Answer: A,C

Explanation:

The following is a list of firewall ports which need to be opened for the various VPN tunnel protocols:

For PPTP:

IP Protocol=TCP, TCP Port number=1723 <- Used by PPTP control path IP Protocol=GRE (value 47) <- Used by PPTP data path

For L2TP:

IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv1 (IPSec control path) IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv1 (IPSec control path) IP Protocol Type=ESP (value 50) <- Used by IPSec data path

For SSTP:

IP Protocol=TCP, TCP Port number=443 <- Used by SSTP control and data path

For IKEv2:

IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv2 (IPSec control path) IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv2 (IPSec control path) IP Protocol Type=ESP (value 50) <- Used by IPSec data path

Answer: B

Explanation:

Windows 8 is coming REALLY SOON and of course one of the big new things to computer with that is the new Packaged Apps that run in the start screen. However these apps are very different and do not install like traditional apps to a path or have a true u201cexecutableu201d file to launch the program. Of course enterprises need a way to control these packaged apps and therefore Microsoft has added a new feature Packaged Apps option to the App1ocker feature.

:A. For .exe or .com

:B. A publisher rule for a Packaged app is based on publisher, name and version

:C. You can create a certificate rule that identifies software and then allows or does not allow the software to run, depending on the security level.

:D. For .msi or .msp

Packaged apps (also known as Windows 8 apps) are new to Windows Server 2012 R2 and Windows 8. They are based on the new app model that ensures that all the files within an app package share the same identity.

Therefore, it is possible to control the entire Application using a single App1ocker rule as opposed to the non-packaged apps where each file within the app could have a unique

identity. Windows does not support unsigned packaged apps which implies all packaged apps must be signed. App1ocker supports only publisher rules for Packaged apps. A publisher rule for a packaged app is based on the following information:

Publisher of the package Package name

Package version

Therefore, an App1ocker rule for a Packaged app controls both the installation as well as the running of the app. Otherwise, the publisher rules for Packaged apps are no different than the rest of the rule collections; they support exceptions, can be increased or decreased in scope, and can be assigned to users and groups.

Answer: A

Explanation:

You should join the server to the domain first. You can add workgroup servers to Server Manager on a domain joined server, however, you must first add the workgroup computer to the Trusted Hosts list using "Set-Item

wsman:localhostClientTrustedHostsWorkgroupServerName -Concatenate -Force"

Answer: C,E

Answer: C

Explanation:

Private virtual networks are used where you want to allow communications between virtual machine to virtual machine on the same physical server in a block diagram, a private network is an internal network without a virtual NIC in the parent partition. A private network would commonly be used where you need complete isolation of virtual machines from external and parent partition traffic. DMZ workloads running on a leg of a trihomed firewall, or an isolated test domain are examples where this type of network may be useful.

Answer: B

Explanation:

:A. Create Disk Storage Pool

:B. PolicyDefinitions folder in SYSVOL

:C. Group Policy Management is a console for GPO Mgmt

:D. Folder is for logon scripts

Policy Definitions folder within the SYSVOL folder hierarchy. By placing the ADMX files in this directory, they are replicated to every DC in the domain; by extension, the ADMX- aware Group Policy Management Console in Windows Vista, Windows 7, Windows Server 2008 and R2 can check this folder as an additional source of ADMX files, and will report them accordingly when setting your policies.

By default, the folder is not created. Whether you are a single DC or several thousand, I would

Strongly recommend you create a Central Store and start using it for all your ADMX file storage. It really does work well.

The Central Store

To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain. To create a Central Store for .admx and .adml files, create a folder that is named Policy Definitions in the following location:

\FQDNSYSVOLFQDNpolicies.

Answer: D

Explanation:

:A. A conversion would be needed from VHD to VHDX. Not available to multiple VMu2021s

:B. Single VHD not available to multiple VMu2021s. Changes wouldnu2021t be reflected

:C. A conversion would be needed from VHD to VHDX. Not available to multiple VMu2021s

:D. Child disk for multiple VMu2021s with Files.vhd as parent. A differencing disk is associated with another virtual hard disk that you select when you create the differencing disk. This means that the disk to which you want to associate the differencing disk must exist first. This virtual hard disk is called the u201cparentu201d disk and the differencing disk is the u201cchildu201d disk. The parent disk can be any type of virtual hard disk.

The differencing disk stores all changes that would otherwise be made to the parent disk if the differencing disk was not being used. The differencing disk provides an ongoing way to save changes without altering the parent disk. You can use the differencing disk to store changes indefinitely, as long as there is enough space on the physical disk where the differencing disk is stored. The differencing disk expands dynamically as data is written to it and can grow as large as the maximum size allocated for the parent disk when the parent disk was created.

Answer: B

Explanation:

With Preferences, local and domain accounts can be added to a local group without affecting the existing members of the group

References:

Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 8: File Services and Storage, p. 361.

http://technet.microsoft.com/en-us/library/cc785631(v=ws.10).aspx http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local- administrator-groups/

http://technet.microsoft.com/en-us/library/cc780182(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh831424.aspx

Answer: D

Answer: B