remote Access Management Console, reload the configuration.
B. Add Server2 to a security group in Active Directory.
C. Restart the IPSec Policy Agent service on Server2.
D. From the Remote Access Management Console, modify the Infrastructure Servers settings.
E. From the Remote Access Management Console, modify the Application Servers settings.
Answer: B,E
Explanation:
Unsure about these answers:
A public key infrastructure must be deployed.
Windows Firewall must be enabled on all profiles.
ISATAP in the corporate network is not supported. If you are using ISATAP, you
should remove it and use native IPv6.
Computers that are running the following operating systems are supported as
... .
DirectAccess clients: Windows Server. 2012 R2 Windows 8.1 Enterprise Windows Server. 2012 Windows 8 Enterprise Windows Server. 2008 R2 Windows 7 Ultimate Windows 7 Enterprise
. Force tunnel configuration is not supported with KerbProxy authentication. . Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported. . Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported.
Q10. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. One of the domain controllers is named DC1.
The network contains a member server named Server1 that runs Windows Server 2012 R2.
You need to promote Server1 to a domain controller by using install from media (IFM).
What should you do first?
A. Run the Active Directory Domain Services Installation Wizard on DC1.
B. Upgrade DC1 to Windows Server 2012 R2.
C. Run the Active Directory Domain Services Configuration Wizard on Server1.
D. Create a system state backup of DC1.
E. Create IFM media on DC1.
Answer: B
Explanation: This is the only valid option. You could install ADDS role on Server 1 and run ADDS configuration wizard and add DC to existing domain.