Administering Windows Server 2012
Question No: 1 HOTSPOT – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
You need to configure Server1 to meet the following requirements:
-> Ensure that old files in a folder named Folder1 are archived automatically to a folder named Archive1.
-> Ensure that all storage reports are saved to a network share.
Which two nodes should you configure? To answer, select the appropriate two nodes in the answer area.
Question No: 2 HOTSPOT – (Topic 1)
Your company has two offices. The offices are located in Montreal and Seattle.
The network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2. Server1 is located in the Seattle office. Server2 is located in the Montreal office. Both servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed.
You need to configure Server2 to download updates that are approved on Server1 only. What cmdlet should you run? To answer, select the appropriate options in the answer area.
Question No: 3 – (Topic 1)
Your network contains a Hyper-V host named Hyperv1. Hyperv1 runs Windows Server 2012 R2.
Hyperv1 hosts four virtual machines named VM1, VM2, VM3, and VM4. AH of the virtual machines run Windows Server 2008 R2.
You need to view the amount of memory resources and processor resources that VM4 currently uses.
Which tool should you use on Hyperv1?
Windows System Resource Manager (WSRM)
Answer: C Explanation:
Hyper-V Performance Monitoring Tool
Know which resource is consuming more CPU. Find out if CPUs are running at full capacity or if they are being underutilized. Metrics tracked include Total CPU utilization, Guest CPU utilization, Hypervisor CPU utilization, idle CPU utilization, etc.
WSRM is deprecated starting with Windows Server 2012
Question No: 4 DRAG DROP – (Topic 1)
Your network contains an Active Directory forest named contoso.com. All domain controllers run Windows Server 2008 R2.
The schema is upgraded to Windows Server 2012 R2.
Contoso.com contains two servers. The servers are configured as shown in the following table.
Server1 and Server2 host a load-balanced application pool named AppPool1.
You need to ensure that AppPool1 uses a group Managed Service Account as its identity. Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Box 3: Modify the settings of AppPool1.
Note: Box 1:
Group Managed Service Accounts Requirements:
At least one Windows Server 2012 Domain Controller
A Windows Server 2012 or Windows 8 machine with the ActiveDirectory PowerShell module, to create/manage the gMSA.
A Windows Server 2012 or Windows 8 domain member to run/use the gMSA. Box 2:
To create a new managed service account
-> On the domain controller, click Start, and then click Run. In the Open box, type dsa. msc, and then click OK to open the Active Directory Users and Computers snap-in. Confirm that the Managed Service Account container exists.
-> Click Start, click All Programs, click Windows PowerShell 2.0, and then click the Windows PowerShell icon.
-> Run the following command: New-ADServiceAccount [- SAMAccountNamelt;Stringgt;] [-Path lt;Stringgt;].
Configure a service account for Internet Information Services
Organizations that want to enhance the isolation of IIS applications can configure IIS application pools to run managed service accounts.
To use the Internet Information Services (IIS) Manager snap-in to configure a service to use a managed service account
-> Click Start, point to Administrative Tools, and then click Internet Information
Services (IIS) Manager.
-> Double-click lt;Computer namegt;, double-click Application Pools, right-click lt;Pool
Namegt;, and click Advanced Settings.
-> In the Identity box, click …, click Custom Account, and then click Set.
-> Type the name of the managed service account in the format domainname\accountname.
Question No: 5 – (Topic 1)
Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed.
On Server1, you create a standard primary zone named contoso.com.
You need to ensure that Server2 can host a secondary zone for contoso.com. What should you do from Server1?
Add Server2 as a name server.
Create a trust anchor named Server2.
Convert contoso.com to an Active Directory-integrated zone.
Create a zone delegation that points to Server2.
Answer: A Explanation:
Typically, adding a secondary DNS server to a zone involves three steps:
On the primary DNS server, add the prospective secondary DNS server to the list of name servers that are authoritative for the zone.
On the primary DNS server, verify that the transfer settings for the zone permit the zone to be transferred to the prospective secondary DNS server.
On the prospective secondary DNS server, add the zone as a secondary zone.
You must add a new Name Server. To add a name server to the list of authoritative servers for the zone, you must specify both the server#39;s IP address and its DNS name. When entering names, click Resolve to resolve the name to its IP address prior to adding it to the list.
Secondary zones cannot be AD-integrated under any circumstances.
