Q1. - (Topic 1)
Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Host1. Host1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
Host1 hosts two virtual machines named VM5 and VM6. Both virtual machines connect to a virtual switch named Virtual1.
On VM5, you install a network monitoring application named Monitor1.
You need to capture all of the inbound and outbound traffic to VM6 by using Monitor1.
Which two commands should you run from Windows PowerShell? (Each correct answer presents part of the solution. Choose two.)
A. Get-VM “VM6 | Set-VMNetworkAdapter-IovWeight 1
B. Get-VM “VM5 I Set-VMNetworkAdapter -IovWeight 0
C. Get-VM “VM5 | Set-VMNetworkAdapter -PortMirroring Source
D. Get-VM “VM6 | Set-VMNetworkAdapter -AllowTeaming On
E. Get-VM “VM6 | Set-VMNetworkAdapter -PortMirroring Destination
F. Get-VM “VM5 | Set-VMNetworkAdapter -AllowTeaming On
Answer: C,E
Explanation:
-PortMirroring specifies the port mirroring mode for the network adapter. This can be set to None, Source, and Destination. . If set to Source, a copy of every network packet it sends or receives is forwarded to a virtual network adapter configured to receive the packets. . If set to Destination, it receives copied packets from the source virtual network adapter.
In this scenario, VM5 is the destination which must receive a copy of the network packets from VM6, which s the source.
Reference: http://technet.microsoft.com/en-us/library/hh848457.aspx
Q2. - (Topic 2)
Your network contains a server named Server1 and 10 Web servers. All servers run
Windows Server 2012 R2.
You create a Windows PowerShell Desired State Configuration (DSC) to push the settings
from Server1 to all of the Web servers.
On Server1, you modify the file set for the Web servers.
You need to ensure that all of the Web servers have the latest configurations.
Which cmdlet should you run on Server1?
A. Get-DcsConfiguration
B. Restore-DcsConfiguration
C. Set-DcsLocalConfigurationManager
D. Start-DcsConfiguration
Answer: D
Q3. - (Topic 3)
Your network contains one Active Directory domain named contoso.com. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01.
You need to ensure that when administrators create users in contoso.com, the default user principal name (UPN) suffix is litwareinc.com.
Which cmdlet should you use?
A. the ntdsutil command
B. the Set-ADDomain cmdlet
C. the Install-ADDSDomain cmdlet
D. the dsadd command
E. the dsamain command
F. the dsmgmt command
G. the net user command
H. the Set-ADForest cmdlet
Answer: G
Explanation:
The following example demonstrates how to create a new UPN suffix for the
users in the Fabrikam.com forest:
Set-ADForest -UPNSuffixes @{Add="headquarters.fabrikam.com"}
Reference: Creating a UPN Suffix for a Forest
https://technet.microsoft.com/sv-se/library/Dd391925(v=WS.10).aspx
Q4. - (Topic 2)
You have two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 are part of a workgroup.
On Server1, you add Server2 to Server Manager.
When you attempt to connect to Server2 from Server Manager, you receive the following error message: "Credentials not valid."
You need to ensure that you can manage Server2 from Server1 by using Server Manager on Server1.
What should you do?
A. On Server 2, run the Configure-SmRemoting cmdlet.
B. On Server 1, run the Set-NetFirewallRule cmdlet.
C. On Server 1, run the Set-Item cmdlet.
D. On Server 2, install the Remote Server Administration Tools (RSAT).
Answer: C
Explanation:
Since they are both workgroup members, server 2 will have to be added to server 1 as a trusted host
Q5. HOTSPOT - (Topic 3)
You have a server named Server1. Server1 runs Windows Server 2012 R2.
A user named Admin1 is a member of the local Administrators group.
You need to ensure that Admin1 receives a User Account Control (UAC) prompt when
attempting to open Windows PowerShell as an administrator.
Which setting should you modify from the Local Group Policy Editor?
To answer, select the appropriate setting in the answer area.
Answer:
Q6. - (Topic 3)
You have a file server named Server1 that runs Windows Server 2012 R2. Server1 contains a folder named Folder1.
You share Folder1 as Share1 by using Advanced Sharing. Access-based enumeration is
enabled.
Share1 contains an application named Appl.exe.
You configure the NTFS permissions on Folder1 as shown in the following table.
The members of Group2 report that they cannot make changes to the files in Share1. The
members of Group1 and Group2 run Appl.exe successfully.
You need to ensure that the members of Group2 can edit the files in Share1.
What should you do?
A. Replace the NTFS permissions on all of the child objects.
B. Edit the Share permissions.
C. Edit the NTFS permissions.
D. Disable access-based enumeration.
Answer: C
Explanation:
Share permissions and NTFS permissions are independent in the sense that neither changes the other. The final access permissions on a shared folder are determined by taking into consideration both the share permission and the NTFS permission entries. The more restrictive permissions are then applied.
