70-411 - MCSA: Administering Windows Server 2012 - Exam 5

Mike M
Quiz by Mike M, updated more than 1 year ago
Mike M
Created by Mike M almost 3 years ago
49
0

Description

This exam measures your ability to accomplish the technical tasks listed below: Deploy, Manage, and Maintain Servers Configure File and Print Services Configure Network Services and Access Configure a Network Policy Server Infrastructure Configure and Manage Active Directory Configure and Manage Group Policy

Resource summary

Question 1

Question
Your network contains AD named contoso.com. The domain contains RADIUS server named Server1 that runs Windows Server 2012. You add a VPN server named Server2 to the network. On Server1, you created several network policies. You need to configure Server1 to accept authentication requests from Server2. Which tool should you use on Server1?
Answer
  • Set-RemoteAccessRadius
  • CMAK
  • NPS
  • Routing and Remote Access

Question 2

Question
How to configure IIS to accept the authentication kerberos or ntlm?
Answer
  • cscript adsutil.vbs set w3svc/Website/root/NTAuthenticationProviders "Negotiate,NTLM"
  • cscript adsutil.vbs set w3svc/Website/root/NTAuthenticationProviders "NTLM"
  • cscript adsutil.vbs set w3svc/Website/root/NTAuthenticationProviders "Negotiate

Question 3

Question
You have a server that runs Windows Server 2012. You have an offline image named Windows2012.vhd that contains an installation of Windows Server 2012. You plan to apply several updates to Windows2012.vhd. You need to mount Windows2012.vhd to H:\. Which tool should you use?
Answer
  • Device Manager
  • Diskpart
  • Mountvol
  • Server Manager

Question 4

Question
Your network contains an Active Directory domain named contoso.com. The domain contains client computers that run either Windows XP, Windows 7, or Windows 8. Network Policy Server (NPS) is deployed to the domain. You plan to create a system health validator (SHV). You need to identify which policy settings can be applied to all of the computers. Which three policy settings should you identify? (Each correct answer presents part of the solution. Choose three.)
Answer
  • A firewall is enabled for all network connections
  • An antispyware application is on
  • Automatic updating is enabled
  • Antivirus is up to date
  • Antispyware is up to date

Question 5

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a RADIUS server named Server1 that runs Windows Server 2012. You add a VPN server named Server2 to the network. On Server1, you create several network policies. You need to configure Server1 to accept authentication requests from Server2. Which tool should you use on Server1?
Answer
  • Add-RemoteAccessRadius
  • New-NPSRadiusClient
  • Remote Access Management Console
  • Routing and Remote Access

Question 6

Question
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012. The domain contains two domain controllers. DC1 is a physical server and has a daily task to snapshot Active Directory. DC2 is a Hyper-V virtual machine that has a daily task to snapshot of the VM and daily systemstate backups. You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago. You need to restore the membership of Group1. What should you do?
Answer
  • Apply a virtual machine snapshot to VM1
  • Perform an authorative restore
  • Perform a non-authorative restore
  • Perform tombstone reanimation

Question 7

Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain. Two Group Policy objects (GPOs) named GPO1 and GP02 are created. GPO1 is linked to OU1. GPO2 is linked to OU2. OU1 contains a client computer named Computer1. OU2 contains a user named User1. You need to ensure that the GPOs applied to Computer1 are applied to User1 when User1 logs on. What should you configure?
Answer
  • Block Inheritance
  • Group Policy loopback processing mode
  • Item-level targeting
  • WMI Filtering

Question 8

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012. You mount an Active Directory snapshot on DC1. You need to expose the snapshot as an LDAP server. Which tool should you use?
Answer
  • adsi edit
  • ntdsutil
  • dsamain
  • ldp

Question 9

Question
You have a server named Server1 that has a Server Core Installation on Windows Server 2012. You need to view the time-to-live (TTL) value of a host name that is cached on Server1. What should you run?
Answer
  • dnscacheugc.exe
  • ipconfig.exe /displaydns
  • nslookup.exe
  • Show-DNSServerCache

