Installing and Configuring Windows Server 2012
Question No: 1 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Server1 runs Windows Server 2012 R2. Server2 runs Windows Server 2008 R2 Service Pack 1 (SP1) and has the DHCP Server server role installed.
You need to manage DHCP on Server2 by using the DHCP console on Server1. What should you do first?
From Windows PowerShell on Server2, run Enable-PSRemoting cmdlet.
From Windows PowerShell on Server1, run Install-Windows Feature.
From Windows Firewall with Advanced Security on Server2, create an inbound rule.
From Internet Explorer on Server2, download and install Windows Management Framework 3.0.
Answer: B Explanation:
When the DHCP role is installed, it appears that the firewall rules are automatically added, so C is not valid (not only that, but either way it is an existing rule that one would need only enable nonetheless, not create a new rule). This means you only need to add the DHCP Manager MMC snap-in which is a Role Administration Tool feature.
So the correct answer must be B.
Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 6 Network Administration, p.228
Question No: 2 – (Topic 1)
Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Host1. Host1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
Host1 hosts two virtual machines named VM5 and VM6. Both virtual machines connect to a virtual switch named Virtual1.
On VM5, you install a network monitoring application named Monitor1.
You need to capture all of the inbound and outbound traffic to VM6 by using Monitor1.
Which two commands should you run from Windows PowerShell? (Each correct answer presents part of the solution. Choose two.)
Get-VM “VM6 | Set-VMNetworkAdapter-IovWeight 1
Get-VM “VM5 I Set-VMNetworkAdapter -IovWeight 0
Get-VM “VM5 | Set-VMNetworkAdapter -PortMirroring Source
Get-VM “VM6 | Set-VMNetworkAdapter -AllowTeaming On
Get-VM “VM6 | Set-VMNetworkAdapter -PortMirroring Destination
Get-VM “VM5 | Set-VMNetworkAdapter -AllowTeaming On
Answer: C,E Explanation:
-PortMirroring specifies the port mirroring mode for the network adapter. This can be set to None, Source, and Destination.
->If set to Source, a copy of every network packet it sends or receives is forwarded
to a virtual network adapter configured to receive the packets.
->If set to Destination, it receives copied packets from the source virtual network adapter.
In this scenario, VM5 is the destination which must receive a copy of the network packets from VM6, which s the source.
Question No: 3 – (Topic 1)
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
You install a network monitoring application on VM2.
You need to ensure that all of the traffic sent to VM3 can be captured on VM2. What should you configure?
Virtual Machine Chimney
The VLAN ID
The startup order
Automatic Start Action
Single-root I/O virtualization
Answer: J Explanation:
With Hyper-V Virtual Switch port mirroring, you can select the switch ports that are monitored as well as the switch port that receives copies of all the traffic. And since Port mirroring allows the network traffic of a virtual machine to be monitored by copying the traffic and forwarding it to another virtual machine that is configured for monitoring, you should configure port mirroring on VM2.
Question No: 4 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The network contains a server named Server1 that runs Windows Server 2012 R2 and a server named Server2 that runs Windows Server 2008 R2 Service Pack 1 (SP1). Server1 and Server2 are member servers.
You need to ensure that you can manage Server2 from Server1 by using Server Manager.
Which two tasks should you perform? (Each correct answer presents part of the solution. Choose two.)
Install Remote Server Administration Tools on Server1.
Install Windows Management Framework 3.0 on Server2.
Install the Windows PowerShell 2.0 engine on Server1.
Install Microsoft .NET Framework 4 on Server2.
Install Remote Server Administration Tools on Server2.
Answer: B,D Explanation:
To be able to fully manage remote servers that run Windows Server 2008 or the R2 Service Pack 1 operating system, you should install the .NET Framework 4 on Server2 first followed by the Windows Management Framework 3.0.
Question No: 5 HOTSPOT – (Topic 1)
Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2012 R2. All client computers run Windows 7. The computer accounts for all of the client computers are located in an organizational unit (OU) named OU1.
An administrator links a Group Policy object (GPO) to OU1. The GPO contains several application control policies.
You discover that the application control policies are not enforced on the client computers.
You need to modify the GPO to ensure that the application control policies are enforced on the client computers.
What should you configure in the GPO?
To answer, select the appropriate service in the answer area.
Does AppLocker use any services for its rule enforcement?
Yes, AppLocker uses the Application Identity service (AppIDSvc) for rule enforcement. For AppLocker rules to be enforced, this service must be set to start automatically in the GPO.
Before you can enforce AppLocker policies, you must start the Application Identity service by using the Services snap-in console.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.
To start the Application Identity service
->Click Start, click Administrative Tools, and then click Services.
->In the Services snap-in console, double-click Application Identity.
->In the Application Identity Properties dialog box, click Automatic in the Startup type list, click Start, and then click OK.
Question No: 6 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains 100 user accounts that reside in an organizational unit (OU) named OU1.
You need to ensure that a user named User1 can link and unlink Group Policy objects (GPOs) to OU1. The solution must minimize the number of permissions assigned to User1.
What should you do?
Run the Delegation of Control Wizard on OU1.
Add User1 to the Group Policy Creator Owners group.
Modify the permission on the \\Contoso.com\SYSVOL\Contoso.com\Policies folder.
Modify the permissions on the User1 account.
Answer: A Explanation:
The Delegation of Control Wizard allows you to delegate tasks, active Directory Object types and to set permissions.
Question No: 7 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. A server named Server1 is configured to encrypt all traffic by using IPSec.
You need to ensure that Server1 can respond to ping requests from computers that do not support IPSec.
What should you do?
From a command prompt, run netsh set global autotuninglevel = highlyrestrictedcongestionprovider=none.
From a command prompt, run netsh set global autotuninglevel = restricted congestionprovider = ctcp.
From Windows Firewall with Advanced Security, allow unicast responses for the Domain
From Windows Firewall with Advanced Security, exempt ICMP from IPSec.
Question No: 8 HOTSPOT – (Topic 1)
You have a shared folder named Share1. The folder permissions of Share1 are configured as shown in the Folder Permissions exhibit. (Click the Exhibit button.)
The Share permissions of Share1 are configured as shown in the Share Permissions exhibit. (Click the Exhibit button.)
You have a group named Group1. The members of Group1 are shown in the Group1 exhibit. (Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise select No. Each correct selection is worth one point.
NTFS permissions control access to the files and folders stored on disk volumes formatted with the NTFS file system. Share permissions control access to folders over a network. To access a file over a network, a user must have appropriate share permissions (and appropriate NTFS permissions if the shared folder is on an NTFS volume).Granting a user Full Control NTFS permission on a folder enables that user to take ownership of the folder unless the user is restricted in some other way.User1 was not granted Full Control permission.
The Administrators have Full Control permission. I assume that User2 is an administrator since the Group1 exhibit shows only User1 as a member.
Exam Reference 70-410: Installing and configuring Windows Server 2012 R2, Chapter 2:
Configure server roles and features, Objective 2.1: Configure file and share access, p.75- 80
Question No: 9 – (Topic 1)
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1.
You need to prevent User1 from changing his password. The solution must minimize administrative effort.
Which cmdlet should you run?
Answer: F Explanation:
The Set-ADAccountControlcmdlet modifies the user account control (UAC) values for an Active Directory user or computer account. UAC values are represented by cmdlet parameters.
Modifies the ability of an account to change its password. To disallow password change by the account set this to $true. This parameter changes the Boolean value of the CannotChangePassword property of an account.
The following example shows how to specify the PasswordCannotChange parameter.
Question No: 10 – (Topic 1)
Your company has a main office and two branch offices. The offices connect to each other by using a WAN link.
In the main office, you have a server named Server1 that runs Windows Server 2012 R2. Server1 is configured to use an IPv4 address only.
You need to assign an IPv6 address to Server1. The IP address must be private and routable.
Which IPv6 address should you assign to Server1?
Answer: D Explanation:
Unique local addresses are IPv6 addresses that are private to an organization in the same way that private addresses-such as 10.x.x.x, 192.168.x.x, or 172.16.0.0 172.31.255.255-can be used on an IPv4 network.
Unique local addresses, therefore, are not routable on the IPv6 Internet in the same way that an address like 10.20.100.55 is not routable on the IPv4 Internet. A unique local address is always structured as follows:
The first 8 bits are always 11111101 in binary format. This means that a unique local address always begins with FD and has a prefix identifier of FD00::/8.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|