Configuring Advanced Windows Server 2012 R2 Services
Question No: 71 – (Topic 2)
You have a server named FS1 that runs Windows Server 2012 R2. You install the File and Storage Services server role on FS1.
From Windows Explorer, you view the properties of a shared folder named Share1 and you discover that the Classification tab is missing.
You need to ensure that you can assign classifications to Share1 from Windows Explorer manually.
What should you do?
From Folder Options, select Show hidden files, folders, and drives.
From Folder Options, clear Use Sharing Wizard (Recommend).
Install the File Server Resource Manager role service.
Install the Enhanced Storage feature.
Answer: C Explanation:
On the Classification tab of the file properties in Windows Server 2012, File Classification Infrastructure adds the ability to manually classify files. You can also classify folders so that any file added to the classified folder will inherit the classifications of the parent folder.
Reference: What#39;s New in File Server Resource Manager in Windows Server
Question No: 72 – (Topic 2)
Your network contains three servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2.
You need to ensure that Server1 can provide iSCSI storage for Server2 and Server3. What should you do on Server1?
Start the Microsoft iSCSI Initiator Service and configure the iSCSI Initiator Properties.
Install the iSNS Server service feature and create a Discovery Domain.
Install the Multipath I/O (MPIO) feature and configure the MPIO Properties.
Install the iSCSI Target Server role service and configure iSCSI targets.
Answer: D Explanation:
iSCSI Target Server: The server runs the iSCSI Target. It is also the iSCSI Target role name in Windows Server 2012.
iSCSI: it is an industry standard protocol allow sharing block storage over the Ethernet. The server shares the storage is called iSCSI Target. The server (machine) consumes the storage is called iSCSI initiator. Typically, the iSCSI initiator is an application server. For example, iSCSI Target provides storage to a SQL server, the SQL server will be the iSCSI initiator in this deployment.
Target: It is an object which allows the iSCSI initiator to make a connection. The Target keeps track of the initiators which are allowed to be connected to it. The Target also keeps track of the iSCSI virtual disks which are associated with it. Once the initiator establishes
the connection to the Target, all the iSCSI virtual disks associated with the Target will be accessible by the initiator.
Question No: 73 – (Topic 2)
Your network contains four Active Directory forests. Each forest contains an Active Directory Rights Management Services (AD RMS) root cluster.
All of the users in all of the forests must be able to access protected content from any of the forests.
You need to identify the minimum number of AD RMS trusts required. How many trusts should you identify?
Answer: C Explanation:
The number of AD RMS trusts required to interact between all AD RMS forests can be defined by using the following formula: N*(N-1).
Here N=4, so the number of trust is 12 (4*3).
Reference: AD RMS Prerequisites, Important considerations for installing AD RMS in a multi-forest environment
Question No: 74 – (Topic 2)
Your network contains an Active Directory forest named contoso.com. The forest contains
a single domain. The forest functional level is Windows Server 2012 R2. You have a domain controller named DC1.
On DC1, you create a new Group Policy object (GPO) named GPO1. You need to verify that GPO1 was replicated to all of the domain controllers.
Which tool should you use?
Group Policy Management
Active Directory Sites and Services
Active Directory Administrative Center
Answer: A Explanation:
In Windows Server 2012, the Group Policy Management Console (GPMC) was enhanced to provide a report for the overall health state of the Group Policy infrastructure for a domain, or to scope the health view to a single GPO.
Question No: 75 – (Topic 2)
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as a standalone certification authority (CA).
You install a second server named Server2. You install the Online Responder role service on Server2.
You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signing certificate to Server2.
What should you run on Server1?
The certreq.exe command and specify the -policy parameter
The certutil.exe command and specify the -getkey parameter
The certutil.exe command and specify the -setreg parameter
The certreq.exe command and specify the -retrieve parameter
Answer: C Explanation:
To prepare a computer running Windows Server to issue OCSP Response Signing certificates
->On the server hosting the CA, open a command prompt, and type:
->certutil -v -setreg policy\EnableRequestExtensionList 220.127.116.11.18.104.22.168.1.5
->Stop and restart the CA. You can do this at a command prompt by running the following commands:
->net stop certsvc net start certsvc
Reference: Configure a CA to Support OCSP Responders https://technet.microsoft.com/en-us/library/cc732526.aspx
Question No: 76 – (Topic 2)
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 are configured as shown in the following table.
