Q1. You have a datacenter that contains six servers. Each server has the Hyper-V server role installed and runs Windows Server 2012 R2. The servers are configured as shown in the following table.
Host4 and Host5 are part of a cluster named Cluster1. Cluster1 hosts a virtual machine named VM1.
You need to move VM1 to another Hyper-V host. The solution must minimize the downtime of VM1.
To which server and by which method should you move VM1?
A. To Host3 by using a storage migration
B. To Host6 by using a storage migration
C. To Host2 by using a live migration
D. To Host1 by using a quick migration
Answer: A
Explanation:
With Hyper-V live migration, you can move running VMs from one Hyper-V physical host to
another without any disruption of service or perceived downtime.
Host3 has an Intel processer, as does Host4 and Host5 in Cluster1, so the migration will
work fine.
Incorrect:
Not B, not C. The migration of a virtual machine between physical computers is only
supported on computers that have the same processor steppings or are from the same
vendor. Therefore you cannot move a virtual machine from a Hyper-V host on an Intel-
based server to a Hyper-V Host on an AMD-based server.
Not D. Quick Migration saves, moves and restores VMs, which results in some downtime.
Reference: Hyper-V Migration Guide
http://technet.microsoft.com/en-us/library/ee849855(v=WS.10).aspx
Reference: Virtual Machine Storage Migration Overview
http://technet.microsoft.com/en-us/library/hh831656.aspx
Reference: Windows Server 2008 R2 & Microsoft Hyper-V Server 2008 R2 - Hyper-V Live
Migration Overview & Architecture (http://www.microsoft.com/en-us/download/details.aspx?id=12601)
Q2. Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003.
You have a domain outside the forest named adatum.com.
You need to configure an access solution to meet the following requirements:
* Users in adatum.com must be able to access resources in contoso.com.
* Users in adatum.com must be prevented from accessing resources in fabrikam.com.
* Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com.
What should you create?
A. a one-way realm trust from contoso.com to adatum.com
B. a one-way realm trust from adatum.com to contoso.com
C. a one-way external trust from contoso.com to adatum.com
D. a one-way external trust from adatum.com to contoso.com
Answer: C
Explanation:
The contoso domain must trust the adatum domain.
Note: In a One-way: incoming trust, users in your (trusted) domain can be authenticated in
the other (trusting) domain. Users in the other domain cannot be authenticated in your
domain.
Incorrect:
Not A, not B. Use realm trusts to form a trust relationship between a non-Windows
Kerberos realm and a Windows Server domain.
Not D. The resources that are to be shared are in the contoso domain.
Reference: Trust types
Q3. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
You are creating a central access rule named TestFinance that will be used to grant members of the Authenticated users group access to a folder stored on a Microsoft SharePoint Server 2013 server.
You need to ensure that the permissions are granted when the rule is published.
What should you do?
A. Set the Permissions to Use the following permissions as proposed permissions.
B. Set the Permissions to Use following permissions as current permissions.
C. Add a Resource condition to the current permissions entry for the Authenticated Users principal.
D. Add a User condition to the current permissions entry for the Authenticated Users principal.
Answer: B
Explanation:
To create a central access rule (see step 5 below): In the left pane of the Active Directory Administrative Center, click Tree View, select Dynamic Access Control, and then click Central Access Rules. Right-click Central Access Rules, click New, and then click Central Access Rule. In the Name field, type Finance Documents Rule. In the Target Resources section, click Edit, and in the Central Access Rule dialog box, click Add a condition. Add the following condition: [Resource] [Department] [Equals] [Value] [Finance], and then click OK. In the Permissions section, select Use following permissions as current permissions, click Edit, and in the Advanced Security Settings for Permissions dialog box click Add.
Note (not A): Use the following permissions as proposed permissions option lets you create the policy in staging.
6. In the Permission entry for Permissions dialog box, click Select a principal, type Authenticated Users, and then click OK.
Etc.
Incorrect:
Not A. Proposed permissions enable an administrator to more accurately model the impact
of potential changes to access control settings without actually changing them.
Reference: Deploy a Central Access Policy (Demonstration Steps)
https://technet.microsoft.com/en-us/library/hh846167.aspx
Q4. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. Server1 is configured to resolve single-label names for DNS clients.
