1 You are in the process of designing a new Active Directory implementation for your organization. Two different departments in your organization will be adopting applications that have separate and mutually exclusive Active Directory schema requirements. Which of the following Active Directory structures should you use in your design to accommodate these requirements?

3 You want to deploy several domain controllers running the Windows Server 2012 R2 operating system. You will eventually decommission existing domain controllers and bring he domain up to the Windows Server 2012 R2 domain functional level. What is the minimum domain functional level required to support the introduction of domain controllers running the Windows Server 2012 R2 operating system?

2 You are the systems administrator for Tailspin Toys and its subsidiary company Wingtip Toys. You are in the process of designing a new Active Directory structure. You’ve been asked to ensure that employees who work in the Tailspin Toys part of the organization log into a domain named tailspintoys.com and that employees who work in the Wingtip Toys part of the organization log into a domain named wingtiptoys.com. You want to do this in the simplest way possible and minimize the creation of trust relationships. Which of the following Active Directory structures should you use in your design to accommodate these requirements?

4 At which forest functional levels is the Active Directory Recycle Bin available? (Choose all that apply.)

5 You have a 30-domain Active Directory forest that has contoso.com as its root domain. This forest has five separate domain trees. Users in the Melbourne.australia.pacific.contoso.com domain report that there are substantial authentication delays when they try to access resources in the Auckland.newzealand.adatum.com domain. Both domains are located in the same forest. Which of the following trust types would you configure to resolve this problem?

6 You are a systems administrator at a local university. The university has a deployment of Linux servers and workstations that are members of a Kerberos V5 realm. You want to allow users of the Linux workstations to have access to several file shares hosted in one of your organization’s Active Directory domains. Which of the following trust types would you implement to accomplish this goal?

7 Your organization recently acquired a subsidiary company. Your organization currently has a 10-domain Active Directory forest running at the Windows Server 2012 R2 functional level. The subsidiary company has a five-domain Active Directory forest running at the Windows Server 2008 functional level. The subsidiary company has implemented a number of schema modifications to support a custom application. You want to allow users in the subsidiary company to be able to access resources hosted in your organization’s forest. Users in your organization’s forest should also be able to access resources in the subsidiary company’s forest. Which of the following trust relationships should you configure to accomplish this goal?

8 You are the senior systems administrator of the contoso.com forest. Users in the australia.pacific.contoso.com domain need access to resources hosted in one domain of a partner organization’s Active Directory forest. These users shouldn’t have access to any other domain in the partner organization’s forest. Users from other domains in your organization’s forest should also not have access to resources in the partner organization’s forest. Which of the following trust types would you configure in this scenario?

9 You want to manually register a specific domain controller’s SRV records. Which service should you restart to accomplish this goal?

10 You installed two domain controllers at a new branch office site before you created the appropriate objects using the Active Directory Sites and Services console. You have since created the appropriate subnet and site objects. Which of the following Windows PowerShell cmdlets could you use to move these domain controllers to the newly created appropriate site?

11 Your organization has just opened a new branch office in the city of Hobart. You have assigned this branch office the IPv4 address range 10.100.10.0/24. Which of the following Windows PowerShell cmdlets would you use to add this IPv4 address range to Active Directory so that it is used when determining replication topology?

12 Your organization has just opened a new branch office in the city of Hobart. You have used the Active Directory Sites and Services console to enter the IP address range used at the site into Active Directory. You now want to create an Active Directory site called HBA-SITE and to associate it with this IP address range. Which of the following Windows PowerShell cmdlets could you use to accomplish this goal?

13 Your organization has just opened a new branch office in the city of Hobart. You want to associate the newly created HBA-SITE site with the SYD-SITE site as these two sites are connected to each other by a high-speed broadband link. Which of the following Windows PowerShell cmdlets could you use to accomplish this goal?

14 As a part of a security audit, you are attempting to verify which user accounts have replicated to the RODC named ADL-RO DC. This RODC is running on the server core version of Windows Server 2012 R2. Which of the following commands could you use to accomplish this goal?

15 You have just substantially changed the structure of your organization’s WAN links. You want to trigger an update on SYD-DC of the inbound replication topology. Which of the following commands could you use to accomplish this goal?

