70 410 Dump4certs 336QA PDF

www.dump4certs.
com Leading the Way to IT Certifications
www.Dump4certs.com
70-410 Exam
Installing and Configuring Windows Server 2012
336 Q&As
Version: 9.20
Contact : dump4certs@hotmail.com | sales@dump4certs.com | admin@dump4certs.com
Microsoft 70-410 : Practice Test

Question No : 1 - (Topic 0)
The disks on Server1 are configured as shown in the exhibit. (Click the Exhibit button.)
You create a virtual machine on Server1.
You need to ensure that you can configure a pass-through disk for the virtual machine.
What should you do?
A. Delete partition E.
B. Convert Disk 1 to a GPT disk.
C. Convert Disk 1 to a dynamic disk.
D. Take Disk 1 offline.
Answer: D
Explanation:
Pass-Through Disk must be offline
Pass-through Disk Configuration
Hyper-V allows virtual machines to access storage mapped directly to the Hyper-V server
without requiring thevolume be configured. The storage can either be a physical disk
internal to the Hyper-V server or it can be aStorage Area Network (SAN) Logical Unit (LUN)
mapped to the Hyper-V server. To ensure the Guest hasexclusive access to the storage, it
must be placed in an Offline state from the Hyper-V serverperspective
http://blogs.technet.com/b/askcore/archive/2008/10/24/configuring-pass-through-disks-in-
hyper-v.aspx
http://technet.microsoft.com/pt-pt/library/ff404147%28v=ws.10%29.aspx
You have a server named Server1 that runs Windows Server 8. Server1 has the Hyper-V
server role installed.
You have fixed-size VHD named Files.vhd.
You need to make the contents in Files.vhd available to several virtual machines.
The solution must meet the following requirements:
Ensure that if the contents are changed on any virtual machine, the changes are
not reflected on the other virtual machines.
Minimize the amount of disk space used.
What should you do?
A. Create a dynamically expanding VHDX. Transfer the information from Files.vhd to the
new VHDX file.
B. Create a fixed-size VHDX. Transfer the information from Files.vhd to the new VHDX file.
C. Convert Files.vhd to a dynamically expanding VHD.
D. Create differencing VHDs that use Files.vhd as the parent disk.
Answer: D
Explanation:
A. A conversion would be needed from VHD to VHDX. Not available to multiple VM's
B. Single VHD not available to multiple VM's. Changes wouldn't be reflected
C. A conversion would be needed from VHD to VHDX. Not available to multiple VM's
D. Child disk for multiple VM's with Files.vhd as parent
A differencing disk is associated with another virtual hard disk that you select when you
create the differencing disk. This means that the disk to which you want to associate the
differencing disk must exist first. This virtual hard disk is called the "parent" disk and the
differencing disk is the "child" disk. The parent disk can be any type of virtual hard disk.
The differencing disk stores all changes that would otherwise be made to the parent disk if
the differencing disk was not being used. The differencing disk provides an ongoing way to
save changes without altering the parent disk. You can use the differencing disk to store
changes indefinitely, as long as there is enough space on the physical disk where the
differencing disk is stored. The differencing disk expands dynamically as data is written to it
and can grow as large as the maximum size allocated for the parent disk when the parent
disk was created.
http://technet.microsoft.com/en-us/library/cc720381(v=ws.10).aspx
You have a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-
V server role installed.
On Server1, you create a virtual machine named VM1. VM1 has a legacy network adapter.
You need to assign a specific amount of available network bandwidth to VM1.
What should you do first?
A. Remove the legacy network adapter, and then run the Set-VMNetworkAdaptercmdlet.
B. Add a second legacy network adapter, and then run the Set-VMNetworkAdoptercmdlet.
C. Add a second legacy network adapter, and then configure network adapter teaming.
D. Remove the legacy network adapter, and then add a network adapter.
Answer: D
Explanation:
A. Set-VMNetworkAdaptercmdlet configures features of the virtual network adapter in a
virtual machine or the management operating system
B. The legacy network adapter doesn't support bandwidth management
C. The legacy network adapter doesn't support bandwidth management
D. Add a New network adapter The legacy network adapter doesn't support bandwidth
management
C:\Documents and Settings\usernwz1\Desktop\1.JPG
http://technet.microsoft.com/en-us/library/hh848457(v=wps.620).aspx
http://www.techrepublic.com/blog/networking/set-bandwidth-limits-for-hyper-v-vms-with-
windows-server-2012/5924
Your network contains an Active Directory domain named adatum.com. The domain
contains a server named Server1 that runs Windows Server 2012.
On a server named Core1, you perform a Server Core Installation of Windows Server
2012. You join Core1 to the adatum.com domain.
You need to ensure that you can use Event Viewer on Server1 to view the event logs on
Core1.
What should you do on Core1?
A. Run the Enable-NetFirewallRulecmdlet.

B. Run sconfig.exeandconfigure remote management.
C. Run the Disable-NetFirewallRulecmdlet.
D. Run sconfiq.exeandconfigure the network settings.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/jj574205.aspx
Your network contains a file server named Server1 that runs Windows Server 2012. All
client computers run Windows 8.
You need to ensure that when users are connected to the network, they always use local
offline files that are cached from Server1.
Which Group Policy setting should you configure?
A. Configure slow-link mode

B. Configure Slow link speed
C. Enable file synchronization on costed networks
D. Turn on economical Application of Administratively assigned Offline Files
Answer: A
Explanation:
A. Offline Files to provide faster access to cached files and redirected folders.
B. Defines a slow connection for purposes of App1ying and updating Group Policy.
C. automatically tracks roaming and bandwidth usage limits while on metered connections
D. Lists network files and folders that are always available for offline use. This policy makes
the specified filesand folders available offline to users of the computer.
When Offline Files is operating in the slow-link mode, all network file requests are satisfied
from the OfflineFiles cache. This is similar to a user working offline.
If you enable this policy setting, Offline Files uses the slow-link mode if the network
throughput between theclient and the server is below (slower than) the Throughput
threshold parameter, or if the round-trip networklatency is above (slower than) the Latency
threshold parameter.

http://technet.microsoft.com/en-us/library/hh968298.aspx
http://technet.microsoft.com/en-us/library/cc957631.aspx
http://www.group-policy.com/ref/policy/2229/Configure_slow-link_mode
Your network contains an Active Directory domain named contoso.com. All servers run
either Windows Server 2008 R2 or Windows Serve 2012. All client computers run either
Windows 7 or Windows 8.
The domain contains a member server named Server1 that runs Windows Server 2012.
Server1 has the File and Storage Services server role installed.
On Server1, you create a share named Share1.
You need to ensure that users can use Previous Versions to restore the files in Share1.
What should you configure on Server1?
A. The Shadow Copies settings

B. A Windows Server Backup schedule
C. A data recovery agent
D. The Recycle Bin properties
Answer: A
Explanation:
A. Enable and schedule shadow copies for Share1
B. The backup doesn't give users access until files are restored
C.
D. No settings for file version
You have a server named Server1 that runs Windows Server 2012. Server1 has the Print
and Document Services server role installed.
Server1 is connected to two identical print devices.
You need to ensure that users can submit print jobs to the print devices. The solution must
ensure that if one print device fails, the print jobs will print automatically on the other print
device.
What should you do on Server1?
A. Add two printers and configure the priority of each printer.

B. Add one printer and configure printer pooling.
C. Install the Network Load Balancing (NLB) feature, and then add one printer.
D. Install the Failover Clustering feature, and then add one printer.
Answer: B
Explanation:
A. expedite documents that need to be printed immediately
B. A printing pool is one logical printer connected to multiple printers through multiple ports
of theprint server. The printer that is idle receives the next document sent to the logical
printer. Whenprinting to a printer pool, the spooler will send waiting jobs to alternate ports.
If the original or alternateports are not available
C. NLB for printing is not supported
D. Would need 2 nodes
A printing pool is one logical printer connected to multiple printers through multiple ports of
the print server.
The printer that is idle receives the next document sent to the logical printer.
This is useful in a network with a high volume of printing because it decreases the time
users wait for theirdocuments.
A printing pool also simplifies administration because multiple printers can be managed
from the same logicalprinter on a server.
If one device within a pool stops printing, the current document is held at that device. The
succeedingdocuments print to other devices in the pool, while the delayed document waits
until the nonfunctioningprinter is fixed.
Efficient printer pools have the following characteristics:
All printers in the pool are the same model.
Printer ports can be of the same type or mixed (parallel, serial, and network).
It is recommended that all printers be in one location. Because it is impossible to predict
which printer willreceive the document, keep all printers in a pool in a single location.
Otherwise, users might have a hard timefinding their printed document.
You can create a printing pool to automatically distribute print jobs to the next available
printer. A printing poolis one logical printer connected to multiple printers through multiple
ports of the print server. The printer that isidle receives the next document sent to the
logical printer.
Your network contains a server named Server1 that runs Windows Server 2012. Server1
has the Print and Document Services server role installed.
You connect a new print device to the network. The marketing department and the sales
department will use the print device.
You need to provide users from both departments with the ability to print to the network
print device. The solution must ensure that if there are multiple documents queued to print,
the documents from the sales users print before the documents from the marketing users.
A. Add two printers. Modify the priorities of each printer and the security settings of each
printer.
B. Add two printers and configure printer pooling.
C. Add one printer and configure printer pooling.
D. Add one printer. Modify the printer priority and the security settings.
Answer: A
Explanation: http://technet.microsoft.com/en-us/library/cc738090(v=ws.10).aspx
To set different print priority to different groups
Open Printers and Faxes.
Right-click the printer you want to set, click Properties, and then click the Advanced tab.
In Priority, click the up or down arrows, and then click OK.
Or, type a priority level, where 1 is the lowest level and 99 is the highest, and then click OK.
Click Add Printer to add a second logical printer for the same physical printer. For
instructions, see Related Topics.
Click the Advanced tab.

In Priority, set a priority higher than that of the first logical printer.
Instruct the regular group of users to use the first logical printer name and the group with
higher priority to use the second logical printer name. Set the appropriate permissions for
the different groups.
You have a server named Server2 that runs Windows Server 2012.
You open Server Manager on Server2 as shown in the exhibit. (Click the Exhibit button.)
The Everyone group has read share permission and read NTFS permission to Sources.
You need to ensure that when users browse the network, the Sources share is not visible.
What should you do?
A. From the properties of the Sources folder, remove the Sources share, and then share
the Sources folder as Sources$.
B. From the properties of the Sources folder, deny the List Folder Contents permission for
the Everyone group.
C. From the properties of the Sources share, configure access-based enumeration.
D. From the properties of the Sources folder, configure the hidden attribute.
Answer: A
Explanation:
A. need to remove the old share, $ creates a hidden share
B. This would deny everyine
C. This feature allows users of Windows Server 2003based file servers to list only the files
and folders towhich they have access when browsing content on the file server
D. This would hide the physical folder not the share
A hidden share is identified by a dollar sign ($) at the end of the share name
Hidden shares are not listed when you look through the shares on a computer or use the
"net view" command
Why Use Hidden Shares?
Using hidden shares on your network is useful if you do not want a shared folder or drive
on the network to beeasily accessible. Hidden shares can add another layer of protection
for shared files against unauthorizedpeople connecting to your network. Using hidden
shares helps eliminate the chance for people to guess yourpassword (or be logged into an
authorized Windows account) and then receive access to the shared resource.
http://support.microsoft.com/kb/314984
Your network contains an Active Directory domain named contoso.com. The network
contains a server named Server1 that runs Window Server 8 and a server named Server2
that runs Windows Server 2008 R2 Service Pack 1 (SP1). Server1 and Server2 are
member server.
You need to ensure that you can manage Server2 from Server1 by using Server Manager.
Which two tasks should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. Install Remote Server Administration Tools on Server1.
B. Install Windows Management Framework 3.0 on Server2.
C. Install the Windows PowerShell 2.0 engine on Server1.
D. Install Microsoft .NET Framework 4 on Server2.
E. Install Remote Server Administration Tools on Server2.
Answer: B,D
Explanation: http://technet.microsoft.com/en-us/library/hh831456.aspx
contains a member server named Server1 that runs Windows Server 2012. Server1 has
the DNS Server server role installed and has a primary zone for contoso.com.
The Active Directory domain contains 500 client computers. There are an additional 20
computers in a workgroup.
You discover that every client computer on the network can add its record to the
contoso.com zone.
You need to ensure that only the client computers in the Active Directory domain can
register records in the contoso.com zone.
A. Move the contoso.com zone to a domain controller that is configured as a DNS server.
B. Configure the Dynamic updates settings of the contoso.com zone.
C. Sign the contoso.com zone by using DNSSEC.
D. Configure the Security settings of the contoso.com zone.
Answer: A
Explanation:
If you install DNS server on a non-DC, then you are not able to create AD-integrated
zones.
DNS update security is available only for zones that are integrated into AD DS.
When you directory-integrate a zone, access control list (ACL) editing features are
available in DNS Managerso that you can add or remove users or groups from the ACL for
a specified zone or resource record.
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/9b041bbc-0765-
4eed-bd1cd65027f05e9f/
http://blogs.msmvps.com/acefekay/2012/11/19/ad-dynamic-dns-updates-registration-rules-
of-engagement/
1. Active Directory's DNS Domain Name is NOT a single label name ("DOMAIN" vs the
minimal requirement of"domain.com." "domain.local," etc).
2. The Primary DNS Suffix MUST match the zone name that is allowing updates.
Otherwise the client doesn'tknow what zone name to register in. You can also have a
different Conneciton Specific Suffix in addition to thePrimary DNS Suffix to register into that
zone as well.
3. AD/DNS zone MUST be configured to allow dynamic updates, whether Secure or

Secure and Non-Secure.
For client machines, if a client is not joined to the domain, and the zone is set to Secure, it
will not registereither.
4. You must ONLY use the DNS servers that host a copy of the AD zone name or have a
reference to get tothem. Do not use your ISP's, an external DNS adddress, your router as a
DNS address, or any other DNS thatdoes not have a copy of the AD zone. Internet
resolution for your machines will be accomplished by the Rootservers (Root Hints),
however it's recommended to configure a forwarder for efficient Internet resolution. .
5. The domain controller is multihomed (which means it has more than one unteamed,
active NIC, more thanone IP address, and/or RRAS is installed on the DC).
6. The DNS addresses configured in the client's IP properties must ONLY reference the
DNS server(s) hostingthe AD zone you want to update in.
This means that you must NOT use an external DNS in any machine's IP property in an AD
environment.
You can't mix them either. That's because of the way the DNS Client side resolver service
works. Even if youmix up internal DNS and ISP's DNS addresses, the resolver algorithm
can still have trouble asking the correctDNS server. It will ask the first one first. If it doesn't
get a response, it removes the first one from the eligibleresolvers list and goes to the next
in the list. It will not go back to the first one unless you restart the machine,restart the DNS
Client service, or set a registry entry to cut the query TTL to 0. The rule is to ONLY use
yourinternal DNS server(s) and configure a forwarder to your ISP's DNS for efficient
Internet resolution.
This is the reg entry to cut the query to 0 TTL:

The DNS Client service does not revert to using the first server ...The Windows 2000
Domain Name System
(DNS) Client service (Dnscache) follows a certain algorithm when it decides the order in
which to use the DNSservers ...
For more info, please read the following on the client side resolver service:
DNS, WINS NetBIOS & the Client Side Resolver, Browser Service, Disabling NetBIOS,
Direct Hosted SMB(DirectSMB), If One DC is Down Does a Client logon to Another DC,
and DNS Forwarders Algorithm if youhave multiple forwarders.
http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-client-
side-resolver-browserservice-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-is-
down-does-a-client-logon-to-another-dcand-dns-forwarders-algorithm.aspx
7. For DHCP clients, DHCP Option 006 for the clients are set to the same DNS server.
8. If using DHCP, DHCP server must only be referencing the same exact DNSserver(s) in
it's own IP properties in order for it to 'force' (if you setthat setting) registration into DNS.
Otherwise, how would it know which DNSto send the reg data to?
9. If the AD DNS Domain name is a single label name, such as "EXAMPLE", and not the
proper format of"example.com" and/or any child of that format, such as
"child1.example.com", then we have a real big problem.
DNS will not allow registration into a single label domain name.
This is for two reasons:
1. It's not the proper hierachal format. DNS is hierarchal, but a single label name has no
hierarchy. It's just asingle name.
2. Registration attempts causes major Internet queriesto the Root servers. Why? Because
it thinks thesingle label name, such as "EXAMPLE", is a TLD(Top Level Domain), such as
"com", "net", etc. Itwill now try to find what Root name server out therehandles that TLD. In
the end it comes back to itselfand then attempts to register. Unfortunately it doe NOTask
itself first for the mere reason it thinks it's a TLD.
(Quoted from Alan Woods, Microsoft, 2004):

"Due to this excessive Root query traffic, which ISC found from a study that discovered
Microsoft DNS serversare causing excessive traffic because of single label names,
Microsoft, being an internet friendly neighbor andwanting to stop this problem for their
neighbors, stopped the ability to register into DNS with Windows 2000SP4, XP SP1,
(especially XP,which cause lookup problems too), and Windows 2003. After all, DNS
ishierarchal, so therefore why even allow single label DNS domain names?"
The above also *especially* App1ies to Windows Vista, &, 2008, 2008 R2, and newer.
10. 'Register this connection's address" on the client is not enabled under the NIC's IP
properties, DNS tab.
11. Maybe there's a GPO set to force Secure updates and the machine isn't a joined
member of the domain.
12. ON 2000, 2003 and XP, the "DHCP client" Service not running. In 2008/Vista and
newer, it's the DNSClient Service. This is a requirement for DNS registration and DNS
resolution even if the client is not actuallyusing DHCP.
13. You can also configure DHCP to force register clients for you, as well as keep the DNS
zone clean of old orduplicate entries. See the link I posted in my previous post.
Your company has a remote office that contains 1,600 client computers on a single subnet.
You need to select a subnet mask for the network that will support all of the client
computers. The solution must minimize the number of unused addresses.
Which subnet mask should you select?
A. 255.255.248.0
B. 255.255.252.0
C. 255.255.254.0
D. 255.255.240.0
Answer: A
Explanation:
255.255.252.0 = 11111111.11111111.11111100.00000000 =>( 22 bits 1 .. 10 bits

0 ) => 1111111111 = 1023
255.255.254.0 = 11111111.11111111.11111110.00000000 =>( 23 bits 1 .. 9 bits
0 ) => 111111111 = 511
255.255.255.0 = 11111111.11111111.11111111.00000000 =>( 24 bits 1 .. 8 bits
0 ) => 11111111 = 255
255.255.255.128 = 11111111.11111111.11111111.10000000 =>( 25 bits 1 .. 7 bits
0 ) => 1111111 = 127
http://zeus.fh-brandenburg.de/~ihno/doc/lehre/internet/ip_eng.html
Question No : 13 DRAG DROP - (Topic 0)
You plan to deploy a DHCP server that will support four subnets. The subnets will be
configured as shown in the following table.
You need to identify which network ID you should use for each subnet.
What should you identify?
To answer, drag the appropriate network ID to the each subnet in the answer area.
Answer:
Your network contains three servers that run Windows Server 2012. The servers are
Server3 is configured to obtain an IP address automatically.
You need to ensure that Server3 only receives an IP address from Server1. The IP address
must always be the same.
Choose two.)
A. Create an exclusion on Server1.

B. Create a filter on Server1.
C. Create a reservation on Server2.
D. Create a reservation on Server1.
E. Create a filter on Server2.
Answer: D,E
Explanation:
A. Exclude range of IP's for lease
B. Wrong Server
C. Wrong Sever
D. For clients that require a constant IP address, you can either manually configure a static
IP address,or assign a reservation on the DHCP server
E. DHCP Deny Filter at Server2 to exclude MAC address of Server3
MAC address filterEnable and define an explicit allow list. The DHCP server provides
DHCP services only to clients whose MACaddresses are in the allow list.
Any client that previously received IP addresses is denied address renewal if its MAC
address isnt onthe allow list.
Enable and define an explicit deny list. The DHCP server denies DHCP services only to
clients whose MACaddresses are in the deny list.
Any client that previously received IP addresses is denied address renewal if its MAC
address is on thedeny list.
Enable and define an allow list and a block list.

The block list has precedence over the allow list. This means that the DHCP server
provides DHCPservices only to clients whose MAC addresses are in the allow list, provided
that no corresponding matchesare in the deny list.
If a MAC address has been denied, the address is always blocked even if the address is on
the allowlist.
http://technet.microsoft.com/en-us/magazine/ff521761.aspx
Your network contains an Active Directory domain named contoso.com. The domain
contains a domain controller named DC1 that runs Windows Server 2012 and a client
computer named Computer1 that runs Windows 8.
DC1 is configured as a DHCP server as shown in the exhibit. (Click the Exhibit button.)
Computer1 is configured to obtain an IP address automatically.
You need to ensure that Computer1 can receive an IP address from DC1.
What should you do?
A. Disable the Allow filters.

B. Disable the Deny filters.
C. Activate Scope [10.1.1.0] Contoso.com.
D. Authorize dc1.contoso.com.
Answer: D
Explanation:
Red down arrow indicates a unauthorized DHCP server
A DHCP server that is a domain controller or a member of an Active Directory domain
queries Active Directoryfor the list of authorized servers (identified by IP address).
If its own IP address is not in the list of authorized DHCP servers, the DHCP Server service
does not completeits startup sequence and automatically shuts down.
http://technet.microsoft.com/en-us/library/ee941131(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/gg722802(v=ws.10).aspx
http://pc-addicts.com/server-2012-dhcp-server-role/
contains a domain controller named Server1 that ha the DNS Server server role installed.
Server1 hosts a primary zone for contoso.com.
The domain contains a member server named Server2 that is configured to use Server1 as
its primary DNS server.
From Server2, you run nslookup.exe as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that when you run Nslookup, the correct name of the default server is
displayed.
What should you do?
A. From Advanced TCP/IP Settings on Server1, add contoso.com to the DNS suffix list.
B. On Server1, modify the Security settings of the contoso.com zone.
C. On Server1, create a reverse lookup zone.
D. From Advanced TCP/IP Settings on Server2, add contoso.com to the DNS suffix list.
Answer: C
Explanation:
C. Make sure that a reverse lookup zone that is authoritative for the PTR resource record
exists. For more information about adding a reverse lookup zone, see "Adding a Reverse
Lookup Zone"
contains a domain controller named DC1 that hosts the primary DNS zone for
contoso.com.
All client computers are configured to use DC1 as the primary DNS server.
You need to configure DC1 to resolve any DNS requests that are not for the contoso.com
zone by querying the DNS server of your Internet Service Provider (ISP).
What should you configure?
A. Name server (NS) records

B. Condition& forwarders
C. Forwarders
D. Naming Authority Pointer (NAPTR) DNS resource records (RR)
Answer: C
Explanation:
A. Specifies a name server for the domain, which allows DNS lookups within various
zones. Each primary andsecondary name server should be declared through this record.
B. http://windowsitpro.com/networking/q-whats-conditional-dns-forwarding
C. manage the Domain Name System (DNS) traffic between your network and the Internet
D.
Configure forwarders to send DNS queries directly to your ISP's DNS server or other DNS
servers.
Most of the time, when you configure forwarders, DNS performance and efficiency
increases, but thisconfiguration can also introduce a point of failure if the forwarding DNS
server is experiencing problems.
A forwarder is a Domain Name System (DNS) server on a network used to forward DNS
queries for externalDNS names to DNS servers outside of that network.
A DNS server on a network is designated as a forwarder by having the other DNS servers
in the networkforward the queries they cannot resolve locally to that DNS server.
By using a forwarder, you can manage name resolution for names outside of your network,
such as names onthe Internet, and improve the efficiency of name resolution for the
computers in your network.
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/2f35cae2-341c-
4bfe-9dac-724ddace6d51/
Your network contains an Active Directory domain named contoso.com. All domain
controllers run Windows Server 2012. The domain contains a server named Server1 that
runs Windows Server 2012.
You need to ensure that when users log on to Server1, their user account is added
automatically to a local group named Group1 during the log on process.
Which Group Policy settings should you modify?
A. Restricted Groups
B. Security Options
C. User Rights Assignment
D. Preferences
Answer: D
Explanation:
A. If a Restricted Groups policy is defined and Group Policy is refreshed, any current
member not on the Restricted Groups policy members list is removed
B. Security settings incorporated into policies are rules that administrators configure on a
computer or multiple computers for the purpose of protecting resources on a computer
C. User Rights Assignment policies determines which users or groups have logon rights or
privileges on the computer
D. With Preferences, local and domain accounts can be added to a local group without
affecting the existing members of the group
http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-
administrator-groups/
Your network contains an Active Directory domain named contoso.com.
You need to prevent users from installing a Windows Store app named App1.
What should you create?
A. AnApplication control policy executable rule

B. AnApplication control policy packaged app rule
C. A software restriction policy certificate rule
D. AnApplication control policy Windows Installer rule
Answer: B
Explanation:
Windows 8 is coming REALLY SOON and of course one of the big new things to computer
with that is the newPackaged Apps that run in the start screen. However these apps are
very different and do not install liketraditional apps to a path or have a true executable file
to launch the program. Ofcourse enterprises need a way to control these packaged apps
and therefore Microsoft has added a newfeature Packaged Apps option to the App1ocker
feature.
A. For .exe or .com

B. A publisher rule for a Packaged app is based on publisher, name and version
C. You can create a certificate rule that identifies software and then allows or does not
allow the software torun, depending on the security level.
D. For .msi or .msp
Packaged apps (also known as Windows 8 apps) are new to Windows Server 2012 and
Windows 8.
They are based on the new app model that ensures that all the files within an app package
share the sameidentity.
Therefore, it is possible to control the entire Application using a single App1ocker rule as
opposed to the nonpackagedapps where each file within the app could have a unique
identity.
Windows does not support unsigned packaged apps which implies all packaged apps must
be signed.
App1ocker supports only publisher rules for Packaged apps.

A publisher rule for a Packaged app is based on the following information:
Publisher of the package
Package name
Package version
Therefore, an App1ocker rule for a Packaged app controls both the installation as well as
the running of theapp. Otherwise, the publisher rules for Packaged apps are no different
than the rest of the rule collections; theysupport exceptions, can be increased or decreased
in scope, and can be assigned to users and groups.
http://technet.microsoft.com/en-us/library/dd759068.aspx
http://www.grouppolicy.biz/2012/08/how-manage-published-a-k-a-metro-apps-in-windows-
8-using-grouppolicy/
http://technet.microsoft.com/en-us/library/hh994597.aspx#BKMK_Cert_Rules
Packaged Apps run in the start screen.
However these apps are very different and do not install like traditional apps to a path or
have a trueexecutable file to launch the program.
Enterprises need a way to control these packaged apps and therefore Microsoft has added
a new featurePackaged Apps option to the App1ocker feature.
contains 500 servers that run Windows Server 2012.
You have a written security policy that states the following:
Only required ports must be open on the servers.

All of the servers must have Windows Firewall enabled.
Client computers used by Administrators must be allowed to access all of the ports
on all of the servers.
Client computers used by the Administrators must be authenticated before the
client computers can access the servers.
You have a client computer named Computer1 that runs Windows 8.
You need to ensure that you can use Computer1 to access all of the ports on all of the
servers successfully.
The solution must adhere to the security policy.
Which three actions should you perform? (Each correct answer presents part of the
solution. Choose three.)
A. On Computer1, create a connection security rule.

B. On all of the servers, create an outbound rule and select the Allow the connection if it is
secure option.
C. On all of the servers, create an inbound rule and select the Allow the connection if it is
secure option.
D. On Computer1, create an inbound rule and select the Allow the connection if it is secure
option.
E. On Computer1, create an outbound rule and select the Allow the connection if it is
secure option.
F. On all of the servers, create a connection security rule.
Answer: A,C,F
Explanation:
Unlike firewall rules, which operate unilaterally, connection security rules require that both
communicating computers have a policy with connection security rules or another
compatible IPsec policy.
Traffic that matches a firewall rule that uses the Allow connection if it is secure setting
bypasses Windows Firewall. The rule can filter the traffic by IP address, port, or protocol.
This method is supported on Windows Vista or Windows Server 2008.
Your network contains an Active Directory domain named contoso.com. All user accounts
are in an organizational unit (OU) named Employees.
You create a Group Policy object (GPO) named GP1. You link GP1 to the Employees CU.
You need to ensure that GP1 does not App1y to the members of a group named
Managers.
A. The Security settings of Employees

B. The WMI filter for GP1
C. The Block Inheritance option for Employees
D. The Security settings of GP1
Answer: D
Explanation:
A. Wrong Group
B. Windows Management Instrumentation (WMI) filters allow you to dynamically determine
the scope of GroupPolicy objects (GPOs) based on attributes of the target computer.
C. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher
sites, domains, ororganizational units from being automatically inherited by the child-level.
D. Set Managers to - Members of this security group are exempt from this Group Policy
object.
Security settings.Youuse the Security Settings extension to set security options for
computers and userswithin the scope of a Group Policy object. You can define local
computer, domain, and network securitysettings.
Figure belows shows an example of the security settings that allow everyone to be affected
by this GPO exceptthe members of the Management group, who were explicitly denied
permission to the GPO by setting the App1yGroup Policy ACE to Deny. Note that if a
member of the Management group were also a member of a groupthat had an explicit
Allow setting for the App1y Group Policy ACE, the Deny would take precedence and
theGPO would not affect the user.

http://technet.microsoft.com/en-us/library/bb742376.aspx
http://technet.microsoft.com/en-us/library/cc786636(WS.10).aspx
Your network contains a server named Server1 that runs Windows Server 2012. Server1 is
located on the same subnet as all of the client computers.
A network technician reports that he receives a Request timed out error message when
he attempts to use the ping utility to connect to Server1 from his client computer.
The network technician confirms that he can access resources on Server1 from his client
computer.
You need to configure Windows Firewall with Advanced Security on Server1 to allow the
ping utility to connect.
Which rule should you enable?
A. File and Printer Sharing (Echo Request - ICMPv4-In)

B. Network Discovery (WSD-In)
C. File and Printer Sharing (NB-Session - In)
D. Network Discovery (SSDP - In)
Answer: A
Explanation:
Ping uses ICMP
Open Control Panel, then select System and Security by clicking on that header
Select Windows Firewall, Advanced SettingsIn Windows Firewall with Advanced security
click on Inbound rules Scroll down to File and Printer sharing(Echo request ICMPv4-In).
Right click on the rule and select Enable rule
Make sure that it turns green
Powershell:
Import-Module NetSecurity
Set-NetFirewallRule -DisplayName File and Printer Sharing (Echo Request ICMPv4-In)
-enabled True
You have a file server named Server1 that runs Windows Server 2012.
You need to ensure that a user named User1 can use Windows Server Backup to create a
complete backup of Server1.
A. The local groups by using Computer Management

B. A task by using Authorization Manager
C. The User Rights Assignment by using the Local Group Policy Editor
D. The Role Assignment by using Authorization Manager
Answer: A
Explanation:
A. User needs to be added to local Backup Operator group
B. AzMan is a role-based access control (RBAC) framework that provides an administrative
tool to manage authorization policy and a runtime that allows Applications to perform
access checks against that policy.
C. User Rights Assignment policies determines which users or groups have logon rights or
privileges on the computer
D. AzMan is a role-based access control (RBAC) framework that provides an administrative
tool to manage authorization policy and a runtime that allows Applications to perform
access checks against that policy.
http://msdn.microsoft.com/en-us/library/bb897401.aspx
Your network contains a production Active Directory forest named contoso.com and a test
Active Directory forest named contoso.test. A trust relationship does not exist between the
forests.
In the contoso.test domain, you create a backup of a Group Policy object (GPO) named
GPO1.
You transfer the backup of GPO1 to a domain controller in the contoso.com domain.
You need to create a GPO in contoso.com based on the settings of GPO1. You must
achieve this goal by using the minimum amount of Administrative effort.
What should you do?
A. From Windows PowerShell, run the Get- GPO cmdlet and the Copy- GPO cmdlet.
B. From Windows PowerShell, run the New- GPO cmdlet and the Import- GPO cmdlet.
C. From Group Policy Management, create a new starter GPO. Right-click the new starter
GPO, and then click Restore from Backup.
D. From Group Policy Management, right-click the Croup Policy Objects container, and
then click Manage Backups.
Answer: B
Explanation:
Why not D?
You can also restore GPOs. This operation takes a backed-up GPO and restores it to the
same domain from which it was backed up. You cannot restore a GPO from backup into a
domain different from the GPOs original domain.
http://technet.microsoft.com/en-us/library/cc781458(v=WS.10).aspx
http://technet.microsoft.com/en-us/library/ee461050.aspx
has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
You install a network monitoring Application on VM2.
You need to ensure that all of the traffic sent to VM3 can be captured on VM2.
A. NUMA topology
B. Resource control
C. resource metering
D. virtual Machine Chimney
E. the VLAN ID
F. Processor Compatibility
G. the startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Answer: J
Explanation:
J. With Hyper-V Virtual Switch port mirroring, you can select the switch ports that are
monitored as well as the switch port that receives copies of all the traffic
http://technet.microsoft.com/en-us/library/jj679878.aspx#bkmk_portmirror
You plan to schedule a complete backup of Server1 by using Windows Server Backup.
You need to ensure that the state of VM1 is saved before the backup starts.

