Question 1
Question
Your network contains an Active Directory domain named contoso.com. The domain contains two servers
named Server1 and Server2. Both servers run Windows Server 2012. Both servers have the File and
Storage Services server role, the DFS Namespace role service, and the DFS Replication role service
installed.
Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1
and Server2 are connected by using a high-speed LAN connection.
You need to minimize the amount of processor resources consumed by DFS Replication.
What should you do?
Answer
-
Reduce the bandwidth usage.
-
Disable Remote Differential Compression (RDC).
-
Modify the staging quota.
-
Modify the replication schedule.
Question 2
Question
Your domain has contains a Windows 8 computer name Computer1 using BitLocker. The E:\ drive is
encrypted and currently locked.
You need to unlock the E:\ drive with the recovery key stored on C:\
What should you run?
Question 3
Question
Your network contains four Network Policy Server (NPS) servers named Server1, Server2, Server3, and
Server4.
Server1 is configured as a RADIUS proxy that forwards connection request to a remote RADIUS server
group named Group1.
You need to ensure that Server2 and Server3 receive connection requests. Server4 must only receive
connection requests if both Server2 and Server3 are unavailable.
How should you configrure Group1?
Answer
-
Change the Weight of Server2 and Server3 to 10
-
Change the Weight of Server4 to 10
-
Change the Priority of Server2 and Server3 to 10
-
Change the Priority of Server4 to 10
Question 4
Question
Your network contains an Active Directory domain named contoso.com. The domain contains a RADIUS
server named Server1 that runs Windows Server 2012.
You add a VPN server named Server2 to the network.
On Server1, you create several network policies.
You need to configure Server1 to accept authentication requests from Server2.
Which tool should you use on Server1?
Answer
-
A. Connection Manager Administration Kit (CMAK).
-
B. Routing and Remote Access
-
C. Network Policy Server (NPS)
-
D. Set-RemoteAccessRadius
Question 5
Question
Force an authoritative and non-authoritative synchronization for FRS-Replicated SYSVOL
Answer
-
dfsgui.msc
-
ultrasound
-
rplmon
-
frsutil
Question 6
Question
how to give the minimum required permission to a user who wants to promote a RODC.
(Choose two)
Question 7
Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012.
A domain controller named DC1 has the ADMX Migrator tool installed. You have a custom Administrative
Template file on DC1 named Template1.adm.
You need to add a custom registry entry to Template1.adm by using the ADMX Migrator tool.
Which action should you run first?
Answer
-
New Category
-
Load Template
-
New Policy Setting
-
Generate ADMX from ADM
Question 8
Question
Your network contains an Active Directory domain named adatum.com.
You need to audit changes to the files in the SYSVOL shares on all of the domain controllers.
The solution must minimize the amount of SYSVOL replication traffic caused by the audit.
Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)
Answer
-
Audit Policy\Audit system events
-
Advanced Audit Policy Configuration\DS Access
-
Advanced Audit Policy Configuration\Global Object Access Auditing
-
Audit Policy\Audit object access
-
Audit Policy\Audit directory service access
-
Advanced Audit Policy Configuration\Object Access
Question 9
Question
Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named DC1 that runs Windows Server 2012.
You create an Active Directory snapshot of DC1 each day.
You need to view the contents of an Active Directory snapshot from two days ago.
What should you do first?
Answer
-
Run the dsamain.exe command.
-
Stop the Active Directory Domain Services (AD DS) service.
-
Run the ntdsutil.exe command.
-
Start the Volume Shadow Copy Service (VSS).
Question 10
Question
Your network contains an Active Directory domain named contoso.com. Domain controllers run either
Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012.
A support technician accidentally deletes a user account named User1.
You need to use tombstone reanimation to restore the User1 account.
Which tool should you use?
Question 11
Question
Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named DC4 that runs Windows Server 2012.
You create a DCCloneConfig.xml file.
You need to clone DC4.
Where should you place DCCloneConfig.xml on DC4?
Question 12
Question
Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named DC1. You run ntdsutil {as shown in the exhibit}.
You need to ensure that you can access the contents of the mounted snapshot.
What should you do?
Answer
-
From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds
\ntds.dit - Idapport 33389.
-
From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds
\ntds.dit - Idapport 389.
-
From the snapshot context of ntdsutil, run activate instance "NTDS".
-
From the snapshot context of ntdsutil, run mount (79f94f82-5926-4f44-8af0-2f56d827a57d).
Question 13
Question
Your network contains an Active Directory domain named contoso.com. You create a user account named
User1.
