Microsoft.Certkey.70-412.v2013-10-09.by.ANNA · 10/9/2013 · The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012. Server1 and Server2

Microsoft.Certkey.70-412.v2013-10-09.by.ANNA.200q

Number: 70-412Passing Score: 800Time Limit: 120 minFile Version: 16.5

http://www.gratisexam.com/

Exam Code: 70-412

Exam Name: Configuring Advanced Windows Server 2012 Services

Sections1. Reworded Questions2. New Questions3. All Multiple select Questions4. simuler Questions

Exam A

QUESTION 1You are employed as a network administrator at consoto.com. Contoso.com has in an Active Directory domainnamed contoso.com. All Servers on the contoso.com network have windows server 2012 installed. A contoso.com server ,named Server1,hosts the Active Directory Certificate Services Server role and utilizes ahardware security module(HSM) to safeguard its private key.

You have beed instructed to backup the Active Directory Certificate Services (ADCS) database,log files,andprivate key regularly.You should not use a utility supplied by the hardware security module (HSM) creator.

Which of the following actions should you take?

A. You should consider scheduling an incremental backupB. You Should consider making use of the certutil.exe command.C. You should consider schedulling a differential backupD. You should consider schedulling a copy backup

Correct Answer: BSection: (none)Explanation

Explanation/Reference:http://blogs.technet.com/b/pki/archive/2010/04/20/disaster-recovery-procedures-for-the-active-directory-certificate-services-adcs.aspx

QUESTION 2You are employed as a senior network administrator at contoso.com contoso.com has an active directorydomain named contoso.com. All servers on the contoso.com network have windows server 2012 installed.

You are currently running at training exercise for junior network administrators.You are discussing the DNSSECNRPT rule properly.Which of the following describes the purpose of this rule property?

A. It is used to indicate the namespace to which the policy applies.B. It is used to indicate whether the DNS client should check for DNSSEC validation in the response.C. It is used to indicate DNSSEC must be used to protect DNS traffic for queries belonging to the namespace.

D. It is used to whether DNS connections over DNSSEC will use encryption


Explanation/Reference:

http://technet.microsoft.com/fr-fr/library/ee649182(v=ws.10).aspx

In a DNSSEC deployment, validation of DNS queries by client computers is enabled through configuration ofthe following:

IP security (IPsec). IPsec connection security rules are used to authenticate communications between DNSservers and client computers. For more information about configuring connection security rules, see DeployIPsec Policy to DNS Servers and Deploy IPsec Policy to Client Computers.

Name Resolution Policy Table (NRPT). The NRPT is a new feature available in Windows Server® 2008 R2 andWindows® 7 that contains policies and settings used by DNS clients when issuing DNS queries and receivingDNS responses. The NRPT enables a client to issue queries indicating the knowledge of DNSSEC and tocheck for validation in the response.

QUESTION 3Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012. Server1 and Server2 have theNetwork Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster namedCluster1. Port rules are configured for all clustered applications.

You need to ensure that Server2 handles all client requests to the cluster that are NOT covered by a port rule.

What should you configure?

A. Affinity-NoneB. Affinity-SingleC. The cluster quorum settingsD. The failover settingsE. A file server for general useF. The Handling priorityG. The host priorityH. Live migrationI. The possible ownerJ. The preferred ownerK. Quick migrationL. The Scale-Out File Server

Correct Answer: GSection: simuler QuestionsExplanation


QUESTION 4Your network contains an Active Directory domain named contoso.com. A previous administrator implementeda Proof of Concept installation of Active Directory Rights Management Services (AD RMS). After the proof ofconcept was complete, the Active Directory Rights Management Services server role was removed.

You attempt to deploy AD RMS. During the configuration of AD RMS, you receive an error message indicatingthat an existing AD RMS Service Connection Point (SCP) was found. You need to remove the existing AD RMS SCP.

Which two tools should you use?

A. ADSI EditB. Active Directory Users and ComputersC. Active Directory Domains and TrustsD. Active Directory Sites and ServicesE. ServicesF. Authorization ManagerG. TPM ManagementH. Certification Authority

Correct Answer: ADSection: All Multiple select QuestionsExplanation


QUESTION 5Your network contains an Active Directory domain named contoso.com. The domain contains a main office anda branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012.The domain contains two domain controllers. DC1 hosts an Active Directory- integrated zone for contoso.com.

You add the DNS Server server role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema, andconfiguration naming contexts replicate from DC1 to DC2. You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication.

Which tool should you use?

A. DnscmdB. DnslintC. RepadminD. Ntdsutil

E. DNS ManagerF. Active Directory Sites and ServicesG. Active Directory Domains and TrustsH. Active Directory Users and Computers

Correct Answer: CSection: Reworded QuestionsExplanation

Explanation/Reference:If you see question about AD Replication, First preference is AD sites and services, then Repadmin and thenDNSLINT.

http://technet.microsoft.com/en-us/library/cc739941(v=ws.10).aspx

QUESTION 6Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012.The domain contains a domain controller named DC1 that is configured as an enterprise root certificationauthority (CA). All users in the domain are issued a smart card and are required to log on to their domain-joinedclient computer by using their smart card. A user named User1 resigned and started to work for a competingcompany.


You need to prevent User1 immediately from logging on to any computer in the domain. The solution must notprevent other users from logging on to the domain.

Which two tools should you use?

A. Active Directory Administrative Center

B. Active Directory Sites and ServicesC. Active Directory Users and ComputersD. the Certification Authority consoleE. the Certificates snap-inF. Certificate TemplatesG. Server ManagerH. the Security Configuration Wizard

Correct Answer: ACSection: All Multiple select QuestionsExplanation


QUESTION 7Your network contains two Active Directory forests named contoso.com and adatum.com. Both forests containmultiple domains. All domain controllers run Windows Server 2012. Contoso.com has a one-way forest trust toadatum.com. A domain named paris.eu.contoso.com hosts several legacy applications that use NTLMauthentication. Users in a domain named london.europe.adatum.com report that it takes a long time to beauthenticated when they attempt to access the legacy applications hosted in paris.eu.contoso.com.

You need to reduce how long it takes for the london.europe.adatum.com users to be authenticated inparis.eu.contoso.com.

What should you do?

A. Create a shortcut trust.B. Create an external trust between the forest root domains.C. Disable SID filtering on the existing trust.D. Create an external trust.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/cc737939(v=ws.10).aspx

QUESTION 8Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012.You are creating a central access rule named TestFinance that will be used to audit members of theAuthenticated Users group for access failure to shared folders in the finance department.

You need to ensure that access requests are unaffected when the rule is published.

What should you do?

A. Add a User condition to the current permissions entry for the Authenticated Users principal.B. Set the Permissions to Use the following permissions as proposed permissions.C. Add a Resource condition to the current permissions entry for the Authenticated Users principal.D. Set the Permissions to Use following permissions as current permissions.


Explanation/Reference:http://technet.microsoft.com/en-us/library/jj134043.aspx

QUESTION 9You have a server named Server1 that runs Windows Server 2012. Windows Server 2012 is installed onvolume C.

You need to ensure that Safe Mode with Command Prompt loads the next time Server1 restarts.


A. The Restart-Server cmdletB. The Bootcfg commandC. The Restart-Computer cmdletD. The Bcdedit command

Correct Answer: DSection: (none)Explanation


You can see with msconfig tool that boot options have changed as follows :

After reboot you should remove the safeboot option using bcdedit:

- bcdedit /deletevalue safeboot

QUESTION 10You have a server named Server1 that runs a Server Core Installation of Windows Server 2012. Shadowscopies are enabled on all volumes.

You need to delete a specific shadow copy. The solution must minimize server downtime.


A. VssadminB. DiskpartC. WbadminD. Shadow



QUESTION 11Your network contains two Web servers named Server1 and Server2. Server1 and Server2 are nodes in aNetwork Load Balancing (NLB) cluster. You configure the nodes to use the port rule shown in the exhibit. (Clickthe Exhibit button.)

You need to configure the NLB cluster to meet the following requirements:HTTPS connections must be directed to Server1 if Server1 is available.HTTP connections must be loadbalanced between the two nodes.

Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

Exhibit:

A. From the host properties of Server1, set the Handling priority of the existing port rule to 2.B. From the host properties of Server1, set the Handling priority of the existing port rule to 1.C. From the host properties of Server2, set the Priority (Unique host ID) value to 1.D. Create a port rule for TCP port 80. Set the Filtering mode to Multiple host and set the Affinity to None.E. From the host properties of Server2, set the Handling priority of the existing port rule to 2.F. Create an additional port rule for TCP port 443. Set the Filtering mode to Multiple host and set the Affinity to

Single.

Correct Answer: BDESection: All Multiple select QuestionsExplanation


QUESTION 12Your network contains two Active Directory forests named contoso.com and litwareinc.com. A two- way foresttrusts exists between the forest. Selective authentication is enabled on the trust. The contoso.com forestcontains a server named Server1.

You need to ensure that users in litwareinc.com can access resources on Server1.

What should you do?

A. Install Active Directory Rights Management Services on a domain controller in contoso.com.B. Modify the permission on the Server1 computer account.C. Install Active Directory Rights Management Services on a domain controller in litwareinc.com.D. Configure SID filtering on the trust.



QUESTION 13Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC1 that runs Windows Server 2012. DC1 has the DHCP Server server role installed. DHCPis configured as shown in the exhibit. (Click the Exhibit button.)

You discover that client computers cannot obtain IPv4 addresses from DC1. You need to ensure that the client computers can obtain IPv4 addresses from DC1.

What should you do?

Exhibit:

A. Activate the scope.B. Authorize DC1.C. Disable the Allow filters.D. Disable the Deny filters.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:There is no items in the deny List. So it means that client computers MAC addresses is not listed in the allowlist. So we have to disable the "Allow Filters"

QUESTION 14Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 and has the DHCP Server server role installed.

You need to create an IPv6 scope on Server1. The scope must use an address space that is reserved forprivate networks. The addresses must be routable.

Which IPV6 scope prefix should you use?

A. FF00::B. 2001::C. FD00:123:4567::D. FE80::


Explanation/Reference:Explanation: http://www.ipuptime.net/Multicast.aspx http://technet.microsoft.com/en-us/library/gg144561(v=exchg.141).aspx http://en.wikipedia.org/wiki/Unique_local_address

QUESTION 15Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 and has the DNS Server server role installed.

Server1 is configured to use a DNS server from an Internet Service Provider (ISP) as a forwarder.

Corporate management requires that client computers only resolve names of contoso.com computers.You need to configure Server1 to resolve names in the contoso.com zone only.

What should you do on Server1?

A. From DNS Manager, modify the root hints of Server1.B. From Windows PowerShell, run the Remove-DnsServerForwarder cmdlet.C. From Windows PowerShell, run the Set-NetDnsTransitionConfiguration cmdlet.D. From DNS Manager, modify the Advanced properties of Server1.


Explanation/Reference:Explanation: If the DNS server does not know the address of the requested site, then it will forward the requestto another DNS server. In order to do so, the DNS server must know of the IP address of another DNS serverthat it can forward the request to. This is the job of root hints. Root hints provides a list of IP addresses of DNSservers that are considered to be authoritative at the root level of the DNS hierarchy(also known as root nameserver).

QUESTION 16You have a server named Server1 that runs Windows Server 2012.

Each day, Server1 is backed up fully to an external disk.

On Server1, the disk that contains the operating system fails.

You replace the failed disk.

You need to perform a bare-metal recovery of Server1 by using the Windows Recovery Environment (WindowsRE).

What should you use?

A. The Wbadmin.exe commandB. The Repair-bde.exe commandC. The Get-WBBareMetalRecovery cmdletD. The Start-WBVolumeRecovery cmdlet


Explanation/Reference:Explanation:

http://technet.microsoft.com/en-us/library/cc754015(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc770593(v=WS.10).aspx#BKMK_Windows_Recovery_Environment_overview http://technet.microsoft.com/en-us/library/ff829851(v=WS.10).aspx http://technet.microsoft.com/en-us/library/ee706651.aspx http://technet.microsoft.com/en-us/library/jj902470(v=wps.620).aspx

QUESTION 17You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012.

Server1 has a volume named D that contains user data. Server1 has a volume named E that is empty.

Server1 is configured to create a shadow copy of volume D every hour.

You need to configure the shadow copies of volume D to be stored on volume E.

What should you run?

A. The Set-Volume cmdlet with the -driveletter parameterB. The Set-Volume cmdlet with the -path parameterC. The vssadmin.exe add shadowstorage commandD. The vssadmin.exe create shadow command


Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx


Server1 is backed up by using Windows Server Backup. The backup configuration is shown in the exhibit.(Click the Exhibit button.)

You discover that only the last copy of the backup is maintained.

You need to ensure that multiple backup copies are maintained.

What should you do?

A. Modify the backup destination.B. Configure the Optimize Backup Performance settings.C. Modify the Volume Shadow Copy Service (VSS) settings.D. Modify the backup times.

Correct Answer: ASection: (none)

Explanation


QUESTION 19Your network contains an Active Directory domain named corp.contoso.com.

You deploy Active Directory Rights Management Services (AD RMS).

You have a rights policy template named Template1. Revocation is disabled for the template.

A user named User1 can open content that is protected by Template1 while the user is connected to thecorporate network.

When User1 is disconnected from the corporate network, the user cannot open the protected content even ifthe user previously opened the content. You need to ensure that the content protected by Template1 can beopened by users who are disconnected from the corporate network.

What should you modify?

A. The User Rights settings of Template1B. The templates file location of the AD RMS clusterC. The Extended Policy settings of Template1D. The exclusion policies of the AD RMS cluster



QUESTION 20Your company recently deployed a new Active Directory forest named contoso.com. The forest contains twoActive Directory sites named Site1 and Site2. The first domain controller in the forest runs Windows Server2012.

You need to force the replication of the SYSVOL folder from Site1 to Site2.


A. Active Directory Sites and ServicesB. DFS ManagementC. RepadminD. Dfsrdiag


Explanation/Reference:Explanation:http://social.technet.microsoft.com/Forums/en-US/winserverfiles/thread/7e85c7bc-fec2-49bb-896b-0635cb9a6e1dhttp://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/a291bd0f-8cc9-47e1-aca8-ce6767979bef

QUESTION 21You have 30 servers that run Windows Server 2012.

All of the servers are backed up daily by using Windows Azure Online Backup.

You need to perform an immediate backup of all the servers to Windows Azure Online Backup.

Which Windows PowerShell cmdlets should you run on each server?

A. Get-OBPolicy | StartOBBackupB. Start-OBRegistration | StartOBBackupC. Get-WBPolicy | Start-WBBackupD. Get-WBBackupTarget | Start-WBBackup


Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/hh770406(v=wps.620).aspx

QUESTION 22Your network contains an Active Directory domain named contoso.com. The domain contains two servers

named Server1 and Server2 that run Windows Server 2012. Server1 is a file server that has the Hyper-V serverrole installed.

Server1 hosts several virtual machines. The virtual machine configuration files are stored on drive D and theVHD files are stored on drive E.

You plan to replace drive E with a larger volume.

You need to ensure that the virtual machines on Server1 remain available while drive E is being replaced.

What should you do?

A. Perform a quick migration.B. Add Server1 and Server2 as nodes in a failover cluster.C. Perform a live migration.D. Perform a storage migration.



http://technet.microsoft.com/en-us/library/hh831656.aspx

QUESTION 23Your network contains an Active Directory domain named contoso.com. The domain contains a file servernamed File1 that runs a Server Core Installation of Windows Server 2012.

File1 has a volume named D that contains home folders. File1 creates a shadow copy of volume D twice a day.

You discover that volume D is almost full.

You add a new volume named H to File1.

You need to ensure that the shadow copies of volume D are stored on volume H.

Which command should you run?

A. The Set-Volume cmdlet with the -driveletter parameterB. The vssadmin.exe create shadow commandC. The Set-Volume cmdlet with the -path parameterD. The vssadmin.exe add shadowstorage command


Explanation/Reference:Explanation: The right answer is D

http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx

QUESTION 24Your network contains a perimeter network and an internal network. The internal network contains an ActiveDirectory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as theattribute store.

You plan to deploy a federation server proxy to a server named Server2 in the perimeter network.

You need to identify which value must be included in the certificate that is deployed to Server2.

What should you identify?

A. The FQDN of the AD FS serverB. The name of the Federation ServiceC. The name of the Active Directory domainD. The public IP address of Server2


Explanation/Reference:Explanation: The right answer is A

http://technet.microsoft.com/en-us/library/cc776786(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc782620(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc759635(v=ws.10).aspx

QUESTION 25Your network contains an Active Directory forest named adatum.com. The forest contains an Active DirectoryRights Management Services (AD RMS) cluster.

A partner company has an Active Directory forest named litwareinc.com. The partner company does not haveAD RMS deployed.

You need to ensure that users in litwareinc.com can consume rights-protected content from adatum.com.

Which type of trust policy should you create?

A. At federated trust

B. A trusted user domainC. A trusted publishing domainD. Windows Live ID



http://technet.microsoft.com/en-us/library/dd772651(v=WS.10).aspxhttp://technet.microsoft.com/en-us/library/cc738707(v=WS.10).aspxhttp://technet.microsoft.com/en-us/library/cc757344(v=ws.10).aspx

QUESTION 26Your network contains three Active Directory forests. Each forest contains an Active Directory RightsManagement Services (AD RMS) root cluster. All of the users in all of the forests must be able to accessprotected content from any of the forests. You need to identify the minimum number of AD RMS trusts required.How many trusts should you identify?