A. NUMA topology
B. Resource control
E. the VLAN ID
J. Port mirroring
Answer: I
Explanation:
What is the Hyper-V Saved State?
Some Hyper-V virtual machines briefly go offline into a "Saved State" at the initial phase of
a backup.
While the backup is running, they usually come back online after a couple of seconds.
Background KnowledgeThe decision to pull Hyper-V virtual machines offline into a Saved
State is done solely within Hyper-VManagement Services.
Backup software utilities have no way to force a live backup when Hyper-V determines it
can't and shouldn't bedone.There are many factors that are considered by Hyper-V when it
decides whether to take a VM offline or not,Hyper-V Live Backup Requirements:
To achieve zero downtime live backups of virtual machines, you need the following
conditions met:
1. The VM guest needs to have Integration Services installed, enabled, and running
(COM+ System
Application Service, Distributed Transaction Coordinator Service, and Volume Shadow
Copy Service). Alsoreview the VM settings in Hyper-V, the 'backup' option needs to be
checked.
2. All disks involved need to be formatted with NTFS, including the disks within the VM.
3. The Volume Shadow Copy Service and related VSS services need to be enabled and
running.
4. The shadow copy storage space for each drive must be available to Hyper-V VSS Writer
and be located atthe same volume. For instance, the storage space for drive C: needs to
be on drive C: itself, and so on. Usethe VSSADMIN command from the command line to
check the settings. (Use: vssadmin list shadowstorage /vssadmin resize shadowstorage)
5. Ensure the VMs are partitioned using 'basic disk' formatting. At the moment Hyper-V
does not support livebackup for VMs formatted using dynamic disk partitioning or GPT.
7. Ensure you have at least about 20% free space on each drive involved, such as the
drive on the host andthe VM's main system drive.
8. Ensure plenty of un-fragmented RAM is available on the host. If a machine is pulled into
Saved State, Hyper-
V may not be able to bring the VM back online if it can't allocate a continuous block of
RAM. Note that theremay be sufficient total RAM available but not enough to place a single
block. You should therefore aim to keepat least 512 MB to 1 GB of RAM free when all VMs
are powered up.
http://msdn.microsoft.com/en-us/library/dd405549(v=vs.85).aspx
http://backupchain.com/Understanding-Saved-State-Hyper-V-Backup.html
VM3 is used to test Applications.
You need to prevent VM3 from synchronizing its clock to Server1.
A. NUMA topology
B. Resource control
E. the VLAN ID
J. Port mirroring
Answer: I
Explanation:
By default when you install the Integration Services/Components you get time
synchronization with the host OS, here is how to disable ongoing time synchronization.
When you install the integration services/components in Hyper-V virtual machine you get a
set of services installed and enabled by default.
Operating system shutdown

Time synchronization
Data exchange heartbeat
Backup via VSS

If you do not want the virtual machine to continuously synch its time to the Hyper-V host
using the integration service, you can disable the integration service from the Hyper-V
manager.
Open up the settings for the VM

Under Management, highlight the Integration Services option and you will get a list of the
Integration
Services installed and enabled Uncheck the Time Synchronization service and press
App1y.
The virtual machine will now not sync its time with the Hyper-V host on a continuous
basis....BUT it will always sync once at power on. This is required to boot strap the timer
inside the virtual machine
http://www.virtualizationadmin.com/kbase/VirtualizationTips/ServerVirtualization/MicrosoftH
yper-VTips/PerformanceandScalability/DisablingTimeSyncinaVM.html
http://blogs.technet.com/b/virtualization/archive/2008/08/29/backing-up-hyper-v-virtual-
machines.aspx
You need to configure VM4 to track the CPU, memory, and network usage.
A. NUMA topology
B. Resource control
D. Virtual Machine Chimney
E. the VLAN ID
J. Port mirroring
Answer: C
Explanation:
http://blogs.technet.com/b/meamcs/archive/2012/05/28/hyper-v-resource-metering-in-
windows-server-2012-server-8-beta.aspx
Metrics collected for each virtual machine using resource metering:

Average CPU usage, measured in megahertz over a period of time.
Average physical memory usage, measured in megabytes.
Minimum memory usage (lowest amount of physical memory).
Maximum memory usage (highest amount of physical memory).
Maximum amount of disk space allocated to a virtual machine.
Total incoming network traffic, measured in megabytes, for a virtual network
adapter.
Total outgoing network traffic, measured in megabytes, for a virtual network
adapter

You install Windows Server 2012 on VM2 by using Windows Deployment Services (WDS).
You need to ensure that the next time VM2 restarts, you can connect to the WDS server by
using PXE.
Which virtual machine setting should you configure for VM2?
A. NUMA topology
B. Resource control
C. Resource metering
E. The VLAN ID
G. The startup order
J. Port mirroring
Answer: G
Explanation:
G. Configure the BIOS of the computer to enable PXE boot, and set the boot order so that
it is booting from the network is first
contains two domain controllers. The domain controllers are configured as shown in the
following table.
In the perimeter network, you install a new server named Server1 that runs a Server Core
Installation of Windows Server 8.
You need to join Server1 to the contoso.com domain.
What should you use?
A. The New-ADComputercmdlet
B. The djoin.exe command
C. The dsadd.exe command
D. The Add-Computer cmdlet
Answer: B
Explanation:
A. Creates a new Active Directory computer.
B. Use djoin for offline join in the perimeter network
C. Adds specific types of objects to the directory.
D. Add the local computer to a domain or workgroup.
http://technet.microsoft.com/en-us/library/ff793312(v=ws.10).aspx
Your network contains an Active Directory forest that contains three domains.
A group named Group1 is configured as a domain local distribution group in the forest root
domain.
You plan to grant Group1 read-only access to a shared folder named Share1. Share1 is
located in a child domain.
You need to ensure that the members of Group1 can access Share1.
A. Convert Group1 to a global distribution group.

B. Convert Group1 to a universal security group.
C. Convert Group1 to a universal distribution group.
D. Convert Group1 to a domain local security group.
Answer: B
Explanation:
A. Distribution Groups only used for email
B, Universal can be used for any domain or forest
C. Distribution Groups only used for email
D. Permissions can be assigned only within the same domain as the parent domain local
group
Group scope Universal can be assigned permissions in any domain or forest.
controllers run Windows Server 2008 R2. One of the domain controllers is named DCI.
The network contains a member server named Server1 that runs Windows Server 2012.
You need to promote Server1 to a domain controller by using install from media (IFM).
A. Create a system state backup of DC1.

B. Create IFM media on DC1.
C. Upgrade DC1 to Windows Server 2012.
D. Run the Active Directory Domain Services Configuration Wizard on Server1.
E. Run the Active Directory Domain Services Installation Wizard on DC1.
Answer: C
Explanation:
A. Backs up system state data to be restored
B. ???
C. Only valid option. You could install ADDS role on Server 1 and run ADDS configuration
wizard andadd DC to existing domain
D. Need to add ADDS role first
E. Wrong server
Installation from media does not work across different operating system versions.
In other words, you must use a Windows Server 2012 domain controller to generate
installation media to usefor another Windows Server 2012 domain controller installation.
We can use the Install from media (IFM) option to install an Additional Domain Controller in
an existing domainis the best option such as a branch office scenario where network is
slow, unreliable and costly.
IFM will minimize replication traffic during the installation because it uses restored backup
files to populate theAD DS database. This will significantly reduce the amount of traffic
copied over the WAN link.
Things to remember:
If you are deploying your first Domain Controller in the domain, you cannot use IFM.
The OS will need to match the IFM media. (If you create a 2008 R2 IFM, promote a 2008
R2 DC)
If you are creating a DC that will be a Global Catalog Server, create your IFM on a Global
Catalog Server.
If you are creating a DC that will be a DNS Server, create your IFM on a DNS Server.
If you want to copy the SYSVOL, the DC on which you generate the installation media and
the new DC mustbe at least running Windows Server 2008 with Service Pack 2 or
Windows Server 2008 R2.
Membership of the Domain Admins group is the minimum required to complete IFM.
http://www.brandonlawson.com/active-directory/deploying-domain-controllers-with-install-
from-media-ifm/
http://technet.microsoft.com/en-us/library/cc770654%28v=ws.10%29.aspx
Media used by the IFM option is created with Windows Server Backup or Ntdsutil.exe from
another existingWindows Server 2012 computer only
You cannot use a Windows Server 2008 R2 or previous operating system to create media
for a Windows Server 2012 domain controller.
contains 100 servers. The servers are contained in a organizational unit (OU) named
ServersOU.
You need to create a group named Group1 on all of the servers in the domain. You must
ensure that Group1 is added only to the servers.

A. a Local Users and Groups preferences setting in a Group Policy linked to the Domain
Controllers OU
B. a Restricted Groups setting in a Group Policy linked to the domain
C. a Local Users and Groups preferences setting in a Group Policy linked to ServersOU
D. a Restricted Groups setting in a Group Policy linked to ServersOU
Answer: C
Explanation:
A. This would add the group to the wrong OU
B. This would affect the whole domain and would effect member of the group
C. allows you to centrally manage local users and groups on domain member computers
and is this isthe correct OU for the GPO change
D. Restricted Groups defines what member or groups should exist as part of a group
Why use Group Policy preferences?
Unlike Group Policy settings, which App1y to both local computer policy and Active
Directory policy, GroupPolicy preferences only App1y to Active Directory policy. You use
preferences to configure many areas of theOS, including:
System devices, such as USB ports, floppy drives and removable media
Network shares and mapping network shares to drive letters
System and user environment variables
User and group accounts for the local computer
VPN and dial-up networking connections
Printer configuration and mapping
Registry settings, schedule tasks and system services
Settings for Folder Options, Internet Options and Regional and Language Options
Settings for power schemes and power management
Start Menu properties and menu items
http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-
administrator-groups/
http://technet.microsoft.com/en-us/magazine/hh848751.aspx
contains three domain controllers. The domain controllers are configured as shown in the
following table.
DC3 loses network connectivity due to a hardware failure.

You plan to remove DC3 from the domain.
You log on to DC3.
You need to identify which service location (SRV) records are registered by DC3.
What should you do?
A. Open the %windir%\system32\config\netlogon.dns file.

B. Run dcdiag /test:dns.
C. Open the %windir%\system32\dns\backup\adatum.com.dns file.
D. Run ipconfig /displaydns.
Answer: A
Explanation:
A. Netlogon service creates a log file that contains all the locator resource records and
places the logfile in the following location:
B. Analyzes the state of domain controllers in a forest or enterprise and reports any
problems to help introubleshooting.
C. dns backup file
D. used to display current resolver cache content
You can verify SRV locator resource records by viewing netlogon.dns, located in the
%systemroot%\System32\Config folder.
The SRV record is a Domain Name System (DNS) resource record that is used to identify
computers that hostspecific services.
SRV resource records are used to locate domain controllers for Active Directory.
You can use Notepad, to view this file.
The first record in the file is the domain controller's Lightweight Directory Access Protocol
(LDAP) SRV record.
This record should appear similar to the following:

_ldap._tcp.Domain_Name
http://support.microsoft.com/kb/816587/en-us
contains several thousand member servers that run Windows Server 2012. All of the
computer accounts for the member servers are in an organizational unit (OU) named
ServersAccounts.
Servers are restarted only occasionally.
You need to identify which servers were restarted during the last two days.
What should you do?

A. Run dsquery computer and specify the -stalepwd parameter
B. Run dsquery server and specify the -o parameter.
C. Run Get-ADComputer and specify the lastlogon property.
D. Run Get-ADComputer and specify the SearchScope parameter
Answer: C
Explanation:
A. dsquery computer -stalepwdnumber_of_days - Searches for all computers that have not
changed theirpassword for the specified number_of_days.
B. dsquery server -o {dn | rdn | samid} - Specifies the format in which the list of entries
found by the search willbe displayed: dn distinguished name of each entry, default; rdn
relative distinguished name of each entry;
samid SAM account name of each entry computer group server user; upn user principal
name of each entryuser
C. Gets one or more Active Directory computers lastLogondate should be used
D. SearchScope specifies the scope of an Active Directory search. Possible values for this
parameter are:
Base or 0; OneLevel or 1; Subtree or 2 - A Base query searches only the current path or
object. AOneLevelquery searches the immediate children of that path or object. A Subtree
query searches the current path orobject and all children of that path or object.
You log on to a domain controller by using an account named Admin1. Admin1 is a

member of the Domain Admins group.
You view the properties of a group named Group1 as shown in the exhibit. (Click the
Exhibit button.)
Group1 is located in an organizational unit (OU) named OU1.
You need to ensure that you can modify the Security settings of Group1 by using Active
Directory Users and Computers.
What should you do from Active Directory Users and Computers?
A. From the View menu, select Users, Contacts, Groups, and Computers as containers.
B. Right-click OU1 and select Delegate Control.
C. From the View menu, select Advanced Features.
D. Right-click contoso.com and select Delegate Control.
Answer: C
Explanation:
From ADUC select view toolbar then select advanced features
When you open up the ADUC in a default installation of Active Directory, you are only
presented with the basiccontainers.
These basic containers include the only organizational unit (OU), which is the Domain
Controllers OU, as wellas the other containers such as Users and Computers.
To see more in-depth containers, you need to configure the ADUC by going to the View
option on thetoolbar, then selecting Advanced Features.
This will refresh the view within the ADUC and add some new containers. There are no
hidden (or Advanced)OUs that will show up when you configure the ADUC in this way.
Viewing ADUC Advanced Settings:
http://searchwindowsserver.techtarget.com/tip/Viewing-advanced-settings-in-Active-
Directory-Users-and-Computers
contains two domain controllers named DC1 and DC.
You install Windows Server 2012 on a new computer named DC3.
You need to manually configure DC3 as a domain controller.
Which tool should you use?
A. Server Manager
B. winrm.exe
C. Active Directory Domains and Trusts
D. dcpromo.exe
Answer: A
Explanation:
A. using the Add Roles Wizard in Server Manager, followed by the Active Directory Domain
Services
Configuration Wizard
B. winrm is the server side service for remote managment
C. used for trust between multiple domains
D. Dcpromo.exe has been deprecated. In Windows Server 2012, if you run dcpromo.exe
(without anyparameters) from a command prompt, you receive a message directing you to
Server Manager

http://technet.microsoft.com/en-us/library/hh472162.aspx#BKMK_GUI
You need to remove Windows Explorer, Windows Internet Explorer, and all related
components and files from Server1.
What should you run on Server1?
A. Uninstall-WindowsFeature Server-Gui-Mgmt-Infra Remove

B. Uninstall-WindowsFeature Server-Gui-Shell Remove
C. msiexec.exe /uninstall iexplore.exe /x
D. msiexec.exe /uninstall explorer.exe /x
Answer: B
Explanation:
A. Would be a server core install
B. No IE or taskbar, explorer or control panel
C. Would leave components
D. Would leave components
In Windows Server 2012, you can remove the Server Graphical Shell, resulting in the
Minimal ServerInterface.
This is similar to a Server with a GUI installation, but Internet Explorer 10, Windows
Explorer, the desktop, andthe Start screen are not installed.
Microsoft Management Console (MMC), Server Manager, and a subset of Control Panel
are still present.
If the server has a full installation of Windows Server, and I need to bring the server down
to minimal serverinterface, I only need to remove the Server-GUI-Shell.
http://technet.microsoft.com/en-us/library/hh831786(v=ws.11).aspx
You have a server that runs Windows Server 2012.
The server contains the disks configured as shown in the following table.
You need to create a volume that can store up to 3 TB of user files. The solution must
ensure that the user files are available if one of the disks in the volume fails.
A. a mirrored volume on Disk 1 and Disk 4

B. a mirrored volume on Disk 1 and Disk 3
C. a RAID-5 volume on Disk 1, Disk 2, and Disk 3
D. a spanned volume on Disk 0 and Disk 4
Answer: B
Explanation:
B. it should be disk 2 and 3 and this is a typo. Test may have another option for a storage
pool. If so select that
You have a server named Core1 that has a Server Core Installation of Windows Server
2012.
Core1 has the Hyper-V server role installed Core1 has two network adapters from different
third-party hardware vendors.
You need to configure network traffic failover to prevent connectivity loss if a network
adapter fails.
A. New-NetSwitchTeam
B. Add-NetSwitchTeamMember
C. Install-Feature
D. netsh.exe
Answer: A
Explanation:

You connect three new hard disks to Server1.
You need to create a storage space that contains the three disks.
Provide fault tolerance if a single disk fails.

Maximize the amount of files that can be stored in the storage space.
A. A simple space
B. A spanned volume
C. A mirrored space
D. A parity space
Answer: D
Explanation:
A.Stripes data across a set of pool disks, and is not resilient to any disk failures.
B.A spanned volume is a dynamic volume consisting of disk space on more than one
physical disk and not fault tolerant
C. Fault tolerant but Not max space
D. Fault tolerant and better space ratio
http://social.technet.microsoft.com/wiki/contents/articles/15198.storage-spaces-
overview.aspx
You perform a Server Core Installation of Windows Server 2012 on a server named
Server1.
You need to add a graphical user interface (GUI) to Server1.
A. The setup.exe command

B. The dism.exe command
C. The imagex.exe command
D. The Add-WindowsPackagecmdlet
Answer: B
Explanation:
The DISM command is called by the Add-WindowsFeature command. Here is the systax
for DISM:
Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:Server-
Gui-Shell /featurename:Server-Gui-Mgmt
You have a server named Server1 that runs Windows Server 2012. Server1 has five
network adapters. Three of the network adapters an connected to a network named LAN1.
The two other network adapters are connected to a network named LAN2.
You need to create a network adapter team from the three network adapters connected to
LAN 1.
A. Routing and Remote Access

B. Network and Sharing Center
C. Server Manager
D. Network Load Balancing Manager
Answer: C
Explanation:

Your companys security policy states that all of the servers deployed to a branch office
must not have the graphical user interface (GUI) installed.
In a branch office, a support technician installs a server with a GUI installation of Windows
Server 2012 on a new server, and then configures the server as a DHCP server.
You need to ensure that the new server meets the security policy. You want to achieve this
goal by using the minimum amount of Administrative effort.
What should you do?
A. Reinstall Windows Server 2012on the server.

B. From Windows PowerShell, run Uninstall-WindowsFeature Desktop-Experience.
C. From Windows PowerShell, run Uninstall-WindowsFeature PowerShell-ISE.
D. From Server Manager, uninstall the User Interfaces and Infrastructure feature.
Answer: D
Explanation:
A. Not least effort
B. Uninstalls desktop experience not the full GUI
C. Uninstalls the powershell ISE
D. Least effort and removes full GUI
http://www.howtogeek.com/111967/how-to-turn-the-gui-off-and-on-in-windows-server-2012/
http://blogs.technet.com/b/server_core/archive/2012/05/09/configuring-the-minimal-server-
interface.aspx
Your network contains three servers. The servers are configured as shown in the following
table.
Your company plans to standardize all of the servers on Windows Server 8.
You need to recommend an upgrade path for each server.
Upgrade the existing operating system whenever possible.

Minimize hardware purchases.
Which upgrade path should you recommend for each server?
To answer, drag the appropriate upgrade path to each server in the answer area. Each
upgrade path may be used once, more than once, or not at all.
Answer:
Your network contains a file server named Server1 that runs Windows Server 2012.
All client computers run Windows 8.
Server1 contains a folder named Folder1. Folder1 contains the installation files for the
companys desktop Applications.
A network technician shares Folder1 as Share 1.
You need to ensure that the share for Folder1 is not visible when users browse the
network.
What should you do?
A. From the properties of Folder1, deny the List Folder Contents permission for the
Everyone group.
B. From the properties of Folder1, remove Share1, and then share Folder1 as Share1$.
C. From the properties of Folder1, configure the hidden attribute.
D. From the properties of Share1, configure access-based enumeration.
Answer: B
Explanation:
A. Will deny everyone list of folder content
B. Remove share and re-add using $ for Hidden/Administrative share
C. This will hide the physical folder
D. lists only the files and folders to which they have access when browsing content on the
file server
A hidden share is identified by a dollar sign ($) at the end of the share name
Hidden shares are not listed when you look through the shares on a computer or use the
"net view" command
Why Use Hidden Shares?
Using hidden shares on your network is useful if you do not want a shared folder or drive
on the network to beeasily accessible. Hidden shares can add another layer of protection
for shared files against unauthorizedpeople connecting to your network. Using hidden
shares helps eliminate the chance for people to guess yourpassword (or be logged into an
authorized Windows account) and then receive access to the shared resource.
contains a server named Server1 that runs Windows Server 2012 and a server named
Server2 that runs Windows Server 2008 R2 Service Pack 1 (SP1). Both servers are
member servers.
On Server2, you install all of the software required to ensure that Server2 can be managed
remotely from Server Manager.
You need to ensure that you can manage Server2 from Server1 by using Server Manager.
Which two tasks should you perform on Server2? (Each correct answer presents part of the
solution. Choose two.)
A. Run the systempropertiesremote.execommand.

B. Run the Fnable-PsRemotingcmdlet.
C. Run the Enable-PsSessionConfigurationcmdlet.
D. Run the Confiqure-SMRemoting.ps1script.
E. Run the Set-ExecutionPolicycmdlet.
Answer: D,E
Explanation:
To configure Server Manager remote management by using Windows PowerShell
On the computer that you want to manage remotely, open a Windows PowerShell session
with elevated user rights. To do this, click Start, click All Programs, click Accessories, click
Windows PowerShell, right-click the Windows PowerShell shortcut, and then click Run as
administrator.
In the Windows PowerShell session, type the following, and then press Enter.
Set-ExecutionPolicy -ExecutionPolicyRemoteSigned
Type the following, and then press Enter to enable all required firewall rule exceptions.
Configure-SMRemoting.ps1 -force -enable
A) Run the systempropertiesremote.exe command

B) Enable-PSRemotingcmdlet configures the computer to receive Windows PowerShell
remote commandsthat are sent by using the WS-Management technology.
C) Enable-PSSessionConfigurationcmdlet enables registered session configurations that
have been disabled.
D) Configure-SMRemoting.ps1 -force -enable
E) Set-ExecutionPolicy -ExecutionPolicyRemoteSigned
To configure Server Manager remote management by using Windows PowerShell
On the computer that you want to manage remotely, open a Windows PowerShell session
with elevated userrights, type the following:
To configure Server Manager remote management by using Windows PowerShell. On the

computer that youwant to manage remotely, open a Windows PowerShell session with
elevated user rights.
To do this, click Start, click All Programs, click Accessories, click Windows PowerShell,
right-click the WindowsPowerShell shortcut, and then click Run as administrator. In the
Windows PowerShell session, type thefollowing, and then press Enter.
Set-ExecutionPolicy -ExecutionPolicyRemoteSigned Type the following, and then press
Enter to enable allrequired firewall rule exceptions.
Configure-SMRemoting.ps1 -force -enable
Question No : 48 HOTSPOT - (Topic 0)
contains a print server named Server1 that runs Windows Server 2012.
You share several printers on Server1.
You need to ensure that you can view the printer objects associated to Server1 in Active
Directory Users and Computers.
Which option should you select?
To answer, select the appropriate option in the answer area.

Answer:
contains two member servers named Server1 and Server2 that run Windows Server 2012.
You log on to Server1.
You need to retrieve the IP configurations of Server2.
Which command should you run from Server1?
A. winrs -r:server2ipconfig
B. winrm get server2
C. dsquery *-scope base-attrip, server2
D. ipconfig> server2.ip
Answer: A
Explanation: A. Windows Remote Management allows you to manage and execute
programs remotely
B. winrm is the server side services for remote mgmt
C. dsquery * finds any objects in the directory according to criteria using a LDAP query.
D. Would output server1 ipconfig info to server2.ip file
http://technet.microsoft.com/en-us/library/dd349801(v=ws.10).aspx
contains a domain controller named DC1 that has to DNS Server server role installed. DC1
has a standard primary DNS zone for contoso.com.
You need to ensure that only client computers in the contoso.com domain will be able to
add their records to the contoso.com zone.
A. Modify the Security settings of Dc1.

B. Modify the Security settings of the contoso.com zone.
C. Store the contoso.com zone in Active Directory.
D. Sign the contoso.com zone.
Answer: C
Explanation:
C. Only Authenticated users can create records when zone is stored in AD
Secure dynamic updates allow an administrator to control what computers update what
names and preventunauthorized computers from overwriting existing names in DNS.
If you have an Active Directory infrastructure, you can only use Active Directoryintegrated
zones on ActiveDirectory domain controllers.
If you are using Active Directoryintegrated zones, you must decide whether or not to store
Active Directoryintegrated zones in the Application directory partition.
To configure computers to update DNS data more securely, store DNS zones in Active
Directory DomainServices (AD DS) and use the secure dynamic update feature.
Secure dynamic update restricts DNS zone updates to only those computers that are
authenticated and joinedto the Active Directory domain where the DNS server is located
and to the specific security settings that aredefined in the access control lists (ACLs) for the
DNS zone.
Your network contains a single Active Directory domain named contoso.com. The network
contains two subnets. The subnets are configured as shown in the following table.
Server1 has the DHCP Server server role installed. Server1 is configured to lease [P
addresses to the two subnets.
You discover that computers on the Warehouse subnet that have static IP addresses can
communicate with the computers on the MainOffice subnet. Computers on the Warehouse
subnet that obtain an IP address automatically can only communicate with other computers
on the Warehouse subnet.
You need to ensure that all of the computers on the Warehouse subnet can communicate
with the computers on the MainOffice subnet.
Which DHCP option should you configure on Server1?
A. 003 Router
B. 011 Resource Location Servers
C. 020 Nonlocal Source Routing
D. 019 IP Layer Forwarding
Answer: A
Explanation:
A. This option is normally used to assign a default gateway to DHCP clients on a subnet. A
DHCP clientrequests this option.
B. This option specifies a list of IP addresses for resource location servers
C. This option specifies whether the DHCP client enables or disables the forwarding at the
IP layer ofdatagrams that contain source routing information and were sent by a non-local
host.
D. This option specifies whether the DHCP client should enable or disable forwarding of
datagrams at the IPlayer.
contains 500 client computers that run Windows 2012. All of the client computers connect
to the Internet by using a web proxy.
You deploy a server named Server1 that runs Windows Server 2012. Server1 has the DNS
Server server role installed.
You configure all of the client computers to use Server1 as their primary DNS server.
You need to prevent Server1 from attempting to resolve Internet host names for the client
computers.
A. Create a forwarder that points to 169.254.0.1.

B. Create a primary zone named GlobalNames.
C. Remove all root hints.
D. Create a zone delegation for GlobalNames.contoso.com.
Answer: C
Explanation: Root Hints are a vital cog in configuring your DNS Server. If your server
receives a query for an unknown domain, then the root hints give a clue as to where to
search for the answer.
If you operate internal root DNS servers on a private network that is not connected to the
Internet, edit or replace root hints to point to your own internal root DNS servers. Delete
root hints from your internal root DNS servers.
Your company has a remote office that contains 600 client computers on a single subnet.
You need to select a subnet mask for the network that will support all of the client
computers. The solution must minimize the number of unused addresses.
Which subnet mask should you select?
A. 255.255.252.0
B. 255.255.254.0
C. 255.255.255.0
D. 255.255.255.128
Answer: A
Your network contains three servers that run Windows Server 2012. The servers are
You need to prevent Server3 from receiving an IP address from Server1.
What should you create on Server1?
A. A reservation
B. A filter
C. A scope option
D. An exclusion
Answer: B
Explanation:
A. For clients that require a constant IP address
B. Filter to exclude MAC address of Server3
C. Range of allowed IP's to be assigned
D. Exclude range of IP's
MAC address based filtering ensure that only a known set of devices in the system are able
to obtain an IPAddress from the DHCP
Reservation and Exclusion, two incredibly different concepts.

An exclusion is an address or range of addresses taken from a DHCP scope that the
DHCP server is notallowed to hand out. For example, if you have set a DHCP server to
exclude the address range 192.168.0.1-192.168.0.10 then the only way a computer on
your network would get an address of 192.168.0.4 would be ifyou assigned it statically on
that machine. This is because DHCP knows NOT to give this range of IPaddresses out.
A reservation is a specific IP addresses that is tied to a certain device through its MAC
address. Forexample, if we have a workstation on the network that requires a certain IP
address, but we dont want to gothrough to trouble of assigning it statically, then we can
create a reservation for it. So if the MAC address of theNIC on the computer is AA-BB-00-
FF-CC-AA and we want it to maintain the IP address of 192.168.0.100 thenwe would
create a DHCP reservation under that particular scope saying that the IP address
192.168.0.100 isreserved only for the MAC address AA-BB-00-FF-CC-AA.
http://technet.microsoft.com/en-us/magazine/ff521761.aspx
http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Networ
k/
DHCPReservationsandExclusions.html

You log on to a domain controller by using an account named Admin1. Admin1 is a
member of the Domain Admins group.
You view the properties of a group named Group1 as shown in the exhibit. (Click the
Exhibit button.)
Group1 is located in an organizational unit (OU) named OU1.
You need to ensure that users from Group1 can modify the Security settings of OU1 only.
A. Modify the Managed By settings on OU1.

B. Right-click contoso.com and select Delegate Control.
C. Right-click OU1 and select Delegate Control.
D. Modify the Security settings of Group1.
Answer: C
Explanation:
A. The distinguished name of the user that is assigned to manage this object.
B. Would delegat control to the whole domain
C. Delegates control to only the OU
D. Wrong Feature
http://msdn.microsoft.com/en-us/library/windows/desktop/ms676857(v=vs.85).aspx
Your network contains an Active Directory forest. The forest contains two domains named
contoso.com and corp.contoso.com. The forest contains four domain controllers. The
domain controllers are configured as shown in the following table.
All domain controllers are DNS servers.
In the corp.contoso.com domain, you plan to deploy a new domain controller named DC5.
You need to identify which domain controller must be online to ensure that DCS can be
promoted successfully to a domain controller.
Which domain controller should you identify?

A. DC1
B. DC2
C. DC3
D. DC4
Answer: C
Explanation:
A. Wrong Domain
B. Wrong Domain
C. Right domain, RID Master must be online
D. Right domain but Not needed to be online
Relative ID (RID) Master:
Allocates active and standby RID pools to replica domain controllers in the same domain.
(corp.contoso.com)
Must be online for newly promoted domain controllers to obtain a local RID pool that is
required to advertise orwhen existing domain controllers have to update their current or
standby RID pool allocation.
The RID master is responsible for processing RID pool requests from all domain controllers
in a particulardomain.
When a DC creates a security principal object such as a user or group, it attaches a unique
Security ID (SID) tothe object.
This SID consists of a domain SID (the same for all SIDs created in a domain), and a
relative ID (RID) that isunique for each security principal SID created in a domain.
Each DC in a domain is allocated a pool of RIDs that it is allowed to assign to the security
principals it creates.
When a DC's allocated RID pool falls below a threshold, that DC issues a request for
additional RIDs to thedomain's RID master.
The domain RID master responds to the request by retrieving RIDs from the domain's
unallocated RID pooland assigns them to the pool of the requesting DC
At any one time, there can be only one domain controller acting as the RID master in the
domain.
Your network contains an Active Directory forest named contoso.com. All domain
controllers currently run Windows Server 2008 R2.
You plan to install a new domain controller named DC4 that runs Windows Server 8.
The new domain controller will have the following configurations:
Schema master
Global catalog server
DNS Server server role
Active Directory Certificate Services server role
You need to identify which configurations cannot be fulfilled by using the Active Directory
Installation Wizard.
Which two configurations should you identify? (Each correct answer presents part of the
A. Transfer the schema master.

B. Enable the global catalog server.
C. Install the DNS Server role.
D. Install the Active Directory Certificate Services role.
Answer: A,D
Explanation:
AD Installation Wizard will automatically install DNS and allows for the option to set it as a
global catalog server. ADCS and schema must be done separately.
following table.
In the perimeter network, you install a new server named Server1 that runs Windows
Server 2012. Server1 is in a workgroup.
You need to perform an offline domain join of Server1 to the contoso.com domain.
A. Transfer the PDC emulator role to Dc1.

B. Run the djoin.exe command.
C. Run the dsadd.exe command.
D. Transfer the infrastructure master role to DC1.
Answer: B
Explanation:
A. Creates a new Active Directory computer.
B. Use djoin for offline join in the perimeter network
C. Adds specific types of objects to the directory.
To perform an offline domain join, you run commands by using a new tool named
Djoin.exe. You use Djoin.exe to provision computer account data into AD DS. You also use
it to insert the computer account data intothe Windows directory of the destination
computer, which is the computer that you want to join to the domain.
Create the account

djoin /provision /domain winsrvtuts.wst /machine Win7 /savefile c:\yourFile.txt
Run on the target systemdjoin /requestodj /loadfile c:\yourFile.txt /windowspath c:\Windows
/localos
http://winsrvtuts.com/2011/08/off-line-domain-join-with-djoin-exe/
http://technet.microsoft.com/en-us/library/offline-domain-join-djoin-step-by-
step%28v=ws.10%29.aspx
You discover that when you join client computers to the domain manually, the computer
accounts are created in the Computers container.
You need to ensure that new computer accounts are created automatically in an
organizational unit (OU) named Corp.
A. net.exe
B. redircmp.exe
C. regedit.exe
D. dsadd.exe
Answer: B
Explanation:
A. Used to stop/start protocols
B.Redirects the default container for newly created computers to a specified, target
organizational unit
C. Modify local registry entries
D. Adds specific types of objects to the directory
Your network contains two Active Directory forests named adatum.com and contoso.com.
Both forests contain multiple domains. A two-way trust exists between the forests.
The contoso.com domain contains a domain local security group named Group1. Group1
contains contoso\user1 and adatum\user1.
You need to ensure that Group1 can only contain users from the contoso.com domain.
Which three actions should you perform?
To answer, move three actions from the list of actions to the answer area and arrange them
in the correct order.
Answer:
The disks on Server2 are configured as shown in the exhibit. (Click the Exhibit button.)
You create a virtual machine on Server2 named VM1.
You need to ensure that you can configure a pass-through disk for VM1.
What should you do?
A. Convert Disk 1 to a MBR disk.

B. Convert Disk 1 to a basic disk.
C. Take Disk 1 offline.
D. Create a partition on Disk 1.
Answer: D
Explanation:
hyperv.aspx
The pass-through disk must be offline.
V server role installed. Server1 is connected to two Fibre Channel SANs and is configured
as shown in the following table.
You have a virtual machine named VM1.
You need to configure VM1 to connect to SAN1.

