412 Set 5

Card Set Information

Author:
BlackWidow
ID:
288792
Filename:
412 Set 5
Updated:
2014-11-10 12:27:28
Tags:
412 Set
Folders:

Description:
412 Set 5
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user BlackWidow on FreezingBlue Flashcards. What would you like to do?


  1. The domain contains two servers named Node1 and Node2. Node1 and Node2 run Windows Server 2012 R2. Node1 and Node2 are configured as a two-node failover cluster named Cluster2.

    The computer accounts for all of the servers reside in an organizational unit (OU) named Servers. A user named User1 is amember of the local Administrators group on Node1 and Node2.

    User1 creates a new clustered File Server role named File1 by using the File Server for general use option. A report is generated during the creation of File1 as shown in the exhibit.



    File1 fails to start. You need to ensure that you can start File1.

    What should you do?

    A. Log on to the domain by using the built-in Administrator for the domain, and then recreatethe clustered File Server role by using the File Server for general use option.

    B. Recreate the clustered File Server role by using the File Server for scale-out App1ication dataoption.

    C. Assign the computer account permissions of Cluster2 to the Servers OU.

    D. Assign the user account permissions of User1 to the Servers OU.

    E. Increase the value of the ms-DS-MachineAccountQuota attribute of the domain.
    B. Recreate the clustered File Server role by using the File Server for scale-out App1ication dataoption.
  2. Your network contains an Active Directory forest. The forest contains one domain named adatum.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table. 



    DC2 has all of the domain-wide operations master roles. DC3 has all of the forest-wide operation master roles.

    You need to ensure that you can use Password Settings objects (PSOs) in the domain. What should you do first?

    A.    Uninstall Active Directory from DC1. 

    B.    Change the domain functional level. 

    C.    Transfer the domain-wide operations master roles. 

    D.    Transfer the forest-wide operations master roles.
    A.    Uninstall Active Directory from DC1.
  3. Your network contains an Active Directory forest named contoso.com. The forest contains three domains. All domain controllers run Windows Server 2012 R2. The forest has a two-way realm trust to a Kerberos realm named adatum.com.

    You discover that users in adatum.com can only access resources in the root domain of contoso.com.

    You need to ensure that the adatum.com users can access the resources in all of the domains in the forest. What should you do in the forest?

    A. Delete the realm trust and create a forest trust.

    B. Delete the realm trust and create three external trusts.

    C. Modify the incoming realm trust.

    D. Modify the outgoing realm trust.
    D. Modify the outgoing realm trust.
  4. Your network contains an Active Directory domain named contoso.com. The domain contains twomember servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1and Server2 have the Failover Clustering feature installed. The servers are configured as nodes ina failover cluster named Cluster1. Cluster1 contains a Clustered Shared Volume (CSV). Adeveloper creates an App1ication named App1. App1 is NOT a cluster-aware App1ication. App1stores data in the file system.

    You need to ensure that App1 runs in Cluster1. The solution must minimize development effort.

    Which cmdlet should you run?

    A. Add-ClusterGenericServiceRole

    B. Add-ClusterServerRole

    C. Add-ClusterGenericApp1icationRole

    D. Add-ClusterScaleOutFileServerRole
    C. Add-ClusterGenericApp1icationRole
  5. Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2. DC1 and DC2 fail to replicate Active Directory information. You confirm that DC1 and DC2 have network connectivity.The NTDS Settings of DC2 are configured as shown in the NTDS Settings exhibit.



    You need to ensure that DC1 and DC2 can replicate immediately. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

    A. From DC1, restart the Netlogon service.

    B. From DC2, run nltest.exe /sync.

    C. From DC1, run ipconfig /flushdns.

    D. From DO, run repadmin /syncall.

    E. From DC2, run ipconfig /registerdns.

    F. From DC2, restart the Netlogon service.
    D. From DO, run repadmin /syncall.

    E. From DC2, run ipconfig /registerdns.


  6. The servers have theHyper-V server role installed. A certification authority (CA) is available on the network. A virtualmachine named vml.contoso.com is replicated from Server1 to Server2. A virtual machine namedvm2.contoso.com is replicated from Server2 to Server1. You need to configure Hyper-V toencrypt the replication of the virtual machines. Which common name should you use for the certificates on each server?

