70-411 - MCSA: Administering Windows Server 2012 - Exam 5

Your network contains AD named contoso.com. The domain contains RADIUS server named Server1 that runs Windows Server 2012. You add a VPN server named Server2 to the network. On Server1, you created several network policies. You need to configure Server1 to accept authentication requests from Server2. Which tool should you use on Server1?

How to configure IIS to accept the authentication kerberos or ntlm?

You have a server that runs Windows Server 2012. You have an offline image named Windows2012.vhd that contains an installation of Windows Server 2012. You plan to apply several updates to Windows2012.vhd. You need to mount Windows2012.vhd to H:\. Which tool should you use?

Your network contains an Active Directory domain named contoso.com. The domain contains client computers that run either Windows XP, Windows 7, or Windows 8. Network Policy Server (NPS) is deployed to the domain. You plan to create a system health validator (SHV). You need to identify which policy settings can be applied to all of the computers. Which three policy settings should you identify? (Each correct answer presents part of the solution. Choose three.)

Your network contains an Active Directory domain named contoso.com. The domain contains a RADIUS server named Server1 that runs Windows Server 2012. You add a VPN server named Server2 to the network. On Server1, you create several network policies. You need to configure Server1 to accept authentication requests from Server2. Which tool should you use on Server1?

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012. The domain contains two domain controllers. DC1 is a physical server and has a daily task to snapshot Active Directory. DC2 is a Hyper-V virtual machine that has a daily task to snapshot of the VM and daily systemstate backups. You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago. You need to restore the membership of Group1. What should you do?

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain. Two Group Policy objects (GPOs) named GPO1 and GP02 are created. GPO1 is linked to OU1. GPO2 is linked to OU2. OU1 contains a client computer named Computer1. OU2 contains a user named User1. You need to ensure that the GPOs applied to Computer1 are applied to User1 when User1 logs on. What should you configure?

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012. You mount an Active Directory snapshot on DC1. You need to expose the snapshot as an LDAP server. Which tool should you use?

You have a server named Server1 that has a Server Core Installation on Windows Server 2012. You need to view the time-to-live (TTL) value of a host name that is cached on Server1. What should you run?

The contoso.com domain contains a a DNS server named Server1 that host a primary zone. Server2 contains a a secondary zone for the contoso.com domain You need to configure how long Server2 queries Server1 to renew the zone. What should you configure?

You are a network administrator of an Active Directory domain named contoso.com. You have a server named Server1 that runs Windows Server 2012. Server1 has the DHCP Server server role and the Network Policy Server role service installed. You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1. You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP clients. Which criteria should you specify when you create the DHCP policy?

Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server. The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP scope for each subnet. You need to ensure that noncompliant computers on Subnet1 receive different network policies than noncompliant computers on Subnet2. Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)

Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012. The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link. Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com. You need to configure Server1 to resolve names in fabrikam.com. The solution must NOT require that changes be made to the fabrikam.com zone on Server2. What should you create?

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. One of the domain controllers is named DC1. The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings. A server named Server1 is a DNS server that runs a UNIX-based operating system. You plan to use Server1 as a secondary DNS server for the contoso.com zone. You need to ensure that Server1 can host a secondary copy of the contoso.com zone. What should you do?

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1. You make a change to GPO1. You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort. Which tool should you use?

Your network contains an Active Directory domain named adatum.com. You have a standard primary zone named adatum.com. You need to provide a user named User1 the ability to modify records in the zone. Other users must be prevented from modifying records in the zone. What should you do first?

Your network contains two Active Directory domains named contoso.com and adatum.com. The contoso.com domain contains a server named Server1.contoso.com. The adatum.com domain contains a server named server2.adatum.com. Server1 and Server2 run Windows Server 2012 and have the DirectAccess and VPN (RRAS) role service installed. Server1 has the default network policies and the default connection request policies. You need to configure Server1 to perform authentication and authorization of VPN connection requests to Server2. Only users who are members of Adatum\Group1 must be allowed to connect. Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 has the following role services installed: DirectAccess and VPN (RRAS) Network Policy Server Remote users have client computers that run either Windows XP, Windows 7, or Windows 8. You need to ensure that only the client computers that run Windows 7 or Windows 8 can establish VPN connections to Server1. What should you configure on Server1?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 has a drive named E that is encrypted by using BitLocker Drive Encryption (BitLocker). A recovery key is stored on drive C. Drive E becomes locked. When you attempt to use the recovery key, you receive the following error message. You need to access the data stored on drive E. What should you run first?

Your network contains an Active Directory domain named contoso.com. All user accounts reside in an organizational unit (OU) named OU1. You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user. You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop. You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again. What should you do?

Your network contains an Active Directory forest named contoso.com. The forest contains two sites named Main and Branch. The Main site contains 400 desktop computers and the Branch site contains 150 desktop computers. All of the desktop computers run Windows 8. In Main, the network contains a member server named Server1 that runs Windows Server 2012. You install the Windows Server Update Services server role on Server1. You need to ensure that Windows updates obtained from Windows Server Update Services (WSUS) are the same for the computers in each site. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

Your network contains an Active Directory forest named contoso.com. The domain contains three servers. The servers are configured as shown in the following table. You plan to implement the BitLocker Drive Encryption (BitLocker) Network Unlock feature. You need to identify which server role must be deployed to the network to support the planned implementation. Which role should you identify?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Print1. Your company implements DirectAccess. A user named User1 frequently works at a customer's office. The customer's office contains a print server named Print1. While working at the customer's office, User1 attempts to connect to Print1. User1 connects to the Print1 server in contoso.com instead of the Print1 server at the customer's office. You need to provide User1 with the ability to connect to the Print1 server in the customer's office. Which Group Policy option should you configure?