A. Add one HBA.
B. Create a Virtual Fibre Channel SAN.
C. Create a Hyper-V virtual switch.
D. Configure network adapter teaming.
Answer: B
Explanation:
You need your virtualized workloads to connect easily and reliably to your existing storage
arrays. WindowsServer 2012 provides Fibre Channel ports within the guest operating
system, which allows you toconnect to Fibre Channel directly from within virtual machines.
This feature protects your investments inFibre Channel, enables you to virtualize workloads
that use direct access to Fibre Channel storage, allows youto cluster guest operating
systems over Fibre Channel, and provides an important new storage option forservers
hosted in your virtualization infrastructure.
With this Hyper-V virtual Fibre Channel feature, you can connect to Fibre Channel storage
from within a virtualmachine. This allows you to use your existing Fibre Channel
investments to support virtualized workloads.
Support for Fibre Channel in Hyper-V guests also includes support for many related
features, such as virtualSANs, live migration, and MPIO.
You have a file server named Server1 that runs Windows Server 8.
Server1 has following hardware configurations:
16GB of RAM
A single quad-core CPU
Three network teams that have two network adapters each
You add additional CPUs and RAM to Server1.
You repurpose Server1 as a virtualization host.
You install the Hyper-V server role on Server1.
You need to create four external virtual switches in Hyper-V.
Which cmdlet should you run first?
A. Set-NetAdapter
B. Add-NetLbfoTeamNic
C. Add-VMNetworkAdapter
D. Remove-NetLbfoTeam
Answer: B
Explanation:
A. Sets adapter properties
B. Add new interface to NIC Team
C. Adds vadapter to vm
D. Removed NIC from host
You need 4 virtual switches but currently only have 3 teams available. You would need to
break a team first.
http://technet.microsoft.com/en-us/library/jj130875(v=wps.620).aspx
You need to ensure that VM1 can use more CPU time than the other virtual machines
when the CPUs on Server1 are under a heavy load.
A. NUMA topology
B. Resource control
E. The VLAN ID
J. Port mirroring
Answer: B
Explanation:
B. Resource controls provide you with several ways to control the way that Hyper-V
allocates resources to virtual machine
Your network contains a server named Server1 that runs Windows Server 8. Server1 has
the Hyper-V server role installed.

VM2 sends and receives large amounts of data over the network.
You need to ensure that the network traffic of VM2 bypasses the virtual switches of the
parent partition.
A. NUMA topology
B. Resource control
C. Resource metering
E. The VLAN ID
J. Port mirroring
Answer: K
Explanation:
K. SR-IOV maximizes network throughput while minimizing network latency as well as the
CPU overhead required for processing network traffic.
contains a domain controller named DC1 that runs Windows Server 2012.
You need to configure a central store for the Group Policy Administrative Templates.
What should you do on Dc1?
A. From Server Manager, create a storage pool.

B. From Windows Explorer, copy the PolicyDefinitions folder to the
SYSVOL\contoso.com\policies folder.
C. From Server Manager, add the Group Policy Management feature.
D. From Windows Explorer, copy the PolicyDefinitions folder to the NETLOGON share.
Answer: B
Explanation:
A. Create Disk Storage Pool
B. PolicyDefinitions folder in SYSVOL
C. Group Policy Management is a console for GPO Mgmt
D. Folder is for logon scripts
PolicyDefinitions folder within the SYSVOL folder hierarchy. By placing the ADMX files in
this directory,they are replicated to every DC in the domain; by extension, the ADMX-aware
Group Policy ManagementConsole in Windows Vista, Windows 7, Windows Server 2008
and R2 can check this folder as an additionalsource of ADMX files, and will report them
accordingly when setting your policies.
By default, the folder is not created. Whether you are a single DC or several thousand, I
would stronglyrecommend you create a Central Store and start using it for all your ADMX
file storage. It really does work well.
The Central Store

To take advantage of the benefits of .admx files, you must create a Central Store in the
SYSVOL folder ona domain controller. The Central Store is a file location that is checked
by the Group Policy tools. The GroupPolicy tools use any .admx files that are in the Central
Store. The files that are in the Central Store are laterreplicated to all domain controllers in
the domain.
To create a Central Store for .admx and .adml files, create a folder that is named
PolicyDefinitions in thefollowing location:
\\FQDN\SYSVOL\FQDN\policies
Note: FQDN is a fully qualified domain name.
http://tigermatt.wordpress.com/tag/policydefinitions/
http://www.virtuallyimpossible.co.uk/how-to-create-a-group-policy-central-store/
You install Windows Server 2012 on a standalone server named Server1. You configure
Server1 as a VPN server.
You need to ensure that client computers can establish PPTP connections to Server1.
Which two firewall rules should you create? (Each correct answer presents part of the
A. An inbound rule for protocol 47

B. An outbound rule for protocol 47
C. An inbound rule for TCP port 1723
D. An inbound rule for TCP port 1701
E. An outbound rule for TCP port 1723
F. An outbound rule for TCP port 1701
Answer: A,C
Explanation:
To enable VPN tunnels between individual host computers or entire networks that have a
firewall between them, you must open the following ports:
PPTP
To allow PPTP tunnel maintenance traffic, open TCP 1723.
To allow PPTP tunneled data to pass through router, open Protocol ID 47.
http://www.windowsitpro.com/article/pptp/which-ports-do-you-need-to-open-on-a-firewall-to-
allow-pptp-andl2tp-over-ipsec-vpn-tunnels--46811
If you use a personal firewall or a broadband router, or if there are routers or firewalls
between the VPN client and the VPN server, the following ports and protocol must be
enabled for PPTP on all firewalls and routers that are between the VPN client and the VPN
server:
Client ports Server port Protocol
1024-65535/TCP 1723/TCP PPTP

Additionally, you must enable IP PROTOCOL 47 (GRE).
Your network contains an Active Directory domain named adatum.com.
The computer accounts for all member servers are located in an organizational unit (OU)
named Servers.
You link a Group Policy object (GPO) to the Servers OU.
You need to ensure that the domains Backup Operators group is a member of the local
Backup Operators group on each member server. The solution must not remove any
groups from the local Backup Operators groups.
What should you do?
A. Add a restricted group named adatum\Backup Operators. Add Backup Operators to the
This group is a member of list.
B. Add a restricted group named adatum\Backup Operators. Add Backup Operators to the
Members of this group list.
C. Add a restricted group named Backup Operators. Add adatum\Backup Operators to the
This group is a member of list.
D. Add a restricted group named Backup Operators. Add adatum\Backup Operators to the
Members of this group list.
Answer: A
Explanation:
A. The Member Of list specifies which other groups the restricted group should belong to
B. Needs to be added to member of list
C. Wrong group
D. Wrong group
Restricted groups allow an administrator to define two properties for security-sensitive
groups (that is,"restricted" groups).
The two properties are Members and Member Of . The Members list defines who should
and should not belongto the restricted group. The Member Of list specifies which other
groups the restricted group should belong to.
When a restricted Group Policy is enforced, any current member of a restricted group that
is not on theMembers list is removed. Any user on the Members list which is not currently a
member of the restrictedgroup is added.
The Restricted Groups folder is available only in Group Policy objects associated with
domains, OUs,and sites. The Restricted Groups folder does not appear in the Local
Computer Policy object.
If a Restricted Group is defined such that it has no members (that is, the Members list is
empty), then allmembers of the group are removed when the policy is enforced on the
system. If the Member Of list is emptyno changes are made to any groups that the
restricted group belongs to. In short, an empty Members listmeans the restricted group
should have no members while an empty Member Of list means "don't care" whatgroups
the restricted group belongs to.
All servers run Windows Server 2012.
An Application named App1.exe is installed on all client computers. Multiple versions of

App1.exe are installed on different client computers. App1.exe is digitally signed.
You need to ensure that only the latest version of App1.exe can run on the client
computers.

A. AnApplication control policy packaged app rule
B. A software restriction policy certificate rule
C. AnApplication control policy Windows Installer rule
D. AnApplication control policy executable rule
Answer: D
Explanation:
A. A publisher rule for a Packaged app is based on publisher, name and version
B. You can create a certificate rule that identifies software and then allows or does not
allow the software torun, depending on the security level.
C. For .msi or .msp
D. Executable Rules, for .exe and can be based on Publisher, Product name, filename and
version.
Use Certificate Rules on Windows Executables for Software Restriction Policies
This security setting determines if digital certificates are processed when a user or process
attempts to runsoftware with an .exe file name extension. This security settings is used to
enable or disable certificate rules, atype of software restriction policies rule. With software
restriction policies, you can create a certificate rule thatwill allow or disallow software that is
signed by Authenticode to run, based on the digital certificate that isassociated with the
software. In order for certificate rules to take effect, you must enable this security setting.
When certificate rules are enabled, software restriction policies will check a certificate
revocation list (CRL) tomake sure the software's certificate and signature are valid. This
may decrease performance when start signedprograms. You can disable this feature. On
Trusted Publishers Properties, clear the Publisher and Timestampcheck boxes.

http://www.grouppolicy.biz/2012/08/how-manage-published-a-k-a-metro-apps-in-windows-
8-using-grouppolicy/
http://technet.microsoft.com/en-us/library/hh994597.aspx#BKMK_Cert_Rules
controllers run Windows Server 2012.
You need to ensure that the local Administrator account on all computers is renamed to
L_Admin.
Which Group Policy settings should you modify?
A. Security Options
B. User Rights Assignment
C. Restricted Groups
D. Preferences
Answer: A
Explanation:
A. Allows configuration of computers
B. User Rights Assignment policies determines which users or groups have logon rights or
privileges on thecomputer
C. Restricted Groups defines what member or groups should exist as part of a group
D. With Preferences, local and domain accounts can be added to a local group without
affecting the existingmembers of the group
In Group Policy Object Editor, click Computer Configuration, click Windows Settings, click
Security Settings,click Local Policies, and then click Security Options.
In the details pane, double-click Accounts: Rename administrator account.
In Group Policy Object Editor, click Computer Configuration, click Windows Settings, click
Security
Settings, click Local Policies, and then click Security Options.
In the details pane, double-click Accounts: Rename administrator account.
The disks on the server are configured as shown in the exhibit. (Click the Exhibit button.)
You need to create a storage pool that contains Disk 1 and Disk 2.
A. Delete volume E
B. Convert Disk 1 and Disk 2 to dynamic disks
C. Convert Disk 1 and Disk 2 to GPT disks
D. Create a volume on Disk 2
Answer: A
Explanation:
A. Storage Pools use unallocated space
http://technet.microsoft.com/en-us/library/ff399688.aspx
You add a 4-TB disk named Disk 5 to Server1.
You need to ensure that you can create a 3-TB volume on Disk 5.
What should you do?
A. Create a storage pool.

B. Convert the disk to a dynamic disk.
C. Create a VHD, and then attach the VHD.
D. Convert the disk to a GPT disk.
Answer: D
Explanation:
MBR max is 2TB, the disk must be GPT
For any hard drive over 2TB, we need to use GPT partition. If you have a disk larger than
2TB size, the rest ofthe disk space will not be used unless you convert it to GPT.
An existing MBR partition cant be converted to GPT unless it is completely empty; you
must either deleteeverything and convert or create the partition as GPT.
It is not possible to boot to a GPT partition, impossible to convert MBR to GPT without data
loss.
http://msdn.microsoft.com/en-us/library/windows/hardware/gg463525.aspx
You have a server named Server1 that has a Server Core installation of Windows Server
2008 R2.
Server1 has the DHCP Server server role and the File Server server role installed.You
need to upgrade Server1 to Windows Server 8 with the graphical user interface (GUI).
Preserve the server roles and their configurations.

Minimize Administrative effort.
What should you do?
A. On Server1, run setup.exe from the Windows Server 8 installation media and select
Server with a GUI.
B. Start Server1 from the Windows Server 8 installation media and select Server Core
Installation. When the installation is complete, add the Server Graphical Shell feature.
C. Start Server1 from the Windows Server 8 installation media and select Server with a
GUI.
D. On Server1, run setup.exe from the Windows Server 8 installation media and select
Server Core Installation. When the installation is complete, add the Server Graphical Shell
feature.
Answer: D
Explanation:
A. Server is on 2008 R2 core, must install 2012 core and then GUI
B. Not least effort
C. Not least effort
D. Upgrade to 2012 and install GUI shell
Upgrades that switch from a Server Core installation to the Server with a GUI mode of
Windows Server 2012 in one step (and vice versa) are not supported. However, after
upgrade is complete, Windows Server 2012 allows you to switch freely between Server
Core and Server with a GUI modes. For more information about these installation options,
how to convert between them, and how to use the new Minimal Server Interface and
Features on Demand, see http://technet.microsoft.com/library/hh831786.
Your network contains two servers named Server1 and Server2 that run Windows Server
2012.
You need to install the Remote Desktop Services server role on Server2 remotely from
Server1.
A. The dsadd.exe command

B. The Server Manager console
C. The Remote Desktop Gateway Manager console
D. The Install-RemoteAccesscmdlet
Answer: B
Explanation:
A. Adds specific types of objects to the directory
B. You can manage remote server by Server Manager and install roles/features
C. Remote Desktop Gateway (RD Gateway) is a role service that enables authorized
remote users to connectto resources on an internal corporate or private network, from any
Internet-connected device that can run theRemote Desktop Connection (RDC) client.
D. Performs prerequisite checks for DirectAccess (DA) to ensure that it can be installed,
installs DA for remoteaccess (RA) (includes management of remote clients) or for
management of remote clients only, and installsVPN (both Remote Access VPN and site-
to-site VPN).
You have a server named Server1 that runs a full installation of Windows Server 2012.
You need to uninstall the graphical user interface (GUI) on Server1. You must achieve this
goal by using the minimum amount of Administrative effort.
What should you do?
A. Reinstall Windows Server 2012on the server.

B. From Server Manager, uninstall the User Interfaces and Infrastructure feature.
C. From Windows PowerShell, run Uninstall-WindowsFeature PowerShell-ISE.
D. From Windows PowerShell, run Uninstall-WindowsFeature Desktop-Experience.
Answer: B
Explanation:
A. Not least effort
B. Quick and Easy
C. Uninstalls PS-ISE
D. Doesn't remove all GUI components
http://www.petri.co.il/switching-gui-server-core-windows-server-2012.htm
Your network contains a Windows Server 2012 image named Server12.wim. Server12.wim
contains the images shown in the following table.
Server12.wim is located in C:\.
You need to enable the Windows Server Migration Tools feature in the Windows Server
2012 Server Datacenter image.
You want to achieve this goal by using the minimum amount of Administrative effort.
Which command should you run first?
A. dism.exe /mount-wim /wimfile:c:\Server12.wim /index:4 /mountdir:c:\mount

B. imagex.exe /capture c: c:\Server12.wim windows server 2012server datacenter
C. dism.exe /image: c:\Server12.wim /enable-feature /featurename: servermigration
D. imagex.exe /App1y c:\Server12.wim 4 c:\
Answer: A
Explanation:
A. Mounts the image before making any chnages
B. imagex /capture creates windows images .wim
C. You need to mount the image first
D. imagex /App1y App1ies image to drive
The Deployment Image Servicing and Management (DISM) tool is a command-line tool that
is used to modifyWindows images. You can use DISM to enable or disable Windows
features directly from the commandprompt, or by App1ying an answer file to the image.
You can enable or disable Windows features offline on a
WIM or VHD file, or online on a running operating system.
You can also use the DISM image management command to list the image index numbers
or to verify thearchitecture for the image that you are mounting.ex: Dism /Mount-Image
/ImageFile:C:\test\images\install.wim /Name:"Base Windows Image" /MountDir:C:\test
\offline
By default, DISM is installed at C:\Program Files (x86)\Windows Kits\8.0\Assessment and
Deployment Kit\Deployment Tools\
contains 500 client computers that run Windows 2012. All of the client computers connect
to the Internet by using a web proxy. You deploy a server named Server1 that runs
Windows Server 2012.
Server1 has the DNS Server server role installed. You configure all of the client computers
to use Server1 as their primary DNS server. You need to prevent Server1 from attempting
to resolve Internet host names for the client computers.
A. Configure the Security settings of the contoso.com zone.

B. Remove all root hints.
C. Create a primary zone named GlobalNames.
D. Create a forwarder that points to 169.254.0.1.
E. Create a stub zone named root.
F. Create a zone delegation for GlobalNames.contoso.com.
Answer: E
Server1.

A. the dism.exe command
B. the Add-WindowsFeaturecmdlet
C. the imagex.exe command
D. the setup.exe command
E. the ocsetup.exe command
F. the Add-WindowsPackagecmdlet
G. the Install-Module cmdlet
H. the Install-RoleServicecmdlet
Answer: A,B
Your network contains a production Active Directory forest named contoso.com and a test
Active Directory forest named contoso.test. A trust relationship does not exist between the
forests.
In the contoso.test domain, you create a backup of a Group Policy object (GPO) named
GPO1.
You transfer the backup of GPO1 to a domain controller in the contoso.com domain. You
need to create a GPO in contoso.com based on the settings of GPO1.
You must achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. From Group Policy Management, right-click the Group Policy Objects container, and
then click Manage Backups.
B. From Group Policy Management, right-click the Starter GPOscontainer, and then click
Manage Backups.
C. From Group Policy Management, create a new starter GPO. Right-click the new starter
GPO, and then click Restore from Backup.
D. From Group Policy Management, create a new GPO. Right-click the new GPO, and then
click Import Settings.
E. From Windows PowerShell, run the Copy-GPOcmdlet and the Restore-GPOcmdlet.
F. From Windows PowerShell, run the New-GPOcmdlet and the Import-GPOcmdlet.
G. From Windows PowerShell, run the New-GPOcmdlet and the Restore-GPOcmdlet.
H. From Windows PowerShell, run the Get-GPOcmdlet and the Copy-GPOcmdlet.
Answer: D,F
Explanation:
The New-GPO cmdlet creates a new GPO with a specified name. By default, the newly
created GPO is notlinked to a site, domain, or organizational unit (OU).
The Import-GPO cmdlet imports the settings from a GPO backup into a specified target
GPO. The targetGPO can be in a different domain or forest than that from which the
backup was made and it does nothave to exist prior to the operation.
The Restore-GPO cmdlet restores a GPO backup to the original domain from which it was
saved. If theoriginal domain is not available, or if the GPO no longer exists in the domain,
the cmdlet fails.
http://technet.microsoft.com/en-us/library/cc781458(v=WS.10).aspx
http://blogs.technet.com/b/askpfeplat/archive/2012/11/04/windows-server-2012-the-new-
and-improved-grouppolicy-management-console.aspx
You have a server that runs Windows Server 2012. The server contains the disks
A. a storage pool on Disk 2 and Disk 3

B. a spanned volume on Disk 2 and Disk 3
C. a mirrored volume on Disk 1 and Disk 3
D. a mirrored volume on Disk 2 and Disk 3
E. a RAID-5 volume on Disk 1, Disk 2, and Disk 3
F. a storage pool on Disk 1 and Disk 3
G. a spanned volume on Disk 0 and Disk 4
H. a mirrored volume on Disk 1 and Disk 4
Answer: D,E
Your network contains a server named Server1 that runs Windows Server 2012. App1 has
the Print and Document Services server role installed.
The network contains a network-attached print device named Printer1.
From App1, you share Printer1.
You need to ensure that users who have connected to Printer1 previously can print to
Printer1 if App1 fails.
To answer, select the appropriate option in the answer area.

Answer:
You have a server named Server1. Server1 runs Windows Server 2012.
Server1 has two network adapters and is located in a perimeter network.
You need to install a DHCP Relay Agent on Server1.
Which node should you use to add the DHCP Relay Agent? To answer, select the
appropriate node in the answer area.
Answer:
Your network contains an Active Directory domain named corp.contoso.com. The domain
contains a domain controller named DC1.
When you run ping dc1.corp.contoso.com, you receive the result as shown in the exhibit.
(Click the Exhibit button.)
You need to ensure that DC1 can respond to the Ping command.
Which rule should you modify?
To answer, select the appropriate rule in the answer area.
Answer:
Your network contains two Active Directory forests named contoso.com and adatum.com.
Both forests contain multiple domains. A two-way trust exists between the forests.
The adatum.com domain contains a domain local security group named Group1. Group1
contains adatum\user1 and contoso\user1.
You need to ensure that Group1 can only contain users from the adatum.com domain.
Which three actions should you perform?
To answer, move three actions from the list of actions to the answer area and arrange them
in the correct order.
Answer:
Your network contains an active directory domain named Contoso.com. The domain
contains 100 user accounts that reside in an organizational unit (OU) named OU1.
You need to ensure that user named user1 can link and unlink Group Policy
Objects(GPOs) to OU1. The solution must minimize the number of permissions assigned to
user1.
What should you do?
A. Run the Delegation of Control Wizard on the Policies containers

B. Run the Set-GPPermissioncmdlet
C. Run the Delegation of Control Wizard on OU1
D. Modify the permission on the user1 account
Answer: C
Explanation:
A. Not minimum permissions
B. Grants a level of permissions to a security principal for one GPO or all the GPOs in a
domain
C. Minimizes delegated permission to a single OU
D. Will not allow GPO changes to the OU
Delegation of Control Wizard
The following are common tasks that you can select to delegate control of them:
Create, delete, and manage user accounts
Reset user passwords and force password change at next logon
Read all user information
Modify the membership of a group
Join a computer to a domain
Manage Group Policy links
Generate Resultant Set of Policy (Planning)
Generate Resultant Set of Policy (Logging)
Create, delete, and manage inetOrgPerson accounts
Reset inetOrgPerson passwords and force password change at next logon
Read all inetOrgPerson information
contains a server named Server1. Server1 runs Windows Server 2012.
You create a group Managed Service Account named gservice1.
You need to configure a service named Service1 to run as the gservice1 account.
How should you configure Service1?
A. From the Services console, configure the General settings.

B. From Windows PowerShell, run Set-Service and specify the -StartupType parameter.
C. From a command prompt, run sc.exe and specify the config parameter.
D. From a command prompt, run sc.exe and specify the privs parameter.
Answer: C
Explanation:
A. General settings only allow you to stop, start and set type/paramaters
B. Set-Service provides a way for you to change the Description, StartupType, or
DisplayName of a service
C. Modifies service configuration
D. Sets the response/action on service failure
http://windows.microsoft.com/en-us/windows-vista/using-system-configuration
contains two servers named Server1 and Server2 that run Windows Server 2012.
You create a security template named Template1 by using the Security Templates snap-in.
You need to App1y Template1 to Server2.
A. Security Configuration and Analysis

B. Server Manager
C. Computer Management
D. Security Templates
Answer: A
Explanation:
Security templates are inactive until imported into a Group Policy object or the Security
Configurationand Analysis.
http://windows.microsoft.com/en-us/windows-vista/using-system-configuration
On a server named Corel, you perform a Server Core Installation of Windows Server 2012.
You join Corel to the adatum.com domain.
You need to ensure that you can use Event Viewer on Server1 to view the event logs on
Core1.
What should you do on Core1?
A. Run the Disable NetFirewallRulecmdlet.

B. Install Remote Server Administration Tools (RSAT).
C. Install Windows Management Framework.
D. Run the Enable-NetFirewallRulecmdlet.
Answer: D
contains a domain controller named DC1 that runs Windows Server 2012.
A user named User1 attempts to log on to DO, but receives the error message shown in
the exhibit. (Click the Exhibit button.)
You need to ensure that User1 can log on to DC1.
What should you do?
A. Modify the Account is sensitive and cannot be delegated setting of the User1 account.
B. Grant User1 the Allow log on locally user right.
C. Modify the Logon Workstations setting of the User1 account.
D. Add User1 to the Remote Management Users group.
Answer: B
Explanation:
Domain controllers, by default, restrict the types of user accounts that have the ability to log
on locally.
Domain controllers, by default, restrict the types of user accounts that have the ability to log
on locally.
By default, only members of the Account Operators, Administrators, Backup Operators,

Print Operators, andServer Operators groups have the Allowed logon locally system right.
If you want to grant a user account theability to log on locally to a domain controller, you
must either make that user a member of a group that alreadyhas the Allowed logon locally
system right or grant the right to that user account.
Edit Default Domain Controllers Policy

Expand Computer Configuration, Policies, Windows Settings, Security Settings, Local
Policies, click UserRights Assignment.
Double-click Allow Logon Locally.
All user accounts in the sales department reside in an organizational unit (OU) named
OU1.
You have a Group Policy object (GPO) named GPO1. GPO1 is used to deploy a logon
script to all of the users in the sales department.
You discover that the logon script does not run when the sales users log on to their
computers.
You open Group Policy Management as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that the logon script in GPO1 is App1ied to the sales users.
What should you do?
A. Modify the Delegation settings of GPO1.

B. Modify the link order of GPO1.
C. Enforce GPO1.
D. Enable the link of GPO1.
Answer: C
An organizational unit (OU) named OU1 contains user accounts and computer accounts.
A Group Policy object (GPO) named GP1 is linked to the domain. GP1 contains Computer
Configuration settings and User Configuration settings.
You need to prevent the User Configuration settings in GP1 from being App1ied to users.
The solution must ensure that the Computer Configuration settings in GP1 are App1ied to
all client computers.

A. The Group Policy loopback processing mode
B. The Enforced setting
C. The Block Inheritance feature
D. The GPO Status
Answer: A
Explanation:
A. Group Policy loopback with replace option needs to be used
B. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher
sites, domains, ororganizational units from being automatically inherited by the child-level
C. Enforced prevent blocking at lower level
D. The GPO Status. This indicates whether either the user configuration or computer
configuration of the GPOis enabled or disabled.
You can use the Group Policy loopback feature to App1y Group Policy Objects (GPOs) that
depend only onwhich computer the user logs on to.
User Group Policy loopback processing can be enabled in one of two modes: merge or
replace. In mergemode, both GPOs App1ying to the user account and GPOs App1ying to
the computer account are processedwhen a user logs in. GPOs that App1y to the computer
account are processed second and therefore takeprecedence if a setting is defined in
both the GPO(s) App1ying to the user account, and the GPO(s) App1yingto the computer
account, the setting in the GPO(s) App1ying to the computer account will be enforced. With
thereplace mode, GPOs App1ying to the user account are not processed only the GPOs
App1ying to thecomputer account are App1ied.
Loopback can be set to Not Configured, Enabled, or Disabled. In the Enabled state,
loopback can be set toMerge or Replace. In either case the user only receives user-related
policy settings.
Loopback with ReplaceIn the case of Loopback with Replace, the GPO list for the user is
replaced in itsentirety by the GPO list that is already obtained for the computer at computer
startup (during step 2 in GroupPolicy processing and precedence). The User Configuration
settings from this list are App1ied to the user.
Loopback with MergeIn the case of Loopback with Merge, the Group Policy object list is
a concatenation.
The default list of GPOs for the user object is obtained, as normal, but then the list of GPOs
for the computer(obtained during computer startup) is appended to this list. Because the
computer's GPOs are processed afterthe user's GPOs, they have precedence if any of the
settings conflict.
This is a COMPUTER setting, which is found under Computer Configuration |
Administrative Templates |
System | Group Policy | User Group Policy Loopback Processing Mode
You want to create a new OU in AD that is dedicated to computer accounts that will have
loopbackprocessing enabled.
Create a new GPO in your new OU to enable User Group Policy Loopback Processing and
set theappropriate mode (merge / replace).
You will define the user settings you want to App1y to the loopback-enabled PCs via GPOs
in this same newOU. You can define these settings either in the same GPO where you
enabled the User Group PolicyLoopback Processing setting, or you create another new
GPO in the same OU for your user settings.
Remember that when using the REPLACE mode, none of your other user GPOs will be
App1ied whena user logs in to a machine that has loopback processing enabled. ONLY the
user settings that aredefined in the GPOs that App1y to that machine will be App1ied.
http://msmvps.com/blogs/cgross/archive/2009/10/12/group-policy-loopback-
processing.aspx
http://technet.microsoft.com/en-us/magazine/dd673616.aspx
You deploy a server named Server1 that runs Windows Server 2012.
You install a new client-server Application named App1 on Server1 and on the client
computers. The client computers must use TCP port 6444 to connect to App1 on Server1.
Server1 publishes the information of App1 to an intranet server named Server2 by using
TCP port 3080.
You need to ensure that all of the client computers can connect to App1. The solution must
ensure that the Application can connect to Server2.
Which Windows Firewall rule should you create on Server1?
A. An inbound rule to allow a connection to TCP port 6444

B. An outbound rule to allow a connection to TCP port 6444
C. An inbound rule to allow a connection to TCP port 3080
D. An outbound rule to allow a connection to TCP port 3080
Answer: A
Explanation:
Server1 gets request from Client PC's it needs a inbound rule for 6444
By default, Windows Firewall with Advanced Security blocks all unsolicited inbound
network traffic,and allows all outbound network traffic. For unsolicited inbound network
traffic to reach your computer, youmust create an allow rule to permit that type of network
traffic. If a network program cannot get access,verify that in the Windows Firewall with
Advanced Security snap-in there is an active allow rule for the currentprofile. To verify that
there is an active allow rule, double-click Monitoring and then click Firewall.
If there is no active allow rule for the program, go to the Inbound Rules node and create a
new rule for thatprogram. Create either a program rule, or a service rule, or search for a
group that App1ies to the feature andmake sure all the rules in the group are enabled. To
permit the traffic, you must create a rule for the programthat needs to listen for that traffic. If
you know the TCP or UDP port numbers required by the program, you canadditionally
restrict the rule to only those ports, reducing the vulnerability of opening up all ports for
theprogram.
http://social.technet.microsoft.com/wiki/contents/articles/13894.troubleshooting-windows-
firewall-withadvanced-security-in-windows-server-2012.aspx
You have a server named Server1 that runs Windows Server 2012. Server1 has following
storage spaces:
Data
Users
Backups
Primordial
You add an additional hard disk to Server1.
You need to identify which storage space contains the new hard disk.
Which storage space contains the new disk?
A. Data
B. Primordial
C. Users
D. Backups
Answer: B
Explanation:
New Disks (Unallocated space) added to Primordial spacePrimordial Pool?
All storage that meets acceptable criteria for Storage Spaces will be placed in the
Primordial Pool. Thiscan be considered the default pool for devices from which any other
pools will be created.
Notice that there are no other virtual disks or pools at this point. The Primordial Pool will
only consist ofphysical storage devices that do not belong to any other pools.

http://blogs.technet.com/b/canitpro/archive/2012/12/13/storage-pools-dive-right-in.aspx
http://blogs.technet.com/b/askpfeplat/archive/2012/10/10/windows-server-2012-storage-
spaces-is-it-for-youcould-be.aspx
Your network contains two Hyper-V hosts named Host1 and Host2. Host1 contains a virtual
machine named VM1. Host2 contains a virtual machine named VM2. VM1 and VM2 run
You install the Network Load Balancing feature on VM1 and VM2.
You need to ensure that the virtual machines are configured to support Network Load
Balancing (NLB).
Which virtual machine settings should you configure on VM1 and VM2?
A. Port mirroring
B. Router guard
C. DHCP quard
D. MAC address
Answer: D
Explanation:
In Hyper-V, the VM host prevents dynamic MAC address updates as an extra layer of
security in thedatacenter. This is because the VM may have full administrator rights, yet it
may be untrusted in thedatacenter, for example when the VM hosting is provided by an
independent hosting company. In this scenario,we need to make sure that one VM cannot
cause a DOS or information disclosure attack against another VM.
If a VM is able to spoof its MAC address, then it can spoof the MAC addresses of other
VMs and impactother VMs on that host. The physical switches have similar protections and
it is up to the admin to enable thatprotection or not.
If you do not enable spoofing of MAC address prior to configuring NLB on the VM you
could potentially haveproblems with the NLB cluster.
When configuring NLB in unicast mode on Hyper-V with enable spoofing of MAC Address
disabled you maysee some of the following symptoms:
When initially configuring NLB you will lose network connectivity on the network adaptor
NLB was configuredon.
There will be an NLB error event in the Windows Event Log stating that the network
adaptor does not supportdynamic MAC address updates.
After rebooting the server, NLB will appear to be bound to the network adapter, but the
cluster VIP will nothave been added to the network adaptor.
The cluster MAC address will still be the original MAC address associated with the
network adaptor prior toconfiguring NLB. Use CMD>ipconfig /all to view the MAC address.
It should start with "02-BF-***"
If you ignore all previous symptoms and manually add the VIP you could get an IP conflict
if there are othernodes in the cluster that have the same VIP.
With that said, to allow VM guests to run NLB you need to set the VM property for "Enable
spoofing of MACAddress".
To enable spoofing of MAC Addresses open the Hyper-V management console. Make sure
the VM is stoppedopen the properties of the VM. Select the Network Adaptor for the NLB
VM and check the "Enable spoofing ofMAC Address" and click OK. Then start the VM.
contains a server named Server1. Server1 runs Windows Server 2012 and has the Hyper-
On Server1, you create a virtual machine named VM1.
When you try to add a RemoteFX 3D Video Adapter to VM1, you discover that the option is
unavailable as shown in the following exhibit. (Click the Exhibit button.)
You need to add the RemoteFX 3D Video Adapter to VM1.
A. On Server1, install the Media Foundation feature.

B. On Server1, install the Remote Desktop Visualization Host (RD Visualization Host) role
service.
C. On Server1, run the Enable-VMRemoteFxPhysicalVideoAdaptercmdlet.
D. On Server1, run the Add-VMRemoteFx3dVideoAdapter cmdlet.
Answer: D
Explanation:
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/c7a6cf20-9c66-4fda-
ac36-0f069660c174/
Does Hyper-V Server 01 support RemoteFX desktops?
I am not sure if you already solved this but I ran into an issue when I was trying to enable
the
RemoteFX video adapter to a VM and had to add it using powershell. This is what I used:
Import-Module RemoteDesktopServices
Add-VMRemoteFx3dVideoAdapter -VMNameVirtualMachineName Where
VirtualMachineName isthe name of your VM. If I did not do this it was impossible to add the
vGPU to the VM and it justgave me errors.
Add-VMRemoteFx3dVideoAdapter -VMNameVirtualMachineName
Your company has a main office and two branch offices. The offices connect to each other
by using a WAN link.
In the main office, you have a server named Server1 that runs Windows Server 2012.
Server1 is configured to use an IPv4 address only.
You need to assign an IPv6 address to Server1. The IP address must be private and
routable.
Which IPv6 address should you assign to Server1?
A. ff00:3fff:65df:145c:dca8::82a4
B. 2001:ab32:145c::32cc:401b
C. fe80:ab32:145c::32cc:401b
D. fd00:ab32:14:ad88:ac:58:abc2:4
Answer: D
Explanation:
pg 266 Chapter 6 : Installing and Configuring Windows Server 2012
Unique local addresses
Unique local addresses are IPv6 addresses that are private to an organization in the same
way that private addressessuch as 10.x.x.x, 192.168.x.x, or 172.16.0.0 -
172.31.255.255can be used on an IPv4 network.
Unique local addresses, therefore, are not routable on the IPv6 Internet in the same way
that an address like 10.20.100.55 is not routable on the IPv4 Internet.
A unique local address is always structured as follows:

The first 8 bits are always 11111101 in binary format. This means that a unique local
address always begins with FD and has a prefix identifier of FD00::/8.
Your network contains three servers. The servers are configured as shown in the following
table.
Your company plans to standardize all of the servers on Windows Server 2012.
You need to recommend an upgrade path for each server.
Upgrade the existing operating system whenever possible.