A. 2B. 3C. 4D. 6


Explanation/Reference:http://technet.microsoft.com/en-us/library/ee221071(v=ws.10).aspx

QUESTION 27Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012. Server1 and Server2 have theFailover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.

You configure File Services and DHCP as clustered resources for Cluster1. Server1 is the active node for bothclustered resources. You need to ensure that if two consecutive heartbeat messages are missed betweenServer1 and Server2, Server2 will begin responding to DHCP requests. The solution must ensure that Server1remains the active node for the File Services clustered resource for up to five missed heartbeat messages.What should you configure?

A. Affinity - NoneB. Affinity - SingleC. The cluster quorum settingsD. The failover settingsE. A file server for general useF. The Handling priorityG. The host priorityH. Live migrationI. The possible ownerJ. The preferred ownerK. Quick migrationL. The Scale-Out File Server

Correct Answer: DSection: simuler QuestionsExplanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/dd197562(v=ws.10).aspx

http://blogs.msdn.com/b/clustering/archive/2012/11/21/10370765.aspx

QUESTION 28you are employee as a network administrator at abc.com. ABC.com has an active directory domain namedABC.com All servers on the abc.com network have windows server 2012 installed and all workstations havewindows 8 enterprise installed.abc.com has established a remote Active directory site that only host workstations.The Computer accounts forthese workstations have been placed in an organizational unit (OU),named ABCADRemote,which has a grouppolicy object(GPO) associated with it.You are in the process of configuration Branchcahce for the remote Active directory site. You have Alreadyturned Branchcache on.Which of the following actions should you take next_?

A. You Should consider having the set Branchcache HostedServer Cache mode setting configuredB. You Should consider having the set Branchcache Hostedclient Cache mode settting configuredC. You Should consider having the set Branchcache distributed cache mode setting configuredD. You should consider having the set BranchCache disabled cache mode settings configured



QUESTION 29You are employed as a network administrator at ABC.com ABC.com has an active directory domain namedABC.com ALL servers on the ABC.com network have windows server 2012.ABC.com has a server,named server 1,which runs the windows deployment services server role.You make use

of windows server backup to back up server 1.Subsequent to a disk array on server 1 becoming corrupt,you swap the disk array with new hardware. You nowneed to recover server1 in the shortest time conceivable.which of the following actions should you take?

A. you should consider making use of the windows server 2012 installation media to start server1B. you should consider restoring server1 from a snapshot backupC. you should consider restoring server 1 from an incremental backupD. you should consider restoring server 1 from a differential backup



QUESTION 30You are employed as a senior network administrator at ABC.com. ABC.com has an active directory domainnamed ABC.com. all servers on the abc.com network windows server2012 installed.You are currently running a training exercise for junior network administrators.You are discussing thePKISync.ps1 tool.which of the following is true with regards to The PKISync.ps1?

A. it adds a certificate template to the CAB. it asssists administrators in diagnosing replication problems between windows domain controllersC. it is used to display information about the digital certificates that are installed on a directAccess

client,DirectAcces server,or intranet resourceD. it copies objects in the source forest to the target forest.



QUESTION 31You are employed as a network administrator ABC.com ABC.com has an active directory domain namedABC.com.all servers on the ABC.com network have windows server 2012 installed.ABC.com has a server named server1 which is configured as a DHCP server You have created a superscope

on server1 .which of the following describes reason for creating a superscope?(choose all that apply.)

A. To support DHCP clients on a single physical network segment where multiple logical ip networks are used.B. To allow for the sending of network traffic to a group of endpoints destination hosts.C. To support remote DHCP clients located on the far side of DHCP and BOOTP relay agents.D. To provide fault tolerance



QUESTION 32You are employed as a network administrator at ABC.com ABC.com has an active directory domain namedABC.com all servers including domain controllers on the ABC.com network have windows server 2012installed.ABC.com has its headquarters in London and an office in paris. The London Office has a domain controllernamed server1,which is configured as a writeable domain controller that servers as a Global catalog server anda DNS server. Server1 is configured to host an Active Directory-integrated zone for ABC.comThe Paris office has a Read-Only domain controller (RODC) named server2 which servers as a Global catalogserver.After installing the DNS server role on server2,you want to make sure that the ABC.com zone is replicated toserver2 via active directory replication.Which of the following actions should you take?

A. You should consider making use of Active Directory Sites and Services to Configured replicationB. You should consider making use of replmon.exe to configure replication.C. You should consider making use of repadmin.exe to configure replicationD. You should consider making use of Active Directory Schema To configure replication

Correct Answer: ASection: Reworded QuestionsExplanation

Explanation/Reference:If you see question about AD Replication, First preference is AD sites and services, then Repadmin and thenDNSLINT.

QUESTION 33You are employed as a network administrator at ABC.com. ABC.com has an Active Directory domain named.Abc.com all servers on the ABC.com network have windows server 2012.You are running a training exercise for junior network administrators.You are currently discussing DHCPfailover architecture.You have informed the trainees that DHCP servers can be deployed as fail over partners in

either hot standby mode or load sharing mode.Which of the following is TRUE with regards to hot standby mode? (Choose all that apply)

A. It is when two servers function in a fail over relationship where an active server is responsible for leasing IPaddress and configuration data to all clients in a scope or subnet

B. It when two servers in a fail over relationship server IP addresses and options to clients on a given subnet atthe same time

C. It is best suited to deployments where a data center server acts as a standby backup server to a server at aremote site

D. It is best suited deployments where both servers in a fail over relationship are located at the same physicalsite


Explanation/Reference:http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failover-hot-standby-mode.aspx

QUESTION 34You are emloyed as a network administrator at ABC.com Abc.com has an Active directory domain namedABC.com all servers on the ABC.com network have windows server 2012.The ABC.com domain has two Active Directory sites configured. You want to make use of change notificationconfigure replication between these Active Directory Sites.You have opened DEFAULTIPSITELINK Propertiesto configure the necessary attribute.


Which of the following is the attribute that needs to be configured?

A. The revisiobn attributeB. The Options attributeC. The schedule attribute D. The proxyAddresses attribute

Correct Answer: B

Section: (none)Explanation


QUESTION 35You are employed as a network administrator at ABC.com ABC.com has an Active Directory domain namedABC.com all servers on the ABC.com network have Windows server 2012 installed.ABC.com has a server named SERVER1 which has been configured to run the HYPER-V server role Server1is configures to host multiple vitrual mahines.When ABC.com acquires a server with a better hardwareconfiguration to SERVER1 you are instructed to relocate the vitrual machines to the new server with as littleinterruptions as possible.

Which of the following actions should you take ? (Choose all that apply.)

A. You should consider exporting the vitrual machines from Server1.B. You should consider running a snapshot backup of the SERVER1.C. You should consider importing the vitrual machine from Server1 to the new server.D. You shoul consider restoring the snapshot backup on the hard drives of the new server.



QUESTION 36You are employed as a network administrator at contoso.com . Contoso.com has an active directory domainnamed contoso.com All servers on the contoso.com network have windows server 2012 installed.

Contoso.com has a server named server1,which is configured as a file server. You have been instructed toenabled a feature that discovers and eradicates duplication within data without compromising its reliability oraccuracy.


A. You should consider having the Data Deduplication feature enabled.B. You should consider having the Storage Spaces feature enabled.C. You should consider having the Storage Management feature enabled.D. You should consider having the folder redirection feature enabled.


Explanation/Reference:http://blogs.technet.com/b/filecab/archive/2012/05/21/introduction-to-data-deduplication-in-windows-server-2012.aspx

QUESTION 37You are employed as a network administrator at contoso.com. contoso.com has a single Active Directorydomain named contoso.com.All servers on the Contoso.com network have Windows server 2012 installed.Contoso.com has two servers,named server1 and server2 which are configured in a two-node fail over cluster.

You are currently configuration the quorum settings for the cluster. You want to make use of a quorum modethat allows each node to vote if it is available and in communication.

Which of the following is the mode you should use?

A. Node MajorityB. Node and Disk MajorityC. Node and File Share MajorityD. No Majority:Disk Only



QUESTION 38You are employed as a network administrator at contoso.com. Contoso.com has a single Active Directory

domain named contoso.com. All servers on the contoso.com network have windows server 2012 installed.You are preparing to install a third-party application on a contoso.com server,named SERVER1.You find that the application is unable to install completely due to its driver not being digitally signed.You want to make sure that the application can be installed succesfully.

Which of the following actions should you take_?

A. You should consider downloading a signed driverB. You should consider having SERVER1 is restored to an earlier dateC. You should consider making use of the Disable Driver Signature Enforcement option from the Advanced

Boot Option.D. You should consider restarting SERVER1 in safe Mode



QUESTION 39You are employed as a senior network administrator at contoso.com.Contoso.com has a single Active DirectoryDomain named contoso.com.All servers on the contoso.com network have windows server 2012 installed.You are running a training exercise for junior network administrator.You are currently discussing the Dnslint.exetool.

Which of the following should this tool be used for ? (Choose all that apply)

A. To help diagnose common DNS name resolution issuesB. For developing scripts for configuring a DNS serverC. To administer the DNS server Service.D. To look for specific DNS record set and sure that they are consistent across multiple DNS servers.E. To verify that DNS records used specifially for Active Directory replication are correctF. To Create and delete zones and resource records.

Correct Answer: ADESection: All Multiple select QuestionsExplanation

Explanation/Reference:http://support.microsoft.com/kb/321045

QUESTION 40You work as an administrator at contoso.com. Contoso.com network consists of a single domain namedcontoso.com. All servers on the contoso.com network have Windows server 2012 installed.Contoso.com has a server,named SERVER1,which has the AD DS,DHCP and DNS server rolesinstalled.Contoso.com also has a server named SERVER2,which has the DHCP and Remote Access ServerRole installed.You have configured a server,which has the File and Storage Services Server role installed.toautomatically acquire an IP address.The server is named Server3

You then create a filter on SERVER1Which of the following is a reason for this configuration?

A. To make sure that SERVER1 issues Server3 an IP address.B. To make sure that SERVER1 does not issue SERVER3 an IP addressC. To make sure that SERVER3 acquires a constant IP address from SERVER2 only.D. To make sure that SERVER3 is configured with a static IP address



QUESTION 41You are employed as a network administrator at ABC.com. ABC.com has an Active Directory domain namedABC.com. All servers on the ABC.com network have Windows server 2012 installed.You have been instructed to configure a custom Windows Recovery Environmen(Windows RE) image thatshould allow for a drive is mapped automatically to a network share in the event that a server is started usingthe image


A. You should consider configuring the startnet.cmd in the image B. You should consider configuring the startup.exe command included in the image.C. You should consider configuring the ntdsutil command included in the image D. You should consider configuring the certutil.exe command included in the image



QUESTION 42You are employed as a senior network administrator at ABC.com . ABC.com has an Active Directory domainnamed ABC.com. All servers on the ABC.com network have windows server 2012 installedYou are currently running a training exercise for junior network administrators.You are discussing the endpointtypes supported by Active Directory Federation Services(AD FS)Which of the following are supported types?(Choose three)

A. SAML WebSSOB. AnonymousC. WS-Federation PassiveD. Client CerticateE. WS-Trust

Correct Answer: ACESection: All Multiple select QuestionsExplanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/adfs2-help-endpoints(v=ws.10).aspx

QUESTION 43You are employed as a senior network administrator at ABC.com . ABC.com has an Active Directory domainnamed ABC.com. All servers on the ABC.com network have windows server 2012 installedThe ABC.com domain has an Active Directory site configured in London,and an Active Directory site in Newyork. You have been instructed to make sure that the synchronization of account lockout data happens quicker.

A. You should consider editing the options attribute from WANLINK propertiesB. You should consider editing the options attribute from LANLIK propertiesC. You should consider editing the options attribute from the DEFAULTSITELINK propertiesD. You should consider editing the proxyAddressess attribute from the DEFAULTIPSITELINK properties.



QUESTION 44You are employed as a senior network administrator at ABC.com . ABC.com has an Active Directory domainnamed ABC.com. All servers on the ABC.com network have windows server 2012 installed.ABC.com has two servers,named SERVER1 and SERVER2 which are configured in a two-node failovercluster.Server1 includes a folder,named ABCAppData,which is configured as a Distributed File System (DFS)name space folder target.After configuring another two nodes in the failover cluster, you are instructed to make sure that access toABCAppData is highly available. You also have to make sure that application data is replicated to ABCAppDatavia DFS replication.

Which following actions should you take ?

A. You should consider configuring a scale-out File ServerB. You should consider configuring the replication settings for the clusterC. You should consider configuring a file server for general use D. You should consider configuring the Quorum settings


Explanation/Reference:http://technet.microsoft.com/en-us/library/hh831349.aspx

Exam B

QUESTION 1You have a file server named FS1 that runs Windows Server 8.

Data Deduplication is enabled on FS1.

You need to configure Data Deduplication to run at a normal priority from 20:00 to 06:00 daily.


A. File and Storage Services in Server ManagerB. The Data Deduplication process in Task ManagerC. Disk Management in Computer ManagementD. The properties of drive C



QUESTION 2Your network contains two Active Directory forests named contoso.com and fabrikam.com. A two- way foresttrust exists between the forests.

The contoso.com forest contains an enterprise certification authority (CA) named CAl.

You implement cross-forest certificate enrollment between the contoso.com forest and the fabrikam.com forest.

On CA1, you create a new certificate template named Template1.

You need to ensure that users in the fabrikam.com forest can request certificates that are based on Template1.


A. Sync-ADObjectB. Pkiview.mscC. CertificateServices.ps1D. CertutilE. PKISync.ps1

Correct Answer: ESection: (none)Explanation

Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx

QUESTION 3Your network contains an Active Directory domain named contoso.com.

A previous administrator implemented a Proof of Concept installation of Active Directory Rights ManagementServices (AD RMS).

After the proof of concept was complete, the Active Directory Rights Management Services server role wasremoved.

You attempt to deploy AD RMS.

During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS ServiceConnection Point (SCP) was found.

You need to remove the existing AD RMS SCP.

A. Certification AuthorityB. Authorization ManagerC. ADSI EditD. Active Directory Domains and Trusts


Explanation/Reference:Explanation: http://social.technet.microsoft.com/wiki/contents/articles/710.the-ad-rms-service-connection-point-en-us.aspx

QUESTION 4Your network contains an Active Directory domain named contoso.com. The domain contains a main office anda branch office. An Active Directory site exists for each office.

All domain controllers run Windows Server 2012. The domain contains two domain controllers. The domaincontrollers are configured as shown in the following table.

DC1 hosts an Active Directory-integrated zone for contoso.com.

You add the DNS Server server role to DC2.

You discover that the contoso.com DNS zone fails to replicate to DC2.

You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2.

You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication.


A. DnslintB. A DNS ManagerC. Active Directory Users and ComputersD. Dnscmd


Explanation/Reference:http://support.microsoft.com/kb/321045/

If you see question about AD Replication, First preference is AD sites and services, then Repadmin and thenDNSLINT.

QUESTION 5Your network contains an Active Directory domain named contoso.com. The domain contains domaincontrollers that run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012.

You plan to implement a new Active Directory forest. The new forest will be used for testing and will be isolatedfrom the production network.

In the test network, you deploy a server named Server1 that runs Windows Server 2012.

You need to configure Server1 as a new domain controller in a new forest named contoso.test.The solution must meet the following.

Select two options below.

A. There is no need to set the Forest Functional Level.B. Set Forest Functional Level to Windows 2003.C. Set Forest Functional Level to Windows 2008D. Set Forest Functional Level to Windows 2008 R2.E. Set Forest Functional Level to Windows 2012.F. There is no need to set the Domain Functional Level.G. Set Domain Functional Level to Windows 2003.H. Set Domain Functional Level to Windows 2008I. Set Domain Functional Level to Windows 2008 R2.J. Set Domain Functional Level to Windows 2012.

Correct Answer: BGSection: All Multiple select QuestionsExplanation

Explanation/Reference:Very smartly reworded that you need to configure server 1 as new DC in a new forest named contoso.test and"also do name resolution". In the answer you will have to select Windows 2003 as domain and forest functionallevel and you should also check "Domain name system(DNS) server.... This is not in any dumps

Explanation: * When you deploy AD DS, set the domain and forest functional levels to the highest value thatyour environment can support. This way, you can use as many AD DS features as possible. For example, if youare sure that you will never add domain controllers that run Windows Server 2003 to the domain or forest,select the Windows Server 2008 functional level during the deployment process. However, if you might retain oradd domain controllers that run Windows Server 2003, select the Windows Server 2003 functional level.

When you deploy a new forest, you are prompted to set the forest functional level and then set the domainfunctional level. You cannot set the domain functional level to a value that is lower than the forest functional

level.

Reference: Understanding Active Directory Domain Services (AD DS) Functional Levels

QUESTION 6Your network contains two servers named Server1 and Server2 that run Windows Server 2012. Both servershave the Hyper-V server role installed. Server1 and Server2 are located in different offices. The offices connectto each other by using a high-latency WAN link. Server2 hosts a virtual machine named VM1. You need toensure that you can start VM1 on Server1 if Server2 fails. The solution must minimize hardware costs. Whatshould you do?

A. On Server2, install the Multipath I/O (MPIO) feature. Modify the storage location of the VHDs for VM1.B. From the Hyper-V Settings of Server1, modify the Replication Configuration settings. Enable replication for

VM1.C. On Server1, install the Multipath I/O (MPIO) feature. Modify the storage location of the VHDs for VM1.D. From the Hyper-V Settings of Server2, modify the Replication Configuration settings. Enable replication for

VM1.


