Q131. HOTSPOT
Your network contains an Active Directory domain named contoso.com.
You have a failover cluster named Cluster1 that contains two nodes named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed.
You plan to create two virtual machines that will run an application named App1. App1 will store data on a virtual hard drive named App1data.vhdx. App1data.vhdx will be shared by both virtual machines.
The network contains the following shared folders:
An SMB file share named Share1 that is hosted on a Scale-Out File Server. An SMB file share named Share2 that is hosted on a standalone file server. An NFS share named Share3 that is hosted on a standalone file server.
You need to ensure that both virtual machines can use App1data.vhdx simultaneously.
What should you do?
To answer, select the appropriate configurations in the answer area.
Answer:
Q132. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 has access to four physical disks. The disks are configured as shown in the following table.
You need to ensure that all of the disks can be added to a Cluster Shared Volume (CSV).
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Format Disk2 to use NTFS.
B. Format Disk3 to use NTFS.
C. Enable BitLocker on Disk4.
D. Disable BitLocker on Disk1.
Answer: A,D
Explanation:
A. In Windows Server 2012 R2, a disk or storage space for a CSV volume must be a basic disk that is partitioned with NTFS or ReFS, but you cannot use a disk for a CSV that is formatted with FAT or FAT32.
D. CSV supports bitlocker, but you would have to enable it on all nodes in the cluster. Therefore we need to disable bitlocker on Disk1.
Incorrect:
Not B. ReFS would work fine. In Windows Server 2012 R2, a disk or storage space for a
CSV volume must be a basic disk that is partitioned with NTFS or ReFS.
Not C. Bitlocker must be enabled on all disks for it to work for a CSV.
Reference: Use Cluster Shared Volumes in a Failover Cluster
https://technet.microsoft.com/en-us/library/jj612868.aspx
Reference: How to Configure BitLocker Encrypted Clustered Disks in Windows Server
2012
http://blogs.msdn.com/b/clustering/archive/2012/07/20/10332169.aspx
Q133. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the DNS Server server role installed.
The network contains client computers that run either Linux, Windows 7, or Windows 8.
You have a standard primary zone named adatum.com as shown in the exhibit. (Click the Exhibit button.)
You plan to configure Name Protection on all of the DHCP servers.
You need to configure the adatum.com zone to support Name Protection.
Which two configurations should you perform from DNS Manager? (Each correct answer presents part of the solution. Choose two.)
A. Sign the zone.
B. Store the zone in Active Directory.
C. Modify the Security settings of the zone.
D. Configure Dynamic updates.
E. Add a DNS key record
Answer: B,D
Explanation:
Name protection requires secure update to work. Without name protection DNS names may be hijacked.
You can use the following procedures to allow only secure dynamic updates for a zone.
Secure dynamic update is supported only for Active Directory–integrated zones. If the zone type is configured differently, you must change the zone type and directory-integrate the zone before securing it for Domain Name System (DNS) dynamic updates.
1. (B) Convert primary DNS server to Active Directory integrated primary
2. (D) Enable secure dynamic updates
Reference: DHCP: Secure DNS updates should be configured if Name Protection is enabled on any IPv4 scope
http://technet.microsoft.com/en-us/library/ee941152(v=ws.10).aspx
Q134. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA).
The domain contains a server named Server1 that runs Windows Server 2012 R2. You install the Active Directory Federation Services server role on Server1.
You plan to configure Server1 as an Active Directory Federation Services (AD FS) server. The Federation Service name will be set to adfs1.contoso.com.
You need to identify which type of certificate template you must use to request a certificate for AD FS.
Answer:
Q135. You create a new virtual disk in a storage pool by using the New Virtual Disk Wizard. You discover that the new virtual disk has a write-back cache of 1 GB.
You need to ensure that the virtual disk has a write-back cache of 5 GB.
What should you do?
A. Detach the virtual disk, and then run the Resize-VirtualDisk cmdlet.
B. Detach the virtual disk, and then run the Set-VirtualDisk cmdlet.
C. Delete the virtual disk, and then run the New-StorageSubSystemVirtualDisk cmdlet.
D. Delete the virtual disk, and then run the New-VirtualDisk cmdlet.
Answer: D
Explanation:
So what about changing the cache size? Well, you can't modify the cache size, but you can specify it at the time that you create a new virtual hard disk. In order to do so, you have to use Windows PowerShell.