You want to be sure Server2 can host, you do not want to delegate a zone.
Secondary Domain Name System (DNS) servers help provide load balancing and fault tolerance. Secondary DNS servers maintain a read-only copy of zone data that is transferred periodically from the primary DNS server for the zone. You can configure DNS clients to query secondary DNS servers instead of (or in addition to) the primary DNS server for a zone, reducing demand on the primary server and ensuring that DNS queries for the zone will be answered even if the primary server is not available.
How-To: Configure a secondary DNS Server in Windows Server 2012
We need to tell our primary DNS that it is ok for this secondary DNS to pull information from it. Otherwise replication will fail and you will get this big red X.
Head over to your primary DNS server, launch DNS manager, expand Forward Lookup Zones, navigate to your primary DNS zone, right-click on it and go to Properties.
Go to 鈥淶one Transfers鈥?tab, by default, for security reasons, the 鈥淎llow zone transfers: 鈥?is un-checked to protect your DNS information. We need to allow zone transfers, if you value your DNS records, you do not want to select 鈥淭o any server鈥?but make sure you click on 鈥淥nly to servers listed on the Name Servers tab鈥?
Head over to the 鈥淣ame Servers鈥?tab, click Add.
You will get 鈥淣ew Name Server Record鈥?window, type in the name of your secondary DNS server. it is always better to validate by name not IP address to avoid future problems in case your IP addresses change. Once done, click OK.
You will see your secondary DNS server is now added to your name servers selection, click OK.
Now if you head back to your secondary DNS server and refresh, the big red X will go away and your primary zone data will populate.
Your secondary DNS is fully setup now. You cannot make any DNS changes from your secondary DNS. Secondary DNS is a read-only DNS, Any DNS changes have to be done from the primary DNS.
http: //technet. microsoft. com/en-us/library/cc816885(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/cc816814(v=ws. 10). aspx
http: //blog. hyperexpert. com/how-to-configure-a-secondary-dns-server-in-windows-server- 2012/
http: //technet. microsoft. com/en-us/library/cc770984. aspx http: //support. microsoft. com/kb/816101
http: //technet. microsoft. com/en-us/library/cc753500. aspx
http: //technet. microsoft. com/en-us/library/cc771640(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/ee649280(v=ws. 10). aspx
Question No: 6 – (Topic 1)
You have a DNS server named Served that has a Server Core Installation on Windows Server 2012 R2.
You need to view the time-to-live (TTL) value of a name server (NS) record that is cached by the DNS Server service on Server1.
What should you run?
Answer: A Explanation:
The Show-DNSServerCache shows all cached Domain Name System (DNS) server resource records in the following format: Name, ResourceRecordData, Time-to-Live (TTL).
Question No: 7 – (Topic 1)
Your company has a main office and two branch offices. The main office is located in Seattle. The two branch offices are located in Montreal and Miami. Each office is configured as an Active Directory site.
The network contains an Active Directory domain named contoso.com. Network traffic is not routed between the Montreal office and the Miami office.
You implement a Distributed File System (DFS) namespace named \\contoso.com\public. The namespace contains a folder named Folder1. Folder1 has a folder target in each office.
You need to configure DFS to ensure that users in the branch offices only receive referrals to the target in their respective office or to the target in the main office.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
Set the Ordering method of \\contoso.com\public to Random order.
Set the Advanced properties of the folder target in the Seattle office to Last among all
Set the Advanced properties of the folder target in the Seattle office to First among targets of equal cost.
Set the Ordering method of \\contoso.com\public to Exclude targets outside of the client#39;s site.
Set the Advanced properties of the folder target in the Seattle office to Last among targets of equal cost.
Set the Ordering method of \\contoso.com\public to Lowest cost.
Answer: C,D Explanation:
Exclude targets outside of the client#39;s site
In this method, the referral contains only the targets that are in the same site as the client. These same-site targets are listed in random order. If no same-site targets exist, the client does not receive a referral and cannot access that portion of the namespace.
Note: Targets that have target priority set to quot;First among all targetsquot; or quot;Last among all targetsquot; are still listed in the referral, even if the ordering method is set to Exclude targets outside of the client#39;s site.
Note 2: Set the Ordering Method for Targets in Referrals
A referral is an ordered list of targets that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or folder with targets. After the client receives the referral, the client attempts to access the first target in the list. If the target is not available, the client attempts to access the next target.
Question No: 8 HOTSPOT – (Topic 1)
Your network contains an Active Directory named contoso.com. You have users named User1 and user2.
The Network Access Permission for User1 is set to Control access through NPS Network Policy. The Network Access Permission for User2 is set to Allow access.
A policy named Policy1 is shown in the Policy1 exhibit. (Click the Exhibit button.)
A policy named Policy2 is shown in the Policy2 exhibit. (Click the Exhibit button.)
A policy named Policy3 is shown in the Policy3 exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. Each correct selection is worth one point.
Question No: 9 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. Server1 has a share named Share1.
When users without permission to Share1 attempt to access the share, they receive the Access Denied message as shown in the exhibit. (Click the Exhibit button.)
You deploy a new file server named Server2 that runs Windows Server 2012 R2.
You need to configure Server2 to display the same custom Access Denied message as Server1.
What should you install on Server2?
The Remote Assistance feature
The Storage Services server role
The File Server Resource Manager role service
The Enhanced Storage feature
Answer: C Explanation:
Access-Denied Assistance is a new role service of the File Server role in Windows Server 2012.
We need to install the prerequisites for Access-Denied Assistance.
Because Access-Denied Assistance relies up on e-mail notifications, we also need to configure each relevant file server with a Simple Mail Transfer Protocol (SMTP) server address. Let’s do that quickly with Windows PowerShell:
You can enable Access-Denied Assistance either on a per-server basis or centrally via
Group Policy. To my mind, the latter approach is infinitely preferable from an administration standpoint.
Create a new GPO and make sure to target the GPO at your file servers’ Active Directory computer accounts as well as those of your AD client computers. In the Group Policy Object Editor, we are looking for the following path to configure Access-Denied Assistance:
\Computer Configuration\Policies\Administrative Templates\System\Access-Denied Assistance
The Customize message for Access Denied errors policy, shown in the screenshot below, enables us to create the actual message box shown to users when they access a shared file to which their user account has no access.
What’s cool about this policy is that we can 鈥減ersonalize鈥?the e-mail notifications to give us administrators (and, optionally, file owners) the details they need to resolve the permissions issue quickly and easily.
For instance, we can insert pre-defined macros to swap in the full path to the target file, the administrator e-mail address, and so forth. See this example:
Whoops! It looks like you’re having trouble accessing [Original File Path]. Please click Request Assistance to send [Admin Email] a help request e-mail message. Thanks!
You should find that your users prefer these human-readable, informative error messages to the cryptic, non-descript error dialogs they are accustomed to dealing with.
The Enable access-denied assistance on client for all file types policy should be enabled to force client computers to participate in Access-Denied Assistance. Again, you must make sure to target your GPO scope accordingly to 鈥渉it鈥?your domain workstations as well as your Windows Server 2012 file servers.
Testing the configuration
This should come as no surprise to you, but Access-Denied Assistance works only with Windows Server 2012 and Windows 8 computers. More specifically, you must enable the Desktop Experience feature on your servers to see Access-Denied Assistance messages on server computers.
When a Windows 8 client computer attempts to open a file to which the user has no access, the custom Access-Denied Assistance message should appear:
If the user clicks Request Assistance in the Network Access dialog box, they see a secondary message:
At the end of this process, the administrator(s) will receive an e-mail message that contains
the key information they need in order to resolve the access problem: The user’s Active Directory identity
The full path to the problematic file
A user-generated explanation of the problem
So that’s it, friends! Access-Denied Assistance presents Windows systems administrators with an easy-to-manage method for more efficiently resolving user access problems on shared file system resources. Of course, the key caveat is that your file servers must run Windows Server 2012 and your client devices must run Windows 8, but other than that, this is a great technology that should save admins extra work and end-users extra headaches.
Reference: http: //4sysops. com/archives/access-denied-assistance-in-windows-server- 2012/
Question No: 10 HOTSPOT – (Topic 1)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has two network adapters and is located in a perimeter network.
You need to install the RIP version 2 routing protocol on Server1. Which node should you use to add the RIP version 2 routing protocol? To answer, select the appropriate node in the answer area.
100% Ensurepass Free Download!
–Download Free Demo:70-411 Demo PDF
100% Ensurepass Free Guaranteed!
–Download 2018 EnsurePass 70-411 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|