Administering Windows Server 2012

Back to exams page.

1. You want to enable failure auditing, but not success auditing, for all audit policies under the Object Access category on a computer running Windows Server 2012 R2. Which of the following commands should you use to accomplish this goal?

Auditpol.exe /set /Category:Object Access” /success:Disable /Failure:Enable”

Auditpol.exe /set /subcategory:File System” /success:Enable /failure:Enable”

Auditpol.exe /get /Category:Object Access” /success:Disable /Failure:Disable”

Auditpol.exe /get /Category:Object Access” /success:Disable /Failure:Enable”

Question 1 of 50

2. You have a domain with four domain controllers. Server1 is a domain controller, DHCP
server, DNS server, and a database server. You need to move the database to another
drive. The solution must minimize impact to the users. What should you do?

Restart the computer in Save mode.

Restart the computer in DSRM.

Stop the AD DS service.

Create an image of the server.

Question 2 of 50

3. You have a server, called Server1 running Microsoft Exchange 2010. You want to add
a second server (Server2) to be used with your e-mail. How can you ensure that the
incoming e-mails will be directed to the two servers with the Server2 having the higher
priority?

Create an SRV record for Server1

Set the priority of Server1 to 5 and set the priority of Server2 to 20.

Create an SRV record for Server2

Set the priority of Server1 to 20 and set the priority of Server2 to 5.

Question 3 of 50

4. You were asked to improve security in your domain to match compliance policy. You decided to modify GPO to restrcit users to change password too frequently to use same password for their convenience. Which setting prevents users from resetting the password several times in a row so that he or she can reset the password back to the original password?

Minimum password length

Complexity requirements

Maximum password age

Minimum password age

Question 4 of 50

5. You have a domain-based namespace called DFS, running Windows Server 2008 Server
mode. How do you ensure users can only see files and folders in which the users have
permission to access?

Modify the view permissions

Modify the discretionary access control list

Disable referrals

Enable access-based enumeration

Question 5 of 50

6. You were tasked to monitor few servers with errors and warning events. What should you do to collect decribed notifications on one server to provide single point of monitor. Please choose all correct answers to configure event subscription.

Create an Event Subscription.
Open firewall ports.
Configure the Collecting Computer.
Configure the forwarding computer.

Question 6 of 50

7. What are the two default group policies that are already created in Active Directory?

Default Domain Policy

Default User Profile

Default Computer profile

Default Domain Controller Policy

Question 7 of 50

8. Which command do you use to create a zone to a DNS on a DNS server?

dnscmd /zonerefresh

dnscmd /start

dnscmd /create

dnscmd /zoneadd

Question 8 of 50

9. You administer a server (Server1) with WSUS. You use a group policy to configure all
WSUS client computers to detect every update and install updates weekly. You just
downloaded a critical update; which of the following actions should be taken to install
the critical update during the next detection interval?

Configure the deadline settings for the update

Run the gpupdate /force command

Run the wuauclt.exe /force command

Configure the Synchronization Schedule

Question 9 of 50

10. To automatically unlock a drive protected by BitLocker, which server would the client
get a key from?

DHCP server

BitLocker Web server

WDS server

Any server with a BitLocker encrypted drive

Question 10 of 50

11. You have DomainController Server1. Database for SD DS placed on D drive where you identify low space warning. You need to compress AD DS database. Identify the steps in order to compress an Active Directory database?

2 Start the ntdsutil.exe
3 Use the activate instance NTDS command
5 Use the compact to command
Use the integrity command
4 Execute the files command
1 Stop the AD DS
6 Quit ntdsutil
Use the move command

Question 11 of 50

12. You are an administrator for the Contoso Corporation. In Active Directory, you have a
WebServer OU, which contains 10 web servers. You have been testing security settings
for a server (called WebServer01) running IIS. How can you deploy the new security settings to the other web servers?

Export the settings on the WebServer01 to a security template. Then import the security settings into a GPO and link the GPO to the WebServer OU.

Import the settings into the security.inf file template into a GPO and link the GPO to the WebServer OU.

Use the GPMC to export the security settings to the other servers

Export the settings on the WebServer 01 to a security template. Use the secedit command to import the settings to each web server.

Question 12 of 50

13. You just enabled SSTP on a server called Server1. When a user tries to log in, he receives
an error: Error 0x80092013: The revocation function is unable to check revocation
because the revocation server was offline. You look at your certificate and it looks fine.
What would you do to overcome this problem?

Upgrade the certificate to V3.

Renew the certificate.

Add the RRAS server to the client personal store.

Publish the CRL distribution point to a site that is available over the Internet.