  7. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a file server role named FS1 and a generic service role named SVC1. Server1 is the preferred node for FS1. Server2 is the preferred node forSVC1.

    You plan to run a disk maintenance tool on the physical disk used by FS1.

    You need to ensure that running the disk maintenance tool does not cause a failover to occur. What should you do before you run the tool?

    A. Run cluster.exe and specify the pause parameter.

    B. Run cluster.exe and specify the offline parameter.

    C. Run Suspend-ClusterResource

    D. Run Suspend-ClusterNode.
    A. Run cluster.exe and specify the pause parameter.
  8. Your network contains an Active Directory domain named contoso.com. The domain contains aserver named Server1 that runs Windows Server 2012 R2. Server1 is an enterprise rootcertification authority (CA) for contoso.com. Your user account is assigned the certificate manager role and the auditor role on the contoso.com CA. Your account is a member of the localAdministrators group on Server1. You enable CA role separation on Server1.

    You need to ensure that you can manage the certificates on the CA. What should you do?

    A. Remove your user account from the local Administrators group.

    B. Assign the CA administrator role to your user account.

    C. Assign your user account the Bypass traverse checking user right.

    D. Remove your user account from the Manage auditing and security log user right.
    D. Remove your user account from the Manage auditing and security log user right.
  9. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.

    An administrator installs the IP Address Management (IPAM) Server feature on a serve rnamed Server2. The administrator configures IPAM by using Group Policy based provisioning and starts server discovery.

    You plan to create Group Policies for IPAM provisioning.

    You need to identify which Group Policy object (GPO) name prefix must be used for IPAM Group Policies.

    What should you do on Server2?

    A. From Server Manager, review the IPAM overview.

    B. Run the ipamgc.exe tool.

    C. From Task Scheduler, review the IPAM tasks.

    D. Run the Get-IpamConfiguration cmdlet

    .
    A. From Server Manager, review the IPAM overview.
  10. You are employed as a network administrator at consoto.com. Contoso.com has in an ActiveDirectory domain named contoso.com. All Servers on the contoso.com network have WindowsServer 2012 R2 installed. A contoso.com server, named Server1, hosts the Active DirectoryCertificate Services Server role and utilizes a hardware security module (HSM) to safeguard its private key.

    You have been instructed to backup the Active Directory Certificate Services (ADCS)database, log files, and private key regularly. You should not use a utility supplied by the hardware security module (HSM) creator.

    Which of the following actions should you take?

    A. You should consider scheduling an incremental backup.

    B. You Should consider making use of the certutil.exe command.

    C. You should consider scheduling a differential backup.

    D. You should consider schedulling a copy backup.
    B. You Should consider making use of the certutil.exe command.
  11. You are employed as a senior network administrator at contoso.com contoso.com has an active directory domain named contoso.com. All servers on the contoso.com network have WindowsServer 2012 R2 installed. You are currently running a training exercise for junior network administrators.

    You are discussing the DNSSEC NRPT rule properly.

    Which of the following describes the purpose of this rule property?

    A. It is used to indicate the namespace to which the policy App1ies.

    B. It is used to indicate whether the DNS client should check for DNSSEC validation in the response.

    C. It is used to indicate DNSSEC must be used to protect DNS traffic for queries belonging to the namespace.

    D. It is used to indicate whether DNS connections over DNSSEC will use encryption.
    B. It is used to indicate whether the DNS client should check for DNSSEC validation in theresponse.
  12. All servers on the contoso.com network have WindowsServer 2012 R2 installed. Contoso.com has a server named server1, which is configured as a fileserver.

    You have been instructed to enable a feature that discovers and eradicates duplication within data without compromising its reliability or accuracy.

    Which of the following actions should you take?

    A. You should consider having the Data Deduplication feature enabled.

    B. You should consider having the Storage Spaces feature enabled.

    C. You should consider having the Storage Management feature enabled.

    D. You should consider having the folder redirection feature enabled.
    A. You should consider having the Data Deduplication feature enabled.
  13. You are currently configuration the quorum settings for the cluster.

    You want to make use of a quorum mode that allows each node to vote if it is available and in communication.

    Which of the following is the mode you should use?

    A. Node Majority

    B. Node and Disk Majority

    C. Node and File Share Majority

    D. No Majority: Disk Only
    A. Node Majority
  14. You find that the App1ication is unable to install completely due to its driver not being digitally signed.