Explanation/Reference:You first have to enable replication on the Replica server--Server1--by going to the server and modifying the"Replication Configuration" settings under Hyper-V settings. You then. go to VM1--which presides on Server2--and run the "Enable Replication" wizard on VM1.

QUESTION 7You have a server named File1 that runs Windows Server 2012. File1 has the File Server role service installed.You plan to back up all shared folders by using Microsoft Online Backup. You download and install theMicrosoft Online Backup Service Agent on File1. You need to ensure that you use Windows Server Backup toback up data to Microsoft Online Backup. What should you do?

A. From Computer Management, add the File1 computer account to the Backup Operators group.B. From the Services console, modify the Log On settings of the Microsoft Online Backup Service Agent.C. From Windows Server Backup, run the Register Server Wizard.D. From a command prompt, run wbadmin.exe enable backup.


Explanation/Reference:http://blogs.technet.com/b/windowsserver/archive/2012/03/28/microsoft-online-backup-service.aspx

QUESTION 8Your network contains an Active Directory domain named contoso.com. The domain contains three serversnamed Server1, Server2, and Server3 that run Windows Server 2012. All three servers have the Hyper-Vserver role installed and the Failover Clustering feature installed. Server1 and Server2 are nodes in a failovercluster named Cluster1. Several highly available virtual machines run on Cluster1. Cluster1 has the Hyper-VReplica Broker role installed. The Hyper-V Replica Broker currently runs on Server1. Server3 currently has novirtual machines. You need to configure Cluster1 to be a replica server for Server3 and Server3 to be a replicaserver for Cluster1. Which two tools should you use? (Each correct answer presents part of the solution.Choose two.)

A. The Hyper-V Manager console connected to Server3B. The Hyper-V Manager console connected to Server2

C. The Failover Cluster Manager console connected to Cluster1D. The Failover Cluster Manager console connected to Server3E. The Hyper-V Manager console connected to Server1



QUESTION 9

You have a server named Server1 that runs Windows Server 2012. You modify the properties of a systemdriver and you restart Server1. You discover that Server1 continuously restarts without starting Windows Server2012. You need to start Windows Server 2012 on Server1 in the least amount of time. The solution mustminimize the amount of data loss. Which Advanced Boot Option should you select?

A. Repair Your ComputerB. Disable Driver Signature EnforcementC. Last Know Good Configuration (advanced)D. Disable automatic restart on system failure


Explanation/Reference:http://windows.microsoft.com/en-ph/windows-vista/using-last-known-good-configuration

QUESTION 10You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012. You needto ensure that users can access previous versions of files that are shared on Server1 by using the PreviousVersions tab. Which tool should you use?

A. wbadminB. DiskpartC. StorreptD. Vssadmin



QUESTION 11Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-Vserver role installed. Server1 hosts 10 virtual machines that run Windows Server 2012. You add a new servernamed Server2. Server2 has faster hard disk drives, more RAM, and a different processor manufacturer thanServer1. You need to move all of the virtual machines from Server1 to Server2. The solution must minimizedowntime. What should you do for each virtual machine?

A. Perform a quick migration.B. Perform a storage migration.C. Export the virtual machines from Server1 and import the virtual machines to Server2.D. Perform a live migration.


Explanation/Reference:The different processor manufacturer is the key here. Storage, Live, and Quick all require same manufacturer.

QUESTION 12Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012. Server1 and Server2 have theFailover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.You add two additional nodes to Cluster1. You have a folder named Folder1 on Server1 that containsapplication data. You plan to provide continuously available access to Folder1. You need to ensure that all ofthe nodes in Cluster1 can actively respond to the client requests for Folder1. What should you configure?


Correct Answer: LSection: simuler QuestionsExplanation


Scale-Out File Server for application data (Scale-Out File Server) This clustered file server is introduced inWindows Server 2012 and lets you store server application data, such as Hyper-V virtual machine files, on fileshares, and obtain a similar level of reliability, availability, manageability, and high performance that you wouldexpect from a storage area network. All file shares are online on all nodes simultaneously. File sharesassociated with this type of clustered file server are called scale-out file shares. This is sometimes referred toas active-active.

QUESTION 13Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012. Server1 and Server2 have theFailover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.Cluster1 hosts an application named Appl. You need to ensure that Server2 handles all of the client requests tothe cluster for Appl. The solution must ensure that if Server2 fails, Server1 becomes the active node for Appl.What should you configure?


Correct Answer: JSection: simuler QuestionsExplanation

Explanation/Reference: http://blogs.msdn.com/b/clustering/archive/2008/10/14/9000092.aspx

The preferred owner in a 2 server cluster will always be the active node unless it is down.

QUESTION 14You have a DHCP server named Server1. Server1 has one network adapter. Server1 is located on a subnetnamed Subnet1. Server1 has scope named Scope1. Scope1 contains IP addresses for the 192.168.1.0/24network.

Your company is migrating the IP addresses on Subnet1 to use a network ID of 10.10.0.0/16.

On Server11 you create a scope named Scope2. Scope2 contains IP addresses for the 10.10.0.0/16 network.

You need to ensure that clients on Subnet1 can receive IP addresses from either scope.

What should you create on Server1?

A. A multicast scope

B. A scopeC. A superscopeD. A split-scope


Explanation/Reference:http://technet.microsoft.com/en-us/library/dd759168.aspx

QUESTION 15Your network contains an Active Directory domain named adatum.com. The domain contains a domaincontroller named DC1 that runs Windows Server 2012.

On Dc1, you open DNS Manager as shown in the exhibit. (Click the Exhibit button.)

You need to change the zone type of the contoso.com zone from an Active Directory-integrated zone to astandard primary zone.

What should you do before you change the zone type?

A. Unsign the zone.B. Modify the Zone Signing Key (ZSK).C. Modify the Key Signing Key (KSK).D. Change the Key Master.



QUESTION 16You have a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server roleinstalled.

You need to configure Server1 to resolve queries for single-label DNS names.

Which two actions should you perform? (Each correct answer presents part of the solution.Choose two.)

A. Run the Set-DNSServerGlobalNameZone cmdlet.B. Modify the DNS suffix search list setting.C. Modify the Primary DNS Suffix Devolution setting.D. Create a zone named ".".E. Create a zone named GlobalNames.

F. Run the Set-DNSServerRootHint cmdlet.

Correct Answer: AESection: All Multiple select QuestionsExplanation

Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/cc731744.aspxhttp://technet.microsoft.com/en-us/library/jj649907(v=wps.620).aspx

QUESTION 17You have a server named DC2 that runs Windows Server 2012. DC2 contains a DNS zone namedadatum.com.

The adatum.com zone is shown in the exhibit. (Click the Exhibit button.)

You need to configure DNS clients to perform DNSSEC validation for the adatum.com DNS domain.


A. The Network Location settingsB. A Name Resolution PolicyC. The DNS Client settingsD. The Network Connection settings


Explanation/Reference:http://technet.microsoft.com/en-us/library/hh831411.aspx#config_client1

QUESTION 18Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Server1 and Server2 that run Windows Server 2012. Server1 has the DHCP Server server roleinstalled. Server2 has the Hyper-V server role installed. Server2 has an IP address of 192.168.10.50.

Server1 has a scope named Scope1 for the 192.168.10.0/24 network.

You plan to deploy 20 virtual machines on Server2 that will be connected to the external network. The MACaddresses for the virtual machines will begin with 00-15-SD-83-03.

You need to configure Server1 to offer the virtual machines IP addresses from 192.168.10.200 to192.168.10.219. Physical computers on the network must be offered IP addresses outside this range. You wantto achieve this goal by using the minimum amount of administrative effort.

What should you do from the DHCP console?

A. Create reservations.B. Create a policy.C. Delete Scope1 and create two new scopes.D. Configure Allow filters and Deny filters.


Explanation/Reference:Explanation:http://blogs.technet.com/b/teamdhcp/archive/2012/08/22/granular-dhcp-server-administration-using-dhcp-policies-in-windows-server-2012.aspx

QUESTION 19Your network contains an Active Directory forest. The forest contains two domains named contoso.com andfabrikam.com. The functional level of the forest is Windows Server 2003.

You have a domain outside the forest named adatum.com.

You need to configure an access solution to meet the following requirements:

- Users in adatum.com must be able to access resources in contoso.com.

- Users in adatum.com must be prevented from accessing resources in fabrikam.com.

- Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com.

What should you create?

A. A one-way external trust from contoso.com to adatum.comB. A one-way realm trust from adatum.com to contoso.comC. A one-way realm trust from contoso.com to adatum.comD. A one-way external trust from adatum.com to contoso.com


Explanation/Reference:domain names were changed, so understand the question well

Explanation: You need to make trust relationship where domain contoso.com trusts adatum.com.

http://technet.microsoft.com/en-us/library/cc728024(v=ws.10).aspx

QUESTION 20Your network contains an Active Directory domain named contoso.com. The domain contains a main office anda branch office. An Active Directory site exists for each office.

All domain controllers run Windows Server 2012. The domain contains two domain controllers.

The domain controllers are configured as shown in the following table.

DC1 hosts an Active Directory-integrated zone for contoso.com.

You add the DNS Server server role to DC2.

You discover that the contoso.com DNS zone fails to replicate to DC2.

You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2.

You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication.


A. Active Directory Sites and ServicesB. NtdsutilC. DNS ManagerD. Active Directory Domains and Trusts


Explanation/Reference:Explanation: If you see question about AD Replication, First preference is AD sites and services, thenRepadmin and then DNSLINT.


The contoso.com domain contains domain controllers that run either Windows Server 2008 or Windows Server2008 R2. The functional level of the domain is Windows Server 2008.

The fabrikam.com domain contains domain controllers that run either Windows Server 2003 or WindowsServer 2008. The functional level of the domain is Windows Server 2003.

The contoso.com domain contains a member server named Server1 that runs Windows Server 2012.

You install the Active Directory Domain Services server role on Server1.

You need to add Server1 as a new domain controller in the contoso.com domain.

What should you do?

A. Run the Active Directory Domain Services Configuration Wizard.B. Run adprep.exe /domainprep, and then run dcpromo.exe.C. Raise the functional level of the forest, and then run dcprorno.exe.D. Modify the Computer Name/Domain Changes properties.


Explanation/Reference:Windows Server 2012 requires a Windows Server 2003 forest functional level. That is, before you can add adomain controller that runs Windows Server 2012 to an existing Active Directory forest, the forest functionallevel must be Windows Server 2003 or higher.

http://blogs.technet.com/b/askpfeplat/archive/2012/09/03/introducing-the-first-windows-server-2012-domain-controller.aspx

QUESTION 22Your network contains an Active Directory forest. The forest contains two domains named contoso.com andfabrikam.com. The forest functional level is Windows 2000.

The contoso.com domain contains domain controllers that run either Windows Server 2008 or Windows Server2008 R2. The domain functional level is Windows Server 2008.

The fabrikam.com domain contains domain controllers that run either Windows 2000 Server or WindowsServer 2003. The domain functional level is Windows 2000 native.

The contoso.com domain contains a member server named Server1 that runs Windows Server 2012.

You need to add Server1 as a new domain controller in the contoso.com domain.

What should you do first?

A. Raise the functional level of the contoso.com domain to Windows Server 2008 R2.B. Upgrade the domain controllers that run Windows Server 2008 to Windows Server 2008 R2.C. Raise the functional level of the fabrikam.com domain to Windows Server 2003.D. Decommission the domain controllers that run Windows 2000.E. Raise the forest functional level to Windows Server 2003.


Explanation/Reference:Explanation:Windows Server 2012 requires a Windows Server 2003 forest functional level. That is, before youcan add a domain controller that runs Windows Server 2012 to an existing Active Directory forest, the forestfunctional level must be Windows Server 2003 or higher.

QUESTION 23Your network contains an Active Directory domain named adatum.com. The domain contains two domaincontrollers that run Windows Server 2012. The domain controllers are configured as shown in the followingtable.

You log on to DC1 by using a user account that is a member of the Domain Admins group, and then you createa new user account named User1.

You need to prepopulate the password for User1 on DC2.



A. Connect to DC2 from Active Directory Users and Computers.B. Add DC2 to the Allowed RODC Password Replication Policy group.C. Add the User1 account to the Allowed RODC Password Replication Policy group.D. Run Active Directory Users and Computers as a member of the Enterprise Admins group.



http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre

QUESTION 24Your company has offices in Montreal, New York, and Amsterdam.

The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each

office. All of the sites connect to each other by using the DEFAULTIPSITELINK site link.

You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicatethe Active Directory changes to the domain controllers in the Amsterdam office. The solution must ensure thatthe domain controllers in the Montreal and the New York offices can replicate the Active Directory changes anytime of day.

What should you do?

A. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam fromDEFAULTIPSITELINK. Modify the schedule of DEFAULTIPSITELINK.

B. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge.Modify the schedule of DEFAU LTIPSITELINK.

C. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam fromDEFAULTIPSITELINK. Modify the schedule of the new site link.

D. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge.Modify the schedule of the new site link.

Correct Answer: CSection: Reworded QuestionsExplanation

Explanation/Reference:Explanation: Very Smartly reworded with same 3 offices. In the exam correct answer is "Create a new site linkthat contains Newyork to Montreal. Remove Montreal from DEFAULTIPSITELINK.Modify the schedule of thenew site link".

QUESTION 25Your network contains two Active Directory forests named contoso.com and adatum.com. A two- way foresttrust exists between the forests.

The contoso.com forest contains an enterprise certification authority (CA) named Server1.

You implement cross-forest certificate enrollment between the contoso.com forest and the adatum.com forest.

On Server1, you create a new certificate template named Template1.

You need to ensure that users in the adatum.com forest can request certificates that are based on Template1.


A. DumpADO.ps1B. RepadminC. Add-CATemplateD. CertutilE. PKISync.ps1

Correct Answer: ESection: (none)Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx#BKMK_Consolidating

QUESTION 26You have a server named Server1 that has the Active Directory Certificate Services server role installed.

Server1 uses a hardware security module (HSM) to protect the private key of Server1.

You need to ensure that the Active Directory Certificate Services (AD CS) database, log files, and private keyare backed up.

You perform regular backups of the HSM module by using a backup utility provided by the HSM manufacturer.

What else should you do?

A. Run the certutil.exe command and specify the -backupkey parameter.B. Run the certutil.exe command and specify the -backupdb parameter.C. Run the certutil.exe command and specify the -backup parameter.D. Run the certutil.exe command and specify the -dump parameter.


Explanation/Reference:http://technet.microsoft.com/en-us/library/cc732443(v=ws.10).aspx#BKMK_backupDB

QUESTION 27

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012.

The domain contains a domain controller named DC1 that is configured as an enterprise root certificationauthority (CA).

All users in the domain are issued a smart card and are required to log on to their domain-joined clientcomputer by using their smart card.

A user named User1 resigned and started to work for a competing company.

You need to prevent User1 immediately from logging on to any computer in the domain. The solution must notprevent other users from logging on to the domain.


A. Active Directory Sites and ServicesB. Active Directory Administrative CenterC. Server ManagerD. Certificate Templates



QUESTION 28Your company has a main office and a branch office.

The main office contains a file server named Server1. Server1 has the BranchCache for Network Files roleservice installed. The branch office contains a server named Server2. Server2 is configured as a BranchCachehosted cache server.

You need to preload the data from the file shares on Server1 to the cache on Server2.

You generate hashes for the file shares on Server1.

Which cmdlet should you run next?

A. Add-BCDataCacheExtensionB. Set-BCCacheC. Publish-BCFileContentD. Export-BCCachePackage


Explanation/Reference:http://technet.microsoft.com/fr-fr/library/jj572970.aspx

QUESTION 29You have a file server named Server1 that runs Windows Server 2012.

Data Deduplication is enabled on drive D of Server1.

You need to exclude D:\Folder1 from Data Deduplication.


A. Disk Management in Computer ManagementB. File and Storage Services in Server ManagerC. the classification rules in File Server Resource Manager (FSRM)D. the properties of D:\Folder1



QUESTION 30Your network contains an Active Directory domain named contoso.com. The network contains a file servernamed Server1 that runs Windows Server 2012.

You create a folder named Folder1. You share Folder1 as Share1. The NTFS permissions on Folder1 areshown in the Folder1 exhibit. (Click the Exhibit button.)

The Everyone group has the Full control Share permission to Folder1.

You configure a central access policy as shown in the Central Access Policy exhibit. (Click the Exhibit button.)

Members of the IT group report that they cannot modify the files in Folder1.

You need to ensure that the IT group members can modify the files in Folder1. The solution must use centralaccess policies to control the permissions.


A. On the Classification tab of Folder1, set the classification to Information Technology.B. On the Security tab of Folder1, add a conditional expression to the existing permission entry for the IT

group.

C. On Share 1, assign the Change Share permission to the IT group.D. On the Security tab of Folder1, remove the permission entry for the IT group.E. On the Security tab of Folder1, assign the Modify permission to the Authenticated Users group.



Central access policies for files enable organizations to centrally deploy and manage authorization policies thatinclude conditional expressions that use user groups, user claims, device claims, and resource properties.(Claims are assertions about the attributes of the object with which they are associated). For example, toaccess high-business-impact (HBI) data, a user must be a full-time employee, obtain access from a manageddevice, and log on with a smart card. These policies are defined and hosted in Active Directory DomainServices (AD DS).


QUESTION 31Your network contains an Active Directory domain named contoso.com.

You are creating a custom Windows Recovery Environment (Windows RE) image.

