70-411 - MCSA: Administering Windows Server 2012 - Exam 6

Mike M
Quiz by Mike M, updated more than 1 year ago
Mike M
Created by Mike M almost 3 years ago
79
0

Description

This exam measures your ability to accomplish the technical tasks listed below: Deploy, Manage, and Maintain Servers Configure File and Print Services Configure Network Services and Access Configure a Network Policy Server Infrastructure Configure and Manage Active Directory Configure and Manage Group Policy

Resource summary

Question 1

Question
Your company has a main office and a branch office. The network contains an Active Directory domain named contoso.com. The main office contains a domain controller named DC1 that runs Windows Server 2012. DC1 is a DNS server and hosts a primary zone for contoso.com. The branch office contains a member server named Server1 that runs Windows Server 2012. Server1 is a DNS server and hosts a secondary zone for contoso.com. The main office connects to the branch office by using an unreliable WAN link. You need to ensure that Server1 can resolve names in contoso.com if the WAN link is unavailable for three days. Which setting should you modify in the start of authority (SOA) record?
Answer
  • Retry Interval
  • Minimum (default) TTL
  • Refresh interval
  • Expires after

Question 2

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 and has the Windows Deployment Services (WDS) server role installed. You need to use WDS to deploy an image to a client computer that does not support PXE. Which type of image should you use to start the computer?
Answer
  • Install
  • Boot
  • Discover
  • Capture

Question 3

Question
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012. The functional level of both the domain and the forest is Windows Server 2008 R2. The domain contains a domain-based Distributed File System (DFS) namespace that is configured as shown in the exhibit. (Click the Exhibit button.) You need to enable access-based enumeration on the DFS namespace. What should you do first?
Answer
  • Install the File Resource Manager role service on Server3 and Server5
  • Raise the domain functional level
  • Delete and recreate the namespace
  • Raise the forest functional level

Question 4

Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain. Two Group Policy objects (GPOs) named GPO1 and GPO2 are created. GPO1 is linked to OU1. GPO2 is linked to OU2. OU1 contains a client computer named Computer1. OU2 contains a user named User1. You need to ensure that the GPOs applied to Computer1 are applied to User1 when User1 logs on. What should you configure?
Answer
  • The GPO Status
  • GPO links
  • The Enforced setting
  • Security Filtering
  • Group Policy Loopback Processing

Question 5

Question
Your company deploys a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012. The forest contains a domain controller named DC10. On DC10, the disk that contains the SYSVOL folder fails. You replace the failed disk. You stop the Distributed File System (DFS) Replication service. You restore the SYSVOL folder. You need to perform a non-authoritative synchronization of SYSVOL on DC10. Which tool should you use before you start the DFS Replication service on DC10?
Answer
  • dfsgui.msc
  • Replmon
  • Adsiedit.msc
  • Ultrasound

Question 6

Question
Your network contains a Hyper-V host named Server1 that hosts 20 virtual machines. You need to view the amount of memory resources and processor resources each virtual machine uses currently. Which tool should you use on Server1?
Answer
  • Windows System Resource Manager (WSRM)
  • Task Manager
  • Resource Monitor
  • Hyper-V Manager

Question 7

Question
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The contoso.com zone is Active Directory-integrated and configured to replicate to all of the domain controllers in the contoso.com domain. Server1 has a DNS record in the contoso.com zone. You need to verify when the DNS record for Server1 was last updated. In which Active Directory partition should you view the DNS record of Server1?
Answer
  • Default naming context [NYC-DC1.contoso.com]
  • Configuration [NYC-DC1.contoso.com]
  • Schema [NYC-DC1.contoso.com]
  • ForestDNSZones [NYC-DC1.contoso.com]
  • DomainDNSZones [NYC-DC1.contoso.com]