Minimize hardware purchases.
Which upgrade path should you recommend for each server?
To answer, drag the appropriate upgrade path to each server in the answer area. Each
upgrade path may be used once, more than once, or not at all.
Answer:
Your network contains an Active Directory forest. The forest functional level is Windows
Server 2012. The forest contains a single domain.
The domain contains a member server named Server1. Server1 runs Windows Server
2012.
You purchase a network scanner named Scanner1 that supports Web Services on Devices
(WSD).
You need to share the network scanner on Server1.
Which server role should you install on Server1?
A. Web Server (IIS)

B. Fax Server
C. File and Storage Services
D. Print and Document Services
Answer: D
Explanation:
A. Can share printers, scanners and fax
Print and Document Services enables you to centralize print server and network printer
tasks. With this role,you can also receive scanned documents from network scanners and
route the documents to a sharednetwork resource, Windows SharePoint Services site, or
email addresses.
Windows Server 2012 uses Web Services on Devices (WSD) technologies to integrate
scanning devices intothe system
You have a server named Server1. Server1 runs Windows Server 2012 and has the File
and Storage Services server role installed.
You attach four 500-GB disks to Server1.
You need to configure the storage to meet the following requirements:
Storage for an Application named Application1 must be provided. Application1

requires 20 GB and will require a maximum of 800 GB in three years.
Storage for an Application named Application2 must be provided. Application2
requires 20 GB and will require a maximum of 900 GB in three years.
The solution must provide the ability to dynamically add storage without requiring
configuration changes to the Applications.
The storage must be available if a single disk fails.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. From File and Storage Services, create virtual disks by using fixed provisioning.
B. From File and Storage Services, create a storage pool that uses all four disks.
C. From Disk Management, create two new mirror volumes that use two disks each.
D. From Disk Management, create a new RAID-5 volume that uses all four disks.
E. From File and Storage Services, create virtual disks by using thin provisioning.
Answer: A,B
Explanation:
A. 2 VHD's set to fixed size of 800 & 900GB
B. Allows Fault Tolerance
C. No Fault Tolerance MAX when mirroring 2 500GB drives
D. 1500GB MAX App's require 1700GB MAX
E. No Fault Tolerance
Your network contains an Active Directory forest named contoso.com. The forest contains
a child domain named europe.contoso.com. The europe.contoso.com child domain
You install the DHCP Server server role on Server1.
You have access to the administrative accounts shown in the following table.
You need to authorize Server1.
Which user account should you use?
A. Admin1
B. Admin2
C. Admin3
D. Admin4
Answer: D
Explanation:
A. Local account can't be used
B. Authorization needs to happen in contoso.com and must be aEnt Admin
C. Authorization needs to happen in contoso.com and must be aEnt Admin
D. Correct domain and is a member of Ent Admin's
Topic 2, Volume B
contains a server named Server1 that runs Windows Server 2012. Server1 contains a
single virtual machine named VM1.
You need to ensure that a user named User1 can manage the virtual machine settings of
VM1.
The solution must minimize the number of permissions assigned to User1.
To which group should you add User1?

A. Administrators
B. Power Users
C. Hyper-V Administrators
D. Server Operators
Answer: C
Explanation:
This group can reduce the number of users that belong to the local Administrators group
while providing users with access to Hyper-VSimplified authorization:
The Hyper-V Administrators group is introduced and is implemented as a local security

group.
What value does this change add?
This group can reduce the number of users that belong to the local Administrators group
while providingusers with access to Hyper-V.
What works differently?
The Hyper-V Administrators group is a new local security group. Add users to this group
instead of thelocal Administrators group to provide them with access to Hyper-V. Members
of the Hyper-V
Administrators have complete and unrestricted access to all features of Hyper-V.
Your network contains multiple subnets.
On one of the subnets, you deploy a server named Server1 that runs Windows Server
2012.
You install the DNS Server server role on Server1, and then you create a standard primary
zone named contoso.com.
You need to ensure that client computers can resolve single-label names to IP addresses.
A. Create a reverse lookup zone.

B. Convert the contoso.com zone to an Active Directory-integrated zone.
C. Configure dynamic updates for contoso.com.
D. Create a GlobalNames zone.
Answer: D
Explanation:
Use GlobalNames zones in Windows Server 2008 to take advantage of single-label names
Providing Single-Label DNS Name Resolution:
While Domain Name System (DNS) is the predominant name-resolution technology in
TCP/IP networks,Windows Internet Name Service (WINS) is deployed in many networks as
an alternative name-resolutionprotocol.
GlobalNames Zone (GNZ) feature:

The GNZ feature is designed to enable DNS resolution of these single-label, static, global
names.
You can deploy a GNZ in a single forest or across multiple forests.
GNZ is intended to aid the retirement of WINS. It is not a replacement for WINS. GNZ is
not intended tosupport the single-label name resolution of records that are registered
dynamically and therefore not managedby IT administrators. GNZ does make it possible for
you to provide single-label name resolution of a fixed set ofhost computers whose names
are guaranteed to be both global and unique.
You have a server named Server1 that runs Windows Server 2012. Server1 has six
network adapters. Two of the network adapters are connected to a network named LAN1,
two of the network adapters are connected to a network named LAN2, and two of the
network adapters are connected to a network named LAN3.
You create a network adapter team named Team1 from the two adapters connected to
LAN1.
You create a network adapter team named Team2 from the two adapters connected to
LAN2.
A company policy states that all server IP addresses must be assigned by using a reserved
address in DHCP.
You need to identify how many DHCP reservations you must create for Server1.
How many reservations should you identify?
A. 3
B. 4
C. 6
D. 8
Answer: B
Explanation:
2 Adapters = LAN1 = Team1 = 1 IP
2 Adapters = LAN2 = Team2 = 1 IP
2 Adapters = LAN3 = No Team = 2 IP
1+1+2=4
Windows Server 2012. The domain contains a server named Server1.
You open Review Options in the Active Directory Domain Services Configuration Wizard,
and then you click View script.
You need to ensure that you can use the script to promote Server1 to a domain controller.
Which file extension should you use to save the script?
A. .ps1
B. .bat
C. .xml
D. .cmd
Answer: A
Explanation:
The View Script button is used to view the corresponding PowerShell script
The PowerShell script extension is .ps1, The Answer could logically be either a .cmd file or
a .bat file.
According to http://www.fileinfo.com/:
PAL - Settings file created by Corel Painter or Palette of colors used by Dr. Halo bitmap
images
BAT - DOS batch file used to execute commands with the Windows Command Prompt
(cmd.exe); contains aseries of line commands that typically might be entered at the DOS
command prompt; most commonly used tostart programs and run maintenance utilities
within Windows.
XML - XML (Extensible Markup Language) data file that uses tags to define objects and
object attributes;formatted much like an .HTML document, but uses custom tags to define
objects and the data within eachobject; can be thought of as a text-based database.
CMD - Batch file that contains a series of commands executed in order; introduced with
Windows NT, but canbe run by DOS or Windows NT systems; similar to a .BAT file, but is
run by CMD.EXE instead of COMMAND.COM.
You promote Server1 to domain controller.
You need to view the service location (SVR) records that Server1 registers on DNS.
A. Open the Srv.sys file

B. Open the Netlogon.dns file
C. Run ipconfig/displaydns
D. Run Get-DnsServerDiagnostics
Answer: B
Explanation:
A. Timestamp server driver
B. Netlogon service creates a log file that contains all the locator resource records stored in
netlogon.
C. used to display current resolver cache content
D. Gets DNS event logging details
Server1.

A. The Add-WindowsPackagecmdlet
B. The ocsetup.exe command
C. The Add-WindowsFeaturecmdlet
D. The Install-RoleServicecmdlet
Answer: C
Explanation: http://technet.microsoft.com/en-us/library/ee662309.aspx
You have a server named Server1. Server1 runs Windows Server 2012.
Server1 has two network adapters. Each network adapter must be configured as shown in
the following table.
You need to configure the correct IPv6 address prefix for each network adapter.
Which prefix should you select for each network adapter?
To answer, drag the appropriate IPv6 prefix to the correct network adapter in the answer
area.
Each prefix may be used once, more than once, or not at all. You may need to drag the
split bar between panes or scroll to view content.
Answer:
contains a server named Server1. Server1 runs a Server Core installation of Windows
Server 2012.
You install the DNS Server server role on Server1.
You need to perform the following configurations on Server1:
Create an Active Directory-integrated zone named adatum.com.

Send unresolved DNS client queries for other domain suffixes to the DNS server of
your company's Internet Service Provider (ISP).
Which Windows PowerShell cmdlets should you use?

To answer, drag the appropriate cmdlet to the correct configuration in the answer area.
Each cmdlet may be used once, more than once, or not at all. You may need to drag the
split bar between panes or scroll to view content.
Answer:
You have a DNS server named Server1. Server1 runs Windows Server 2012.
The network ID is 10.1.1.0/24.
An administrator creates several reverse lookup zones.
You need to identify which reverse lookup zone is configured correctly.
Which zone should you identify?
To answer, select the appropriate zone in the answer area.

Answer:
Your company has a main office that contains 225 client computers. The client computers
are located on a subnet that uses the network ID of 10.10.1.0/24.
The company plans to open two branch offices. The offices will be configured as shown in
the following table.
You need to select a network prefix for each office to ensure that there are enough IPv4
addresses for each client computer. The solution must minimize the number of unused IP
addresses.
Which network prefixes should you select?To answer, drag the appropriate network prefix
to the correct branch office in the answer area.
Answer:
contains 500 client computers that run Windows 8. All of the client computers connect to
the Internet by using a web proxy.
computers.
A. Create a primary zone named ".".

B. Configure the Security settings of the contoso.com zone.
C. Create a zone delegation for GlobalNames.contoso.com.
D. Create a stub zone named "root".
Answer: D
contains 100 user accounts that reside in an organizational unit (OU) named 0U1.
You need to ensure that a user named User1 can link and unlink Group Policy objects
(GPOs) to OU1.
What should you do?

A. Modify the permissions on OU1.
B. Run the Set-GPPermissioncmdlet.
C. Add User1 to the Group Policy Creator Owners group.
D. Modify the permissions on the User1 account.
Answer: A
A. System Configuration
B. Authorization Manager
D. Local Security Policy
Answer: A
How can you manage an newly installed server 2012 core from a another server 2012 with
computer manager?
Answer:
Server1 has 2 dual-core processors and 16 GB of RAM.
You install the Hyper-V server role in Server1.
You plan to create two virtual machines on Server1.
You need to ensure that both virtual machines can use up to 8 GB of memory. The solution
must ensure that both virtual machines can be started simultaneously.
What should you configure on each virtual machine?
A. Dynamic Memory
B. NUMA topology
C. Memory weight
D. Resource Control
Answer: A
Explanation:
A. Dynamic Memory adjusts the amount of memory available to a virtual machine, based
on changes in memory demand and values that you specify
B. Used for high performance apps like SQL
C. Provides Hyper-V with a way to determine how to distribute memory among virtual
machines if there is not enough physical memory available in the computer to give every
virtual machine its requested amount of memory.
D. Resource controls provide you with several ways to control the way that Hyper-V
allocates resources to virtual machine.
Your network contains an active directory domain named Contoso.com. The domain
contains a server named Server1 that runs Windows server 2012 and has the Hyper-V
You have a virtual machine named VM1. VM1 has a snapshot.
You need to modify the Snapshot File Location of VM1.
What should you do First?
A. Copy the snapshot file

B. Pause VM1
C. Shut down VM1
D. Delete the snapshot
Answer: A
Your network contains an active directory domain named contoso.com. The domain
contains a domain controller named DCS. DCS has a server core installation of windows
server 2012.
You need to uninstall Active Directory from DC5 manually.
A. The Remove-WindowsFeaturecmdlet
B. the dsamain.exe command
C. the ntdsutil.exe command
D. the Remove-ADComputercmdlet
Answer: C
Explanation:
A. Removes Roles and Features to remove DC use Uninstall-addsdomaincontroller
B.Exposes Active Directory data that is stored in a snapshot or backup as a Lightweight
Directory Access
Protocol (LDAP) server
C. Manually removes a domain controller
D. Removes AD computer object
Several users are members of the local Administrators group.
You need to ensure that all local administrators receive User Account Control (UAC)
prompts when they run a Microsoft Management Console (MMC).
Which setting should you modify from the Local Security Policy?
To answer, select the appropriate settings in the answer area.
Answer:
What should you do for server core so it can be managed from another server 2012?
A. 1
B. 2
C. 3
D. 4
E. 5
F. 6
G. 7
H. 8
I. 9
J. 10
K. 11
L. 12
M. 13
N. 14
O. 15
Answer: H
Explanation:
4) Configure Remote Management is already "Enabled".

You have a print server named Server1. Server1 runs Windows Server 2008 R2. You have
a file server named Server2. Server2 runs Windows Server 2012.
You need to migrate all of the printers on Server1 to Server2.
Which actions should you perform on the servers?
Answer:

A network technician installs Windows Server 2012 Standard on a server named Server1.
A corporate policy states that all servers must run Windows Server 2012 Enterprise.
You need to ensure that Server1 complies with the corporate policy. You want to achieve
this goal by using the minimum amount of administrative effort.
What should you perform?
A. a clean installation of Windows Server 2012

B. an upgrade installation of Windows Server 2012
C. online servicing by using Dism
D. offline servicing by using Dism
Answer: C
Explanation:
A. Not least effort
B. Not least effort
C. dism /online /set-edition
D. offline would be less ideal and more workex: DISM /online /Set-Edition:ServerEnterprise
/ProductKey:489J6-VHDMP-X63PK-3K798-CPX3YWindows Server 2008 R2/2012
contains a command-line utility called DISM (Deployment Image Servicing
andManagement tool). This tool has many features, but one of those features is the ability
to upgrade the edition ofWindows in use. Note that this process is for upgrades only and is
irreversible. You cannot set a Windowsimage to a lower edition. The lowest edition will not
appear when you run the /Get-TargetEditions option.
If the server is running an evaluation version of Windows Server 2012 Standard or

Windows Server 2012Datacenter, you can convert it to a retail version as follows:
If the server is a domain controller, you cannot convert it to a retail version. In this case,
install an additionaldomain controller on a server that runs a retail version and remove AD
DS from the domain controller thatruns on the evaluation version.
From an elevated command prompt, determine the current edition name with the command
DISM /online /Get-CurrentEdition. Make note of the edition ID, an abbreviated form of the
edition name. Then run DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-
XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula,providing the edition ID and a retail product
key. The server will restart twice.
http://technet.microsoft.com/en-us/library/dd744380%28v=ws.10%29.aspx
http://blogs.technet.com/b/server_core/archive/2009/10/14/upgrading-windows-server-
2008-r2-without-media.aspx
http://communities.vmware.com/people/vmroyale/blog/2012/05/30/howto-upgrading-
windows-edition-with-dism
You have a domain controller named Server1 that runs Windows Server 2012 and has the
DNS Server server role installed. Server1 hosts a DNS zone named contoso.com and a
GlobalNames zone.
You discover that the root hints were removed from Server1.
You need to view the default root hints of Server1.
What should you do?
A. From Event Viewer, open the DNS Manager log.

B. From Notepad, open the Cache.dns file.
C. From Windows Powershell, run Get-DNSServerDiagnostics.
D. From nslookup, run root server1.contoso.com
Answer: B
Explanation:
A. Allows you to troubleshoot DNS issues
B. DNS Server service implements root hints using a file, Cache.dns, stored in the
systemroot\System32\Dnsfolder on the server
C. Gets DNS event logging details
D.

The domain contains a server named Server1.
You install the Windows PowerShell Web Access gateway on Server1.
You need to provide administrators with the ability to manage the servers in the domain by
using the Windows PowerShell Web Access gateway.
Which two cmdlets should you run on Server1? (Each correct answer presents part of the
A. Set-WSManQuickConfig
B. Set-WSManInstance
C. Add-PswaAuthorizationRule
D. Set-BCAuthentication
E. Install-PswaWebApplication
Answer: C,E
Explanation:
A. Configures the local computer for remote management.
B. Modifies the management information that is related to a resource.
C. Adds a new authorization rule to the Windows PowerShell Web Access authorization
rule set.
D. Specifies the BranchCache computer authentication mode.
E. Configures the Windows PowerShellWeb Access web Application in IIS.
contains a server named Server1. Server1 runs Windows Server 2012 and is configured as
the only domain controller.
You need to retrieve a list of all the user accounts. The list must include the last time each
user was authenticated successfully.
Which Windows PowerShell command should you run?
To answer, drag the appropriate cmdlet or property to the correct locations to complete the
PowerShell command in the answer area. Each cmdlet or property may be used once,
more than once, or not at all. You may need to drag the split bar between panes or scroll to
view content.
Answer:
Your network contains an Active Directory domain named adatum.com. All domain
controllers run Windows Server 2012. All client computers run Windows 7. The computer
accounts for all of the client computers are located in an organizational unit (OU) named
OU1.
An administrator links a Group Policy object (GPO) to OU1. The GPO contains several
Application control policies.
You discover that the Application control policies are not enforced on the client computers.
You need to modify the GPO to ensure that the Application control policies are enforced on
the client computers.
What should you configure in the GPO?
To answer, select the appropriate service in the answer area.

Answer:
On Server1, you create a printer named Printer1. You share Printer1 and publish Printer1
in Active Directory.
You need to provide a group named Group1 with the ability to manage Printer1.
What should you do?
A. From Print Management, configure the Sharing settings of Printer1.

B. From Active Directory Users and Computers, configure the Security settings of Server1-
Printer1.
C. From Print Management, configure the Security settings of Printer1.
D. From Print Management, configure the Advanced settings of Printer1.
Answer: C
Explanation: Set permissions for print servers
Open Print Management.
In the left pane, clickPrint Servers, right-click the App1icable print server and then
clickProperties.
On theSecuritytab, underGroup or users names, click a user or group for which
you want to set permissions.
UnderPermissions for <user or group name>, select theAlloworDenycheck boxes
for the permissions listed as needed.
To editSpecial permissions, clickAdvanced.
On thePermissionstab, click a user group, and then clickEdit.
In thePermission Entrydialog box, select theAlloworDenycheck boxes for the
permissions that you want to edit.
Note:
*
Reference: Set Permissions for Print Servers
contains three servers named Server1, Served, and Server3.
You create a server group named ServerGroup1.

You discover the error message shown in the following exhibit. (Click the Exhibit button.)
You need to ensure that Server2 can be managed remotely by using Server Manager.
What should you do?
A. On DC1, run the Enable-PSSessionConfigurationcmdlet.

B. On Server2, run the Add-Computer cmdlet.
C. On Server2/ modify the membership of the Remote Management Users group.
D. From Active Directory Users and Computers, add a computer account named Server2,
and then restart Server2.
Answer: C
Explanation: This is a security issue. To be able to access Server2 remotely through
Server Manager the user need to be a member of the Remote Management Users group.
Note:
* Name: BUILTIN\Remote Management Users
Description: A Builtin Local group. Members of this group can access WMI resources over
management protocols (such as WS-Management via the Windows Remote Management
service). This App1ies only to WMI namespaces that grant access to the user.
* Enable-ServerManagerStandardUserRemoting
Provides one or more standard, non-Administrator users access to event, service,
performance counter, and role and feature inventory data for a server that you are
managing by using Server Manager.
Syntax:
Parameter Set: Default
Enable-ServerManagerStandardUserRemoting [-User] <String[]> [-Force] [-Confirm] [-
WhatIf] [ <CommonParameters>]
Detailed Description
Provides one or more standard, non-Administrator users access to event, service,
performance counter, and role and feature inventory data for a server that you are
managing, either locally or remotely, by using Server Manager. The cmdlet must be run
locally on the server that you are managing by using Server Manager. The cmdlet works by
performing the following actions:
Adds access rights for specified standard users to the root\cimv2 namespace on the local
server (for access to role and feature inventory information).
Adds specified standard users to required user groups (Remote Management Users,
Event Log Readers, and Performance Log Readers) that allow remote access to event and
performance counter logs on the managed server.
Changes access rights in the Service Control Manager to allow specified standard users
remote access to the status of services on the managed server.
Incorrect:
Not A: the Enable-PSSessionConfiguration.This is an advanced cmdlet that is designed to
be used by system administrators to manage customized session configurations for their
users.
Reference: Enable-ServerManagerStandardUserRemoting
contains two servers named Server1 and Server2. Server1 runs Windows Server 2012.
Server2 runs Windows Server 2008 R2 Service Pack 1 (SP1) and has the DHCP Server
You need to manage DHCP on Server2 by using the DHCP console on Server1.
A. From the Microsoft Management Console on Server1, add a snap-in.

B. From Windows PowerShell on Server1, run Install-WindowsFeature.
C. From Windows Firewall with Advanced Security on Server2, create an inbound rule.
D. From Internet Explorer on Server2, download and install Windows Management
Framework 3.0.
Answer: A
An iSCSI SAN is available on the network.
You create a LUN on the SAN.
You need to provide VM1 with access to the LUN. The solution must prevent other virtual
machines from accessing the LUN.
A. A fixed-size VHDX
B. A fixed-size VHD
C. A dynamically expanding VHD
D. A dynamically expanding VHDX
E. A pass-through disk
Answer: E
Explanation:
You can use physical disks that are directly attached to a virtual machine as a storage
option on themanagement operating system. This allows virtual machines to access
storage that is mapped directly to theserver running Hyper-V without first configuring the
volume. The storage can be either a physical disk which isinternal to the server, or a SAN
logical unit number (LUN) that is mapped to the server (a LUN is a logicalreference to a
portion of a storage subsystem). The virtual machine must have exclusive access to
thestorage, so the storage must be set in an Offline state in Disk Management. The storage
is not limited insize, so it can be a multiterabyte LUN.
When using physical disks that are directly attached to a virtual machine, you should be
aware of the following:
This type of disk cannot be dynamically expanded.
You cannot use differencing disks with them.
You cannot take virtual hard disk snapshots.
Att:
If you are installing an operating system on the physical disk and it is in an Online state
before the virtualmachine is started, the virtual machine will fail to start. You must store the
virtual machine configuration file inan alternate location because the physical disk is used
by the operating system installation. For example,locate the configuration file on another
internal drive on the server running Hyper-V.
http://technet.microsoft.com/en-us/library/ee344823%28v=ws.10%29.aspx
hyper-v.aspx
Windows Server 2012. Client computers run either Windows 7 or Windows 8.
All of the computer accounts of the client computers reside in an organizational unit (OU)
named Clients. A Group Policy object (GPO) named GP01 is linked to the Clients OU. All
of the client computers use a DNS server named Server1.
You configure a server named Server2 as an ISATAP router. You add a host (A) record for
ISATAP to the contoso.com DNS zone.
You need to ensure that the client computers locate the ISATAP router.
What should you do?
A. Run the Add-DnsServerResourceRecordcmdlet on Server1.

B. Configure the DNS Client Group Policy setting of GPO1.
C. Configure the Network Options Group Policy preference of GPO1.
D. Run the Set-DnsServerGlobalQueryBlockListcmdlet on Server1.
Answer: D
Explanation:
Windows Server 2008 introduced a new feature, called "Global Query Block list", which
prevents somearbitrary machine from registering the DNS name of WPAD.
This is a good security feature, as it prevents someone from just joining your network, and
setting himself up asa proxy.
The dynamic update feature of Domain Name System (DNS) makes it possible for DNS
client computers toregister and dynamically update their resource records with a DNS
server whenever a client changes itsnetwork address or host name.
This reduces the need for manual administration of zone records. This convenience comes
at a cost, however,because any authorized client can register any unused host name, even
a host name that might havespecial significance for certain Applications. This can allow a
malicious user to take over a special nameand divert certain types of network traffic to that
user's computer.
Two commonly deployed protocols are particularly vulnerable to this type of takeover: the
Web ProxyAutomatic Discovery Protocol (WPAD) and the Intra-site Automatic Tunnel
Addressing Protocol (ISATAP).
Even if a network does not deploy these protocols, clients that are configured to use them
are vulnerable to thetakeover that DNS dynamic update enables.
Most commonly, ISATAP hosts construct their PRLs by using DNS to locate a host named
isatap on the localdomain. For example, if the local domain is corp.contoso.com, an
ISATAP-enabled host queries DNS to obtainthe IPv4 address of a host named
isatap.corp.contoso.com.
In its default configuration, the Windows Server 2008 DNS Server service maintains a list
of names that, ineffect, it ignores when it receives a query to resolve the name in any zone
for which the server is authoritative.
Consequently, a malicious user can spoof an ISATAP router in much the same way as a
malicious user canspoof a WPAD server: A malicious user can use dynamic update to
register the user's own computer as acounterfeit ISATAP router and then divert traffic
between ISATAP-enabled computers on the network.
The initial contents of the block list depend on whether WPAD or ISATAP is already
deployed when you addthe DNS server role to an existing Windows Server 2008
deployment or when you upgrade an earlier versionof Windows Server running the DNS
Server service.
Add-DnsServerResourceRecord - The Add-DnsServerResourceRecordcmdlet adds a

resource record for aDomain Name System (DNS) zone on a DNS server.
You can add different types of resource records. Use different switches for different record
types.
By using this cmdlet, you can change a value for a record, configure whether a record has
a time stamp,whether any authenticated user can update a record with the same owner
name, and change lookup timeoutvalues, Windows Internet Name Service (WINS) cache
settings, and replication settings.
Set-DnsServerGlobalQueryBlockList - The Set-DnsServerGlobalQueryBlockListcmdlet

changes settingsof a global query block list on a Domain Name System (DNS) server.
This cmdlet replaces all names in the list of names that the DNS server does not resolve
with the names thatyou specify.
If you need the DNS server to resolve names such as ISATAP and WPAD, remove these
names from the list.
Web Proxy Automatic Discovery Protocol (WPAD) and Intra-site Automatic Tunnel
Addressing Protocol(ISATAP) are two commonly deployed protocols that are particularly
vulnerable to hijacking.
http://technet.microsoft.com/en-us/security/bulletin/ms09-008
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0093
Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and
Server 2008, whendynamic updates are enabled, does not restrict registration of the
"wpad" hostname, which allows remoteauthenticated users to hijack the Web Proxy Auto-
Discovery (WPAD) feature, and conduct man-in-the-middleattacks by spoofing a proxy
server, via a Dynamic Update request for this hostname, aka "DNS ServerVulnerability in
WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
contains a server named Server1 that runs Windows Server 2012 and has the Remote
Access server role installed.
A user named User1 must connect to the network remotely. The client computer of User1
requires Challenge Handshake Authentication Protocol (CHAP) for remote connections.
CHAP is enabled on Server1.
You need to ensure that User1 can connect to Server1 and authenticate to the domain.
A. From the properties of Server1, select Trust this computer for delegation to any service
(Kerberos only).
B. From the properties of Server1, assign the Allowed to Authenticate permission to User1.
C. From the properties of User1, select Use Kerberos DES encryption types for this
account.
D. From the properties of User1, select Store password using reversible encryption.
Answer: D
Explanation:
The Store password using reversible encryption policy setting provides support for
Applications that useprotocols that require the user's password for authentication. Storing
encrypted passwords in a way that isreversible means that the encrypted passwords can
be decrypted. A knowledgeable attacker who is able tobreak this encryption can then log
on to network resources by using the compromised account. For this reason,never enable
Store password using reversible encryption for all users in the domain unless
Applicationrequirements outweigh the need to protect password information.
If you use the Challenge Handshake Authentication Protocol (CHAP) through remote
access or InternetAuthentication Services (IAS), you must enable this policy setting. CHAP
is an authentication protocolthat is used by remote access and network connections. Digest
Authentication in Internet Information Services(IIS) also requires that you enable this policy
setting.
If your organization uses CHAP through remote access or IAS, or Digest Authentication in
IIS, you mustconfigure this policy setting to Enabled. This presents a security risk when you
App1y the setting through GroupPolicy on a user-by-user basis because it requires the
appropriate user account object to be opened in ActiveDirectory Users and Computers.
http://technet.microsoft.com/pt-pt/library/hh994559%28v=ws.10%29.aspx
Your network contains a Hyper-V host named Hyperv1 that runs Windows Server 2012.
Hyperv1 has a virtual switch named Switch1.
You replace all of the network adapters on Hyperv1 with new network adapters that support
single-root I/O virtualization (SR-IOV). You need to enable SR-IOV for all of the virtual
machines on Hyperv1.
Choose two.)
A. On each virtual machine, modify the Advanced Features settings of the network adapter.
B. Modify the settings of the Switch1 virtual switch.
C. Delete, and then recreate the Switch1 virtual switch.
D. On each virtual machine, modify the BIOS settings.
E. On each virtual machine, modify the Hardware Acceleration settings of the network
adapter.
Answer: C,E
Explanation: The first step when allowing a virtual machine to have connectivity to a
physical network is to create an external virtual switch using Virtual Switch Manager in
Hyper-V Manager. The additional step that is necessary when using SR-IOV is to ensure
the checkbox is checked when the virtual switch is being created. It is not possible to
change a non SR-IOV mode external virtual switch into an SR-IOV mode switch. The
choice must be made a switch creation time.
E: Once a virtual switch has been created, the next step is to configure a virtual machine.
SR-IOV in Windows Server 8 is supported on x64 editions of Windows 8 as a guest
operating system (as in Windows 8 Server, and Windows 8 client x64, but not x86
client). We have rearranged the settings for a virtual machine to introduce sub-nodes under
a network adapter, one of which is the hardware acceleration node. At the bottom is a
checkbox to enable SR-IOV.
Note:
* Steps:
/ SR-IOV must be enabled on virtual switch

/ Install additional network drivers in the guest OS
/ Enable SR-IOV within the VMs though Hyper-V Manager
* Single Root I/O Virtualization (SR-IOV) is a standard introduced by the PCI-SIG that owns
and manages PCI specifications as open industry standards.
SR-IOV enables network traffic to bypass the software switch layer of the Hyper-V
Virtualization stack to reduce the I/O overhead in this layer. It allows an SR-IOV virtual
function of a physical network adapter to be assigned directly to a virtual machine to
increase network throughput by reducing latency. Host CPU overhead also get reduced for
processing network traffic.
* The diagram below illustrates how SR-IOV allows virtual machines to directly address the
physical NIC.
Reference: Everything you wanted to know about SR-IOV in Hyper-V Part 5
Your network contains a server named Server1 that runs Windows Server 2012. Server1 is
a member of a workgroup.
You need to configure a local Group Policy on Server1 that will App1y only to non-
administrators.
A. Server Manager
B. Group Policy Management Editor
C. Group Policy Management
D. Group Policy Object Editor
Answer: D
Explanation:

contains a print server named Server1 that runs Windows Server 2012. Server1 contains a
local group named Group1.
You share a printer named Printer1 on Server1.
You need to configure Printer1 to meet the following requirements:
Ensure that the members of Group1, the Server Operators group, the
Administrators group, and the Print Operators group can send print jobs to
Printer1.
Prevent other users from sending print jobs to Printer1.
Choose two.)
A. Assign the Print permission to the Server Operators group

B. Remove the permissions for the Creator Owner group.
C. Remove the permissions for the Everyone group.
D. Assign the Print permission to Group1.
E. Assign the Print permission to the Administrators group.
Answer: C,D
Explanation: C: To prevent other users from sending print jobs to Printer1
D: To enable Group1 to send print jobs.
Note: The Server Operators group, the Administrators group, and the Print Operators group
are all built-in and already have permissions to send print jobs.
contains a server named Server1 that runs Windows Server 2012. Server1 contains a
virtual machine named VM1 that runs Windows Server 2012.
You need to ensure that a user named User1 can install Windows features on VM1. The
solution must minimize the number of permissions assigned to User1.
To which group should you add User1?
A. Administrators on VM1
B. Power Users on VM1
C. Hyper-V Administrators on Server1
D. Server Operators on Server1
Answer: A
Explanation:
In Windows Server 2012, the Server Manager console and Windows PowerShell
cmdlets for ServerManager allow installation of roles and features to local or remote
servers, or offline virtual hard disks (VHDs).
You can install multiple roles and features on a single remote server or offline VHD in a
single Add Roles andFeatures Wizard or Windows PowerShell session.
You must be logged on to a server as an administrator to install or uninstall roles, role

services, andfeatures. If you are logged on to the local computer with an account that does
not have administrator rights onyour target server, right-click the target server in the
Servers tile, and then click Manage As to provide anaccount that has administrator rights.
The server on which you want to mount an offline VHD must be added toServer Manager,
and you must have Administrator rights on that server.
contains a member server named LON-DC1. LON-DC1 runs Windows Server 2012 and
has the DHCP Server server role installed.
The network contains 100 client computers and 50 IP phones. The computers and the
phones are from the same vendor.
You create an IPv4 scope that contains addresses from 172.16.0.1 to 172.16.1.254.
You need to ensure that the IP phones receive IP addresses in the range of 172.16.1.100
to 172.16.1.200. The solution must minimize administrative effort.
A. Server level policies

B. Filters
C. Reservations
D. Scope level policies
Answer: A
Your network contains an Active Directory forest. The forest contains a single domain
named contoso.com. The domain contains four domain controllers. The domain controllers
are configured as shown in the following table.
You plan to deploy a new domain controller named DC5 in the contoso.com domain.
You need to identify which domain controller must be online to ensure that DC5 can be
promoted successfully to a domain controller.
Which domain controller should you identify?
A. DC1
B. DC2
C. DC3
D. DC4
Answer: C
contains a member server named HVServer1. HVServer1 runs Windows Server 2012 and
HVServer1 hosts two virtual machines named Server1 and Server2. Both virtual machines
connect to a virtual switch named Switch1.
On Server2, you install a network monitoring Application named App1.
You need to capture all of the inbound and outbound traffic to Server1 by using App1.
Which two commands should you run from Windows PowerShell? (Each correct answer
presents part of the solution. Choose two.)
A. Get-VM "Server2" | Set-VMNetworkAdapter -IovWeight 1
B. Get-VM "Server1" | Set-VMNetworkAdapter -Allow/Teaming On
C. Get-VM "Server1" | Set-VMNetworkAdapter -PortMirroring Source
D. Get-VM "Server2" | Set-VMNetworkAdapter -PortMirroring Destination
E. Get-VM "Server1" | Set-VMNetworkAdapter -IovWeight 0
F. Get-VM "Server2 | Set-VMNetworkAdapter-AllowTeaming On
Answer: C,D
Explanation: C: Catching the traffic from Server1
D: Catching the traffic to Server1.
Note:
* Get-VM
Gets the virtual machines from one or more Hyper-V hosts.
-ComputerName<String[]>
Specifies one or more Hyper-V hosts from which virtual machines are to be retrieved.
NetBIOS names, IP addresses, and fully-qualified domain names are allowable. The
default is the local computer use localhost or a dot (.) to specify the local computer
explicitly.
* Set-VMNetworkAdapter
Configures features of the virtual network adapter in a virtual machine or the management
operating system.
* -PortMirroring<VMNetworkAdapterPortMirroringMode>
Specifies the port mirroring mode for the network adapter to be configured. Allowed values
are None, Source, and Destination. If a virtual network adapter is configured as Source,
every packet it sends or receives is copied and forwarded to a virtual network adapter
configured to receive the packets. If a virtual network adapter is configured as Destination,
it receives copied packets from the source virtual network adapter. The source and
destination virtual network adapters must be connected to the same virtual switch. Specify
None to disable the feature.
Reference: Set-VMNetworkAdapter; Get-VM
http://technet.microsoft.com/en-us/library/hh848479%28v=wps.620%29.aspx
You have a server named Server 1. Server1 runs Windows Server 2012.
Server1 has a thin provisioned disk named Disk1.
You need to expand Disk1.
Choose two.)
A. From File and Storage Services, extend Disk1.