References: Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter8: File Services and Storage, Lesson 2: Provisioning and Managing Shared Storage, p.388
Q7. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed.
Contoso.com has a domain controller, named ENSUREPASS-DC01.
You have been instructed to make sure that the Group Policy Administrative Templates are available centrally.
Which of the following actions should you take?
A. You should consider copying the policies folder to the PolicyDefinitions folder in the Contoso.com domain’s SYSVOL folder.
B. You should consider copying the PolicyDefinitions folder to the policies folder in the Contoso.com domain’s SYSVOL folder.
C. You should consider copying the PolicyDefinitions folder to the policies folder in the Contoso.com domain’s systemroot folder.
D. You should consider copying the PolicyDefinitions folder to the policies folder in the Contoso.com domain’s logonserver folder.
Answer: B
Explanation:
PolicyDefinitions folder within the SYSVOL folder hierarchy. By placing the ADMX files in this directory, they are replicated to every DC in the domain; by extension, the ADMX-aware Group Policy Management Console in Windows Vista, Windows 7, Windows Server 2008 and R2 can check this folder as an additional source of ADMX files, and will report them accordingly when setting your policies. By default, the folder is not created. Whether you are a single DC or several thousand, I would strongly recommend you create a Central Store and start using it for all your ADMX file storage. It really does work well. The Central Store To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain. To create a Central Store for .admx and .adml files, create a folder that is named PolicyDefinitions in the following location: \\FQDN\SYSVOL\FQDN\policies. Note: FQDN is a fully qualified domain name.
Q8. HOTSPOT - (Topic 3)
Your network contains an Active Directory domain named fabrikam.com. You implement DirectAccess and an IKEv2 VPN.
You need to view the properties of the VPN connection.
Which connection properties should you view? To answer, select the appropriate connection properties in the answer area.
Answer:
Q9. - (Topic 2)
Your network contains an Active Directory domain named adatum.com. The domain contains a member server named L0N-DC1. L0N-DC1 runs Windows Server 2012 R2 and has the DHCP Server server role installed.
The network contains 100 client computers and 50 IP phones. The computers and the phones are from the same vendor.
You create an IPv4 scope that contains addresses from 172.16.0.1 to 172.16.1.254.
You need to ensure that the IP phones receive IP addresses in the range of 172.16.1.100 to 172.16.1.200. The solution must minimize administrative effort.
What should you create?
A. Server level policies
B. Reservations
C. Filters
D. Scope level policies
Answer: D
Explanation:
The scope is already in place.
Scope level policies are typically settings that only apply to that scope. They can also
overwrite a setting that was set at the server level.
When a client matches the conditions of a policy, the DHCP server responds to the clients
based on the settings of a policy.
Settings associated to a policy can be an IP address range and/or options.
An administrator could configure the policy to provide an IP address from a specified sub-range within the overall IP address range of the scope.
You can also provide different option values for clients satisfying this policy.
Policies can be defined server wide or for a specific scope.
A server wide policy – on the same lines as server wide option values – is applicable to all
scopes on the DHCP server.
A server wide policy however cannot have an IP address range associated with it.
There a couple of ways to segregate clients based on the type of device. One way to do
this is by using vendor class/identifier.
This string sent in option 60 by most DHCP clients identify the vendor and thereby the type
of the device.
Another way to segregate clients based on device type is by using the MAC address prefix.
The first three bytes of a MAC address is called OUI and identify the vendor or
manufacturer of the device.
By creating DHCP policies with conditions based on Vendor Class or MAC address prefix,
you can now segregate the clients in your subnet in such a way, that devices of a specific
type get an IP address only from a specified IP address range within the scope. You can
also give different set of options to these clients.
In conclusion, DHCP policies in Windows Server 2012 R2 enables grouping of
clients/devices using the different criteria and delivering targeted network configuration to
them.
Policy based assignment in Windows Server 2012 R2 DHCP allows you to create simple
yet powerful rules to administer DHCP on your network.
References: Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 6: Network Administration, p.253
Q10. - (Topic 3)
Which of the following groups do you use to consolidate groups and accounts that either span multiple domains or the entire forest?
A. Global
B. Domain local
C. Built-in
D. Universal
Answer: D
Explanation:
A. Incorrect: Global groups cannot contain users from other domains.
B. Incorrect: Domain local groups cannot have permissions for resources in other domains.
C. Incorrect: Built-in groups have no inherent cross-domain qualities.
D. Correct: Universal groups, like global groups, are used to organize users according to their resource access needs. You can use them to organize users to facilitate access to any resource located in any domain in the forest through the use of domain local groups. Universal groups are used to consolidate groups and accounts that either span multiple domains or the entire forest.