Q31. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
When a domain user named User3 attempts to log on to a client computer named Client10, User3 receives the message shown in the following exhibit. (Click the Exhibit button.)
You need to ensure that User3 can log on to Client10.
What should you do?
A. From Active Directory Users and Computers, configure the Logon Workstations setting of User3.
B. On Client10, modify the Allow log on locally User Rights Assignment.
C. From Active Directory Users and Computers, configure the Personal Virtual Desktop property of User3.
D. On Client10, modify the Deny log on locally User Rights Assignment.
Answer: A
Q32. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. The domain contains a virtual machine named VM1.
A developer wants to attach a debugger to VM1.
You need to ensure that the developer can connect to VM1 by using a named pipe.
Which virtual machine setting should you configure?
A. BIOS
B. Network Adapter
C. COM 1
D. Processor
Answer: C
Explanation:
Named pipe. This option connects the virtual serial port to a Windows named pipe on the host operating system or a computer on the network. A named pipe is a portion of memory that can be used by one process to pass information to another process, so that the output of one is the input of the other. The second process can be local (on the same computer as the first) or remote (on a networked computer). For example, a local named pipe path could be \\.\pipe\mypipename. Named pipes can be used to create a virtual null modem cable between two virtual machines, or between a virtual machine and a debugging program on the host operating system that supports the use of named pipes. By connecting two virtual serial ports to the same named pipe, you can create a virtual null modem cable connection. Named pipes are useful for debugging or for any program that requires a null modem connection.
Named pipes can be used to connect to a virtual machine by configuring COM 1.
References: http://support.microsoft.com/kb/819036 http://support.microsoft.com/kb/141709
Q33. - (Topic 3)
You work as a senior administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 installed.
You are running a training exercise for junior administrators. You are currently discussing spanned volumes.
Which of the following is TRUE with regards to spanned volumes? (Choose all that apply.)
A. Spanned volumes do not provide fault tolerance.
B. Spanned volumes are a fault tolerant solution.
C. You can extend a spanned volume onto a maximum of 16 dynamic disks.
D. You cannot create a spanned volume using a system volume or boot volume.
Answer: A,D
Explanation:
A spanned volume is a dynamic volume consisting of disk space on more than one physical disk. If a simple volume is not a system volume or boot volume, you can extend it across additional disks (up to 32 total) to create a spanned volume, or you can create a spanned volume in unallocated space on a dynamic disk. You need at least two dynamic disks in addition to the startup disk to create a spanned volume. You can extend a spanned volume onto a maximum of 32 dynamic disks. Spanned volumes are not fault tolerant.
Q34. HOTSPOT - (Topic 3)
You have a DNS server named Server1. Server1 runs Windows Server 2012 R2. The network ID is 10.1.1.0/24. An administrator creates several reverse lookup zones. You need to identify which reverse lookup zone is configured correctly. Which zone should you identify? To answer, select the appropriate zone in the answer area.
Answer:
Q35. - (Topic 2)
Your network contains an Active Directory domain named contoso.com.
An organizational unit (OU) named OU1 contains user accounts and computer accounts.
A Group Policy object (GPO) named GP1 is linked to the domain.GP1 contains Computer Configuration settings and User Configuration settings.
You need to prevent the User Configuration settings in GP1 from being applied to users. The solution must ensure that the Computer Configuration settings in GP1 are applied to all client computers.
What should you configure?
A. The GPO Status
B. The Block Inheritance feature
C. The Group Policy loopback processing mode
D. The Enforced setting
Answer: C
Explanation:
A loopback with merge option needs to be used.
Q36. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2 and a client computer named Computer1 that runs Windows 8. DC1 is configured as a DHCP server as shown in the exhibit. Computer1 is configured to obtain an IP address automatically.
You need to ensure that Computer1 can receive an IP address from DC1.
What should you do?
A. Disable the Allow filters.
B. Disable the Deny filters
C. Activate Scope [10.1.1.0] Contoso.com.
D. Authorize dc1.contoso.com.
Answer: D
Explanation:
A red down arrow indicates an unauthorized DHCP server. A DHCP server that is a domain controller or a member of an Active Directory domain queries Active Directory for the list of authorized servers (identified by IP address). If its own IP address is not in the list of authorized DHCP servers, the DHCP Server service does not complete its startup sequence and automatically shuts down.
