70-411 - MCSA: Administering Windows Server 2012 - Exam 2

Description

This exam measures your ability to accomplish the technical tasks listed below: Deploy, Manage, and Maintain Servers Configure File and Print Services Configure Network Services and Access Configure a Network Policy Server Infrastructure Configure and Manage Active Directory Configure and Manage Group Policy
Mike M
Quiz by Mike M, updated more than 1 year ago More Less
Mike M
Created by Mike M about 6 years ago
Mike M
Copied by Mike M about 6 years ago
Mike M
Copied by Mike M about 6 years ago
64
1

Resource summary

Question 1

Question
Your network contains a DNS server named Server1 that runs Windows Server 2012. Server1 has a zone named contoso.com. The network contains a server named Server2 that runs Windows Server 2008 R2. Server1 and Server2 are members of an Active Directory domain named contoso.com. You change the IP Address of Server2. Several hours later, some users report they cannot connect to Server2. On the affected users' client computers, you flush the DNS client resolver cache, and the users successfully connect to Server2. You need to reduce the amount of time that the client computers cache DNS records from contoso.com. Which value should you modify in the Start of Authority (SOA) record?
Answer
  • Serial Number
  • Primary Server
  • Refresh interval
  • Retry interval
  • Expires after
  • Minimum (default) TTL
  • TTL for this record

Question 2

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. You enable and configure Routing and Remote Access (RRAS) on Server1. You create a user account named User1. You need to ensure that User1 can establish VPN connections to Server1. What should you do?
Answer
  • Create a network policy
  • Modify the members of the Remote Management Users group
  • Create a connection request policy
  • Add a RADIUS client

Question 3

Question
Server1, as a DNS server, hosts a Primary zone. Server2 is the secondary zone contoso.com domain. You need to determine how long Server2 would take to renew records from Server1. What do you configure?
Answer
  • Refresh interval
  • Restart DNS
  • Forwarders
  • Stub Zone

Question 4

Question
Your network contains an Active Directory domain named fabrikam.com. You implement Direct Access and an IKEv2 VPN. You need to view the properties of the VPN connection. Which connection properties should you view?
Answer
  • Fabrikam.com (top)
  • Workplace Connection (top)
  • Fabrikam.com (bottom)
  • Workplace Connection (bottom)

Question 5

Question
You have a server named Server1 that runs Windows Server 2012. Server1 has the Remote Access server role installed. On Server1, you create a network policy named PPTP_Policy. You need to configure PPTP_Policy to apply only to VPN connections that use the PPTP protocol. What should you configure in PPTP_Policy?
Answer
  • The Service Type
  • The Tunnel Type
  • The Frame Protocol
  • The NAS Port Type

Question 6

Question
Your network contains a RADIUS server named Server1. You install a new server named Server2 that runs Windows Server 2012 and has Network Policy Server (NPS) installed. You need to ensure that all accounting requests for Server2 are forwarded to Serever1. On Server2, you configure a Connection Request Policy. What else should you configure on Server2?
Answer
  • RADIUS Clients
  • Remote RADIUS Server Groups
  • Connection Request Policies
  • Network Policies
  • Health Policies
  • System Health Validators
  • Remediation Server Groups

Question 7

Question
Your network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains a server named Server1.contoso.com. The adatum.com forest contains a server named Server2.adatum.com. Both servers have the Network Policy Server role installed. The network contains a server named Server3. Server3 is located in the perimeter network and has the Network Policy Server role service installed. You plan to configure Server3 as an authentication provider for several VPN servers. You need to ensure that a RADIUS requests received by Server3 for a specific VPN server are always forwarded to Server1.contoso.com. Which two should you configure on Server3? (Choose two)
Answer
  • Network Policies
  • Remote RADIUS Server Groups
  • Connection Authorization Policies
  • Remediation Server Groups
  • Connection Request Policies

Question 8

Question
Your network contains an Active Directory domain named fabrikam.com. You implement Direct Access. You need to view the properties of the DirectAccess connection. Which connection properties should you view?
Answer
  • Fabrikam.com (top)
  • Workplace Connection (top)
  • Fabrikam.com - (bottom)
  • Workplace Connection (bottom)