You need to ensure that when a server starts from the custom Windows RE image, a drive is mappedautomatically to a network share.

What should you modify in the image?

A. startnet.cmd

B. Xsl-mApp1ngs.xmlC. Win.iniD. smb.types.ps1xml


Explanation/Reference:Explanation: The best way to define what to start is using starnet.cmdhttp://technet.microsoft.com/en-us/library/cc766521(v=ws.10).aspx

QUESTION 32You have a server named Server1 that runs Windows Server 2012. Server1 has the Windows DeploymentServices server role installed.

You back up Server1 each day by using Windows Server Backup.

The disk array on Server1 fails.

You replace the disk array.

You need to restore Server1 as quickly as possible.

What should you do?

A. Start Server1 from the Windows Server 2012 installation media.B. Start Server1and press F8.C. Start Server1 and press Shift+F8.D. Start Server1 by using the PXE.


Explanation/Reference:Explanation: http://www.windowsnetworking.com/articles_tutorials/Restoring-Windows-Server-Bare-Metal.html

QUESTION 33You have a server named Server1 that runs Windows Server 2012. You download and install the MicrosoftOnline Backup Service Agent on Server1. You need to ensure that you can configure an online backup from

Windows Server Backup. What should you do first?

A. From a command prompt, run wbadmin.exe enable backup.B. From Windows Server Backup, run the Register Server Wizard.C. From the Services console, modify the Log On settings of the Microsoft Online Backup Service Agent.D. From Computer Management, add the Server1 computer account to the Backup Operators group.



QUESTION 34Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Server1 and Server2. Both servers have the Hyper-V server role installed. You plan to replicate virtualmachines between Server1 and Server2. The replication will be encrypted by using Secure Sockets Layer(SSL). You need to request a certificate on Server1 to ensure that the virtual machine replication is encrypted.Which two intended purposes should the certificate for Server1 contain? (Each correct answer presents part ofthe solution. Choose two.)

A. Server AuthenticationB. KDC AuthenticationC. Kernel Mode Code SigningD. IP Security end systemE. Client Authentication


Explanation/Reference:http://blogs.technet.com/b/virtualization/archive/2012/03/13/hyper-v-replica-certificate-requirements.aspx

QUESTION 35Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2 that run Windows Server 2012. Both servers have the Hyper-V server roleinstalled. The network contains an enterprise certification authority (CA). All servers are enrolled automaticallyfor a certificate-based on the Computer certificate template. On Server1, you have a virtual machine namedVM1. VM1 is replicated to Server2. You need to encrypt the replication of VM1. Which two actions should youperform? (Each correct answer presents part of the solution. Choose two.)

A. On Server1, modify the settings of VM1.B. On Server2, modify the settings of the virtual switch to which VM1 is connected.C. On Server1, modify the Hyper-V Settings.D. On Server1, modify the settings of the virtual switch to which VM1 is connected,E. On Server2, modify the settings of VM1.F. On Server2, modify the Hyper-V Settings.

Correct Answer: AFSection: All Multiple select QuestionsExplanation

Explanation/Reference:Once you change the Hyper-V Settings of Server 2 to encrypt replications with a certificate, you then need tochange the replication information of VM1 to use the secure connection.

QUESTION 36Your network contains an Active Directory domain named contoso.com. The domain contains a file servernamed Server1 that runs Windows Server 2012. You create a user account named User1 in the domain. Youneed to ensure that User1 can use Windows Server Backup to back up Server1. The solution must minimizethe number of administrative rights assigned to User1. What should you do?

A. Assign User1 the Back up files and directories user right.B. Add User1 to the Backup Operators group.C. Add User1 to the Power Users group.D. Assign User1 the Back up files and directories user right and the Restore files and directories user right.



Backup Operators have these permissions by default:

However the question explicitly says we need to minimize administrative rights. Since the requirement is forbacking up the data only--no requirement to restore or shutdown--then assigning the "Back up files anddirectories user right" would be the correct. answer.

QUESTION 37You have a datacenter that contains six servers. Each server has the Hyper-V server role installed and runsWindows Server 2012. The servers are configured as shown in the following table.

Host4 and Hosts5 are part of a cluster named Cluster1. Cluster1 hosts a virtual machine named VM1. Youneed to move VM1 to another Hyper-V host. The solution must minimize the downtime of VM1. To which serverand by which method should you move VM1

A. To Host3 by using a storage migrationB. To Host6 by using a storage migrationC. To Host2 by using a live migrationD. To Host1 by using a quick migration


Explanation/Reference:slightly changed with more answer options but correct answer is still "Intel iSCSI disk"


QUESTION 38Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012. Server1 and Server2 have theFailover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.You add two additional nodes to Cluster1. You need to ensure that Cluster1 stops running if three nodes fail.What should you configure?


Correct Answer: CSection: simuler QuestionsExplanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/cc731739.aspx

QUESTION 39Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012. Server1 and Server2 have theFailover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.You add two additional nodes in Cluster1. You have a folder named Folder1 on Server1 that hosts applicationdata. Folder1 is a folder target in a Distributed File System (DFS) namespace. You need to provide highlyavailable access to Folder1. The solution must support DFS Replication to Folder1. What should youconfigure?

A. Affinity - NoneB. Affinity - SingleC. The cluster quorum settingsD. The failover settingsE. A file server for general useF. The Handling priorityG. The host priorityH. Live migration

I. The possible ownerJ. The preferred ownerK. Quick migrationL. The Scale-Out File Server

Correct Answer: ESection: simuler QuestionsExplanation


QUESTION 40Your network contains two servers named Server1 and Server2 that run Windows Server 2012. Server1 andServer2 have the Hyper-V server role installed. Server1 and Server2 are configured as Hyper-V replicas ofeach other. Server1 hosts a virtual machine named VM1. VM1 is replicated to Server2.

You need to verify whether the replica of VM1 on Server2 is functional. The solution must ensure that VM1remains accessible to clients.

What should you do from Hyper-V Manager?

A. On Server1, execute a Planned Failover.B. On Server1, execute a Test Failover.C. On Server2, execute a Planned Failover.D. On Server2, execute a Test Failover.


Explanation/Reference:http://blogs.technet.com/b/virtualization/archive/2012/07/26/types-of-failover-operations-in-hyper-v-replica.aspx

QUESTION 41You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server2012. You need to force every node in Cluster1 to contact immediately the Windows Server Update Services(WSUS) server on your network for updates.


A. The Add-CauClusterRole cmdletB. The Wuauclt commandC. The Wusa commandD. The Invoke-CauScan cmdlet



QUESTION 42Your network contains an Active Directory domain named contoso.com. The network contains a file servernamed Server1 that runs Windows Server 2012. You are configuring a central access policy for temporaryemployees.

You enable the Department resource property and assign the property a suggested value of Temp. You need to configure a target resource condition for the central access rule that is scoped to resourcesassigned to Temp only.

Which condition should you use?

A. (Temp.Resource Equals "Department")B. (Resource.Temp Equals "Department")C. (Resource.Department Equals "Temp")D. (Department.Value Equals "Temp")


Explanation/Reference:http://technet.microsoft.com/fr-fr/library/hh846167.aspx

QUESTION 43Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the ActiveDirectory Certificate Services server role installed and is configured as a standalone certification authority (CA).

You install a second server named Server2. You install the Online Responder role service on Server2. You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signingcertificate to Server2.

What should you do?

A. On Server1, run the certutil.exe command and specify the -setreg parameter.B. On Server2, run the certutil.exe command and specify the -policy parameter.C. On Server1, configure Security for the OCSP Response Signing certificate template.D. On Server2, configure Issuance Requirements for the OCSP Response Signing certificate template.



QUESTION 44Your network contains an Active Directory domain named adatum.com. The domain contains a server namedCA1 that runs Windows Server 2012. CA1 has the Active Directory Certificate Services server role installed andis configured to support key archival and recovery.

You need to ensure that a user named User1 can decrypt private keys archived in the Active DirectoryCertificate Services (AD CS) database. The solution must prevent User1 from retrieving the private keys fromthe AD CS database.

What should you do?

A. Assign User1 the Issue and Manage Certificates permission to Server1.B. Assign User1 the Read permission and the Write permission to all certificate templates.C. Provide User1 with access to a Key Recovery Agent certificate and a private key.D. Assign User1 the Manage CA permission to Server1.


Explanation/Reference:http://social.technet.microsoft.com/wiki/contents/articles/7573.active-directory-certificate-services-pki-key-archival-and-management.aspx#Protecting_Key_Recovery_Agent_Keys

QUESTION 45Your network contains an Active Directory domain named contoso.com. The domain contains two sites namedSite1 and Site2 and two domain controllers named DC1 and DC2. Both domain controllers are located in Site1.You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2. A technicianconnects DC3 to Site2.

You discover that users in Site2 are authenticated by all three domain controllers. You need to ensure that the users in Site2 are authenticated by DC1 or DC2 only if DC3 is unavailable.

What should you do?

A. From Network Connections, modify the IP address of DC3.B. In Active Directory Sites and Services, modify the Query Policy of DC3.C. From Active Directory Sites and Services, move DC3.D. In Active Directory Users and Computers, configure the insDS-PrimaryComputer attribute for the users in

Site2.



QUESTION 46Your network contains two Active Directory forests named contoso.com and adatum.com. Contoso.comcontains one domain. Adatum.com contains a child domain named child.adatum.com. Contoso.com has a one-way forest trust to adatum.com. Selective authentication is enabled on the forest trust. Several user accountsare migrated from child.adatum.com to adatum.com. Users report that after the migration, they fail to accessresources in contoso.com. The users successfully accessed the resources in contoso.com before the accountswere migrated.

You need to ensure that the migrated users can access the resources in contoso.com.

What should you do?

A. Replace the existing forest trust with an external trust.B. Run netdom and specify the /quarantine attribute.C. Disable SID filtering on the existing forest trust.D. Disable selective authentication on the existing forest trust.



QUESTION 47You have four servers that run Windows Server 2012. The servers have the Failover Clustering featureinstalled. You deploy a new cluster named Cluster1. Cluster1 is configured as shown in the following table.

Site2 is a disaster recovery site. Server1, Server2, and Server3 are configured as the preferred owners of thecluster roles. Dynamic quorum management is disabled.

You plan to perform hardware maintenance on Server3. You need to ensure that if the WAN link between Site1 and Site2 fails while you are performing maintenance onServer3, the cluster resource will remain available in Site1.

What should you do?

A. Enable dynamic quorum management.B. Remove the node vote for Server3.C. Add a file share witness in Site1.D. Remove the node vote for Server4 and Server5.


Explanation/Reference:http://msdn.microsoft.com/en-us/library/hh270280.aspx#VotingandNonVotingNodes

Exam C

QUESTION 1Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. Theforest functional level is Windows Server 2012.

You have a domain controller named DC1.

On DC1, you create a new Group Policy object (GPO) named GPO1. You need to verify that GPO1 wasreplicated to all of the domain controllers.


A. Group Policy ManagementB. Active Directory Sites and ServicesC. DFS ManagementD. Active Directory Administrative Center


Explanation/Reference:Explanation:http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/3e580e00-d619-4d25-b22d-18f0170279c4

QUESTION 2Your network contains two DNS servers named DN51 and DNS2 that run Windows Server 2012.

DNS1 has a primary zone named contoso.com. DNS2 has a secondary copy of the contoso.com zone.

You need to log the zone transfer packets sent between DNS1 and DNS2.


A. Monitoring from DNS ManagerB. Logging from Windows Firewall with Advanced SecurityC. A Data Collector Set (DCS) from Performance MonitorD. Debug logging from DNS Manager


Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/cc776361(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc749337.aspx

QUESTION 3Your network contains an Active Directory forest. The forest contains one domain named contoso.com. Thedomain contains three domain controllers. The domain controllers are configured as shown in the followingtable.

DC1 has all of the operations master roles installed.

You transfer all of the operations master roles to DC2, and then you uninstall Active Directory from DC1.

You need to ensure that you can use Password Settings objects (PSOs) in the domain.

What should you do?

A. Change the domain functional level.B. Upgrade DC2.C. Run the dcgpofix.exe command.D. Transfer the schema master role.


Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/cc753104.aspx


When you install a custom application on Server1 and restart the server, you receive the following errormessage: "The Boot Configuration Data file is missing some required information.File: \Boot\BCD

Error code: 0x0000034."

You start Server1 by using Windows PE.

You need to ensure that you can start Windows Server 2012 on Server1.


A. BootsectB. BootimC. BootrecD. Bootcfg


Explanation/Reference:Explanation:http://answers.microsoft.com/en-us/windows/forum/windows_7-system/error-code-0x0000034-in-windows-7/4dcb8d38-a206-40ed-bced-55e4a4de9bf2


Server1 fails.

You identify that the master boot record (MBR) is corrupt.

You need to repair the MBR.


A. BcdeditB. BcdbootC. BootrecD. Fixmbr


Explanation/Reference:Explanation:http://www.youtube.com/watch?v=kFU8kngy6O0http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/bbf4f440-50ce-4ea2-a3ea-a96dc2500352

QUESTION 6Your network contains an Active Directory domain named contoso.com. All domain controllers run WindowsServer 2012. The domain contains two domain controllers. The domain controllers are configured as shown inthe following table.

You configure a user named User1 as a delegated administrator of DC10.

You need to ensure that User1 can log on to DC10 if the network link between the Main site and the Branch sitefails.

What should you do?

A. Add User1 to the Domain Admins group.B. On DC10, run ntdsutil and configure the settings in the Roles context.C. Run repadmin and specify the /prp parameter.D. On DC1, modify the User Rights Assignment in Default Domain Controllers Group Policy object (GPO).


Explanation/Reference:Explanation: Modify the following policy:

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow logon locally

Note:* User Rights Assignment policies determines which users or groups have logon rights or privileges on thecomputer.

* Delegated administrator accounts gain local administrative permissions to the RODC. These users canoperate with privileges equivalent to the local computer's Administrators group. They are not members of theDomain Admins or the domain built-in Administrators groups. This option is useful for delegating branch officeadministration without giving out domain administrative permissions. Configuring delegation of administration isnot required.

QUESTION 7You perform a full installation of Windows Server 2012 on a virtual machine named Server1. You plan to useServer1 as a reference image.

You need to minimize the amount of storage space used by the Windows Server 2012 installation.

Which cmdlet should you use?

A. Remove-ModuleB. Optimize-VHDC. Optimize-VolumeD. Uninstall-WindowsFeaturehttp://www.lead2pass.com/70-412.html



http://technet.microsoft.com/en-us/library/hh848458(v=wps.620).aspx


Server1 has a scope named Scope1. A policy named Policy1 is configured for Scope1. Policy1 is configured toprovide Hyper-V virtual machines a one-day lease. All other computers receive an eight-day lease.

You implement an additional DHCP server named Server2 that runs Windows Server 2012.

On Server1, you configure Scopel for DHCP failover.

You discover that virtual machines that receive IP addresses from Server2 have a lease duration of eight days.

You need to ensure that when Server2 assigns IP addresses to the Hyper-V virtual machines, the leaseduration is one day. The solution must ensure that other computers that receive IP addresses from Server2have a lease duration of eight days.

What should you do?

A. On Server2, right-click Scope1, and then click Reconcile.B. On Server1, right-click Scope1, and then click Replicate Scope.C. On Server2, create a new DHCP policy.D. On Server1, delete Policy1, and then recreate the policy.


Explanation/Reference:Explanation: Scope 1 has been set up for DHCP failover. Now we need to replicate it from Server1 to Server2.

QUESTION 9You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses ActiveDirectory as the attribute store.

Some users report that they fail to authenticate to the AD FS infrastructure.

You discover that only users who run third-party web browsers experience issues.

You need to ensure that all of the users can authenticate to the AD FS infrastructure successfully.

Which Windows PowerShell command should you run?

A. Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00B. Set-ADFSProperties -AddProxyAuthenticationRules NoneC. Set-ADFSProperties -SSOLifetime 1:00:00D. Set-ADFSProperties -ExtendedProtectionTokenCheck None


Explanation/Reference:Explanation:http://technet.microsoft.com/zh-cn/library/ee892317.aspx


You install the File and Storage Services server role on Server1.

From Windows Explorer, you view the properties of a folder named Folder1 and you discover that theClassification tab is missing.

You need to ensure that you can assign classifications to Folder1 from Windows Explorer manually.

What should you do?

A. From Folder Options, clear Hide protected operating system files (Recommended).B. Install the File Server Resource Manager role service.C. From Folder Options, select the Always show menus.D. Install the Share and Storage Management Tools.

Correct Answer: BSection: (none)

Explanation

Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/dd758759(v=WS.10).aspx

QUESTION 11Your network contains an Active Directory domain named contoso.com. All domain controllers run WindowsServer 2012. The domain contains two domain controllers. The domain controllers are configured as shown inthe following table.

The Branch site contains a perimeter network.

For security reasons, client computers in the perimeter network can communicate with client computers in theBranch site only.

You plan to deploy a new RODC to the perimeter network in the Branch site.

You need to ensure that the new RODC will be able to replicate from DC10.

What should you do first on DC10?

A. Enable the Bridge all site links setting.B. Run the Active Directory Domain Services Configuration Wizard.C. Create an Active Directory site link bridge.D. Create an Active Directory site.


Explanation/Reference:Explanation: The right answer is Chttp://technet.microsoft.com/en-us/library/cc738789(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc778718(v=WS.10).aspx

QUESTION 12Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2 that run Windows Server 2012.

Server1 has Microsoft SQL Server 2012 installed.