B. From File and Storage Services, add a physical disk to the storage pool.
C. From Disk Management, extend the volume.
D. From Disk Management, delete the volume, create a new volume, and then format the
volume.
E. From File and Storage Services, detach Disk1.
Answer: A,B
Explanation:
Step 1 (B): if required add physical disk capacity.
Step 2 (A): Dynamically extend the virtual disk (not volume).
Windows Server 2012 Storage Space subsystem now virtualizes storage by abstracting
multiple physical disksinto a logical construct with specified capacity. The process is to
group selected physical disks into a container,the so-called storage pool, such that the total
capacity collectively presented by those associated physicaldisks can appear and become
manageable as a single and seemingly continuous space. Subsequently astorage
administrator creates a virtual disk based on a storage pool, configure a storage layout
which isessentially a RAID level, and expose the storage of the virtual disk as a drive letter
or a mapped folder inWindows Explorer.
The system administrator uses File and Storage Services in Server Manager or the Disk
Management tool torescan the disk, bring the disk online, and extend the disk size.
http://blogs.technet.com/b/yungchou/archive/2012/08/31/windows-server-2012-storage-
virtualization-explained.aspx
A. A mirrored volume on Disk 1 and Disk 4

B. A storage pool on Disk 2 and Disk 3
C. A storage pool on Disk 1 and Disk 3
D. A mirrored volume on Disk 2 and Disk 3
Answer: D
You plan to deploy a DHCP server that will support four subnets. The subnets will be
You need to identify which network ID you should use for each subnet.
To answer, drag the appropriate network ID to the each subnet in the answer area.
Answer:
2012.
Server1 has the Hyper-V server role installed. Server2 has the Windows Deployment
Services server role installed.
On Server1, you have a virtual machine named VM1.
You plan to deploy an image to VM1 by using Windows Deployment Services (WDS).
You need to ensure that VM1 can connect to Server1 by using PXE.
Which settings should you configure on VM1?

Answer:
You need to identify whether the Company attribute replicates to the global catalog.
Which part of the Active Directory partition should you view?
To answer, select the appropriate Active Directory object in the answer area.
Answer:
following table.
You install a new server named Server1 that runs a Server Core Installation of Windows
Server 2012.
You need to join Server1 to the contoso.com domain.
The solution must minimize administrative effort.
A. the dsadd.exe command

B. the New-ADComputercmdlet
C. the djoin.exe command
D. the Add-Computer cmdlet
Answer: D
Explanation: A. Adds specific types of objects to the directory
B. Creates a new Active Directory computer.
C. Use djoin for offline join in the perimeter network .
You have a new server named Server1 that runs Windows Server 2012.
Server1 has two dual-core processors and 32 GB of RAM.

You install the Hyper-V server role on Server1.
You create two virtual machines on Server1 that each have 8 GB of memory.
You need to minimize the amount of time it takes for both virtual machines to access
memory.
What should you configure on each virtual machine?
A. Resource control
B. Dynamic Memory
C. NUMA topology
D. Memory weight
Answer: B
Explanation: * Dynamic Memory is a new Hyper-V feature that helps you use physical
memory more efficiently. With Dynamic Memory, Hyper-V treats memory as a shared
resource that can be reallocated automatically among running virtual machines. Dynamic
Memory adjusts the amount of memory available to a virtual machine, based on changes in
memory demand and values that you specify. Dynamic Memory is available for Hyper-V in
Windows Server 2008 R2 Service Pack 1 (SP1).
* Dynamic Memory helps you use memory resources more efficiently. Before this feature
was introduced, changing the amount of memory available to a virtual machine could be
done only when the virtual machine was turned off. With Dynamic Memory, Hyper-V can
provide a virtual machine with more or less memory dynamically in response to changes in
the amount of memory required by the workloads or Applications running in the virtual
machine. As a result, Hyper-V can distribute memory more efficiently among the running
virtual machines configured with Dynamic Memory. Depending on factors such as
workload, this efficiency can make it possible to run more virtual machines at the same
time on one physical computer.
Reference: Hyper-V Dynamic Memory Configuration Guide
Your network contains an Active Directory domain named contoso.com. Domain controllers
run either Windows Server 2008 R2 or Windows Server 2012. All client computers run
Windows 8.
All computer accounts are located in an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) that contains several App1ocker rules. You link
the GPO to OU1.
You need to ensure that the App1ocker rules App1y to all of the client computers.
What should you configure in the GPO?
To answer, select the appropriate service in the answer area.

Answer:
Technicians use Windows Deployment Services (WDS) to deploy Windows Server 2012.
The network contains a server named Server1 that runs Windows Server 2012. Server1
You need to ensure that you can use WDS to deploy Windows Server 2012 to a virtual
machine named VM1.
Which settings should you configure?

Answer:
contains a member server named Hyperv1 and a domain controller named DC1. Hyperv1
has the Hyper-V server role installed. DC1 is a virtual machine on Hyperv1.
Users report that the time on their client computer is incorrect.
You log on to DC1 and verify that the time services are configured correctly.
You need to prevent time conflicts between the time provided by DC1 and other potential
time sources.

To answer, select the appropriate object in the answer area.
Answer:
controllers currently run Windows Server 2008 R2.
You plan to install a new domain controller named DC4 that runs Windows Server 2012.
Schema master
You need to identify which configurations cannot be fulfilled by using the Active Directory
Domain Services Configuration Wizard.
A. Enable the global catalog server.
B. Install the Active Directory Certificate Services role.
C. Install the DNS Server role.
D. Transfer the schema master.
Answer: B,D
Explanation:
global catalogserver.
ADCS and Schema must be done separately.
contains a file server named Server2 that runs Windows Server 2012. 5erver2 contains a
shared folder named Home. Home contains the home folder of each user.
All users have the necessary permissions to access only their home folder.
A user named User1 opens the Home share as shown in the exhibit. (Click the Exhibit
button.)
You need to ensure that all users see only their own home folder when they access Home.
What should you do from Server2?
A. From Windows Explorer, modify the properties of Home.

B. From Server Manager, modify the properties of the volume that contains Home.
C. From Windows Explorer, modify the properties of the volume that contains Home.
D. From Server Manager, modify the properties of Home.
Answer: C
You have a server named Server1 that runs a Server Core Installation of Windows Server
2012 Datacenter.
You have a WIM file that contains the four images of Windows Server 2012 as shown in
the Images exhibit. (Click the Exhibit button.)
You review the installed features on Server1 as shown in the Features exhibit. (Click the
Exhibit button.)
You need to install the Server Graphical Shell feature on Server1.
Which two possible sources can you use to achieve this goal? (Each correct answer
presents a complete solution. Choose two.)
A. Index 1
B. Index 2
C. Index 3
D. Index 4
Answer: B,D
Explanation: Note:
When you install Windows Server 2012, you can choose between Server Core Installation
and Server with a GUI. The Server with a GUI option is the Windows Server 2012
equivalent of the Full installation option available in Windows Server 2008 R2. The Server
Core Installation option reduces the space required on disk, the potential attack surface,
and especially the servicing requirements, so we recommend that you choose the Server
Core installation unless you have a particular need for the additional user interface
elements and graphical management tools that are included in the Server with a GUI
option. For this reason, the Server Core installation is now the default. Because you can
freely switch between these options at any time later, one approach might be to initially
install the Server with a GUI option, use the graphical tools to configure the server, and
then later switch to the Server Core Installation option.
Reference: Windows Server Installation Options
contains 20 computer accounts that reside in an organizational unit (OU) named OU1.
A Group Policy object (GPO) named GPO1 is linked to OU1. GPO1 is used to assign
several user rights to a user named User1.
In the Users container, you create a new user named User2.
You need to ensure that User2 is assigned the same user rights as User1 on all of the
client computers in OU1.
What should you do?
A. Move User2 to OU1.

B. Modify the settings in GPO1.
C. Modify the link of GPO1.
D. Link a WMI filter to GPO1.
Answer: B
Windows Server 2012. The domain contains a member server named Server1. Server1
has the File Server server role installed.
On Server1, you create a share named Documents. The Documents share will contain the
files and folders of all users.
You need to ensure that when the users connect to Documents, they only see the files to
which they have access.
What should you do?
A. Modify the NTFS permissions.

B. Modify the Share permissions.
C. Enable access-based enumeration.
D. Configure Dynamic Access Control.
Answer: C
Explanation:
Access-based Enumeration is a new feature included with Windows Server 2003 Service
Pack 1. This featureallows users of Windows Server 2003based file servers to list only the
files and folders to which they haveaccess when browsing content on the file server. This
eliminates user confusion that can be caused whenusers connect to a file server and
encounter a large number of files and folders that they cannot access.Access-based
Enumeration filters the list of available files and folders on a server to include only those
that therequesting user has access to.
This change is important because this allows users to see only those files and directories
that they haveaccess to and nothing else. This mitigates the scenario where unauthorized
users might otherwise be able tosee the contents of a directory even though they dont
have access to it.
Access-Based Enumeration (ABE) can be enabled at the Share properties through Server
Manager.

After implementation instead of seeing all folder including the ones the user does not have
access to:
User will have access just to the folder where has rights to:

If a user with full access browses the same folder it will show all 5230 folders.
http://technet.microsoft.com/pt-pt/library/dd772681%28v=ws.10%29.aspx
Your network contains two subnets. The subnets are configured as shown in the following
table.
You have a server named Server1 that runs Windows Server 2012. Server1 is connected
to LAN1.
You run the route print command as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that Server1 can communicate with the client computers on LAN2.
What should you do?
A. Change the default gateway address.

B. Set the state of the Teredo interface to disable.
C. Change the metric of the 10.10.1.0 route.
D. Set the state of the Microsoft ISATAP Adapter #2 interface to disable.
Answer: A
Explanation:
In general, the first and last addresses in a subnet are used as the network identifier and
broadcast address,respectively. All other addresses in the subnet can be assigned to hosts
on that subnet.
For example, IP addresses of networks with subnet masks of at least 24 bits ending in .0 or
.255 can never beassigned to hosts. Such "last" addresses of a subnet are considered
"broadcast" addresses and all hosts onthe corresponding subnet will respond to it.
Theoretically, there could be situations where you can assign an address ending in .0: for
example, if you havea subnet like 192.168.0.0/255.255.0.0, you are allowed to assign a
host the address 192.168.1.0. It couldcreate confusion though, so it's not a very common
practice.
Example10.6.43.0 with subnet 255.255.252.0 (22 bit subnet mask) means subnet ID
10.6.40.0, a host address range from 10.6.40.1 to 10.6.43.254 and a broadcast
address10.6.43.255. So in theory, your example 10.6.43.0 would be allowed as a valid host
address.
The default gateway address should not end in .0 with the /24 address
http://tools.ietf.org/html/rfc4632
http://en.wikipedia.org/wiki/IPv4#Addresses_ending_in_0_or_255
You have a starter Group Policy object (GPO) named GPO1 that contains more than 100
settings.
You need to create a new starter GPO based on the settings in GPO1. You must achieve
this goal by using the minimum amount of administrative effort.
What should you do?
A. Run the New-GPStarterGPOcmdlet and the Copy-GPO cmdlet.

B. Create a new starter GPO and manually configure the policy settings of the starter GPO.
C. Right-click GPO1, and then click Back Up. Create a new starter GPO. Right-click the
new GPO, and then click Restore from Backup.
D. Right-click GPO1, and then click Copy. Right-click Starter GPOs, and then click Paste.
Answer: D
contains a member server named Server1. Server1 runs Windows Server 2012 and has
the DHCP Server server role installed.
You create two IPv4 scopes on Server1. The scopes are configured as shown in the
following table.
The DHCP clients in Subnet1 can connect to the client computers in Subnet2 by using an
IP address or a FQDN.
You discover that the DHCP clients in Subnet2 can connect to client computers in Subnet1
by using an IP address only.
You need to ensure that the DHCP clients in both subnets can connect to any other DHCP
client by using a FQDN.
What should you add?
A. The 006 DNS Servers option to Subnet2

B. The 015 DNS Domain Name option to Subnet1
C. The 006 DNS Servers option to Subnet1
D. The 015 DNS Domain Name option to Subnet2
Answer: D
Explanation:
To enable DNS on the network, you need to configure DNS clients and servers.
When you configure DNS clients, you tell the clients the IP addresses of DNS servers on
the network. Usingthese addresses, clients can communicate with DNS servers anywhere
on the network, even if the servers areon different subnets.
When the network uses DHCP, you should configure DHCP to work with DNS. To do this,
you need to set theDHCP scope options 006 DNS Servers and 015 DNS Domain Name.
Issue: The DNS domain option (option 15) is not configured for one or more scopes.
Impact: DHCP IPv4 clients will not be provided with a DNS domain and will not be able to
resolve names.
Resolution:
Configure a DNS domain option as a server or scope option using the DHCP MMC.
Dynamic Host Configuration Protocol (DHCP) uses options to pass additional Internet
Protocol (IP) settings toDHCP clients on a network.
Examples of DHCP options include: The default gateway IP address, The Domain Name
System (DNS) serverIP address
The DNS domain name
Membership in the Administrators or DHCP Administrators group is the minimum required
to complete thisprocedure.
To configure DNS server as a scope option or server option
1. Click Start, point to Administrative Tools and then click DHCP.
2. In the console tree, expand the App1icable DHCP server, expand IPv4, and then right-
click Server Options
3. Click Configure Options, check 015 DNS Domain Name, type the App1icable domain
name in String value:,and then click OK.
http://technet.microsoft.com/en-us/library/dd572752%28v=office.13%29.aspx
On Server1, you create a printer named Printer1. You share Printer1 and publish Printer1
in Active Directory.
You need to provide a group named Group1 with the ability to manage Printer1.
What should you do?
A. From Devices and Printers, configure the Sharing settings of Printer1.

B. From Print Management, configure the Sharing settings of Printer1.
C. From Print Management, configure the Security settings of Printer1.
D. From Devices and Printers, configure the Advanced settings of Printer1.
Answer: C
Explanation: Set permissions for print servers
Open Print Management.
In the left pane, clickPrint Servers, right-click the App1icable print server and then
clickProperties.
On theSecuritytab, underGroup or users names, click a user or group for which
you want to set permissions.
UnderPermissions for <user or group name>, select theAlloworDenycheck boxes
for the permissions listed as needed.
To editSpecial permissions, clickAdvanced.
On thePermissionstab, click a user group, and then clickEdit.
In thePermission Entrydialog box, select theAlloworDenycheck boxes for the
permissions that you want to edit.
Note:
*
Reference: Set Permissions for Print Servers
contains two servers named Server1 and Server2.
Server1 runs Windows Server 2012. Server2 runs Windows Server 2008 R2 Service Pack
1 (SP1) and has the DHCP Server server role installed.
A. From Server Manager on Server2, enable Windows Remote Management.

B. From a command prompt on Server2, run winrm.exe.
C. From Server Manager on Server1, install a feature.
D. From the Microsoft Management Console on Server1, add a snap-in.
Answer: A
Explanation: How do you enable remote management.
Assuming the remote server is all set up and prepared to enter production, first, open
Server Manager on the remote server.
Click on the "Configure Server Manager for Remote Management" link.
Select the "Enable remote management of this server from other computers".
Click "Ok".
Note:
* You can use Server Manager to manage remote servers that are running Windows
Server 2008 and Windows Server 2008 R2, but the following updates are required to fully
manage these older operating systems.
/ Windows Management Framework 3.0
/ Performance Updates
* Windows Server 2008 R2, unlike Windows Server 2008 RTM, has a nice feature that
allows you to remotely manage it, from another server or from a Windows 7 workstation, by
using Server Manager.
* The tasks that you can perform remotely by using Server Manager include:
View Windows automatic updating status

Run Best Practices Analyzer scans on roles.
View or change Windows Firewall information
View and manage roles
Manage installed services roles
View Internet Explorer Advanced Security Configuration settings (IE ESC)
Configure Windows Error Reporting
View or change Windows Customer Experience Improvement Program (CEIP) status
Reference: Configure Remote Management in Server Manager
computers.

B. Create a stub zone named "root".
C. Create a primary zone named ".".
D. Create a primary zone named "GlobalNames".
Answer: B
Explanation: When a zone that this DNS server hosts is a stub zone, this DNS server is a
source only for information about the authoritative name servers for this zone. The zone at
this server must be obtained from another DNS server that hosts the zone. This DNS
server must have network access to the remote DNS server to copy the authoritative name
server information about the zone.
Note:
You can use stub zones to:
* Keep delegated zone information current. By updating a stub zone for one of its child
zones regularly, the DNS server that hosts both the parent zone and the stub zone will
maintain a current list of authoritative DNS servers for the child zone.
* Improve name resolution. Stub zones enable a DNS server to perform recursion using the
stub zone's list of name servers, without having to query the Internet or an internal root
server for the DNS namespace.
* Simplify DNS administration. By using stub zones throughout your DNS infrastructure,
you can distribute a list of the authoritative DNS servers for a zone without using secondary
zones. However, stub zones do not serve the same purpose as secondary zones, and they
are not an alternative for enhancing redundancy and load sharing.
Incorrect:
Not D:
* The DNS Server Role in Windows Server 2008 now supports the GlobalNames Zone.
This has been introduced to assist organizations to move away from WINS and allow
organizations to move to an all-DNS environment. Unlike WINS, The GlobalNames zone is
not intended to be used for peer-to-peer name resolution.
Reference: Understanding Zone Types

2012. Server1 is a DHCP server that is configured to have a scope named Scope1.
In Scope1, you create a reservation named Res_Server2 for Server2.
A technician replaces the network adapter on Server2.
You need to ensure that Server2 can obtain the same IP address.
What should you modify on Server1?
A. The Advanced settings of Res_Server2

B. The MAC address of Res Server2
C. The Network Access Protection Settings of Scope1
D. The Name Protection settings of Scope1
Answer: B
Explanation:
For clients that require a constant IP address, you can either manually configure a static IP
address, or assigna reservation on the DHCP server.
Reservations are permanent lease assignments that are used to ensure that a specified
client on a subnet canalways use the same IP address.
You can use DHCP reservations for hosts that require a consistent IP address, but do not
need to be staticallyconfigured.
DHCP reservations provide a mechanism by which IP addresses may be permanently

assigned to aspecific client based on the MAC address of that client.
The MAC address of a Windows client can be found running the ipconfig /all command. For
Linux systems thecorresponding command is ifconfig -a.
Once the MAC address has been identified, the reservation may be configured using either
the DHCP consoleor at the command prompt using the netsh tool.
An organizational unit (OU) named OU1 contains the user accounts and the computer
accounts for laptops and desktop computers.
A Group Policy object (GPO) named GP1 is linked to OU1.
You need to ensure that the configuration settings in GP1 are App1ied only to the laptops
in OU1.
The solution must ensure that GP1 is App1ied automatically to new laptops that are added
to OU1.
What should you do?
A. Modify the GPO Status of GP1.

B. Configure the WMI Filter of GP1.
C. Modify the security settings of GP1.
D. Modify the security settings of OU1.
Answer: B
Explanation:
WMI filtering
Windows Management Instrumentation (WMI) filters allow you to dynamically determine
the scope of GroupPolicy objects (GPOs) based on attributes of the target computer. When
a GPO that is linked to a WMI filter isApp1ied on the target computer, the filter is evaluated
on the target computer. If the WMI filter evaluates tofalse, the GPO is not App1ied (except
if the client computer is running Windows Server, in which case the filteris ignored and the
GPO is always App1ied). If the WMI filter evaluates to true, the GPO is App1ied.
Reference: WMI filtering using GPMC
Windows Management Instrumentation (WMI) filters allow you to dynamically determine

the scope of GroupPolicy objects (GPOs) based on attributes of the target computer. When
a GPO that is linked to a WMI filter isApp1ied on the target computer, the filter is evaluated
on the target computer.
If the WMI filter evaluates to false, the GPO is not App1ied (except if the client computer is
running WindowsServer, in which case the filter is ignored and the GPO is always
App1ied). If the WMI filter evaluates to true, theGPO is App1ied. WMI filters, like GPOs, are
stored on a per-domain basis. A WMI filter and the GPO it is linkedto must be in the same
domain.

Select * from Win32_PhysicalMemory where FormFactor = 12
Your network contains an Active Directory domain named contoso.com. All client computer
accounts are in an organizational unit (OU) named AllComputers. Client computers run
either Windows 7 or Windows 8.
You create a Group Policy object (GPO) named GP1.
You link GP1 to the AllComputers OU.
You need to ensure that GP1 App1ies only to computers that have more than 8 GB of
memory.
A. The Security settings of AllComputers

B. The Security settings of GP1
C. The WMI filter for GP1
D. The Block Inheritance option for AllComputers
Answer: C
contains two servers named Server1 and Server2.
Server1 runs Windows Server 2012. Server2 runs Windows Server 2008 R2 Service Pack
1 (SP1) and has the DHCP Server server role installed.
A. From Windows Firewall with Advanced Security on Server2, create an inbound rule.
B. From Internet Explorer on Server2, download and install Windows Management
Framework 3.0.
C. From Server Manager on Server1, install a feature.
D. From Windows PowerShell on Server2, run Enable PSRemoting.
Answer: D
Explanation: The Enable-PSRemotingcmdlet configures the computer to receive
Windows PowerShell remote commands that are sent by using the WS-Management
technology.
On Windows Server 2012, Windows PowerShell remoting is enabled by default. You can
use Enable-PSRemoting to enable Windows PowerShell remoting on other supported
versions of Windows and to re-enable remoting on Windows Server 2012 if it becomes
disabled.
You need to run this command only once on each computer that will receive commands.
You do not need to run it on computers that only send commands. Because the
configuration activates listeners, it is prudent to run it only where it is needed.
Note: (not B)
You can use Server Manager to manage remote servers that are running Windows Server
2008 and Windows Server 2008 R2, but the following updates are required to fully manage
these older operating systems.
Reference: Enable-PSRemoting
computers.
A. Create a zone delegation for GlobalNames.contoso.com.

C. Create a stub zone named "root".
D. Create a primary zone named "root".
Answer: C
Note:
Incorrect:
Not A:
You need to configure storage for a virtual machine to meet the following requirements:
Support up to 3 TB of data on a single hard disk.

Allocate disk space as needed.
Use a portable storage format.
A. A pass-through disk
B. A fixed-size VHD
C. A dynamically expanding VHD
D. A fixed-size VHDX
E. A dynamically expanding VHDX
Answer: E
You have a virtual machine named VM1.
You install Windows Server 2012 on VM1.
You plan to use VM1 as an image that will be distributed to sales users to demonstrate the
features of a custom Application. The custom Application only requires the Web Server
(IIS) server role to be installed.
You need to ensure that the VHD file for VM1 only contains the required Windows Server
2012 source files.
A. dism.exe
B. ocsetup.exe
C. imagex.exe
D. servermanagercmd.exe
Answer: A
contains a member server named HVServer1. HVServer1 runs Windows Server 2012 and
HVServer1 hosts 10 virtual machines. All of the virtual machines connect to a virtual switch
named Switch1. Switch1 is configured as a private network. All of the virtual machines
have the DHCP guard and the router guard settings enabled.
You install the DHCP server role on a virtual machine named Server 1. You authorize
Server1 as a DHCP server in contoso.com. You create an IP scope.
You discover that the virtual machines connected to Switch1 do not receive IP settings
from Server1.
You need to ensure that the virtual machines can use Server1 as a DHCP server.
What should you do?
A. Enable MAC address spoofing on Server1.

B. Disable the DHCP guard on all of the virtual machines that are DHCP clients.
C. Disable the DHCP guard on Server1.
D. Enable single-root I/O virtualization (SR-IOV) on Server1.
Answer: D
Explanation:
virtualization stack. Becausethe VF is assigned to a child partition, the network traffic flows
directly between the VF and child partition. As aresult, the I/O overhead in the software
emulation layer is diminished and achieves network performance that isnearly the same
performance as in nonvirtualized environments.
You create an account for a temporary employee named User1.
You need to ensure that User1 can log on to the domain only between 08:00 and 18:00
from a client computer named Computer1.
From which tab should you perform the configuration?
To answer, select the appropriate tab in the answer area.

Answer:
contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-
V server role installed. Server1 has a virtual switch named RDS Virtual.
You replace all of the network adapters on Server1 with new network adapters that support
single-root I/O virtualization (SR-IOV).
You need to enable SR-IOV for all of the virtual machines on Server1.
Choose two.)
A. On each virtual machine, modify the Advanced Features settings of the network adapter.
B. Modify the settings of the RDS Virtual virtual switch.
C. On each virtual machine, modify the BIOS settings.
D. Delete, and then recreate the RDS Virtual virtual switch.
E. On each virtual machine, modify the Hardware Acceleration settings of the network
adapter.
Answer: D,E
Explanation: The first step when allowing a virtual machine to have connectivity to a
physical network is to create an external virtual switch using Virtual Switch Manager in
Hyper-V Manager. The additional step that is necessary when using SR-IOV is to ensure
the checkbox is checked when the virtual switch is being created. It is not possible to
change a non SR-IOV mode external virtual switch into an SR-IOV mode switch. The
choice must be made a switch creation time .
E: Once a virtual switch has been created, the next step is to configure a virtual machine.
SR-IOV in Windows Server 8 is supported on x64 editions of Windows 8 as a guest
operating system (as in Windows 8 Server, and Windows 8 client x64, but not x86
client). We have rearranged the settings for a virtual machine to introduce sub-nodes under
a network adapter, one of which is the hardware acceleration node. At the bottom is a
checkbox to enable SR-IOV.
Note:
* Steps:
/ SR-IOV must be enabled on virtual switch

/ Install additional network drivers in the guest OS
/ Enable SR-IOV within the VMs though Hyper-V Manager
* Single Root I/O Virtualization (SR-IOV) is a standard introduced by the PCI-SIG that owns
and manages PCI specifications as open industry standards.
Virtualization stack to reduce the I/O overhead in this layer. It allows an SR-IOV virtual
function of a physical network adapter to be assigned directly to a virtual machine to
increase network throughput by reducing latency. Host CPU overhead also get reduced for
processing network traffic.
* The diagram below illustrates how SR-IOV allows virtual machines to directly address the
physical NIC.
Reference: Everything you wanted to know about SR-IOV in Hyper-V Part 5
You have a server named Server1 that runs a Server Core Installation of Windows Server
2012.
You attach a 4-TB disk to Server1. The disk is configured as an MBR disk.
You need to ensure that you can create a 4-TB volume on the disk.
Which Diskpart command should you use?
A. Automount
B. Convert
C. Expand
D. Attach
Answer: B
Explanation:
You can use Diskpart to convert a basic disk to a dynamic disk. The basic disk can either
be empty or containeither primary partitions or logical drives. The basic disk can be a data
disk or system or boot drive.
A MBR file structure is only capable of 2TB maximum. The disk will have to be converted to
a GPT filestructure. GPT is capable of 18 exabytes volumes.
Convert gpt - Converts an empty basic disk with the master boot record (MBR) partition
style into a basic diskwith the GUID partition table (GPT) partition style.
The disk may be a basic or a dynamic disk but it must not contain any valid data partitions
or volumes.

You have a server named Server1. Server1 runs Windows Server 2012 and has the
Windows Deployment Services (WDS) server role installed.
You install the DHCP Server server role on Server1.
You need to ensure that Server1 can respond to DHCP clients and WDS clients.
What should you configure for the DHCP service and the WDS service?
To answer, configure the appropriate options in the answer area.

Answer:
contains two servers named Server1 and Server2. Server1 runs Windows Server 2012.
Server2 runs Windows Server 2008 R2 Service Pack 1 (SP1) and has the DHCP Server
A. From Internet Explorer on Server2, download and install Windows Management

Framework 3.0.
B. From the Microsoft Management Console on Server1, add a snap-in.
C. From Windows PowerShell on Server1, run Install-Windows Feature.
D. From Server Manager on Server2, enable Windows Remote Management.
Answer: D
Explanation: How do you enable remote management:
Assuming the remote server is all set up and prepared to enter production, first,
open Server Manager on the remote server.
Click on the "Configure Server Manager for Remote Management" link.
Select the "Enable remote management of this server from other computers".
Click "Ok".
Note:
* You can use Server Manager to manage remote servers that are running Windows
Server 2008 and Windows Server 2008 R2, but the following updates are required to fully
manage these older operating systems.
* Windows Server 2008 R2, unlike Windows Server 2008 RTM, has a nice feature that
allows you to remotely manage it, from another server or from a Windows 7 workstation, by
using Server Manager.
* The tasks that you can perform remotely by using Server Manager include:
View Windows automatic updating status

Run Best Practices Analyzer scans on roles.
View or change Windows Firewall information
View and manage roles
Manage installed services roles
View Internet Explorer Advanced Security Configuration settings (IE ESC)
Configure Windows Error Reporting
View or change Windows Customer Experience Improvement Program (CEIP) status
You need to create 3-TB virtual hard disk (VHD) on Server1.
A. Server Manager
B. Diskpart
C. New-StoragePool
D. New-VirtualDisk
Answer: D
Explanation: The New-VirtualDisk command creates a new virtual disk in the specified
storage pool.
On Server1, you create and start a virtual machine named VM1. VM1 is configured as
shown in the following table.
You plan to create a snapshot of VM1.
You need to recommend a solution to minimize the amount of disk space used for the
snapshot of VM1.
What should you do before you create the snapshot?
A. Run the Stop-VM cmdlet.

B. Run the Convert-VHD cmdlet.
C. Decrease the Maximum RAM
D. Decrease the Minimum RAM.
Answer: C
Explanation: Reducing the available RAM for the VM would reduce the size of the
snapshot.
Note:
* A disk snapshot is a copy of the virtual machine disk file at a certain point in time. It
preserves the disk file system and system memory of your virtual machine by enabling you
to revert to the snapshot in case something goes wrong.
* Each snapshot consists of the following files:
Configuration file - An XML file containing the current configuration settings of the virtual
machine.
Saved state file - A .vsv file containing virtual machine state information.
Differencing disk image file - A .avhd differencing disk.
Memory image file - A .bin file containing an image of the virtual machine's memory at the
point the snapshot was taken.
Incorrect:
Not D: Convert-VHD
Converts the format, version type, and block size of a virtual hard disk file
You have a server named Server1 that runs a Server Core installation of Windows Server
2012.
Server1 is configured to obtain an IPv4 address by using DHCP.
You need to configure the IPv4 settings of the network connection on Server1 as follows:
IP address: 10.1.1.1
Subnet mask: 255.255.240.0
Default gateway: 10.1.1.254
What should you run?
A. netsh.exe
B. netcfg.exe
C. msconfig.exe
D. ipconfig.exe
Answer: A
Explanation: In order to configure TCP/IP settings such as the IP address, Subnet Mask,
Default Gateway, DNS and WINS addresses and many other options you can use
Netsh.exe.
Incorrect:
not D: Windows Server 2012 Core still has IPCONFIG.EXE that can be used to view the IP
configuration. Modern servers typically come with several network interface ports. This
causes IPCONFIG.EXE to scroll off the screen when viewing its output. Consider piping the
output if IPCONFIG.EXE to a file and view it with Notepad.exe.
controllers run Windows Server 2012.
You create and enforce the default App1ocker executable rules.
Users report that they can no longer execute a legacy Application installed in the root of
drive C.
You need to ensure that the users can execute the legacy Application.
What should you do?
A. Modify the action of the existing rules.