Question 9

Question
Your network contains an Active Directory domain named contoso.com The domain contains a sever named Server1 that runs Windows Server 2012. You enable and configure Routing and Remote Access (RRAS) on Server1. You create a user account named User1. You need to ensure that User1 can establish VPN connections to Server1. What should you do?
Answer
  • Add a RADIUS client
  • Create a connection request policy
  • Modify the members of the Remote Management Users group
  • Modify the Dial-In settings of User1

Question 10

Question
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012. The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link. Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com. You need to configure Server1 to support resolution of names in the fabrikam.com zone. The solution must ensure that users in contoso.com can resolve names in the fabrikam.com domain if the WAN link fails. What should you do on Server1?
Answer
  • Add a forwarder
  • Create a conditional forwarder
  • Create a secondary zone
  • Create a stub zone

Question 11

Question
Your network contains two servers named Server1 and Server2. Both server run Windows Server 2012 and have the DNS server role installed. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone for contoso.com. The zone is not configured to notify secondary servers of the changes automatically. You update several records on Server1. You need to force the replication of the contoso.com zone records from Server1 to Server2. What should you do from Server2?
Answer
  • Right-click Server2 and click Update Server Data Files
  • Right-click Server2 and click Refresh
  • Right-click the contoso.com and click Reload
  • Right-click the contoso.com zone and click Transfer from Master

Question 12

Question
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8. Your company has users who work from home. Some of the home users have desktop computers. Other home users have laptop computers. All of the computers are joined to the domain. All of the computer accounts are members of a group named Group1. Currently, the home users access the corporate network by using a PPTP VPN. You implement DirectAccess by using the default configuration and you specify Group1 as the DirectAccess client group. The home users who have desktop computers report that they cannot use DirectAccess to access the corporate network. The home users who have laptop computer report that they can use DirectAccess to access the corporate network. You need to ensure that the home users who have desktop computers can access the network by using DirectAccess. What should you modify?
Answer
  • The security settings of the computers accounts for the desktop computers
  • The membership of the RAS and IAS Servers group
  • The WMI filters for the DirectAccess Client Settings GPO
  • The conditions of the Connections to Microsoft Routing and Remote Access server policy

Question 13

Question
You have a DNS server named Server1 that has a Server Core Installation on Windows Server 2012. You need to view the time-to-live (TTL) value of a name server (NS) record that is cached by the DNS Server service on Server1. What should you run?
Answer
  • Show-DNSServerCache
  • dnscacheugc.exe
  • ipconfig.exe /displaydns
  • nslookup.exe

Question 14

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that hosts the primary DNS zone for contoso.com. All servers dynamically register their host names. You install the new Web servers that host identical copies of your company's intranet website. The servers are configured as follows: Web1.contoso.com=10.0.0.20 and Web2.contoso.com=10.0.0.21. You need to use DNS records to load balance name resolution queries for intranet.contoso.com between the two Web servers. What is the minimum number of DNS records that you should create manually?
Answer
  • 1
  • 2
  • 3
  • 4

Question 15

Question
You have a Direct Access Server named Server1 running Server 2012. You need to prevent users from accessing websites from an internet connection. What should you configure?
Answer
  • Split Tunneling
  • Security Groups
  • Force Tunneling
  • Network Settings

Question 16

Question
You have a server named Server1 that runs Windows Server 2012. Server1 has the Remote Access server role installed. You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1. The solution must NOT require the use of certificates or pre-shared keys. What should you modify?
Answer
  • WAN Miniport (IKEv2)
  • WAN Miniport (PPPOE)
  • WAN Miniport (L2TP)
  • WAN Miniport (PPTP)
  • WAN Miniport (SSTP)

Question 17

Question
Your network contains multiple Active Directory sites. You have a Distributed File System (DFS) namespace that has a folder target in each site. You discover that some client computers connect to DFS targets in other sites. You need to ensure that client computers only connect to a DFS target in their respective site. What should you modify?
Answer
  • The properties of Active Directory site links
  • The properties of the Active Directory sites
  • The delegation settings of the namespace
  • The referral settings of the namespace

Question 18

Question
Your network contains an Active Directory domain named contoso.com. You have a failover cluster named Cluster1. All of the nodes in Cluster1 have BitLocker Drive Encryption (BitLocker) installed. You plan to add a new volume to the shared storage of Cluster1. You need to add the new volume to the shared storage. The solution must meet the following requirements: Encrypt the volume, and avoid use maintenance mode on the cluster. Which three actions should you perform? (Choose three)
Answer
  • Run the Enable-BitLockerAutoUnlock cmdlet
  • Run the Enable-Bitlocker cmdlet
  • Run the Lock-Bitlocker cmdlet
  • Add the volume to the cluster
  • Run the Add-BitLockerProtector