You need to ensure that when new targets are added to Server1, the targets are registered on Server2 automatically.
What should you do on Server1?
Configure the Discovery settings of the iSCSI initiator.
Configure the security settings of the iSCSI target.
Run the Set-WmiInstance cmdlet.
Run the Set-IscsiServerTarget cmdlet.
Answer: C Explanation: Explanation/Reference:
Manage iSNS server registration
The iSNS server registration can be done using the following cmdlets, which manages the WMI objects.
To add an iSNS server:
Set-WmiInstance -Namespace root\wmi -Class WT_iSNSServer -Arguments
Note: The Set-WmiInstance cmdlet creates or updates an instance of an existing WMI class. The created or updated instance is written to the WMI repository.
Question No: 77 – (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs a Server Core installation of Windows Server 2012 R2.
You need to deploy a certification authority (CA) to Server1. The CA must support the auto- enrollment of certificates.
Which two cmdlets should you run? (Each correct answer presents part of the solution. Choose two.)
Answer: B,E Explanation: Explanation
B. The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the AD CS CA role service. It can be used to install a root CA.
Install-AdcsCertificationAuthority -CAType StandaloneRootCA -CACommonName quot;ContosoRootCAquot; -KeyLength 2048 -HashAlgorithm SHA1 -CryptoProviderName quot;RSA#Microsoft Software Key Storage Providerquot;
E: The Install-AdcsWebEnrollment cmdlet performs initial installation and configuration of the Certification Authority Web Enrollment role service.
Note: Prior to the availability of Certificate Enrollment Web Services, AD CS required that client computers configured for certificate auto-enrollment be connected directly to the corporate network. Certificate Enrollment Web Services allows organizations to enable AD CS using a perimeter network. This allows users and computers outside the corporate network to enroll for certificates.
Certificate Enrollment web service
Reference: Deploying AD CS Using Windows PowerShell
Question No: 78 HOTSPOT – (Topic 2)
You have a server that runs Windows Server 2012 R2 and has the iSCSI Target Server role service installed.
You run the New-IscsiVirtualDisk cmdlet as shown in the New-IscsiVirtualDisk exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibits. Each correct selection is worth one point.
From the exhibit we see that the size is 10737418240 bytes. This is roughly 10 GB.
From the exhibit we also see #39;Status: Not connected#39;.
Note: Target: It is an object which allows the iSCSI initiator to make a connection. The Target keeps track of the initiators which are allowed to be connected to it. The Target also keeps track of the iSCSI virtual disks which are associated with it. Once the initiator establishes the connection to the Target, all the iSCSI virtual disks associated with the Target will be accessible by the initiator.
Question No: 79 – (Topic 2)
Your network contains an Active Directory forest. The forest contains one domain named adatum.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
DC2 has all of the domain-wide operations master roles. DC3 has all of the forest-wide operation master roles.
You need to ensure that you can use Password Settings objects (PSOs) in the domain. What should you do first?
Uninstall Active Directory from DC1.
Change the domain functional level.
Transfer the domain-wide operations master roles.
Transfer the forest-wide operations master roles.
Answer: A Explanation:
In Windows Server 2008 and later, you can use fine-grained password policies to specify multiple password policies and apply different password restrictions and account lockout policies to different sets of users within a single domain.
Note: In Microsoft Windows 2000 and Windows Server 2003 Active Directory domains, you could apply only one password and account lockout policy, which is specified in the domain#39;s Default Domain Policy, to all users in the domain. As a result, if you wanted different password and account lockout settings for different sets of users, you had to either create a password filter or deploy multiple domains. Both options were costly for different reasons.
Reference: AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide
Question No: 80 – (Topic 2)
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domain controllers. The domain controllers are configured as shown in the following table.
An IP site link exits between each site.
You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB.
You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable.
What should you do?
Create an SMTP site link between SiteB and SiteC.
Create additional connection objects for DC3 and DC4.
Decrease the cost of the site link between SiteB and SiteC.
Create additional connection objects for DC1 and DC2.
Answer: C Explanation:
By decreasing the site link cost between SiteB and SiteC the SiteC users would be authenticated by SiteB rather than by SiteA.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|