Question 10

Question
The contoso.com domain contains a a DNS server named Server1 that host a primary zone. Server2 contains a a secondary zone for the contoso.com domain You need to configure how long Server2 queries Server1 to renew the zone. What should you configure?
Answer
  • Retry interval
  • Minimum TTL
  • Refresh Interval
  • Authority Record

Question 11

Question
You are a network administrator of an Active Directory domain named contoso.com. You have a server named Server1 that runs Windows Server 2012. Server1 has the DHCP Server server role and the Network Policy Server role service installed. You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1. You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP clients. Which criteria should you specify when you create the DHCP policy?
Answer
  • The relay agent information
  • The user class
  • The vendor class
  • The client identifier

Question 12

Question
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server. The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP scope for each subnet. You need to ensure that noncompliant computers on Subnet1 receive different network policies than noncompliant computers on Subnet2. Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)
Answer
  • The NAP-Capable Computers conditions
  • The NAS Port Type constraints
  • The Health Policies conditions
  • The MS-Service Class conditions
  • The Called Station ID constraints

Question 13

Question
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012. The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link. Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com. You need to configure Server1 to resolve names in fabrikam.com. The solution must NOT require that changes be made to the fabrikam.com zone on Server2. What should you create?
Answer
  • A secondary zone
  • A stub zone
  • A trust anchor
  • A zone delegation

Question 14

Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. One of the domain controllers is named DC1. The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings. A server named Server1 is a DNS server that runs a UNIX-based operating system. You plan to use Server1 as a secondary DNS server for the contoso.com zone. You need to ensure that Server1 can host a secondary copy of the contoso.com zone. What should you do?
Answer
  • From Windows PowerShell, run the Set-DNSServerForwarder cmdlet and specify the contoso.com zone as a target.
  • From Windows PowerShell, run the Set-DNSServerSetting cmdlet and specify DC1 as the target
  • From Windows PowerShell, run the Set-DNSServerPrimaryZone cmdlet and specify the contoso.com zone as a target.
  • From DNS Manager, modify the Advanced settings of DC1

Question 15

Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1. You make a change to GPO1. You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort. Which tool should you use?
Answer
  • Secedit command
  • Set-ADComputer cmdlet
  • Active Directory Users and Computers
  • Invoke-GPUpdate cmdlet

Question 16

Question
Your network contains an Active Directory domain named adatum.com. You have a standard primary zone named adatum.com. You need to provide a user named User1 the ability to modify records in the zone. Other users must be prevented from modifying records in the zone. What should you do first?
Answer
  • From the properties of the zone, modify the start of authority (SOA) record
  • Run the Zone Signing Wizard for the zone
  • Run the New Delegation Wizard for the zone
  • From the properties of the zone, change the zone type

Question 17

Question
Your network contains two Active Directory domains named contoso.com and adatum.com. The contoso.com domain contains a server named Server1.contoso.com. The adatum.com domain contains a server named server2.adatum.com. Server1 and Server2 run Windows Server 2012 and have the DirectAccess and VPN (RRAS) role service installed. Server1 has the default network policies and the default connection request policies. You need to configure Server1 to perform authentication and authorization of VPN connection requests to Server2. Only users who are members of Adatum\Group1 must be allowed to connect. Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)
Answer
  • Network policies
  • Connection request policies
  • Create a network policy
  • Create a connection request policy

Question 18

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 has the following role services installed: DirectAccess and VPN (RRAS) Network Policy Server Remote users have client computers that run either Windows XP, Windows 7, or Windows 8. You need to ensure that only the client computers that run Windows 7 or Windows 8 can establish VPN connections to Server1. What should you configure on Server1?
Answer
  • A vendor-specific RADIUS attribute of a Network Policy Server (NPS) connection request policy
  • A condition of a Network Policy Server (NPS) network policy
  • A condition of a network Policy Server (NPS) connection request policy
  • A constraint of a Network Policy Server (NPS) network policy

Question 19

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 has a drive named E that is encrypted by using BitLocker Drive Encryption (BitLocker). A recovery key is stored on drive C. Drive E becomes locked. When you attempt to use the recovery key, you receive the following error message. You need to access the data stored on drive E. What should you run first?
Answer
  • manage-bde -protectors get e:
  • manage-bde -unlock e: -recoverykey C:\
  • disable-bitlocker -mountpoint E:
  • unlock-bitlocker -mountpoint e: -recoverykeypath C:

Question 20

Question
Your network contains an Active Directory domain named contoso.com. All user accounts reside in an organizational unit (OU) named OU1. You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user. You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop. You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again. What should you do?
Answer
  • Modify the Link1 shortcut preference of GPO1
  • Enable loopback processing of GPO1
  • Enforce GPO1
  • Modify the Security Filtering settings of GPO1

Question 21

Question
Your network contains an Active Directory forest named contoso.com. The forest contains two sites named Main and Branch. The Main site contains 400 desktop computers and the Branch site contains 150 desktop computers. All of the desktop computers run Windows 8. In Main, the network contains a member server named Server1 that runs Windows Server 2012. You install the Windows Server Update Services server role on Server1. You need to ensure that Windows updates obtained from Windows Server Update Services (WSUS) are the same for the computers in each site. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?
Answer
  • From the Update Services console, create computer groups
  • From the Update Services console, configure the Computers options
  • From the Group Policy Management console, configure the Windows Update Settings
  • From the Group Policy Management console, configure the Windows Anytime Upgrade settings
  • From the Update Services console, configure the Synchronization Schedule options

Question 22

Question
Your network contains an Active Directory forest named contoso.com. The domain contains three servers. The servers are configured as shown in the following table. You plan to implement the BitLocker Drive Encryption (BitLocker) Network Unlock feature. You need to identify which server role must be deployed to the network to support the planned implementation. Which role should you identify?
Answer
  • Network Policy and Access Services
  • Volume Activation Services
  • Active Directory Rights Management Services
  • Windows Deployment Services

Question 23

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Print1. Your company implements DirectAccess. A user named User1 frequently works at a customer's office. The customer's office contains a print server named Print1. While working at the customer's office, User1 attempts to connect to Print1. User1 connects to the Print1 server in contoso.com instead of the Print1 server at the customer's office. You need to provide User1 with the ability to connect to the Print1 server in the customer's office. Which Group Policy option should you configure?
Answer
  • Corporate Resources
  • Custom Commands
  • IPsec Tunnel Endpoints
  • Friendly Name
  • Prefer Local Names Allowed
  • Direct Access Passive Mode
  • User Interface
  • Support Email Address

Question 24

Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012. DC10 is currently a member of a workgroup. You plan to promote DC10 to a read-only domain controller (RODC). You need to ensure that a user named Contoso\User1 can promote DC10 to a RODC in the contoso.com domain. The solution must minimize the number of permissions assigned to User1. What should you do?
Answer
  • From ntdsutil, run the local roles command
  • From Active Directory Users and Computers, pre-create a RODC computer account
  • From Active Directory User and Computers, run the Delegation of Control Wizard on the contoso.com domain object
  • Join DC10 to the domain, Modify the properties of the DC10 computer account.

Question 25

Question
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. All domain controllers run Windows Server 2012. The domain contains four domain controllers. The domain controllers are configured as shown . You open Active Directory Users and Computers on a client computer and connect to DC1. You display the members of a group named Group1 as shown. When you view the properties of a user named User102, you receive the error message shown. The error message does not display for any other members of Group1. You need to identify which domain controller causes the issue shown in the error message. Which domain controller should you identify?
Answer
  • DC1
  • DC2
  • DC10
  • DC11

Question 26

Question
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012. The domain contains a file server named Server1. All client computers run Windows 8. Users share the client computers and frequently log on to different client computers. You need to ensure that when the users save files in the Documents folder, the files are saved automatically to \\Server1\Users\. The solution must minimize the amount of network traffic that occurs when the users log on to the client computers. What should you do?
Answer
  • From a Group Policy object (GPO), configure the Folder Redirection settings
  • From the properties of each user account, configure the Home folder settings
  • From the properties of each user account, configure the User profile settings
  • From a Group Policy object (GPO), configure the Drive Maps preference