Question 8

Question
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012. Server1 has the Windows Server Update Services (WSUS) server role installed. WSUS is configured to use a Windows Internal Database. Server2 has Microsoft SQL Server 2008 R2 Standard deployed. You detach the SUSDB database from Server1 and attach the database to Server2. You need to ensure that Windows Deployment Services (WDS) on Server1 uses the database hosted on Server2. What should you do on Server1?
Answer
  • Configure an ODBC file data source
  • Run the wsutil command
  • Edit the registry
  • Configure an ODBC registry system data source

Question 9

Question
Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2. All of the user accounts in the marketing department are members of a group named Contoso\MarketingUsers. All of the computer accounts in the marketing department are members of a group named Contoso\MarketingComputers. A domain user named User1 is a member of the Contoso\MarketingUsers group. A computer named Computer1 is a member of the Contoso\MarketingComputers group. You have five Password Settings objects (PSOs). The PSOs are defined as shown in the following table. When User1 logs on to Computer1 and attempts to change her password, she receives an error message indicating that her password is too short. You need to tell User1 what her minimum password length is. What should you tell User1?
Answer
  • 10
  • 11
  • 12
  • 14

Question 10

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 has the Remote Access server role installed. You log on to Server1 by using a user account named User2. From the Remote Access Management Console, you run the Getting Started Wizard and you receive a warning message as shown in the exhibit. (Click the Exhibit button.) You need to ensure that you can configure DirectAccess successfully. The solution must minimize the number of permissions assigned to User2. To which group should you add User2?
Answer
  • Enterprise Admins
  • Domain Admins
  • Server Operators
  • Account Operators

Question 11

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 has the Network Policy and Access Services server role installed. You plan to deploy 802.1x authentication to secure the wireless network. You need to identify which Network Policy Server (NPS) authentication method supports certificate-based mutual authentication for the 802.lx deployment. Which authentication method should you identify?
Answer
  • PEAP-MS-CHAP v2
  • MS-CHAP v2
  • EAP-TLS
  • MS-CHAP

Question 12

Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. The domain contains an organizational unit (OU) named OU1. OU1 contains an OU named OU2. OU2 contains a user named User1. User1 is the member of a group named Group1. Group1 is in the Users container. You create five Group Policy objects (GPO). The GPOs are configured as shown in the following table. You need to identify which three GPOs will be applied to User1. Which three GPOs should you identify?
Answer
  • GPO1
  • GPO2
  • GPO3
  • GPO4
  • GPO5

Question 13

Question
You have a server named Server1 that runs Windows Server 2012. Server1 has two network adapters and is located in a perimeter network. You need to install the RIP version 2 routing protocol on Server1. Which node should you use to add the RIP version 2 routing protocol?
Answer
  • Network Interfaces
  • Ports
  • Remote Access Clients
  • Remote Access Logging & Policies
  • IPv4
  • IPV4 - General
  • IPv4 Static Routes
  • IPv4 - IGMP
  • IPv4 - DHCP Relay Agents
  • IPv4 - NAT

Question 14

Question
Your network contains an Active Directory domain named contoso.com. All DNS servers host a DNS zone named adatum.com. The adatum.com zone is not Active Directory-integrated. An administrator modifies the start of authority (SOA) record for the adatum.com zone. After the modification, you discover that when you add or modify DNS records in the adatum.com zone, the changes are not transferred to the DNS servers that host secondary copies of the adatum.com zone. You need to ensure that the records are transferred to all the copies of the adatum.com zone. What should you modify in the SOA record for the adatum.com zone?
Answer
  • Serial Number
  • Primary Server
  • Refresh interval
  • Retry interval
  • Expires after
  • Minimum(default) TTL
  • TTL for this record

Question 15

Question
Your network contains an Active Directory domain named contoso.com. DC1 runs Windows Server 2008 and is the PDC Emulator, RID Master and Infrastructure Master. DC2 is running Windows Server 2008 R2 and is the Schema master and the Domain Naming Master. You deploy a new domain controller named DC3 that runs Windows Server 2012. You discover that you cannot create Password Settings objects (PSOs) by using Active Directory Administrative Center. You need to ensure that you can create PSOs from Active Directory Administrative Center. What should you do?
Answer
  • Raise the functional level of the domain
  • Upgrade DC1
  • Transfer the infrastructure master operations role
  • Transfer the PDC Emulator operations master role