B. Create a new rule.
C. Add an exception to the existing rules.
D. Delete an existing rule.
Answer: B
Explanation:
App1ocker is a feature that advances the functionality of the Software Restriction Policies
feature.
App1ocker contains new capabilities and extensions that reduce administrative overhead
and helpadministrators control how users can access and use files, such as executable
files, scripts, Windows Installerfiles, and DLLs. By using App1ocker, you can:
Define rules based on file attributes that persist across Application updates, such as the
publisher name(derived from the digital signature), product name, file name, and file
version. You can also create rulesbased on the file path and hash.
Assign a rule to a security group or an individual user.
Create exceptions to rules. For example, you can create a rule that allows all users to run
all Windowsbinaries except the Registry Editor (Regedit.exe).
Use audit-only mode to deploy the policy and understand its impact before enforcing it.
Create rules on a staging server, test them, export them to your production environment,
and then importthem into a Group Policy Object.
Simplify creating and managing App1ocker rules by using Windows PowerShell cmdlets for
App1ocker.
App1ocker default rules
App1ocker allows you to generate default rules for each of the rule types.
Executable default rule types:
Allow members of the local Administrators group to run all Applications.
Allow members of the Everyone group to run Applications that are located in the Windows
folder.
Allow members of the Everyone group to run Applications that are located in the Program
Filesfolder.
Windows Installer default rule types:

Allow members of the local Administrators group to run all Windows Installer files.
Allow members of the Everyone group to run digitally signed Windows Installer files.
Allow members of the Everyone group to run all Windows Installer files located in the
Windows\Installerfolder.
Script default rule types:

Allow members of the local Administrators group to run all scripts.
Allow members of the Everyone group to run scripts located in the Program Files folder.
Allow members of the Everyone group to run scripts located in the Windows folder.
DLL default rule types:( this on can affect system performance )
Allow members of the local Administrators group to run all DLLs.
Allow members of the Everyone group to run DLLs located in the Program Files folder.
Allow members of the Everyone group to run DLLs located in the Windows folder.
You can App1y App1ocker rules to individual users or to a group of users. If you App1y a
rule to a group ofusers, all users in that group are affected by that rule. If you need to allow
a subset of a user group to use anApplication, you can create a special rule for that subset.
For example, the rule "Allow Everyone to runWindows except Registry Editor" allows
everyone in the organization to run the Windows operating system, butit does not allow
anyone to run Registry Editor.
The effect of this rule would prevent users such as Help Desk personnel from running a
program that isnecessary for their support tasks. To resolve this problem, create a second
rule that App1ies to the HelpDesk user group: "Allow Help Desk to run Registry Editor." If
you create a deny rule that does not allow anyusers to run Registry Editor, the deny rule
will override the second rule that allows the Help Desk user group torun Registry Editor.
http://technet.microsoft.com/library/hh831440.aspx
http://technet.microsoft.com/de-de/library/hh994621.aspx
You have two servers named Server1 and Server2. Both servers run Windows Server
2012. The servers are configured as shown in the following table.
The routing table for Server1 is shown in the Routing Table exhibit. (Click the Exhibit
button.)
From Server1, you attempt to ping Server2, but you receive an error message as shown in
the Error exhibit. (Click the Exhibit button.)
You need to ensure that you can successfully ping Server2 from Server1.
A. Disable Windows Firewall.

B. Modify the default gateway settings.
C. Modify the DNS settings.
D. Modify the subnet mask.
Answer: B
Explanation:
Route is used to view and modify the IP routing table.
Route Print displays a list of current routes that the host knows.
Default gateways are important to make IP routing work efficiently.
TCP/IP hosts rely on default gateways for most of their communication needs with hosts on
remote networksegments. In this way, individual hosts are freed of the burden of having to
maintain extensive andcontinuously updated knowledge about individual remote IP network
segments. Only the router that acts as thedefault gateway needs to maintain this level of
routing knowledge to reach other remote network segments inthe larger internetwork.
In order for Host A on Network 1 to communicate with Host B on Network 2, Host A first
checks its routing tableto see if a specific route to Host B exists. If there is no specific route
to Host B, Host A forwards its TCP/IPtraffic for Host B to its own default gateway, IP Router
1.

table.
to LAN1.
What should you do?
A. Change the metric of the 10.10.1.0 route.

B. Set the state of the Teredo interface to disable.
C. Set the state of the Microsoft ISATAP Adapter #2 interface to disable.
D. Run route delete 172.23.2.0.
Answer: D
Explanation:
Route is used to view and modify the IP routing table.
Route Print displays a list of current routes that the host knows.
Default gateways are important to make IP routing work efficiently.
TCP/IP hosts rely on default gateways for most of their communication needs with hosts on
remote networksegments. In this way, individual hosts are freed of the burden of having to
maintain extensive andcontinuously updated knowledge about individual remote IP network
segments. Only the router that acts as thedefault gateway needs to maintain this level of
routing knowledge to reach other remote network segments inthe larger internetwork.
If the default gateway fails, communication beyond the local network segment may be
impaired. To preventthis, you can use the Advanced TCP/IP Settings dialog box (in
Network Connections) for each connection tospecify multiple default gateways. You can
also use the route command to manually add routes to therouting table for heavily used
hosts or networksIf you have multiple interfaces and you configure a default gateway for
each interface, TCP/IP by defaultautomatically calculates an interface metric that is based
on the speed of the interface. The interface metricbecomes the metric of the default route
in the routing table for the configured default gateway. The interfacewith the highest speed
has the lowest metric for its default route. The result is that whenever multiple
defaultgateways are configured on multiple interfaces, the fastest interface will be used to
forward traffic to its defaultgateway.
If multiple interfaces of the same speed have the same lowest interface metric, then, based
upon the bindingorder, the default gateway of the first network adapter is used. The default
gateway for the second networkadapter is used when the first is unavailable.
In order for Host A on Network 1 to communicate with Host B on Network 2, Host A first
checks its routing tableto see if a specific route to Host B exists. If there is no specific route
to Host B, Host A forwards its TCP/IPtraffic for Host B to its own default gateway, IP Router
1.
contains a file server named Server1 that runs Windows Server 2012. Server1 contains a
shared folder named Share1. Share1 contains the home folder of each user.
All users have the necessary permissions to access only their home folder.
The users report that when they access Share1, they can see the home folders of all the
users.
You need to ensure that the users see only their home folder when they access Share1.
What should you do from Server1?
A. From Windows Explorer, modify the properties of the volume that contains Share1.
B. From Server Manager, modify the properties of the volume that contains Share1.
C. From Server Manager, modify the properties of Share1.
D. From Windows Explorer, modify the properties of Share1.
Answer: C
contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-
V server role installed. The domain contains a virtual machine named VM1.
A developer wants to attach a debugger to VM1.
You need to ensure that the developer can connect to VM1 by using a named pipe.
Which virtual machine setting should you configure?
A. Network Adapter
B. BIOS
C. Processor
D. COM 1
Answer: D
Explanation:
Named pipe. This option connects the virtual serial port to a Windows named pipe on the
host operatingsystem or a computer on the network. A named pipe is a portion of memory
that can be used by one processto pass information to another process, so that the output
of one is the input of the other. The second processcan be local (on the same computer as
the first) or remote (on a networked computer). For example, a localnamed pipe path could
be \\.\pipe\mypipename.
Named pipes can be used to create a virtual null modem cable between two virtual
machines, or between avirtual machine and a debugging program on the host operating
system that supports the use of named pipes.
By connecting two virtual serial ports to the same named pipe, you can create a virtual null
modem cableconnection. Named pipes are useful for debugging or for any program that
requires a null modem connection.
http://blogs.msdn.com/b/ntdebugging/archive/2011/12/30/configuring-a-hyper-v-vm-for-
kernel-debugging.aspx
Your company hires 500 temporary employees for the summer.
The human resources department gives you a Microsoft Excel document that contains a list
of the temporary employees.
You need to automate the creation of user accounts for the 500 temporary employees.

A. The Add-Member cmdlet
B. ADSI Edit
C. The csvde.exe command
D. Active Directory Users and Computers
Answer: C
Explanation:
Csvde.exe is the best option to add multiple users. as you just need to export the excel
spreadsheet as a csvfile and make sure the parameters are correct.
You can use Csvde to import and export Active Directory data that uses the comma-
separated valueformat. Use a spreadsheet program such as Microsoft Excel to open this
.csv file and view the header andvalue information.
In an isolated test environment, you deploy a server named Server1 that runs a Server
Core Installation of Windows Server 2012. The test environment does not have Active
Directory Domain Services (AD DS) installed.
You install the Active Directory Domain Services server role on Server1.
You need to configure Server1 as a domain controller.
Which cmdlet should you run?

A. Install-ADDSDomainController
B. Install-ADDSDomatn
C. Install-ADDSForest
D. Install-WindowsFeature
Answer: C
Explanation:
Install-ADDSDomainController - Installs a domain controller in Active Directory.
Install-ADDSDomain - Installs a new Active Directory domain configuration.
Install-ADDSForest - Installs a new Active Directory forest configuration.
Install-WindowsFeature - Installs one or more Windows Server roles, role services, or
features on either thelocal or a specified remote server that is running Windows Server
2012. This cmdlet is equivalent to andreplaces Add-WindowsFeature, the cmdlet that was
used to install roles, role services, and features.
C:\PS>Install-ADDSForest -DomainName corp.contoso.com -CreateDNSDelegation -
DomainMode Win2008 -
ForestMode Win2008R2 -DatabasePath "d:\NTDS" -SysvolPath "d:\SYSVOL" -LogPath
"e:\Logs"Installs a new forest named corp.contoso.com, creates a DNS delegation in the
contoso.com domain, setsdomain functional level to Windows Server 2008 R2 and sets
forest functional level to Windows Server 2008,installs the Active Directory database and
SYSVOL on the D:\ drive, installs the log files on the E:\ drive andhas the server
automatically restart after AD DS installation is complete and prompts the user to provide
andconfirm the Directory Services Restore Mode (DSRM) password.
contains an organizational unit (OU) named 0U1.
You need to ensure that when new client computers join the domain, their computer
accounts are created in OU1 by default.
What should you do?
A. From a command prompt, run the redircmp.exe command.

B. From Windows PowerShell, run the Move-ADObjectcmdlet.
C. From Ldp, configure the properties of the Computers container.
D. From ADSI Edit, configure the properties of the OU1 object.
Answer: A
You are configuring a test network. The test network contains a subnet named LAN1. LAN1
uses the network ID of 10.10.1.0/27.
You plan to add a new subnet named LAN2 to the test network.
LAN1 and LAN2 will be connected by a router.
You need to identify a valid network ID for LAN2 that meets the following requirements:
Ensures that hosts on LAN2 can communicate with hosts on LAN1.

Supports at least 100 IPv4 hosts.
Uses only private IP addresses.
Which network ID should you use?
To answer, drag the appropriate network ID and subnet mask to the correct location in the
answer area.
Answer:

You have a server named Server1. Server1 runs Windows Server 2012. A user named
Admin1 is a member of the local Administrators group.
You need to ensure that Admin1 receives a User Account Control (UAC) prompt when
attempting to open Windows PowerShell as an administrator.
Which setting should you modify from the Local Group Policy Editor? To answer, select the
appropriate setting in the answer area.
Answer:
You have a Hyper-V host named HYPERV1. HYPERV1 hosts a virtual machine named
DC1.
You need to prevent the clock on DC1 from synchronizing from the clock on HYPERV1.
What should you configure? To answer, select the appropriate object in the answer area.
Answer:
Your network contains a subnet named Subnet1. Subnet1 contains a DHCP server named
Server1.
You deploy a new subnet named Subnet2. On Subnet2, you deploy a new server named
5erver2 that runs Windows Server 2012.
You need to configure Server2 to route DHCP broadcast from Subnet2 to Server1.
To answer, select the appropriate role in the answer area.

Answer:
contains a user account named User1 that resides in an organizational unit (OU) named
OU1.
A Group Policy object (GPO) named GPO1 is linked to OU1. GPO1 is used to publish
several Applications to a user named User1.
In the Users container, you create a new user named User2.
You need to ensure that the same Applications are published to User2.
What should you do?
A. Modify the security of GPO1.

B. Modify the settings in GPO1.
C. Link a WMI filter to GPO1.
D. Move User2 to OU1.
Answer: C
You need to log the amount of system resources used by each virtual machine.
What should you do?
A. From Windows PowerShell, run the Enable-VM Resource Metering cmdlet.

B. From Windows System Resource Manager, enable Accounting.
C. From Windows System Resource Manager, add a resource allocation policy.
D. From Windows PowerShell, run the Measure-VM cmdlet.
Answer: A
Explanation:
Enable-VMResourceMetering - The Enable-VMResourceMeteringcmdlet starts collecting
resourceutilization data for a virtual machine or resource pool.
Measure-VM - The Measure-VM cmdlet reports data on processor usage, memory usage,
network traffic, anddisk capacity for one or more virtual machines.
http://blogs.technet.com/b/virtualization/archive/2012/08/20/how-to-use-resource-metering-
with-powershell.Aspx
You plan to create an image of Server1.
You need to remove the source files for all server roles that are not installed on Server1.
A. servermanagercmd.exe
B. imagex.exe
C. dism.exe
D. ocsetup.exe
Answer: C
Explanation:
servermanagercmd.exe - The ServerManagerCmd.exe command-line tool has been
deprecated in WindowsServer 2008 R2.
imagex.exe - ImageX is a command-line tool in Windows Vista that you can use to create
and manageWindows image (.wim) files. A .wim file contains one or more volume images,
disk volumes that containimages of an installed Windows operating system.
dism.exe - Deployment Image Servicing and Management (DISM.exe) is a command-line
tool that canbe used to service a Windows image or to prepare a Windows Preinstallation
Environment (WindowsPE) image. It replaces Package Manager (Pkgmgr.exe), PEimg,
and Intlcfg that were included inWindows Vista. The functionality that was included in
these tools is now consolidated in one tool(DISM.exe), and new functionality has been
added to improve the experience for offline servicing. DISMcan Add, remove, and
enumerate packages.
ocsetup.exe - The Ocsetup.exe tool is used as a wrapper for Package Manager
(Pkgmgr.exe) and for WindowsInstaller (Msiexec.exe). Ocsetup.exe is a command-line
utility that can be used to perform scripted installs andscripted uninstalls of Windows
optional components. The Ocsetup.exe tool replaces the Sysocmgr.exe tool thatWindows
XP and Windows Server 2003i use.
http://blogs.technet.com/b/joscon/archive/2010/08/26/adding-features-with-dism.aspx

the File Server server role installed.
On Server1, you create a share named Documents. The Share permission for the
Documents share is configured as shown in the following table.
The NTFS permission for the Documents share is configured as shown in the following
table.
You need to configure the Share and NTFS permissions for the Documents share. The
permissions must meet the following requirements:
Ensure that the members of a group named Group1 can read files and run
programs in Documents.
Ensure that the members of Group1 can modify the permissions on their own files
in Documents.
Ensure that the members of Group1 can create folders and files in Documents.
Minimize the number of permissions assigned to users and groups.
How should you configure the permissions?
To answer, drag the appropriate permission to the correct location. Each permission may
be used once, more than once, or not at all. You may need to drag the split bar between
panes or scroll to view content.
Answer:
Domain1 and Domain2.
Domain1 contains a file server named Server1. Server1 has a shared folder named
Share1. Domain2 contains 50 users who require access to Share1.
You need to create groups in each domain to meet the following requirements:
In Domain1, create a group named Group1. Group1 must be granted access to

Share1.
In Domain2, create a group named Group2. Group2 must contain the user
accounts of the 50 users.
Permission to Share1 must only be assigned directly to Group1.
Which type of groups should you create and which group nesting strategy should you use?
To answer, select the appropriate configuration in the answer area.
Answer:
A. New-StoragePool
B. New-VirtualDisk
C. Diskpart
D. Share and Storage Management
Answer: D
Server1.

A. the setup.exe command

B. the dism.exe command
C. the Install-RoleServicecmdlet
D. the Install-Module cmdlet
Answer: B
Explanation: There are a couple of ways to install the GUI from the command prompt,
although both use the same tool DISM (Deployment Image Service Manager). When you
are doing it for a single (local) server, the command is:
Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:Server-

Gui-Shell /featurename:Server-Gui-Mgmt
A. A RAID-5 volume on Disk 1, Disk 2, and Disk 3

B. A storage pool on Disk 2 and Disk 3
C. A mirrored volume on Disk 1 and Disk 4
D. A mirrored volume on Disk 1 and Disk 3
Answer: A
Explanation: The RAID volume would provide 8 TB of space and would be available if one
of the disk fails.
However, you need at least three (but no more than 32) dynamic disks to create a RAID-5
volume.
Disk1 would have to be converted to a dynamic disk first.
Incorrect:
Not B: A storage pool would not ensure data redundancy.
Not C: This mirror would provide only 2 TB of storage.
Not D: This mirror would provide 4 TB of storage. However, disk1 would have to converted
to a dynamic disk first.
Your network contains an Active Directory domain named contoso.com. All client
computers run Windows 8.
An administrator creates an Application control policy and links the policy to an

organizational unit (OU) named OU1. The Application control policy contains several deny
rules. The deny rules App1y to the Everyone group.
You need to prevent users from running the denied Application.
To answer, select the appropriate object in the answer area.

Answer:
A. New-StorageSubsytemVirtualDisk
B. File Server Resource Manager (FSRM)
C. Server Manager
D. Computer Management
Answer: C
snapshot of VM1.
A. Run the Stop-VM cmdlet.

B. Decrease the Minimum RAM.
C. Run the Convert-VHD cmdlet.
D. Convert diskl.vhd to a dynamically expanding disk.
Answer: D
Explanation: A dynamically expanding disk, on the other hand, is a VHD, which starts
small -- usually at only a few kilobytes -- and expands as additional storage space is
needed. It can only grow, however, to the size limit you designate in the setup wizard.
Incorrect:
Not D: Convert-VHD
Converts the format, version type, and block size of a virtual hard disk file.
2012.
Subnet mask: 255.255.240.0
A. netsh.exe
B. Set NetIPInterface
C. msconfig.exe
D. netcfg.exe
Answer: A
Netsh.exe.
You have a print server named Server1 that runs Windows Server 2012.
You discover that when there are many pending print jobs, the system drive occasionally
runs out of free space.
You add a new hard disk to Server1. You create a new NTFS volume.
You need to prevent the print jobs from consuming disk space on the system volume.
What should you modify?
A. the properties of the Print Spooler service

B. the Print Server Properties
C. the properties of each shared printer
D. the properties on the new volume
Answer: B
Explanation:
Windows spools print jobs by default to the following directory as the they are processed:
%SystemRoot%\SYSTEM32\SPOOL\PRINTERS.
It is possible for the administrator of a Windows print server to manually instruct Windows
the location forplacing the spool files, if for example there is a concern for disk space.
Topic 3, Volume C
An administrator provides you with a file that contains the information to create user
accounts for 200 temporary employees.
The file is shown in the exhibit. (Click the Exhibit button.)
You need to automate the creation of the user accounts. You must achieve this goal by
using the minimum amount of administrative effort.
A. csvde
B. Net user
C. Ldifde
D. Dsadd
Answer: A
Explanation:
csvde - Imports and exports data from Active Directory Domain Services (AD DS) using
files that storedata in the comma-separated value (CSV) format. You can also support
batch operations based on theCSV file format standard.
Net user - Adds or modifies user accounts, or displays user account information.
Ldifde - Creates, modifies, and deletes directory objects. You can also use ldifde to extend
the schema, exportActive Directory user and group information to other Applications or
services, and populate Active DirectoryDomain Services (AD DS) with data from other
directory services.
Dsadd - Adds specific types of objects to the directory.
http://technet.microsoft.com/en-us/library/cc753708
(v=ws.10).aspxcsvde.exe is the best option to add multiple users. as you just need to
export the excel spreadsheet as a csvfile and make sure the parameters are correct.
You can use Csvde to import and export Active Directory data that uses the comma-
separated valueformat. Use a spreadsheet program such as Microsoft Excel to open this
.csv file and view the header andvalue information
contains an Application server named Server1. Server1 runs Windows Server 2012.
You have a client Application named App1 that communicates to Server1 by using dynamic
TCP ports.
On Server1, a technician runs the following command:
New-NetFirewallRule -DisplayNameAllowDynamic -Direction Outbound -LocalPort 1024-

65535 -Protocol TCP
Users report that they can no longer connect to Server1 by using App1. You need to
ensure that App1 can connect to Server1.
What should you run on Server1?

A. Set-NetFirewallRule -DisplayNameAllowDynamic -Action Allow
B. netshadvfirewall firewall set rule name=allowdynamic new action = allow
C. Set-NetFirewallRule -DisplayNameAllowDynamic -Direction Inbound
D. netshadvfirewall firewall add rule name=allowdynamic action=allow
Answer: C
Explanation:
Set-NetFirewallRule - Modifies existing firewall rules.
You have to allow the connection INTO the server - inbound rules
http://technet.microsoft.com/en-us/library/jj573828%28v=wps.620%29.aspx
http://mikefrobbins.com/2013/02/28/use-powershell-to-remotely-enable-firewall-exceptions-
on-windows-server-2012/

You have a server named dc2.contoso.com that runs Windows Server 2012 and has the
DNS Server server role installed.
You open DNS Manager as shown in the exhibit. (Click the Exhibit button.)
You need to view the DNS server cache from DNS Manager.
A. From the View menu, click Advanced.

B. From the Action menu, click Configure a DNS Server...
C. From the View menu, click Filter...
D. From the Action menu, click Properties.
Answer: A
Explanation:
To view the contents of the DNS cache, perform the following steps:
1. Start the Microsoft Management Console (MMC) DNS snap-in (Go to Start, Programs,
Administrative Tools,and click DNS).
2. From the View menu, select Advanced.
3. Select the Cached Lookups tree node from the left-hand pane to display the top-level
domains (e.g., com, net) under.(root). Expand any of these domains to view the cached
DNS information (the actual records willappear in the right-hand pane).

Your network contains two Hyper-V hosts that run Windows Server 2012. The Hyper-V
hosts contains several virtual machines that run Windows Server 2012.
You install the Network Load Balancing feature on the virtual machines.
You need to configure the virtual machines to support Network Load Balancing (NLB).
Which virtual machine settings should you configure?
A. Port mirroring
B. DHCP guard
C. Router guard
D. MAC address
Answer: D
Your network contains an Active Directory forest that contains two domains. The forest
contains five domain controllers. The domain controllers are configured as shown in the
following table.
You need to configure DC5 as a global catalog server.
A. Active Directory Domains and Trusts

B. Active Directory Users and Computers
C. Active Directory Administrative Center
D. Active Directory Sites and Services
Answer: D
Explanation:
If you have more than one domain in your forest and you have a significant user population
in a site, you canoptimize the speed and efficiency of domain logons and directory
searches by adding a global catalog server tothe site.
If you have a single-domain forest, global catalog servers are not required for logons, but
directory searchesare directed to the global catalog. In this case, you can enable the global
catalog on all domain controllers forfaster directory searches.
You can use the same user interface (UI) in the Active Directory Sites and Services snap-in
to add or removethe global catalog. Enabling the global catalog can cause additional
replication traffic. However, global catalogremoval occurs gradually in the background and
does not affect replication or performance.
Membership in the Enterprise Admins group in the forest or the Domain Admins group in
the forest rootdomain, or equivalent, is the minimum required to complete this procedure.
To add or remove the global catalogOpen Active Directory Sites and Services. To open
Active Directory Sites and Services, click Start, click Administrative Tools, and then click
Active Directory Sites and Services.
To open Active Directory Sites and Services in Windows Server 2012, click Start , type
dssite.msc.
In the console tree, click the server object to which you want to add the global catalog or
from which youwant to remove the global catalog.
Where?
Active Directory Sites and Services\Sites\SiteName\Servers
In the details pane, right-click NTDS Settings of the selected server object, and then click
Properties.
Select the Global Catalog check box to add the global catalog, or clear the check box to
remove theglobal catalog.
Global catalog servers and sites

To optimize network performance in a multiple-site environment, consider adding global
catalog servers in sitesaccording to the needs in the sites for fast search responses and
domain logons. It is recommended to makeall domain controllers be global catalog severs if
possible. In a single-site, multiple-domain environment, asingle global catalog server is
usually sufficient to cover common Active Directory queries and logons.
computers.
A. Create a primary zone named "root".

B. Create a primary zone named ".".
C. Create a stub zone named "root".
D. Create a zone delegation for GlobalNames.contoso.com.
Answer: C
Note:
Incorrect:
Not D:
snapshot of VM1.
A. Run the Resize-VHD cmdlet.

B. Run the Convert-VHD cmdlet.
C. Run the Stop-VM cmdlet.
D. Convert diskl.vhd to a dynamically expanding disk.
Answer: D
Incorrect:
Not DB Convert-VHD
Converts the format, version type, and block size of a virtual hard disk file.
2012.
Subnet mask: 255.255.240.0
A. ipconfig.exe
B. netsh.exe
C. Set-NetIPInterface
D. Set-NetIPv4Protocol
Answer: B
Netsh.exe.
Incorrect:
not A: Windows Server 2012 Core still has IPCONFIG.EXE that can be used to view the IP
A. File Server Resource Manager (FSRM)

B. New-StoragePool
C. Diskpart
Answer: D
Explanation: With Share and Storage Management, you can provision storage on disks
that are available on your server, or on storage subsystems that support Virtual Disk
Service (VDS). The Provision Storage Wizard guides you through the process of creating a
volume on an existing disk, or on a storage subsystem attached to your server. If the
volume is going to be created on a storage subsystem, the wizard will also guide you
through the process of creating a logical unit number (LUN) to host that volume. You also
have the option of only creating the LUN, and using Disk Management to create the volume
later.
Incorrect:
Not A: File Server Resource Manager is a suite of tools for Windows Server that allows
administrators to understand, control, and manage the quantity and type of data that is
stored on their servers. By using File Server Resource Manager, administrators can place
quotas on folders and volumes, actively screen files, and generate comprehensive storage
reports. This set of advanced instruments not only helps the administrator efficiently
monitor existing storage resources, but it also aids in the planning and implementation of
future policy changes.

You create a new inbound rule by using Windows Firewall with Advanced Security.
You need to configure the rule to allow Server1 to accept unsolicited inbound packets that
are received through a network address translation (NAT) device on the network.
Which setting in the rule should you configure?
A. Edge traversal
B. Authorized computers
C. Interface types
D. Remote IP address
Answer: A
Explanation:
Edge traversal - This indicates whether edge traversal is enabled (Yes) or disabled (No).
When edge traversalis enabled, the Application, service, or port to which the rule App1ies
is globally addressable and accessiblefrom outside a network address translation (NAT) or
edge device.
Select one of the following options from the list:

Block edge traversal (default) - Prevent Applications from receiving unsolicited traffic from
the Internet througha NAT edge device.
Allow edge traversal - Allow Applications to receive unsolicited traffic directly from the
Internet through aNAT edge device.
Defer to user - Let the user decide whether to allow unsolicited traffic from the Internet
through a NAT edgedevice when an Application requests it.
Defer to Application - Let each Application determine whether to allow unsolicited traffic
from the Internetthrough a NAT edge device.
http://technet.microsoft.com/en-us/library/dd421713%28v=ws.10%29.aspx
the File Server server role installed.
On Server1, you create a share named Documents.
You need to ensure that users can recover files that they accidently delete from
Documents.
What should you do?
A. Enable shadow copies by using Computer Management.

B. Modify the Startup type of the Volume Shadow Copy Service (VSS) by using the
Services console.
C. Create a recovery partition by using Windows Assessment and Deployment Kit
(Windows ADK).
D. Create a storage pool that contains a two-way mirrored volume by using Server
Manager.
Answer: A
Explanation:
If you enable Shadow Copies of Shared Folders on a volume using the default values, a
task will be scheduledto create shadow copies at 7:00 A.M of next business day. The
default storage area will be on the samevolume, and its size will be 10 percent of the
available space.
You can only enable Shadow Copies of Shared Folders on a per-volume basisthat is,
you cannot selectspecific shared folders and files on a volume to be copied or not copied.
To enable and configure Shadow Copies of Shared Folders
1. Click Start, point to Administrative Tools, and then click Computer Management.
2. In the console tree, right-click Shared Folders, click All Tasks, and then click Configure
Shadow Copies.
3. In Select a volume, click the volume that you want to enable Shadow Copies of Shared
Folders for, and then click Enable.
4. You will see an alert that Windows will create a shadow copy now with the current
settings and that thesettings might not be appropriate for servers with high I/O loads. Click
Yes if you want to continue or No if youwant to select a different volume or settings.
5. To make changes to the default schedule and storage area, click Settings.

You need to create a new volume on Server1. The new volume must have the following
configurations:
Be stored on a new virtual hard disk

Be assigned the drive letter G
Have the NTFS file system
In which order should you run the Diskpart commands?
To answer, move all the Diskpart commands from the list of commands to the answer area
and arrange them in the correct order.
Answer:
contains a DHCP server named DHCP1.
You add a new network segment to the network.
On the new network segment, you deploy a new server named Server1 that runs Windows
Server 2012.
You need to configure Server1 as a DHCP Relay Agent.
To answer, select the appropriate role in the answer area.

Answer:
A. Server Manager
B. New-StorageSubsytemVirtualDisk
Answer: D
Explanation: With Share and Storage Management, you can provision storage on disks
that are available on your server, or on storage subsystems that support Virtual Disk
Service (VDS). The Provision Storage Wizard guides you through the process of creating a
volume on an existing disk, or on a storage subsystem attached to your server. If the
volume is going to be created on a storage subsystem, the wizard will also guide you
through the process of creating a logical unit number (LUN) to host that volume. You also
have the option of only creating the LUN, and using Disk Management to create the volume
later.
You plan to create a snapshot of VM1.
snapshot of VM1.
A. Run the Resize-VHD cmdlet.

B. Run the Stop-VM cmdlet.
C. Configure VM1 to have a smaller virtual disk.
D. Run the Convert-VHD cmdlet.
Answer: C
2012.
Subnet mask: 255.255.240.0
A. Set-NetlPInterface
B. netcfg.exe
C. New-NetlPAddress
D. msconfig.exe
Answer: A
Explanation: Set-NetIPInterface
Modifies IP interface properties.
The Set-NetIPInterfacecmdlet modifies IP interface properties such as is DHCP, IPv6

neighbor discovery settings, router settings and Wake on LAN (WoL) settings.
computers.
A. Remove all root hints.

B. Create a primary zone named "GlobalNames".
C. Create a primary zone named "root".
D. Create a stub zone named "root".
Answer: C
Note:
Incorrect:
Not B:
contains the servers shown in the following table.
You need to ensure that you can use Server Manager on DC1 to manage DC2.
Choose two.)
A. Install Microsoft .NET Framework 4 on DC2.

B. Install Remote Server Administration Tools on DC1.
C. Install Remote Server Administration Tools on DC2.
D. Install Windows Management Framework 3.0 on DC2.
Answer: A,D
Explanation: Windows Management Framework 3.0 To use this release of Server
Manager to access and manage remote servers that are running Windows Server 2008 or
Windows Server 2008 R2, you must first install .NET Framework 4.0, and then install
Windows Management Framework 3.0 on those servers.
Note: In Windows Server 2012, you can use Server Manager to perform management
tasks on remote servers. Remote management is enabled by default on servers that are
running Windows Server 2012. To manage a server remotely by using Server Manager,
you add the server to the Server Manager server pool.
You can use Server Manager to manage remote servers that are running Windows Server
2008 and Windows Server 2008 R2, but the following updates are required to fully manage
these older operating systems (see above).
You have a file server named Server1 that runs Windows Server 2012. Server1 contains a
folder named Folder1.
You share Folder1 as Share1 by using Advanced Sharing. Access-based enumeration is
enabled.
Share1 contains an Application named App1.exe.
You configure the NTFS permissions on Folder1 as shown in the following table.
The members of Group2 report that they cannot make changes to the files in Share1. The
members of Group1 and Group2 run App1.exe successfully.
You need to ensure that the members of Group2 can edit the files in Share1.
What should you do?
A. Edit the Share permissions.

B. Disable access-based enumeration.
C. Replace the NTFS permissions on all of the child objects.
D. Edit the NTFS permissions.
Answer: A
Explanation:
Suppose youve shared a folder on a Windows Server 2012 system and youve created the
share as a readonlyshare, but the NTFS permissions for the folder are Full Control for the
Everyone group. When conflicts likethis arise between share and NTFS permissions, the
most restrictive permission set wins out.
There are a number of additional settings that you can enable for the share. ABE allows
users to see just thefiles and folders to which they have been granted access and not even
be able to see that other itemsexist.
http://blogs.technet.com/b/keithmayer/archive/2012/10/21/ntfs-shared-folders-a-whole-lot-
easier-in-windowsserver-2012.aspx
http://www.techrepublic.com/blog/networking/how-to-share-a-folder-in-windows-server-
2012/6057
http://www.techrepublic.com/blog/networking/windows-server-2012-tips-for-setting-share-
vs-ntfspermissions/6204
Computer accounts for the marketing department are in an organizational unit (OU) named
Departments\Marketing\Computers. User accounts for the marketing department are in an
OU named Departments\Marketing\Users.
Marketing users can only log on to the client computers in the

Departments\Marketing\Computers OU.
You need to App1y an Application control policy to all of the marketing users.
Which Group Policy Object (GPO) should you configure?
To answer, select the appropriate GPO in the answer area.

Answer:
2012.
Subnet mask: 255.255.240.0
A. Set-NetIPv4Protocol
B. ipconfig.exe
C. netsh.exe
D. msconfig.exe
Answer: C
Netsh.exe.
Incorrect:
Not A: The command Set-NetIPv4Protocol modifies information about the IPv4 Protocol
configuration.
TheSet-NetIPv4Protocolcmdlet modifies the global IPv4 protocol configuration for the
computer. This includes parameters such as the default hop limit, the neighbor cache limit,
and multi-cast configuration.
not B: Windows Server 2012 Core still has IPCONFIG.EXE that can be used to view the IP
snapshot of VM1.
A. Convert diskl.vhd to a dynamically expanding disk.

