Administering Windows Server 2012 v29.0

Page:    1 / 17   
Total 249 questions Expand All

Your network contains two Active Directory domains named contoso.com and adatum.com.
The network contains a server named Server1 that runs Windows Server 2012 R2. Server1
has the DNS Server server role installed. Server1 has a copy of the contoso.com DNS
zone.
You need to configure Server1 to resolve names in the adatum.com domain. The solution
must meet the following requirements:
Prevent the need to change the configuration of the current name servers that host zones
for adatum.com. Minimize administrative effort.
Which type of zone should you create?

  • A. Secondary
  • B. Stub
  • C. Reverse lookup
  • D. Primary


Answer : B

Explanation: When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone. This DNS server must have network access to the remote DNS server to copy the authoritative name server information about the zone. is a copy of a zone that contains only necessary resource records (Start of Authority (SOA), Name Server (NS), and Address/Host (A) record) in the master zone and acts as a pointer to the authoritative name server. The stub zone allows the server to forward queries to the name server that is authoritative for the master zone without going up to the root name servers and working its way down to the server. While a stub zone can improve performance, it does not provide redundancy or load sharing.

You can use stub zones to: Keep delegated zone information current. By updating a stub zone for one of its child zones regularly, the DNS server that hosts both the parent zone and the stub zone will maintain a current list of authoritative DNS servers for the child zone. Improve name resolution. Stub zones enable a DNS server to perform recursion using the stub zone's list of name servers, without having to query the Internet or an internal root server for the DNS namespace. Simplify DNS administration. By using stub zones throughout your DNS infrastructure, you can distribute a list of the authoritative DNS servers for a zone without using secondary zones. However, stub zones do not serve the same purpose as secondary zones, and they are not an alternative for enhancing redundancy and load sharing. There are two lists of DNS servers involved in the loading and maintenance of a stub zone: The list of master servers from which the DNS server loads and updates a stub zone. A master server may be a primary or secondary DNS server for the zone. In both cases, it will have a complete list of the DNS servers for the zone. The list of the authoritative DNS servers for a zone. This list is contained in the stub zone using name server (NS) resource records. When a DNS server loads a stub zone, such as widgets. tailspintoys.com, it queries the master servers, which can be in different locations, for the necessary resource records of the authoritative servers for the zone widgets. tailspintoys.com. The list of master servers may contain a single server or multiple servers, and it can be changed anytime. References: http: //technet.microsoft.com/en-us/library/cc771898.aspx http: //technet.microsoft.com/en-us/library/cc754190.aspx http: //technet.microsoft.com/en-us/library/cc730980.aspx

Question discussion

You have a server named Server1 that has the Web Server (IIS) server role installed.
You obtain a Web Server certificate.
You need to configure a website on Server1 to use Secure Sockets Layer (SSL).
To which store should you import the certificate? To answer, select the appropriate store in
the answer area.




Answer :

Explanation:

http: //technet.microsoft.com/en-us/library/cc740068(v=ws.10).aspx When you enable secure communications (SSL and TLS) on an Internet Information Services (IIS) computer, you must first obtain a server certificate. If it is a Self-Signed certificate, it only can be used on the local server machine. If it is a public certificate, you'll need to download the CA root certificate of the certificate and install the CA root certificate into the Trusted Root Certificate Authorities store. Root certificates provide a level of trust that certificates that are lower in the hierarchy can inherit. Each certificate is inspected for a parent certificate until the search reaches the root certificate. For more information about certificate, please refer to: References: http: //technet.microsoft.com/en-us/library/cc700805.aspx http: //support.microsoft.com/kb/232137/en-us http: //www.sqlservermart.com/HowTo/Windows_Import_Certificate.aspx http: //msdn.microsoft.com/en-us/library/windows/hardware/ff553506%28v=vs.85%29.aspx http: //www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis http: //support.microsoft.com/kb/299875/en-us http: //technet.microsoft.com/en-us/library/dd163531.aspx http: //blogs.msdn.com/b/mosharaf/archive/2006/10/30/using-test-certificate-with-reporting- services-2005-to-establish-ssl-connection.aspx

Question discussion

Your network contains two DNS servers named Server1 and Server2 that run Windows
Server 2012 R2. Server1 hosts a primary zone for contoso.com. Server2 hosts a
secondary zone for contoso.com.
You need to ensure that Server2 replicates changes to the contoso.com zone every five
minutes.
Which setting should you modify in the start of authority (SOA) record?

  • A. Retry interval
  • B. Expires after
  • C. Minimum (default) TTL
  • D. Refresh interval


Answer : D

Explanation: By default, the refresh interval for each zone is set to 15 minutes. The refresh interval is used to determine how often other DNS servers that load and host the zone must attempt to renew the zone.

Question discussion

Your network contains an Active Directory domain named contoso.com.
You have several Windows PowerShell scripts that execute when users log on to their
client computer.
You need to ensure that all of the scripts execute completely before the users can access
their desktop.
Which setting should you configure? To answer, select the appropriate setting in the
answer area.




Answer :

Explanation:

http: //technet. microsoft. com/en-us/library/cc738773(v=ws. 10). aspx Run logon scripts synchronously Directs the system to wait for logon scripts to finish running before it starts the Windows Explorer interface program and creates the desktop. If you enable this policy, Windows Explorer does not start until the logon scripts have finished running. This setting assures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop. If you disable this policy or do not configure it, the logon scripts and Windows Explorer are not synchronized and can run simultaneously.

Question discussion

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the
File Server Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder
on Server1, an email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS
permissions for Folder1.
You need to ensure that when a user receives an access-denied message while attempting
to access Folder1, an email notification is sent to a distribution list named DL2. The
solution must not prevent DL1 from receiving notifications about other access-denied
messages.
What should you do?

  • A. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share - Advanced option.
  • B. From the File Server Resource Manager console, modify the Access-Denied Assistance settings.
  • C. From the File Server Resource Manager console, modify the Email Notifications settings.
  • D. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share -Applications option.


Answer : A

Reference: http://technet.microsoft.com/en-us/library/jj574182.aspx#BKMK_12 Explanation: When using the email model each of the file shares, you can determine whether access requests to each file share will be received by the administrator, a distribution list that represents the file share owners, or both. The owner distribution list is configured by using the SMB Share Advanced file share profile in the New Share Wizard in Server Manager.

Question discussion

Your network contains an Active Directory domain named adatum.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2. Server1 is
configured as a Network Policy Server (NPS) server and as a DHCP server.
You need to log all DHCP clients that have windows Firewall disabled.
Which three actions should you perform in sequence? To answer, move the three
appropriate actions from the list of actions to the answer area and arrange them in the
correct order.




Answer :

Explanation:

References: http: //technet.microsoft.com/es-es/library/dd314198%28v=ws.10%29.aspx http: //technet.microsoft.com/es-es/magazine/2009.05.goat.aspx http: //technet.microsoft.com/es-es/library/dd314173%28v=ws.10%29.aspx http: //ripusudan.wordpress.com/2013/03/19/how-to-configure-nap-enforcement-for-dhcp/ http: //technet.microsoft.com/es-es/magazine/2009.05.goat.aspx http: //technet.microsoft.com/en-us/library/dd125379%28v=ws.10%29.aspx http: //technet.microsoft.com/en-us/library/cc772356%28v=ws.10%29.aspx
* With NPS, you can create client health policies using SHVs that allow NAP to detect, enforce, and remediate client computer configurations. WSHA and WSHV provide the following functionality for NAP-capable computers: The client computer has firewall software installed and enabled. * Example measurements of health include: The operational status of Windows Firewall. Is the firewall enabled or disabled? In NAP terminology, verifying that a computer meets your defined health requirements is called health policy validation. NPS performs health policy validation for NAP.

Question discussion

Your network contains an Active Directory domain named contoso.com.
All DNS servers host a DNS zone named adatum.com. The adatum.com zone is not Active
Directory-integrated.
An administrator modifies the start of authority (SOA) record for the adatum.com zone.
After the modification, you discover that when you add or modify DNS records in the
adatum.com zone, the changes are not transferred to the DNS servers that host secondary
copies of the adatum.com zone.
You need to ensure that the records are transferred to all the copies of the adatum.com
zone.
What should you modify in the SOA record for the adatum.com zone?
To answer, select the appropriate setting in the answer area.




Answer :

Explanation:

When a DNS server receives an update through Active Directory replication: If the serial number of the replicated record is higher than the serial number in the SOA record of the local copy of the zone, the local zone serial number is set to the serial number in the replicated record. Note Each DNS record in the zone has a copy of the zone serial number at the time when the record was last modified. If the serial number of the replicated record is the same or lower than the local serial number, and if the local DNS server is configured not to allow zone transfer of the zone, the local zone serial number is not changed. If the serial number of the replicated record is the same or lower than the local zone serial number, if the DNS server is configured to allow a zone transfer of the zone, and if the local zone serial number has not been changed since the last zone transfer occurred to a remote DNS server, then the local zone serial number will be incremented. Otherwise that is if a copy of the zone with the current local zone serial number has not been transferred to a remote DNS server, the local zone serial number is not changed.

Question discussion

Your network contains an Active Directory forest named contoso.com. The forest contains
a Network Policy Server (NPS) server named NPS1 and a VPN server named VPN1.
VPN1 forwards all authentication requests to NPS1.
A partner company has an Active Directory forest named adatum.com. The adatum.com
forest contains an NPS server named NPS2.
You plan to grant users from adatum.com VPN access to your network.
You need to authenticate the users from adatum.com on VPN1.
What should you create on each NPS server?
To answer, drag the appropriate objects to the correct NPS servers. Each object may be
used once, more than once, or not at all. You may need to drag the split bar between
panes or scroll to view content.




Answer :

Question discussion

Your network contains an Active Directory domain named contoso.com. The domain
contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced
GPOs.
A network administrator accidentally deletes the Default Domain Policy GPO.
You do not have a backup of any of the GPOs.
You need to recreate the Default Domain Policy GPO.
What should you use?

  • A. Dcgpofix
  • B. Get-GPOReport
  • C. Gpfixup
  • D. Gpresult
  • E. Gpedit. msc
  • F. Import-GPO
  • G. Restore-GPO
  • H. Set-GPInheritance
  • I. Set-GPLink
  • J. Set-GPPermission K. Gpupdate L. Add-ADGroupMember


Answer : A

Explanation: Dcgpofix Restores the default Group Policy objects to their original state (that is, the default state after initial installation). Reference: http: //technet. microsoft. com/en-us/library/hh875588(v=ws. 10). aspx

Question discussion

You have a server named Server4 that runs Windows Server 2012 R2. Server4 has the
Windows Deployment Services server role installed.
Server4 is configured as shown in the exhibit. (Click the Exhibit button.)


To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.




Answer :

Question discussion

Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2 and has the Network
Policy Server role service installed.
An administrator creates a RADIUS client template named Template1.
You create a RADIUS client named Client1 by using Template 1.
You need to modify the shared secret for Client1.
What should you do first?

  • A. Configure the Advanced settings of Template1.
  • B. Set the Shared secret setting of Template1 to Manual.
  • C. Clear Enable this RADIUS client for Client1.
  • D. Clear Select an existing template for Client1.


Answer : D

Explanation: Clear checkmark for Select an existing template in the new client wizard. In New RADIUS Client, in Shared secret, do one of the following: Bullet Ensure that Manual is selected, and then in Shared secret, type the strong password that is also entered on the RADIUS client. Retype the shared secret in Confirm shared secret.

Question discussion

Your network contains an Active Directory domain named contoso.com.
You need to install and configure the Web Application Proxy role service.
What should you do?

  • A. Install the Active Directory Federation Services server role and the Remote Access server role on different servers.
  • B. Install the Active Directory Federation Services server role and the Remote Access server role on the same server.
  • C. Install the Web Server (IIS) server role and the Application Server server role on the same server.
  • D. Install the Web Server (IIS) server role and the Application Server server role on different servers.


Answer : A

Explanation: Web Application Proxy is a new Remote Access role service in Windows Server 2012 R2.

Question discussion

Your network contains an Active Directory forest. The forest contains two domains named
contoso.com and fabrikam.com. All of the DNS servers in both of the domains run
Windows Server 2012 R2.
The network contains two servers named Server1 and Server2. Server1 hosts an Active
Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated
zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link.
Client computers that connect to Server1 for name resolution cannot resolve names in
fabnkam.com.
You need to configure Server1 to support the resolution of names in fabnkam.com. The
solution must ensure that users in contoso.com can resolve names in fabrikam.com if the
WAN link fails.
What should you do on Server1?

  • A. Create a stub zone.
  • B. Add a forwarder.
  • C. Create a secondary zone.
  • D. Create a conditional forwarder.


Answer : C

Explanation: http: //technet. microsoft. com/en-us/library/cc771898. aspx When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone. With secondary, you have ability to resolve records from the other domain even if its DNS servers are temporarily unavailable. While secondary zones contain copies of all the resource records in the corresponding zone on the master name server, stub zones contain only three kinds of resource records: A copy of the SOA record for the zone. Copies of NS records for all name servers authoritative for the zone. Copies of A records for all name servers authoritative for the zone. References: http: //www. windowsnetworking. com/articles-tutorials/windows-2003/DNS_Stub_Zones. html http: //technet. microsoft. com/en-us/library/cc771898. aspx http: //redmondmag. com/Articles/2004/01/01/The-Long-and-Short-of-Stub-Zones. aspx?Page=2

Question discussion

Your network contains an Active Directory domain named contoso.com. All domain
controllers run Windows Server 2012 R2.
In a remote site, a support technician installs a server named DC10 that runs Windows
Server 2012 R2. DC10 is currently a member of a workgroup.
You plan to promote DC10 to a read-only domain controller (RODC).
You need to ensure that a user named Contoso\User1 can promote DC10 to a RODC in
the contoso.com domain. The solution must minimize the number of permissions assigned
to User1.
What should you do?

  • A. From Active Directory Users and Computers, run the Delegation of Control Wizard on the contoso.com domain object.
  • B. From Active Directory Administrative Center, pre-create an RODC computer account.
  • C. From Ntdsutil, run the local roles command.
  • D. Join DC10 to the domain. Run dsmod and specify the /server switch.


Answer : B

Explanation: A staged read only domain controller (RODC) installation works in two discrete phases: 1. Staging an unoccupied computer account 2. Attaching an RODC to that account during promotion Reference: Install a Windows Server 2012 R2 Active Directory Read-Only Domain Controller (RODC)

Question discussion

Your company has a main office and two branch offices. The main office is located in New
York. The branch offices are located in Seattle and Chicago.
The network contains an Active Directory domain named contoso.com. An Active Directory
site exists for each office. Active Directory site links exist between the main office and the
branch offices. All servers run Windows Server 2012 R2.
The domain contains three file servers. The file servers are configured as shown in the
following table.


You implement a Distributed File System (DFS) replication group named ReplGroup.
ReplGroup is used to replicate a folder on each file server. ReplGroup uses a hub and
spoke topology. NYC-SVR1 is configured as the hub server.
You need to ensure that replication can occur if NYC-SVR1 fails.
What should you do?

  • A. Create an Active Directory site link bridge.
  • B. Create an Active Directory site link.
  • C. Modify the properties of Rep1Group.
  • D. Create a connection in Rep1Group.


Answer : D

Explanation: Unsure about this answer. D:

A: The Bridge all site links option in Active Directory must be enabled. (This option is available in the Active Directory Sites and Services snap-in.) Turning off Bridge all site links can affect the ability of DFS to refer client computers to target computers that have the least expensive connection cost. An Intersite Topology Generator that is running Windows Server 2003 relies on the Bridge all site links option being enabled to generate the intersite cost matrix that DFS requires for its site-costing functionality. If you turn off this option, you must create site links between the Active Directory sites for which you want DFS to calculate accurate site costs. Any sites that are not connected by site links will have the maximum possible cost. For more information about site link bridging, see Active Directory Replication Topology Technical Reference.
Reference: http: //faultbucket. ca/2012/08/fixing-a-dfsr-connection-problem/ http: //faultbucket. ca/2012/08/fixing-a-dfsr-connection-problem/ http: //technet. microsoft. com/en-us/library/cc771941. aspx

Question discussion

Page:    1 / 17   
Total 249 questions Expand All

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us