Question 16

Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. The domain contains 200 Group Policy objects (GPOs) and 100 WMI filters. An administrator named Admin1 must be able to create new WMI filters and edit all of the existing WMI filters from the Group Policy Management Console (GPMC). You need to delegate the required permissions to Admin1. The solution must minimize the number of permissions assigned to Admin1. What should you do?
Answer
  • From Group Policy Management, assign Full control to Admin1 for the WMI filters container
  • From Active Directory Users and Computers, add Admin1 to the Domain Admins group
  • From Group Policy Management, assign Creator Owner to Admin1 for the WMI Filters container
  • From Active Directory Users and Computers, add Admin1 to the WinRMREmoteWMIUsers Group

Question 17

Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. You plan to use fine-grained password policies to customize the password policy settings of contoso.com. You need to identify to which Active Directory object types you can directly apply the fine- grained password policies. Which two object types should you identify? (Each correct answer presents part of the solution. Choose two.)
Answer
  • Domain local groups
  • Computers
  • Universal groups
  • Global groups
  • Users

Question 18

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012. All client computers run Windows 8 Enterprise. DC1 contains a Group Policy object (GPO) named GPO1. You need to update the PATH variable on all of the client computers. Which Group Policy preference should you configure?
Answer
  • Ini files
  • Services
  • Environment
  • Data Sources

Question 19

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012. Server1 has a share named Share1. When users without permission to Share1 attempt to access the share, they receive the Access Denied message as shown. You deploy a new file server named Server2 that runs Windows Server 2012. You need to configure Server2 to display the same custom Access Denied message as Server1. What should you install on Server2?
Answer
  • The Remote Assistance feature
  • The File Server Resource Manager role service
  • The Enhanced Storage feature
  • The Storages Services server role

Question 20

Question
You have a server named Server5 that runs Windows Server 2012. Servers has the Windows Deployment Services server role installed. Server5 contains several custom images of Windows 8. You need to ensure that when 32-bit client computers start by using PXE, the computers automatically install an image named Image1. What should you configure?
Answer
  • General
  • PXE Response
  • AD DS
  • Boot
  • Client
  • DHCP
  • Multicast
  • Advanced
  • Network
  • TFTP

Question 21

Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain. Two Group Policy objects (GPOs) named GPO1 and GPO2 are created. GPO1 is linked to OU1. GPO2 is linked to OU2. OU1 contains a client computer named Computer1. OU2 contains a user named User1. You need to ensure that the GPOs applied to Computer1 are applied to User1 when User1 logs on. What should you configure?
Answer
  • Block Inheritance
  • The GPO Status
  • The Enforced Setting
  • GPO links
  • Group Policy Loopback Processing

Question 22

Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain. Two Group Policy objects (GPOs) named GPO1 and GPO2 are created. GPO1 is linked to OU1. GPO2 is linked to OU2. OU1 contains a client computer named Computer1. OU2 contains a user named User1. You need to ensure that the GPOs applied to Computer1 are applied to User1 when User1 logs on. What should you configure?
Answer
  • Block Inheritance
  • The GPO Status
  • The Enforced Setting
  • GPO links
  • Group Policy Loopback Processing

Question 23

Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. Administrators use client computers that run Windows 8 to perform all management tasks. A central store is configured on a domain controller named DC1. You have a custom administrative template file named App1.admx. App1.admx contains application settings for an application named Appl. From a client computer named Computer1, you create a new Group Policy object (GPO) named GPO1. You discover that the application settings for App1 fail to appear in GPO1. You need to ensure that the App1 settings appear in all of the new GPOs that you create. What should you do?
Answer
  • Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\
  • From the Default Domain Controllers Policy, add App1.admx to the Administrative Templates
  • From the Default Domain Policy, add App1.admx to the Administrative Templates
  • Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\StarterGPOs

