70 - 411 QUIZ 1 - VOLUME 2

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1. You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder 1. You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages. What should you do?

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Deployment Services server role installed. Server1 contains two boot images and four install images. You need to ensure that when a computer starts from PXE, the available operating system images appear in a specific order. What should you do?

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains an Edge Server named Server1. Server1 is configured as a DirectAccess server. Server1 has the following settings: You run the Remote Access Setup wizard as shown in the following exhibit. (Click the Exhibit button.) You need to ensure that client computers on the Internet can establish DirectAccess connections to Server1. Which additional name suffix entry should you add from the Remote Access Setup wizard?

Your company has a main office and a branch office. The main office contains a server that hosts a Distributed File System (DFS) replicated folder. You plan to implement a new DFS server in the branch office. You need to recommend a solution that minimizes the amount of network bandwidth used to perform the initial synchronization of the folder to the branch office. You recommend using the Export-DfsrClone and Import-DfsrClonecmdlets. Which additional command or cmdlet should you include in the recommendation?

Your network contains two Active Directory forests named adatum.com and contoso.com. The network contains three servers. The servers are configured as shown in the following table. You need to ensure that connection requests from adatum.com users are forwarded to Server2 and connection requests from contoso.com users are forwarded to Server3. Which two should you configure in the connection request policies on Server1? (Each correct answer presents part of the solution. Choose two.)

Your network contains a DNS server named Server1. Server1 hosts a DNS zone for contoso.com. You need to ensure that DNS clients cache records from contoso.com for a maximum of one hour. Which value should you modify in the Start of Authority (SOA) record? To answer, select the appropriate setting in the answer area.

Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2. The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link. Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com. You need to configure Server1 to resolve names in fabrikam.com. The solution must NOT require that changes be made to the fabrikam.com zone on Server2. What should you create?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server role service installed. You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN enforcement by using the Configure NAP wizard. You need to ensure that you can configure the VPN enforcement method on Server1 successfully. What should you install on Server1 before you run the Configure NAP wizard?

Your network contains one Active Directory domain named contoso.com. The domain contains 10 file servers that run Windows Server 2012 R2. You plan to enable BitLocker Drive Encryption (BitLocker) for the operating system drives of the file servers. You need to configure BitLocker policies for the file servers to meet the following requirements: Ensure that all of the servers use a startup PIN for operating system drives encrypted with BitLocker. Ensure that the BitLocker recovery key and recovery password are stored in Active Directory. Which two Group Policy settings should you configure? To answer, select the appropriate settings in the answer area.

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The network contains several group Managed Service Accounts that are used by four member servers. You need to ensure that if a group Managed Service Account resets a password of a domain user account, an audit entry is created. You create a Group Policy object (GPO) named GPO1. What should you do next?

Your network contains a RADIUS server named Admin1. You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed. You need to ensure that all accounting requests for Server2 are forwarded to Admin1. On Server2, you create a new remote RADIUS server group named Group1 that contains Admin1. What should you configure next on Server2? To answer, select the appropriate node in the answer area.

You have a server named Server1 that has the Network Policy and Access Services server role installed. You plan to configure Network Policy Server (NPS) on Server1 to use certificate-based authentication for VPN connections. You obtain a certificate for NPS. You need to ensure that NPS can perform certificate-based authentication. To which store should you import the certificate? To answer, select the appropriate store in the answer area.

Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as shown in the following table The network contains a server named Server1 that has the Hyper-V server role installed. DC6 is a virtual machine that is hosted on Server1. You need to ensure that you can clone DC6. What should you do?

Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server. The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP scope for each subnet. You need to ensure that noncompliant computers on Subnet1 receive different network policies than noncompliant computers on Subnet2. Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)

You have two Windows Server Update Services (WSUS) servers named Server01 and Server02. Server01 synchronizes from Microsoft Update. Server02 synchronizes updates from Server01. Both servers are members of the same Active Directory domain. You configure Server01 to require SSL for all WSUS metadata by using a certificate issued by an enterprise root certification authority (CA). You need to ensure that Server02 synchronizes updates from Server01. What should you do on Server02?

Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2. A support technician accidentally deletes a user account named User1. You need to use tombstone reanimation to restore the User1 account. Which tool should you use?

