Q1. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2008 R2 installed. Some of Contoso.com’s workstations have Windows 7 installed, while the rest have Windows 8 installed.
After installing a new Windows Server 2012 computer in the Contoso.com domain, you configure it to run the File and Storage Services server role. You are instructed to create a shared folder on the new server, and configure the use of Previous Versions for restoring files located in the shared folder.
Which of the following actions should you take?
A. You should consider configuring the Shadow Copies settings on the new server.
B. You should consider configuring the Snapshot settings on the new server.
C. You should consider configuring the Background Copy settings on the new server.
D. You should consider configuring the Permission settings on the new server.
Answer: A
Explanation:
What are previous versions? Previous versions are either backup copies (copies of files and folders that you back up by using the Back Up Files wizard, or shadow copies) copies of files and folders that Windows automatically saves as part of a restore point. (Shadow copies can be copies of files on your computer or shared files on a computer on a network.) You can use previous versions of files to restore files that you accidentally modified or deleted, or that were damaged. Depending on the type of file or folder, you can open, save to a different location, or restore a previous version. ATT: (nothing to do with question but cool to know) File Server Volume Copy Shadow Service (VSS) Agent Service Enables consistency of application snaphots (shadow copies). With previous versions of Windows Server, VSS only supported shadow copies of data on the local server. With WS2012, Microsoft has added VSS for SMB File Shares which extends shadow copy support for network volumes. Administrators install the FS VSS Agent on the file server where the application data is located. They then install the VSS provider in the server where the application is located. The provider talks to the agent using the new File Server Remote VSS protocol in order to manage the shadow copies of the data.
Q2. - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. You have fixed-size VHD named Files.vhd.
You need to make the contents in Files.vhd available to several virtual machines. The solution must meet the following requirements:
. Ensure that if the contents are changed on any virtual machine, the changes are not reflected on the other virtual machines. . Minimize the amount of disk space used.
What should you do?
A. Create a fixed-size VHDX. Transfer the information from Files.vhd to the new VHDX file.
B. Convert Files.vhd to a dynamically expanding VHD?
C. Create a dynamically expanding VHDX. Transfer the information from Files.vhd to the new VHDX file.
D. Create differencing VHDs that use Files.vhd as the parent disk.
Answer: D
Explanation:
A. A conversion would be needed from VHD to VHDX. Not available to multiple VM’s
B. Single VHD not available to multiple VM’s. Changes wouldn’t be reflected
C. A conversion would be needed from VHD to VHDX. Not available to multiple VM’s
D. Child disk for multiple VM’s with Files.vhd as parent. A differencing disk is associated with another virtual hard disk that you select when you create the differencing disk. This means that the disk to which you want to associate the differencing disk must exist first. This virtual hard disk is called the “parent” disk and the differencing disk is the “child” disk. The parent disk can be any type of virtual hard disk. The differencing disk stores all changes that would otherwise be made to the parent disk if the differencing disk was not being used. The differencing disk provides an ongoing way to save changes without altering the parent disk. You can use the differencing disk to store changes indefinitely, as long as there is enough space on the physical disk where the differencing disk is stored. The differencing disk expands dynamically as data is written to it and can grow as large as the maximum size allocated for the parent disk when the parent disk was created.
Q3. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
Server2 establishes an IPSec connection to Server1.
You need to view which authentication method was used to establish the initial IPSec connection.
What should you do?
A. From Windows Firewall with Advanced Security, view the quick mode security association.
B. From Event Viewer, search the Application Log for events that have an ID of 1704.
C. From Event Viewer, search the Security Log for events that have an ID of 4672.
D. From Windows Firewall with Advanced Security, view the main mode security association.
Answer: D
Explanation:
Main mode negotiation establishes a secure channel between two computers by determining a set of cryptographic protection suites, exchanging keying material to establish a shared secret key, and authenticating computer and user identities. A security association (SA) is the information maintained about that secure channel on the local computer so that it can use the information for future network traffic to the remote computer. You can monitor main mode SAs for information like which peers are currently connected to this computer and which protection suite was used to form the SA. To get to this view In the Windows Firewall with Advanced Security MMC snap-in, expand Monitoring, expand Security Associations, and then click Main Mode. The following information is available in the table view of all main mode SAs. To see the information for a single main mode SA, double-click the SA in the list. Main mode SA information You can add, remove, reorder, and sort by these columns in the Results pane: Local Address: The local computer IP address. Remote Address: The remote computer or peer IP address. 1st Authentication Method: The authentication method used to create the SA. 1st Authentication Local ID: The authenticated identity of the local computer used in first authentication. 1st Authentication Remote ID: The authenticated identity of the remote computer used in first authentication.
2nd Authentication Method: The authentication method used in the SA.
2nd Authentication Local ID: The authenticated identity of the local computer used in
second authentication.
2nd Authentication Remote ID: The authenticated identity of the remote computer used in
second authentication.
Encryption: The encryption method used by the SA to secure quick mode key exchanges.
Integrity: The data integrity method used by the SA to secure quick mode key exchanges.
Key Exchange: The Diffie-Hellman group used to create the main mode SA.
: http://technet.microsoft.com/en-us/library/dd448497(v=ws.10).aspx
Q4. - (Topic 3)
You have an existing Active Directory site named Site1. You create a new Active Directory site and name it Site2. You need to configure Active Directory replication between Site1 and Site2. You install a new domain controller.
You create the site link between Site1 and Site2.
What should you do next?