Question 24

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 and has the Network Policy Server role service installed. You need to enable trace logging for Network Policy Server (NPS) on Server1. Which tool should you use?
Answer
  • the Network Policy Server console
  • the Server Manager console
  • the tracert.exe command
  • the netsh.exe command

Question 25

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 and has the DNS Server server role installed. Server1 is configured to delete automatically the DNS records of client computers that are no longer on the network. A technician confirms that the DNS records are deleted automatically from the contoso.com zone. You discover that the contoso.com zone has many DNS records for servers that were on the network in the past, but have not connected to the network for a long time. You need to set the time stamp for all of the DNS records in the contoso.com zone. What should you do?
Answer
  • From DNS Manager, modify the Advanced settings from the properties of Server1
  • From Windows PowerShell, run the Set-DNSServerResourceRecordAging cmdlet
  • From DNS Manager, modify the Zone Aging/Scavenging Properties
  • From Windows PowerShell, run the Set-DNSServerZoneAging cmdlet

Question 26

Question
You have a server named Server1 that runs Windows Server 2012. You create a custom Data Collector Set (DCS) named DCS1. You need to configure Server1 to start DCS1 automatically when the network usage exceeds 70 percent. Which type of data collector should you create?
Answer
  • a performance counter alert
  • a configuration data collector
  • an event trace data collector
  • a performance counter data collector

Question 27

Question
Your network contains an Active Directory domain named contoso.com. The domain contains three member servers named Server1, Server2, and Server3. All servers run Windows Server 2012 and have the Windows Server Update Services (WSUS) server role installed. Server1 and Server2 are configured as replica servers that use Server3 as an upstream server. You remove Server3 from the network. You need to ensure that WSUS on Server2 retrieves updates from Server1. The solution must ensure that Server1 and Server2 have the latest updates from Microsoft. Which command should you run on each server?
Answer
  • On Server1 run: Set-WSUSServerSynchronization - SyncFromMU
  • On Server2 run: Set-WSUSServerSynchronization - SyncFromMU
  • On Server1 run: Set-WSUSServerSynchronization -UseServerName Server1
  • On Server2 run: Set-WSUSServerSynchronization -UseServerName Server1
  • On Server1 run: Set-WSUSServerSynchronization -UseServerName Server2
  • On Server2 run: Set-WSUSServerSynchronization -UseServerName Server2
  • On Server1 run: wsusutil.exe movecontent \\Server1\C$
  • On Server2 run: wsusutil.exe movecontent \\Server1\C$
  • On Server1 run: wsusutil.exe movecontent \\Server2\C$
  • On Server2 run: wsusutil.exe movecontent \\Server2\C$

Question 28

Question
Your network contains an Active Directory domain named contoso.com. Network Access Protection (NAP) is deployed to the domain. You need to create NAP event trace log files on a client computer. What should you run?
Answer
  • Register-ObjectEvent
  • Register-EngineEvent
  • tracert
  • logman

Question 29

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 and has the Network Policy Server role service installed. An administrator creates a RADIUS client template named Template1. You create a RADIUS client named Client1 by using Template1. You need to modify the shared secret for Client1. What should you do first?
Answer
  • Clear Select an existing template for Client1
  • Set the Shared secret setting of Template1 to Manual
  • Clear the Enable this RADIUS client for Client1
  • Configure the Advanced settings of Template1

Question 30

Question
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012. For Server2, you are configuring constrained delegation to a third-party service named Service1 on Server1. When you attempt to add Service1 from Server1 to the delegation setting of Server2, you discover that Service1 is not listed in the Available services list. You need to ensure that you can add Service1 for constrained delegation. What should you do first?
Answer
  • From the Services console, modify the properties of Service1.
  • From ADSI Edit, create a ServiceConnectionPoint (SCP) object
  • From a command prompt, run the setspn.exe command
  • From Active Directory Users and Computers, enable the Advanced Features option