Question 19

Question
Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2008. All domain controllers run Windows Server 2008 R2. The domain contains a file server named Server1 that runs Windows Server 2012. Server1 has a BitLocker Drive Encryption (BitLocker)-encrypted drive. Server1 uses a trusted platform Module (TPM) chip. You enable the Turn on TPM backup to Active Directory Domain Services policy settings by using a Group Policy Object (GPO). You need to ensure you can backup the BitLocker recovery information to Active Directory. What should you do?
Answer
  • Upgrade a domain controller to Windows 2012
  • Enable the Store BitLocker recovery information in the Active Directory Services (Windows Server 2008 and Windows Vista) policy settings.
  • Raise the forest functional level to Windows 2008 R2.
  • Add a BitLocker data recovery agent

Question 20

Question
Your company has a main office and a branch office. The main office is located in Seattle. The branch office is located in Montreal. Each office is configured as an Active Directory site. The network contains an Active Directory domain named adatum.com. The Seattle office contains a file server named Server1. The Montreal office contains a file server named Server2. The servers run Windows Server 2012 and have the File and Storage Services server role., The DFS Namespace role service, and the DFS Replication role service installed. Server1 and Server2 each have a share named Share1 that is replicated by using DFS replication. You need to ensure that users connect to the replicated folder in their respective office when they connect to \\contoso.com\Share1. Which three actions should you perform? (Choose three)
Answer
  • Share and publish the replicated folder
  • Modify the Referrals settings
  • Create a new topology
  • Create a namespace
  • Create a replication connection

Question 21

Question
You have a server named Server1 that runs Windows Server 2012. An administrator creates a quota as shown in the Quota exhibit. You run the dir command as shown. You need to ensure that the D:\Folder1 can only consume 100MB of disk space. What should you do?
Answer
  • From File Server Resource Manager, edit the existing quota
  • From the properties of drive D, enable quota management.
  • From the Services console, set the Startup Type of the Optimize drives service to Automatic
  • From the File Server Resource Manager, create a new quota

Question 22

Question
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012. The domain contains an Organizational Unit (OU) named FileServers_OU. FileServers_OU contains the computer accounts for all of the file servers in the domain. You need to audit the users who successfully access shares on the file servers. Which audit category should you configure?
Answer
  • Account Logon
  • Account Management
  • Detailed Tracking
  • DS Access
  • Logon/Logoff
  • Object Access
  • Policy Change
  • Privilege Use
  • System
  • Global Object Access Auditing

Question 23

Question
Your network contains an Active Directory domain named contoso.com. The domain does not contain a certification authority (CA). All servers run Windows Server 2012. All client computers run Windows 8. You need to add a data recovery agent for the Encrypting File System (EFS) to the domain. What two actions should you perform?
Answer
  • From Windows PowerShell, run Get-Certificate
  • From the Default Domain Controllers Policy, select Create Data Recovery Agent
  • From the Default Domain Policy, select Add Data Recovery Agent
  • From a command prompt run cipher.exe
  • From the Default Domain Policy, select Create Data Recovery Agent
  • From the Default Domain Controllers Policy, select Add Data Recovery Agent

Question 24

Question
Your network contains an Active Directory domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as follows: Server1 runs Windows Server 2008 R2 and is the PDC Emulator and Infrastructure master. Server2 runs Windows Server 2008 R2 and is the RID master. Server3 runs Windows Server 2012 and is the Schema master. You are creating a Distributed File System (DFS) namespace as shown. You need to identify which configuration prevents you from creating a DFS namespace in Windows Server 2008 mode. What configuration should you identify?
Answer
  • The location of the PDC Emulator Role
  • The functional level of the domain
  • The operating system on Server1 and Server3
  • The location of the RID master role