16 You are in the process of diagnosing replication problems to a DC named CBR-DC, which is located in your organization’s Canberra branch office. You want to view information about the failure and success percentages of both inbound and outbound replication operations. Which of the following commands could you use to accomplish this goal?

17 You want to force the domain controller MEL-DC to immediately perform synchronization with all its replication partners. Which of the following commands would you use to accomplish this goal?

18 You are attempting to diagnose some replication problems with the domain controller BNE-DC. You want to show status information on this domain controller’s most recent attempts to perform inbound replication. Which of the following commands would you use to accomplish this goal?

19 Up until last night, the Perth site has had an RODC that was kept in a locked cupboard. This RODC was used to authenticate computer and user accounts in the Perth site. In the early hours of the morning, the Perth site was robbed and the RODC was stolen. As a part of your response to this incident, you are in the process of deleting the computer account of the Perth site RODC. Which of the following steps might you need to take after removing this account? (Choose all that apply.)

20 What is the minimum domain functional level required before you can update SYSVOL replication to use DFS instead of FRS?

21 You have recently transitioned from a Windows Server 2003 domain functional level to a Windows Server 2012 R2 domain functional level. Which of the following utilities would you use to determine whether FRS or DFS is being used to support SYSVOL replication?

22 The contoso.com zone hosts DNS records that map FQDNs of hosts in the zone to their IPv6 addresses. You have configured a GlobalNames zone and want to allow single-label name resolution of the name WSUS to the appropriate IPv6 address. Which type of record should you create in the GlobalNames zone to accomplish this goal?

23 You have deployed WSUS servers to each of your organization’s branch offices. Each branch office is located on its own subnet. You have created DNS records that use the same name, wsus.contoso.com, for each of the WSUS servers in these different branch offices. You want to ensure that when a client makes a name request for the record wsus.contoso.com, the DNS server returns the record that corresponds to an IP address on the client’s local subnet. Which of the following DNS options do you configure to accomplish this goal?

24 The DNS server that hosts your organization’s external address space is under attack from nefarious third parties who are slowing it down by constantly launching DNS queries against the server for hosts in zones not hosted on the server. The DNS server should only return data for zones that it hosts directly. Which of the following settings should you configure to stop it responding to queries for hostnames located in zones that it does not host?

25 You want to ensure that a record stored in the DNS server’s cache cannot be overwritten until 90 percent of its TTL period has expired. Which of the following DNS server settings would you configure to accomplish this goal?

26 You want to increase the number of ports available that can be used when the DNS server makes a query. Which of the following DNS server settings should you configure to accomplish this goal?

27 Your organization has two DHCP servers at its central site. The first one is hosted on a computer running the Windows Server 2012 operating system. The second DHCP server is hosted on a computer running the Windows Server 2008 R2 operating system. You want to make a DHCP scope highly available so that clients can still obtain address leases if one of these DHCP servers fail. Which of the following strategies should you implement to accomplish this goal?

28 Your organization has two DHCP servers at its central site. Both DHCP servers are running on the Windows Server 2012 operating system. One DHCP server also hosts the company’s intranet site. You want to configure DHCP so that one DHCP server handles the majority of the organization’s DHCP traffic and the other DHCP server, installed on the server that hosts the intranet site, only leases addresses if the first one becomes unavailable. The second DHCP server should be able to lease addresses from the entire scope until such time as the first DHCP server is returned to service. Which of the following strategies should you implement to accomplish this goal?

29 You are about to add a large number of users and computers to one of the existing buildings at your company. Unfortunately the existing DHCP scope used at this building is close to exhaustion. You want to configure DHCP so that clients on this physical network can be leased addresses from either the original or an additional address range, but allow these ranges to be administered as a single combined entity. Which of the following strategies should you implement to accomplish this goal?

30 Your organization’s head office has two DHCP servers that are hosted on computers running the Windows Server 2012 operating system. You want to configure these DHCP servers so that they share scopes and respond to client requests in a load-balanced manner. In the event that one server fails, the other server should be able to lease addresses from the entirety of any scope that it hosts after the partner server has been unavailable for a preconfigured amount of time. Which of the following strategies should you implement to accomplish this goal?