New-VirtualDisk –StoragePoolFriendlyName "<storage pool name>" –FriendlyName "<v
Reference: Using Windows Server 2012's SSD Write-Back Cache
Q136. HOTSPOT
Your network contains an Active Directory forest.
You implement Dynamic Access Control in the forest.
You have the claim types shown in the Claim Types exhibit. (Click the Exhibit button.)
The properties of a user named User1 are configured as shown in the User1 exhibit. (Click the Exhibit button.)
The output of Whoami /claims for a user named User2 is shown in the Whoami exhibit. (Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise select No. Each correct selection is worth one point.
Answer:
Q137. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a member server named Server1. Server1
has the IP Address Management (IPAM) Server feature installed.
On Dc1, you configure Windows Firewall to allow all of the necessary inbound ports for
IPAM.
On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can use IPAM on Server1 to manage DNS on DC1.
What should you do?
A. Modify the outbound firewall rules on Server1.
B. Modify the inbound firewall rules on Server1.
C. Add Server1 to the Remote Management Users group.
D. Add Server1 to the Event Log Readers group.
Answer: D
Explanation:
To access configuration data and server event logs, the IPAM server must be a member of the domain IPAM Users Group (IPAMUG). The IPAM server must also be a member of the Event Log Readers security group.
Note: The computer account of the IPAM server must be a member of the Event Log Readers security group.
Reference: Manually Configure DC and NPS Access Settings. http://technet.microsoft.com/en-us/library/jj878317.aspx http://technet.microsoft.com/en-us/library/jj878313.aspx
Q138. You have a DNS server named Server1 that runs Windows Server 2012 R2. Server1 has the zones shown in the following output.
You need to delegate permissions to modify the records in the adatum.com zone to a group named Group1.
What should you do first?
A. Enable the distribution of the trust anchors for adatum.com.
B. Unsign adatum.com.
C. Store adatum.com in Active Directory.
D. Update the server data file for adatum.com.
Answer: A
Explanation: From the exhibit we see that the adatum.com zone is signed.
A trust anchor (or trust “point”) is a public cryptographic key for a signed zone. Trust
anchors must be configured on every non-authoritative DNS server that will attempt to
validate DNS data. You cannot distribute trust anchors until after a zone is signed.
Reference: Trust Anchors
https://technet.microsoft.com/en-us/library/dn593672.aspx
Q139. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Rights Management Services server role installed.
The domain contains a domain local group named Group1.
You create a rights policy template named Template1. You assign Group1 the rights to Template1.
You need to ensure that all the members of Group1 can use Template1.
What should you do?
A. Configure the email address attribute of Group1.
B. Convert the scope of Group1 to global.
C. Convert the scope of Group1 to universal.
D. Configure the email address attribute of all the users who are members of Group1.
Answer: D
Explanation:
Explanation/Reference: When a user or group is created in Active Directory, the mail attribute is an optional attribute that can be set to include a primary email address for the user or group. For AD RMS to work properly, this attribute must be set because all users must have an email attribute to protect and consume content.
Reference: AD RMS Troubleshooting Guide http://social.technet.microsoft.com/wiki/contents/articles/13130.ad-rms-troubleshooting-guide.aspx
Q140. Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
Server1 and Seiver2 are nodes in a Network Load Balancing (NLB) cluster. The NIB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com.
You plan to perform maintenance on Server1.
You need to ensure that all new connections to App1 are directed to Server2. The solution must not disconnect the existing connections to Server1.
What should you run?
A. The Stop-NlbCluster cmdlet
B. The nlb.exe stop command
C. The Suspend-NlbCluster cmdlet
D. The nlb.exe suspend command
Answer: A
Explanation:
The Stop-NlbClusterNode cmdlet stops a node in an NLB cluster. When you use the stop the nodes in the cluster, client connections that are already in progress are interrupted. To avoid interrupting active connections, consider using the -drain parameter, which allows the node to continue servicing active connections but disables all new traffic to that node.