Question 25

Question
Your network contains an Active Directory domain named adatum.com. The domain contains five servers. The servers are configured as follows: DC1 is a Domain Controller and DNS server. DC2 is a Domain Controller and DHCP server. Server1 is a Windows Deployment Server (WDS) server. Server2 is a Certificate Authority (CA). Server3 is a File Server. All desktop computers in adatum.com run Windows 8 and are configured to use BitLocker Drive Encryption (BitLocker) on al local disk drives. You need to deploy the Network Unlock feature. The solution must minimize the number of features and server roles installed on the network. To which server should you deploy the feature?
Answer
  • Server3
  • Server1
  • DC2
  • Server2
  • DC1

Question 26

Question
You have a server named Server1 that runs Windows Server 2012. Server1 has the File Server Resource Manager role installed. Server1 has a folder named Folder1 that is used by the sales department. You need to ensure that an e-mail notification is sent to the sales manager when a File Screening Audit report is generated. What should you configure on Server1?
Answer
  • A File Screen Exception
  • A File Group
  • A Storage Task Report
  • A File Screen

Question 27

Question
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012. Both servers have the File and Storage Services server role, the DFS namespace role service and the Replication role service installed. Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are separated by a low-speed WAN connection. You need to limit the amount of bandwidth that DFS can use to replicate between Server1 and Server2. What should you modify?
Answer
  • The cache duration of the namespace
  • The staging quota of the replicated folder
  • The referral ordering of the namespace
  • The schedule of the replication group

Question 28

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 has the File Server Resource Manager role service installed. You configure a quota threshold as shown in the exhibit. You need to ensure that a user named User1 receives an e-mail notification when the threshold is exceeded. What should you do?
Answer
  • Configure the File Server Resource Manager Options
  • Modify the members of the Performance Log Users group
  • Create a performance counter alert.
  • Create a classification rule.

Question 29

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012. You view the effective policy settings of Server1 as shown in the exhibit. On Server1, you have a folder named C:\Share1 that is shared as Share1. Share1 contains confidential data. A group named Group1 has full control of the content in Share1. You need to ensure that an entry is added to the event log whenever a member of Group1 deletes a file in Share1. What should you configure?
Answer
  • The Audit File System settings of Servers GPO
  • The Sharing settings of C:\Share1
  • The Security settings of C:\Share1
  • The Audit File Share settings of Servers GPO

Question 30

Question
You have a server named Server1 that runs Windows Server 2012. Server1 has the File Server Resource Manager role service installed. Server1 has a folder named Folder1 that is used by the human resources department. You need to ensure that an email notification is sent immediately to the human resources manager when a user copies an audio file or a video file to Folder1. What should you configure on Server1?
Answer
  • A file screen
  • A file screen exception
  • A file group
  • A storage report task

Question 31

Question
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012. Both servers have the File and Storage Services server role, the DFS Namespace role service, and the DFS Replication role service installed. Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are connected by using a high-speed LAN connection. You need to minimize the amount of processor resources consumed by DFS Replication. What should you do?
Answer
  • Reduce the bandwidth usage
  • Disable Remote Differential Compression
  • Modify the staging quota
  • Modify the replication schedule

Question 32

Question
Your company has a main office and two branch offices. The main office is located in New York. The branch offices are located in Seattle and Chicago. The network contains an Active Directory domain named contoso.com. An Active Directory site exists for each office. Active Directory site links exist between the main office and the branch offices. All servers run Windows Server 2012. The domain contains three file servers. The NYC-SVR1 server is in the New York office, the SEA-SRV1 server is located in the Seattle office, and the CHI-SRV1 is located in the Chicago Office. You implement a Distributed File System (DFS) replication group named ReplGroup. ReplGroup is used to replicate a folder on each file server. ReplGroup uses a hub and spoke topology. NYC-SVR1 is configured as the hub server. You need to ensure that replication can occur if NYC-SVR1 fails. What should you do?
Answer
  • Create an Active Directory Site Link
  • Modify the properties of the ReplGroup
  • Create an Active Directory Site Link Bridge
  • Create a connection in ReplGroup

Question 33

Question
Your domain contains a Windows 8 computer named Computer1. Computer1 uses BitLocker. The E:\ drive is encrypted and currently locked. You need to unlock the E:\ drive with the recovery key stored on the C:\. What should you run?
Answer
  • Unlock-BitLocker
  • Suspend-BitLocker
  • Enable-BitLockerAutoUnlock
  • Disable-BitLocker