Q37. - (Topic 3)
Your network contains two Active Directory forests named contoso.com and adatum.com. All servers run Windows Server 2012 R2. A one-way external trust exists between contoso.com and adatum.com.
Adatum.com contains a universal group named Group1. You need to prevent Group1 from being used to provide access to the resources in contoso.com.
What should you do?
A. Change the scope of Group1 to domain local.
B. Modify the Allowed to Authenticate permissions in adatum.com.
C. Enable SID quarantine on the trust between contoso.com and adatum.com.
D. Modify the Allowed to Authenticate permissions in contoso.com.
Answer: D
Explanation:
* Accounts that require access to the customer Active Directory will be granted a special right called Allowed to Authenticate. This right is then applied to computer objects (Active Directory domain controllers and AD RMS servers) within the customer Active Directory to which the account needs access.
* For users in a trusted Windows Server 2008 or Windows Server 2003 domain or forest to be able to access resources in a trusting Windows Server 2008 or Windows Server 2003 domain or forest where the trust authentication setting has been set to selective authentication, each user must be explicitly granted the Allowed to Authenticate permission on the security descriptor of the computer objects (resource computers) that reside in the trusting domain or forest.
Q38. HOTSPOT - (Topic 3)
Your network contains a server named Server1 that runs Windows Server 2012 R2. App1
has the Print and Document Services server role installed.
All client computers run Windows 8.
The network contains a network-attached print device named Printer1.
From App1, you share Printer1.
You need to ensure that users who have connected to Printer1 previously can print to
Printer1 if App1 fails.
What should you configure? To answer, select the appropriate option in the answer area.
Answer:
Q39. - (Topic 3)
Your network contains an Active Directory forest that contains two domains. The forest contains five domain controllers. The domain controllers are configured as shown in the following table.
You need to configure DC5 as a global catalog server. Which tool should you use?
A. Active Directory Domains and Trusts
B. Active Directory Users and Computers
C. Active Directory Administrative Center
D. Active Directory Sites and Services
Answer: D
Explanation:
If you have more than one domain in your forest and you have a significant user population in a site, you can optimize the speed and efficiency of domain logons and directory searches by adding a global catalog server to the site. If you have a single-domain forest, global catalog servers are not required for logons, but directory searches are directed to the global catalog. In this case, you can enable the global catalog on all domain controllers for faster directory searches. You can use the same user interface (UI) in the Active Directory Sites and Services snap-in to add or remove the global catalog. Enabling the global catalog can cause additional replication traffic. However, global catalog removal occurs gradually in the background and does not affect replication or performance. Membership in the Enterprise Admins group in the forest or the Domain Admins group in the forest root domain, or equivalent, is the minimum required to complete this procedure. To add or remove the global catalog Open Active Directory Sites and Services. To open Active Directory Sites and Services, click Start, click Administrative Tools, and then click Active Directory Sites and Services. To open Active Directory Sites and Services in Windows Server 2012, click Start , type dssite.msc. In the console tree, click the server object to which you want to add the global catalog or from which you want to remove the global catalog. Where? Active Directory Sites and Services\Sites\SiteName\Servers In the details pane, right-click NTDS Settings of the selected server object, and then click Properties. Select the Global Catalog check box to add the global catalog, or clear the check box to remove the global catalog. Global catalog servers and sites. To optimize network performance in a multiple-site environment, consider adding global catalog servers in sites according to the needs in the sites for fast search responses and domain logons. It is recommended to make all domain controllers be global catalog severs if possible. In a single-site, multiple-domain environment, a single global catalog server is usually sufficient to cover common Active Directory queries and logons.
Q40. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You need to ensure that the local administrator account on all computers is renamed to L.Admin.
Which Group Policy settings should you modify?
A. Restricted Groups
B. Security Options
C. User Rights Assignment
D. Preferences
Answer: B
Explanation:
In Group Policy Object Editor, click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click Security Options. In the details pane, double-click Accounts: Rename administrator account. The Security Options node includes security settings regarding interactive logon, digital signing of data, restrictions of access to floppy and CD-ROM drives, unsigned driver installations as well as logon dialog box behavior. This category also includes options to configure authentication and communication security within Active Directory.