Question 31

Question
You have a file server named Server1 that runs Windows Server 2012. Server1 has the File Server Resource Manager role service installed. Files created by users in the human resources department are assigned the Department classification property automatically. You are configuring a file management task named Task1 to remove user files that have not been accessed for 60 days or more. You need to ensure that Task1 only removes files that have a Department classification property of human resources. The solution must minimize administrative effort. What should you configure on Task1?
Answer
  • Create a custom action
  • Configure a file screen
  • Create a classification rule
  • Create a condition

Question 32

Question
Your network contains two DNS servers named Server1 and Server2 that run Windows Server 2012. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone forcontoso.com. You need to ensure that Server2 replicates changes to the contoso.com zone every five minutes. Which setting should you modify in the start of authority (SOA) record?
Answer
  • Retry interval
  • Minimum (default) TTL
  • Expires after
  • Refresh interval

Question 33

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 and has the Network Policy Server role service installed. An administrator creates a Network Policy Server (NPS) network policy named Policy1. You need to ensure that Policy1 applies to L2TP connections only. Which condition should you modify? To answer, select the appropriate object in the answer area.
Answer
  • MS-Service class
  • Access Client IPv4 Address
  • Authentication Type
  • Framed Protocol
  • Service Type
  • Tunnel Type
  • Client IPv4 Address
  • Client Vendor
  • MS-RAS Vendor ID
  • NAS Identifier

Question 34

Question
Your network contains two servers named Server1 and Server 2. Both servers run Windows Server 2012 and have the DNS Server server role installed. On Server1, you create a standard primary zone named contoso.com. You plan to create a standard primary zone for ad.contoso.com on Server2. You need to ensure that Server1 forwards all queries for ad.contoso.com to Server2. What should you do from Server1?
Answer
  • Create a trust anchor named Server2
  • Create a conditional forwarder that points to Server2
  • Create a zone delegation that points to Server2
  • Add Server2 as a name server

Question 35

Question
You have a DNS server named DN51 that runs Windows Server 2012. On DNS1, you create a standard primary DNS zone named adatum.com. You need to change the frequency that secondary name servers will replicate the zone from DNS1. Which type of DNS record should you modify?
Answer
  • Start of Authority (SOA)
  • Name Server (NS)
  • Service Location (SRV)
  • Host Information (HINFO)

Question 36

Question
Which utility can you use to manage your Virtual Machines installed on a Hyper-V host?
Answer
  • Hyper Advisor
  • Task Manager
  • Operations Manager
  • Performance Logs

Question 37

Question
Your network contains an Active Directory domain named contoso.com. You need to create a certificate template for the BitLocker Drive Encryption (BitLocker) Network Unlock feature. Which Cryptography setting of the certificate template should you modify?
Answer
  • Provider Catergory
  • Algorithm Name
  • Minimum Key Size
  • Choose which cryptographic providers can be used for requests
  • Request Hash
  • Use Alternate Signature Format

Question 38

Question
Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2012. You need to create a custom Active Directory application partition. Which tool should you use?
Answer
  • dsadd
  • dsmod
  • netdom
  • dnscmd
Show full summary Hide full summary

Similar

70-411 - MCSA: Administering Windows Server 2012 - Exam 3
Mike M
70-411 - MCSA: Administering Windows Server 2012 - Exam 4
Mike M
70-411 - MCSA: Administering Windows Server 2012 - Exam 5
Mike M
CCNA Security 210-260 IINS - Exam 3
Mike M
The Internet
Gee_0599
SQL Quiz
R M
Application of technology in learning
Jeff Wall
Ch1 - The nature of IT Projects
mauricio5509
How to improve your SAT math score
Brad Hegarty
Innovative Uses of Technology
John Marttila
CCNA Answers – CCNA Exam
Abdul Demir