Question 34

Question
Your network contains and Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. A local account named Admin1 is a member of the Administrators group on Server1. You need to generate an audit event whenever Admin1 is denied access to a file or folder. What should you run?
Answer
  • auditpol.exe /set /user:admin1 /category:"detailed tracking" /failure:enable
  • auditpol.exe /set /user:admin1 /failure:enable
  • auditpol.exe /resourcesacl /set /type:keyauditpol /resourcesacl /set /type:access:ga
  • auditpol.exe /resourcesacl /set /type:file /user:admin1 /failure

Question 35

Question
Your network contains and Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012. You view the effective policy settings of Server1 as shown in the exhibit. You need to ensure that an entry is added to the event log whenever a local user account is created or deleted on Server1. What should you do?
Answer
  • In the Servers GPO, modify the Advanced Audit Configuration Settings
  • On Server1, attach a task to the security log
  • In the Servers GPO, modify the Audit Policy settings
  • On Server1, attach a task to the system log

Question 36

Question
On the DFS replication you receive a wrap error on the sysvol on domain controller 4. Which three steps should you do to recover this error in the correct order?
Answer
  • Stop FSR
  • Start FSR
  • Edit the computer object in AD to msDFSR-Enabled=TRUE
  • Edit the registry
  • Stop DFSR
  • Start DFRS
  • Edit the computer object in AD to msDFSR-Enabled=FALSE
  • Run DFSRDIAG

Question 37

Question
Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2008. All domain controllers run Windows Server 2008 R2. The domain contains a file server named Server1 that runs Windows Server 2012. Server1 has a BitLocker Drive Encryption (BitLocker)-encrypted drive. Server1 uses a Trusted Platform Module (TPM) chip. You enable the Turn on TPM backup to Active Directory Domain Services policy setting by using a Group Policy Object (GPO). You need to ensure that you can back up the BitLocker recovery information to Active Directory. What should you do?
Answer
  • Raise the forest functional level to Windows Server 2008 R2.
  • Enable the Configure the Level of TPM owner authorization information available to the operating system policy setting and set the Operating system managed TPM authentication level to None.
  • Add a BitLocker data recovery agent.
  • Import the Tpmschemaextension.ldf and TpmSchemaExtensionACLChanges.ldf schema extensions to the Active Directory schema.

Question 38

Question
Your network contains an Active Directory domain named adatum.com. You have a Group Policy Object (GPO) that configures the Windows Update settings. Currently, client computers are configured to download updates from Microsoft Update servers. Users choose when the updates are installed. You need to configure all client computers to install Windows updates automatically. Which setting should you configure in the GPO?
Answer
  • Do not display 'Install Updates and Shut Down' option
  • Do not adjust default option to 'Install Updates and Shut Down'
  • Enabling Windows Update Power Management to automatically...
  • Configure Automatic Updates
  • Specify intranet Microsoft update service location
  • Automatic Updates detection frequency
  • Allow non-administrators to receive update notifications
  • Turn on Software Notifications
  • Let the service shut down when it is idle
  • Allow Automatic Updates immediate installation

Question 39

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. All servers run Windows Server 2012. You need to collect error events for all the servers on Server1. The solution must ensure that when new servers are added to the domain, their error events are collected automatically on Server1. Which two actions should you perform? (Choose two)
Answer
  • On Server1, create a source computer initiated subscription.
  • From a Group Policy Object (GPO), configure the Configure forwarder resource usage settings.
  • From a Group Policy Object (GPO), configure the Configure target Subscription Manager settings
  • On Server1, create a collector initiated subscription

Question 40

Question
Your network contains an Active Directory domain called contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012. You enable the EventLog-Application event trace session. You need to set the maximum size of the log file used by the trace session to 10 MB. From which tab should you perform the configuration?
Answer
  • Trace Providers
  • Trace Session
  • Security
  • Trace Buffers
  • File
  • Directory
  • Stop Condition
Show full summary Hide full summary

Similar

CCNA Security 210-260 IINS - Exam 3
Mike M
The Internet
Gee_0599
SQL Quiz
R M
Application of technology in learning
Jeff Wall
The SAT Math test essentials list
lizcortland
Innovative Uses of Technology
John Marttila
How to improve your SAT math score
Brad Hegarty
Ch1 - The nature of IT Projects
mauricio5509
CCNA Answers – CCNA Exam
Abdul Demir
Translations and transformations of functions
Christine Laurich
Professional, Legal, and Ethical Issues in Information Security
mfundo.falteni