    You want to make sure that the App1ication can be installed successfully. Which of the following actions should you take?

    A. You should consider downloading a signed driver.

    B. You should consider having SERVER1 is restored to an earlier date.

    C. You should consider making use of the Disable Driver Signature Enforcement option from the Advanced Boot Option.

    D. You should consider restarting SERVER1 in safe Mode.
    C. You should consider making use of the Disable Driver Signature Enforcement option from the Advanced Boot Option.
  15. You are running a training exercise for junior network administrator. You are currently discussing the Dnslint.exe tool. Which of the following should this tool be used for?

    (Choose all that App1y)

    A. To help diagnose common DNS name resolution issues.

    B. For developing scripts for configuring a DNS server.

    C. To administer the DNS server Service.

    D. To look for specific DNS record set and sure that they are consistent across multiple DNSservers.

    E. To verify that DNS records used specifially for Active Directory replication are correct.

    F. To Create and delete zones and resource records.
    A. To help diagnose common DNS name resolution issues.

    D. To look for specific DNS record set and sure that they are consistent across multiple DNSservers.

    E. To verify that DNS records used specifially for Active Directory replication are correct.
  16. Contoso.com has a server, named SERVER1, which has the AD DS, DHCP and DNS server roles installed. Contoso.com also has a server named SERVER2, which has the DHCP and Remote Access Server Role installed.

    You have configured SERVER3, which has the File and Storage Services Server role installed to automatically acquire an IP address.

    You then create a filter on SERVER1. Which of the following is a reason for this configuration?

    A. To make sure that SERVER1 issues Server3 an IP address.

    B. To make sure that SERVER1 does not issue SERVER3 an IP address.

    C. To make sure that SERVER3 acquires a constant IP address from SERVER2 only.

    D. To make sure that SERVER3 is configured with a static IP address.
    B. To make sure that SERVER1 does not issue SERVER3 an IP address.
  17. The ABC.com domain has an Active Directory site configured in London, and an Active Directory site in New York.

    You have been instructed to make sure that the synchronization of account lockout data happens quicker.

    A. You should consider editing the options attribute from WANLINK properties.

    B. You should consider editing the options attribute from LANLIK properties.

    C. You should consider editing the options attribute from the DEFAULTSITE1INK properties.

    D. You should consider editing the proxyAddressess attribute from the DEFAULTIPSITE1INKproperties.
    C. You should consider editing the options attribute from the DEFAULTSITE1INK properties.
  18. ABC.com has two servers, named SERVER1 and SERVER2 which are configuredin a two-node failover cluster. Server1 includes a folder, named ABCAppData, which is configuredas a Distributed File System (DFS) name space folder target. After configuring another two nodes in the failover cluster, you are instructed to make sure that access to ABCAppData is highly available.

    You also have to make sure that App1ication data is replicated to ABCAppData via DFSreplication. Which following actions should you take?

    A. You should consider configuring a scale-out File Server.

    B. You should consider configuring the replication settings for the cluster.

    C. You should consider configuring a file server for general use.

    D. You should consider configuring the Quorum settings.
    A. You should consider configuring a scale-out File Server.
  19. The domain contains a domain controller named DC1 that is configured as anenterprise root certification authority (CA). All users in the domain are issued a smart card andare required to log on to their domain joined client computer by using their smart card. A usernamed User1 resigned and started to work for a competing company.

    You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain.

    Which tool should you use?

    A. Active Directory Administrative Center

    B. Active Directory Sites and Services

    C. Active Directory Users and Computers

    D. the Certification Authority console

    E. the Certificates snap-in

    F. Certificate Templates

    G. Server Manager

    H. the Security Configuration Wizard
    A. Active Directory Administrative Center

    C. Active Directory Users and Computers

    D. the Certification Authority console
  20. You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target. VirtuahSCSI1.vhd is removed from LON-DC1.

    You need to assign VirtualiSCSI2.vhd a logical unit value of 0.

    What should you do?

    A. Run the Set-IscsiVirtualDisk cmdlet and specify the -DevicePath parameter.

    B. Run the iscsicpl command and specify the virtualdisklun parameter.

    C. Modify the properties of the itgt ISCSI target.

    D. Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter.
    D. Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter.
  21. Your network contains three servers named Server1, Server2, and Server3. All servers runWindows Server 2012 R2.