You have a failover cluster that contains five nodes. All of the nodes run Windows Server 2012 R2. All of the nodes have BitLocker Drive Encryption (BitLocker) enabled. You enable BitLocker on a Cluster Shared Volume (CSV). You need to ensure that all of the cluster nodes can access the CSV. Which cmdlet should you run next?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Remote Access server role installed. DirectAccess is implemented on Server1 by using the default configuration. You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet. You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess connection. What should you do?

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. All sales users have laptop computers that run Windows 8. The sales computers are joined to the domain. All user accounts for the sales department are in an organizational unit (OU) named Sales_OU. A Group Policy object (GPO) named GPO1 is linked to Sales_OU. You need to configure a dial-up connection for all of the sales users. What should you configure from User Configuration in GPO1?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. You enable and configure Routing and Remote Access (RRAS) on Server1. You create a user account named User1. You need to ensure that User1 can establish VPN connections to Server1. What should you do?

You have a server named Server1 that runs Windows Server 2012 R2. You configure Network Access Protection (NAP) on Server1. Your company implements a new security policy stating that all client computers must have the latest updates installed. The company informs all employees that they have two weeks to update their computer accordingly. You need to ensure that if the client computers have automatic updating disabled, they are provided with full access to the network until a specific date and time. Which two nodes should you configure? To answer, select the appropriate two nodes in the answer area.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed. An administrator creates a Network Policy Server (NPS) network policy named Policy1. You need to ensure that Policy1 applies to L2TP connections only. Which condition should you modify? To answer, select the appropriate object in the answer area.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed. You need to enable trace logging for Network Policy Server (NPS) on Server1. Which tool should you use?

Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012 R2. The forest contains a single domain. You create a Password Settings object (PSO) named PSO1. You need to delegate the rights to apply PSO1 to the Active Directory objects in an organizational unit named OU1. What should you do?

Your network contains two Active Directory forests named contoso.com and adatum.com. All domain controllers run Windows Server 2012 R2. The adatum.com domain contains a Group Policy object (GPO) named GPO1. An administrator from adatum.com backs up GPO1 to a USB flash drive. You have a domain controller named dc1.contoso.com. You insert the USB flash drive in dc1.contoso.com. You need to identify the domain-specific reference in GPO1. What should you do?

Your network contains an Active Directory domain named contoso.com. The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed. You plan to deploy additional servers that have the Network Policy and Access Services server role installed. You must standardize as many settings on the new servers as possible. You need to identify which settings can be standardized by using Network Policy Server (NPS) templates. Which three settings should you identify? (Each correct answer presents part of the solution. Choose three.)

Your network contains an Active Directory domain named contoso.com. A user named User1 creates a central store and opens the Group Policy Management Editor as shown in the exhibit. (Click the Exhibit button.) You need to ensure that the default Administrative Templates appear in GPO1. What should you do?

Your network contains an Active Directory domain named adatum.com. You need to audit changes to the files in the SYSVOL shares on all of the domain controllers. The solution must minimize the amount of SYSVOL replication traffic caused by the audit. Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)

You have a file server named Server1 that runs Windows Server 2012 R2. A user named User1 is assigned the modify NTFS permission to a folder named C:\shares and all of the subfolders of C:\shares. On Server1, you open File Server Resource Manager as shown in the exhibit. (Click the Exhibit button.) To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.

Your network is configured as shown in the exhibit. (Click the Exhibit button.) Server1 regularly accesses Server2. You discover that all of the connections from Server1 to Server2 are routed through Router1. You need to optimize the connection path from Server1 to Server2. Which route command should you run on Server1?

Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.) On Server1, you have a folder named C:\Share1 that is shared as Share1. Share1 contains confidential data. A group named Group1 has full control of the content in Share1. You need to ensure that an entry is added to the event log whenever a member of Group1 deletes a file in Share1. What should you configure?

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. Cluster1 hosts 10 virtual machines. All of the virtual machines run Windows Server 2012 R2 and are members of the domain. You need to ensure that the first time a service named Service1 fails on a virtual machine, the virtual machine is moved to a different node. You configure Service1 to be monitored from Failover Cluster Manager. What should you configure on the virtual machine?

You have a DNS server named Server1 that runs Windows Server 2012 R2. On Server1, you create a DNS zone named contoso.com. You need to specify the email address of the person responsible for the zone. Which type of DNS record should you configure?

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012. You have a Group Policy object (GPO) named GPO1 that contains several custom Administrative templates. You need to filter the GPO to display only settings that will be removed from the registry when the GPO falls out of scope. The solution must only display settings that are either enabled or disabled and that have a comment. How should you configure the filter? To answer, select the appropriate options below. Select three.