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012. DC10 is currently a member of a workgroup. You plan to promote DC10 to a read-only domain controller (RODC). You need to ensure that a user named Contoso\User1 can promote DC10 to a RODC in the contoso.com domain. The solution must minimize the number of permissions assigned to User1. What should you do?

Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. All domain controllers run Windows Server 2012. The domain contains four domain controllers. The domain controllers are configured as shown . You open Active Directory Users and Computers on a client computer and connect to DC1. You display the members of a group named Group1 as shown. When you view the properties of a user named User102, you receive the error message shown. The error message does not display for any other members of Group1. You need to identify which domain controller causes the issue shown in the error message. Which domain controller should you identify?

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012. The domain contains a file server named Server1. All client computers run Windows 8. Users share the client computers and frequently log on to different client computers. You need to ensure that when the users save files in the Documents folder, the files are saved automatically to \\Server1\Users\. The solution must minimize the amount of network traffic that occurs when the users log on to the client computers. What should you do?

You have a server named Server1 that runs Windows Server 2012. Server1 has two network adapters and is located in a perimeter network. You need to configure Server1 as a network address translation (NAT) server. Which node should you use to add the NAT routing protocol?

You have a server named Server5 that runs Windows Server 2012. Servers has the Windows Deployment Services server role installed. You need to ensure that when client computers connect to Server5 by using PXE, the computers use an unattended file. What should you configure?

Your network contains a server named Server1 that has the Network Policy and Access Services server role installed. All of the network access servers forward connection requests to Server1. You create a new network policy on Server1. You need to ensure that the new policy applies only to connection requests from Microsoft RAS servers that are located on the 192.168.0.0/24 subnet.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 is configured as a VPN server. You need to configure Server1 to perform network address translation (NAT). What should you do?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Remote Access server role installed. DirectAccess is implemented on Server1 by using the default configuration. You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet. You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess connection. What should you do?

You have a DNS server named Server1 that runs Windows Server 2012. On Server1, you create a DNS zone named contoso.com. You need to specify the email address of the person responsible for the zone. Which type of DNS record should you configure?

You have a server named Server1 that runs Windows Server 2012. You discover that the performance of Server1 is poor. The results of a performance report generated on Server1 are shown in the table. You need to identify the cause of the performance issue. What should you identify?

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012. An organizational unit (OU) named ResearchServers contains the computer accounts of all research servers. All domain users are configured to have a minimum password length of eight characters. You need to ensure that the minimum password length of the local user accounts on the research servers in the ResearchServers OU is 10 characters. What should you do?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 has the Windows Server Update Services server role installed. All client computers are configured to download updates from Server1. You have a Group Policy object (GPO) named GPO1 that is linked to an organizational unit (OU) named Sales_OU. You need to ensure that all of the computers in Sales_OU are added to a Windows Server Update Services (WSUS) computer group named SalesComputers. Which setting should you configure in the GPO?

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. The domain contains an Edge Server named Server1. Server1 is configured as a DirectAccess server. Server1 has the following settings: Internal DNS name: Server1.contoso.com External DNS name: da1.contoso.com Internal IPv6 address: 2002:c1a8:6a:3333::1 External IPv4 address: 65.55.37.62 Your company uses split-brain DNS for the contoso.com zone. You run the Remote Access Setup wizard as shown. You need to ensure that client computers on the Internet can establish DirectAccess connections to Server1. Which additional name suffix entry should you add from the Remote Access Setup wizard?

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012. Client computers run either Windows 7 or Windows 8. All of the client computers have an application named App1 installed. The domain contains a Group Policy object (GPO) named GPO1 that is applied to all of the client computers. You need to add a system variable named App1Data to all of the client computers. Which Group Policy preference should you configure?

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains two Active Directory sites named Site1 and Site2. You plan to deploy a read-only domain controller (RODC) named DC10 to Site2. You pre-create the DC10 domain controller account by using Active Directory Users and Computers. You need to identify which domain controller will be used for initial replication during the promotion of the RODC. Which tab should you use to identify the domain controller?

Your network contains an Active Directory forest named contoso.com. Recently, all of the domain controllers that ran Windows Server 2003 were replaced by domain controllers that run Windows Server 2012. From Event Viewer, you discover SYSVOL journal wrap errors on a domain controller named dc10.contoso.com. You need to perform a non-authoritative synchronization of SYSVOL on DC10. Which three actions should you perform on DC10?

You manage a server that runs Windows Server 2012. The server has the Windows Deployment Services server role installed. You start a virtual machine named VM1 as shown in the exhibit. (Click the Exhibit button.) You need to configure a pre-staged device for VM1 in the Windows Deployment Services console. Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.)