B. Shutdown VM1.
C. Decrease the Minimum RAM.
D. Decrease the Maximum RAM.
Answer: A
contains a server named Server 1. Server1 runs Windows Server 2012.
A. New-StorageSubsytemVirtualDisk
B. Share and Storage Management
D. File Server Resource Manager (FSRM)
Answer: B
Explanation:
With Share and Storage Management, you can provision storage on disks that are
available on your server, or on storage subsystems that support Virtual Disk Service (VDS).
The Provision Storage Wizard guides you through the process of creating a volume on an
existing disk, or on a storage subsystem attached to your server. If the volume is going to
be created on a storage subsystem, the wizard will also guide you through the process of
creating a logical unit number (LUN) to host that volume. You also have the option of only
creating the LUN, and using Disk Management to create the volume later.
Incorrect:
Not D: File Server Resource Manager is a suite of tools for Windows Server that allows
administrators to understand, control, and manage the quantity and type of data that is
stored on their servers. By using File Server Resource Manager, administrators can place
quotas on folders and volumes, actively screen files, and generate comprehensive storage
reports. This set of advanced instruments not only helps the administrator efficiently
monitor existing storage resources, but it also aids in the planning and implementation of
future policy changes.
contains three member servers. The servers are configured as shown in the following table.
All client computers run Windows 8. All client computers receive updates from Server2.
On Servers, you add a shared printer named Printer1. Printer1 uses a Type 4 driver that is
not included in the Windows 8 installation media.
You need to ensure that when users connect to the printer for the first time, the printer
driver is installed automatically on their client computer.
What should you do?
A. From the Windows Deployment Services console on Server1, add the driver package for
Printer1.
B. From the Update Services console on Server2, import and approve updates.
C. From Windows PowerShell on Server3, run the Add-PrinterDrivercmdlet.
D. From the Print Management console on Server3, add additional drivers for Printer1.
Answer: B

contains a member server named Server1 and a domain controller named DC2. All servers
run Windows Server 2012. All domain controllers are configured as DNS servers. On
Server1, you open Server Manager and you add DC2 as another server to manage.
From Server Manager on Server2, you right-click DC2 as shown in the exhibit. (Click the
Exhibit button.)
You need to ensure that when you right-click DC2, you see the option to run DNS
Manager.
What should you do?
A. In the domain, add Server1 to the DNS Admins group.

B. On DC2 and Server1, run winrmquickconfig.
C. On DC2, install the Feature Administration Tools.
D. On Server1, install the Role Administration Tools.
Answer: D
Explanation:
If you have installed Windows Server 2012 Roles and Features using PowerShell or
remote server admin toolsor new multi server manager console, you will see that the
management tools are missing from the server onwhich you just have enabled the role or
feature. This is because Microsoft has provided more granular controlon what is installed
on the Windows Server 2012. As an administrator we have choice to include or not
toinclude management tools while installing the Roles and Features we choose.
The goal for Windows Server 2012 administration is to manage remotely from Windows
Server 2012 box thatwill act as the management host for all servers and will be accessed
by all the IT administrators.
Typically, when a role is installed, the associated administration tools are also installed.
However, sometimes you simply need to add additional administrative tools.
http://technet.microsoft.com/en-us//library/cc731420%28v=ws.10%29.aspx
http://windowsitpro.com/windows-server-2012/q-im-missing-some-windows-server-2012-
administration-toolshow-do-i-add-them
contains 20 computer accounts in an organizational unit (OU) named OU1. A user account
named User1 is in an OU named OU2.
You are configuring a Group Policy object (GPO) named GPO1. You need to assign User1
the Back up files and directories user right to all of the computer accounts in OU1.
Choose two.)
A. Link GPO1 to OU1.

B. Link GPO1 to OU2.
C. Modify the Delegation settings of GPO1.
D. From User Configuration in GPO1, modify the security settings.
E. From Computer Configuration in GPO1, modify the security settings.
Answer: A,E
Explanation:
A. You have to Link a GPO to an object in order for it to be App1ied to that object
B. Wrong object to link the GPO
C. Delegation settings refer to delegating control over the properties of the GPO
D. User Configuration typically contains subitems for Software Settings, Windows Settings,
and AdministrativeTemplates
E. Backup Files and Directories are found in Computer Configuration\Windows
Settings\Local Policies\User Rights Assignment
Back up files and directories - This user right determines which users can bypass file and
directory, registry,and other persistent object permissions for the purposes of backing up
the system.
Specifically, this user right is similar to granting the following permissions to the user or
group in question on allfiles and folders on the system:
Traverse Folder/Execute File
List Folder/Read Data
Read Attributes
Read Extended Attributes
Read Permissions
Caution:
Assigning this user right can be a security risk. Since there is no way to be sure that a user
is backing up data,stealing data, or copying data to be distributed, only assign this user
right to trusted users.
Default on workstations and servers: Administrators, Backup Operators.
Default on domain controllers:Administrators,BackupOperators,Server Operators
http://www.microsoft.com/en-us/download/details.aspx?id=25250
Your network contains a Hyper-V host named Server1 that runs Windows Server 2012.
Server1 hosts a virtual machine named VM1 that runs Windows Server 2012. You take a
snapshot of VM1, and then you install an Application on VM1. You verify that the
Application runs properly.
You need to ensure that the current state of VM1 is contained in a single virtual hard disk
file.
The solution must minimize the amount of downtime on VM1.
What should you do?
A. From Hyper-V Manager, delete the snapshot.

B. From a command prompt, run dism.exe and specify the /commit-image parameter.
C. From a command prompt, run dism.exe and specify the /delete-image parameter.
D. From Hyper-V Manager, inspect the virtual hard disk.
Answer: A
Explanation:
Virtual machine snapshots are file-based snapshots of the state, disk data, and
configuration of a virtualmachine at a specific point in time.
You can take multiple snapshots of a virtual machine, even while it is running.
You can then revert the virtual machine to any of the previous states by App1ying a
snapshot to the virtualmachine.
Taking a snapshot of a VM is to in essence freeze the current state and make it a parent
disk based on currentstate, and at the same time create a child disk to capture all
subsequent changes. - See more at:
Snapshots require adequate storage space. Snapshots are stored as .avhd files in the
same location at thevirtual hard disk. Taking multiple snapshots can quickly consume a
large amount of storage space.
When you use Hyper-V Manager to delete a snapshot, the snapshot is removed from the
snapshot treebut the .avhd file is not deleted until you turn off the virtual machine.
http://www.laneolson.ca/2009/10/09/hyper-v-snapshots-and-disk-space/
http://blogs.technet.com/b/yungchou/archive/2013/01/23/hyper-v-virtual-hard-disk-vhd-
operations-explained.aspx
http://zoom.it/12u8
http://www.server-talk.eu/wp-content/uploads/article_2010-05-28_02.png
http://blogs.msdn.com/b/virtual_pc_guy/archive/2009/04/15/what-happens-when-i-delete-a-
snapshot-hyper-v.aspx
http://blogs.technet.com/b/josebda/archive/2012/03/20/windows-server-8-beta-hyper-v-
over-smb-quickprovisioning-a-vm-on-an-smb-file-share.aspx
contains a server namedServer1. Server1 runs Windows Server 2012 and has the Hyper-V
server role installed. On Server1, you createand start a virtual machine named VM1.
VM1 is configured as shown in the following table. You plan to create a snapshot of VM1.
You need torecommend a solution to minimize the amount of disk space used for the
snapshot of VM1. What should youdo before you create the snapshot?
A. Shut down VM1.

B. Decrease the Minimum RAM.
C. Decrease the Maximum RAM.
D. Configure VM1 to have a smaller virtual disk.
E. Convert disk1.vhd to a dynamically expanding disk.
F. Run the Stop-VM cmdlet.
G. Run the Resize-VHD cmdlet.
H. Run the Convert-VHD cmdlet.
Answer: A,F
Explanation:
Virtual machine snapshots are file-based snapshots of the state, disk data, and
configuration of a virtualmachine at a specific point in time.
You can take multiple snapshots of a virtual machine, even while it is running.
You can then revert the virtual machine to any of the previous states by App1ying a
snapshot to the virtualmachine.
Taking a snapshot of a VM is to in essence freeze the current state and make it a parent
disk based on currentstate, and at the same time create a child disk to capture all
subsequent changes. - See more at:
Snapshots require adequate storage space. Snapshots are stored as .avhd files in the
same location at thevirtual hard disk. Taking multiple snapshots can quickly consume a
large amount of storage space.
When you use Hyper-V Manager to delete a snapshot, the snapshot is removed from the
snapshot treebut the .avhd file is not deleted until you turn off the virtual machine.
Each snapshot introduces a parent-child dependency of the runtime environment when the
snapshot wastaken, and over time a series of backups will results in a multi-level hierarchy
of snapshots with nested parentchilddependencies.
When you have systems that are required to be up and running 24/7 it basically throws
away any use thatsnapshots have. It seems somewhat ridiculous that you have to bring a
system down to delete the snapshotwhen one of the reasons you created the snapshot
was to help reduce downtime in case something goeswrong. It is even more ridiculous that
if you dont power down your system and wait for the vhd to merge,the snapshot will
continue to grow until the system comes crashing down due to a lack of disk space!
(Microsoft does not recommend snapshots for production environments)

http://www.laneolson.ca/2009/10/09/hyper-v-snapshots-and-disk-space/
http://zoom.it/12u8
http://www.server-talk.eu/wp-content/uploads/article_2010-05-28_02.png
http://blogs.msdn.com/b/virtual_pc_guy/archive/2009/04/15/what-happens-when-i-delete-a-
snapshot-hyper-v.aspx
contains a server named Server1. Server1 runs Windows Server 2012. You need to create
3-TB virtual hard disk (VHD) on Server1.

A. Diskpart
B. Server Manager
D. New-VirtualDisk
E. Share and Storage Management
F. File Server Resource Manager (FSRM)
G. New-StorageSubsytemVirtualDisk
H. New-StoragePool
Answer: A,C
Explanation:
The New-VirtualDisk command creates a new virtual disk in the specified storage pool.
New-VirtualDisk - Creates a new virtual disk in the specified storage pool.
Although the new Server Manager UI in Windows Server 2012 provides a very convenient
and intuitiveworkflow to provision and manage Storage, interaction with PowerShell is
required to access many of theadvanced features.
If I then create a simple 200GB Virtual Disk via the UI named VDiskSimpleUI, the resulting
Virtual Diskleverages 8 columns and maintains 1 copy of the data. But when creating the
Virtual Disk via PowerShell, Ican force the tripping across all nine of the disks and optimize
performance.
New-VirtualDisk -StoragePoolFriendlyName Pool01 -ResiliencySettingName Simple -Size

200GB -FriendlyNameVDiskSimplePS -ProvisioningType Fixed -NumberOfDataCopies 1 -
NumberOfColumns 9
And creating a mirrored 200GB Virtual Disk via the UI named VDiskMirrorUI produces a
Virtual Disk with 4columns and 2 data copies. But with PowerShell, I can create a slightly
different configuration, increasing thedata protection (and also the disk footprint):
New-VirtualDisk -StoragePoolFriendlyName Pool01 -ResiliencySettingName Mirror -Size
200GB -FriendlyNameVDiskMirrorPS -ProvisioningType Fixed -NumberOfDataCopies 3 -
NumberOfColumns 3.
http://blogs.technet.com/b/wincat/archive/2012/05/21/optimizing-windows-server-2012-
storage-managementvia-powershell-for-both-performance-and-resiliency.aspx
the Internet by using a web proxy. You deploy a server named Server1 that runs Windows
Server 2012. Server1 has the DNS Server server role installed. You configure all of the
client computers to use Server1 as their primary DNS server.
computers.

C. Create a primary zone named ..
D. Create a primary zone named root.
E. Create a primary zone named "GlobalNames".
F. Create a forwarder that points to 169.254.0.1.
G. Create a stub zone named root.
H. Create a zone delegation for GlobalNames.contoso.com.
Answer: B,C
Explanation:
B. necessary to remove the default root hints files
C. install a root (.) zone on all internal DNS servers to prevent name resolution on the
Internet
controllers currently run Windows Server 2008 R2. You plan to install a new domain
controller named DC4 that runs Windows Server 2012.
Schema master
You need to identify which configurations Administrators by using the Active Directory
Installation Wizard.
A. Transfer the schema master.
B. Enable the global catalog server.
C. Install the DNS Server role
D. Install the Active Directory Certificate Services role.
Answer: A,D
Explanation:
global catalog server. ADCS and schema must be done separately.
contains a member server named Server1 and a domain controller named DC2. All servers
run Windows Server 2012.
On DC2, you open Server Manager and you add Server1 as another server to manage.
From Server Manager on DC2, you right-click Server1 as shown in the exhibit.
You need to ensure that when you right-click Server1, you see the option to run the DHCP
console.
What should you do?
A. On Server1, install the Feature Administration Tools.

B. In the domain, add DC1 to the DHCP Administrators group.
C. On DC2 and Server1, run winrmquickconfig.
D. On DC2, install the Role Administration Tools.
Answer: C
Explanation:
C. Remote Mgmt must be setuo on both servers
You have a network printer connected to print server. You need to be able to print if print
server goes down. What should you chose?
A. brach office direct printing
B. printer pooling
C. spooling
D. Print forwarding
Answer: A
You have external virtual switch with srv-io enabled with 10 Virtual Machines on it. You
need to make the Virtual Machines able to talk only to each other.
A. remove the vswitch and recreate it as private.

B. add new vswitch
C. removevswitch and recreate it as public
D. adjust srv-io settings
Answer: A
Explanation:
http://www.altaro.com/hyper-v/hyper-v-virtual-switch-explained-part-2/
Your infrastructure divided in 2 sites. You have a forest root domain and child domain.
There is only one DC on site 2 with no FSMO roles. The link goes down to site 2 and no
users can log on.
What FSMO roles you need on to restore the access?
A. Infrastructure master
B. RID master
C. Domain Naming master
D. PCD emulator
Answer: D
Explanation:
D. The PDC emulator is used as a reference DC to double-check incorrect passwords and
it also receives new password changes.
You have a server named Server1 that runs Windows Server 2012. A network technician
installs a new disk onServer1 and creates a new volume. The properties of the new
volume.
You need to ensure that you canrestore files on volume D by using the Previous Versions
tab.
A. Convert the disk to a dynamic disk.

B. Format volume D.
C. Install the File Server Resource Manager role service.
D. Run the convert.exe command.
Answer: B
Explanation:
Shadow Copies for Shared Folders is activated at the volume level.
The volume to be enabled for shadow copies must use NTFS and can be saved either on a
basic disk or adynamic disk.
Assigning a drive letter to the volume is optional; an NTFS volume with shadow copy
enabled can be mountedas a folder on another NTFS volume.
You can only enable Shadow Copies of Shared Folders on a per-volume basis; that is, you
cannot selectspecific shared folders and files on a volume to be copied or not copied. By
default, the shadow copies will bestored on the volume that is being copied (the source
volume). If you have more than one drive available onyour server, you should use a
separate volume on another disk to store the shadow copies. This eliminates thepossibility
that high input/output (I/O) load will cause shadow copies to be deleted. This is the
recommendedconfiguration for heavily used file servers.

http://technet.microsoft.com/pt-pt/magazine/2006.01.rapidrecovery%28en-us%29.aspx
Server 1 and Server2 host a load-balanced Application pool named AppPool1.
You need to ensure thatAppPool1 uses a group Managed Service Account as its identity.
Which 3 actions should you perform?
A. I believe it should be Install a domain controller that runs Windows Server 2012, Run the
New-ADServiceAccountcmdlet, Modify the settings of AppPool1.
B. Configure the Security settings of the contoso.com zone.
C. Add a second legacy network adapter, and then run the Set-VMNetworkAdoptercmdlet.
D. From Windows Powershell, run Get-DNSServerDiagnostics.
Answer: A
You run a Windows 2012 and implementing 3 new printers in a warehouse. You need to
makean exclusion forthese IP addresses within DHCP server.
Select the location where would configure at the DHCP console?
Answer:
You have a Server Core 2012 installation and all roles and features removed. The server
does not haveaccess to Windows Update. You mount the network volume containing the
installation files for Server 2012.
You need to install DNS and DHCP server role.
Which directory do you reference for installing?

Answer:
Server1 runs Windows Server 2012 and is installed as an FTP server.

Client use App1 to connect to Server1 for FTP.
App1 use TCP port 21 for control and a dynamic port for data. You have allowed port 21 in
firewall. What youshould next do to allow clients to use App1 to connect to server1 using
ftp.
A. At Server1 allow firewall rule of outbound

B. At Server1 allow firewall rule of inbound
C. netshadvfirewalldomainprofile state off
D. netshadvfirewall set global StatefulFtp enable
Answer: D
Explanation:
Set global statefulftp
Configures how Windows Firewall with Advanced Security handles FTP traffic that uses an
initial connection onone port to request a data connection on a different port. This affects
both active and passive FTP.
http://support.microsoft.com/kb/832017/en-us#method20
P.S
There is a fair bit of confusion around the purpose of the Alternate DNS Server.
This Post should hopefully put these questions to bed.
The general assumption is that, the Windows DNS Client on all counts, will send a DNS
query to the PreferredDNS first. If this query fails, then it will query the Alternate DNS
Server, and so on and so forth.
The above statement is true, however there is a twist.
The Windows DNS Client will reset the DNS Server Priority at periodic intervals. By default,
the serverpriorities are reset every 15 minutes.
Let's look at an example:

I have a DNS Client configured as follows:
Preferred DNS: 192.168.0.1
Alternate DNS: 10.10.0.1
The DNS Client will start by sending queries to 192.168.0.1. After 15 minutes it will switch
priority to
10.10.0.1. Thus all queries will first be sent to 10.10.0.1 for a period of 15 minutes before
switching back to192.168.0.1
There is another condition that triggers a Priority Switch.
If say the Preferred DNS timed out on a DNS query, the DNS Client will send that DNS
Query to theAlternate DNS.
If the Alternate DNS resolves the Query, the Priority will now switch to the Alternate DNS,
until either it timesout on a Query or the Priority Time Limit expires.
It is a common practice to configure the Preferred DNS Server with the IP of a Local Site
DNS Server and the
Alternate DNS Server with that of a Remote Site. The problem arises when
Firewall/Network folk raisecomplaints that Clients are sending DNS Traffic to Remote DNS
Servers. Well, that is because they have beenconfigured to do so.
http://blogs.technet.com/b/ajayr/archive/2011/12/14/who-does-dns-client-prefer-preferred-
or-alternate.aspx
You run a Windows 2012 Hyper-V Role Server, you need to shrink the size of files.vhd.
Which powershellcmdlet option you should run first?
A. Dismount-VHD
B. Mount-VHD
C. Resize-VHD
D. Convert-VHD
Answer: D
Explanation:
Answer: Convert, as .vhd dont support shrink.
Convert-VHD - Converts the format, version type, and block size of a virtual hard disk file.
Convert-VHD Path c:\test\files.vhd DestinationPath c:\test\testvhdx.vhdx
The Resize-VHD cmdlet resizes a virtual hard disk. This cmdlet lets you shrink or expand
the size of a virtualhard disk, but the shrink operation is allowed only on VHDX virtual hard
disks. The shrink operation fails ifit would shrink the virtual disk to less than its minimum
size (available through the VHDX objects MinimumSizeproperty).
After converting a dynamically expanding VHD to the VHDX format, a new Shrink menu
option becomesavailable in the Hyper-V UI as shown.
VHDX format VHDs only expose the Shrink option when there is free space in the VHDX
file to reclaim.
http://blogs.msdn.com/b/virtual_pc_guy/archive/2012/05/10/shrinking-a-vhd-in-windows-8-
fast.aspx
You only want to share a printer with Group1, administrators, central owner and operators.
(pick 2 answers)
A. Add permissions to Group1

B. Remove permissions from administrators
C. Add permissions to operators
D. Add permissions to Central Owner
E. Remove permissions from everyone.
Answer: A,E
Explanation:

A laptop with server 2012 OS, you need to ensure that server 2012 can use wireless
network adapter. Whatshould you do first?
A. use server manager to install the Wireless Lan Service Role

B. use server manager to install the Wireless Network Role
C. use server manager to install the Wireless Lan Service Feature
D. use server manager to install the Wireless Network Feature
Answer: C
Explanation:
http://www.win2012workstation.com/wireless-networking/
You run a Windows 2012 Hyper-V Role Server, you need to shrink the size of files.vhd(
200GB ).
Using the Edit Virtual Disk Wizard what option should you choose.
A. Compact
B. Shrink
C. Resize
D. Convert
Answer: D
Explanation:
Answer: Convert, as .vhd dont support shrink.
After converting a dynamically expanding VHD to the VHDX format, a new Shrink menu
option becomesavailable in the Hyper-V UI as shown.
VHDX format VHDs only expose the Shrink option when there is free space in the VHDX
file to reclaim.
http://blogs.msdn.com/b/virtual_pc_guy/archive/2012/05/10/shrinking-a-vhd-in-windows-8-
fast.aspx
A company has a forest with 4 sites. Subnets are as follows:
MainOffice 172.16.1.0 Subnet: 255.255.255.0 Gateway 172.16.1.254

Site1 192.168.12.0 Subnet: 255.255.255.0
Site 2 192.168.13.0 Subnet: 255.255.255.0
Site 3 192.168.14.0 Subnet: 255.255.255.0
Site 4 192.168.15.0 Subnet: 255.255.255.0
You add a new server to the MainOffice and it needs to be able to communicate to all sites.
Which routecommand would you run?
A. route add -p 192.168.8.0 netmask 255.255.252.0 172.16.1.254

B. route add -p 192.168.0.0 netmask 255.255.248.0 172.16.1.254
C. route add -p 192.168.12.0 netmask 255.255.252.0 172.16.1.254
D. route add -p 192.168.12.0 netmask 255.255.240.0 172.16.1.254
Answer: C
contains a server namedServer1. Server1 runs Windows Server 2012 and has the Hyper-
You need to log the amount of system resources used by each virtual machine.
What should you do?
A. From Windows PowerShell, run the Enable-VMResourceMeteringcmdlet.

B. From Windows System Resource Manager, enable Accounting.
C. From Windows System Resource Manager, add a resource allocation policy.
D. From Windows PowerShell, run the Measure-VM cmdlet.
Answer: A
Explanation:
Enable-VMResourceMetering - The Enable-VMResourceMeteringcmdlet starts collecting
resourceutilization data for a virtual machine or resource pool.
http://technet.microsoft.com/en-us/library/hh848481
(v=wps.620).aspx
Measure-VM - The Measure-VM cmdlet reports data on processor usage, memory usage,
network traffic, anddisk capacity for one or more virtual machines.
http://technet.microsoft.com/en-us/library/hh848471
(v=wps.620).aspx
You work as an administrator at ABC.com. The ABC.com network consists of a single

domain named ABC.com. All servers in the ABC.com domain, including domain controllers,
have Windows Server 2012 installed.
ABC.coms user accounts are located in an organizational unit (OU), named ABCStaff.
ABC.coms managersbelong to a group, named ABCManagers.
You have been instructed to create a new Group Policy object (GPO) that should be linked
to the ABCStaffOU, but not affect ABC.coms managers.
Which of the following actions should you take?
A. You should consider removing the user accounts of the managers from the ABCStaff
OU.
B. You should consider configuring the new GPOs WMI filter.
C. You should consider adding the user accounts of ABC.coms managers to the Admins
group.
D. You should consider adding the user accounts of ABC.coms managers to the
localAdministrators group.
Answer: B
Explanation:
GPOs cannot be linked directly to users, computers, or security groups. They can only be
linked to sites,domains and organizational units. However, by using security filtering, you
can narrow the scope of aGPO so that it App1ies only to a single group, user, or computer.
deny a specific group both Read and App1y Group Policy permission to prevent them
from App1ying the GPO.
http://blogs.technet.com/b/grouppolicy/archive/2009/07/30/security-filtering-wmi-filtering-
and-item-leveltargeting-in-group-policy-preferences.aspx
http://technet.microsoft.com/pt-pt/library/cc758471%28v=ws.10%29.aspx
You have two servers named Server1 and Server2 that run Windows Server 2012. Server1
and Server2 are part of a workgroup.
On Server1, you add Server2 to Server Manager.
When you attempt to connect to Server2 from Server Manager, you receive the following
error message: "Credentials not valid."
You need to ensure that you can manage Server2 from Server1 by using Server Manager
on Server1.
What should you do?
A. On Server 2, run the Configure-SmRemotingcmdlet.

B. On Server 1, run the Set-NetFirewallRulecmdlet.
C. On Server 1, run the Set-Item cmdlet.
D. On Server 2, install the Remote Server Administration Tools (RSAT).
Answer: C
You have a shared folder named Share1. The folder permissions of Share1 are configured
as shown in the Folder Permissions exhibit. (Click the Exhibit button.)
The Share permissions of Share1 are configured as shown in the Share Permissions
exhibit. (Click the Exhibit button.)
You have a group named Group1. The members of Group1 are shown in the Group1
exhibit. (Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information;
otherwise select No. Each correct selection is worth one point.
Answer:
2012 Standard.
You establish a Remote Desktop session to Server1.
You need to identify which task can be performed on Server1 from within the Remote
Desktop session.
A. Modify the network settings by using Sconfig.

B. Join a domain by using the System Properties.
C. Disable services by using Msconfig.
D. Install a feature by using Server Manger.
Answer: A
A. Local Security Policy

B. Server Manager
C. Authorization Manager
D. Security Templates
Answer: B
Explanation: The Security Configuration Wizard (SCW) guides you through the process of
creating, editing, applying, or rolling back a security policy.
You can run SCW from Administrative Tools or Server Manager.
Note:
* Security templates provide standard security settings to use as a model for your security
policies. They help you troubleshoot problems with computers whose security settings are
not in compliance with policy or are unknown. Security templates are inactive until imported
into a Group Policy object or the Security Configuration and Analysis snap-in to MMC.
A two-way forest trust exists between the forests.
You have custom starter Group Policy objects (GPOs) defined in contoso.com.
You need to ensure that the same set of custom starter GPOs are available in
adatum.com.
In the table below, identify which action must be performed for the starter GPOs container
in each forest. Make only one selection in two of the rows. Each correct selection is worth
one point.
Answer:
You have a server named Server1 that runs Windows Server 2012. Server1 is a member of
a workgroup.
You need to ensure that only members of the Administrators group and members of a
group named Group1 can log on locally to Server1.
Which settings should you modify from the Local Security Policy? To answer, select the
appropriate settings in the answer area.
Answer:

You have a server named Server1. Server1 runs Windows Server 2012 and is located in a
perimeter network.
You need to configure a custom connection security rule on Server1. The rule must encrypt
network communications across the Internet to a computer at another company.
Which authentication method should you configure in the connection security rule?
A. Advanced
B. User (Kerberos V5)
C. Computer (Kerberos V5)
D. Computer and user (Kerberos V5)
E. Default
Answer: A
A one-way external trust exists between contoso.com and adatum.com.
Adatum.com contains a universal group named Group1.
You need to prevent Group1 from being used to provide access to the resources in
contoso.com.
What should you do?
A. Modify the Managed By settings of Group1.

B. Modify the Allowed to Authenticate permissions in adatum.com.
C. Change the type of Group1 to distribution.
D. Modify the name of Group1.
Answer: B
Explanation:
* Accounts that require access to the customer Active Directory will be granted a special
right called Allowed to Authenticate. This right is then applied to computer objects (Active
Directory domain controllers and AD RMS servers) within the customer Active Directory to
which the account needs access.
* For users in a trusted Windows Server 2008 or Windows Server 2003 domain or forest to
be able to access resources in a trusting Windows Server 2008 or Windows Server 2003
domain or forest where the trust authentication setting has been set to selective
authentication, each user must be explicitly granted the Allowed to Authenticate permission
on the security descriptor of the computer objects (resource computers) that reside in the
trusting domain or forest.
a child domain named corp.contoso.com.
The network has Microsoft Exchange Server 2010 deployed.
You need to create a mail-enabled distribution group. Which type of group should you
create?
A. Domain local
B. Global
C. Local
D. Universal
Answer: D
a single domain. The domain contains two domain controllers named DC1 and DC2 that
The domain contains a user named User1 and a global security group named Group1.
You need to add a new domain controller to the domain.
You install Windows Server 2012 on a new server named DC3.
Which cmdlet should you run next?
A. Add-AdPrincipalGroupMembership
B. Install-AddsDomainController
C. Install WindowsFeature
D. Install AddsDomain
E. Rename-AdObject
F. Set-AdAccountControl
G. Set-AdGroup
H. Set-User
Answer: C
User1 logs on to a client computer named Computer1.
You need to disable the computer account of Computer1.
E. Rename-AdObject
G. Set-AdGroup
H. Set-User
Answer: F
You reconfigure DC2 as a member server in the domain.
You need to add DC2 as the first domain controller in a new domain in the forest.
E. Rename-AdObject
G. Set-AdGroup
H. Set-User
Answer: D
the Hyper-V server role installed.
You create an external virtual switch named Switch1. Switch1 has the following
configurations:
Connection type: External network

Single-root I/O visualization (SR-IOV): Enabled
Ten virtual machines connect to Switch1.
You need to ensure that all of the virtual machines that connect to Switch1 are isolated
from the external network and can connect to each other only. The solution must minimize
network downtime for the virtual machines.
What should you do?
A. Change the Connection type of Switch1 to Internal network.

B. Change the Connection type of Switch1 to Private network.
C. Remove Switch1 and recreate Switch1 as an internal network.
D. Remove Switch1 and recreate Switch1 as a private network.
Answer: D
You have a Hyper-V host named Server1 that runs Windows Server 2012.
Server1 hosts a virtual machine named VM1 that runs Windows Server 2012.
VM1 has several snapshots.
You need to modify the snapshot file location of VM1.
What should you do?
A. Right-click VM1, and then click Export...

B. Modify the Hyper-V settings.
C. Delete the existing snapshots, and then modify the settings of VM1.
D. Shut down VM1, and then modify the settings of VM1.
Answer: A
has the Hyper-V server role installed. Server1 hosts a virtual machine named VM1.
VM1 is currently running. VM1 has a snapshot that was created two weeks ago.
You plan to use Server2 to perform a forensic analysis of the contents of the disk of VM1
from two weeks ago.
You need to ensure that you can view the contents of the disk of VM1 from two weeks ago
from Server2.
Which three actions should you perform in sequence? (To answer, move the appropriate
three actions from the list of actions to the answer area and arrange them in the correct
order.)
Answer:
contains two subnets. The subnets are configured as shown in the following table.
Server1 has the DHCP Server server role installed. Server1 is configured to lease IP
addresses to the two subnets.
You add three new printers to the Warehouse subnet. The printers have static IP
addresses. The IP addresses are consecutive.
You need to create an exclusion range that contains the IP addresses of the printers.
From which node should you configure the exclusion range?To answer, select the
appropriate node in the answer area.
Answer:
contains a single location named Site1. The domain contains a server named Server1 that
All client computers receive their IPv4 configurations dynamically.
The domain will expand to include a second location named Site2. A server named Server2
will be deployed to Site2. Site1 and Site2 will connect to each other by using a WAN link.
You need to ensure that the clients in both sites receive their IPv4 configurations from
Server1.
In the table below, identify which actions must be performed on each server. Make only
one selection in each row. Each correct selection is worth one point.
Answer:
You have a server that runs a Server Core installation of Windows Server 2012.
You need to change the DNS server used by IPv6.
What should you do?
A. From Windows PowerShell, run the Set-NetIpv6Protocol cmdlet.

B. From Sconfig, configure the Network Settings.
C. From Windows PowerShell, run the Set-DnsClientServerAddresscmdlet.
D. Run the sc.exe command and specify the config parameter.
Answer: C
You have a Hyper-V host named Server1 that runs Windows Server 2008 R2. All of the
virtual machines on Server1 use VHDs.
You install the Hyper-V server role on a server named Server2 that runs Windows Server
2012. Server2 has the same hardware configurations as Server1.
You plan to migrate the Hyper-V host from Server1 to Server2 by using the Windows
Server Migration Tools.
In the table below, identify what can be migrated by using the Windows Server Migration
Tools. Make only one selection in each row. Each correct selection is worth one point.
Answer:
You plan to create a storage pool that will contain a new volume.
You need to create a new 600-GB volume by using thin provisioning. The new volume
must use the parity layout.
What is the minimum number of 256-GB disks required for the storage pool?
A. 2
B. 3
C. 4
D. 5
Answer: B
You try to install the Microsoft .NET Framework 3.5 Features feature on Server1, but the
installation fails repeatedly.
You need to ensure that the feature can be installed on Server1.
What should you do?
A. Install the Web Server (IIS) server role.

B. Run the Add-WindowsPackagecmdlet.
C. Run the Add-AppxProvisionedPackagecmdlet.
D. Connect Server1 to the Internet.
Answer: D
Explanation: The files needed are no longer available on the local Hard drive. We need to
connect the server to the Internet.
Note:
Starting with Windows Server 2012 and Windows 8, the feature files for .NET Framework
3.5 (which includes .NET Framework 2.0 and .NET Framework 3.0) are not available on
the local computer by default. The files have been removed. Files for features that have
been removed in a Features on Demand configuration, along with feature files for .NET
Framework 3.5, are available through Windows Update. By default, if feature files are not
available on the destination server that is running Windows Server 2012 R2 Preview or
Windows Server 2012, the installation process searches for the missing files by connecting
to Windows Update. You can override the default behavior by configuring a Group Policy
setting or specifying an alternate source path during installation, whether you are installing
by using the Add Roles and Features Wizard GUI or a command line.
contains a domain controller named DC1 that has the DNS Server server role installed.
DC1 hosts an Active Directory-integrated zone for the domain. The domain contains a
member server named Server1.
You install the DNS Server server role on Server1.
You need to ensure that Server1 can respond authoritatively to queries for the existing
contoso.com namespace.
Which cmdlets should you run on each server? (To answer, drag the appropriate cmdlets
to the correct servers. Each cmdlet may be used once, more than once, or not at all. You
may need to drag the split bar between panes or scroll to view content.)
Answer:
two domains named contoso.com and child.contoso.com. The forest contains two domain
controllers. The domain controllers are configured as shown in the following table.
You need to ensure that DC2 can provide authoritative responses for queries to the
contoso.com namespace.
What should you do?
A. On DC1, create a delegation.