Your network contains an Active Directory domain named contoso.com. You need to create a certificate template for the BitLocker Drive Encryption (BitLocker) Network Unlock feature. Which Cryptography setting of the certificate template should you modify? To answer, select the appropriate setting in the answer area.

Your network contains 25 Web servers that run Windows Server 2012 R2. You need to configure auditing policies that meet the following requirements: Generate an event each time a new process is created. Generate an event each time a user attempts to access a file share. Which two auditing policies should you configure? To answer, select the appropriate two auditing policies in the answer area.

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. You generalize Server2. You install the Windows Deployment Services (WDS) server role on Server1. You need to capture an image of Server2 on Server1. Which three actions should you perform? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. You plan to use fine-grained password policies to customize the password policy settings ofcontoso.com. You need to identify to which Active Directory object types you can directly apply the finegrained password policies. Which two object types should you identify? (Each correct answer presents part of the solution. Choose two.)

Your network contains a domain controller named DC1 that runs Windows Server 2012 R2. You create a custom Data Collector Set (DCS) named DCS1. You need to configure DCS1 to collect the following information: The amount of Active Directory data replicated between DC1 and the other domain controllers The current values of several registry settings Which two should you configure in DCS1? (Each correct answer presents part of the solution. Choose two.)

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. DirectAccess is deployed to the network. Remote users connect to the DirectAccess server by using a variety of network speeds. The remote users report that sometimes their connection is very slow. You need to minimize Group Policy processing across all wireless wide area network (WWAN) connections. Which Group Policy setting should you configure?

Your network contains three Network Policy Server (NPS) servers named NPS1, NPS2, and NPS3. NP51 is configured as a RADIUS proxy that forwards connection requests to a remote RADIUS server group named Group1. You need to ensure that NPS2 receives connection requests. NPS3 must only receive connection requests if NPS2 is unavailable.

Your company deploys a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. The forest contains a domain controller named DC10. On DC10, the disk that contains the SYSVOL folder fails. You replace the failed disk. You stop the Distributed File System (DFS) Replication service. You restore the SYSVOL folder. You need to perform a non-authoritative synchronization of SYSVOL on DC10. Which tool should you use before you start the DFS Replication service on DC10?

You have a DNS server that runs Windows Server 2012 R2. The server hosts the zone for contoso.com and is accessible from the Internet. You need to create a DNS record for the Sender Policy Framework (SPF) to list the hosts that are authorized to send email for contoso.com. Which type of record should you create?

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. One of the domain controllers is named DC1. The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings. A server named Server1 is a DNS server that runs a UNIX-based operating system. You plan to use Server1 as a secondary DNS server for the contoso.com zone. You need to ensure that Server1 can host a secondary copy of the contoso.com zone. What should you do?

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2. Both servers have the File and Storage Services server role, the DFS Namespace role service, and the DFS Replication role service installed. Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are connected by using a high-speed LAN connection. You need to minimize the amount of processor resources consumed by DFS Replication. What should you do?

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. All client computers run Windows 8 Enterprise. DC1 contains a Group Policy object (GPO) named GPO1. You need to update the PATH variable on all of the client computers. Which Group Policy preference should you configure?

Your network is configured as shown in the exhibit. (Click the Exhibit button.) Server1 regularly accesses Server2. You discover that all of the connections from Server1 to Server2 are routed through Routerl. You need to optimize the connection path from Server1 to Server2. Which route command should you run on Server1?

Your network contains an Active Directory domain named contoso.com. All client computers are configured as DHCP clients. You link a Group Policy object (GPO) named GPO1 to an organizational unit (OU) that contains all of the client computer accounts. You need to ensure that Network Access Protection (NAP) compliance is evaluated on all of the client computers. Which two settings should you configure in GPO1? To answer, select the appropriate two settings in the answer area.

Your network contains an Active Directory domain named contoso.com. Network Policy Server (NPS) is deployed to the domain. You plan to deploy Network Access Protection (NAP). You need to configure the requirements that are validated on the NPS client computers. What should you do?

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains two servers. The servers are configured as shown in the following table. All client computers run Windows 8 Enterprise. You plan to deploy Network Access Protection (NAP) by using IPSec enforcement. A Group Policy object (GPO) named GPO1 is configured to deploy a trusted server group to all of the client computers. You need to ensure that the client computers can discover HRA servers automatically. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)