Configuring Advanced Windows Server 2012 R2 Services
Question No: 211 – (Topic 3)
You have a server named LON-DC1 that runs Windows Server 2012 R2. An iSCSI virtual disk named VirtualiSCSI1.vhd exists on LON-DC1 as shown in the exhibit. (Click the Exhibit button.)
You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target.
VirtualiSCSIl.vhd is removed from LON-DC1.
You need to assign VirtualiSCSI2.vhd a logical unit value of 0. What should you do?
Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter.
Run the Add-IscsiVirtualDiskTargetMapping cmdlet and specify the -Lun parameter.
Run the iscsicli command and specify the reportluns parameter.
Run the Set-IscsiVirtualDisk cmdlet and specify the -DevicePath parameter.
Answer: C Explanation:
The Add-IscsiVirtualDiskTargetMapping cmdlet assigns a virtual disk to an iSCSI target. Once a virtual disk has been assigned to a target, and after the iSCSi initiator connects to that target, the iSCSI initiator can access the virtual disk. All of the virtual disks assigned to the same iSCSI target will be accessible by the connected iSCSI initiator.
Parameter include: -Lunlt;Int32gt;
Specifies the logical unit number (LUN) associated with the virtual disk. By default, the lowest available LUN number will be assigned.
Reference: Add-IscsiVirtualDiskTargetMapping https://technet.microsoft.com/en-us/library/jj612800(v=wps.630).aspx
Question No: 212 HOTSPOT – (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2012 R2.
You are a member of the local Administrators group on Server2. You install an Active Directory Rights Management Services (AD RMS) root cluster on Server2.
You need to ensure that the AD RMS cluster is discoverable automatically by the AD RMS client computers and the users in contoso.com.
Which additional configuration settings should you configure? To answer, select the appropriate tab in the answer area.
Active Directory Domain Services (AD DS) service connection point (SCP) automatic service discovery. This is the recommended way to deploy an AD RMS environment. In this scenario, an SCP is created in the Active Directory forest where the AD RMS cluster is installed. When the AD RMS client attempts user activation on the computer, it queries the SCP to find the AD RMS cluster and download the rights account certificate (RAC). With automatic service discovery, no additional configuration is required on the AD RMS client.
Cluster – Cluster Properties – SCP Tab
Question No: 213 HOTSPOT – (Topic 3)
Your network contains an Active Directory domain named contoso.com. The relevant servers in the domain are configured as shown in the following table.
You plan to create a shared folder on Server1 named Share1. Share1 must only be accessed by users who are using computers that are joined to the domain.
You need to identify which servers must be upgraded to support the requirements of Share1.
In the table below, identify which computers require an upgrade and which computers do not require an upgrade. Make only one selection in each row. Each correct selection is worth one point.
There is new file server functionality in Windows Server 2012. The file server should be upgraded to Windows Server 2012.
Question No: 214 – (Topic 3)
You have a DHCP server named Server1 that runs Windows Server 2012 R2. You need to configure Server1 as a stateless DHCPv6 server.
Which cmdlet should you run?
Answer: D Explanation:
The parameters Parent Domain and IPv6 DNS Server, which the installation wizard asked for during the DHCP server role installation if you chose “enable stateless mode,” can be added manually to the Server Options node in the DHCP management console.
The Set-DhcpServerv6OptionValue cmdlet sets an IPv6 option value at the server, scope, or reservation level.
Reference: The difference between stateless and stateful mode of a Windows Server 2008 R2 DHCPv6 server
Question No: 215 – (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed.
You need to store the contents of all the DNS queries received by Server1. What should you configure?
Logging from Windows Firewall with Advanced Security
Debug logging from DNS Manager
A Data Collector Set (DCS) from Performance Monitor
Monitoring from DNS Manager
Answer: B Explanation:
Debug logging allows you to log the packets sent and received by a DNS server. Debug logging is disabled by default, and because it is resource intensive, you should only activate it temporarily when you need more specific detailed information about server performance.
Reference: Active Directory 2008: DNS Debug Logging Facts…
Question No: 216 – (Topic 3)
Your network contains two Active Directory forests named contoso.com and adatum.com. All of the domain controllers in both of the forests run Windows Server 2012 R2. The adatum.com domain contains a file server named Servers.
Adatum.com has a one-way forest trust to contoso.com.
A contoso.com user name User10 attempts to access a shared folder on Servers and receives the error message shown in the exhibit. (Click the Exhibit button.)
You verify that the Authenticated Users group has Read permissions to the Data folder.