31 You need to give a user the ability to view IP address tracking information stored in your organization’s IPAM server without adding him or her to the IPAM Administrators group. To which of the following IPAM-related security groups could you add this user to grant this privilege?

32 You need to give a user the ability to manage the IP Address Space on an IPAM server without adding the user to the IPAM Administrators group. To which of the following IPAM-related security groups could you add this user to grant this privilege?

33 You want to use IPAM’s IP address tracking feature to determine which IP addresses a computer with a specific MAC address was assigned by your organization’s DHCP servers during a particular week. Which of the following categories should you search on to accomplish this goal?

34 You are in the process of configuring IPAM. You have run the discovery process and discovered three servers that host the DHCP server role. The server’s IPAM Access Status is listed in the IPAM Server Inventory as Blocked. Which of the following steps should you take so that this status changes to unblocked? (Choose two.)

35 You want to deploy an offline CA as the apex of your organization’s certificate services hierarchy. You should only bring this CA online to sign the certificates of subordinate CAs. Which of the following solutions should you implement to accomplish this goal?

36 You have deployed a standalone computer running Windows Server 2012 R2 to Windows Azure. You want to use this computer to provide certificates to partner organizations without having the certificate authority joined to your organization’s Active Directory domain. Which of the following CA types could you deploy in this scenario? (Choose all that apply.)

37 You want to minimize the amount of network traffic caused by clients accessing the CRL of your organization’s CA. Which of the following role services could you install to accomplish this goal?

38 You want to allow computers running third-party operating systems to be able to obtain certificates by accessing a web page and submitting a certificate request. Which of the following role services could you install to accomplish this goal?

39 You are in the process of deploying authenticating switches in your organization. You need to provision these switches with certificates. Which of the following role services should you install to support this type of certificate deployment?

40 You are in the process of configuring the permissions on a specific issuing CA. To improve security, you want to limit which users are able to obtain certificates from the CA. Which of the following permissions would you assign to accomplish this goal?

41 You want to delegate the ability to issue and revoke certificates from a specific certificate server to a specific group of users without giving them permission to modify certificate server settings. Which of the following permissions would you assign to accomplish this goal?

42 You want to delegate the ability to manage a specific certificate server to a certain group of users. Which of the following permissions would you assign to accomplish this goal?

43 You want to allow specific users the ability to recover private keys, such as those used for encryption. Which certificate template can you use to issue keys to these users so that they can recover private keys from the certificate services database?

44 You want to ensure that clients will always recognize that a certificate has been revoked within 30 minutes of an administrator performing the revocation. Which of the following settings must you configure to accomplish this goal?

45 You want to configure a certificate so that users are automatically in the certificate. Which of the following steps do you need to take to accomplish this goal? (Choose all that apply.)

46 On Monday morning, Don rings you and tells you that he doesn’t have his smart card and might have lost it at the coffee shop, but he suspects that he might have left it at home. He’s travelling interstate today and won’t get home until Friday. He won’t know until then if it is lost or sitting on the kitchen table at home. Policy dictates that you should revoke his smart card certificate. Which of the following reasons should you specify when revoking his certificate to minimize the effort required if the smart card is found at home on Friday?

47 . You have located Trojan software that allows remote access to a standalone certificate server located on your organization’s perimeter network. The CA certificate for the perimeter network CA was issued from your organization’s enterprise root CA. You are in the process of revoking the CA certificate of the perimeter network CA. Which of the following reasons should you use when revoking this certificate?

48 . You have just modified an existing template so that it supports key recovery. The CA already supports key recovery. A large number of users are enrolled in certificates issued based on the template prior to you making this modification. How can you ensure that it will be possible to recover the private keys of these users?

49 . Which of the following utilities can you use to create a System State backup on a computer running the Windows Server 2012 R2 operating system? (Choose all that apply.)

50 You want to delete two volume shadow copy snapshots that reside on a server that you are responsible for managing. Which of the following tools could you use to accomplish this goal?

51 You need to configure two standalone non-domain-joined computers running the Server Core version of Windows Server 2012 R2 so that they are able to perform regular full server backups to a special internal hard disk drive. Which of the following tools could you use to accomplish this goal?