Question 27

Question
You have a server named Server1 that runs Windows Server 2012. Server1 has two network adapters and is located in a perimeter network. You need to configure Server1 as a network address translation (NAT) server. Which node should you use to add the NAT routing protocol?
Answer
  • Remote Access Clients
  • Ports
  • Remote Access Logging & Policies
  • IPv4 - General
  • IPv4 - Static Routes
  • IPv4 - RIP
  • IPv4 - IGMP
  • IPv4 - DHCP Relay Agents
  • IPv6 - General
  • IPv6 - Static Routes

Question 28

Question
You have a server named Server5 that runs Windows Server 2012. Servers has the Windows Deployment Services server role installed. You need to ensure that when client computers connect to Server5 by using PXE, the computers use an unattended file. What should you configure?
Answer
  • General
  • PXE Response
  • AD DS
  • Boot
  • Client
  • DHCP
  • Multicast
  • Advanced
  • Network
  • TFTP

Question 29

Question
Your network contains a server named Server1 that has the Network Policy and Access Services server role installed. All of the network access servers forward connection requests to Server1. You create a new network policy on Server1. You need to ensure that the new policy applies only to connection requests from Microsoft RAS servers that are located on the 192.168.0.0/24 subnet.
Answer
  • Set the Called Station ID constraint to 192.168.0.0.24
  • Set the Called Station ID constraint to 192.168.0
  • Set the Client IPv4 Address condition to 192.168.0.0/24
  • Set the Client IPv4 Address condition to 192.168.0

Question 30

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 is configured as a VPN server. You need to configure Server1 to perform network address translation (NAT). What should you do?
Answer
  • From Network Connections, modify the Internet Protocol Version 6 (TCP/IP v6) settings of each network adapter
  • From Routing and Remote Access, add an IPv4 routing protocol
  • From Routing and Remote Access, add an IPv6 routing protocol
  • From Network Connections, modify the Internet Protocol Version 4 (TCP/IP v4) settings of each network adapter

Question 31

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Remote Access server role installed. DirectAccess is implemented on Server1 by using the default configuration. You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet. You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess connection. What should you do?
Answer
  • Disable the DirectAccess Passive Mode setting in the Direct Access Client Settings Group Policy object (GPO)
  • Configure a DNS suffix search list on the DirectAccess clients
  • Enable the Route all Traffic through the internal network policy settings in the DirectAccess Server Settinvs Group Policy object (GPO)
  • Configure DirectAccess to enable force tunneling

Question 32

Question
You have a DNS server named Server1 that runs Windows Server 2012. On Server1, you create a DNS zone named contoso.com. You need to specify the email address of the person responsible for the zone. Which type of DNS record should you configure?
Answer
  • Start of authority (SOA)
  • Mail exchanger (MX)
  • Host information (HINFO)
  • Mailbox (MB)

Question 33

Question
You have a server named Server1 that runs Windows Server 2012. You discover that the performance of Server1 is poor. The results of a performance report generated on Server1 are shown in the table. You need to identify the cause of the performance issue. What should you identify?
Answer
  • Excessive paging
  • NUMA Fragmentation
  • Drive malfunction
  • Insufficient RAM

Question 34

Question
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012. An organizational unit (OU) named ResearchServers contains the computer accounts of all research servers. All domain users are configured to have a minimum password length of eight characters. You need to ensure that the minimum password length of the local user accounts on the research servers in the ResearchServers OU is 10 characters. What should you do?
Answer
  • Create a universal group that contains the research servers. Create a Password Settings Object (PSO) and assign the PSO to the group.
  • Configure a local Group Policy Object (GPO) on each research server.
  • Create and link a Group Policy object (GPO) to the ResearchServers OU.
  • Create a global group that contains the research servers. Create a Password Settings object (PSO) and assign the PSO to the group.