You need to ensure that User10 can read the contents of the Data folder on Server5 in the adatum.com domain.
What should you do?
Grant the Other Organization group Read permissions to the Data folder.
Modify the list of logon workstations of the contoso\User10 user account.
Enable the Netlogon Service (NP-In) firewall rule on Server5.
Modify the permissions on the Server5 computer object in Active Directory.
Answer: D Explanation:
To resolve the issue, I had to open up AD Users and Computers -gt; enable Advanced Features -gt; Select the Computer Object -gt; Properties -gt; Security -gt; Add the Group I want to allow access to the computer (in this case, DomainA\Domain users) and allow quot;Allowed to Authenticatequot;. Once I did that, everything worked:
For users in a trusted Windows Server 2008 or Windows Server 2003 domain or forest to be able to access resources in a trusting Windows Server 2008 or Windows Server 2003 domain or forest where the trust authentication setting has been set to selective authentication, each user must be explicitly granted the Allowed to Authenticate permission on the security descriptor of the computer objects (resource computers) that reside in the trusting domain or forest.
Reference: Grant the Allowed to Authenticate Permission on Computers in the Trusting Domain or Forest.
Question No: 217 HOTSPOT – (Topic 3)
Your network contains one Active Directory domain named contoso.com. The domain contains 10 file servers that run Windows Server 2012 R2.
You plan to enable BitLocker Drive Encryption (BitLocker) for the for the operating system drives of the file servers.
You need to configure BitLocker policies for the file servers to meet the following requirements:
->Ensure that all of the servers use a startup PIN for operating system drives encrypted with BitLocker.
->Ensure that the BitLocker recovery key and recovery password are stored in Active
Which two Group Policy settings should you configure? To answer, select the appropriate settings in the answer area.
Choice 1: Require additional authentication at startup
Choice 2: Choose how BitLocker-protected operating system drives can be recovered
* Choice 1: Require additional authentication at startup
This policy setting is used to control which unlock options are available for operating system drives.
You can set this option to Require startup PIN with TPM
Choice 2: Choose how BitLocker-protected operating system drives can be recovered This policy setting is used to configure recovery methods for operating system drives.
In Save BitLocker recovery information to Active Directory Domain Services, choose which BitLocker recovery information to store in Active Directory Domain Services (AD DS) for operating system drives. If you select Store recovery password and key packages, the BitLocker recovery password and the key package are stored in AD DS. Storing the key
package supports recovering data from a drive that is physically corrupted. If you select Store recovery password only, only the recovery password is stored in AD DS.
Question No: 218 – (Topic 3)
You have a DNS server named Server1 that runs Windows Server 2012 R2. Server1 has the zones shown in the following output.
You need to delegate permissions to modify the records in the adatum.com zone to a group named Group1.
What should you do first?
Enable the distribution of the trust anchors for adatum.com.
Store adatum.com in Active Directory.
Update the server data file for adatum.com.
Explanation: From the exhibit we see that the adatum.com zone is signed.
A trust anchor (or trust “point”) is a public cryptographic key for a signed zone. Trust anchors must be configured on every non-authoritative DNS server that will attempt to validate DNS data. You cannot distribute trust anchors until after a zone is signed.
Reference: Trust Anchors https://technet.microsoft.com/en-us/library/dn593672.aspx
Question No: 219 – (Topic 3)
Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which user accounts were authenticated by RODC1. Which cmdlet should you run?
Answer: C Explanation:
The Get-ADDomainControllerPasswordReplicationPolicyUsage gets the user or computer accounts that are authenticated by a read-only domain controller (RODC) or that have passwords that are stored on that RODC. The list of accounts that are stored on a RODC is known as the revealed list.
Reference: Get-ADDomainControllerPasswordReplicationPolicyUsage https://technet.microsoft.com/en-us/library/ee617194.aspx
Question No: 220 DRAG DROP – (Topic 3)
Your network contains an Active Directory domain named adatum.com. The domain contains three servers. The servers are configured as shown in the following table.
Server1 is configured as shown in the exhibit. (Click the Exhibit button.)
Template1 contains custom cryptography settings that are required by the corporate security team.
On Server2, an administrator successfully installs a certificate based on Template1.
The administrator reports that Template1 is not listed in the Certificate Enrollment wizard on Server3, even after selecting the Show all templates check box.
You need to ensure that you can install a server authentication certificate on Server3. The certificate must comply with the cryptography requirements.
Which three actions should you perform in sequence?
To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.
Duplicate an existing template, modify the Compatibility Settings (to Windows Server 2008), and modify the Request Handling settings.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|