    You need to ensure that Server1 can provide iSCSI storage for Server2and Server3. What should you do on Server1?

    A. Start the Microsoft iSCSI Initiator Service and configure the iSCSI Initiator Properties.

    B. Install the iSNS Server service feature and create a Discovery Domain.

    C. Install the Multipath I/O (MPIO) feature and configure the MPIO Properties.

    D. Install the iSCSI Target Server role service and configure iSCSI targets.
    D. Install the iSCSI Target Server role service and configure iSCSI targets.
  22. Server1 and Server2 are nodes in a failover cluster named Cluster1. The network contains two servers named Server3 and Server4 that run Windows Server 2012 R2. Server3 and Server4 are nodes in a failover cluster named Cluster2.

    You need to move all of the App1ications and the services from Cluster1 to Cluster2. What should you do first from Failover Cluster Manager?

    A. On a server in Cluster2, configure Cluster-Aware Updating.

    B. On a server in Cluster2, click Move Core Cluster Resources, and then click Best Possible Node.

    C. On a server in Cluster1, click Move Core Cluster Resources, and then click Best Possible Node.

    D. On a server in Cluster1, click Migrate Roles.
    B. On a server in Cluster2, click Move Core Cluster Resources, and then click Best Possible Node.

    (were moving stuf to cluster 2)
  23. You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 contains avirtual machine named VM1 that runs Windows Server 2012 R2.

    You fail to start VM1 and you suspect that the boot files on VM1 are corrupt. On Server1, you attach the virtual hard disk (VHD)of VM1 and you assign the VHD a drive letter of F.

    You need to repair the corrupt boot files onVM1. What should you run?

    A. bootrec.exe /rebuildbcd

    B. bootrec.exe /scanos

    C. bcdboot.exe f:\windows /s c:

    D. bcdboot.exe c:\windows /s f:
    D. bcdboot.exe c:\windows /s f:

    Because we assigned the drive letter
  24. You need to assign a user named User1 permission to add and delete records from thecontoso.com zone only. What should you do first?


    A. Enable the Advanced view from DNS Manager.

    B. Add User1 to the DnsUpdateProxy group.

    C. Run the New Delegation Wizard.

    D. Configure the zone to be Active Directory-integrated.
    D. Configure the zone to be Active Directory-integrated.
  25. HV1 hosts 25 virtual machines. The virtual machine configuration files and the virtual hard disks are stored in D:\VM. You shut down all of the virtual machines on HV1. You copy D:\VM to D:\VM on HV2.

    You need to start all of the virtual machines on HV2. You want to achieve this goal by using the minimum amount of administrative effort.What should you do?

    A. Run the Import-VMInitialReplication cmdlet.

    B. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and overwritethe existing files. On HV2, run the Import Virtual Machine wizard.

    C. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and overwritethe existing files. On HV2, run the New Virtual Machine wizard.

    D. Run the Import-VM cmdlet.
    D. Run the Import-VM cmdlet.
  26. Your company recently deployed a new Active Directory forest named contoso.com. The firstdomain controller in the forest runs Windows Server 2012 R2.

    You need to identify the time-to-live (TTL) value for domain referrals to the NETLOGON and SYSVOL shared folders.

    Which tool should you use?

    A. Ultrasound

    B. Replmon

    C. Dfsdiag

    D. Frsutil
    C. Dfsdiag
  27. Server1 hasMicrosoft SQL Server 2012 installed.

    You install the Active Directory Federation Services server role on Server2. You need to configure Server2 as the first Active Directory Federation Services(AD FS) server in the domain.

    The solution must ensure that the AD FS database is stored in a SQLServer database on Server1.

    What should you do on Server2?

    A. From the AD FS console, run the AD FS Federation Server Configuration Wizard and select theStand-alone federation server option.

    B. From Server Manager, install the Federation Service Proxy.

    C. From Windows PowerShell, run Install-ADFSFarm.

    D. From Server Manager, install the AD FS Web Agents.
    A. From the AD FS console, run the AD FS Federation Server Configuration Wizard and select theStand-alone federation server option.
  28. Server1 has an enterprise rootcertification authority (CA) for contoso.com. You deploy another member server named Server2that runs Windows Server 2012 R2 and has the Web Server (IIS) server role installed.

