Q101. - (Topic 3)
Your network contains an active directory domain named contoso.com. The domain consists 20
member Servers and 5 domain controllers. All servers run Windows Server 2012 R2. The domain contains 500 client computers.
You plan to deploy a domain controller for contoso.com in Microsoft Azure.
You need to prepare the conversation for planned deployment. The solution should ensure that the domain controller hosted in Azure always have the same IP address.
Witch two actions should you perform? Each correct answer is a part of the solution.
A. From an Azure virtual machine run the Set-AzureStaticVNetIP cmdlet
B. Deploy a Side by side virtual private network (VPN)
C. From Azure virtual machine run the Set –NetIPAuthentication cmdlet
D. From an domain controller run the Set-NetIPAdresses cmdlet
E. From an domain controller run adprep.exe
Set the static VNet IP address information to a VM object.
Q102. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2 and a client computer named Computer1 that runs windows 8.
DC1 is configured as a DHCP server as shown in the exhibit. (Click the Exhibit button.)
Computer1 is configured to obtain an IP address automatically.
You notice that Computer1 is unable to obtain an IP address from DC1.
You need to ensure that Computer1 can receive an IP address from DC1.
What should you do?
A. Disable the Allow filters.
B. Disable the Deny filters.
C. Authorize DC1.contoso.com.
D. Activate Scope [10.1.1.0] Contoso.com.
A red down arrow indicates an unauthorized DHCP server. A DHCP server that is a domain controller or a member of an Active Directory domain queries Active Directory for the list of authorized servers (identified by IP address). If its own IP address is not in the list of authorized DHCP servers, the DHCP Server service does not complete its startup sequence and automatically shuts down.
Q103. HOTSPOT - (Topic 2)
You have a file server named Server1 that runs Windows Server 2012 R2. Server1 contains a folder named Folder1.
A user named User1 is a member of Group1 and Group2. A user named User2 is a
member of Group2 and Group3.
You need to identify which actions the users can perform when they access the files in
What should you identify?
To answer, select the appropriate actions for each user in the answer area.
Q104. - (Topic 3)
Your network contains a file server named Server1 that runs Windows Server 2012 R2. All client computers run Windows 8. Server1 contains a folder named Folder1. Folder1 contains the installation files for the company’s desktop applications. A network technician shares Folder1 as Share 1.
You need to ensure that the share for Folder1 is not visible when users browse the network.
What should you do?
A. From the properties of Folder1, deny the List Folder Contents permission for the Everyone group.
B. From the properties of Folder1, remove Share1, and then share Folder1 as Share1$.
C. From the properties of Folder1, configure the hidden attribute.
D. From the properties of Share1, configure access-based enumeration
Q105. - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the
Hyper-V server role installed. On Server1, you create a virtual machine named VM1.
You need to ensure that VM1 can start by using PXE.
What should you do?
A. Add a second network adapter, and then run the Set-VMNetworkAdaptercmdlet.
B. Add a second network adapter, and then configure network adapter teaming.
C. Remove the network adapter, and then run the Set-VMNetworkAdaptercmdlet.
D. Remove the network adapter, and then add a legacy network adapter.
Q106. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. You need to ensure that the local Administrator account on all computers is renamed to L_Admin. Which Group Policy settings should you modify?
A. Security Options
B. User Rights Assignment
C. Restricted Groups
Q107. - (Topic 3)
Your network contains one Active Directory domain named contoso.com. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01.
The domain contains an administrator account named Admin1.
You need to prevent Admin1 from creating more than 100 objects in the domain partition.
Which tool should you use?
A. the ntdsutil command
B. the Set-ADDomain cmdlet
C. the Install-ADDSDomain cmdlet
D. the dsadd command
E. the dsamain command
F. the dsmgmt command
G. the net user command
H. the Set-ADForest cmdlet
Active Directory quotas are limits on the number of objects that a security principal (that has been delegated the Create Child Objects or Delete Child Objects permission) can own and create. To assign a quota to a security principal, you must use the directory services tools. The command and required parameters for assigning a quota to a security principal are as follows:
dsadd quota –part <partition distinguished name> –qlimit <quotalimit> –acct <security prinicipal>
Reference: Active Directory Quotas
Q108. - (Topic 1)
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All servers run Windows Server 2012 R2. The domain contains two domain controllers named DC1 and DC2. Both domain controllers are virtual machines on a Hyper-V host.
You plan to create a cloned domain controller named DC3 from an image of DC1.
You need to ensure that you can clone DC1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Add the computer account of DC1 to the Cloneable Domain Controllers group.
B. Create a DCCloneConfig.xml file on DC1.
C. Add the computer account of DC3 to the Cloneable Domain Controllers group.
D. Run the Enable-AdOptionalFeaturecmdlet.
E. Modify the contents of the DefaultDCCIoneAllowList.xml file on DC1.
A. Cloneable Domain Controllers Group There’s a new group in town. It’s called Cloneable Domain Controllers and you can find it in the Users container. Membership in this group dictates whether a DC can or cannot be cloned. This group has some permissions set on the domain head that should not be removed. Removing these permissions will cause cloning to fail. Also, as a best practice, DCs shouldn’t be added to the group until you plan to clone and DCs should be removed from the group once cloning is complete. Cloned DCs will also end up in the Cloneable Domain Controllers group.
B. DCCloneConfig.xml There’s one key difference between a cloned DC and a DC that is being restored to a previous snapshot: DCCloneConfig.XML. DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more. This file can be generated in a few different ways. The New-ADDCCloneConfigcmdlet in PowerShell By hand with an XML editor By editing an existing config file, again with an XML editor.
Reference: Virtual Domain Controller Cloning in Windows Server 2012.
Q109. - (Topic 3)
You have a server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. You attach a 4-TB disk to Server1.
The disk is configured as an MBR disk. You need to ensure that you can create a 4-TB volume on the disk.
Which Diskpart command should you use?
Explanation: You can use Diskpart to convert a basic disk to a dynamic disk. The basic disk can either be empty or contain either primary partitions or logical drives. The basic disk can be a data disk or system or boot drive. A MBR file structure is only capable of 2TB maximum. The disk will have to be converted to a GPT file structure. GPT is capable of 18 exabytes volumes. Convert gpt – Converts an empty basic disk with the master boot record (MBR) partition style into a basic disk with the GUID partition table (GPT) partition style. The disk may be a basic or a dynamic disk but it must not contain any valid data partitions or volumes.
Q110. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 installed.
Contoso.com has a server, named ENSUREPASS-SR07, which has the AD DS, DHCP, and DNS server roles installed. Contoso.com also has a server, named ENSUREPASS-SR08, which has the DHCP, and Remote Access server roles installed. You have configured a server, which has the File and Storage Services server role installed, to automatically acquire an IP address.
The server is named ENSUREPASS-SR09. You then create a filter on ENSUREPASS-SR07.
Which of the following is a reason for this configuration?
A. To make sure that ENSUREPASS-SR07 issues ENSUREPASS-SR09 an IP address.
B. To make sure that ENSUREPASS-SR07 does not issue ENSUREPASS-SR09 an IP address.
C. To make sure that ENSUREPASS-SR09 acquires a constant IP address from ENSUREPASS-SR08 only.
D. To make sure that ENSUREPASS-SR09 is configured with a static IP address.