52 You need to perform regular scheduled backups to an off-site location as a way of ensuring business continuity in the event that all servers in a particular site are lost in a natural or other type of disaster. Which of the following tools could you use to accomplish this goal?

53 Which of the following tools could you use to perform a bare metal recovery?

54 You are experiencing problems with a computer running Windows Server 2012 R2. You want to boot up the computer, but only load the minimum necessary drivers and start the minimum necessary services. Which of the following strategies should you pursue?

55 Which of the following can you back up and restore from Windows Azure Backup?

56 . Which of the following steps must you take after restoring the System State data on a computer running Windows Server 2012 R2?

57 You want to provide access to shared files for a collection of computers that run the Linux operating system. Which of the following features or roles would you deploy to accomplish this goal?

58 . You want to allow clients in a remote branch office to cache content from a file server in the local office. The file server is running the Windows Server 2012 R2 operating system and the appropriate Group Policy settings have been applied. Which role must you install on the file server in the local file server to accomplish this goal?

59 Your organization is working on a secret project named Jupiter. You want to have all Microsoft Word files that contain the word Jupiter that are stored on a sensitive file share marked automatically by File Server Resource Manager. Which of the following technologies should you configure to accomplish this goal?

60 You want to block users in your organization from storing audio and video files to a specific file share. Which of the following technologies should you configure to accomplish this goal?

61 . You want to track which users are accessing files located on a sensitive share. Which of the following technologies should you configure to accomplish this goal?

62 You want to deploy a server that stores centralized information about the iSCSI initiators and iSCSI targets in your organization. Which of the following roles or features would you install to accomplish this goal?

63 You want to configure a computer running the Windows Server 2012 R2 operating system so that it can host virtual hard disks that can be accessed by other servers through the iSCSI protocol. Which of the following roles or features would you install to accomplish this goal?

64 Which of the following Windows PowerShell commands could you use to remove the payload data for all roles and features not currently installed on a computer running Windows Server 2012 R2?

65 You want to provide server SYD-B with storage through the iSCSI protocol. This storage will be hosted on SYD-A. Which of the following should you configure to accomplish this goal? (Choose two. Each answer forms part of a complete solution.)

66 In which of the following scenarios would you use a witness disk with a failover cluster? (Choose all that apply.)

67 With which of the following cluster configurations would you use a node majority quorum model? (Choose all that apply.)

68 You have a two-node Windows Server 2012 R2 cluster. The cluster must remain operational if only the witness fails. Which of the following quorum modes could you use with this cluster? (Choose all that apply.)

69 You want to ensure that a highly available file server returns to node MEL-FS1 in the event that failover occurs and then MEL-FS1 returns to normal operation. What steps would you take to accomplish this goal? (Choose two, each answer forms part of a complete solution.)

70 Which of the following technologies can you use to manage the process of applying software updates to a four-node failover cluster so that nodes are placed into maintenance mode automatically, updated, and returned to service without disrupting client access to applications hosted on those nodes?

71 You need to apply a critical software update to each node in a six-node NLB cluster that hosts a web application. The critical software update requires each node in the NLB cluster to be restarted. You want to deal with each node in sequence, stopping new sessions from being established and to allow existing sessions to complete before applying the update and restarting each node. Which of the following commands should you apply to each node?

72 You are configuring a port rule for a Windows Network Load Balancing Cluster. You want to ensure that after a client starts a session with a host, all subsequent traffic in that session is directed to that host. Which of the following filtering modes and affinities should you configure to accomplish this goal?

73 You are configuring a port rule for a Windows NLB cluster. You want to ensure that traffic on a specific port is automatically dropped. Which of the following filtering and affinity options should you configure to accomplish this goal?

74 You want to ensure that all TCP traffic on port 25 goes to one host in an eight-node NLB cluster. TCP traffic on port 80 should be shared by all hosts. Which of the following filtering and affinity options should you configure for the rule that deals with TCP traffic on port 25?

75 You are configuring NLB clusters that will be hosted as virtual machines on a Hyper-V server. The NLB cluster and the cluster hosts will be managed from computers running Windows 8 on a separate TCP/IP subnet. For which of the following configurations must you select a multicast mode for the cluster operations mode? (Choose all that apply.)