Question 35

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 has the Windows Server Update Services server role installed. All client computers are configured to download updates from Server1. You have a Group Policy object (GPO) named GPO1 that is linked to an organizational unit (OU) named Sales_OU. You need to ensure that all of the computers in Sales_OU are added to a Windows Server Update Services (WSUS) computer group named SalesComputers. Which setting should you configure in the GPO?
Answer
  • Allow non-administrators to receive update notifications
  • Turn on Software Notifications
  • Let the service shut down when it is idle
  • Allow Automatic Updates immediate installation
  • Turn on recommended updates via Automatic Updates
  • No auto-restart with logged on users for scheduled automatic updates installations
  • Re-prompt for restart with scheduled installations
  • Rescheduled Automatic Updates scheduled installations
  • Enable client-side targeting
  • Allow signed updates from an intranet Microsoft update service location

Question 36

Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. The domain contains an Edge Server named Server1. Server1 is configured as a DirectAccess server. Server1 has the following settings: Internal DNS name: Server1.contoso.com External DNS name: da1.contoso.com Internal IPv6 address: 2002:c1a8:6a:3333::1 External IPv4 address: 65.55.37.62 Your company uses split-brain DNS for the contoso.com zone. You run the Remote Access Setup wizard as shown. You need to ensure that client computers on the Internet can establish DirectAccess connections to Server1. Which additional name suffix entry should you add from the Remote Access Setup wizard?
Answer
  • A Name Suffix value of da1.contoso.com and a blank DNS Server Address value
  • A Name Suffix value of Server1.contoso.com and a DNS Server Address value of 65.55.37.62
  • A Name Suffix value of Server1.contoso.com and a blank DNS Server Address value
  • A Name Suffix value of da1.contoso.com and a DNS Server Address value of 65.55.37.62

Question 37

Question
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012. Client computers run either Windows 7 or Windows 8. All of the client computers have an application named App1 installed. The domain contains a Group Policy object (GPO) named GPO1 that is applied to all of the client computers. You need to add a system variable named App1Data to all of the client computers. Which Group Policy preference should you configure?
Answer
  • Services
  • Ini Files
  • Environment
  • Data Sources

Question 38

Question
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains two Active Directory sites named Site1 and Site2. You plan to deploy a read-only domain controller (RODC) named DC10 to Site2. You pre-create the DC10 domain controller account by using Active Directory Users and Computers. You need to identify which domain controller will be used for initial replication during the promotion of the RODC. Which tab should you use to identify the domain controller?
Answer
  • General
  • Operating System
  • Member Of
  • Delegation
  • Password Replication Policy
  • Location
  • Managed By
  • Object
  • Security
  • Dial-In

Question 39

Question
Your network contains an Active Directory forest named contoso.com. Recently, all of the domain controllers that ran Windows Server 2003 were replaced by domain controllers that run Windows Server 2012. From Event Viewer, you discover SYSVOL journal wrap errors on a domain controller named dc10.contoso.com. You need to perform a non-authoritative synchronization of SYSVOL on DC10. Which three actions should you perform on DC10?
Answer
  • Start the Distributed File System (DFS) Replication service
  • Stop the Distributed File System (DFS) Replication service
  • Modify the registry
  • Stop the File Replication Service (FRS) service
  • Modify the computer object for DC10 in Active Directory
  • Start the File Replication Service (FRS) service

Question 40

Question
You manage a server that runs Windows Server 2012. The server has the Windows Deployment Services server role installed. You start a virtual machine named VM1 as shown in the exhibit. (Click the Exhibit button.) You need to configure a pre-staged device for VM1 in the Windows Deployment Services console. Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.)
Answer
  • 979708BFC04B45259FE0C4150BB6C618
  • 979708BF-C04B-4525-9FE0-C4150BB6C618
  • 00155D000F1300000000000000000000
  • 000000000000000000000155D000F13
  • 00000000-0000-0000-0000-C4150BB6C618
Show full summary Hide full summary

Similar

70-411 - MCSA: Administering Windows Server 2012 - Exam 4
Mike M
70-411 - MCSA: Administering Windows Server 2012 - Exam 3
Mike M
70-411 - MCSA: Administering Windows Server 2012 - Exam 6
Mike M
CCNA Security 210-260 IINS - Exam 3
Mike M
The Internet
Gee_0599
SQL Quiz
R M
Application of technology in learning
Jeff Wall
The SAT Math test essentials list
lizcortland
How to improve your SAT math score
Brad Hegarty
Ch1 - The nature of IT Projects
mauricio5509
Innovative Uses of Technology
John Marttila