B. On DC1, change the replication scope of the contoso.com zone.
C. On DC2, create a forwarder.
D. On DC2, modify the Zone Transfers settings.
Answer: B
You have three servers named Server1, Server2, and DO that run Windows Server 2012.
IPv6 addresses and configurations are assigned to all of the servers by using DHCPv6.
The IPv6 routing on Server1 is shown in the following table.
You verify that Server2 can ping the IPv6 address of DC1.
You need to ensure that Server1 can ping the IPv6 address of DC1.
What command should you run on Server1? (To answer, select the appropriate options in
the answer area.)
Answer:
You are configuring the IPv6 network infrastructure for a branch office.
The corporate network administrator allocates the 2001:DB8:0:C000::/58 address space for
use in the branch office.
You need to identify the maximum number of IPv6 subnets you can create.
How many IPv6 subnets should you identify?
A. 32
B. 64
C. 128
D. 1024
Answer: B
You need to create an IPv6 reservation for Server2.
Which two values should you obtain from Server2? (Each correct answer presents part of
the solution. Choose two.)
A. the hardware ID
B. the DHCPv6 unique identifier
C. the DHCPv6 identity association ID
D. the SMSBIOS GUID
E. the MAC address
Answer: B,C
Explanation: The Add-DhcpServerv6Reservation cmdlet reserves a specified IPv6
address for the client identified by the specified Dynamic Host Configuration Protocol
(DHCP) v6 unique identifier (ID) (DUID) and identity association ID (IAID).
You have a print server named Server1.
You install a printer on Server1. You share the printer as Printer1.
You need to configure Printer1 to be available only from 19:00 to 05:00 every day.
Which settings from the properties of Printer1 should you modify?
A. Device Settings
B. Advanced
C. Security
D. Ports
E. Sharing
Answer: B
You have two servers that run Windows Server 2012. The servers are configured as shown
in the following table.
You need to ensure that Server2 can be managed by using Server Manager from Server1.
In the table below, identify which actions must be performed on Server1 and Server2. Make
only one selection in each row. Each correct selection is worth one point.
Answer:
contains two member servers named Server1 and Server2 that run Windows Server 2012.
You log on to Server1.
You need to retrieve a list of the active TCP connections on Server2.
Which command should you run from Server1?
A. winrm get server2

B. dsquery * -scope base -attrip,server2
C. winrs -r:server2netstat
D. netstat> server2
Answer: C
You have a server named Server1 that has the Print and Document Services server role
installed. You need to provide users with the ability to manage print jobs on Server1 by
using a web browser.
What should you do?

A. Start the Computer Browser service and set the service to start automatically.
B. Install the LPD Service role service.
C. Install the Internet Printing role service.
D. Start the Printer Extensions and Notifications service and set the service to start
automatically.
Answer: C
You plan to create a shared folder. The shared folder will have a quota limit.
You discover that when you run the New Share Wizard, you cannot select the SMB Share -
Advanced option.
You need to ensure that you can use SMB Share - Advanced to create the new share.
What should you do on Server1 before you run the New Share Wizard?
A. Configure the Advanced system settings.

B. Run the Install-WindowsFeaturecmdlet.
C. Run the Set-SmbSharecmdlet.
D. Install the Share and Storage Management tool.
Answer: B
Explanation: Install-WindowsFeature
Installs one or more Windows Server roles, role services, or features on either the local or
a specified remote server that is running Windows Server 2012. This cmdlet is equivalent
to and replaces Add-WindowsFeature, the cmdlet that was used to install roles, role
services, and features in Windows Server 2008 R2.

A one-way external trust exists between contoso.com and adatum.com.
Adatum.com contains a universal group named Group1.
You need to prevent Group1 from being used to provide access to the resources in
contoso.com.
What should you do?
A. Change the scope of Group1 to domain local.

B. Modify the Allowed to Authenticate permissions in adatum.com.
C. Enable SID quarantine on the trust between contoso.com and adatum.com.
D. Modify the Allowed to Authenticate permissions in contoso.com.
Answer: B
Explanation: * Accounts that require access to the customer Active Directory will be
granted a special right called Allowed to Authenticate. This right is then applied to computer
objects (Active Directory domain controllers and AD RMS servers) within the customer
Active Directory to which the account needs access.
* For users in a trusted Windows Server 2008 or Windows Server 2003 domain or forest to
be able to access resources in a trusting Windows Server 2008 or Windows Server 2003
domain or forest where the trust authentication setting has been set to selective
authentication, each user must be explicitly granted the Allowed to Authenticate permission
on the security descriptor of the computer objects (resource computers) that reside in the
trusting domain or forest.
(GPOs) to 0U1.
What should you do?
A. Add User1 to the Group Policy Creator Owners group.

B. Run the Set-GPPermissioncmdiet.
C. Modify the permission on the \\Contoso.com\SYSVOL\Contoso.com\Policies folder.
D. Run the Delegation of Control Wizard on OU1.
Answer: B
Explanation: Set-GPPermission
Grants a level of permissions to a security principal for one GPO or all the GPOs in a
domain.
Grants a level of permissions to a security principal (user, security group, or computer) for
one GPO or all the GPOs in a domain.
Your network contains an Active Directory forest named contoso.com.
The forest contains two domains named contoso.com and child.contoso.com and two sites
named Site1 and Site2. The domains and the sites are configured as shown in following
table.
When the link between Site1 and Site2 fails, users fail to log on to Site2.
You need to identify what prevents the users in Site2 from logging on to the
child.contoso.com domain.
A. the placement of the global catalog server

B. the placement of the PDC emulator
C. the placement of the infrastructure master
D. the placement of the domain naming master
Answer: A
a single domain. All servers runs Windows Server 2012.The domain contains two domain
controllers named DC1 and DC2. Both domain controllers are virtual machines on a Hyper-
V host.
You plan to create a cloned domain controller named DC3 from an image of DC1.
You need to ensure that you can clone DC1.
Choose two.)
A. Add the computer account of DC1 to the Cloneable Domain Controllers group.
B. Create a DCCIoneConfig.xml file on DC1.
C. Add the computer account of DC3 to the Cloneable Domain Controllers group.
D. Run the Enable-AdOptionalFeaturecmdlet.
E. Modify the contents of the DefaultDCCIoneAllowList.xml file on DC1.
Answer: A,B
Explanation: A: Cloneable Domain Controllers Group
There's a new group in town. It's called Cloneable Domain Controllers and you can find it in
the Users container. Membership in this group dictates whether a DC can or cannot be
cloned. This group has some permissions set on the domain head that should not be
removed. Removing these permissions will cause cloning to fail. Also, as a best practice,
DCs shouldn't be added to the group until you plan to clone and DCs should be removed
from the group once cloning is complete. Cloned DCs will also end up in the Cloneable
Domain Controllers group.
B: DCCloneConfig.xml
There's one key difference between a cloned DC and a DC that is being restored to a
previous snapshot: DCCloneConfig.XML.
DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned
DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new
DC name and more. This file can be generated in a few different ways.
The New-ADDCCloneConfigcmdlet in PowerShell

By hand with an XML editor
By editing an existing config file, again with an XML editor.
Reference: Virtual Domain Controller Cloning in Windows Server 2012
contoso.com and corp.contoso.com. All domain controllers run Windows Server 2012 and
are configured as global catalog servers.
The corp.contoso.com domain contains a domain controller named DC1.
You need to disable the global catalog on DC1.
What should you do?
A. From Active Directory Users and Computers, modify the properties of the DC1 computer
account.
B. From Active Directory Administrative Center, modify the properties of the DC1 computer
account.
C. From Active Directory Sites and Services, modify the NTDS Settings of the DC1 server
object.
D. From Active Directory Domains and Trusts, modify the properties of the
corp.contoso.com domain.
Answer: C
Your company hires 500 temporary employees for the summer.
The human resources department gives you a Microsoft Excel document that contains a list
of the temporary employees.
You need to automate the creation of user accounts for the 500 temporary employees.
Which tool or tools should you use?
A. The Set-ADUsercmdlet and the Add-Member cmdlet

B. The Import-CSV cmdlet and the New-ADUsercmdlet
C. ADSI Edit
D. Active Directory Users and Computers
Answer: B
You deploy a Server with a GUI installation of Windows Server 2012 Datacenter. From
Windows PowerShell, you run the following command: Remove-WindowsFeature Server-
Gui-Shell.
In the table below, identify which tools are available on Server1 and which tools are
unavailable on Server1.
Make only one selection in each row. Each correct selection is worth one point.
Answer:
contains two servers named Server1 and Server2. Server1 and Server2 run a Server with a
GUI installation of Windows Server 2012.
You remove the Graphical Management Tools and Infrastructure feature on Server2.
You need to restart Server2.
What should you do? (To answer, drag the appropriate tools to the correct statements.
Each tool may be used once, more than once, or not at all. You may need to drag the split
bar between panes or scroll to view content.)
Answer:
You need to create a volume that will remain online if two disks in the volume fail. The
solution must minimize the number of disks used to create the volume.
order.)
Answer:
contains a server named Server that runs Windows Server 2012.
You perform a Server Core Installation of Windows Server 2012 on a new server.
You need to ensure that you can add the new server to Server Manager on Server1.
What should you configure on the new server?To answer, select the appropriate setting in
the answer area.
Answer:
A. System Configuration
B. Local Security Policy
C. Certificate Templates
D. Computer Management
Answer: A
An administrator creates a security template named Template1.
Which snap-in should you use?
A. Security Templates
B. Authorization Manager
C. Security Configuration and Analysis
D. Resultant Set of Policy
Answer: C
The domain contains a user named User1 and three global security groups named Group1,
Group2 and, Group3.
You need to add User1 to Group1, Group2, and Group3.
B. Install- AddsDomainController
C. Install- WindowsFeature
D. Install-AddsDomain
E. Rename-AdObject
G. Set-AdGroup
H. Set-User
Answer: A
You need to ensure that User1 can manage the group membership of Group1. The solution
must minimize the number of permissions assigned to User1.
E. Rename-AdObject
G. Set-AdGroup
H. Set-User
Answer: G
You need to prevent User1 from changing his password. The solution must minimize
administrative effort.
E. Rename-AdObject
G. Set-AdGroup
H. Set-User
Answer: F
You have a Hyper-V host named Host1 that connects to a SAN by using a hardware Fibre
Channel adapter.
Host1 contains two virtual machines named VM1 and VM2.
You need to provide VM1 with direct access to the SAN. VM2 must not require access to
the SAN.
Which two configurations should you perform? (Each correct answer presents part of the
A. On VM1, configure a Fibre Channel adapter.

B. On Host1, configure a new virtual switch.
C. On VM1, add a network adapter.
D. On Host1, configure a new Virtual Fibre Channel SAN.
E. On Host1, modify the Hyper-V settings.
Answer: A,D
Explanation:
Step 1:
D: Building a Virtual SAN
The process of setting up virtual Fibre Channel starts with building a virtual SAN. The
easiest way to accomplish this is to open the Hyper-V Manager, right click on the listing for
your Hyper-V server in the console tree, and then choose the Virtual SAN Manager
command from the shortcut menu.
Step 2:
A: Once you have created a virtual SAN, the next step in the process is to link a virtual
machine to the virtual SAN. To do so, right click on the virtual machine for which you want
to provide Fibre Channel connectivity and select the Settings command from the resulting
shortcut menu.
Next, select the Add Hardware container, as shown in the figure above, and then select the
Fibre Channel Adapter option from the list of available hardware. Etc.
Note:
* Virtual Fibre Channel for Hyper-V (also referred to as Synthetic Fibre Channel) provides
VM guest operating systemswith direct access to a Fibre Channel SAN by using a standard
World Wide Name (WWN) associated with a virtual machine

V server role installed. Server1 has 8 GB of RAM.
Server1 hosts five virtual machines that run Windows Server 2012.
The settings of a virtual machine named Server3 are configured as shown in the exhibit.
You need to ensure that when Server1 restarts, Server3 automatically resumes without
intervention. The solution must prevent data loss.
Which settings should you modify?
A. BIOS
B. Automatic Start Action
C. Automatic Stop Action
D. Integration Services
Answer: C
You have a laptop named Computer1. Computer1 runs Windows 8 Enterprise.
Computer1 has a wired network adapter and a wireless network adapter. Computer1
connects to a wireless network named Network1.
For testing purposes, you install Windows Server 2012 on Computer1 as a second
operating system. You install the drivers for the wireless network adapter.
You need to ensure that you can connect to Network1 from Windows Server 2012.
What should you do?
A. From a local Group Policy object (GPO), configure the Wireless Network (IEEE 802.11)
Policies settings.
B. From a local Group Policy object (GPO), configure the settings of Windows Connection
Manager.
C. From Server Manager, install the Wireless LAN Service feature.
D. Restart the WLAN AutoConfig service.
Answer: C
You install Windows Server 2012 on a new server named Server1 and you join Server1 to
the domain.
You need to ensure that you can view processor usage and memory usage information in
Server Manager.
What should you do?

A. From Server Manager, click Configure Performance Alerts.
B. From Server Manager, click Start Performance Counters.
C. From Performance Monitor, start the System Performance Data Collector Set (DCS).
D. From Performance Monitor, create a Data Collector Set (DCS).
Answer: B
You need to modify the SAM account name of Group1.
B. Install AddsDomainControNer
E. Rename-AdObject
G. Set-AdGroup
H. Set-User
Answer: E
You have a Hyper-V host named Server1 that runs Windows Server 2012.
Server1 hosts a virtual machine named VM1 that runs Windows Server 2012.
VM1 has several snapshots.

You need to modify the snapshot file location of VM1.
What should you do?
A. Right-click VM1, and then click Export...

B. Shut down VM1, and then modify the settings of VM1.
C. Delete the existing snapshots, and then modify the settings of VM1.
D. Pause VM1, and then modify the settings of VM1.
Answer: A
Explanation: There is no need to shut down, delete, or pause.
Note:
* By default, the snapshots are stored in subfolder of the virtual machines folder called
Snapshots. You can change this setting and you can move snapshots using Live Storage
Migration.
* Storage Live Migration provides the ability to move your virtual machine storage while
your VM is running. In comparison, Storage Live Migration is similar in offering to the
VMware storage offering called vMotion. The virtual hard disks used by a virtual machine
can be moved to different physical storage while the virtual machine remains running
making it unnecessary to take a virtual machine offline to move the VMs files to different
physical storage.
The settings for a virtual machine named VM2 are configured as shown in the VM2 exhibit.
The settings for Diskl.vhdx are configured as shown in the Diskl.vhdx exhibit. (Click the
Exhibit button.)
The settings for Disk2.vhdx are configured as shown in the Disk2.vhdx exhibit. (Click the
Exhibit button.)
Answer:
A network technician installs a new disk on Server1 and creates a new volume. The
properties of the new volume are shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can enable NTFS disk quotas for volume D.
A. Install the File Server Resource Manager role service.

B. Format volume D.
C. Run the convert.exe command.
D. Convert the disk to a dynamic disk.
Answer: B
Topic 4, Volume D
contains a print server named Print1 that runs Windows Server 2012.
Print1 has 50 shared printers. Each printer is listed in Active Directory.
From Active Directory Users and Computers, you browse to Print1 and you discover that
the 50 printers are not visible.
You need to ensure that you can view the printer objects in Active Directory Users and
Computers.
Which option should you select?To answer, select the appropriate option in the answer
area.
Answer:
You have a file server named File1 that runs Windows Server 2012.
File1 contains a shared folder named Share1. Share1 contains an Application named
SalesApp1.exe.
The NTFS permissions for Share1 are shown in the following table.
The members of L_Sales discover that they cannot add files to Share1.
Domain users can run SalesApp1.exe successfully.
You need to ensure that the members of L_Sales can add files to Share1.
What should you do?

A. Add the Domain Users group to L_Sales.
B. Add L_Sales to the Domain Users group.
C. Edit the Share permissions.
D. Edit the NTFS permissions.
Answer: C
You have a file server named Server1 that runs Windows Server 2012. Server1 contains a
folder named Folder1.
A user named User1 is a member of Group1 and Group2. A user named User2 is a
member of Group2 and Group3.
You need to identify which actions the users can perform when they access the files in
Share1.
To answer, select the appropriate actions for each user in the answer area.
Answer:
contains two servers named Server1 and Server2 that run Windows Server 2012. Server1
has the Group Policy Management feature installed. Server2 has the Print and Document
Services server role installed.
On Server2, you open Print Management and you deploy a printer named Printer1 by using
a Group Policy object (GPO) named GPO1.
When you open GPO1 on Server1, you discover that the Deployed Printers node does not
appear.
You need to view the Deployed Printers node in GPO1.
What should you do?
A. On Server1, modify the Group Policy filtering options of GPO1.

B. On a domain controller, create a Group Policy central store.
C. On Server2, install the Group Policy Management feature.
D. On Server1, configure the security filtering of GPO1.
Answer: A
Explanation:
Note:
* Group Policy Management Console (GPMC) is a scriptable Microsoft Management
Console (MMC) snap-in, providing a single administrative tool for managing Group Policy
across the enterprise. GPMC is the standard tool for managing Group Policy.
* By default, a GPO affects all users and computers contained in the linked site, domain, or
OU. However, you can use Security Filtering on a GPO to modify its effect to apply only to
a specific user or the members of a security group by modifying the permissions on the
GPO. By combining Security Filtering with appropriate placement in OUs, you can target
any given set of users.
All of the App1ocker policy settings for the member servers are configured in a Group
Policy object (GPO) named GPO1.
A member server named Server1 runs Windows Server 2012.
On Server1, you test a new set of App1ocker policy settings by using a local computer
policy.
You need to merge the local App1ocker policy settings from Server1 into the App1ocker
policy settings of GPO1.
What should you do?
A. From Local Group Policy Editor on Server1, exportan .xml file. Import the .xml file by
using Group Policy Management Editor.
B. From Local Group Policy Editor on Server1, exportan .inf file. Import the .inf file by using
Group Policy Management Editor.
C. From Server1, run the Set-App1ockerPolicy cmdlet.
D. From Server1, run the New-App1ockerPolicy cmdlet.
Answer: C
Your network contains an Active Directory domain named contoso.com. You have a Group
Policy object (GPO) named GP1 that is linked to the domain. GP1 contains a software
restriction policy that blocks an Application named App1.
You have a workgroup computer named Computer1 that runs Windows 8. A local Group
Policy on Computer1 contains an Application control policy that allows App1.
You join Computer1 to the domain.
You need to prevent App1 from running on Computer1.
What should you do?
A. From Group Policy Management, add an Application control policy to GP1.

B. From Group Policy Management, enable the Enforced option on GP1.
C. In the local Group Policy of Computer1, configure a software restriction policy.
D. From Computer1, run gpupdate /force.
Answer: A
Server1 is configured as an FTP server.
Client computers use an FTP Application named App1.exe. App1.exe uses TCP port 21 as
the control port and dynamically requests a data port.
On Server1, you create a firewall rule to allow connections on TCP port 21.
You need to configure Server1 to support the client connections from App1.exe.
What should you do?
A. Run netsh firewall addportopening TCP 21 dynamicftp.

B. Create a tunnel connection security rule.
C. Create an outbound firewall rule to allow App1.exe.
D. Run netshadvfirewall set global statefulftp enable.
Answer: A
Explanation: * add portopening
Used to create a port-based exception.
The domain contains an organizational unit (OU) named OU1 as shown in the OU1 exhibit.
The membership of Group1 is shown in the Group1 exhibit. (Click the Exhibit button.)
You configure GPO1 to prohibit access to Control Panel. GPO1 is linked to OU1 as shown
in the GPO1 exhibit. (Click the Exhibit button.)
Answer:
You discover that when users join computers to the domain, the computer accounts are
created in the Computers container.
You need to ensure that when users join computers to the domain, the computer accounts
are automatically created in an organizational unit (OU) named All_Computers.
What should you do?
A. From Ldp, configure the properties of the Computers container.

B. From Windows PowerShell, run the Move-ADObjectcmdlet.
C. From ADSI Edit, configure the properties of the Computers container.
D. From a command prompt, run the redircmp.exe command.
Answer: C
Your company has a main office and four branch offices. The main office contains a server
named Server1 that runs Windows Server 2012.
The IP configuration of each office is configured as shown in the following table.
You need to add a single static route on Server1 to ensure that Server1 can communicate
with the hosts on all of the subnets.
Which command should you run?
A. route.exe add -p 192.168.0.0 mask 255.255.248.0 172.31.255.254

B. route.exe add -p 192.168.12.0 mask 255.255.252.0 172.31.255.254
C. route.exe add -p 192.168.8.0 mask 255.255.252.0 172.31.255.254
D. route.exe add -p 192.168.12.0 mask 255.255.255.0 172.31.255.254
Answer: B
Each forest contains one domain. A two-way forest trust exists between the forests.
The forests use the address spaces shown in the following table.
From a computer in the contoso.com domain, you can perform reverse lookups for the
servers in the contoso.com domain, but you cannot perform reverse lookups for the servers
in the adatum.com domain.
From a computer in the adatum.com domain, you can perform reverse lookups for the
servers in both domains.
You need to ensure that you can perform reverse lookups for the servers in the
adatum.com domain from the computers in the contoso.com domain.
A. a delegation
B. a trust point
C. a conditional forwarder
D. a GlobalNames zone
Answer: C
Server2 establishes an IPSec connection to Server1.
You need to view which authentication method was used to establish the initial IPSec
connection.
What should you do?
A. From Windows Firewall with Advanced Security, view the quick mode security
association.
B. From Event Viewer, search the Application Log for events that have an ID of 1704.
C. From Event Viewer, search the Security Log for events that have an ID of 4672.
D. From Windows Firewall with Advanced Security, view the main mode security
association.
Answer: D
You have a Group Policy object (GPO) named Server Audit Policy. The settings of the
GPO are shown in the Settings exhibit. (Click the Exhibit button.)
The scope of the GPO is shown in the Scope exhibit. (Click the Exhibit button.)
The domain contains a group named Group1. The membership of Group1 is shown in the
Group1 exhibit. (Click the Exhibit button.)
Answer:
You have a Group Policy object (GPO) named GPO1 that contains several user settings.
GPO1 is linked to an organizational unit (OU) named OU1.
The help desk reports that GPO1App1ies to only some of the users in OU1.
You open Group Policy Management as shown in the exhibit. (Click the Exhibit button.)
You need to configure GPO1 to App1y to all of the users in OU1.
What should you do?
A. Modify the Security settings of GPO1.

B. Disable Block Inheritance on OU1.
C. Modify the GPO status of GPO1.
D. Enforce GPO1.
Answer: A
Server1 is configured as an FTP server.
Client computers use an FTP Application named App1.exe. App1.exe uses TCP port 21 as
the control port and dynamically requests a data port.
On Server1, you create a firewall rule to allow connections on TCP port 21.
You need to configure Server1 to support the client connections from App1.exe.
What should you do?
A. Run netshadvfirewall set global statefulftp enable.

B. Create an inbound firewall rule to allow App1.exe.
C. Create a tunnel connection security rule.
D. Run Set-NetFirewallRule -DisplayNameDynamicFTP -Profile Domain
Answer: A
Explanation: * add portopening
Used to create a port-based exception.
On a server named Server2, you perform a Server Core Installation of Windows Server
2012. You join Server2 to the contoso.com domain.
You need to ensure that you can manage Server2 by using the Computer Management
console on Server1. What should you do on Server2?
A. Install Remote Server Administration Tools (RSAT).

B. Install Windows Management Framework.
C. Run sconfig.exe and configure remote management.
D. Run sconfig.exe and configure Remote Server Administration Tools (RSAT).
Answer: C

Your company has a main office and a sales office. The main office has 2,000 users. The
sales office has 20 users. All client computers in the sales office run Windows 8.
The sales office contains a print server named App1 that runs Windows Server 2012. App1
has a shared printer named Printer1. Printer1 connects to a network-attached print device.
You plan to connect all of the users in the sales office to Printer1 on App1.
You need to ensure that if App1 fails, the users can continue to print to Printer1.
What should you configure on App1?To answer, select the appropriate option in the
answer area.
Answer:
On Server1, an administrator creates a virtual machine named VM1.
A user named User1 is the member of the local Administrators group on Server1.
User1 attempts to modify the settings of VM1 as shown in the following exhibit. (Click the
Exhibit button.)
You need to ensure that User1 can modify the settings of VM1 by running the Set-Vm
cmdlet.
What should you instruct User1 to do?
A. Import the Hyper-V module.

B. Install the Integration Services on VM1.
C. Run Windows PowerShell with elevated privileges.
D. Modify the membership of the local Hyper-V Administrators group.
Answer: C
You have a Hyper-V host named Server1.
A technician creates a virtual machine named VM1 on Server1 by using the New Virtual
Machine Wizard.
You start VM1 and you discover that there is no option to start by using PXE.
You need to ensure that you can start VM1 by using PXE.
order.)
Answer:
You need to implement NIC teaming on Server1.

Which two network connections should you include on the NIC team? (To answer, select
the two appropriate network connections in the answer area.)
Answer:
On Server1, you open Computer Management as shown in the exhibit. (Click the Exhibit
button.)
You need to ensure that you can create a 3-TB volume on Disk 1.
A. Create a storage pool.

B. Convert the disk to a GPT disk.
C. Create a VHD, and then attach the VHD.
D. Convert the disk to a dynamic disk.
Answer: B
You have 3 server named Server1. Server1 runs a Server Core installation of Windows
Server 2012.
The local area connection on Server1 has the following configuration:
Subnet mask: 255.255.240.0
Preferred DNS server: <none>
The network contains a DNS server that has an IPv4 address of 10.1.1.200.
You need to configure Server1 to use 10.1.1.200 as the preferred DNS server. The solution
must not change any other settings on Server1.
A. sconfig.cmd
B. net.exe
C. Set-NetIPInterface
D. netsh.exe
Answer: A
Explanation: In Windows Server 2012, you can use the Server Configuration tool
(Sconfig.cmd) to configure and manage several common aspects of Server Core
installations.
Network settings
You can configure the IP address to be assigned automatically by a DHCP Server or you
can assign a static IP address manually. This option allows you to configure DNS Server
settings for the server as well.
Sconfig.cmd interface
table.
to LAN1.
What should you do?

A. Change the default gateway address.
B. Set the state of the Microsoft ISATAP Adapter #2 interface to disable.
C. Change the metric of the 10.10.1.0 route.
D. Set the state of the Teredo interface to disable.
Answer: A
The password policy for the domain is set to require a minimum password length of 10
characters.
A user named User1 and a user named User2 work for the sales department.
User1 is forced to create a domain password that has a minimum of 12 characters. User2
is forced to create a domain password that has a minimum of eight characters.
You need to identify what forces the two users to have different password lengths.
A. Credential Manager
B. Security Configuration Wizard (SCW)
C. Group Policy Management
D. Active Directory Administrative Center
Answer: D
(GPOs) to 0U1.
What should you do?
A. Modify the permission on the \\Contoso.com\SYSVOL\Contoso.com\Policies folder.

B. Run the Delegation of Control Wizard on the Policies container.
C. Run the Set-GPPermissioncmdlet.
D. Run the Delegation of Control Wizard on OU1.
Answer: D
Explanation: Delegation of Control Wizard
The following are common tasks that you can select to delegate control of them:
Manage Group Policy links
Note: More tasks:
Create, delete, and manage user accounts
Reset user passwords and force password change at next logon
Read all user information
Modify the membership of a group
Join a computer to a domain
Generate Resultant Set of Policy (Planning)
Generate Resultant Set of Policy (Logging)
Create, delete, and manage inetOrgPerson accounts
Reset inetOrgPerson passwords and force password change at next logon
Read all inetOrgPerson information

You promote Server1 to a domain controller.
You need to view the service location (SRV) records that Server1 registers in DNS.
A. Run ipconfig /displaydns.

B. Open the Netlogon.dns file.
C. Run Get-DnsServerDiagnostics.
D. Open the Srv.sys file.
Answer: B
You have a server named DHCP1 that runs Windows Server 2012. DHCP1 does not have
access to the Internet.
All roles are removed completely from DHCP1.
You mount a Windows Server 2012 installation image to the C:\Mount folder.
You need to install the DHCP Server server role on DHCP1 by using Server Manager.
Which folder should you specify as the alternate path for the source files?To answer, select
the appropriate folder in the answer area.
Answer:
You have a server named Data1 that runs a Server Core Installation of Windows Server
2012 Standard.
You need to configure Data1 to run a Server Core Installation of Windows Server 2012
Enterprise.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you perform?
A. a clean installation of Windows Server 2012

B. an offline servicing by using Dism
C. an online servicing by using Dism
D. an upgrade installation of Windows Server 2012
Answer: C
You need to enable access-based enumeration for a file share on Server1.
A. File Server Resource Manager (FSRM)

B. File Explorer
C. Share and Storage Management
D. Server Manager
Answer: D
You plan to create a shared folder. The shared folder will have a quota limit.
You discover that when you run the New Share Wizard, you cannot select the SMB Share -
Advanced option.
You need to ensure that you can use SMB Share - Advanced to create the new share.
What should you do on Server1 before you run the New Share Wizard?
A. Run the Set-SmbSharecmdlet.

B. Install the File Server Resource Manager role service.
C. Configure Dynamic Access Control and App1y a central access policy.
D. Configure the Advanced system settings.
Answer: B
A server named Server1 is configured to encrypt all traffic by using IPSec.
You need to ensure that Server1 can respond to ping requests from computers that do not
support IPSec.
What should you do?
A. From a command prompt, run netsh set global autotuninglevel = restricted

congestionprovider = ctcp.
B. From Windows Firewall with Advanced Security, exempt ICMP from IPSec.
C. From a command prompt, run netsh set global autotuninglevel-
highlyrestrictedcongestionprovider=none.
D. From Windows Firewall with Advanced Security, allow unicast responses for the Domain
Profile.
Answer: B

Your network contains an Active Directory domain. The domain contains a server named
Server28.
The computer account of Server 28 is located in an organizational unit (OU) named OU1. A
Group Policy object (GPO) named Application Restriction Policy is linked to OU1.
The settings of the GPO are configured as shown in the GPO Settings exhibit. (Click the
Exhibit button.)
The Services console on Server28 is shown in the Services exhibit. (Click the Exhibit
button.)
Answer:
You have a Hyper-V host named Server1.
Server1 hosts a virtual machine named VM1.
You view the properties of VM1 as shown in the following exhibit. (Click the Exhibit button.)
You need to configure bandwidth management for VM1.
order.)
Answer:
You plan to deploy a file server to a temporary location.
The temporary location experiences intermittent power failures.
The file server will contain a dedicated volume for shared folders.
You need to create a volume for the shared folders. The solution must minimize the
likelihood of file corruption if a power failure occurs.
Which file system should you use?
A. ReFS
B. NFS
C. NTFS
D. FAT32
Answer: D
Your company has a main office and four branch offices. The main office contains a server
named Server1 that runs Windows Server 2012.
The IP configuration of each office is configured as shown in the following table.
You need to add a single static route on Server1 to ensure that Server1 can communicate
with the hosts on all of the subnets.
A. route.exe add -p 10.10.0.0 mask 255.255.252.0 10.10.0.1

B. route.exe add -p 172.16.16.0 mask 255.255.252.0 10.10.0.1
C. route.exe add -p 10.10.0.0 mask 255.255.252.0 172.16.0.0
D. route.exe add -p 172.16.18.0 mask 255.255.252.0 10.10.0.1
Answer: B
You plan to enable Hyper-V Network Visualization on Server1.
You need to install the Windows Network Virtualization Filter Driver on Server1.
Which Windows PowerShell cmdlet should you run?
A. Set-NetVirtualizationGlobal
B. Set-NetAdapterVmq
C. Add-WindowsFeature
D. Enable-NetAdapterBinding
Answer: D

70 410 Dump4certs 336QA PDF

Uploaded by

Copyright:

Available Formats

70 410 Dump4certs 336QA PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

70 410 Dump4certs 336QA PDF

Uploaded by

Copyright:

Available Formats

www.dump4certs.

com Leading the Way to IT Certifications

Installing and Configuring Windows Server 2012

Contact : dump4certs@hotmail.com | sales@dump4certs.com | admin@dump4certs.com

Microsoft 70-410 : Practice Test

You create a virtual machine on Server1.

What should you do?

You have fixed-size VHD named Files.vhd.

The solution must meet the following requirements:

What should you do?

You need to assign a specific amount of available network bandwidth to VM1.

What should you do first?

C:\Documents and Settings\usernwz1\Desktop\1.JPG

What should you do on Core1?

A. Run the Enable-NetFirewallRulecmdlet.

Which Group Policy setting should you configure?

A. Configure slow-link mode

C:\Documents and Settings\usernwz1\Desktop\1.JPG

C:\Documents and Settings\usernwz1\Desktop\1.JPG

On Server1, you create a share named Share1.

What should you configure on Server1?

A. The Shadow Copies settings

Server1 is connected to two identical print devices.

What should you do on Server1?

A. Add two printers and configure the priority of each printer.

What should you do on Server1?

Click the Advanced tab.

C:\Documents and Settings\usernwz1\Desktop\1.JPG

What should you do first?

3. AD/DNS zone MUST be configured to allow dynamic updates, whether Secure or

This is the reg entry to cut the query to 0 TTL:

(Quoted from Alan Woods, Microsoft, 2004):

Which subnet mask should you select?

255.255.252.0 = 11111111.11111111.11111100.00000000 =>( 22 bits 1 .. 10 bits

Question No : 13 DRAG DROP - (Topic 0)

What should you identify?

Server3 is configured to obtain an IP address automatically.

A. Create an exclusion on Server1.

Enable and define an allow list and a block list.

Computer1 is configured to obtain an IP address automatically.

What should you do?

A. Disable the Allow filters.

What should you do?

What should you configure?

A. Name server (NS) records

Which Group Policy settings should you modify?

Your network contains an Active Directory domain named contoso.com.

What should you create?

A. AnApplication control policy executable rule

A. For .exe or .com

App1ocker supports only publisher rules for Packaged apps.

You have a written security policy that states the following:

Only required ports must be open on the servers.

You have a client computer named Computer1 that runs Windows 8.

The solution must adhere to the security policy.

A. On Computer1, create a connection security rule.

What should you configure?

A. The Security settings of Employees

C:\Documents and Settings\usernwz1\Desktop\1.JPG