76 You have three running virtual machines that are hosted on your Windows Server 2012 R2 Hyper-V server’s C: volume. You want to move these three running virtual machines to another storage location without shutting them down. Assuming enough space is available, which of the following volumes could you use as a destination when performing storage migration? (Choose all that apply.)

77 You have an existing virtual machine named SYD-DB-VM that is hosted through Hyper-V on a computer running the Windows Server 2012 R2 operating system named SYD-HV-1. You want to create a duplicate SYD-DB-VM named SYD-DB-VM-A and also have it hosted on SYD-HV-1. Which of the following steps should you take to accomplish this goal? (Choose two, each answer forms part of a complete solution.)

78 You are going to use Kerberos as an authentication protocol for live migration. You are configuring delegation for the computer accounts of the Hyper-V hosts that will host the virtual machines that will participate in the live migration process. Which of the following services must you configure delegation for if you want to support moving virtual machine storage and the virtual machines? (Choose all that apply.)

79 You are configuring a four-node Hyper-V failover cluster. You want to be able to move running Hyper-V virtual machines between any of the nodes as necessary. Which of the following storage devices should you select when configuring the virtual machines that will be hosted on this cluster? (Choose all that apply.)

80 You want to perform a planned failover of a virtual machine that is configured to replicate to another Hyper-V server through Hyper-V Replica. Which of the following steps should you take prior to performing the failover?

81 You are planning the deployment of a cluster that should keep functioning in the event that a site is lost. Your organization has three sites. Each site has a connection to the other two sites. The cluster will have six nodes. Which of the following strategies should you implement to ensure that the cluster will remain operational in the event that an entire site becomes unavailable? (Choose two. Each answer forms part of a complete solution.)

82 Which of the following predefined firewall rules would you enable if you were configuring Hyper-V Replica and using Kerberos authentication?

83 Which of the following predefined firewall rules would you enable if you were configuring Hyper-V Replica and using certificate-based authentication?

84 You want to ensure that you are able to configure access to specific files for users that are full-time employees. Which of the following should you configure to extract this information from the user account’s Active Directory attribute?

85 You want to apply a set of permissions to the Hovercraft_Project group based on user attributes and the properties of the file. Which of the following would you configure to accomplish this goal?

86 You want to create access rules based on the Confidentiality property of a file. Which of the following do you need to enable so that you can use file confidentiality information in a rule?

87 You want to publish a collection of central access rules to all of the file servers in your domain. Which of the following should you configure to accomplish this goal?

88 You want a co-worker to be able to recover data from AD RMS–protected documents where the AD RMS template settings have caused that content to expire. To which of the following groups should you add your co-worker’s account?

89 You want to allow the AD RMS cluster in the Adatum forest to be able to manage requests for CLCs for users that have been issued RACs from the AD RMS cluster in the Contoso forest. Which of the following should you configure to accomplish this goal?

90 You want to automatically apply an AD RMS template named Submarine_Protection to all documents on a file share that contain the word “Submarine.” Which of the following should you configure to accomplish this goal?

91 You want to allow the AD RMS cluster in the Adatum forest to issue license terms to content published with licenses issued by an AD RMS cluster in the Contoso forest. Which of the following should you configure to accomplish this goal?

92 The Contoso forest hosts a web application that users in Adatum forest want to access. You are one of the systems administrators at Adatum and you are in the process of configuring a federated trust to allow this to occur. A single AD FS server is deployed in each forest. Which of the following statements about this deployment would be true if a solution providing this access through AD FS was implemented? (Choose two.)

93 The Contoso forest hosts a web application that users in Adatum forest want to access. You are one of the systems administrators at Contoso and you are in the process of configuring a federated trust to allow this to occur. A single AD FS server is deployed in each forest. Which of the following statements about this deployment would be true if a solution providing this access through AD FS was implemented? (Choose two.)

94 You are in the process of configuring certificate trusts. You want to ensure that the current and future certificates issued to the Contoso AD FS server by the Contoso CA are trusted by the Adatum AD FS server. You do this by configuring the appropriate certificate to the Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\Trusted Root Certification Authorities node of the Default Domain Policy in the Adatum domain. Both Adatum and Contoso have a single enterprise root CA. Which of these certificates should you add to this GPO?