The properties of User1 are shown in the exhibit. (Click the Exhibit button.)
You plan to use the User1 account as a service account. The service will forward authentication requests to
other servers.
You need to ensure that you can view the Delegation tab from the properties of the User1 account.
What should you do first?
Answer
-
Modify the Security settings of User1.
-
Modify the user principal name (UPN) of User1.
-
Configure a Service Principal Name (SPN) for User1.
-
Configure the Name Mappings of User1.
Question 14
Question
Your network contains an Active Directory domain named contoso.com. The domain contains a member
server named Server1.
Server1 runs Windows Server 2012 and has the Hyper-V server role installed.
Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 and hosts a
processor-intensive application names App1.
Users report that App1 responds more slowly than expected.
You need to monitor the processor usage on VM1 to identify whether changes must be made to the
hardware settings of VM1.
Which performance object should you monitor on Server1?
Answer
-
Processor
-
Hyper-V Hypervisor Root Virtual Processor
-
Hyper-V Hypervisor Logical Processor
-
Process
-
Hyper-V Hypervisor Virtual Processor
Question 15
Question
You have a RODC named Server1 running Server 2012 .
You need to add a RODC Administrator.
How do you complete the task?
Question 16
Question
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain.
All domain controllers run Windows Server 2012.
The domain contains two domain controllers. The domain controllers are configured as shown in the
following table.
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active Directory group
named Group1 an hour ago.
What should you do?
Answer
-
Perform a non-authoritative restore.
-
Modify the is Recycled attribute of Group1.
-
Perform an authoritative restore.
-
Recover the items by using Active Directory Recycle Bin.
Question 17
Question
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only
domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the
software on RODC1. The solution must not provide RODC_Admins with the ability to manage Active
Directory objects.
What should you do?
Answer
-
From Active Directory Users and Computers, configure the Managed By settings of the RODC1
account.
-
From Active Directory Sites and Services, run the Delegation of Control Wizard
-
From Active Directory Users and Computers, run the Delegation of Control Wizard.
-
From a command prompt, run the dsadd computer command.
Question 18
Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012.
In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012. DC10
is currently a member of a workgroup.
You plan to promote DC10 to a read-only domain controller (RODC).
You need to ensure that a user named Contoso/User1 can promote DC10 to a RODC in the contoso.com
domain. The solution must minimize the number of permissions assigned to User1.
What should you do?
Answer
-
Join DC10 to the domain. Modify the properties of the DC10 computer account
-
From Active Directory Administrative Center, pre-create an RODC computer account.
-
Join DC10 to the domain. Run dsmod and specify the /server switch
-
From Active Directory Administrative Center, modify the security settings of the Domain Controllers
organizational unit (OU).
Question 19
Question
Your network contains AD named contoso.com. The domain contains RADIUS server named Server1 that
runs Windows Server 2012.
You add a VPN server named Server2 to the network. On Server1, you created several network policies.
You need to configure Server1 to accept authentication requests from Server2.
Which tool should you use on Server1?
Question 20
Question
Your network contains an Active Directory domain named contoso.com. The domain contains client
computers that run either Windows XP, Windows 7, or Windows 8.
Network Policy Server (NPS) is deployed to the domain.
You plan to create a system health validator (SHV).
You need to identify which policy settings can be applied to all of the computers.
Which three policy settings should you identify? (Each correct answer presents part of the solution. Choose
three.)
Answer
-
A firewall is enabled for all network connections.
-
An antispyware application is on.
-
Automatic updating is enabled.
-
Antivirus is up to date.
-
Antispyware is up to date.
Question 21
Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012.
The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain.
Two Group Policy objects (GPOs) named GPO1 and GP02 are created. GPO1 is linked to OUl. GPO2 is
linked to OU2.
OU1 contains a client computer named Computer1. OU2 contains a user named User1.
You need to ensure that the GPOs applied to Computer1 are applied to User1 when User1 logs on.
What should you configure?
Question 22
Question
Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named DC1 that runs Windows Server 2012.
You mount an Active Directory snapshot on DC1.
You need to expose the snapshot as an LDAP server.
Which tool should you use?
Answer
-
ADSI Edit
-
Ntdsutil
-
Dsamain
-
Ldp
Question 23
Question
You have a server named Server1 that has a Server Core Installation on Windows Server 2012.
You need to view the time-to-live (TTL) value of a host name that is cached on Server1.
What should you run?
Answer
-
dnscacheugc.exe
-
ipconfig.exe /displaydns
-
nslookup.exe
-
Show-DNSServerCache
Question 24
Question
The contoso.com domain contains a a DNS server named Server1 that host a primary zone. Server2
contains a a secondary zone for the contoso.com domain You need to configure how long Server2 queries
Server1 to renew the zone.
