Installing and Configuring Windows Server 2012
Question No: 211 – (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains 500 servers that run Windows Server 2012 R2.
You have a written security policy that states the following:
->Only required ports must be open on the servers.
->All of the servers must have Windows Firewall enabled.
->Client computers used by administrators must be allowed to access all of the ports on all of the servers.
->Client computers used by the administrators must be authenticated before the client computers can access the servers.
You have a client computer named Computer1 that runs Windows 8.
You need to ensure that you can use Computer1 to access all of the ports on all of the servers successfully. The solution must adhere to the security policy.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
On Computer1, create a connection security rule.
On all of the servers, create an outbound rule and select the Allow the connection if it is secure option.
On all of the servers, create an inbound rule and select the Allow the connection if it is secure option.
On Computer1, create an inbound rule and select the Allow the connection if it is secure option.
On Computer1, create an outbound rule and select the Allow the connection if it is secure option.
On all of the servers, create a connection security rule.
Answer: A,C,F Explanation:
Unlike firewall rules, which operate unilaterally, connection security rules require that both communicating computers have a policy with connection security rules or another compatible IPsec policy.
Traffic that matches a firewall rule that uses the Allow connection if it is secure setting bypasses Windows Firewall. The rule can filter the traffic by IP address, port, or protocol. This method is supported on Windows Vista or Windows Server 2008.
Question No: 212 – (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains three member servers.
The servers are configured as shown in the following table.
All client computers run Windows 8. All client computers receive updates from Server2.
On Server3, you add a shared printer named Printer1. Printer1 uses a Type 4 driver that is not included in the Windows 8 installation media.
You need to ensure that when users connect to the printer for the first time, the printer driver is installed automatically on their client computer.
What should you do?
From the Windows Deployment Services console on Server1, add the driver package for Printer1.
From the Update Services console on Server2, import and approve updates.
From Windows PowerShell on Server3, run the Add-PrinterDriver cmdlet.
From the Print Management console on Server3, add additional drivers for Printer1.
Question No: 213 – (Topic 3)
Your network contains an Active Directory domain named contoso.com.
You have a starter Group Policy object (GPO) named GPO1 that contains more than 100 settings.
You need to create a new starter GPO based on the settings in GPO1.
You must achieve this goal by using the minimum amount of administrative effort. What should you do?
Run the New-GPStarterGPO cmdlet and the Copy-GPO cmdlet.
Create a new starter GPO and manually configure the policy settings of the starter GPO.
Right-click GPO1, and then click Back Up. Create a new starter GPO. Right-click the new GPO, and then click Restore from Backup.
Right-click GPO1, and then click Copy. Right-click Starter GPOs, and then click Paste.
Answer: B Explanation:
Although GPOs and Starter GPOs can both be copied, and a Starter GPO can be used to create a new GPO (as that is their purpose), an existing GPO cannot be copied to a new Starter GPO (unfortunately).
Question No: 214 DRAG DROP – (Topic 3)
You have a print server named Server1Server1 runs Windows Server 2008 R2. You have a file server named Server2. Server2 runs Windows Server 2012 R2.
You need to migrate all of the printers on Server1 to Server2. Which actions should you perform on the servers?
To answer, drag the appropriate action to the correct servers in the answer area. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Question No: 215 – (Topic 3)
Your network contains an Active Directory domain named contoso.com. The network contains a domain controller named DC1 that has the DNS Server server role installed. DC1 has a standard primary DNS zone for contoso.com.
You need to ensure that only client computers in the contoso.com domain will be able to add their records to the contoso.com zone.
What should you do first?
Sign the contoso.com zone.
Modify the Security settings of DC1.
Modify the Security settings of the contoso.com zone.
Store the contoso.com zone in Active Directory.
Answer: D Explanation:
Only Authenticated users can create records when zone is stored in AD.
Secure dynamic updates allow an administrator to control what computers update what names and prevent unauthorized computers from overwriting existing names in DNS.
Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 6: Network Administration, Lesson 2: Implementing DNSSEC, p. 237 http://technet.microsoft.com/en-us/library/cc731204(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc755193.aspx
Question No: 216 – (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You need to configure a central store for the Group Policy Administrative Templates.
What should you do on DC1?
From Server Manager, create a storage pool.
From Windows Explorer, copy the PolicyDefinitions folder to the SYSVOL\contoso.com\policies folder.
From Server Manager, add the Group Policy Management feature
From Windows Explorer, copy the PolicyDefinitions folder to the NETLOGON share.
Create Disk Storage Pool
PolicyDefinitions folder in SYSVOL
Group Policy Management is a console for GPO Mgmt
Folder is for logon scripts
Policy Definitions folder within the SYSVOL folder hierarchy. By placing the ADMX files in this directory, they are replicated to every DC in the domain; by extension, the ADMX- aware Group Policy Management Console in Windows Vista, Windows 7, Windows Server 2008 and R2 can check this folder as an additional source of ADMX files, and will report them accordingly when setting your policies.
By default, the folder is not created. Whether you are a single DC or several thousand, I would
Strongly recommend you create a Central Store and start using it for all your ADMX file storage. It really does work well.
The Central Store
To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain. To create a Central Store for .admx and .adml files, create a folder that is named Policy Definitions in the following location:
Question No: 217 – (Topic 3)
Your network contains an Active Directory domain named adatum.com. The computer accounts for all member servers are located in an organizational unit (OU) named Servers. You link a Group Policy object (GPO) to the Servers OU.
You need to ensure that the domain’s Backup Operators group is a member of the local Backup Operators group on each member server. The solution must not remove any groups from the local Backup Operators groups.
What should you do?
Add a restricted group named adatum\Backup Operators. Add Backup Operators to the This group is a member of list.
Add a restricted group named adatum\Backup Operators. Add Backup Operators to the Members of this group list.
Add a restricted group named Backup Operators. Add adatum\Backup Operators to the This group is a member of list.
Add a restricted group named Backup Operators. Add adatum\Backup Operators to the Members of this group list.
Question No: 218 – (Topic 3)
Your network contains an Active Directory forest named contoso.com. The forest contains a child domain named corp.contoso.com.
The network has Microsoft Exchange Server 2010 deployed. You need to create a mail-enabled distribution group.
Which type of group should you create?
Answer: D Explanation:
Universal groups Groups that are used to grant permissions on a wide scale throughout a domain tree or forest. Members of global groups include accounts and groups from any domain in the domain tree or forest.
Microsoft Exchange Server 2007: Implementation and Administration. By Jim McBee, Benjamin Craig page 248: Only universal groups should be used as mail-enabled groups.
Question No: 219 – (Topic 3)
You have external virtual switch with srv-io enabled with 10 Virtual Machines on it. You need to make the Virtual Machines able to talk only to each other.
remove the vswitch and recreate it as private.
add new vswitch
remove vswitch and recreate it as public
adjust srv-io settings
Answer: A Explanation:
You cannot change the settings of a vswitch with SR-IOV enabled, so you must delete it and recreate it.
Question No: 220 – (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has five network adapters. Three of the network adapters are connected to a network named LAN1. The two other network adapters are connected to a network named LAN2.
You need to create a network adapter team from the three network adapters connected to LAN1.
Which tool should you use?
Routing and Remote Access
Network and Sharing Center
Network Load Balancing Manager
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|