You install the Active Directory Federation Services server role on Server2.

You need to configure Server2 as the first Active Directory Federation Services (AD FS) server in the domain.The solution must ensure that the AD FS database is stored in a SQL Server database on Server1.

What should you do on Server2?

A. From a command prompt, run fsutil.exe.B. From Windows PowerShell, run Install-ADFSFarm.

C. From Server Manager, install the Federation Service Proxy.D. From Server Manager, install the AD FS Web Agents.


Explanation/Reference:Explanation: Install-AdfsFarmCreates the first node of a new federation server farm.

Parameter: -SQLConnectionString<String>Specifies the SQL Server database that will store the AD FS configuration settings. If not specified, the AD FSinstaller uses the Windows Internal Database to store configuration settings.http://technet.microsoft.com/en-us/library/jj553792.aspx

QUESTION 13Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. Thedomain contains three domain controllers. The domain controllers are configured as shown in the followingtable.

You plan to test an application on a server named Server1. Server1 is currently located in Site1.

After the test, Server1 will be moved to Site2.

You need to ensure that Server1 attempts to authenticate to DC3 first, while you test the application.

What should you do?

A. Create a new site and associate the site to an existing site link object.B. Modify the priority of site-specific service location (SRV) DNS records for Site2.C. Create a new subnet object and associate the subnet object to an existing site.D. Modify the weight of site-specific service location (SRV) DNS records Site1.


Explanation/Reference:Explanation: Service Location (SRV) Resource RecordPriorityA number between 0 and 65535 that indicates the priority or level of preference given for this record to the hostthat is specified in Host offering this service. Priority indicates this host's priority with respect to the other hostsin this domain that offer the same service and are specified by different service location (SRV) resourcerecords.

Incorrect:Not D:Weight: A number between 1 and 65535 to be used as a load-balancing mechanism. When you select amongmore than one target SRV host for the type of service (specified in Service) that use the same Priority number,

you can use this field to weight preference toward specific hosts. Where several hosts share equal priority,SRV-specified hosts with higher weight values that are entered here should be returned first to resolver clientsin SRV query results.

Reference: Service Location (SRV) Resource Record Dialog Box

QUESTION 14Your company has a main office and a remote office. The remote office is used for disaster recovery.

The network contains an Active Directory domain named contoso.com. The domain contains member serversnamed Server1, Server2, Server3, and Server4. All servers run Windows Server 2012.

Server1 and Server2 are located in the main office. Server3 and Server4 are located in the remote office.

All servers have the Failover Clustering feature installed. The servers are configured as nodes in a failovercluster named Cluster1. Storage is replicated between the main office and the remote site.

You need to ensure that Cluster1 is available if two nodes in the same office fail.

What are two possible quorum configurations that achieve the goal? (Each correct answer presents a completesolution. Choose two.)

A. Node MajorityB. No Majority: Disk OnlyC. Node and File Share MajorityD. Node and Disk Majority

Correct Answer: ABSection: All Multiple select QuestionsExplanation

Explanation/Reference:Explanation: Depending on the quorum configuration option that you choose and your specific settings, thecluster will be configured in one of the following quorum modes:* (A) Node majority (no witness)Only nodes have votes. No quorum witness is configured. The cluster quorum is the majority of voting nodes inthe active cluster membership.* (B) No majority (disk witness only)No nodes have votes. Only a disk witness has a vote. The cluster quorum is determined by the state of the diskwitness.The cluster has quorum if one node is available and communicating with a specific disk in the cluster storage.Generally, this mode is not recommended, and it should not be selected because it creates a single point offailure for the cluster.* Node majority with witness (disk or file share)Nodes have votes. In addition, a quorum witness has a vote. The cluster quorum is the majority of voting nodesin the active cluster membership plus a witness vote. A quorum witness can be a designated disk witness or adesignated file share witness.

Note:

* Quorum in Windows 2008 R2 referred to a consensus , that is, a majority of votes is required in order to reachquorum and maintain stability of the cluster. A new option created in Windows Server 2012 which was alsoback ported to Windows Server 2008 R2 SP1 was the ability to stop a node being able to participate in thevoting process.* Dynamic quorum is the ability of the cluster to recalculate quorum on the fly and still maintain a workingcluster. This is a huge improvement as we are now able to continue to run a cluster even if the number ofnodes remaining in the cluster is less than 50%. This was not possible before but the dynamic quorum conceptnow allows us to do this. In fact we can reduce the cluster down to the last node (known as last man standing)and still maintain quorum.

Reference: Configure and Manage the Quorum in a Windows Server 2012 Failover Cluster

QUESTION 15Your network contains an Active Directory domain named contoso.com. The domain contains four serversnamed Server1, Server2, Server3, and Server4 that run Windows Server 2012. All servers have the Hyper-Vserver role and the Failover Clustering feature installed.

The servers are configured as shown in the following table.

Which three actions should you perform? (Each correct answer presents part of the solution.Choose three.)

A. From Hyper-V Manager on a node in Cluster2, create three virtual machines.B. From Hyper-V Manager on a node in Cluster2, modify the Hyper-V settings.C. From Failover Cluster Manager on Cluster1, configure each virtual machine for replication.D. From Cluster1, add and configure the Hyper-V Replica Broker role.E. From Cluster2, add and configure the Hyper-V Replica Broker role.

Correct Answer: ACESection: All Multiple select QuestionsExplanation

Explanation/Reference:Explanation: A: Need to have same number of replicated VMs in the replicated site.C: Once the hosting server is configured for Replica, you can enable replication for each virtual machine thatyou want to be replicated.

E: The Hyper-V Replica Broker is placed in the replicated cluster Note:

* Each node of the failover cluster that is involved in Replica must have the Hyper-V server role installed.* Windows Server 2012 Hyper-V Replica is a built-in mechanism for replicating Virtual Machines (VMs). It canreplicate selected VMs in real-time or asynchronously from a primary site to a designated replica site acrossLAN/WAN. Here a replica site hosts a replicated VM while an associated primary site is where the source VMruns. And either a replica site or a primary site can be a Windows Server 2012 Hyper-V host or a WindowsServer 2012 Failover Cluster.

QUESTION 16Your network contains an Active Directory forest named contoso.com. The forest contains two domains namedcontoso.com and childl.contoso.com. The domains contain three domain controllers.

The domain controllers are configured as shown in the following table.

You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring settingis enforced in the child1.contoso.com domain.


A. Upgrade DC1 to Windows Server 2012.B. Upgrade DC11 to Windows Server 2012.C. Raise the domain functional level ofchildl.contoso.com,D. Raise the domain functional level of contoso.com.E. Raise the forest functional level of contoso.com.

Correct Answer: BDSection: All Multiple select QuestionsExplanation


QUESTION 17You have a server named Server1 that runs Windows Server 2012. The storage on Server1 is configured asshown in the following table.

You plan to implement Data Deduplication on Server1.

You need to identify on which drives you can enable Data Deduplication.

Which three drives should you identify? (Each correct answer presents part of the solution.Choose two.)

A. CB. D

C. ED. FE. G

Correct Answer: BDESection: All Multiple select QuestionsExplanation

Explanation/Reference:Explanation: Volumes that are candidates for deduplication must conform to the following requirements:* (not A) Must not be a system or boot volume. Deduplication is not supported on operating system volumes.

* Can be partitioned as a master boot record (MBR) or a GUID Partition Table (GPT), and must be formattedusing the NTFS file system.

* Can reside on shared storage, such as storage that uses a Fibre Channel or an SAS array, or when an iSCSISAN and Windows Failover Clustering is fully supported.

* Do not rely on Cluster Shared Volumes (CSVs). You can access data if a deduplication-enabled volume isconverted to a CSV, but you cannot continue to process files for deduplication.* (not C) Do not rely on the Microsoft Resilient File System (ReFS).

* Must be exposed to the operating system as non-removable drives. Remotely-mapped drives are notsupported.

QUESTION 18You have 20 servers that run Windows Server 2012.

You need to create a Windows PowerShell script that registers each server in Windows Azure Online Backupand sets an encryption passphrase.Which two PowerShell cmdlets should you run in the script? (Each correct answer presents part of the solution.Choose two.)

A. New-OBPolicyB. New-OBRetentionPolicyC. Add-OBFileSpecD. Start-OBRegistrationE. Set OBMachineSetting

Correct Answer: DESection: All Multiple select QuestionsExplanation

Explanation/Reference:Explanation: D: Start-OBRegistrationRegisters the current computer with Windows Azure Online Backup using the credentials (username andpassword) created during enrollment.E: The Set-OBMachineSetting cmdlet sets a OBMachineSetting object for the server that includes proxy serversettings for accessing the internet, network bandwidth throttling settings, and the encryption passphrase that isrequired to decrypt the files during recovery to another server.Incorrect:Not C: The Add-OBFileSpec cmdlet adds the OBFileSpec object, which specifies the items to include orexclude from a backup, to the backup policy (OBPolicy object). The OBFileSpec object can include or excludemultiple files, folders, or volumes. T

QUESTION 19Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012.

You need to ensure that a WIM file that is located on a network share is used as the installation source wheninstalling server roles and features on Server1.


A. Run the dism.exe command and specify the /remove-package parameter.B. Run the Remove-WindowsFeature cmdlet.C. Enable and configure the Specify settings for optional component installation and component repair policy

setting by using a Group Policy object (GPO).D. Enable the Enforce upgrade component rules policy setting by using a Group Policy object (GPO).E. Run the Remove-WindowsPackage cmdlet.


Explanation/Reference:Explanation: A: To remove packages from an offline image by using DISM Example:At a command prompt, specify the package identity to remove it from the image. You can remove multiplepackages on one command line.DISM /Image:C:\test\offline /Remove-Package/PackageName:Microsoft.Windows.Calc.Demo~6595b6144ccf1df~x86~en~1.0.0.0 /PackageName:Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~x86~~6.1.6801.0

C: * You can use Group Policy to specify a Windows image repair source to use within your network. The repairsource can be used to restore Windows features or to repair a corrupted Windows image.

* Set Group PolicyYou can use Group Policy to specify when to use Windows Update, or a network location as a repair source forfeatures on demand and automatic corruption repair.To configure Group Policy for Feature on DemandNote:* The Windows Imaging Format (WIM) is a file-based disk image format. It was developed by Microsoft to helpdeploy Windows Vista and subsequent versions of Windows operating system family, as well as WindowsFundamentals for Legacy PCs.


You have a domain outside the forest named litwareinc.com.

You need to configure an access solution to meet the following requirements:

- Users in litwareinc.com must be able to access resources on a server named Server1 in contoso.com.- Users in the contoso.com forest must be prevented from accessing any resources in litwareinc.com.- Users in litwareinc.com must be prevented from accessing any other resources in the contoso.com forest.

Which three actions should you perform? (Each correct answer presents part of the solution.Choose three.)

A. Configure SID filtering on the trust.B. Configure forest-wide authentication on the trust.C. Create a one-way forest trust.D. Create a one-way external trust

E. Modify the permission on the Server1 object.F. Configure selective authentication on the trust.

Correct Answer: DEFSection: All Multiple select QuestionsExplanation

Explanation/Reference:Explanation: D (not C): litwareinc.com is outside the forest so we need an external trust (not a forest trust).E: Must grant the required permissions on Server1.F(not B): For external trust we must either select Domain-Wide or Selective Authentication (forst- wideauthentication is not an option)BCENote:* You can create an external trust to form a one-way or two-way, nontransitive trust with domains that areoutside your forest. External trusts are sometimes necessary when users need access to resources in aWindows NT 4.0 domain or in a domain that is located in a separate forest that is not joined by a forest trust./ To select the scope of authentication for users that are authenticating through a forest trust, click the foresttrust that you want to administer, and then click Properties . On the Authentication tab, click either Forest-wideauthentication or Selective authentication . / To select the scope of authentication for users that areauthenticating through an external trust, click the external trust that you want to administer, and then clickProperties . On the Authentication tab, click either Domain-wide authentication or Selective authentication .* The forest-wide authentication setting permits unrestricted access by any users in the trusted forest to allavailable shared resources in any of the domains in the trusting forest.* Forest-wide authentication is generally recommended for users within the same organization.

Reference: Select the Scope of Authentication for Users

QUESTION 21Your network contains an Active Directory domain named contoso.com. The domain contains a file servernamed Server1 and a domain controller named DC1. All servers run Windows Server 2012. A Group Policyobject (GPO) named GPO1 is linked to the domain. Server1 contains a folder named Folder1. Folder1 isshared as Share1.

You need to ensure that authenticated users can request assistance when they are denied access to theresources on Server1.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Assign the Read Attributes NTFS permission on Folder1 to the Authenticated Users group.B. Install the File Server Resource Manager role service on Server1.C. Configure the Customize message for Access Denied errors policy setting of GPO1.D. Enable the Enable access-denied assistance on client for all file types policy setting for GPO1.E. Install the File Server Resource Manager role service on DC1.


Explanation/Reference:http://technet.microsoft.com/en-us/library/hh831402.aspx#BKMK_1

QUESTION 22Your network contains an Active Directory domain named adatum.com. All domain controllers run WindowsServer 2008 R2. The domain contains a file server named Server6 that runs Windows Server 2012. Server6contains a folder named Folder1. Folder1 is shared as Share1. The NTFS permissions on Folder1 are shown inthe exhibit. (Click the Exhibit button.)

The domain contains two global groups named Group1 and Group2. You need to ensure that only users who are members of both Group1 and Group2 are denied access toFolder1.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

Exhibit:

A. Remove the Deny permission for Group1 from Folder1.B. Deny Group2 permission to Folder1.C. Install a domain controller that runs Windows Server 2012.D. Create a conditional expression.E. Deny Group2 permission to Share1.F. Deny Group1 permission to Share1.

Correct Answer: CDSection: All Multiple select QuestionsExplanation

Explanation/Reference:http://social.technet.microsoft.com/wiki/contents/articles/14269.introducing-dynamic-access-control-en-us.aspx

QUESTION 23You have a server named Server1 that runs Windows Server 2012. Server1 has a single volume that isencrypted by using BitLocker Drive Encryption (BitLocker). BitLocker is configured to save encryption keys to aTrusted Platform Module (TPM). Server1 is configured to perform a daily system image backup. Themotherboard on Server1 is upgraded. After the upgrade, Windows Server 2012 on Server1 fails to start. Youneed to start the operating system on Server1 as soon as possible.What should you do?

A. Start Server1 from the installation media. Run startrec.exe.B. Move the disk to a server that has a model of the old motherboard. Start the server from the installation

media. Run bcdboot.exe.C. Move the disk to a server that has a model of the old motherboard. Start the server. Run tpm.msc.D. Start Server1 from the installation media. Perform a system image recovery.


Explanation/Reference:Encryption keys are lost. Nothing mentioned about password/keys recovery. My point is that the only way is torestore the server from a backup.

QUESTION 24You have 3 server named LON-DC1 that runs Windows Server 2012. An iSCSI virtual disk namedVirtualiSCSIl.vhd exists on LON-DC1 as shown in the exhibit. (Click the Exhibit button.)

You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target.VirtualiSCSIl.vhd is removed from LON-DC1. You need to assign VirtualiSCSI2.vhd a logical unit value of 0.

What should you do?

Exhibit:

A. Modify the properties of the VirtualiSCSI2.vhd iSCSI virtual disk.B. Run the Add-IscsiVirtualDiskTargetMapping cmdlet and specify the -Lun parameter.C. Run the iscsicli command and specify the reportluns parameter.D. Run the iscsicpl command and specify the virtualdisklun parameter.


Explanation/Reference:http://technet.microsoft.com/en-us/library/jj612800(v=wps.620).aspx

QUESTION 25Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. Theforest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domaincontrollers. The domain controllers are configured as shown in the following table.

An IP site link exits between each site. You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB. You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of thedomain controllers in SiteB are unavailable.

What should you do?

A. Create a site link bridge.B. Create additional connection objects for DC3 and DC4.C. Create additional connection objects for DC1 and DC2.D. Increase the cost of the site link between SiteA and SiteC.


Explanation/Reference:http://technet.microsoft.com/en-us/library/dd277430.aspx#XSLTsection126121120120

QUESTION 26Your network contains an Active Directory domain named contoso.com. A previous administrator implementeda Proof of Concept installation of Active Directory Rights Management Services (AD RMS). After the proof ofconcept was complete, the Active Directory Rights Management Services server role was removed.

You attempt to deploy AD RMS. During the configuration of AD RMS, you receive an error message indicatingthat an existing AD RMS Service Connection Point (SCP) was found. You need to remove the existing AD RMSSCP.


A. Authorization ManagerB. TPM ManagementC. Active Directory Sites and ServicesD. Services



QUESTION 27You have a server named Server1 that runs Windows Server 2012. Windows Server 2012 is installed onvolume C.

You need to ensure that Safe Mode with Networking loads the next time Server1 restarts.


A. The Msconfig commandB. The Restart-Server cmdletC. The Restart-Computer cmdletD. The Bootcfg command



QUESTION 28Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC1 that runs Windows Server 2012. DC1 has the DNS Server server role installed. Thenetwork contains client computers that run either Linux, Windows 7, or Windows 8. You have a standardprimary zone named adatum.com as shown in the exhibit. (Click the Exhibit button.)

You plan to configure Name Protection on all of the DHCP servers. You need to configure the adatum.com zone to support Name Protection.

Which two configurations should you perform from DNS Manager? (Each correct answer presents part of thesolution. Choose two.)

Exhibit:

A. Sign the zone.B. Store the zone in Active Directory.C. Modify the Security settings of the zone.D. Configure Dynamic updates.


Explanation/Reference:http://technet.microsoft.com/en-us/library/ee941152(v=ws.10).aspx

QUESTION 29You have a DNS server named Server1 that runs Windows Server 2012. Server1 has a signed zone forcontoso.com.

You need to configure DNS clients to perform DNSSEC validation for the contoso.com DNS domain.


A. The Network Connection settingsB. A Name Resolution PolicyC. The Network Location settingsD. The DNS Client settings



QUESTION 30Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC1 that runs Windows Server 2012.

On Dc1, you open DNS Manager as shown in the exhibit. (Click the Exhibit button.)

You need to change the replication scope of the contoso.com zone.

What should you do before you change the replication scope?

A. Modify the Zone Transfers settings.B. Add DC1 to the Name Servers list.C. Add your user account to the Security settings of the zone.D. Unsign the zone.


Explanation/Reference:Explanation:http://www.microsoft.com/en-us/download/dlx/ThankYou.aspx?id=29018

QUESTION 31Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC1 and a member server named Server1. Server1 has the IP Address Management (IPAM)Server feature installed.

On Dc1, you configure Windows Firewall to allow all of the necessary inbound ports for IPAM.

On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that you can use IPAM on Server1 to manage DNS on DC1.

What should you do?

A. Modify the outbound firewall rules on Server1.B. Modify the inbound firewall rules on Server1.C. Add Server1 to the Remote Management Users group.D. Add Server1 to the Event Log Readers group.


Explanation/Reference:Explanation:http://social.technet.microsoft.com/Forums/en-US/winserver8gen/thread/c882c077-61bd-45f6-ab47-735bd728d3bc/

QUESTION 32Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named Dc1. DC1 has the DNS Server server role installed.

The network has two sites named Site1 and Site2. Site1 uses 10.10.0.0/16 IP addresses and Site2 uses10.11.0.0/16 IP addresses. All computers use DC1 as their DNS server.

The domain contains four servers named Server1, Server2, Server3, and Server4. All of the servers run aservice named Service1.

DNS host records are configured as shown in the exhibit. (Click the Exhibit button.)

You discover that computers from the 10.10.1.0/24 network always resolve Service1 to the IP address ofServer1.

You need to configure DNS on DC1 to distribute computers in Site1 between Server1 and Server2 when thecomputers attempt to resolve Service1.

What should run on DC1?

A. dnscmd /config /bindsecondaries 1B. dnscmd /config /localnetpriority 0C. dnscmd /config /localnetprioritynetmask 0x0000ffffD. dnscmd /config /roundrobin 0



QUESTION 33You have a DHCP server named Server1. Server1 has an IP address 192.168.1.2 is located on a subnet thathas a network ID of 192.168.1.0/24.

On Server1, you create the scopes shown in the following table.

You need to ensure that Server1 can assign IP addresses from both scopes to the DHCP clients on the localsubnet.

What should you create on Server1?

A. A scopeB. A superscopeC. A split-scopeD. A multicast scope



QUESTION 34Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012. Server1 and Server2 have theNetwork Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster namedCluster1. Cluster1 hosts a secure web application named WebApp1. WebApp1 saves user state informationlocally on each node. You need to ensure that when users connect to WebApp1, their session state ismaintained. What should you configure?


Correct Answer: BSection: simuler QuestionsExplanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/bb687542.aspx

QUESTION 35Your network contains an Active Directory domain named contoso.com. Domain controllers run either WindowsServer 2008, Windows Server 2008 R2, or Windows Server 2012. You have a Password Settings object(PSOs) named PSO1. You need to view the settings of PSO1. Which tool should you use?

A. Get-ADDomainControllerPasswordReplicationPolicyB. Get-ADDefaultDomainPasswordPolicyC. Server ManagerD. Get-ADFineGrainedPasswordPolicy


Explanation/Reference:http://technet.microsoft.com/en-us/library/ee617231.aspx

QUESTION 36Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Server1 and Server2 that run Windows Server 2012. Server1 has the IP Address Management (IPAM)Server feature installed. Server2 has the DHCP Server server role installed. A user named User1 is a memberof the IPAM Users group on Server1. You need to ensure that User1 can use IPAM to modify the DHCP scopeson Server2. The solution must minimize the number of permissions assigned to User1. To which group shouldyou add User1?

A. IPAM ASM Administrators on Server1B. IPAMUG in Active DirectoryC. DHCP Administrators on Server2D. IPAM MSM Administrators on Server1



QUESTION 37Your network contains an Active Directory domain named contoso.com. The domain contains a main office anda branch office. An Active Directory site exists for each office. The domain contains two servers named Server1and Server2 that run Windows Server 2012. Both servers have the DHCP Server server role installed. Server1is located in the main office site. Server2 is located in the branch office site. Server1 provides IPv4 addressesto the client computers in the main office site. Server2 provides IPv4 addresses to the client computers in thebranch office site. You need to ensure that if either Server1 or Server2 are offline, the client computers can stillobtain IPv4 addresses. The solution must meet the following requirements:· The storage location of the DHCP databases must not be a single point of failure. · Server1 must provide IPv4addresses to the client computers in the branch office site only if Server2 is offline.· Server2 must provide IPv4 addresses to the client computers in the main office site only if Server1 is offline.Which configuration should you use?

A. Load sharing mode failover partnersB. Hot standby mode failover partnersC. A Network Load Balancing (NLB) clusterD. A failover cluster


Explanation/Reference:http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failover-hot-standby-mode.aspx

QUESTION 38Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Server1 and Server2 Both servers have the IP Address Management (IPAM) Server feature installed.You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1and Server2. You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2.To which group on Server2 should you add Tech1.

A. IPAM MSM AdministratorsB. IPAM AdministratorsC. winRMRemoteWMIUsers_D. Remote Management Users



QUESTION 39Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012. Server1 has the Active Directory Certificate Services server roleinstalled and is configured as an enterprise certification authority (CA). You need to ensure that all of the usersin the domain are issued a certificate that can be used for the following purposes:· Email security· Client authentication· Encrypting File System (EFS)Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Modify the properties of the User certificate template, and then publish the template.B. From a Group Policy, configure the Certificate Services Client - Certificate Enrollment Policy settings.C. From a Group Policy, configure the Automatic Certificate Request Settings settings.D. Duplicate the User certificate template, and then publish the template.E. From a Group Policy, configure the Certificate Services Client - Auto-Enrollment settings.

Correct Answer: DESection: All Multiple select QuestionsExplanation


http://technet.microsoft.com/en-us/library/dd851772.aspx

QUESTION 40You manage an environment that has many servers. The servers run Windows Server 2012 and use iSCSIstorage. Administrators report that it is difficult to locate available iSCSI resources on the network. You need toensure that the administrators can locate iSCSI resources on the network by using a central repository.Which feature should you deploy?

A. The iSNS Server service featureB. The iSCSI Target Storage Provider featureC. The Windows Standards-Based Storage Management featureD. The iSCSI Target Server role service






You need to configure Server1 as a new domain controller in a new forest named contoso.test that also doesname resolution.The solution must meet the following.


A. There is no need to set the Forest Functional Level.B. Set Forest Functional Level to Windows 2003.C. Set Forest Functional Level to Windows 2008D. Set Forest Functional Level to Windows 2008 R2.E. Set Forest Functional Level to Windows 2012.F. Set Domain name system(DNS) serverG. There is no need to set the Domain Functional Level.H. Set Domain Functional Level to Windows 2003.I. Set Domain Functional Level to Windows 2008J. Set Domain Functional Level to Windows 2008 R2.K. Set Domain Functional Level to Windows 2012.

Correct Answer: BFHSection: All Multiple select QuestionsExplanation

Explanation/Reference:Very smartly reworded that you need to configure server 1 as new DC in a new forest named contoso.test and"also do name resolution". In the answer you will have to select Windows 2003 as domain and forest functionallevel and you should also check "Domain name system(DNS) server.... This is not in any dumps

Explanation: * When you deploy AD DS, set the domain and forest functional levels to the highest value thatyour environment can support. This way, you can use as many AD DS features as possible. For example, if youare sure that you will never add domain controllers that run Windows Server 2003 to the domain or forest,select the Windows Server 2008 functional level during the deployment process. However, if you might retain oradd domain controllers that run Windows Server 2003, select the Windows Server 2003 functional level.

When you deploy a new forest, you are prompted to set the forest functional level and then set the domain

functional level. You cannot set the domain functional level to a value that is lower than the forest functionallevel.

Reference: Understanding Active Directory Domain Services (AD DS) Functional Levels

QUESTION 42Your network contains two Active Directory forests named contoso.com and fabrikam.com. The contoso.comforest contains two domains named corp.contoso.com and contoso.com.

You establish a two-way forest trust between contoso.com and fabrikam.com.

Users from the corp.contoso.com domain report that they cannot log on to client computers in thefabrikam.com domain by using their corp.contoso.com user account.

When they try to log on, they receive following error message: "The computer you are signing into is protectedby an authentication firewall. The specified account is not allowed to authenticate to the computer."

Corp.contoso.com users can log on successfully to client computers in the contoso.com domain by using theircorp.contoso.com user account credentials.

You need to allow users from the corp.contoso.com domain to log on to the client computers in thefabrikam.com forest.

What should you do?

A. Configure Windows Firewall with Advanced Security.B. Enable SID history.C. Configure forest-wide authentication.D. Instruct the users to log on by using a user principal name (UPN).


Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/cc785875(v=ws.10).aspx

QUESTION 43You have a server named Server1 that runs Windows Server 2012 and is used for testing.

A developer at your company creates and installs an unsigned kernel-mode driver on Server1. The developerreports that Server1 will no longer start.

You need to ensure that the developer can test the new driver. The solution must minimize the amount of dataloss.

Which Advanced Boot Option should you select?

A. Disable Driver Signature EnforcementB. Disable automatic restart on system failureC. Last Know Good Configuration (advanced)D. Repair Your Computer



QUESTION 44You have a server named Server 1 that runs Windows Server 2012. Server1 has five network adapters. Threeof the network adapters are connected to a network named LAN1. The two other network adapters areconnected to a network named LAN2. You create a network adapter team named Team1 from two of theadapters connected to LAN1. You create a network adapter team named Team2 from the two adaptersconnected to LAN2. A company policy states that all server IP addresses must be assigned by using a reservedaddress in DHCP. You need to identify how many DHCP reservations you must create for Server1. How manyreservations should you identify?

A. 2B. 3

C. 5D. 7


Explanation/Reference:3 adapter on LAN 12 adapters on LAN 2

2 adapters on LAN 1 used in a team, so that's 3 - 2 leaving 1.2 adapaters on LAN 2 used in a team, so that's 2 - 2 leaving 0.

1 team on LAN 1 + 1 team on LAN 2 + remaining adapter on LAN 1 = 3.

QUESTION 45Your network contains an Active Directory domain named contoso.com. The domain contains servers namedServer1 and Server2 that run Windows Server 2012. Server1 has the IP Address Management (IPAM) Serverfeature installed. You install the IPAM client on Server2. You open Server Manager on Server2 as shown in theexhibit. (Click the Exhibit button.)

You need to manage IPAM from Server2. What should you do first?

A. On Server2, open Computer Management and connect to Server1.B. On Server1, add the Server2 computer account to the IPAM ASM Administrators group.C. On Server2, add Server1 to Server Manager.D. On Server1, add the Server2 computer account to the IPAM MSM Administrators group.



QUESTION 46Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC1 and a member server named Server1. Server1 has the IP Address Management (IPAM)Server feature installed. On DC1, you configure Windows Firewall to allow all of the necessary inbound ports forIPAM. On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.) You need toensure that you can use IPAM on Server1 to manage DNS on DC1. What should you do?

A. Modify the outbound firewall rules on Server1.B. Add Server1 to the Remote Management Users group.C. Add Server1 to the Event Log Readers group.D. Modify the inbound firewall rules on Server1.



QUESTION 47Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012. Server1 has the IP Address Management (IPAM) Server featureinstalled. IPAM is configured currently for Group Policy-based provisioning. You need to change the IPAMprovisioning method on Server1. What should you do?

A. Run the ipamgc.exe command.B. Run the Set-IPAMConfiguration cmdlet.C. Reinstall the IP Address Management (IPAM) Server feature.D. Delete IPAM Group Policy objects (GPOs) from the domain.


Explanation/Reference:You cannot change the provisioning method after completing the initial setup.

Exam D

QUESTION 1Your network contains servers that run Windows Server 2012. The network contains a large number of iSCSIstorage locations and iSCSI clients.

You need to deploy a central repository that can discover and list SCSI resources on the network automatically.

Which feature should you deploy?

A. the Windows Standards-Based Storage Management featureB. the iSCSI Target Server role serviceC. the iSCSI Target Storage Provider featureD. the iSNS Server service feature



QUESTION 2Your network contains an Active Directory forest named contoso.com that contains a single domain. The forestcontains three sites named Site1, Site2, and Site3. Domain controllers run either Windows Server 2008 R2 orWindows Server 2012. Each site contains two domain controllers. Site1 and Site2 contain a global catalogserver. You need to create a new site link between Site1 and Site2. The solution must ensure that the site linksupports the replication of all the naming contexts. From which node should you create the site link?To answer, select the appropriate node in the answer area.

Hot Area:

Correct Answer:



QUESTION 3Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2012.All domain controllers have the DNS Server server role installed. You have a domain controller named DC1. OnDC1, you create an Active Directory-integrated zone named adatum.com and you sign the zone by usingDNSSEC. You deploy a new read-only domain controller (RODC) named R0DC1. You need to ensure that thecontoso.com zone replicates to R0DC1. What should you configure on DC1?To answer, select the appropriate tab in the answer area.

Hot Area:

Correct Answer:



QUESTION 4Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer2 that runs Windows Server 2012. You are a member of the local Administrators group on Server2. Youinstall an Active Directory Rights Management Services (AD RMS) root cluster on Server2. You need to ensurethat the AD RMS cluster is discoverable automatically by the AD RMS client computers and the users incontoso.com. Which additional configuration settings should you configure?To answer, select the appropriate tab in the answer area.

Hot Area:

Correct Answer:



QUESTION 5Your network contains an Active Directory domain named contoso.com. The domain contains two ActiveDirectory sites named Site1 and Site2.

You discover that when the account of a user in Site1 is locked out, the user can still log on to the servers inSite2 for up to 15 minutes by using Remote Desktop Services (RDS).

You need to reduce the amount of time it takes to synchronize account lockout information across the domain.

Which attribute should you modify?

To answer, select the appropriate attribute in the answer area.

Hot Area:

Correct Answer:



QUESTION 6Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8Enterprise.

You have a remote site that only contains client computers. All of the client computer accounts are located in anorganizational unit (OU) named Remotel. A Group Policy object (GPO) named GPO1 is linked to the Remote1OU.

You need to configure BranchCache for the remote site.

Which two settings should you configure in GPO1?

To answer, select the two appropriate settings in the answer area.

Hot Area:

Correct Answer:



QUESTION 7Your network contains an Active Directory domain named contoso.com. The domain contains two ActiveDirectory sites named Site1 and Site2.

You need to configure the replication between the sites to occur by using change notification.

Which attribute should you modify?

Hot Area:

Correct Answer:


Explanation/Reference:http://blogs.technet.com/b/qzaidi/archive/2010/09/23/enable-change-notifications-between-sites-how-and-why.aspxhttp://blogs.msdn.com/b/canberrapfe/archive/2012/03/26/active-directory-replication-change-notification-amp-you.aspx

QUESTION 8Your company has a main office and a branch office. An Active Directory site exists for each office.

The network contains an Active Directory forest named contoso.com. The contoso.com domain contains threemember servers named Server1, Server2, and Server3. All servers run Windows Server 2012.

In the main office, you configure Server1 as a file server that uses BranchCache.


In the branch office, you configure Server2 and Server3 as BranchCache hosted cache servers.

You are creating a Group Policy for the branch office site.

In the branch office, you need to configure the client computers that run Windows 8 to use Server2 and Server3as BranchCache.

Hot Area:

Correct Answer:



http://technet.microsoft.com/en-us/library/ee649153(v=ws.10).aspxhttp://blogs.technet.com/b/wsnetdoc/archive/2012/06/01/highlighting-branchcache-hosted-cache-mode-in-windows-server-2012.aspx

QUESTION 9Your company has a main office and a branch office. The main office is located in Detroit. The branch office islocated in Seattle.

The network contains an Active Directory domain named adatum.com. Client computers run either

The main office contains 1,000 client computers and 50 servers. The branch office contains 20 clientcomputers.

All computer accounts for the branch office are located in an organizational unit (OU) namedSeattleComputers. A Group Policy object (GPO) named GPO1 is linked to the SeattleComputers OU.

You need to configure BranchCache for the branch office.

Hot Area:

Correct Answer:


Explanation/Reference:http://technet.microsoft.com/en-us/library/dd637820(v=ws.10).aspx

Distributed Cache modeIf client computers are configured to use Distributed Cache mode, the cached content is distributed amongclient computers on the branch office network. No infrastructure or services are required in the branch officebeyond client computers running Windows 7.

Hosted Cache mode

In hosted cache mode, cached content is maintained on a computer running Windows Server 2008 R2 on thebranch office network.

QUESTION 10Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed.You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1and Server2. You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2.To which group on Server2 should you add Tech1? To answer, select the appropriate group in the answer area.

Hot Area:

Correct Answer:


Explanation/Reference:http://www.microsoft.com/en-us/download/dlx/ThankYou.aspx?id=29012

Both WinRMRemoteWMIUsers_ and Remote Management Users have the exact same description. As such, Itested connecting with server manager remotely with a non-administrative account. I tried before adding toeither group and got this error:

I then added to Remote Management Users and got this error:

--Note that this is due to access to the event log only.

Next I removed from Remote Management Users and added to WinRMRemoteWMIUsers_ and got this error:

The error is exactly the same and the explanation is due to event log.

In summary, Either one of these answers is correct, however since the document explicitly says use the"WinRMRemoteWMIUsers_" group, then that's what we gotta do.

QUESTION 11Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012. Server1 has the Active Directory Federation Services (AD FS) serverrole installed. Adatum.com is a partner organization. You are helping the administrator of adatum.com set up afederated trust between adatum.com and contoso.com. The administrator of adatum.com asks you to provide afile containing the federation metadata of contoso.com. You need to identify the location of the federationmetadata file. Which node in the AD FS console should you select? To answer, select the appropriate node inthe answer area

Hot Area:

Correct Answer:


Explanation/Reference:http://blogs.msdn.com/b/card/archive/2010/06/25/using-federation-metadata-to-establish-a-relying-party-trust-in-ad-fs-2-0.aspx

QUESTION 12Your network contains an Active Directory domain named contoso.com. The domain contains an enterprisecertification authority (CA). The domain contains a server named Server1 that runs Windows Server 2012. Youinstall the Active Directory Federation Services server role on Server1. You plan to configure Server1 as anActive Directory Federation Services (AD FS) server. The Federation Service name will be set toadfsl.contoso.com. You need to identify which type of certificate template you must use to request a certificatefor AD FS. Which certificate template should you identify? To answer, select the appropriate template in theanswer area.

Hot Area:

Correct Answer:


Explanation/Reference:http://blogs.msdn.com/b/alextch/archive/2011/06/27/installing-a-stand-along-adfs-service.aspx

QUESTION 13HOTSPOT

Your company has a primary data center and a disaster recovery data center.

The network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 runs Windows Server 2012. Server1 is located in the primary data center.

Server1 has an enterprise root certification authority (CA) for contoso.com.

You deploy another server named Server2 to the disaster recovery data center.

You plan to configure Server2 as a secondary certificate revocation list (CRL) distribution point.

You need to configure Server2 as a CRL distribution point (CDP).

Which tab should you use to configure the required CDP entry?

To answer, select the appropriate tab in the answer area.

Hot Area:

Correct Answer:



http://technet.microsoft.com/zh-cn/library/jj125369.aspx

QUESTION 14HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012.

Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured asnodes in an NLB cluster named Cluster1. Both servers connect to the same switch.

Cluster1 hosts a secure web application named WebApp1. WebApp1 saves user state information in a centraldatabase.

You need to ensure that the connections to WebApp1 are distributed evenly between the nodes.The solution must minimize port flooding.


To answer, configure the appropriate affinity and the appropriate mode for Cluster1 in the answer area.

Hot Area:

Correct Answer:



QUESTION 15HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012. Server1 has the Active Directory Federation Services server roleinstalled.

You need to make configuration changes to the Windows Token-based Agent role service.Which tool should you use?

To answer, select the appropriate tool in the answer area.

Hot Area:

Correct Answer:



QUESTION 16HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012. Server1 and Server2 have theHyper-V server role installed. The servers are configured as shown in the following table.

You add a third server named Server3 to the network. Server3 has Intel processors.

You need to move VM3 and VM6 to Server3. The solution must minimize downtime on the virtual machines.

Which method should you use to move each virtual machine?

To answer, select the appropriate method for each virtual machine in the answer area.

Hot Area:

Correct Answer:



QUESTION 17HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012.

Server1 and Server2 have the Hyper-V server role and the Failover Clustering feature installed.

Server1 and Server2 are members of a cluster named Cluster1. Cluster1 hosts 10 virtual machines.

When you try to migrate a running virtual machine from one server to another, you receive the following errormessage: "There was an error checking for virtual machine compatibility on the target node."

You need to ensure that the virtual machines can be migrated from one node to another.

From which node should you perform the configuration?

To answer, select the appropriate node in the answer area.

Hot Area:

Correct Answer:



http://www.shogan.co.uk/tag/esxi/ .shogan.co.uk/tag/esxi/

QUESTION 18HOTSPOT

Your network contains two servers named Server1 and Server2 that run Windows Server 2012. Server1 andServer2 have the Hyper-V server role installed.

Server1 and Server2 have different processor models from the same manufacturer.

On Server1, you plan to create a virtual machine named VM1. Eventually, VM1 will be exported to Server2.

You need to ensure that when you import VM1 to Server2, you can start VM1 from saved snapshots.

What should you configure on VM1?

To answer, select the appropriate node in the answer area.

Hot Area:

Correct Answer:


Explanation/Reference:http://technet.microsoft.com/en-us/magazine/gg299590.aspx

QUESTION 19HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains a file servernamed Server1. Server1 is a BranchCache hosted cache server that is located in a branch office.

The network contains client computers that run either Windows 7 or Windows 8.

For the branch office, all of the user accounts and the client computer accounts are located in an organizationalunit (OU) named Branch1. A Group Policy object (GPO) named GPO1 is linked to Branch 1. GPO1 containsthe BranchCache settings.

You discover that users in the branch office who have client computers that run Windows 7 do not accesscached content from Server1. Users in the branch office who have Windows 8 computers access cachedcontent from Server1.

You need to configure the Windows 7 computers to use BranchCache on Server1. Which setting should youconfigure in GPO1?

To answer, select the appropriate setting in the answer area.

Hot Area:

Correct Answer:



QUESTION 20HOTSPOT

Your network contains two DHCP servers named Server1 and Server2. Server1 fails.

You discover that DHCP clients can no longer receive IP address leases.

You need to ensure that the DHCP clients receive IP addresses immediately.

What should you configure from the View/Edit Failover Relationship settings? To answer, select the appropriatesetting in the answer area.

Hot Area:

Correct Answer:



QUESTION 21Your network contains an Active Directory domain named contoso.com. The domain contains aserver named Server1 that runs Windows Server 2012. Server1 has the Active Directory

Certificate Services server role installed and configured.For all users, you are deploying smart cards for logon. You are using an enrollment agent to enrollthe smart card certificates for the users.You need to configure the Contoso Smartcard Logon certificate template to support the use of theenrollment agent.Which setting should you modify?To answer, select the appropriate setting in the answer area.

Hot Area:

Correct Answer:


Explanation/Reference:http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/162e1108-bd46-4b2b-9ea0-4fff8949a810http://technet.microsoft.com/en-us/library/cc725621(v=WS.10).aspx

QUESTION 22HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains the two servers.The servers are configured as shown in the following table.

You investigate a report about the potential compromise of a private key for a certificate issued to Server2.

You need to revoke the certificate issued to Server2. The solution must ensure that the revocation can bereverted.

Which reason code should you select?

To answer, select the appropriate reason code in the answer area.

Hot Area:

Correct Answer:



http://technet.microsoft.com/en-us/library/cc753724(v=WS.10).aspx

QUESTION 23HOTSPOT

You have a server named Server1 that runs Windows Server 2012. The volumes on Server1 are configured asshown in the following table.

A new corporate policy states that backups must use Windows Azure Online Backup whenever possible.

You need to identify which backup methods you must use to back up Server1. The solution must use WindowsAzure Online Backup whenever possible.

Which backup type should you identify for each volume?

To answer, select the appropriate backup type for each volume in the answer area.

Hot Area:

Correct Answer:



http://technet.microsoft.com/en-us/library/jj614621.aspx http://technet.microsoft.com/zh-cn/library/hh831419.aspx

QUESTION 24Your network contains three Application servers that run Windows Server 2012. The Application servers havethe Network Load Balancing (NLB) feature installed.

You create an NLB cluster that contains the three servers.

You plan to deploy an Application named App1 to the nodes in the cluster. App1 uses TCP port 8080 and TCPport 8081.

Clients will connect to App1 by using HTTP and HTTPS. When clients connect to App1 by using HTTPS,session state information will be retained locally by the cluster node that responds to the client request.

You need to configure a port rule for App1.

Which port rule should you use?

To answer, select the appropriate rule in the answer area

Hot Area:

Correct Answer:

Section: New QuestionsExplanation


QUESTION 25Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Server1 and Server2 that run Windows Server 2012. The servers have the Hyper-V server roleinstalled.

A certification authority (CA) is available on the network.

A virtual machine named vml.contoso.com is replicated from Server1 to Server2. A virtual machine namedvm2.contoso.com is replicated from Server2 to Server1.

You need to configure Hyper-V to encrypt the replication of the virtual machines.

Which common name should you use for the certificates on each server?

To answer, configure the appropriate common name for the certificate on each server in the answer area.

Hot Area:

Correct Answer:



Exam E

QUESTION 1Your network contains an Active Directory forest. The forest contains a single domain named contoso.com. Theforest contains two Active Directory sites named Main and Branch1. The sites connect to each other by using asite link named Main-Branch1. There are no other site links. Each site contains several domain controllers. Alldomain controllers run Windows Server 2012. Your company plans to open a new branch site named Branch2.The new site will have a WAN link that connects to the Main site only. The site will contain two domaincontrollers that run Windows Server 2012. You need to create a new site and a new site link for Branch2. Thesolution must ensure that the domain controllers in Branch2 only replicate to the domain controllers in Branch1if all of the domain controllers in Main are unavailable. Which three actions should you perform? To answer,move the three appropriate actions from the list of actions to the answer area and arrange them in the correctorder.

Select and Place:

Correct Answer:



QUESTION 2Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2 that run Windows Server 2012. You configure a new failover clusternamed Cluster1. Server1 and Server2 are nodes in Cluster1. You need to configure the disk that will be usedas a witness disk for Cluster1. How should you configure the witness disk?To answer, drag the appropriate configurations to the correct location or locations. Each configuration may beused once, more than once, or not at all. You may need to drag the split bar between panes or scroll to viewcontent.

Select and Place:

Correct Answer:


Explanation/Reference:http://technet.microsoft.com/en-us/library/jj612870.aspx#BKMK_witness

QUESTION 3Your network contains an Active Directory domain named contoso.com. All file servers in the domain runWindows Server 2012. The computer accounts of the file servers are in an organizational unit (OU) namedOU1. A Group Policy object (GPO) named GP01 is linked to OU1. You plan to modify the NTFS permissionsfor many folders on the file servers by using central access policies. You need to identify any users who will bedenied access to resources that they can currently access once the new permissions are implemented. Inwhich order should you perform the five actions? To answer, move all actions from the list of actions to theanswer area and arrange them in the correct order.

Select and Place:

Correct Answer:




QUESTION 4

You have a server named Server2 that runs Windows Server 2012. You have storage provisioned on Server2as shown in the exhibit. (Click the Exhibit button.) You need to configure the storage so that it appears inWindows Explorer as a drive letter on Server1. Which three actions should you perform in sequence? Toanswer, move the three appropriate actions from the list of actions to the answer area and arrange them in thecorrect order.

Select and Place:

Correct Answer:


Explanation/Reference:http://blogs.technet.com/b/filecab/archive/2012/05/21/introduction-of-iscsi-target-in-windows-server-2012.aspx

QUESTION 5Your network contains an Active Directory domain named contoso.com. The domain contains a file servernamed Server1. All servers run Windows Server 2012. All domain user accounts have the Division attributeautomatically populated as part of the user provisioning process. The Support for Dynamic Access Control andKerberos armoring policy is enabled for the domain. You need to control access to the file shares on Server1based on the values in the Division attribute and the Division resource property. Which three actions should youperform in sequence? To answer, move the three appropriate actions from the list of actions to the answer areaand arrange them in the correct order.

Select and Place:

Correct Answer:


Explanation/Reference:http://technet.microsoft.com/de-de/library/hh846167.aspx

First create a claim type for the property, then create a reference resource property that points back to theclaim. Finally set the classification value on the folder.

QUESTION 6You have a file server named Server1 that runs Windows Server 2012. The folders on Server1 are configuredas shown in the following table.

A new corporate policy states that backups must use Microsoft Online Backup whenever possible. You need toidentify which technology you must use to back up Server1. The solution must use Microsoft Online Backupwhenever possible. What should you identify? To answer, drag the appropriate backup type to the correctlocation or locations. Each backup type may be used once, more than once, or not at all. You may need to dragthe split bar between panes or scroll to view content.

Select and Place:

Correct Answer:



QUESTION 7DRAG DROP

You have 3 server named Server1 that runs Windows Server 2012.

You are asked to test Windows Azure Online Backup to back up Server1.

You need to back up Server1 by using Windows Azure Online Backup.

Which four actions should you perform in sequence?

To answer, move the appropriate four actions from the list of actions to the answer area and arrange them inthe correct order.

Select and Place:

Correct Answer:



http://technet.microsoft.com/en-us/library/jj884318.aspxhttp://technet.microsoft.com/en-us/library/hh831761.aspx#BKMK_installagentSo,

QUESTION 8DRAG DROP

Your network contains an Active Directory domain named contoso.com. The domain contains two DHCPservers named DHCP1 and DHCP2 that run Windows Server 2012.

You install the IP Address Management (IPAM) Server feature on a member server named Server1 and yourun the Run Invoke-IpamGpoProvisioning cmdlet.

You need to manage the DHCP servers by using IPAM on Server1.Which three actions should you perform?

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them inthe correct order.

Select and Place:

Correct Answer:



http://technet.microsoft.com/zh-cn/library/jj878325.aspx

QUESTION 9DRAG DROP

Your network contains two Active Directory forests named contoso.com and adatum.com. All domaincontrollers run Windows Server 2012.

A federated trust exists between adatum.com and contoso.com. The trust provides adatum.com users withaccess to contoso.com resources.

You need to configure Active Directory Federation Services (AD FS) claim rules for the federated trust. Thesolution must meet the following requirements:

- In contoso.com, replace an incoming claim type named Group with an outgoing claim type named Role.- In adatum.com, allow users to receive their tokens for the relying party by using their Active Directory groupmembership as the claim type.

The AD FS claim rules must use predefined templates.

Which rule types should you configure on each side of the federated trust?

To answer, drag the appropriate rule types to the correct location or locations. Each rule type may be usedonce, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Select and Place:

Correct Answer:



http://technet.microsoft.com/zh-cn/library/ee913586(v=WS.10).aspx

QUESTION 10DRAG DROP

Your network contains four servers that run Windows Server 2012.

Each server has the Failover Clustering feature installed. Each server has three network adapters installed. AniSCSI SAN is available on the network.

You create a failover cluster named Cluster1. You add the servers to the cluster.

You plan to configure the network settings of each server node as shown in the following table.

You need to configure the network settings for Cluster1.

What should you do?

To answer, drag the appropriate network communication setting to the correct cluster network. Each networkcommunication setting may be used once, more than once, or not at all. You may need to drag the split barbetween panes or scroll to view content.

Select and Place:

Correct Answer:



http://technet.microsoft.com/en-us/library/cc787135(v=WS.10).aspx

QUESTION 11DRAG DROP

Your network contains an Active Directory domain named contoso.com. The domain contains four memberservers named Server1, Server2, Servers, and Server4. All servers run Windows Server 2012.

Server1 and Server2 are located in a site named Site1. Server3 and Server4 are located in a site named Site2.The servers are configured as nodes in a failover cluster named Cluster1.

Cluster1 is configured to use the Node Majority quorum configuration.

You need to ensure that Server1 is the only server in Site1 that can vote to maintain quorum.

What should you run from Windows PowerShell?To answer, drag the appropriate commands to the correct location. Each command may be used once, morethan once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Select and Place:

Correct Answer:




A new corporate policy states that backups must use Microsoft Online Backup whenever possible.

You need to identify which technology you must use to back up Server1. The solution must use MicrosoftOnline Backup whenever


Select and Place:

Correct Answer:




A new corporate policy states that backups must use Windows Azure Online Backup whenever possible.

You need to identify which technology you must use to back up Server1. The solution must use Windows AzureOnline Backup whenever possible.


To answer, drag the appropriate backup type to the correct location or locations. Each backup type may beused once, more than once, or not at all. You may need to drag the split bar between panes or scroll to viewcontent.

Select and Place:

Correct Answer:



QUESTION 14Your network contains an Active Directory domain named contoso.com. The domain contains four memberservers named Server1, Server2, Server3, and Server4.

Server1 and 5erver2 run Windows Server 2008 R2. Server1 and Server2 have the Hyper-V server role and the

Failover Clustering feature installed. Failover Clustering is configured to provide highly available virtualmachines by using a cluster named Cluster1. Cluster1 hosts 10 virtual machines.

Server3 and Server4 run Windows Server 2012.

You install the Hyper-V server role and the Failover Clustering feature on Server3 and Server4. You create acluster named Cluster2.

You need to migrate cluster resources from Cluster1 to Cluster2. The solution must minimize downtime on thevirtual machines.

Which five actions should you perform?

To answer, move the appropriate five actions from the list of actions to the answer area and arrange them inthe correct order.

Select and Place:

Correct Answer:



Exam F

QUESTION 1Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs

Windows Server 2012. The system properties of Server1 are shown in the exhibit. (Click the Exhibit button.)

You need to configure Server1 as an enterprise subordinate certification authority (CA).


Exhibit:

A. Add RAM to the server.B. Set the Startup Type of the Certificate Propagation service to Automatic.C. Install the Certification Authority Web Enrollment role service.D. Join Server1 to the contoso.com domain.

Correct Answer: BSection: New QuestionsExplanation





You need to configure Server1 as a new domain controller in a new forest named contoso.test.

The solution must meet the following.


A. There is no need to set the Forest Functional Level.B. Set Forest Functional Level to Windows 2003.C. Set Forest Functional Level to Windows 2008.D. Set Forest Functional Level to Windows 2008 R2.E. Set Forest Functional Level to Windows 2012.F. There is no need to set the Domain Functional LevelG. Set Domain Functional Level to Windows 2003.H. Set Domain Functional Level to Windows 2008.I. Set Domain Functional Level to Windows 2008 R2.J. Set Domain Functional Level to Windows 2012.

Correct Answer: BFHSection: New QuestionsExplanation

Explanation/Reference:REWORDEDVery smartly reworded that you need to configure server 1 as new DC in a new forest named contoso.test and"also do name resolution". In the answer you will have to select Windows 2003 as domain and forest functionallevel and you should also check "Domain name system(DNS) server.... This is not in any dumps

* When you deploy AD DS, set the domain and forest functional levels to the highest value that yourenvironment can support. This way, you can use as many AD DS features as possible. For example, if you aresure that you will never add domain controllers that run Windows Server 2003 to the domain or forest, selectthe Windows Server 2008 functional level during the deployment process. However, if you might retain or adddomain controllers that run Windows Server 2003, select the Windows Server 2003 functional level. When youdeploy a new forest, you are prompted to set the forest functional level and then set the domain functional level.You cannot set the domain functional level to a value that is lower than the forest functional level.

http://technet.microsoft.com/en-us/library/understanding-active-directory-functional- levels(v=ws.10).aspx

QUESTION 3You have a server named Server1 that runs Windows Server 2012. Server1 has the File Server ResourceManager role service installed.

You attempt to delete a classification property and you receive the error message as shown in the exhibit.

You need to delete the isConfidential classification property. (Click the Exhibit button.)

What should you do?

Exhibit:

A. Delete the classification rule that is assigned the isConfidential classification propertyB. Disable the classification rule that is assigned the isConfidential classification property.C. Set files that have an isConfidential classification property value of Yes to No.D. Clear the isConfidential classification property value of all files.

Correct Answer: ASection: New QuestionsExplanation



You need to create an IPv6 scope on Server1. The scope must use an address space that is reserved forprivate networks. The addresses must be routable.

Which IPV6 scope prefix should you use?

A. FF00::B. FE80:123:4567::C. FD00:123:4567::D. FF00:123:4567:890A::

Correct Answer: CSection: New QuestionsExplanation


QUESTION 5Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012.Microsoft 70-412 : Practice TestServer1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in afailover cluster named Cluster1. Cluster1 has access to four physical disks. The disks are configured as shownin the following table.

You need to identify which disk can be added to a Clustered Storage Space in Cluster1.

Which disk should you identify?

A. Disk1B. Disk2C. Disk3D. Disk4



QUESTION 6Your network contains four Active Directory forests. Each forest contains an Active Directory RightsManagement Services (AD RMS) root cluster.

All of the users in all of the forests must be able to access protected content from any of the forests.

You need to identify the minimum number of AD RMS trusts required.

How many trusts should you identify?

A. 3B. 6C. 12D. 16



QUESTION 7Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012.

The domain contains a domain controller named DC1 that is configured as an enterprise root certificationauthority (CA).

All users in the domain are issued a smart card and are required to log on to their domain- joined clientcomputer by using their smart card.

A user named User1 resigned and started to work for a competing company.

You need to prevent User1 immediately from logging on to any computer in the domain.

The solution must not prevent other users from logging on to the domain.


A. Active Directory Users and ComputersB. Server ManagerC. The Certificates snap-inD. The Certification Authority console

Correct Answer: DSection: New QuestionsExplanation

Explanation/Reference:Explanation: You can use the Certification Authority console to configure CAs. This includes the following tasks:

(D) Scheduling certificate revocation list publication.Installing the CA certificate when necessary.Configuring exit module settings.Configuring policy module settings.Modifying security permissions and delegate control of CAs. Enabling optional Netscape-compatible Web-based revocation checking.

Reference: Configure Certification Authorities

QUESTION 8Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. Theforest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domaincontrollers. The domain controllers are configured as shown in the following table.

An IP site link exits between each site.

You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB.

You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of thedomain controllers in SiteB are unavailable.

What should you do?

A. Create an SMTP site link between SiteB and SiteCB. Decrease the cost of the site link between SiteB and SiteC.C. Disable site link bridging.D. Create additional connection objects for DC1 and DC2.


Explanation/Reference: By decreasing the site link cost between SiteB and SiteC the SiteC users Microsoft 70-412 : Practice Test

would be authenticated by SiteB rather than by SiteA.

QUESTION 9You have a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server roleinstalled.

You need to store the contents of all the DNS queries received by Server1.


A. Logging from Windows Firewall with Advanced SecurityB. Debug logging from DNS ManagerC. A Data Collector Set (DCS) from Performance MonitorD. Monitoring from DNS Manager


Explanation/Reference:The following DNS debug logging options are available:* Direction of packets

Send Packets sent by the DNS server are logged in the DNS server log file. Receive Packets received by theDNS server are logged in the log file.

* Content of packets

(D) Standard queries Specifies that packets containing standard queries (per RFC 1034) are logged in the DNSserver log file.

Updates Specifies that packets containing dynamic updates (per RFC 2136) are logged in the DNS server logfile.

Notifies Specifies that packets containing notifications (per RFC 1996) are logged in the DNS server log file.

Etc.

Reference: Using server debug logging options

QUESTION 10

Your network contains an Active Directory domain named contoso.com. All domain controllers run WindowsServer 2012. The domain contains two domain controllers. The domain controllers are configured as shown inthe following table.

You configure a user named User1 as a delegated administrator of DC10.

You need to ensure that User1 can log on to DC10 if the network link between the site and the Branch site fails.

What should you do?

A. On DC10, run ntdsutil and configure the settings in the Roles contextB. On DC10, run ntdsutil and configure the settings in the Local Roles contextC. Modify the properties of the DCIO computer accountD. Run repadmin and specify /replsingleobject parameter


Explanation/Reference: Modify the following policy:Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow logon locally

Note:* User Rights Assignment policies determines which users or groups have logon rights or privileges on thecomputer.

* Delegated administrator accounts gain local administrative permissions to the RODC. These users canoperate with privileges equivalent to the local computer's Administrators group. They are not members of theDomain Admins or the domain built-in Administrators groups. This option is useful for delegating branch officeadministration without giving out domain administrative permissions. Configuring delegation of administration isnot required.

QUESTION 11Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012.The domain contains a file server named Server1. The domain contains a domain controller named DC1.Server1 contains three shared folders. The folders are configured as shown in the following table.

Folder2 has a conditional expression of User.Department= = MMarketing".

You discover that a user named User1 cannot access \\Server1\folder2. User1 can access \\Server1\folderl and\\Server1\folder3.

You verify the group membership of User1 as shown in the Member Of exhibit.

You verify the organization information of User1 as shown in the Organization exhibit.

You verify the general properties of User1 as shown in the General exhibit

You need to ensure that User1 can access the contents of \\Server1\folder2.

img-250 (exhibit):

img-251 (exhibit):

img-252 (exhibit):

A. From a Group Policy object (GPO), set the Support for Dynamic Access Control and Kerberos armoringsetting to Always provide claims.

B. Change the department attribute of User1.C. Grant the Full Control NTFS permissions on Folder2 to User1.D. Remove User11from the Accounting global group.


Explanation/Reference:Conditional Expression and users Department must match http://technet.microsoft.com/en-us/library/jj134043.aspx

QUESTION 12Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. Thedomain contains three domain controllers. The domain controllers are configured as shown in the followingtable.

Microsoft 70-412 : Practice TestYou plan to test an Application on a server named Server1. Server1 is currently located in Site1. After the test,Server1 will be moved to Site2.

You need to ensure that Server1 attempts to authenticate to DC3 first, while you test the Application.

What should you do?

A. Create a new site and associate the site to an existing site link object.B. Modify the registry on DC3.C. Modify the weight of site-specific service location (SRV) DNS records Site1.D. Modify the registry on Server1.


Explanation/Reference:A number between 1 and 65535 to be used as a load-balancing mechanism. When you select among morethan one target SRV host for the type of service (specified in Service) that use the same Priority number, youcan use this field to weight preference toward specific hosts. Where several hosts share equal priority, SRV-specified hosts with higher weight values that are entered here should be returned first to resolver clients inSRV query results.

Reference: Service Location (SRV) Resource Record Dialog Box

QUESTION 13Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server Microsoft 70-412 : Practice Test2012.

Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in afailover cluster named Cluster1. Cluster1 has access to four physical disks. The disks are configured as shownin the following table.

You need to ensure that all of the disks can be added to a Cluster Shared Volume (CSV).


A. Enable BitLocker on Disk4.

B. Format Disk3 to use NTFS.C. Format Disk2 to use NTFS.D. Disable BitLocker on Disk1.

Correct Answer: BCSection: New QuestionsExplanation

Explanation/Reference:You cannot use a disk for a CSV that is formatted with FAT, FAT32, or Resilient File System (ReFS).

QUESTION 14Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Node1 and Node2. Node1 and Node2 run Windows Server 2012. Node1 and Node2 are configured asa two-node failover cluster named Cluster2.

The computer accounts for all of the servers reside in an organizational unit (OU) named Servers.

A user named User1 is a member of the local Administrators group on Node1 and Node2.

User1 creates a new clustered File Server role named File1 by using the File Server for general use option. Areport is generated during the creation of File1 as shown in the exhibit. (Click the Exhibit button.)

File1 fails to start.

You need to ensure that you can start File1.

What should you do?

Exhibit:

A. Log on to the domain by using the built-in Administrator for the domain, and then recreate the clustered FileServer role by using the File Server for general use option.

B. Recreate the clustered File Server role by using the File Server for scale-out Application data option.C. Assign the computer account permissions of Cluster2 to the Servers OU.D. Assign the user account permissions of User1 to the Servers OU. E. Increase the value of the ms-DS-

MachineAccountQuota attribute of the domain.



QUESTION 15Your network contains an Active Directory forest. The forest contains one domain named adatum.com. Thedomain contains three domain controllers. The domain controllers are configured as shown in the followingtable.

DC2 has all of the domain-wide operations master roles. DC3 has all of the forest-wide operation master roles.

You need to ensure that you can use Password Settings objects (PSOs) in the domain.


A. Uninstall Active Directory from DC1B. Change the domain functional level.C. Transfer the domain-wide operations master roles.D. Transfer the forest-wide operations master roles.

Correct Answer: ASection: New QuestionsExplanation


QUESTION 16Your network contains an Active Directory domain named contoso.com. The domain contains two domaincontrollers named DC1 and DC2 that run Windows Server 2012.

DC1 and DC2 fail to replicate Active Directory information.

You confirm that DC1 and DC2 have network connectivity.

The NTDS Settings of DC2 are configured as shown in the NTDS Settings exhibit.

DNS is configured as shown in the DNS exhibit

You need to ensure that DC1 and DC2 can replicate immediately.


img-263 (exhibit):

img-264 (exhibit):

A. From DC1, restart the Netlogon service.B. From DC2, run nltest.exe /sync.C. From DC1, run ipconfig /flushdns.D. From DO, run repadmin /syncallE. From DC2, run ipconfig /registerdns.F. From DC2, restart the Netlogon service.

Correct Answer: DESection: New QuestionsExplanation

Explanation/Reference:The DC2 name/alias is not available in DNS. First we register the DC2 name from DC with the ipcpnfig /registerdns. (E)

Then we synchronizes a specified domain controller DC1 (DC2 would also work) with all of its replicationpartners with repadmin /syncall. (D)

QUESTION 17Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012.

Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in afailover cluster named Cluster1. Cluster1 contains a file server role named FS1 and a generic service rolenamed SVC1. Server1 is the preferred node for FS1. Server2 is the preferred node for SVC1.

You plan to run a disk maintenance tool on the physical disk used by FS1.

You need to ensure that running the disk maintenance tool does not cause a failover to occur.

What should you do before you run the tool?

A. Run cluster.exe and specify the pause parameter.B. Run cluster.exe and specify the offline parameter.C. Run Suspend-ClusterResource.D. Run Suspend-ClusterNode.



QUESTION 18Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012. Server1 is an enterprise root certification authority (CA) forcontoso.com.

Your user account is assigned the certificate manager role and the auditor role on the contoso.com CA. Youraccount is a member of the local Administrators group on Server1.

You enable CA role separation on Server1.

You need to ensure that you can manage the certificates on the CA.

What should you do?

A. Remove your user account from the local Administrators group.B. Assign the CA administrator role to your user accountC. Assign your user account the Bypass traverse checking user rightD. Remove your user account from the Manage auditing and security log user right.



QUESTION 19You have a server named LON-DC1 that runs Windows Server 2012. An iSCSI virtual disk namedVirtuahSCSIl.vhd exists on LON-DC1 as shown in the exhibit.

You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target.

VirtuahSCSI1.vhd is removed from LON-DC1.

You need to assign VirtualiSCSI2.vhd a logical unit value of 0.

What should you do?

Exhibit:

A. Modify the properties of the itgt ISCSI target.B. Modify the properties of the VirtualiSCSI2.vhd iSCSI virtual disk.C. Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter.D. Run the iscsicli command and specify the reportluns parameter.


Explanation/Reference:Set-VirtualDiskModifies the attributes of an existing virtual disk.Applies To: Windows Server 2012-UniqueId<String>Specifies an ID used to uniquely identify a Disk object in the system. The ID persists through restarts.

Note: Logical unit numbers (LUNs) created on an iSCSI disk storage subsystem are not directly assigned to aserver. For iSCSI, LUNs are assigned to logical entities called targets.

QUESTION 20

Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 and has the DNS Server server role installed.

Server1 has a zone named contoso.com. The zone is configured as shown in the exhibit.(Click the Exhibit button.)

You need to assign a user named User1 permission to add and delete records from the contoso.com zoneonly.


Exhibit:

A. Enable the Advanced view from DNS Manager.B. Add User1 to the DnsUpdateProxy group.C. Run the New Delegation Wizard.D. Configure the zone to be Active Directory-integrated.



QUESTION 21Your network contains two servers named HV1 and HV2. Both servers run Windows Server 2012 and have theHyper-V server role installed.

HV1 hosts 25 virtual machines. The virtual machine configuration files and the virtual hard disks are stored inD:\VM.

You shut down all of the virtual machines on HV1.

You copy D:\VM to D:\VM on HV2.

You need to start all of the virtual machines on HV2. You want to achieve this goal by using the minimum

amount of administrative effort.

What should you do?

A. Run the Import-VMInitialReplication cmdlet.B. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and overwrite the existing

files. On HV2, run the Import Virtual Machine wizard.C. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and overwrite the existing

files. On HV2, run the New Virtual Machine wizard.D. Run the Import-VM cmdlet.



QUESTION 22Your network contains two servers that run Windows Server 2012 named Server1 and Server2. Both servershave the File Server role service installed.

On Server2, you create a share named Backups.

From Windows Server Backup on Server1, you schedule a full backup to run every night. You set the backupdestination to \\Server2 \Backups.

After several weeks, you discover that \\Server2\Backups only contains the last backup that completed onServer1.

You need to ensure that multiple backups of Server1 are maintained.

What should you do?

A. Modify the Volume Shadow Copy Service (VSS) settingsB. Modify the properties of the Windows Store Service (WSService) service.C. Change the backup destination,D. Configure the permission of the Backups share.



QUESTION 23Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012. Server1 has an enterprise root certification authority (CA) forcontoso.com.Microsoft 70-412 : Practice TestYou deploy another member server named Server2 that runs Windows Server 2012 and has the Web Server(IIS) server role installed.

You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point for the CA.The solution must ensure that CRLs are published automatically to Server2.

Which two actions should you perform? (Each correct answer presents part of the solution.

Choose two.)

A. Create an http:// CRL distribution point (CDP) entry.B. Configure a CA exit module.C. Create a file:// CRL distribution point (CDP) entry.D. Configure an enrollment agent.E. Configure a CA policy module.

Correct Answer: AESection: New QuestionsExplanation

Explanation/Reference:Explanation: A: To specify CRL distribution points in issued certificates Open the Certification Authority snap-in.In the console tree, click the name of the CA.On the Action menu, click Properties , and then click the Extensions tab. Confirm that Select extension is set toCRL Distribution Point (CDP) . Do one or more of the following. (The list of CRL distribution points is in theSpecify locations from which users can obtain a certificate revocation list (CRL) box.)

/ To indicate that you want to use a URL as a CRL distribution point Click the CRL distribution point, select theInclude in the CDP extension of issued certificates check box, and then click OK .Click Yes to stop and restart Active Directory Certificate Services (AD CS).

E: You can specify CRL Distribution Points (CDPs) in CAPolicy.inf. Note that any CDP in CAPolicy.inf will takeprecedence for certificate verifiers over the CDP's specified in the CA policy module.

Note:CRLDistributionPoint

You can specify CRL Distribution Points (CDPs) for a root CA certificate in the CAPolicy.inf. This section doesnot configure the CDP for the CA itself. After the CA has been installed you can configure the CDP URLs thatthe CA will include in each certificate that it issues. The URLs specified in this section of the CAPolicy.inf file areincluded in the root CA certificate itself.Example:[CRLDistributionPoint]URL=http://pki.wingtiptoys.com/cdp/WingtipToysRootCA.crl


Documents

Microsoft.Certkey.70-412.v2013-10-09.by.ANNA · 10/9/2013 · The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012. Server1 and Server2