What should you configure?
Answer
-
Retry Interval
-
Minimum TTL
-
Refresh Interval
-
Authority Record
Question 25
Question
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and
fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012.
The network contains two servers named Server1 and Server2. Server1 hosts an Active Directoryintegrated
zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com.
Server1 and Server2 connect to each other by using a WAN link.
Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com.
You need to configure Server1 to resolve names in fabrikam.com. The solution must NOT require that
changes be made to the fabrikam.com zone on Server2.
What should you create?
Answer
-
a secondary zone
-
a stub zone
-
a trust anchor
-
a zone delegation
Question 26
Question
Your network contains an Active Directory domain named adatum.com. You have a standard primary zone
named adatum.com.
You need to provide a user named User1 the ability to modify records in the zone. Other users must be
prevented from modifying records in the zone.
What should you do first?
Answer
-
From the properties of the zone, modify the start of authority (SOA) record.
-
Run the Zone Signing Wizard for the zone.
-
Run the New Delegation Wizard for the zone.
-
From the properties of the zone, change the zone type.
Question 27
Question
Your network contains an Active Directory domain named contoso.com. All user accounts reside in an
organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group
Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user.
You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop.
You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again.
What should you do?
Answer
-
Modify the Link1 shortcut preference of GPO1.
-
Enable loopback processing in GPO1.
-
Enforce GPO1.
-
Modify the Security Filtering settings of GPO1.
Question 28
Question
You have a DNS server named Server1 that runs Windows Server 2012. On Server1, you create a DNS
zone named contoso.com.
You need to specify the email address of the person responsible for the zone.
Which type of DNS record should you configure?
Answer
-
Start of authority (SOA)
-
Mail exchanger (MX)
-
Host information (HINFO)
-
Mailbox (MB)
Question 29
Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012.
The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain.
Two Group Policy objects (GPOs) named GPO1 and GPO2 are created. GPO1 is linked to OU1. GPO2 is
linked to OU2.
OU1 contains a client computer named Computer1. OU2 contains a user named User1.
You need to ensure that the GPOs applied to Computer1 are applied to User1 when User1 logs on.
What should you configure?
Answer
-
The GPO Status
-
GPO links
-
The Enforced setting
-
Security Filtering
Question 30
Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012. The domain contains 200 Group Policy objects (GPOs) and 100 WMI filters.
An administrator named Admin1 must be able to create new WMI filters and edit all of the existing WMI
filters from the Group Policy Management Console (GPMC).
You need to delegate the required permissions to Admin1. The solution must minimize the number of
permissions assigned to Admin1. What should you do?
Answer
-
From Group Policy Management, assign Full control to Admin1 for the WMI Filters container.
-
From Active Directory Users and Computers, add Admin1 to the Domain Admins group.
-
From Group Policy Management, assign Creator Owner to Admin1 for the WMI Filters container.
-
From Active Directory Users and Computers, add Admin1 to the WinRMRemoteWMIUsers__group.
Question 31
Question
You have a server named Server1 that runs Windows Server 2012.
You create a custom Data Collector Set (DCS) named DCS1.
You need to configure Server1 to start DCS1 automatically when the network usage exceeds 70 percent.
Which type of data collector should you create?
Answer
-
a performance counter alert
-
a configuration data collector
-
an event trace data collector
-
a performance counter data collector
Question 32
Question
Your network contains two servers named Server1 and Server 2. Both servers run Windows Server 2012
and have the DNS Server server role installed.
On Server1, you create a standard primary zone named contoso.com.
You plan to create a standard primary zone for ad.contoso.com on Server2.
You need to ensure that Server1 forwards all queries for ad.contoso.com to Server2.
What should you do from Server1?
Answer
-
Create a trust anchor named Server2.
-
Create a conditional forward that points to Server2.
-
Create a zone delegation that points to Server2.
-
Add Server2 as a name server.
Question 33
Question
You have a server named Server1 that runs Windows Server 2012. On Server1, you configure a custom
Data Collector Set (DCS) named DCS1.
You need to ensure that all performance log data that is older than 30 days is deleted automatically.
What should you configure?
Answer
-
a File Server Resource Manager (FSRM) quota on the %Systemdrive%\PerfLogs folder
-
a schedule for DCS1
-
the Data Manager settings of DCS1
-
a File Server Resource Manager (FSRM) file screen on the %Systemdrive%\PerfLogs folder