A. Use the Active Directory Sites and Services console to configure a new site link bridge object.
B. Use the Active Directory Sites and Services console to decrease the site link cost between Site1 and Site2.
C. Use the Active Directory Sites and Services console to assign a new IP subnet to Site2. Move the new domain controller object to Site2.
D. Use the Active Directory Sites and Services console to configure the new domain controller as a preferred bridgehead server for Site1.
Answer: C
Explanation:
Inter-site Replication
The process of creating a custom site link has five basic steps:
1. Create the site link.
2. Configure the site link’s associated attributes.
3. Create site link bridges.
4. Configure connection objects. (This step is optional.)
5. Designate a preferred bridgehead server. (This step is optional)
Q5. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains three member servers.
The servers are configured as shown in the following table.
All client computers run Windows 8. All client computers receive updates from Server2.
On Server3, you add a shared printer named Printer1. Printer1 uses a Type 4 driver that is not included in the Windows 8 installation media.
You need to ensure that when users connect to the printer for the first time, the printer driver is installed automatically on their client computer.
What should you do?
A. From the Windows Deployment Services console on Server1, add the driver package for Printer1.
B. From the Update Services console on Server2, import and approve updates.
C. From Windows PowerShell on Server3, run the Add-PrinterDriver cmdlet.
D. From the Print Management console on Server3, add additional drivers for Printer1.
Answer: D
Q6. - (Topic 2)
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 has the virtual switches listed in the following table.
You create a virtual machine named VM1. VM1 has two network adapters. One network adapter connects to vSwitch1. The other network adapter connects to vSwitch2. You configure NIC teaming on VM1.
You need to ensure that if a physical NIC fails on Server1, VM1 remains connected to the network.
What should you do on Server1?
A. Run the Set-VmNetworkAdapter cmdlet.
B. Create a new virtual switch on Server1.
C. Modify the properties of vSwitch1 and vSwitch2.
D. Add a new network adapter to VM1.
Answer: A
Q7. - (Topic 3)
Your network contains an Active Directory domain named adatum.com. The domain contains three domain controllers.
The domain controllers are configured as shown in the following table.
DC3 loses network connectivity due to a hardware failure.
You plan to remove DC3 from the domain.
You log on to DC3.
You need to identify which service location (SRV) records are registered by DC3.
What should you do?
A. Open the %windir%\system32\config\netlogon.dns file.
B. Run dcdiag /test:dns
C. Open the %windir%\system32\dns\backup\adatum.com.dns file.
D. Run ipconfig /displaydns.
Answer: A
Explanation:
A. Netlogon service creates a log file that contains all the locator resource records and
places the logfile in the following location:
B. Analyzes the state of domain controllers in a forest or enterprise and reports any
problems to help introubleshooting.
C. dns backup file
D. used to display current resolver cache content You can verify SRV locator resource
records by viewing netlogon.dns, located in the %systemroot%\System32\Config folder.
The SRV record is a Domain Name System (DNS) resource record that is used to identify
computers that host specific services.
SRV resource records are used to locate domain controllers for Active Directory.
You can use Notepad, to view this file.
The first record in the file is the domain controller’s Lightweight Directory Access Protocol
(LDAP) SRV record.
This record should appear similar to the following: _ldap._tcp.Domain_Name
Q8. - (Topic 3)
Your network contains an Active Directory domain named contoso.com.
You have a starter Group Policy object (GPO) named GPO1 that contains more than 100
settings.
You need to create a new starter GPO based on the settings in GPO1.
You must achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Run the New-GPStarterGPO cmdlet and the Copy-GPO cmdlet.
B. Create a new starter GPO and manually configure the policy settings of the starter GPO.
C. Right-click GPO1, and then click Back Up. Create a new starter GPO. Right-click the new GPO, and then click Restore from Backup.
D. Right-click GPO1, and then click Copy. Right-click Starter GPOs, and then click Paste.
Answer: B
Explanation:
Although GPOs and Starter GPOs can both be copied, and a Starter GPO can be used to create a new GPO (as that is their purpose), an existing GPO cannot be copied to a new Starter GPO (unfortunately).
Q9. - (Topic 3)
Your network contains a domain controller that is configured as a DNS server. The server hosts an Active Directory-integrated zone for the domain.
You need to reduce how long it takes until stale records are deleted from the zone. What should you do?
A. From the configuration directory partition of the forest, modify the tombstone lifetime.
B. From the configuration directory partition of the forest, modify the garbage collection interval.
C. From the aging properties of the zone, modify the no-refresh interval and the refresh interval.
D. From the start of authority (SOA) record of the zone, modify the refresh interval and the expire interval.
Answer: C
Explanation:
Scavenging automates the deletion of old records. When scavenging is enabled, then you should also change the no-refresh and refresh intervals of the aging properties of the zone else it may take too long for stale records to be deleted and the size of the DNS database can become large and have an adverse effect on performance.
Q10. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The DNS zone for contoso.com is Active-Directory integrated.
The domain contains 500 client computers. There are an additional 20 computers in a workgroup.
You discover that every client computer on the network can add its record to the contoso.com zone.
You need to ensure that only the client computers in the Active Directory domain can register records in the contoso.com zone.
What should you do?
A. Sign the contoso.com zone by using DNSSEC.
B. Configure the Dynamic updates settings of the contoso.com zone.
C. Configure the Security settings of the contoso.com zone.
D. Move the contoso.com zone to a domain controller that is configured as a DNS server.
Answer: B