    You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point for the CA.

    The solution must ensure that CRLs are published automatically to Server2.

    Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

    A. Create an http:// CRL distribution point (CDP) entry.

    B. Configure a CA exit module.

    C. Create a file:// CRL distribution point (CDP) entry

    D. Configure an enrollment agent.E. Configure a CA policy module.
    A. Create an http:// CRL distribution point (CDP) entry.

    • E. Configure a CA policy module.
    • http, policy
  29. Your network contains an Active Directory domain named adatum.com. You create a new GroupPolicy object (GPO) named GPO1.

    You need to verify that GPO1 was replicated to all of the domain controllers. Which tool should you use?

    A. Gpupdate

    B. Gpresult

    C. Group Policy Management

    D. Active Directory Sites and Services
    C. Group Policy Management
  30. Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. TheNLB cluster contains an App1ication named App1 that is accessed by using the URLhttp://app1.contoso.com.

    You plan to perform maintenance on Server1. You need to ensure thatall new connections to App1 are directed to Server2.

    The solution must not disconnect the existing connections to Server1. What should you run?

    A. The Set-NlbCluster cmdlet.

    B. The Set-NlbClusterNode cmdlet.

    C. The Stop-NlbCluster cmdlet.

    D. The Stop-NlbClusterNode cmdlet.
    B. The Set-NlbClusterNode cmdlet.
  31. The network contains the following shared folders:

     An SMB file share named Share1 that is hosted on a Scale-Out File Server.

     An SMB file share named Share2 that is hosted on a standalone file server

    . An NFS share named Share3 that is hosted on a standalone file server.

    You need to ensure that both virtual machines can use App1data.vhdx simultaneously.

    Whatshould you do?


  32. You install an Active DirectoryRights Management Services (AD RMS) cluster in each child domain.

    You discover that all of theusers in the contoso.com forest are directed to the AD RMS cluster in east.contoso.com.

    Youneed to ensure that the users in west.contoso.com are directed to the AD RMS cluster inwest.contoso.com and that the users in east.contoso.com are directed to the AD RMS cluster ineast.contoso.com. What should you do?

    A. Modify the Service Connection Point (SCP).

    B. Configure the Group Policy object (GPO) settings of the users in the west.contoso.comdomain.

    C. Configure the Group Policy object (GPO) settings of the users in the east.contoso.com domain.

    D. Modify the properties of the AD RMS cluster in west.contoso.com.
    B. Configure the Group Policy object (GPO) settings of the users in the west.contoso.comdomain.


  33. You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear. What should you do?

    A. Install the Active Directory Certificate Services (AD CS) tools.

    B. Run the regsvr32.exe command.

    C. Modify the PATH system variable.

    D. Configure the Active Directory Certificate Services server role from Server Manager.
  34. D. Configure the Active Directory Certificate Services server role from Server Manager.
  35. You complete the Active Directory FederationServices Configuration Wizard on Server1. You need to ensure that client devices on the internalnetwork can use Workplace Join. Which two actions should you perform on Server1? (Eachcorrect answer presents part of the solution. Choose two.)

    A. Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.

    B. Edit the multi-factor authentication global authentication policy settings.

    C. Run Enable-AdfsDeviceRegistration.

    D. Run Set-AdfsProxyProperties HttpPort 80.

    E. Edit the primary authentication global authentication policy settings.
    A. Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.

    B. Edit the multi-factor authentication global authentication policy settings.
  36. You need to ensure thatthird-party devices can use Workplace Join to access domain resources on the Internet. Whichfour actions should you perform in sequence?



  37. You have a virtual machine named VM1 that runs on a host named Host1. You configure VM1 toreplicate to another host named Host2. Host2 is located in the same physical location as Host1.You need to add an additional replica of VM1. The replica will be located in a different physicalsite. What should you do?

    A. From VM1 on Host2, click Extend Replication.

    B. On Host1, configure the Hyper-V settings.

    C. From VM1 on Host1, click Extend Replication.

    D. On Host2, configure the Hyper-V settings
    .
    A. From VM1 on Host2, click Extend Replication.

    host 2
  38. need to configure the scope to be load-balanced across Server1 and Server2. What WindowsPowerShell cmdlet should you run on Server1?

What would you like to do?

Home > Flashcards > Print Preview