You need to view the number of queries for single-label names that are resolved by Server1.
What command should you run?
To answer, select the appropriate options in the answer area.
Answer:
Q5. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Hyper-V server role installed. The servers are configured as shown in the following table.
You add a third server named Server3 to the network. Server3 has Intel processors.
You need to move VM3 and VM6 to Server3. The solution must minimize downtime on the
virtual machines.
Which method should you use to move each virtual machine?
To answer, select the appropriate method for each virtual machine in the answer area.
Answer:
Q6. Your network contains an Active Directory domain named adatum.com. The domain contains two sites named Site1 and Site2 and two domain controllers named DC1 and DC2. DC1 is located in Site1 and DC2 is located in Site2.
You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2.
A technician connects DC3 to Site2.
You discover that users in Site2 are authenticated only by DC2.
You need to ensure that the users in Site2 are authenticated by both DC2 and DC3.
What should you do?
A. In Active Directory Users and Computers, configure the msDS-PrimaryComputer attribute for DC3.
B. In Active Directory Users and Computers, configure the msDS-Site-Affinity attribute for DC3.
C. From Active Directory Sites and Services, move DC3.
D. From Active Directory Sites and Services, modify the site link between Site1 and Site2.
Answer: C
Explanation:
DC3 needs to be moved to Site2 in AD DS
Reference: Move a domain controller between sites
http://technet.microsoft.com/en-us/library/cc759326(v=ws.10).aspx
Q7. HOTSPOT
You run Get-ISCSIServerTarget and you receive the following output.
Use the drop-down menus to select the answer choice that completes each statement.
Answer:
Q8. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.
You add two additional nodes to Cluster1. You need to ensure that Cluster1 stops running if three nodes fail.
What should you configure?
A. Affinity-None
B. Affinity-Single
C. The cluster quorum settings
D. The failover settings
E. A file server for general use
F. The Handling priority
G. The host priority
H. Live migration
I. The possible owner
J. The preferred owner
K. Quick migration
L. the Scale-Out File Server
Answer: C
Explanation:
The quorum configuration in a failover cluster determines the number of failures that the cluster can sustain.
Reference: Understanding Quorum Configurations in a Failover Cluster
http://technet.microsoft.com/en-us/library/cc731739.aspx
Q9. Your network contains an Active Directory domain named corp.contoso.com.
You deploy Active Directory Rights Management Services (AD RMS).
You have a rights policy template named Template1. Revocation is disabled for the template.
A user named User1 can open content that is protected by Template1 while the user is connected to the corporate network.
When User1 is disconnected from the corporate network, the user cannot open the protected content even if the user previously opened the content.
You need to ensure that the content protected by Template1 can be opened by users who are disconnected from the corporate network.
What should you modify?
A. The User Rights settings of Template1
B. The templates file location of the AD RMS cluster
C. The Extended Policy settings of Template1
D. The exclusion policies of the AD RMS cluster
Answer: C
Explanation:
* The extended rights policy of a template controls how content licenses are to be implemented. The extended rights policy template settings are specified by using the Active Directory Rights Management Services (AD RMS) administration site. The available settings control persistence of author rights, whether trusted browsers are supported, license persistence within the content, and enforcement of any application-specific data.
* You can add trust policies so that AD RMS can process licensing requests for content that was rights protected.
Reference: Extended Policy Template Information; AD RMS and Server Design
http://technet.microsoft.com/en-us/library/ee221071(v=ws.10).aspx
Q10. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two DHCP servers named Server1 and Server2. Both servers have multiple IPv4 scopes.
Server1 and Server2 are used to assign IP addresses for the network IDs of 172.20.0.0/16 and 131.107.0.0/16.
You install the IP Address Management (IPAM) Server feature on a server named IPAM1 and configure IPAM1 to manage Server1 and Server2.
Some users from the 172.20.0.0 network report that they occasionally receive an IP address conflict error message.
You need to identify whether any scopes in the 172.20.0.0 network ID conflict with one another.
What Windows PowerShell cmdlet should you run?
To answer, select the appropriate options in the answer area.
Answer: