Q1. You are a network administrator of an Active Directory domain named contoso.com. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server server role and the Network Policy Server role service installed. You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1. You need to create a DHCP policy that willApply to all of the NAP non-compliant DHCP clients. Which criteria should you specify when you create the DHCP policy?
A. The relay agent information
B. The client identifier
C. The vendor class
D. The user class
ANSWER: D. The user class.
Q2. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed. An administrator creates a RADIUS client template named Template1. You create a RADIUS client named Client1 by using Template1. You need to modify the shared secret for Client1. What should you do first?
A. Configure the Advanced settings of Template1.
B. Set the Shared secret setting of Template1 to Manual.
C. Clear Enable this RADIUS client for Client1.
D. Clear Select an existing template for Client1
A. The relay agent information
B. The client identifier
C. The vendor class
D. The user class
ANSWER: D. The user class.
Q2. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed. An administrator creates a RADIUS client template named Template1. You create a RADIUS client named Client1 by using Template1. You need to modify the shared secret for Client1. What should you do first?
A. Configure the Advanced settings of Template1.
B. Set the Shared secret setting of Template1 to Manual.
C. Clear Enable this RADIUS client for Client1.
D. Clear Select an existing template for Client1
ANSWER: A. Clear Select an existing template.
Q3. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed.
Server1 stores update files locally in C:\Updates.
You need to change the location in which the update files are stored to D:\Updates.
What should you do?
A. From the Update Services console, run the Windows Server Update Services Configuration Wizard.You need to change the location in which the update files are stored to D:\Updates.
What should you do?
B. From a command prompt, run wsusutil.exe and specify the movecontent parameter.
C. From the Update Services console, configure the Update Files and Languages option.
D. From a command prompt, run wsusutil.exe and specify the export parameter
ANSWER: B. From a command prompt, run wsusutil.exe and specify the movecontent parameter.
Q4. Your network contains four Network Policy Server (NPS) servers named Server1, Server2, Servers, and Server4. Server1 is configured as a RADIUS proxy that forwards connection requests to a remote RADIUS server group named Group1.You need to ensure that Server2 and Server3 receive connection requests. Server4 must only receive connection requests if both Server2 and Server3 are unavailable. How should you configure Group1?
A. Change the Weight of Server4 to 10.
B. Change the Weight of Server2 and Server3 to 10.
C. Change the Priority of Server2 and Server3 to 10.
D. Change the Priority of Server4 to 10.
ANSWER: D. Change the Priority of Server4 to 10.
A. Change the Weight of Server4 to 10.
B. Change the Weight of Server2 and Server3 to 10.
C. Change the Priority of Server2 and Server3 to 10.
D. Change the Priority of Server4 to 10.
ANSWER: D. Change the Priority of Server4 to 10.
Q5. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a server named Server1 that has the Network Policy Server server role and the Remote Access server role installed. The domain contains a server named Server2 that is configured as a RADIUS server.
Server1 provides VPN access to external users. You need to ensure that all of the VPN connections to Server1 are logged to the RADIUS server on Server2.
What should you run?
A. Add-RemoteAccessRadius -ServerNameServer1 -AccountingOnOffMsg Enabled – SharedSecret “Secret” -Purpose Accounting
B. Set-RemoteAccessAccounting -AccountingOnOffMsg Enabled -AccountingOnOffMsg Enabled
C. Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled –
SharedSecret “Secret” -Purpose Accounting
D. Set-RemoteAccessAccounting -EnableAccountingType Inbox -AccountingOnOffMsg Enabled
ANSWER: C. Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled – SharedSecret “Secret” -Purpose Accounting
Q6. Your network contains two Active Directory forests named adatum.com and contoso.com. The network contains three servers. The servers are configured as shown in the following table:
Server1 provides VPN access to external users. You need to ensure that all of the VPN connections to Server1 are logged to the RADIUS server on Server2.
What should you run?
A. Add-RemoteAccessRadius -ServerNameServer1 -AccountingOnOffMsg Enabled – SharedSecret “Secret” -Purpose Accounting
B. Set-RemoteAccessAccounting -AccountingOnOffMsg Enabled -AccountingOnOffMsg Enabled
C. Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled –
SharedSecret “Secret” -Purpose Accounting
D. Set-RemoteAccessAccounting -EnableAccountingType Inbox -AccountingOnOffMsg Enabled
ANSWER: C. Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled – SharedSecret “Secret” -Purpose Accounting
Q6. Your network contains two Active Directory forests named adatum.com and contoso.com. The network contains three servers. The servers are configured as shown in the following table:
You need to ensure that connection requests from adatum.com users are forwarded to Server2 and connection requests from contoso.com users are forwarded to Server3.
Which two should you configure in the connection request policies on Server1? (Each correct answer presents part of the solution. Choose two.)
A. The Authentication settings.B. The Standard RADIUS Attributes settings.
C. The Location Groups condition.
D. The Identity Type condition.
E. The User Name condition.
ANSWER: AE. The Authentication settings + The User Name condition.
Q7. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8 Enterprise.
You implement a Group Policy central store.
You have an application named App1. App1 requires that a custom registry setting be deployed to all of the computers.
You need to deploy the custom registry setting. The solution must minimize administrator effort.
What should you configure in a Group Policy object (GPO)?
A. The Administrative Templates
B. An application control policy
C. The Group Policy preferences
D. Software installation setting
A. The Administrative Templates
B. An application control policy
C. The Group Policy preferences
D. Software installation setting
ANSWER: C. The Group Policy Preferences
Q8. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the following role services installed:
- DirectAccess and VPN (RRAS)
- Network Policy Server
Remote users have client computers that run either Windows XP, Windows 7, or Windows 8. You need to ensure that only the client computers that run Windows 7 or Windows 8 can establish VPN connections to Server1. What should you configure on Server1?
A. A vendor-specific RADIUS attribute of a Network Policy Server (NPS) connection request policy
B. A condition of a Network Policy Server (NPS) network policy
C. A condition of a Network Policy Server (NPS) connection request policy
D. A constraint of a Network Policy Server (NPS) network policy
ANSWER: B. A condition of a Network Policy Server (NPS) network policy.
Q9. Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2.
You have a Password Settings object (PSOs) named PSO1.
You need to view the settings of PSO1.
Which tool should you use?
A. Group Policy ManagementB. Server Manager
C. Get-ADAccountResultantPasswordReplicationPolicy
D. Active Directory Administrative Center
ANSWER: D. Active Directory Administrative Center.
Q10. Your network contains two Active Directory forests named contoso.com and dev.contoso.com. The contoso.com forest contains a domain controller named DC1. The dev.contoso.com forest contains a domain controller named DC2. Each domain contains an organizational unit (OU) named OU1. Dev.contoso.com has a Group Policy object (GPO) named GPO1. GPO1 contains 200 settings, including several settings that have network paths. GPO1 is linked to OU1.You need to copy GPO1 from dev.contoso.com to contoso.com.What should you do first on DC2?
A. From the Group Policy Management console, right-click GPO1 and select Copy.
B. Run the mtedit.exe command and specify the /Domain:contoso.com /DC:DC1 parameter.
C. Run the Save-NetGpo cmdlet.
D. Run the Backup-Gpo cmdlet.ANSWER: A. From the Group Policy Management console, right-click GPO1 and select Copy.
Q11. Your network contains an Active Directory domain named contoso.com. All user accounts reside in an organizational unit (OU) named OU1. You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user. You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop. You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again. What should you do?
A. Enforce GPO1.
B. Modify the Link1 shortcut preference of GPO1.
C. Enable loopback processing in GPO1.
D. Modify the Security Filtering settings of GPO1.
A. Enforce GPO1.
B. Modify the Link1 shortcut preference of GPO1.
C. Enable loopback processing in GPO1.
D. Modify the Security Filtering settings of GPO1.
ANSWER: B. Modify the Link1 shortcut preference of GPO1.
Q12. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the File Server Resource Manager role service installed.
You configure a quota threshold as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that a user named User1 receives an email notification when the threshold is exceeded. What should you do?
A. Create a performance counter alert.
B. Create a classification rule.
B. Create a classification rule.
C. Modify the members of the Performance Log Users group.
D. Configure the File Server Resource Manager Options.
ANSWER: D. Configure the File Server Resource Manager Options.
Q13. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Deployment Services server role installed.
Server1 contains two boot images and four install images.
You need to ensure that when a computer starts from PXE, the available operating system images appear in a specific order.
What should you do?
A. Modify the properties of the boot images. B. Create a new image group.
C. Modify the properties of the install images.
D. Modify the PXE Response Policy.
ANSWER: C. Modify the properties of the install images.
Q14. You have a server named Server4 that runs Windows Server 2012 R2. Server4 has the Windows Deployment Services server role installed.
Server4 is configured as shown in the exhibit. (Click the Exhibit button.)To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
ANSWER: x64 client computers can use either X86 / x64 Images. Highest Priority means lower value (therefore value 10 means higher preference than 100).
Q15. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts a processor-intensive application named App1. Users report that App1 responds more slowly than expected.You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1.
Which performance object should you monitor on Server1?
Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts a processor-intensive application named App1. Users report that App1 responds more slowly than expected.You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1.
Which performance object should you monitor on Server1?
A. Processor
B. Hyper-V Hypervisor Virtual Processor
C. Hyper-V Hypervisor Logical Processor
D. Hyper-V Hypervisor Root Virtual Processor
E. Process
ANSWER: C. Hyper-V Hypervisor Logical Processor
B. Hyper-V Hypervisor Virtual Processor
C. Hyper-V Hypervisor Logical Processor
D. Hyper-V Hypervisor Root Virtual Processor
E. Process
ANSWER: C. Hyper-V Hypervisor Logical Processor
Q16. You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed.
You have a desktop computer that has the following configuration:
- Computer name: Computer1
- Operating system: Windows 8
- MAC address: 20-CF-30-65-D0-87
- GUID: 979708BF-C04B-4525-9FE0-C4150BB6C618
You need to configure a pre-staged device for Computer1 in the Windows Deployment Services console.
Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.)
A. 20CF3065D08700000000000000000000
B. 979708BFC04B45259FE0C4150BB6C618
C. 979708BF-C04B-452S-9FE0-C4150BB6C618
D. 0000000000000000000020CF306SD087
E. 00000000-0000-0000-0000-C41S0BB6C618
- Computer name: Computer1
- Operating system: Windows 8
- MAC address: 20-CF-30-65-D0-87
- GUID: 979708BF-C04B-4525-9FE0-C4150BB6C618
You need to configure a pre-staged device for Computer1 in the Windows Deployment Services console.
Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.)
A. 20CF3065D08700000000000000000000
B. 979708BFC04B45259FE0C4150BB6C618
C. 979708BF-C04B-452S-9FE0-C4150BB6C618
D. 0000000000000000000020CF306SD087
E. 00000000-0000-0000-0000-C41S0BB6C618
ANSWER: CD. MAC address preceded with twenty zeros + GUID
Q17. You have a server named Server1 that runs Windows Server 2012. An administrator creates a quota as shown in the Quota exhibit. 
You run the dir command as shown in the dir exhibit.
You need to ensure that D:\Folder1 can only consume 100 MB of disk space. What should you do?
A. From File Server Resource Manager, create a new quota.
B. From File Server Resource Manager, edit the existing quota.
C. From the Services console, set the Startup Type of the Optimize drives service to Automatic.
D. From the properties of drive D, enable quota management.
ANSWER: A. From File Server Resource Manager, create a new quota.
Q18. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012. The functional level of both the domain and the forest is Windows Server 2008 R2. The domain contains a domain-based Distributed File System (DFS) namespace that is configured as shown in the exhibit. (Click the Exhibit button.)
You need to enable access-based enumeration on the DFS namespace. What should you do first?
A. Raise the domain functional level.
B. Raise the forest functional level.
C. Install the File Server Resource Manager role service on Server3 and Server5.
D. Delete and recreate the namespace.
ANSWER: D. Delete and recreate the namespace.
Q19. Your company has a main office and two branch offices. The main office is located in New York. The branch offices are located in Seattle and Chicago. The network contains an Active Directory domain named contoso.com. An Active Directory site exists for each office. Active Directory site links exist between the main office and the branch offices. All servers run Windows Server 2012.
The domain contains three file servers. The file servers are configured as shown in the following table.
You implement a Distributed File System (DFS) replication group named Rep1Group. Rep1Group is used to replicate a folder on each file server. Rep1Group uses a hub and spoke topology.
NYC-SVR1 is configured as the hub server. You need to ensure that replication can occur if NYC-SVR1 fails. What should you do?
A. Create an Active Directory site link bridge.
B. Create an Active Directory site link.
C. Modify the properties of Rep1Group.
D. Create a connection in Rep1Group.
ANSWER: D. Create a connection in Rep1Group.
Q20. Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Server1 and 10 web servers. All of the web servers are in an organizational unit (OU) named WebServers_OU. All of the servers run Windows Server 2012. On Server1, you need to collect the error events from all of the web servers. The solution must ensure that when new web servers are added to WebServers_OU, their error events are collected automatically on Server1. What should you do?
A. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.
B. On Server1, create a source computer initiated subscription. From a Group Policy object
(GPO), configure the Configure forwarder resource usage setting.
C. On Server1, create a collector initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.
D. On Server1, create a collector initiated subscription. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.
ANSWER: A. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.
Q21. You have Windows Server 2012 R2 installation media that contains a file named Install.wim. You need to identify the permissions of the mounted images in Install.wim. What should you do?
A. Run dism.exe and specify the /get-mountedwiminfo parameter.
B. Run imagex.exe and specify the /verify parameter.
C. Run imagex.exe and specify the /ref parameter.
D. Run dism.exe and specify the/get-imageinfo parameter.
ANSWER: A. Run dism.exe and specify the /get-mountedwiminfo parameter.
Q22. You have Windows Server 2012 R2 installation media that contains a file named Install.wim.
You need to identify which images are present in Install.wim.
What should you do?
A. Run imagex.exe and specify the/verify parameter.B. Run imagex.exe and specify the /ref parameter.
C. Run dism.exe and specify the /get-mountedwiminfo parameter.
D. Run dism.exe and specify the /get-imageinfo parameter.
ANSWER: D. Run dism.exe and specify the /get-imageinfo parameter.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder 1.
You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?
A. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share - Advanced option.
B. From the File Server Resource Manager console, modify the Access-Denied Assistance settings.
C. From the File Server Resource Manager console, modify the Email Notifications settings.
D. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share -Aplications option.
ANSWER: A. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share - Advanced option.
Q24. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder 1.
You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?
A. From File Explorer, modify the Classification tab of Folder1.
B. From the File Server Resource Manager console, modify the Email Notifications settings.
C. From the File Server Resource Manager console, set a folder management property.
D. From File Explorer, modify the Customize tab of Folder1.
ANSWER: C. From the File Server Resource Manager console, set a folder management property.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder 1.
You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?
A. From File Explorer, modify the Classification tab of Folder1.
B. From the File Server Resource Manager console, modify the Email Notifications settings.
C. From the File Server Resource Manager console, set a folder management property.
D. From File Explorer, modify the Customize tab of Folder1.
ANSWER: C. From the File Server Resource Manager console, set a folder management property.
Q25. Your network contains a Hyper-V host named Hyperv1. Hyperv1 runs Windows Server 2012 R2. Hyperv1 hosts four virtual machines named VM1, VM2, VM3, and VM4. All of the virtual machines run Windows Server 2008 R2. You need to view the amount of memory resources and processor resources that VM4 currently uses. Which tool should you use on Hyperv1?
A. Resource Monitor
B. Task Manager
C. Hyper-V Manager
D. Windows System Resource Manager (WSRM)
ANSWER: C. Hyper-V Manager
Q26. Your network contains and active Directory domain named contoso.com. The doman contains a server named Server1 that runs Windows Server 2012 R2 A local account named Admin1 is a member of the Administrators group on Server1.
You need to generate an audit event whenever Admin1 is denied access to a file or folder.
What should you run?
A. auditpol.exe /set/user:admin1 /failure:enable
B. auditpol.exe /set /user:admin1 /category:”detailed tracking” /failure:enable
C. auditpol.exe /resourcesacl /set /type:file /user:admin1 /failure
D. auditpol.exe /resourcesacl /set /type:keyauditpol.exe /resourcesacl /set /type: /access:ga
ANSWER: C . auditpol.exe /resourcesacl /set /type:file /user:admin1 /failure
Q27. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. All servers run Windows Server 2012 R2.
You need to collect the error events from all of the servers on Server1. The solution must ensure that when new servers are added to the domain, their error events are collected automatically on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. On Server1, create a collector initiated subscription.
B. On Server1, create a source computer initiated subscription.
C. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.
D. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.
ANSWER: BC. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.
Q28. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You have a Group Policy object (GPO) named GPO1 that contains hundreds of settings. GPO1 is linked to an organizational unit (OU) named OU1. OU1 contains 200 client computers.
You plan to unlink GPO1 from OU1.
You need to identify which GPO settings will be removed from the computers after GPO1 is unlinked from OU1.
Which two GPO settings should you identify? (Each correct answer presents part of the solution. Choose two.)
A. The managed Administrative Template settings
B. The unmanaged Administrative Template settings
C. The System Services security settings
D. The Event Log security settings
E. The Restricted Groups security settings
ANSWER: AD. The managed Administrative Template settings. The Event Log security settings
Q29. Your network contains an Active Directory domain named contoso.com. All user accounts reside in an organizational unit (OU) named OU1. All user accounts for the finance department reside in an organizational unit (OU) named OU2. You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU2. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user. You discover that when a user signs in, the Link1 is not added to the desktop.
You need to ensure that when a user signs in, Link1 is added to the desktop. What should you do?
ANSWER: D. Modify the Security Filtering settings of GPO1.
You need to ensure that when a user signs in, Link1 is added to the desktop. What should you do?
A. Enforce GPO1.
B. Modify the Link1 shortcut preference of GPO1.
C. Enable loopback processing in GPO1.
D. Modify the Security Filtering settings of GPO1.
ANSWER: D. Modify the Security Filtering settings of GPO1.
Q30. Your network contains an Active Directory domain named contoso.com. The domain contains client computers that run either Windows XP, Windows 7, or Windows 8. Network Policy Server (NPS) is deployed to the domain. You plan to create a system health validator (SHV). You need to identify which policy settings can be Applied to all of the computers. Which three policy settings should you identify? (Each correct answer presents part of the solution. Choose three.)
A. Antispyware is up to date.
B. Automatic updating is enabled.
C. Antivirus is up to date.
D. A firewall is enabled for all network connections.
E. An antispyware application is on.
ANSWER: B, C, D. Automatic updating is enabled. Antivirus is up to date. A firewall is enabled for all network connections.
Q31. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You create an Active Directory snapshot of DC1 each day. You need to view the contents of an Active Directory snapshot from two days ago. What should you do first?
A. Stop the Active Directory Domain Services (AD DS) service.
B. Run the ntdsutil.exe command. C. Run the dsamain.exe command.
D. Start the Volume Shadow Copy Service (VSS).
ANSWER: C. Dsamain command.
Q32. Your network contains an Active Drectory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You mount an Active Directory snapshot on DC1. You need to expose the snapshot as an LDAP server.
Which tool should you use?
A. LdpWhich tool should you use?
B. ADSI Edit
C. Dsamain
D. Ntdsutil
ANSWER: C. Dsamain.
Q33. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.
You need to enable trace logging for Network Policy Server (NPS) on Server1. Which tool should you use?
A. The tracert.exe command
You need to enable trace logging for Network Policy Server (NPS) on Server1. Which tool should you use?
A. The tracert.exe command
B. The Network Policy Server console
C. The Server Manager console
D. The netsh.exe command
ANSWER: D. The netsh.exe command (netsh ras...)
Q34. You have a server named Server1 that has the Web Server (IIS) server role installed. You obtain a Web Server certificate.
You need to configure a website on Server1 to use Secure Sockets Layer (SSL).
To which store should you import the certificate?
You need to configure a website on Server1 to use Secure Sockets Layer (SSL).
To which store should you import the certificate?
ANSWER: Certificates (Local Computer) =>Personal.
Q35. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 is a DNS server for contoso.com.
The properties of the contoso.com zone are configured as shown in the exhibit. (Click the Exhibit button.)
The properties of the contoso.com zone are configured as shown in the exhibit. (Click the Exhibit button.)
The domain contains a server named Server1 that is part of a workgroup named Workgroup. Server1 is configured to use DC1 as a DNS server. You need to ensure that Server1 dynamically registers a host (A) record in the contoso.com zone.
What should you configure?
A. The Dynamic updates setting of the contoso.com zone
B. The workgroup name of Server1
C. The primary DNS suffix of Server1
D. The Security settings of the contoso.com zone
ANSWER: C. The primary DNS suffix of Server1
Q36. The domain contains a server named Server1 that is part of a workgroup named Workgroup. Server1 is configured to use DC1 as a DNS server. You need to ensure that Server1 dynamically registers a host (A) record in the contoso.com zone.
What should you configure?
A. The Dynamic updates setting of the contoso.com zone B. The workgroup name of Server1
C. The primary DNS suffix of Server1
D. The Security settings of the contoso.com zone
ANSWER: C. The primary DNS suffix of Server1
Q37. Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers named DC1, DC2, DC3, DC4, DC5, and DC6. Each domain controller has the DNS Server server role installed and hosts an Active Directory-integrated zone for contoso.com. You plan to create a new Active Directory-integrated zone named litwareinc.com that will be used for testing.
You need to ensure that the new zone will be available only on DC5 and DC6.
What should you do first?
A. Create an application directory partition. B. Change the zone replication scope.
C. Create an Active Directory connection object.
D. Create an Active Directory site link.
ANSWER: A. Create an application directory partition
Q38. Your network contains a DNS server named Server1 that runs Windows Server 2012 R2. Server1 has a zone named contoso.com. The network contains a server named Server2 that runs Windows Server 2008 R2. Server1 and Server2 are members of an Active Directory domain named contoso.com. You change the IP address of Server2.
Several hours later, some users report that they cannot connect to Server2.
On the affected users’ client computers, you flush the DNS client resolver cache, and the users successfully connect to Server2.
You need to reduce the amount of time that the client computers cache DNS records from contoso.com.
Which value should you modify in the Start of Authority (SOA) record?
To answer, select the appropriate setting in the answer area.![clip_image001[54]](http://examgod.com/l2pimages/6aff33333266_8257/clip_image00154_thumb.jpg)
Q38. Your network contains a DNS server named Server1 that runs Windows Server 2012 R2. Server1 has a zone named contoso.com. The network contains a server named Server2 that runs Windows Server 2008 R2. Server1 and Server2 are members of an Active Directory domain named contoso.com. You change the IP address of Server2.
Several hours later, some users report that they cannot connect to Server2.
On the affected users’ client computers, you flush the DNS client resolver cache, and the users successfully connect to Server2.
You need to reduce the amount of time that the client computers cache DNS records from contoso.com.
Which value should you modify in the Start of Authority (SOA) record?
To answer, select the appropriate setting in the answer area.
ANSWER: TTL for this record.
![clip_image002[44]](http://examgod.com/l2pimages/6aff33333266_8257/clip_image00244_thumb.jpg)
Q39. You have a DNS server named Server1 that has a Server Core Installation on Windows Server 2012 R2.
You need to view the time-to-live (TTL) value of a name server (NS) record that is cached by the DNS Server service on Server1.
What should you run?
A. Show-DNSServerCache B. dnscacheugc.exe
C. ipconfig.exe /displaydns
D. nslookup.exe
ANSWER: A. Show-DNSServerCache
Q40. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed.
Server1 is configured to delete automatically the DNS records of client computers that are no longer on the network. A technician confirms that the DNS records are deleted automatically from the contoso.com zone.
You discover that the contoso.com zone has many DNS records for servers that were on the network in the past, but have not connected to the network for a long time.
You need to set the time stamp for all of the DNS records in the contoso.com zone.
What should you do?
A. From DNS Manager, modify the Advanced settings from the properties of Server1
B. From Windows PowerShell, run the Set-DnsServerResourceRecordAging cmdlet
C. From DNS Manager, modify the Zone Aging/Scavenging Properties
D. From Windows PowerShell, run the Set-DnsServerZoneAging cmdlet.
ANSWER: D. From Windows PowerShell, run the Set-DnsServerZoneAging cmdlet.
You discover that the contoso.com zone has many DNS records for servers that were on the network in the past, but have not connected to the network for a long time.
You need to set the time stamp for all of the DNS records in the contoso.com zone.
What should you do?
A. From DNS Manager, modify the Advanced settings from the properties of Server1
B. From Windows PowerShell, run the Set-DnsServerResourceRecordAging cmdlet
C. From DNS Manager, modify the Zone Aging/Scavenging Properties
D. From Windows PowerShell, run the Set-DnsServerZoneAging cmdlet.
ANSWER: D. From Windows PowerShell, run the Set-DnsServerZoneAging cmdlet.
Q41. You have a DNS server named Server1. Server1 has a primary zone named contoso.com. Zone Aging/ Scavenging is configured for the contoso.com zone. One month ago, an Administrator removed a server named Server2 from the network.
You discover that a static resource record for Server2 is present in contoso.com. Resource records for decommissioned client computers are removed automatically from contoso.com.
You need to ensure that the static resource records for all of the servers are removed automatically from contoso.com.
What should you modify?
A. The Security settings of the static resource recordsB. The Expires after value of contoso.com
C. The Record time stamp value of the static resource records
D. The time-to-live (TTL) value of the static resource records
ANSWER: C. The Record time stamp value of the static resource records
Q42. Your network contains an Active Directory domain named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.
You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. From the Remote Access Management Console, reload the configuration. Choose two.)
B. Add Server2 to a security group in Active Directory.
C. Restart the IPSec Policy Agent service on Server2.
D. From the Remote Access Management Console, modify the Infrastructure Servers settings.
E. From the Remote Access Management Console, modify the Application Servers settings.
ANSWER: BE. Add Server2 to a security group in Active Directory. From the Remote Access Management Console, modify the Application Servers settings.
Q43. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2.
You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that an entry is added to the event log whenever a local user account is created or deleted on Server1. What should you do?
A. In Servers GPO, modify the Advanced Audit Configuration settings.
B. On Server1, attach a task to the security log.
C. In Servers GPO, modify the Audit Policy settings.
D. On Server1, attach a task to the system log.
ANSWER: A. In Servers GPO, modify the Advanced Audit Configuration settings.
A. In Servers GPO, modify the Advanced Audit Configuration settings.
B. On Server1, attach a task to the security log.
C. In Servers GPO, modify the Audit Policy settings.
D. On Server1, attach a task to the system log.
ANSWER: A. In Servers GPO, modify the Advanced Audit Configuration settings.
Q44. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2.
You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.)
On Server1, you have a folder named C:\Share1 that is shared as Share1. Share1 contains confidential data. A group named Group1 has full control of the content in Share1. You need to ensure that an entry is added to the event log whenever a member of Group1 deletes a file in Share1. What should you configure?
A. the Audit File Share setting of Servers GPOB. the Sharingsettings of C:\Share1
C. the Audit File System setting of Servers GPO
D. the Security settings of C:\Share1
ANSWER: D. the Security settings of C:\Share1
Q45. Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2. The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link. Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com. You need to configure Server1 to support the resolution of names in fabrikam.com. The solution must ensure that users in contoso.com can resolve names in fabrikam.com if the WAN link fails.
What should you do on Server1?
A. Add a forwarder.
B. Create a stub zone.
C. Create a conditional forwarder.
D. Create a secondary zone.
ANSWER: D. Create a secondary zone.
Q46. Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2. The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link.
Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com. You need to configure Server1 to support the resolution of names in fabrikam.com. The solution must NOT require that changes be made to the fabrikam.com zone on Server2. What should you create?
A. A trust anchor
B. A stub zone.
C. A zone delegation
D. A secondary zone.
ANSWER: B. stub zone
Q47. Your network contains two Active Directory domains named contoso.com and adatum.com. The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed. Server1 has a copy of the contoso.com DNS zone. You need to configure Server1 to resolve names in the adatum.com domain.
The solution must meet the following requirements:
- Prevent the need to change the configuration of the current name servers that host zones for adatum.com.
- Minimize Administrative effort.
Which type of zone should you create?
A. PrimaryB. Secondary
C. Reverse lookup
D. Stub
ANSWER: D. Stub
Q48. Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone for contoso.com. The zone is not configure to notify secondary servers of changes automatically.
You update several records on Server1.
You need to force the replication of the contoso.com zone records from Server1 to Server2.
What should you do from Server2?
A. Right-click the contoso.com zone and click Reload.
B. Right-click the contoso.com zone and click Transfer from Master.
C. Right-click Server2 and click Update Server Data Files.
D. Right-click Server2 and click Refresh.
ANSWER: B. Right-click the contoso.com zone and click Transfer from Master.
Q49. Your company deploys a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. The forest contains a domain controller named DC10. On DC10; the disk that contains the SYSVOL folder fails. You replace the failed disk. You stop the Distributed File System (DFS) Replication service. You restore the SYSVOL folder. You need to perform a non-authoritative synchronization of SYSVOL on DC10. Which tool should you use before you start the DFS Replication service on DC10?
A. Dfsgui.msc
B. Dfsmgmt.msc
C. Adsiedit.msc
D. Ldp
ANSWER: C. Adsiedit.msc
Q50. You have a file server that has the File Server Resource Manager role service installed.
You open the File Server Resource Manager console as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that all of the folders in Folder1 have a 100-MB quota limit.
What should you do?
A. Run the Update FsrmQuotacmdlet.
B. Run the Update-FsrmAutoQuotacmdlet.
C. Create a new quota for Folder1.
D. Modify the quota properties of Folder1.
ANSWER: C. Create a new quota for Folder1.
Q51. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 P.2. Server1 has the Network Policy and Access Services server role installed.
Your company’s security policy requires that certificate-based authentication must be used by some network services.
You need to identify which Network Policy Server (NPS) authentication methods comply with the security policy.
Which two authentication methods should you identify? (Each correct answer presents part of the solution. Choose two.)
A. MS-CHAP
B. PEAP-MS-CHAP v2
C. Chap
D. EAP-TLS
E. MS-CHAP v2
ANSWER: BD. PEAP-MS-CHAP v2 y EAP-TLS.
Q52. Your network contains an Active Directory domain named contoso.com. The domain contains the users shown in the following table.
![clip_image001[114]](http://examgod.com/l2pimages/a3b10f87ca43_7A5F/clip_image001114_thumb.jpg "clip_image001[114]")
You have a Network Policy Server (NPS) server that has the network policies shown in the following table.
User1, User2, and User3 plan to connect to the network by using a VPN. You need to identify which network policy will apply to each user.
What should you identify?
To answer, select the appropriate policy for each user in the answer area.
![clip_image001[118]](http://examgod.com/l2pimages/a3b10f87ca43_7A5F/clip_image001118_thumb.jpg "clip_image001[118]")
![clip_image001[114]](http://examgod.com/l2pimages/a3b10f87ca43_7A5F/clip_image001114.jpg "clip_image001[114]")
You have a Network Policy Server (NPS) server that has the network policies shown in the following table.
User1, User2, and User3 plan to connect to the network by using a VPN. You need to identify which network policy will apply to each user.
What should you identify?
To answer, select the appropriate policy for each user in the answer area.
![clip_image001[118]](http://examgod.com/l2pimages/a3b10f87ca43_7A5F/clip_image001118.jpg "clip_image001[118]")
ANSWER:
User1 - Policy2
User2 - Policy1
User3 - Policy1
User1 - Policy2
User2 - Policy1
User3 - Policy1
Q53. Your network contains a single Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that hosts the primary DNS zone for contoso.com.
All servers dynamically register their host names.
You install three new Web servers that host identical copies of your company’s intranet website. The servers are configured as shown in the following table.
All servers dynamically register their host names.
You install three new Web servers that host identical copies of your company’s intranet website. The servers are configured as shown in the following table.
A. 1
B. 3
C. 4
D. 6
ANSWER: B. 3
Q54. You have a server that runs Windows Server 2012 R2. You have an offline image named Windows2012.vhd that contains an installation of Windows Server 2012 R2. You plan to apply several updates to Windows2012.vhd. You need to mount Windows2012.vhd to H:\. Which tool should you use?
A. Device Manager B. Diskpart
C. Mountvol
D. Server Manager
ANSWER: B. Diskpart
Q55. You have a server that runs Windows Server 2012 R2. You have an offline image named Windows2012.vhd that contains an installation of Windows Server 2012 R2. You plan to apply several updates to Windows2012.vhd. You need to mount Windows2012.vhd to D:\Mount. Which tool should you use?
A. Server Manager
B. Device Manager
C. Mountvol
D. Dism
ANSWER: D. Dism
Q56. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains two servers. The servers are configured as shown in the following table.
All client computers run Windows 8 Enterprise.
You plan to deploy Network Access Protection (NAP) by using IPSec enforcement. A Group Policy object (GPO) named GPO1 is configured to deploy a trusted server group to all of the client computers.
You need to ensure that the client computers can discover HRA servers automatically.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
All client computers run Windows 8 Enterprise.
You plan to deploy Network Access Protection (NAP) by using IPSec enforcement. A Group Policy object (GPO) named GPO1 is configured to deploy a trusted server group to all of the client computers.
You need to ensure that the client computers can discover HRA servers automatically.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. On DC1, create a service location (SRV) record.
B. On Server2, configure the EnableDiscovery registry key.
C. On all of the client computers, configure the EnableDiscovery registry key.
D. In a GPO, modify the Request Policy setting for the NAP Client Configuration.
E. On DC1, create an alias (CNAME) record.
B. On Server2, configure the EnableDiscovery registry key.
C. On all of the client computers, configure the EnableDiscovery registry key.
D. In a GPO, modify the Request Policy setting for the NAP Client Configuration.
E. On DC1, create an alias (CNAME) record.
ANSWER: ACD. DC1 (SRV) record; all client computers EnableDiscovery registry key; set GPO request policy NAP client configuration.
Q57. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains an Edge Server named Server1. Server1 is configured as a DirectAccess server. Server1 has the following settings:
![clip_image001[90]](http://examgod.com/l2pimages/894ac9351f42_79A5/clip_image00190_thumb.jpg "clip_image001[90]")
Your company uses split-brain DNS for the contoso.com zone. You run the Remote Access Setup wizard as shown in the following exhibit. (Click the Exhibit button.)
![clip_image001[90]](http://examgod.com/l2pimages/894ac9351f42_79A5/clip_image00190.jpg "clip_image001[90]")
Your company uses split-brain DNS for the contoso.com zone. You run the Remote Access Setup wizard as shown in the following exhibit. (Click the Exhibit button.)
![clip_image002[32]](http://examgod.com/l2pimages/894ac9351f42_79A5/clip_image00232.jpg "clip_image002[32]")
You need to ensure that client computers on the Internet can establish DirectAccess connections to Server1. Which additional name suffix entry should you add from the Remote Access Setup wizard?
A. A Name Suffix value of da1.contoso.com and a blank DNS Server Address value
B. A Name Suffix value of Server1.contoso.com and a DNS Server Address value of 65.55.37.62
C. A Name Suffix value of Server1.contoso.com and a blank DNS Server Address value
D. A Name Suffix value of dal.contoso.com and a DNS Server Address value of 65.55.37.62
ANSWER: A. A Name Suffix value of da1.contoso.com and a blank DNS Server Address value
Q58. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately.
The solution must minimize administrative effort.
Which tool should you use?
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately.
The solution must minimize administrative effort.
Which tool should you use?
A. The Secedit command
B. The Invoke-GpUpdate cmdlet
B. The Invoke-GpUpdate cmdlet
C. Group Policy Object Editor
D. Server Manager
D. Server Manager
ANSWER: B. The Invoke-GpUpdate cmdlet
Q60. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. You plan to use fine-grained password policies to customize the password policy settings of contoso.com. You need to identify to which Active Directory object types you can directly apply the fine-grained password policies. Which two object types should you identify? (Each correct answer presents part of the solution. Choose two.)
A. Users
B. Global groups
C. Computers
D. Universal groups
E. Domain local groups
B. Global groups
C. Computers
D. Universal groups
E. Domain local groups
ANSWER: AB. Users and Global groups.
Q61. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
You enable and configure Routing and Remote Access (RRAS) on Server1.
You create a user account named User1.
You need to ensure that User1 can establish VPN connections to Server1.
What should you do?
A. Add a RADIUS client.
B. Create a connection request policy.
C. Modify the members of the Remote Management Users group.
D. Modify the Dial-in setting of User1.
ANSWER: D. Modify the Dial-in setting of User1.
Q62. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
You enable and configure Routing and Remote Access (RRAS) on Server1.
You create a user account named User1.
You need to ensure that User1 can establish VPN connections to Server1.
What should you do?
A. Create a network policy.
B. Modify the members of the Remote Management Users group.
C. Create a connection request policy.
D. Add a RADIUS client.
ANSWER: A. Create a network policy.
Q63. You have a failover cluster that contains five nodes. All of the nodes run Windows Server 2012 R2. All of the nodes have BitLocker Drive Encryption (BitLocker) enabled.
You enable BitLocker on a Cluster Shared Volume (CSV).
You need to ensure that all of the cluster nodes can access the CSV.
Which cmdlet should you run next?
A. Unblock-Tpm
B. Add-BitLockerKeyProtector
C. Remove-BitLockerKeyProtector
D. Enable BitLockerAutoUnlock
ANSWER: B. Add-BitLockerKeyProtector
Q64. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the DHCP Server server role and the Network Policy Server role service installed. Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently provides the same Network Access Protection (NAP) settings to the three scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)
You need to configure Server1 to provide unique NAP enforcement settings to the NAP non- compliant DHCP clients from Scope1.
What should you create?
A. A connection request policy that has the Service Type condition
B. A connection request policy that has the Identity Type condition
C. A network policy that has the Identity Type condition
D. A network policy that has the MS-Service Class condition
ANSWER: D. A network policy that has the MS-Service Class condition
Q65. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server server role installed.
You need to allow connections that use 802.1x.
What should you create?
A. A network policy that uses Microsoft Protected EAP (PEAP) authentication
B. A network policy that uses EAP-MSCHAP v2 authentication
C. A connection request policy that uses EAP-MSCHAP v2 authentication
D. A connection request policy that uses MS-CHAP v2 authentication
ANSWER: C. A connection request policy that uses EAP-MSCHAP v2 authentication
All desktop computers in contoso.com run Windows 8 and are configured to use BitLocker Drive Encryption (BitLocker) on all local disk drives.
You need to deploy the Network Unlock feature. The solution must minimize the number of features and server roles installed on the network.
To which server should you deploy the feature?
A. Server1
B. Server2
C. Server3
D. Server4
E. Server5
ANSWER: E. WDS Server. Bitlocker will install WDS
Q67. Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named IT and a OU named Sales. All of the help desk user accounts are located in the IT CU. All of the sales user accounts are located in the Sales OU. The Sales OU contains a global security group named G_Sales. The IT OU contains a global security group named G_HelpDesk. You need to ensure that members of G_HelpDesk can perform the following tasks:
- Reset the passwords of the sales users.
- Force the sales users to change their password at their next logon.
What should you do?
A. Run the Set-ADFinecrainedPasswordPolicy cmdlet and specify the -identity parameter.
B. Right-click the Sales OU and select Delegate Control.
C. Right-click the IT OU and select Delegate Control.
D. Run the Set-ADAccountPassword cmdlet and specify the -identity parameter.
ANSWER: B. Right-click the Sales OU and select Delegate Control.
Q68. Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012 R2. The forest contains a single domain.
You create a Password Settings object (PSO) named PSO1.
You need to delegate the rights to apply PSO1 to the Active Directory objects in an organizational unit named OU1.
What should you do?
A. From Active Directory Users and Computers, run the Delegation of Control Wizard.
B. From Active Directory Administrative Center, modify the security settings of PSO1.
C. From Group Policy Management, create a Group Policy object (GPO) and link the GPO to OU1.
D. From Active Directory Administrative Center, modify the security settings of OU1.
ANSWER: B. From Active Directory Administrative Center, modify the security settings of PSO1. (PSOs cannot be applied to OUs directly).
You need to delegate the rights to apply PSO1 to the Active Directory objects in an organizational unit named OU1.
What should you do?
A. From Active Directory Users and Computers, run the Delegation of Control Wizard.
B. From Active Directory Administrative Center, modify the security settings of PSO1.
C. From Group Policy Management, create a Group Policy object (GPO) and link the GPO to OU1.
D. From Active Directory Administrative Center, modify the security settings of OU1.
ANSWER: B. From Active Directory Administrative Center, modify the security settings of PSO1. (PSOs cannot be applied to OUs directly).
Q69. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2. Both servers have the File and Storage Services server role, the DFS Namespace role service, and the DFS Replication role service installed. Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are connected by using a high-speed LAN connection.
You need to minimize the amount of processor resources consumed by DFS Replication.
What should you do?
A. Reduce the bandwidth usage.B. Disable Remote Differential Compression (RDC).
C. Modify the staging quota.
D. Modify the replication schedule.
ANSWER: B. Disable Remote Differential Compression (RDC)
Q70. You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2. Cluster1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
You configure a custom service on VM1 named Service1.
You need to ensure that VM1 will be moved to a different node if Service1 fails.
Which cmdlet should you run on Cluster1?
A. Add-ClusterVmMonitoredItem B. Add-ClusterGenericServiceRole
C. Set-ClusterResourceDependency
D. Enable VmResourceMetering
ANSWER: A. Add-ClusterVmMonitoredItem
Q71. Your network contains a Network Policy Server (NPS) server named Server1. The network contains a server named SQL1 that has Microsoft SQL Server 2008 R2 installed. All servers run Windows Server 2012 R2.
You configure NPS on Server1 to log accounting data to a database on SQL1.
You need to ensure that the accounting data is captured if SQL1 fails. The solution must minimize cost.
What should you do?
A. Implement Failover Clustering.
B. Implement database mirroring.
C. Run the Accounting Configuration Wizard.
D. Modify the SQL Server Logging properties.
ANSWER: C. Run the Accounting Configuration Wizard.
Q72. Your network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains a server named server1.contoso.com. The adatum.com forest contains a server named server2.adatum.com. Both servers have the Network Policy Server role service installed. The network contains a server named Server3. Server3 is located in the perimeter network and has the Network Policy Server role service installed.
You plan to configure Server3 as an authentication provider for several VPN servers.
You need to ensure that RADIUS requests received by Server3 for a specific VPN server are always forwarded to server1.contoso.com.
Which two should you configure on Server3? (Each correct answer presents part of the solution. Choose two.)
A. Network policies
B. Remote RADIUS server groups
C. Connection authorization policies
D. Remediation server groups
E. Connection request policies
ANSWER: BE. Connection request policies + Remote RADIUS server groups.
Q73. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named 0U1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in 0U1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.
Which tool should you use?
A. Server Manager
B. Active Directory Users and Computers
C. The Gpupdate command
D. Group Policy Management Console (GPMC)
ANSWER: D. Group Policy Management Console (GPMC)
Q74. Your network contains a RADIUS server named Server1.
You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed.
You need to ensure that all accounting requests for Server2 are forwarded to Server1.
On Server2, you configure a new remote RADIUS server group named Group1 that contains Server1.
What should you configure on Server2?
To answer, select the appropriate node in the answer area.
You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed.
You need to ensure that all accounting requests for Server2 are forwarded to Server1.
On Server2, you configure a new remote RADIUS server group named Group1 that contains Server1.
What should you configure on Server2?
To answer, select the appropriate node in the answer area.
ANSWER:
Policies=> Connection Request Policies
Policies=> Connection Request Policies
Q75. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed.
You need to configure Windows Server Update Services (WSUS) to support Secure Sockets Layer (SSL).
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. Run the wsusutil.exe command.
B. From Internet Information Services (IIS) Manager, modify the bindings of the WSUS website.
C. From Internet Information Services (IIS) Manager, modify the connection strings of the WSUS website.
D. Run the iisreset.exe command.
E. Install a server certificate.
ANSWER: ABE. Server certificate + wsusutil.exe + WSUS website BINDINGS.
Q76. Your network contains a single Active Directory domain named contoso.com. The domain contains a member server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Updates Services server role installed and is configured to download updates from the Microsoft Update servers.
You need to ensure that Server1 downloads express installation files from the Microsoft Update servers.
What should you do from the Update Services console?
A. From the Automatic Approvals options, configure the Update Rules settings.B. From the Products and Classifications options, configure the Classifications settings.
C. From the Products and Classifications options, configure the Products settings.
D. From the Update Files and Languages options, configure the Update Files settings.
ANSWER: D. From the Update Files and Languages options, configure the Update Files settings.
Q77. You have a file server named Server1 that runs Windows server 2012 R2. Server1 has the File Server Resource Manager role service installed. Files created by users in the human resources department are assigned the Department classification property automatically.
You are configuring a file management task named Task1 to remove user files that have not been accessed for 60 days or more. You need to ensure that Task1 only removes files that have a Department classification property of human resources. The solution must minimize administrative effort. What should you configure on Task1?
A. Configure a file screen.
B. Create a condition.
C. Create a classification rule
D. Create a custom action.
ANSWER: B. Create a condition.
You are configuring a file management task named Task1 to remove user files that have not been accessed for 60 days or more. You need to ensure that Task1 only removes files that have a Department classification property of human resources. The solution must minimize administrative effort. What should you configure on Task1?
A. Configure a file screen.
B. Create a condition.
C. Create a classification rule
D. Create a custom action.
ANSWER: B. Create a condition.
Q78. You have a server named Server1 that runs Windows Server 2012 R2. You create a custom Data Collector Set (DCS) named DCS1. You need to configure Server1 to start DCS1 automatically when the network usage exceeds 70 percent. Which type of data collector should you create?
A. A configuration data collector
B. A performance counter data collector
C. An event trace data collector
D. A performance counter alert
B. A performance counter data collector
C. An event trace data collector
D. A performance counter alert
ANSWER: D. A performance counter ALERT.
Q79. Your network contains a domain controller named DC1 that runs Windows Server 2012 R2. You create a custom Data Collector Set (DCS) named DCS1. You need to configure DCS1 to collect the following information:
- The amount of Active Directory data replicated between DC1 and the other domain controllers
- The current values of several registry settings
Which two should you configure in DCS1? (Each correct answer presents part of the solution. Choose two.)
A. Event trace dataB. A Performance Counter Alert
C. System configuration information
D. A Performance Counter
ANSWER: BC. Performance counter ALERT + System configuration information.
Q80. You have a server named Server1 that runs Windows Server 2012 R2. You create a Data Collector Set (DCS) named DCS1. You need to configure DCS1 to log data to D:\logs.
What should you do?
A. Right-click DCS1 and click Properties.
B. Right-click DCS1 and click Export list.
C. Right-click DCS1 and click Data Manager.
D. Right-click DCS1 and click Save template.
ANSWER: A . Right-click DCS1 and click Properties.
Q81. You have a server named Server1 that runs Windows Server 2012 R2. On Server1, you configure a custom Data Collector Set (DCS) named DCS1. DCS1 is configured to store performance log data in C:\Logs.
You need to ensure that the contents of C:\Logs are deleted automatically when the folder reaches 100 MB in size.
What should you configure?
A. A File Server Resource Manager (FSRM) quota on the C:\Logs folder
B. The Data Manager settings of DCS1
C. A schedule for DCS1
D. A File Server Resource Manager (FSRM) file screen on the C:\Logs folder
ANSWER: B. The Data Manager settings of DCS1
Q82. Your network contains an Active Directory domain named contoso.com. The domain contains 30 organizational units (OUs).
You need to ensure that a user named User1 can link Group Policy Objects (GPOs) in the domain.
What should you do?
A. From the Active Directory Users and Computers, add User1 to the Network Configuration Operators group.
B. From the Group Policies Management, click the contoso.com node and modify the Delegation settings.
C. From the Group Policies Management, click the Group policy Objects node and modify the Delegation settings.
D. From the Active Directory Users and Computers, add User1 to the Group Policy Creator Owners group.
ANSWER: B. From the Group Policies Management, click the contoso.com node and modify the Delegation settings.
Q83. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. On Server1, you create a network policy named PPTP_Policy.
You need to configure PPTP_Policy to apply only to VPN connections that use the PPTP protocol.
What should you configure in PPTP_Policy?
A. The Service Type
B. The Tunnel Type
C. The Framed Protocol
D. The NAS Port Type
ANSWER: B. The Tunnel Type
Q84. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.
An administrator creates a Network Policy Server (NPS) network policy named Policy1.
You need to ensure that Policy1 applies to L2TP connections only.
Which condition should you modify? To answer, select the appropriate object in the answer area.
ANSWER: Tunnel Type.
Q85. Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2 and are configured as DNS servers. All DNS zones are Active Directory-integrated. Active Directory Recycle Bin is enabled. You need to modify the amount of time deleted objects are retained in the Active Directory Recycle Bin. Which naming context should you use?
To answer, select the appropriate naming context in the answer area.![clip_image002_thumb_thumb_thumb_thum[2]_thumb_thumb_thumb_thumb_thumb_thumb_thumb](http://examgod.com/l2pimages/0bbdef62ab97_8134/clip_image002_thumb_thumb_thumb_thum2_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb.jpg "clip_image002_thumb_thumb_thumb_thum[2]_thumb_thumb_thumb_thumb_thumb_thumb_thumb")
To answer, select the appropriate naming context in the answer area.
![clip_image002_thumb_thumb_thumb_thum[2]_thumb_thumb_thumb_thumb_thumb_thumb_thumb](http://examgod.com/l2pimages/0bbdef62ab97_8134/clip_image002_thumb_thumb_thumb_thum2_thumb_thumb_thumb_thumb_thumb_thumb_thumb.jpg "clip_image002_thumb_thumb_thumb_thum[2]_thumb_thumb_thumb_thumb_thumb_thumb_thumb")
ANSWER: Configuration [CONT-DC1.contoso.com]
Q86. You are a admin (what a suprise huh?) you have WSUS with 2 sites wich contain computers. You want to have the ability to update the computers per site or together. wich 3 steps do you do?
A. Create computer groups in WSUS
B. Create synchronization options
C. Create GPO and configure updates
D. Under Tasks, click Synchronize now
ANSWER: ABC . Create computer groups in WSUS, synchronization options, GPO and configure updates.
Q87. Your network contains an Active Directory domain named contoso.com.
All user accounts reside in an organizational unit (OU) named OU1. All of the users in the marketing department are members of a group named Marketing. All of the users in the human resources department are members of a group named HR.
You create a Group Policy object (GPO) named GPO1.
You link GP01 to OU1.
You configure the Group Policy preferences of GPO1 to add two shortcuts named Link1 and Link2 to the desktop of each user.
You need to ensure that Link1 only appears on the desktop of the users in Marketing and that Link2 only appears on the desktop of the users in HR. What should you configure?
A. Item-level targeting
B. Group Policy Inheritance
C. Security Filtering
D. WMI Filtering
ANSWER: A. Item-level targeting
Q88. Your network contains an Active Directory domain named contoso.com. The domain contains a member server that runs Windows Server 2012 R2 and has the Windows Deployment Services (WDS) server role installed.
You create a new multicast session in WDS and connect 50 client computers to the session. When you open the Windows Deployment Services console, you discover that all of the computers are listed as pending devices.
You need to ensure that any of the computers on the network can join a multicast transmission without requiring administrator approval.
What should you configure? To answer, select the appropriate tab in the answer area.
ANSWER: PXE Response.
Q89. You have a server named Server5 that runs Windows Server 2012 R2. Servers has the Windows Deployment Services server role installed. You need to ensure that when client computers connect to Server5 by using PXE, the computers use an unattended file. What should you configure? To answer, select the appropriate tab in the answer area.
ANSWER: Client.
Server5 contains several custom images of Windows 8.
You need to ensure that when 32-bit client computers start by using PXE, the computers automatically install an image named Image 1.
What should you configure?
To answer, select the appropriate tab in the answer area.
ANSWER: Client.
Q90. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two servers. The servers are configured as shown in the following table.
Server1 and Server2 host a load-balanced website named Web1. Web1 runs by using an application pool named WebApp1. WebApp1 uses a group Managed Service Account named gMSA1 as its identity.
Domain users connect to Web1 by using either the name Web1.contoso.com or the alias myweb.contoso.com.
You discover the following:
- When the users access Web1 by using Web1.contoso.com, they authenticate by using Kerberos.
- When the users access Web1 by using myweb.contoso.com, they authenticate by using NTLM.
You need to ensure that the users can authenticate by using Kerberos when they connect by using myweb.contoso.com.
What should you do?
A. Modify the properties of the WebApp1 application pool. B. Run the Add-ADComputerServiceAccount cmdlet.
C. Modify the properties of the Web1 website.
D. Modify the properties of the gMSA1 service account.
Q91. Your network is configured as shown in the exhibit. (Click the Exhibit button.)
Server1 regularly accesses Server2.
You discover that all of the connections from Server1 to Server2 are routed through Router1.
You need to optimize the connection path from Server1 to Server2.
Which route command should you run on Server1?
Server1 regularly accesses Server2.
You discover that all of the connections from Server1 to Server2 are routed through Router1.
You need to optimize the connection path from Server1 to Server2.
Which route command should you run on Server1?
A. Route add -p 10.10.10.0 MASK 255.255.255.0 10.10.10.1 METRIC 50
B. Route add -p 10.10.10.0 MASK 255.255.255.0 172.23.16.2 METRIC 100
C. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.1 METRIC 100
D. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.0 METRIC 50
B. Route add -p 10.10.10.0 MASK 255.255.255.0 172.23.16.2 METRIC 100
C. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.1 METRIC 100
D. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.0 METRIC 50
ANSWER: B. Route add -p 10.10.10.0 MASK 255.255.255.0 172.23.16.2 METRIC 100
Q92. You want to change the memory of a virtual machine that is currently powered up. What do you need to do?
A. Shut down the virtual machine, use the virtual's machine settings to change the memory, and start it again.
B. Use the virtual machine's settings to change the memory.
C. Pause the virtual machine, use the virtual machine's settings to change the memory, and resume it.
D. Save the virtual machine, use the virtual machine's settings to change the memory, and resume it.
ANSWER. A. Shut down the virtual machine, use the virtual's machine settings to change the memory, and start it again.
Q93. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. The domain contains three servers that run Windows Server 2012 R2.
Server1 and Server2 are configured in a Network Load Balancing (NLB) cluster. The NLB cluster hosts a website named Web1 that uses an application pool named App1. Web1 uses a database named DB1 as its data store.
You create an account named User1.
You configure User1, as the identity of App1. You need to ensure that contoso.com domain users accessing Web1 connect to DB1 by using their own credentials.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Configure the delegation settings of Server3.
B. Create a Service Principal Name (SPN) for User1.
C. Configure the delegation settings of User1.
D. Create a matching Service Principal Name (SPN) for Server1 and Server2.
E. Configure the delegation settings of Server1 and Server2.
ANSWER: BE. Create a Service Principal Name (SPN) for User1. Create a matching Service Principal Name (SPN) for Server1 and Server2.
Q94. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. All client computers run Windows 8 Enterprise. DC1 contains a Group Policy object (GPO) named GPO1.
You need to deploy a VPN connection to all users.
What should you configure from Users Configuration in GPO1?
A. Policies/Administrative Templates/Network/Network Connections
B. Policies/Administrative Templates/Network/Windows Connect Now
C. Preferences/Control Panel Settings/Network Options
D. Policies/Administrative Templates/Windows Components/Windows Mobility Centre
ANSWER: C. Preferences/Control Panel Settings/Network Options
Q95. Your network contains an Active Directory domain named contoso.com. All client computers connect to the Internet by using a server that has Microsoft Forefront Threat Management Gateway (TMG) installed. You deploy a server named Server1 that runs Windows Server 2012 R2. You install the Windows Server Update Services server role on Server1. From the Windows Server Update Services Configuration Wizard, you click Start Connecting and you receive an HTTP error message.
You need to configure Server1 to download Windows updates from the Internet.
What should you do?
A. From the Update Services console, modify the Synchronization Schedule options.
B. From Windows Internet Explorer, modify the Connections settings.
C. From Windows Internet Explorer, modify the Security settings.
D. From the Update Services console, modify the Update Source and Proxy Server options.
ANSWER: D. From the Update Services console, modify the Update Source and Proxy Server options.
Q96. Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
You need to provide an Administrator named Admin1 with the ability to create GPOs in the domain. The solution must not provide Admin1 with the ability to link GPOs.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gptedit.msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
ANSWER: J. Set-GPPermission
Q97. Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. The domain contains a GPO named GPO1. GPO1 contains several Group Policy preferences.
You need to view all of the preferences configured in GPO1.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gptedit.msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritanceI. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
ANSWER: B. Get-GPOReport
Q98. Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. A network Administrator accidentally deletes the Default Domain Policy GPO. You do not have a backup of any of the GPOs.
You need to recreate the Default Domain Policy GPO.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gptedit.msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
ANSWER: A. dcgpofix
Q99. Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. The domain is renamed to adatum.com. Group Policies no longer function correctly.
You need to ensure that the existing GPOs are applied to users and computers.
You want to achieve this goal by using the minimum amount of Administrative effort.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gptedit.msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
ANSWER: C. Gpfixup
Q100. Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. The domain contains a top-level organizational unit (OU) for each department. A group named Group1 contains members from each department. You have a GPO named GPO1 that is linked to the domain.
You need to configure GPO1 to apply settings to Group1 only.
What should you use?
A. dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gptedit.msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
ANSWER: J. Set-GPPermission
A. dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gptedit.msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
ANSWER: H. Set-GPInheritance
ANSWER: H. Set-GPInheritance
Q102. Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. You have two GPOs linked to an organizational unit (OU) named OU1.
You need to change the precedence order of the GPOs. What should you use?
A. dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gptedit.msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
ANSWER: I. Set-GPLink
Q103. Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. You have two GPOs linked to an organizational unit (OU) named OU1.
You need to view all of the preferences configured in GPO1. What should you use?
A. dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gptedit.msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
ANSWER: B. Get-GPOReport
ANSWER: B. Get-GPOReport
Q101. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. On DC1, you add a new volume and you stop the Active Directory Domain Services (AD DS) service.
You run ntdsutil.exe and you set NTDS as the active instance. You need to move the Active Directory database to the new volume.
Which Ntdsutil context should you use?
A. Configurable Settings
B. Partition management
C. IFM
D. Files
ANSWER: D. Files
Q102. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. You run ntdsutil {as shown in the exhibit}.
You need to ensure that you can access the contents of the mounted snapshot.
What should you do?
A. From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds\ntds.dit – ldapport 33389.
B. From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds\ntds.dit – ldapport 389.
C. From the snapshot context of ntdsutil, run activate instance “NTDS”.
D. From the snapshot context of ntdsutil, run mount (79f94f82-5926-4f44-8af0-2f56d827a57d).
ANSWER: A. From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds\ntds.dit – ldapport 33389.
Q103. You have a VHD that contains an image of Windows Server 2012 R2.
You plan to apply updates to the image.
You need to ensure that only updates that can install without requiring a restart are installed.
Which DISM option should you use?
A. /PreventPending
B. /Apply-Unattend
C. /Cleanup-Image
D. /Add-ProvisionedAppxPackage
ANSWER: A. /PreventPending
Q104. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server role service installed.
You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN enforcement by using the Configure NAP wizard.
You need to ensure that you can configure the VPN enforcement method on Server1 successfully.
What should you install on Server1 before you run the Configure NAP wizard?
A. The Host Credential Authorization Protocol (HCAP)
B. A system health validator (SHV)
C. The Remote Access server role
D. A Computer certificate
ANSWER: D. A Computer certificate
Q105. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 has the Web Server (IIS) server role installed. On Server1, you install a managed service account named Service1.
You attempt to configure the World Wide Web Publishing Service as shown in the exhibit. (Click the Exhibit button.)
You receive the following error message:
“The account name is invalid or does not exist, or the password is invalid for the account name specified.”
You need to ensure that the World Wide Web Publishing Service can log on by using the managed service account.
What should you do?
You attempt to configure the World Wide Web Publishing Service as shown in the exhibit. (Click the Exhibit button.)
You receive the following error message:
“The account name is invalid or does not exist, or the password is invalid for the account name specified.”
You need to ensure that the World Wide Web Publishing Service can log on by using the managed service account.
What should you do?
A. Specify contoso\service1$ as the account name.
B. Specify service1@contoso.com as the account name.
C. Reset the password for the account.
D. Enter and confirm the password for the account.
B. Specify service1@contoso.com as the account name.
C. Reset the password for the account.
D. Enter and confirm the password for the account.
ANSWER: A. Specify contoso\service1$ as the account name.
Q106. Your network contains a DNS server named Server1 that runs Windows Server 2012 R2. Server1 has a zone named contoso.com. The network contains a server named Server2 that runs Windows Server 2008 R2. Server1 and Server2 are members of an Active Directory domain named contoso.com. You change the IP address of Server2.
Several hours later, some users report that they cannot connect to Server2.
On the affected users’ client computers, you flush the DNS client resolver cache, and the users successfully connect to Server2.
You need to reduce the amount of time that the client computers cache DNS records from contoso.com.
Which value should you modify in the Start of Authority (SOA) record?
To answer, select the appropriate setting in the answer area.
On the affected users’ client computers, you flush the DNS client resolver cache, and the users successfully connect to Server2.
You need to reduce the amount of time that the client computers cache DNS records from contoso.com.
Which value should you modify in the Start of Authority (SOA) record?
To answer, select the appropriate setting in the answer area.
ANSWER: Minimum (default) TTL.
Q107. You have a DNS server named Server1 that has a Server Core Installation on Windows Server 2012 R2.
Q107. You have a DNS server named Server1 that has a Server Core Installation on Windows Server 2012 R2.
You need to view the time-to-live (TTL) value of a name server (NS) record that is cached by the DNS Server service on Server1.
What should you run?
A. Show-DNSServerCache B. dnscacheugc.exe
C. ipconfig.exe /displaydns
D. nslookup.exe
ANSWER: A. Show-DNSServerCache
Q108. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed.
Server1 is configured to delete automatically the DNS records of client computers that are no longer on the network. A technician confirms that the DNS records are deleted automatically from the contoso.com zone.
You discover that the contoso.com zone has many DNS records for servers that were on the network in the past, but have not connected to the network for a long time.
You need to set the time stamp for all of the DNS records in the contoso.com zone.
What should you do?
A. From DNS Manager, modify the Advanced settings from the properties of Server1
B. From Windows PowerShell, run the Set-DnsServerResourceRecordAging cmdlet
C. From DNS Manager, modify the Zone Aging/Scavenging Properties
D. From Windows PowerShell, run the Set-DnsServerZoneAging cmdlet.
ANSWER: D. From Windows PowerShell, run the Set-DnsServerZoneAging cmdlet.
You discover that the contoso.com zone has many DNS records for servers that were on the network in the past, but have not connected to the network for a long time.
You need to set the time stamp for all of the DNS records in the contoso.com zone.
What should you do?
A. From DNS Manager, modify the Advanced settings from the properties of Server1
B. From Windows PowerShell, run the Set-DnsServerResourceRecordAging cmdlet
C. From DNS Manager, modify the Zone Aging/Scavenging Properties
D. From Windows PowerShell, run the Set-DnsServerZoneAging cmdlet.
ANSWER: D. From Windows PowerShell, run the Set-DnsServerZoneAging cmdlet.
Q109. You have a DNS server named Server1. Server1 has a primary zone named contoso.com. Zone Aging/ Scavenging is configured for the contoso.com zone. One month ago, an Administrator removed a server named Server2 from the network.
You discover that a static resource record for Server2 is present in contoso.com. Resource records for decommissioned client computers are removed automatically from contoso.com.
You need to ensure that the static resource records for all of the servers are removed automatically from contoso.com.
What should you modify?
A. The Security settings of the static resource records
B. The Expires after value of contoso.com
C. The Record time stamp value of the static resource records
D. The time-to-live (TTL) value of the static resource records
ANSWER: C. The Record time stamp value of the static resource records
Q110. Your network contains two DNS servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone forcontoso.com.
You need to ensure that Server2 replicates changes to the contoso.com zone every five minutes.
Which setting should you modify in the start of authority (SOA) record?
A. Retry interval
B. Minimum (default) TTL
C. Expires after
D. Refresh interval
ANSWER: D. Refresh interval. (by default is set to 15 minutes)
Q111. You have a DNS server named Server1 that runs Windows Server 2012 R2. On Server1, you create a DNS zone named contoso.com. You need to specify the email address of the person responsible for the zone. Which type of DNS record should you configure?
A. Start of authority (SOA) B. Mail exchanger (MX)
C. Host information (HINFO)
D. Mailbox (MB)
ANSWER: A. Start of Authority (SOA).
Q112. Your network contains an Active Director domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2.
You have two user accounts named User1 and User2. User1 and User2 are the members of a group named Group1. User1 has the Department value set to Accounting, user2 has the Department value set to Marketing. Both users have the Employee Type value set to Contract Employee.
You create the auditing entry as shown in the exhibit. (Click the Exhibit button.)
You create the auditing entry as shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
Each correct selection is worth one point.
ANSWER:
To ensure that an audit event is logged when User1 deletes files on Server1, you must... modify the condition for the Department value.
You must... modify the Permissions settings... to ensure that an audit an event is logged when User2 opens files on Server1.
Q113. Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows Server 2012 R2.
A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily.
During routine maintenance, you delete a group named Group1.
You need to recover Group1 and identify the names of the users who were members of Group1 prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?
A. Perform an authoritative restore of Group1.
B. Mount the most recent Active Directory backup.
C. Use the Recycle Bin to restore Group1.
D. Reactivate the tombstone of Group1.
ANSWER: A. Perform an authoritative restore of Group1.
Q114. Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2. A support technician accidentally deletes a user account named User1.
You need to use tombstone reanimation to restore the User1 account.
Which tool should you use?
A. Active Directory Administrative Center
B. Ntdsutil
C. Ldp
D. Esentutl
D. Esentutl
ANSWER: C. Ldp. Ldp restores a single deleted object.
Q115. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is backed up daily.
The domain has the Active Directory Recycle Bin enabled.
During routine maintenance, you delete 500 inactive user accounts and 100 inactive groups. One of the deleted groups is named Group1. Some of the deleted user accounts are members of some of the deleted groups.
For documentation purposes, you must provide a list of the members of Group1 before the group was deleted.
You need to identify the names of the users who were members of Group1 prior to its deletion.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?
A. Mount the most recent Active Directory backup.
B. Perform an authoritative restore of Group1.
C. Use the Recycle Bin to restore Group1.
D. Reactivate the tombstone of Group1.
B. Perform an authoritative restore of Group1.
C. Use the Recycle Bin to restore Group1.
D. Reactivate the tombstone of Group1.
ANSWER: A. Mount the most recent Active Directory backup
Q116. Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago.
You need to restore the membership of Group1.
What should you do?
A. Apply a virtual machine snapshot to VM1.
B. Modify the is Deleted attribute of Group1.
C. Perform tombstone reanimation.
D. Export and import data by using Dsamain.
ANSWER: C. Perform tombstone reanimation.
Q117. Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago.
You need to restore the membership of Group1.
What should you do?
A. Apply a virtual machine snapshot to VM1.
B. Perform an authoritative restore.
C. Perform a non-authoritative restore.
D. Perform tombstone reanimation.
ANSWER: B. Perform an authoritative restore.
Q118. Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago.
You need to restore the membership of Group1.
What should you do?
A. Recover the items by using Active Directory Recycle Bin.
B. Modify the is Recycled attribute of Group1.
C. Perform tombstone reanimation.
D. Perform an authoritative restore.
ANSWER: A. Recover the items by using Active Directory Recycle Bin.
Q119. Your network contains a RADIUS server named Server1.
You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed.
You need to ensure that all accounting requests for Server2 are forwarded to Server1.
On Server2, you configure a new remote RADIUS server group named Group1 that contains Server1.
What should you configure on Server2?
To answer, select the appropriate node in the answer area.
You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed.
You need to ensure that all accounting requests for Server2 are forwarded to Server1.
On Server2, you configure a new remote RADIUS server group named Group1 that contains Server1.
What should you configure on Server2?
To answer, select the appropriate node in the answer area.
ANSWER: Policies=> Connection Request Policies
Q120. Your network contains a RADIUS server named Server1.
You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed.
You need to ensure that all accounting requests for Server2 are forwarded to Server1.
On Server2, you configure a Connection Request Policy.
What else should you configure on Server2?
To answer, select the appropriate node in the answer area.
You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed.
You need to ensure that all accounting requests for Server2 are forwarded to Server1.
On Server2, you configure a Connection Request Policy.
What else should you configure on Server2?
To answer, select the appropriate node in the answer area.
ANSWER: Remote RADIUS Server Groups
Q121. Your network contains an Active Directory forest named contoso.com. The forest contains a Network Policy Server (NPS) server named NPS1 and a VPN server named VPN1. VPN1 forwards all authentication requests to NPS1.
A partner company has an Active Directory forest named adatum.com. The adatum.com forest contains an NPS server named NPS2.
You plan to grant users from adatum.com VPN access to your network.
You need to authenticate the users from adatum.com on VPN1.
What should you create on each NPS server?
To answer, drag the appropriate objects to the correct NPS servers. Each object may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
ANSWER:
NPS1 - Connection request policy + remote RADIUS server group
NPS2 - RADIUS client
Q122. Your network contains an Active Directory domain named contoso.com. The domain contains a server named NPS1 that has the Network Policy Server server role installed. All servers run Windows Server 2012 R2.
You install the Remote Access server role on 10 servers.
You need to ensure that all of the Remote Access servers use the same network policies.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. Configure each Remote Access server to use the Routing and Remote Access service (RRAS) to authenticate connection requests.
B. On NPS1, create a remote RADIUS server group. Add all of the Remote Access servers to the remote RADIUS server group.
C. On NPS1, create a new connection request policy and add a Tunnel-Type and a Service-Type condition.
D. Configure each Remote Access server to use a RADIUS server named NPS1.
E. On NPS1, create a RADIUS client template and use the template to create RADIUS clients.
B. On NPS1, create a remote RADIUS server group. Add all of the Remote Access servers to the remote RADIUS server group.
C. On NPS1, create a new connection request policy and add a Tunnel-Type and a Service-Type condition.
D. Configure each Remote Access server to use a RADIUS server named NPS1.
E. On NPS1, create a RADIUS client template and use the template to create RADIUS clients.
ANSWER: BC. On NPS1, create a remote RADIUS server group. Add all of the Remote Access servers to the remote RADIUS server group. On NPS1, create a new connection request policy and add a Tunnel-Type and a Service-Type condition.
Q123. Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet.
You implement DirectAccess by using the default configuration.
You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com.
Which settings should you configure in a Group Policy object (GPO)?
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on RODC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?
You implement DirectAccess by using the default configuration.
You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com.
Which settings should you configure in a Group Policy object (GPO)?
A. Name Resolution Policy
B. DNS Client
C. Network Connections
D. DirectAccess Client Experience Settings
B. DNS Client
C. Network Connections
D. DirectAccess Client Experience Settings
ANSWER: A. Name Resolution Policy
Q124. Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.
You create a global group named RODC_Admins. You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on RODC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?
A. From Active Directory Site and Services, configure the Security settings of the RODC1 server object. B. From Windows PowerShell, run the Set-ADAccountControlcmdlet.
C. From a command prompt, run the dsmgmt local roles command.
D. From Active Directory Users and Computers, configure the Member Of settings of the RODC1 account.
C. From a command prompt, run the dsmgmt local roles command.
D. From Active Directory Users and Computers, configure the Member Of settings of the RODC1 account.
ANSWER: C. From a command prompt, run the dsmgmt local roles command.
Q125. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2. DC10 is currently a member of a workgroup.
You plan to promote DC10 to a read-only domain controller (RODC).
You need to ensure that a user named Contoso/User1 can promote DC10 to a RODC in the contoso.com domain. The solution must minimize the number of permissions assigned to User1.
What should you do?
A. Join DC10 to the domain. Modify the properties of the DC10 computer account
B. From Active Directory Administrative Center, pre-create an RODC computer account.
C. Join DC10 to the domain. Run dsmod and specify the /server switch
D. From Active Directory Administrative Center, modify the security settings of the Domain Controllers organizational unit (OU).
ANSWER: B. From Active Directory Administrative Center, pre-create an RODC computer account.
Q125. You have a server named Server 1.
You enable BitLocker Drive Encryption (BitLocker) on Server 1.
You need to change the password for the Trusted Platform Module (TPM) chip.
What should you run on Server1?
A. Manage-bde.exe
B. Set-TpmOwnerAuth
C. bdehdcfg.exe
D. tpmvscmgr.exe
ANSWER: B. Set-TpmOwnerAuth
Q126. Your company has a main office and two branch offices. The main office is located in Seattle. The two branch offices are located in Montreal and Miami. Each office is configured as an Active Directory site.
The network contains an Active Directory domain named contoso.com. Network traffic is not routed between the Montreal office and the Miami office.
You implement a Distributed File System (DFS) namespace named \\contoso.com\public. The namespace contains a folder named Folder1. Folder1 has a folder target in each office.
You need to configure DFS to ensure that users in the branch offices only receive referrals to the target in their respective office or to the target in the main office.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. Set the Ordering method of \\contoso.com\public to Random order.
B. Set the Advanced properties of the folder target in the Seattle office to Last among all targets.
C. Set the Advanced properties of the folder target in the Seattle office to First among targets of equal cost. D. Set the Ordering method of \\contoso.com\public to Exclude targets outside of the client’s site.
E. Set the Advanced properties of the folder target in the Seattle office to Last among targets of equal cost.
F. Set the Ordering method of \\contoso.com\public to Lowest cost.
ANSWER: CD. Set the Advanced properties of the folder target in the Seattle office to First among targets of equal cost. Set the Ordering method of \\contoso.com\public to Exclude targets outside of the client’s site.
Q127. Your network contains two servers named W5U51 and WSUS_REPL that run Windows Server 2012 R2. WSUS1 and WSUS_REPL have the Windows Server Update Services server role installed.
All client computers run Windows 7.
WSUS1 synchronizes from Microsoft Update. WSUS_REPL is a Windows Server Update Services (WSUS) replica of WSUS1.
You need to configure replica downstream servers to send WSUS_REPL summary information about the computer update status.
What should you do?
A. From WSUS1, configure Reporting Rollup.
B. From WSUS_REPL, configure Reporting Rollup.
C. From WSUS1, configure Email Notifications.
D. From WSUS_REPL, configure Email Notifications.
C. From WSUS1, configure Email Notifications.
D. From WSUS_REPL, configure Email Notifications.
ANSWER: A. From WSUS1, configure Reporting Rollup.
Q128. Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 have the Windows Server Update Services server role installed.
Server1 synchronizes from Microsoft Update. Server2 is a Windows Server Update Services (WSUS) replica of Server1.
You need to configure replica downstream servers to send Server1 summary information about the computer update status.
What should you do?
A. From Server1, configure Reporting Rollup.
B. From Server2, configure Reporting Rollup.
C. From Server1, configure Email Notifications.
D. From Server2, configure Email Notifications.
C. From Server1, configure Email Notifications.
D. From Server2, configure Email Notifications.
ANSWER: A. From Server1, configure Reporting Rollup.
Q129. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. Server1 has a folder named Folder1 that is used by the human resources department.
You need to ensure that an email notification is sent immediately to the human resources manager when a user copies an audio file or a video file to Folder1.
What should you configure on Server1?
A. A storage report task
B. A file screen exception
C. A file screen
D. A file group
ANSWER: C. A file screen
Q130. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. Server1 has a folder named Folder1 that is used by the sales department.
You need to ensure that an email notification is sent to the sales manager when a File Screening Audit report is generated.
What should you configure on Server1
A. A file group You need to ensure that an email notification is sent to the sales manager when a File Screening Audit report is generated.
What should you configure on Server1
B. A file screen
C. A file screen exception
D. A storage report task
ANSWER: D. A storage report task
Q131. Your network contains an Active Directory forest named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.
You need to identify which server role must be deployed to the network to support the planned implementation.
Qhich role should you identify?
A. Network Policy and Access Services
B. Volume Activation Services
B. Volume Activation Services
C. Windows Deployment Services
D. Active Directory Rights Management Services
ANSWER: C. Windows Deployment Services
Q132. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 200 Group Policy objects (GPOs) and 100 WMI filters. An administrator named Admin1 must be able to create new WMI filters and edit all of the existing WMI filters from the Group Policy Management Console (GPMC). You need to delegate the required permissions to Admin1. The solution must minimize the number of permissions assigned to Admin1.
What should you do?
A. From Active Directory Users and Computers, add Admin1 to the WinRMRemoteWMIUsers_group.
B. From Group Policy Management, assign Creator Owner to Admin1 for the WMI Filters container.
C. From Active Directory Users and Computers, add Admin1 to the Domain Admins group.
D. From Group Policy Management, assign Full control to Admin1 for the WMI Filters container.
ANSWER: D. From Group Policy Management, assign Full control to Admin1 for the WMI Filters container.
Q133. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2008 R2.
You plan to test Windows Server 2012 R2 by using native-boot virtual hard disks (VHDs).
You attach a new VHD to Server1.
You need to install Windows Server 2102 R2 in the VHD.
What should you do?
A. Run imagex.exe and specify the /append parameter.
B. Run dism.exe and specify the /apply-image parameter.
C. Run imagex.exe and specify the /export parameter.
D. Run dism.exe and specify the /append-image parameter.
D. Run dism.exe and specify the /append-image parameter.
ANSWER: B. Run dism.exe and specify the /apply-image parameter.
Q134. Your network contains two servers named Server1 and Server 2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed.
On Server1, you create a standard primary zone named contoso.com.
You plan to create a standard primary zone for ad.contoso.com on Server2.
You need to ensure that Server2 can host a secondary zone for contoso.com.
What should you do from Server1?
A. Add Server2 as a name serverB. Create a trust anchor named Server2.
C. Convert contoso.com to an Active Directory-integrated zone.
D. Create a zone delegation that points to Server2.
ANSWER: A. Add Server2 as a name server
Q135. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains an organizational unit (OU) named OU1. OU1 contains an OU named OU2. OU2 contains a user named User1. User1 is the member of a group named Group1. Group1 is in the Users container. You create five Group Policy objects (GPO). The GPOs are configured as shown in the following table.
ANSWER:
GPO2 - Domain level
GPO4 - Highest OU level
GPO5 - OU2 level containing User1
Q136. Your network contains three Network Policy Server (NPS) servers named NPS1, NPS2, and NPS3. NPS1 is configured as a RADIUS proxy that forwards connection requests to a remote RADIUS server group named Group1. You need to ensure that NPS2 receives connection requests. NPS3 must only receive connection requests if NPS2 is unavailable. How should you configure Group1?
A. Change the Priority of NPS3 to 10.
B. Change the Weight of NPS2 to 10.
C. Change the Weight of NPS3 to 10.
D. Change the Priority of NPS2 to 10.
ANSWER: A. Change the Priority of NPS3 to 10.
Q137. Your network contains two servers named Server1 and Server 2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed.
On Server1, you create a standard primary zone named contoso.com.
You plan to create a standard primary zone for ad.contoso.com on Server2.
You need to ensure that Server1 forwards all queries for ad.contoso.com to Server2.
What should you do from Server1?
A. Create a trust anchor named Server2.
B. Create a conditional forward that points to Server2
C. Add Server2 as a name server.
D. Create a zone delegation that points to Server2.
ANSWER: D. Create a zone delegation that points to Server2.
Q138. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Server1 has the Network Policy Server server role installed. Server2 has the DHCP Server server role installed. Both servers run Windows Server 2012 R2.
You are configuring Network Access Protection (NAP) to use DHCP enforcement.
You configure a DHCP scope as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that non-compliant NAP clients receive different DHCP options than compliant NAP clients.
What should you configure on each server?
To answer, select the appropriate options for each server in the answer area.
ANSWER:
Server1: Health Policies
Server2: Server Options
Q139. Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.
You need to ensure that only computers that send a statement of health are checked for Network Access Protection (NAP) health requirements.
Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)
A. The NAP-Capable Computers conditions B. The NAS Port Type constraints
C. The Health Policies conditions
D. The MS-Service Class conditions
E. The Called Station ID constraints
ANSWER: AC. The NAP-Capable Computers conditions + The Health Policies conditions
Q140. Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.
The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP scope for each subnet. You need to ensure that noncompliant computers on Subnet1 receive different network policies than the noncompliant computers on Subnet2.
Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)
A. The NAP-Capable Computers conditions B. The NAS Port Type constraints
C. The Health Policies conditions
D. The MS-Service Class conditions
E. The Called Station ID constraints
ANSWER:CD. Health policies conditions + MS-Service Class conditions
Q141. Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as show in the following table.
The network contains a server named Server1 that has the Hyper-V server role installed. DC6 is a virtual machine that is hosted on Server1. You need to ensure that you can clone DC6. What should you do?
A. Transfer the schema master to DC6.
B. Transfer the PDC emulator to DC5.
C. Transfer the schema master to DC4.
D. Transfer the PDC emulator to DC2.
ANSWER: D. Transfer the PDC emulator to DC2.
Q142. Your network contains an Active Directory domain named contoso.com. Network Access Protection (NAP) is deployed to the domain. You need to create NAP event trace log files on a client computer.
What should you run?
A. Logman
B. Tracert
C. Register-EngineEvent
D. Register-ObjectEvent
B. Tracert
C. Register-EngineEvent
D. Register-ObjectEvent
ANSWER: A. Logman.
Q143. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. An organizational unit (OU) named ResearchServers contains the computer accounts of all research servers. All domain users are configured to have a minimum password length of eight characters. You need to ensure that the minimum password length of the local user accounts on the research servers in the ResearchServers OU is 10 characters. What should you do?
A. Configure a local Group Policy object (GPO) on each research server.
B. Create and link a Group Policy object (GPO) to the ResearchServers OU.
C. Create a universal group that contains the research servers. Create a Password Settings object (PSO) and assign the PSO to the group.
D. Create a global group that contains the research servers. Create a Password Settings object (PSO) and assign the PSO to the group.
ANSWER: B. Create and link a Group Policy object (GPO) to the ResearchServers OU
A. Run the Zone Signing Wizard for the zone.
B. From the properties of the zone, change the zone type.
C. Run the new Delegation Wizard for the zone.
D. From the properties of the zone, modify the Start Of Authority (SOA) record.
ANSWER: B. From the properties of the zone, change the zone type to AD Integrated zone. You can use ACLs to secure a dns Zone object container in the directory tree. (NOT available with standard primary zones)
Q145. Identify DirectAccess connection:
ANSWER: Second icon Workplace Connection
![152[5]](https://ms70647.files.wordpress.com/2014/06/1525_thumb.png?w=268&h=240)
Q146. Your network contains an Active Directory domain named fabrikam.com. You implement DirectAccess and an IKEv2 VPN. You need to view the properties of the VPN connection. Which connection properties should you view? To answer, select the appropriate connection properties in the answer area.
ANSWER: Fourth icon Workplace connection.
![112[4]](https://ms70647.files.wordpress.com/2014/06/1124_thumb.png?w=272&h=250)
Q147. Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8. Your company has users who work from home. Some of the home users have desktop computers. Other home users have laptop computers. All of the computers are joined to the domain. All of the computer accounts are members of a group named Group1. Currently, the home users access the corporate network by using a PPTP VPN. You implement DirectAccess by using the default configuration and you specify
Group1 as the DirectAccess client group. The home users who have desktop computers report that they cannot use DirectAccess to access the corporate network. The home users who have laptop computers report that they can use DirectAccess to access the corporate network. You need to ensure that the home users who have desktop computers can access the network by using DirectAccess.
What should you modify?
A. The security settings of the computer accounts for the desktop computers
B. The membership of the R.AS and IAS Servers group
C. The WMI filter for Direct Access Client Settings GPO
D. The conditions of the Connections to Microsoft Routing and Remote Access server policy
ANSWER: C. The WMI filter for Direct Access Client Settings GPO
Q148. Your network contains an Active Directory forest named contoso.com. Recently, all of the domain controllers that ran Windows Server 2003 were replaced by domain controllers that run Windows Server 2012.
From Event Viewer, you discover SYSVOL journal wrap errors on a domain controller named dc10.contoso.com.
You need to perform a non-authoritative synchronization of SYSVOL on DC10.
Which three actions should you perform on DC10?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order
Stop the (DFS) Replication service
Modify the DC10 in AD
Start the (DFS) Replication service
Q149. Your network contains a server named Server1 that has the Network Policy and Access Services server role installed. All of the network access servers forward connection requests to Server1. You create a new network policy on Server1. You need to ensure that the new policy applies only to connection requests from Microsoft RAS servers that are located on the 192.168.0.0/24 subnet. Which two configurations should you perforin? (Each correct answer presents part of the solution. Choose two.)
A. Set the MS-RAS Vendor ID condition to $teelHead.
B. Set the Called Station ID constraint to 192.168.0.
C. Set the Client IP4 Address condition to 192.168.0.0/24.
D. Set the MS-RAS Vendor ID condition to ^311$.
E. Set the Called Station ID constraint to 192.168.0.0/24.
F. Set the Client IP4 Address condition to 192.168.0.
B. Set the Called Station ID constraint to 192.168.0.
C. Set the Client IP4 Address condition to 192.168.0.0/24.
D. Set the MS-RAS Vendor ID condition to ^311$.
E. Set the Called Station ID constraint to 192.168.0.0/24.
F. Set the Client IP4 Address condition to 192.168.0.
Answer: DF. Set the MS-RAS Vendor ID condition to ^311$. Set the Client IP4 Address condition to 192.168.0.
Q150. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Remote Access server role installed. DirectAccess is implemented on Server1 by using the default configuration. You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet. You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess connection.
What should you do?
A. Configure a DNS suffix search list on the DirectAccess clients.
B. Configure DirectAccess to enable force tunneling.
C. Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings Group Policy object (GPO)
D. Enable the Route all traffic through the internal network policy setting in the DirectAccess Server
ANSWER: B. Configure DirectAccess to enable force tunneling.
Q151. Your network contains an Active Directory domain named contoso.com.
You have several Windows PowerShell scripts that execute when users log on to their client computer.
You need to ensure that all of the scripts execute completely before the users can access their desktop.
Which setting should you configure? To answer, select the appropriate setting in the answer area.
ANSWER: Run startup scripts synchronously. Directs the system to wait for logon scripts to finish running before it starts the Windows Explorer interface program and creates the desktop.
Q152. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1 by using TCP port 443.
What should you modify? To answer, select the appropriate object in the answer area.
ANSWER: Wan Miniport (SSTP)
Q153. You have a server named Server1 that has the Network Policy and Access Services server role installed.
You plan to configure Network Policy Server (NPS) on Server1 to use certificate-based authentication for VPN connections.
You obtain a certificate for NPS.
You need to ensure that NPS can perform certificate-based authentication.
To which store should you import the certificate? To answer, select the appropriate store in the answer area.
ANSWER: Local Computer => Personal
Q154. Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers named DC1, DC2, DC3, DC4, DC5, and DC6. Each domain controller has the DNS Server server role installed and hosts an Active Directory-integrated zone for contoso.com. You plan to create a new Active Directory-integrated zone named litwareinc.com that will be used for testing.
You need to ensure that the new zone will be replicated to only four of the domain controllers.
What should you do first?
A. Create an application directory partition.
B. Change the zone replication scope.
C. Create an Active Directory connection object.
D. Create an Active Directory site link.
ANSWER: A. Create an application directory partition.
Q155. Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2012 R2.
You need to create a custom Active Directory application partition.
Which tool should you use?
A. Dsadd
B. Dsmod
C. Netdom
D. Ntdsutil
ANSWER: D. Ntdsutil
Q156. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has two network adapters and is located in a perimeter network. You need to install the RIP version 2 routing protocol on Server1. Which node should you use to add the RIP version 2 routing protocol? To answer, select the appropriate node in the answer area.
ANSWER: IPv4 => General
Q157. Yor network contains an Active Directory domain named adatum.com. The domain contains a server named Server1. Your company implements DirectAccess. A user named User1 works at a customer's office. The customer's office contains a server named Server1.
When User1 attempts to connect to Server1, User1 connects to Server1 in adatum.com. You need to provide User1 with the ability to connect to Server1 in the customer's office. Which Group Policy option should you configure?
To answer, select the appropiate option in the answer area.
ANSWER: Prefer Local Names Allowed.
Q158. Your network contains a single Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The domain contains 400 desktop computers that run Windows 8 and 10 desktop computers that run Windows XP Service Pack 3 (SP3). All new desktop computers that are added to the domain run Windows 8. All of the desktop computers are located in an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1. GPO1 contains startup script settings. You link GPO1 to OU1.
You need to ensure that GPO1 is applied only to computers that run Windows XP SP3.
What should you do?
A. Create and link a WMI filter to GPO1. B. Run the Set-GPInheritance cmdlet and specify the -target parameter.
C. Run the Set-GPLink cmdlet and specify the -target parameter.
D. Modify the Security settings of OU1.
Q159. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. You need to create an Active Directory snapshot on DC1. Which four commands should you run?
To answer, move the four appropriate commands from the list of commands to the answer area and arrange them in the correct order.
ntdsutil
snapshot
activate instance ntds
create
You are a network administrator of an Active Directory domain named contoso.com. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Web Server (IIS) server role installed. Server1 will host a web site at URL https:// secure.contoso.com. The application pool identity account of the web site will be set to a domain user account named AppPool1. You need to identify the setspn.exe command that you must run to configure the appropriate Service Principal Name (SPN) for the web site.
What should you run? To answer, drag the appropriate objects to the correct location. Each object may be used once, more than once, or not at all.
ANSWER:
setspn.exe -s http/secure.contoso.com AppPool1
Q160. Your company has two offices. The offices are located in Montreal and Seattle. The network contains servers named Server1 and Server2. Server1 is located in the Seattle office. Server2 is located in the Montreal office. Both servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed.
You need to configure Server2 to download updates that are approved on Server1 only.
What cmdlet should you run?
ANSWER: Set-WsusServerSynchronization - UssServerName Server1 -Replica
Q161. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Network Policy Server server role installed. The domain contains a server named Server2 that is configured for RADIUS accounting.
Server1 is configured as a VPN server and is configured to forward authentication requests to Server2.
You need to ensure that only Server2 contains event information about authentication requests from connections to Server1.
Which two nodes should you configure from the Network Policy Server console?
To answer, select the appropriate two nodes in the answer area.
ANSWER:
NPS(local)
Policies=> Connection Request Policies
Q162. Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2. Both servers have the DFS Replication role service installed.
You need to configure the DFS Replication environment to meet the following requirements:
- Increase the quota limit of the staging folder.
- Configure the staging folder cleanup process to provide the highest amount of free space possible.
Which cmdlets should you use to meet each requirement?
To answer, select the appropriate options in the answer area.
ANSWER:
Quota limit: Set-DfsMembership
Staging folder cleanup: Set-DfsServiceConfiguration
Q163. Your company has four offices. The offices are located in Montreal, Seattle, Sydney, and New York.
The network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2012 R2. Server2 has the DHCP Server server role installed.
All client computers obtain their IPv4 and IPv6 addresses from DHCP.
You need to ensure that Network Access Protection (NAP) enforcement for DHCP applies to all of the client computers except for the client computers in the New York office.
Which two nodes should you configure?
To answer, select the appropriate two nodes in the answer area.
ANSWER:
IPv4
Scope IPV4 New York
Q164. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. One of the domain controllers is named DC1. The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings. A server named Server1 is a DNS server that runs a UNIX-based operating system. You plan to use Server1 as a secondary DNS server for the contoso.com zone. You need to ensure that Server1 can host a secondary copy of the contoso.com zone. What should you do?
A. From Windows PowerShell, run the Set-DnsServerForwarder cmdlet and specify the contoso.com zone as a target.
B. From Windows PowerShell, run the Set-DnsServerSetting cmdlet and specify DC1 as a target.
C. From Windows PowerShell, run the Set-DnsServerPrimaryZone cmdlet and specify the contoso.com zone as a target.
D. From DNS Manager, modify the Advanced settings of DC1.
ANSWER: C. From Windows PowerShell, run the Set-DnsServerPrimaryZone cmdlet and specify the contoso.com zone as a target.
Q165. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. One of the domain controllers is named DC1. The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings. A server named Server1 is a DNS server that runs a UNIX-based operating system. You plan to use Server1 as a secondary DNS server for the contoso.com zone. You need to ensure that Server1 can host a secondary copy of the contoso.com zone. What should you do?
A. From DNS Manager, modify the Advanced settings of DC1.
B. From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.
C. From Windows PowerShell, run the Set-DnsServerForwarder cmdlet and specify DC1 as a target.
D. From DNS Manager, modify the Security settings of DC1.
ANSWER: C. From Windows PowerShell, run the Set-DnsServerForwarder cmdlet and specify DC1 as a target.
Q166. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
On Server1, you create a network policy named Policy1.
You need to configure Policy1 to ensure that users are added to a VLAN.
Which attributes should you add to Policy1?
A. Tunnel-Tag, Tunnel-Password, Tunnel-Medium-Type, and Tunnel-Preference
B. Tunnel-Tag, Tunnel-Server-Auth-ID, Tunnel-Preference, and Tunnel-Pvt-Group-ID
C. Tunnel-Type, Tunnel-Tag, Tunnel-Medium-Type, and Tunnel-Pvt-Group-ID
D. Tunnel-Type, Tunnel-Password, Tunnel-Server-Auth-ID, and Tunnel-Pvt-Group-ID
ANSWER: C.Tunnel-Type, Tunnel-Tag, Tunnel-Medium-Type, and Tunnel-Pvt-Group-ID
Q167. You have a server named Server1 that runs Windows Server 2012 R2.
You configure Network Access Protection (NAP) on Server1.
Your company implements a new security policy stating that all client computers must have the latest updates installed. The company informs all employees that they have two weeks to update their computer accordingly.
You need to ensure that if the client computers have automatic updating disabled, they are provided with full access to the network until a specific date and time.
Which two nodes should you configure?
To answer, select the appropriate two nodes in the answer area.
ANSWER:
Network Policies + System Health Validators
Q168. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the following BitLocker Drive Encryption (BitLocker) settings:
You need to ensure that drive D will unlock automatically when Server1 restarts. What command should you run?
To answer, select the appropriate options in the answer area.
ANSWER:
Add-BitLockerKeyProtector -MountPointD: -AdAccountOrGroupProtector Contoso\Server1 -Service
Q169. Your network contains an Active Directory domain named contoso.com. Network Policy Server (NPS) is deployed to the domain. You plan to deploy Network Access Protection (NAP). You need to configure the requeriments that are validated on the NPS client computers.
What should you do?
A. From the Network Policy Server console, configure a network policy.
B. From the Network Policy Server console, configure a health policy.
C. From the Network Policy Server console, configure a Windows Security Health Validator (WSHV) policy.
D. From a Group Policy object (GPO), configure the NAP Client Configuration security setting.
E. From a Group Policy object (GPO), configure the Network Access Protection Administrative Templates setting.
ANSWER: C. From the Network Policy Server console, configure a Windows Security Health Validator (WSHV) policy.
You need to log all DHCP clients that have Windows Firewall disabled.
Which three actions should you perform in sequence? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
ANSWER:
Create a Windows Security Health Validator (WSHV)
Create a health policy
Create a network policy
Q170. Your company has a main office and a branch office.
The main office contains a server that hosts a Distributed File System (DFS) replicated folder.
You plan to implement a new DFS server in the branch office.
You need to recommend a solution that minimizes the amount of network bandwidth used to perform the initial synchronization of the folder to the branch office.
You recommend using the Export-DfsrClone and Import-DfsrClone cmdlets.
Which additional command or cmdlet should you include in the recommendation?
A. Robocopy.exe
B. Synchost.exe
C. Export-BcCachePackage
D. Sync-DfsReplicationGroup
ANSWER: A. Robocopy
Q171. Your network contains an Active Directory domain named contoso.com.
You create an organizational unit (OU) named OU1 and a Group Policy object (GPO) named GPO1. You link GPO1 to OU1.
You move several file servers that store sensitive company documents to OU1. Each file server contains more than 40 shared folders.
You need to audit all of the failed attempts to access the files on the file servers in OU1. The solution must minimize administrative effort.
Which two audit policies should you configure in GPO1?
To answer, select the appropriate two objects in the answer area.
ANSWER:
Object Access
Global Object Access Auditing
Q171. Your network contains an Active Directory domain named contoso.com.
Your network contains 25 Web Servers that run Windows Server 2012 R2.
You need to configure auditing policies that meet the following requirements:
- Generate an event each time a new process is created
- Generate an event each time a user attempts to access a file share.
Which two audit policies should you configure in GPO1?
You need to configure auditing policies that meet the following requirements:
- Generate an event each time a new process is created
- Generate an event each time a user attempts to access a file share.
Which two audit policies should you configure in GPO1?
To answer, select the appropriate two objects in the answer area.
Detailed Tracking
Object Access
Q172. Your network contains an Active Directory domain named contoso.com. The domain contains three member servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed.
Server1 and Server2 are configured as replica servers that use Server3 as an upstream server. You remove Server3 from the network.
You need to ensure that WSUS on Server2 retrieves updates from Server1.
The solution must ensure that Server1 and Server2 have the latest updates from Microsoft.
Which command should you run on each server? To answer, select the appropriate command to run on each server in the answer area.
ANSWER:
Server1: Set-wsusserversynchronization -syncfrommu
Server2: Set-wsusserversynchronization -useservername server1
Q173. Your network contains an Active Directory domain named contoso.com. All DNS servers host a DNS zone named adatum.com. The adatum.com zone is not Active Directory-integrated. An administrator modifies the start of authority (SOA) record for the adatum.com zone. After the modification, you discover that when you add or modify DNS records in the adatum.com zone, the changes are not transferred to the DNS servers that host secondary copies of the adatum.com zone. You need to ensure that the records are transferred to all the copies of the adatum.com zone. What should you modify in the SOA record for the adatum.com zone? To answer, select the appropriate setting in the answer area.
ANSWER: Serial number
Q174. Your network contains an Active Directory named contoso.com.
You have users named User1 and user2.
The Network Access Permission for User1 is set to Control access through NPS Network Policy. The Network Access Permission for User2 is set to Allow access.
A policy named Policy1 is shown in the Policy1 exhibit. (Click the Exhibit button.)
A policy named Policy1 is shown in the Policy1 exhibit. (Click the Exhibit button.)
A policy named Policy2 is shown in the Policy2 exhibit. (Click the Exhibit button.)
A policy named Policy3 is shown in the Policy3 exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. Each correct selection is worth one point.
ANSWER:
User1 will be able to establish VPN connection on Thursday - Yes
User1 will be able to establish VPN connection on Friday - No
User2 will be able to establish VPN connection on Friday - Yes
Q175. Your company has a main office and a branch office. The main office is located in Seattle. The branch office is located in Montreal. Each office is configured as an Active Directory site. The network contains an Active Directory domain named adatum.com. The Seattle office contains a file server named Server1. The Montreal office contains a file server named Server2. The servers run Windows Server 2012 R2 and have the File and Storage Services server role, the DFS Namespaces role service, and the DFS Replication role service installed. Server1 and Server2 each have a share named Share1 that is replicated by using DFS Replication.
You need to ensure that users connect to the replicated folder in their respective office when they connect to \\contoso.com\Share1.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. Create a replication connection.
B. Create a namespace.
C. Share and publish the replicated folder.
D. Create a new topology.
E. Modify the Referrals settings.
ANSWER: BCE. Namespace + Share&Publish replicated folder + Referrals settings
Q176. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. All client computers run Windows 8 Enterprise. DC1 contains a Group Policy object (GPO) named GPO1. You need to update the PATH variable on all of the client computers. Which Group Policy preference should you configure.
A. Ini Files
B. Services
C. Environment
D. Data Sources
ANSWER: C. Environment.
Q177. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. Client computers run either Windows 7 or Windows 8. All of the client computers have an application named App1 installed. The domain contains a Group Policy object (GPO) named GPO1 that is applied to all of the client computers. You need to add a system variable named App1Data to all of the client computers. Which Group Policy preference should you configure?
A. Services
B. Ini Files
C. Environment
D. Data Sources
ANSWER: C. Environment.
Q178. Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains two Active Directory sites named Site1 and Site2. You plan to deploy a read-only domain controller (RODC) named DC10 to Site2. You pre-create the DC10 domain controller account by using Active Directory Users and Computers. You need to identify which domain controller will be used for initial replication during the promotion of the RODC. Which tab should you use to identify the domain controller?
To answer, select the appropriate tab in the answer area.
ANSWER:
General
Q179. Your network contains an Active Directory domain named contoso.com. The domain contains 30 user accounts that are used for network administration. The user accounts are members of a domain global group named Group1.
You identify the security requirements for the 30 user accounts as shown in the following table.
A. Services
B. Ini Files
C. Environment
D. Data Sources
ANSWER: C. Environment.
Q178. Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains two Active Directory sites named Site1 and Site2. You plan to deploy a read-only domain controller (RODC) named DC10 to Site2. You pre-create the DC10 domain controller account by using Active Directory Users and Computers. You need to identify which domain controller will be used for initial replication during the promotion of the RODC. Which tab should you use to identify the domain controller?
To answer, select the appropriate tab in the answer area.
ANSWER:
General
Q179. Your network contains an Active Directory domain named contoso.com. The domain contains 30 user accounts that are used for network administration. The user accounts are members of a domain global group named Group1.
You identify the security requirements for the 30 user accounts as shown in the following table.
You need to identify which settings must be implemented by using a Password Settings object (PSO) and which settings must be implemented by modifying the properties of the user accounts.
What should you identify?
ANSWER:
minimum password length - PSO
Account is sensitive cannot be delegated - User account properties
User cannot change password - User account properties
Enforce password history - PSO
Q180. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\. All of the domain controllers have a third-party application installed. The operating system fails to recognize that the application is compatible with domain controller cloning. You verify with the application vendor that the application supports domain controller cloning. You need to prepare a domain controller for cloning.
What should you do?
A. In D:\Windows\NTDS\, create an XML file named DCCloneConfig.xml and add the application information to the file. B. In the root of a USB flash drive, add the application information to an XML file named DefaultDCCloneAllowList.xml.
C. In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and add the application information to the file.
D. In D:\Windows\NTDS, create an XML file named DefaultDCCloneAllowList.xml and add the application information to the file.
ANSWER: C. In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and add the application information to the file.
Q181. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\. All of the domain controllers have a third-party application installed. The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning.
You need to prepare a domain controller for cloning.
What should you do?
A. In D:\Windows\NTDS\, create an XML file named DCCloneConfig.xml and add the application information to the file.B. In the root of a USB flash drive, add the application information to an XML file named DefaultDCCloneAllowList.xml.
C. In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and add the application information to the file.
D. In C:\Windows\System32\Sysprep\Actionfiles\add the application information to an XML file named Respecialize.xml.
Answer: C. In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and add the application information to the file.
Q182. You have a file server named Server1 that runs Windows Server 2012 R2.
A user named User1 is assigned the modify NTFS permission to a folder named C:\shares and all of the subfolders of C:\shares.
On Server1, you open File Server Resource Manager as shown in the exhibit. (Click the Exhibit button.)
A user named User1 is assigned the modify NTFS permission to a folder named C:\shares and all of the subfolders of C:\shares.
On Server1, you open File Server Resource Manager as shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point
Each correct selection is worth one point
ANSWER:
USer1 can copy to C:\shares - File3.jpg.zip
User2 cannot copy to C:\Shares\share2 - File4.mp3
Q183. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed.
All of the VPN servers on your network use Server1 for RADIUS authentication.
You create a security group named Group1. All of the VPN servers on your network use Server1 for RADIUS authentication.
You need to configure Network Policy and Access Services (NPAS) to meet the following requirements:
- Ensure that only the members of Group1 can establish a VPN connection to the VPN servers.
- Allow only the members of Group1 to establish a VPN connection to the VPN servers if the members are using client computers that run Windows 8 or later.
Which type of policy should you create for each requirement?
To answer, drag the appropriate policy types to the correct requirements. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content
ANSWER:
Only members of Group1 can establish a VPN connection to the VPN servers - Network Policies
Only members of Group1 establish VPN connection to VPN servers if members are using computers running W8 or later - Network Policies
Q184. You have a server named Server1 that runs Windows Server 2012 R2. You discover that the performance of Server1 is poor. The results of a performance report generated on Server1 are shown in the following table.
You need to identify the cause of the performance issue. What should you identify?
A. Excessive paging
B. NUMA fragmentation
C. Driver malfunction
D. Insufficient RAM
ANSWER: C. Driver malfunction
Q185. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You have a client named Client1 that is configured as an 802.1X supplicant.
You need to configure Server1 to handle authentication requests from Client1. The solution must minimize the number of authentication methods enabled on Server1.
Which authentication method should you enable?
To answer, select the appropriate authentication method in the answer area
ANSWER:
Extensible Authentication Protocol (EAP)
Q186. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. A domain controller named DC1 has the ADMX Migrator tool installed. You have a custom Administrative Template file on DC1 named Template1.adm. You need to add a custom registry entry to Template1.adm by using the ADMX Migrator tool.
Which action should you run first?
A. Load Template
B. New Policy Setting
C. Generate ADMX from ADM
D. New Category
ANSWER: C. Generate ADMX from ADM
Q187. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You create a central store for Group Policy.
You receive a custom administrative template named Template1.admx.
You need to ensure that the settings in Template1.admx appear in all new Group Policy objects (GPOs).
What should you do?
A. Copy Template1.admx to \\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\
B. From the Default Domain Controllers Policy, add Template1.admx to the Administrative Templates.
C. Copy Template1.admx to \\Contoso.com\NETLOGON
D. From the Default Domain Policy, add Template1.admx to the Administrative Templates.
ANSWER: A. Copy Template1.admx to \\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\
Q188. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. Administrators use client computers that run Windows 8 to perform all management tasks. A central store is configured on a domain controller named DC1. You have a custom administrative template file named App1.admx. App1.admx contains application settings for an application named App1. From a client computer named Computer1, you create a new Group Policy object (GPO) named GPO1. You discover that the application settings for App1 fail to appear in GPO1.You need to ensure that the App1 settings appear in all of the new GPOs that you create.What should you do?
B. Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\
C. From the Default Domain Policy, add App1.admx to the Administrative Templates
D. Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\StarterGPOs.
ANSWER: B. Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\
Q189. Your network contains an Active Directory domain named adatum.com. A network administrator creates a Group Policy central store.
After the central store is created, you discover that when you create new Group Policy objects (GPOs), the GPOs do not contain any Administrative Templates.
You need to ensure that the Administrative Templates appear in new GPOs.
What should you do?
A. Add your user account to the Group Policy Creator Owners group.
B. Configure all domain controllers as global catalog servers.
C. Copy files from %Windir%\Policydefinitions to the central store.
D. Modify the Delegation settings of the new GPOs.
Q190. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
You need to configure Server1 to meet the following requirements:
- Ensure that old files in a folder named Folder1 are archived automatically to a folder named Archive1.
- Ensure that all storage reports are saved to a network share.
Which two nodes should you configure?
To answer, select the appropriate two nodes in the answer area.
ANSWER:
File Server Resource Manager (Local)
File Management Tasks
Q191. Your network contains an Active Directory domain named contoso.com. You need to create a certificate template for the BitLocker Drive Encryption (BitLocker) Network Unlock feature. Which Cryptography setting of the certificate template should you modify? To answer, select the appropriate setting in the answer area.
ANSWER:
Minimum key size
192. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
You need to audit successful and failed attempts to read data from USB drives on the servers.
Which two objects should you configure?
To answer, select the appropriate two objects in the answer area.
ANSWER:
Minimum key size
You need to audit successful and failed attempts to read data from USB drives on the servers.
Which two objects should you configure?
To answer, select the appropriate two objects in the answer area.
ANSWER:
Audit Handle Manipulation
Audit Removable Storage
Q193. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8.1 Enterprise and Microsoft Office 2013.
You implement a Group Policy central store.
You need to modify the default Microsoft Office 2013 Save As location for all client computers. The solution must minimize administrative effort.
What should you configure in a Group Policy object (GPO)?
You implement a Group Policy central store.
You need to modify the default Microsoft Office 2013 Save As location for all client computers. The solution must minimize administrative effort.
What should you configure in a Group Policy object (GPO)?
A. The Group Policy preferences
B. An application control policy
C. The Administrative Templates
D. The Software Installation settings
Answer: A. The Group Policy preferences
Q194. Your network contains an Active Directory domain named contoso.com.
You need to install and configure the Web Application Proxy role service.
What should you do?
A. Install the Active Directory Federation Services server role and the Remote Access server role on different servers.
B. Install the Active Directory Federation Services server role and the Remote Access server role on different servers.
C. Install the Web Server (IIS) server role and the Application Server server role on the same server.
D. Install the Web Server (IIS) server role and the Apllication Server server role on different servers.
ANSWER: A. Install the Active Directory Federation Services server role and the Remote Access server role on different servers.
Q195. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed. You plan to deploy 802.1x authentication to secure the wireless network. You need to identify which Network Policy Server (NPS) authentication method supports certificate-based mutual authentication for the 802.lx deployment. Which authentication method should you identify?
A. PEAP-MS-CHAP v2
B. MS-CHAP v2
C. EAP-TLS
D. MS-CHAP
ANSWER: C. EAP-TLS
Q196. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
You generalize Server2.
You install the Windows Deployment Services (WDS) server role on Server1.
You need to capture an image of Server2 on Server1.
Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
ANSWER:
Start Server2 by using PXE
Add a capture image
Add an install image
Q197. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a file server named Server1. All client computers run Windows 8. Users share the client computers and frequently log on to different client computers. You need to ensure that when the users save files in the Documents folder, the files are saved automatically to \\Server1\Users\. The solution must minimize the amount of network traffic that occurs when the users log on to the client computers. What should you do?
A. From a Group Policy object (GPO), configure the Folder Redirection settings
B. From the properties of each user account, configure the Home folder settings
C. From the properties of each user account, configure the User profile settings
D. From a Group Policy object (GPO), configure the Drive Maps preference.
ANSWER: A. From a Group Policy object (GPO), configure the Folder Redirection settings
Q198. Your network contains an Active Directory domain named adatum.com. The domain contains a file server name Server1 that runs Windows Server 2012 R2. Client computers run Windows 7. You need to ensure that user settings are saved to \\Server1\Users\.
What should you do?
A. From the properties of each user account, configure the Home folder settings
B. From a Group Policy object (GPO), configure the Folder Redirection settings
C. From the properties of each user account, configure the User profile settings
D. From a Group Policy object (GPO), configure the Drive Maps preference.
ANSWER: C. From the properties of each user account, configure the User profile settings
Q199. Your network has a router named Router1 that provides access to the Internet. You have a server named Server1 that runs Windows Server 2012 R2. Server1 to use Router1 as the default gateway. A new router named Router2 is added to the network. Router2 provides access to the Internet. The IP address of the internal interface on Router2 is 10.1.14.254. You need to configure Server1 to use Router2 to connect to the Internet if Router1 fails. What should you do on Server1?
A. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 1.
B. Add 10.1.14.254 as a gateway and set the metric to 1.
C. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 1.
D. Add 10.1.14.254 as a gateway and set the metric to 500.
ANSWER: D. Add 10.1.14.254 as a gateway and set the metric to 500.
Q200. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. You log on to Server1 by using a user account named User2. From the Remote Access Management Console, you run the Getting Started Wizard and you receive a warning message as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can configure DirectAccess successfully. The solution must minimize the number of permissions assigned to User2.
To which group should you add User2?
A. Enterprise Admins
B. Domain Admins
C. Server Operators
D. Account Operators
ANSWER: B. Domain Admins
Q201. Your network contains a server named Server1 that has the Network Policy and Access Services server role installed.
All of the network access servers forward connection requests to Server1.
You create a new network policy on Server1.
You need to ensure that the new policy applies only to connection requests from the
192.168.0.0/24 subnet.
What should you do?
A. Set the Client IP4 Address condition to 192.168.0.0/24.
B. Set the Client IP4 Address condition to 192.168.0.
C. Set the Called Station ID constraint to 192.168.0.0/24.
D. Set the Called Station ID constraint to 192.168.0.
ANSWER: B. Set the Client IP4 Address CONDITION to 192.168.0.
Q202. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. DirectAccess is deployed to the network. Remote users connect to the DirectAccess server by using a variety of network speeds. The remote users report that sometimes their connection is very slow. You need to minimize Group Policy processing across all wireless wide area network (WWAN) connections. Which Group Policy setting should you configure?
A. Configure Group Policy slow link detection.
B. Configure wireless policy processing.
C. Change Group Policy processing to run asynchronously when a slow network connection is detected.
D. Configure Direct Access connections as a fast network connection.
ANSWER: A. Configure Group Policy slow link detection.
Q203. Your network contains an Active Directory forest named contoso.com. All domain controllers run Windows Server 2008 R2. The schema is upgraded to Windows Server 2012 R2.
Server 1 and Server2 host a load-balanced application pool named AppPool1.
You need to ensure that AppPool1 uses a group Manged Service Account as its identity.
Which 3 actions should you perform?
ANSWER:
Install a domain controller that runs Windows Server 2012
NEW-ADServiceAccount cmdlet
Modify the settings of AppPool1
Q204. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012. You have a Group Policy object (GPO) named GPO1 that contains several custom Administrative templates. You need to filter the GPO to display only settings that will be removed from the registry when the GPO falls out of scope. The solution must only display settings that are either enabled or disabled and that have a comment. How should you configure the filter?
To answer, select the appropriate options below. Select three
A. Set Managed to: Yes
B. Set Managed to: No
C. Set Managed to: Any
D. Set Configured to: Yes
E. Set Configured to: No
F. Set Configured to: Any
G. Set Commented to: Yes
H. Set Commented to: No
I. Set Commented to: Any
ANSWER: ADG. Managed + Conf + Comment = Yes
Q205. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named dcl.contoso.com. You discover that the Default Domain Policy Group Policy objects (GPOs) and the Default Domain Controllers
Policy GPOs were deleted. You need to recover the Default Domain Policy and the Default Domain Controllers Policy GPOs. What should you run?
A. dcgpofix.exe /target:domain
B. gpfixup.exe /dc:dc1.contoso.com
C. dcgpofix.exe /target:both
D. gptixup.exe /oldnb:contoso /newnb:dc1
ANSWER: C. dcgpofix.exe /target:both
Q206. Your network contains a single Active Directory domain named contoso.com. The domain contains an Active Directory site named Site1 and an organizational unit (OU) named OU1. The domain contains a client computer named Client1 that is located in OU1 and Site1. You create five Group Policy objects (GPO). The GPOs are configured as shown in the following table.
You need to identify in which order the GPOs will be applied to Client1. In which order should you arrange the listed GPOs?
To answer, move all GPOs from the list of GPOs to the answer area and arrange them in the correct order. Select and Place.
ANSWER:
Q207. Your network contains a production Active Directory forest named contoso.com and a test Active Directory forest named test.contoso.com. There is no network connectivity between contoso.com and test.contoso.com. The test.contoso.com domain contains a Group Policy object (GPO) named GPO1. You need to apply the settings in GPO1 to the contoso.com domain. Which four actions should you perform?
To answer, move the four appropriate actions from the list of actions to the answer area and arrange them in the correct order
ANSWER:
Run the Backup-GPO cmdlet
Use a removable media to transfer the contents of test.contoso.com to contoso.com
Create a GPO un contoso.como
Run the import-GPO cmdlet
Q208. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 is configured as a VPN server. You need to configure Server1 to perform network address translation (NAT).
What should you do?
A. From Network Connections, modify the Internet Protocol Version 6 (TCP/IPv6) setting of each
network adapter.
B. From Routing and Remote Access, add an IPv4 routing protocol.
C. From Routing and Remote Access, add an IPv6 routing protocol.
D. From Network Connections, modify the Internet Protocol Version 4 (TCP/IPv4) setting of each
network adapter.
ANSWER: B. From Routing and Remote Access, add an IPv4 routing protocol.
Q209. You network contains a RADIUS server named Admin1.
You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed.
You need to ensure that all accounting requests for Server2 are forwarded to Admin1.
On Server2, you create a new remote RADIUS server group named Group1 that contains Admin1.
What should you configure next on Server2?
To answer, select the appropiate node in the answer area.
![clip_image001[64]](http://examgod.com/l2pimages/8bae56556d4d_7B35/clip_image00164_thumb.jpg "clip_image001[64]")
Policy GPOs were deleted. You need to recover the Default Domain Policy and the Default Domain Controllers Policy GPOs. What should you run?
A. dcgpofix.exe /target:domain
B. gpfixup.exe /dc:dc1.contoso.com
C. dcgpofix.exe /target:both
D. gptixup.exe /oldnb:contoso /newnb:dc1
ANSWER: C. dcgpofix.exe /target:both
Q206. Your network contains a single Active Directory domain named contoso.com. The domain contains an Active Directory site named Site1 and an organizational unit (OU) named OU1. The domain contains a client computer named Client1 that is located in OU1 and Site1. You create five Group Policy objects (GPO). The GPOs are configured as shown in the following table.
To answer, move all GPOs from the list of GPOs to the answer area and arrange them in the correct order. Select and Place.
ANSWER:
Q207. Your network contains a production Active Directory forest named contoso.com and a test Active Directory forest named test.contoso.com. There is no network connectivity between contoso.com and test.contoso.com. The test.contoso.com domain contains a Group Policy object (GPO) named GPO1. You need to apply the settings in GPO1 to the contoso.com domain. Which four actions should you perform?
To answer, move the four appropriate actions from the list of actions to the answer area and arrange them in the correct order
ANSWER:
Run the Backup-GPO cmdlet
Use a removable media to transfer the contents of test.contoso.com to contoso.com
Create a GPO un contoso.como
Run the import-GPO cmdlet
Q208. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 is configured as a VPN server. You need to configure Server1 to perform network address translation (NAT).
What should you do?
A. From Network Connections, modify the Internet Protocol Version 6 (TCP/IPv6) setting of each
network adapter.
B. From Routing and Remote Access, add an IPv4 routing protocol.
C. From Routing and Remote Access, add an IPv6 routing protocol.
D. From Network Connections, modify the Internet Protocol Version 4 (TCP/IPv4) setting of each
network adapter.
ANSWER: B. From Routing and Remote Access, add an IPv4 routing protocol.
Q209. You network contains a RADIUS server named Admin1.
You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed.
You need to ensure that all accounting requests for Server2 are forwarded to Admin1.
On Server2, you create a new remote RADIUS server group named Group1 that contains Admin1.
What should you configure next on Server2?
To answer, select the appropiate node in the answer area.
To answer, select the appropriate node in the answer area.
ANSWER:
Policies=> Connection Request Policies
Policies=> Connection Request Policies
Q210. Your network contains an Active Directory domain named contoso.com. The domain controllers in the domain are configured as shown in the following table.
![clip_image001[64]](http://examgod.com/l2pimages/8bae56556d4d_7B35/clip_image00164.jpg "clip_image001[64]")
You deploy a new domain controller named DC3 that runs Windows Server 2012 R2. You discover that you cannot create Password Settings objects (PSOs) by using Active Directory Administrative Center. You need to ensure that you can create PSOs from Active Directory Administrative Center. What should you do?
A. Raise the functional level of the domain.
B. Upgrade DC1.
C. Transfer the infrastructure master operations master role.
D. Transfer the PDC emulator operations master role.
ANSWER: A. Raise the functional level of the domain.
Q211. Server1 regularly acccesses Server2.
You discover that all of the connections from Server1 to Server2 are routed through Router1. You need to optimize the connection path from Server1 to Server2.
Which route command should you run on Server1?
A. Route add -p 192.168.2.0 MASK 255.255.255.0 192.168.1.2 METRIC 100
B. Route add -p 192.168.2.12 MASK 255.255.255.0 192.168.2.1 METRIC 100
C. Route add -p 192.168.2.12 MASK 255.255.255.0 192.168.2.0 METRIC 50
D. Route add -p 192.168.2.0 MASK 255.255.255.0 192.168.2.1 METRIC 50
ANSWER: A. Route add -p 192.168.2.0 MASK 255.255.255.0 192.168.1.2 METRIC 100
Q212. Your network contains an Active Directory domain named contoso.com. The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed.
You plan to deploy additional servers that have the Network Policy and Access Services server role installed.
You must standardize as many settings on the new servers as possible.
You need to identify which settings can be standardized by using the Network Policy Server (NPS) templates.
Which three settings should you identify? (Each answer presents part of the solution.
Choose three.)
A. IP filters
B. shared secrets
C. health policies
D. network policies
E. connection request policies
ANSWER: ABC. IP filters+ Shared secrets + Health policies
No hay comentarios:
Publicar un comentario