Question 13 of 50

14. You have two domain controllers in your domain DC1 and DC2. DC2 has domain wide roles, DC1 has forest wide roles. You have call from users that they cannot start legacy application you have deployed in the company. Which role you need to check on server to resolve issue?

Schema Master

Infrastructure Master

RID Master

PDC Emulator

Question 14 of 50

15. Which type of audit policy do you use to specify what to audit based on defined
properties or attributes for a document?

Variable audit policies

Attribute detection audit policies

Flexible audit policies

Expression-based audit policies

Question 15 of 50

16. You have users who connect to the corporate network using their laptops. Because these
computers often access confidential data, you need to be sure that users access network
resources only from computers that comply with the company policy of having an
anti-virus, anti-spyware and have the newest Windows updates. You decide to use NAP. Which is used to make a computer compliant when you have quarantined computers
that are not compliant when using NAP?

Reboot the computer

Reset the computer account in the domain.

Use remediation servers

Reload Windows.

Question 16 of 50

17. Which tool is used to manage file servers, including configuring quotas and blocking
certain files?

Quota Management

File Screening

File Server Resource Manager

File Management

Question 17 of 50

18. You configured vpn server on Server1 with Windows Server 2012R2. Your users complain about slow internet browsing and delay in IE open pages. You found also high traffic on VPN server. You decided to allow split tunnelling. How do you allow split tunneling?

Open Advanced TCP/IP Settings and deselect Use default gateway on remote network

Open Advanced TCP/IP Settings and deselect Don’t use default gateway on remote network

Open Advanced TCP/IP Settings and select Use default gateway on remote network

Open Advanced TCP/IP Settings and select Don’t use default gateway on remote

Question 18 of 50

19. You have a server called Server1 that runs Network Policy Server. Server1 is configured
to use SQL logging. You install Server2, which also runs Network Policy Server. You
want to make sure that the two servers are configured the same. Therefore, you export
the NPS settings from Server1 and import the settings into Server2. What should you
do next?

Restart the Server2.

Manually configure the SQL logging settings.

Create an ODBC data course to Server1.

Create an ODBC data source to a SQL server.

Question 19 of 50

20. Which of the following can you use to show a list of duplicate files on a volume?

File comparison

File screening

Storage reports

Quotas

Question 20 of 50

21. Which of the following is the compression algorithm used in DFS Replication found
with Windows Server 2012?

FRS

Remote differential compression

BitLocker

EFS

Question 21 of 50

22. You have three NPS servers known as Server1, Server2, and Server3. On Server1, you
have a Remote RADIUS Server Group that contains Server2 and Server3. Server2 and
Server 3 are configured to authentication remote users. What do you need to do to configure Server1 to forward RADIUS authentication requests to Server2 and Server3?

Create a remediation server group.

Create a network policy.

Create a connection request policy.

Create a health policy.

Question 22 of 50

23. Which type of server stores DNS requests for future use but is not authoritative for any
zone?

Conditional forwarding server

Caching-only server

Stub server

Primary name server

Question 23 of 50

24. You have users in the Engineering OU. You need to ensure that when a user logs off, he
or she is automatically added to the local Administrators group. What should you do?

Configure WMI filtering

Configure GPP

Modify GPP

Enable loopback processing in replace mode

Question 24 of 50

25. You decide to implement NAP. You have created a group policy to enable NAP on the
client computers and for the client computers to get updates from WSUS. How can you
ensure that client computers that do not have critical security updates cannot access data
production servers?

Enable automatic updates on each client

Remote the computer from the domain

Quarantine clients that do not have the critical updates

Remote network access using user rights

Question 25 of 50

26. You were asked to deploy 20 servers with defined configuration. To automate task you decided to install and configure WDS. Which roles you need to install in WDS to configure it properly? Choose all available options:

Deployment Server

Transport Server

PXE server

Authentication server

Question 26 of 50

27. You want to configure the default home page for Internet Explorer for your organization.
You have IE 7, IE 8, IE 9, and IE 10. How many preference
items do you need to create?

Question 27 of 50

28. You have a call from users which complains about print service on the server. You checked server and found that print service not functioning properly. You decided to restart print service but it fails. Which program allows you to stop a running process?

Performance Monitor

Reliability Monitor

Task Manager

Event Viewer

Question 28 of 50

29. You have configured a server called Server1 as a DirectAccess server. How do
you need to configure the Windows Firewall on the server to support
DirectAccess?

Allow IGMPv6.

Allow IPv6-Route.

Allow ICMP v6 Redirect.

Allow ICMPv6 Echo Request.

Question 29 of 50

30. What is an ordered list of servers and targets that a client computer receives from a
domain controller or namespace server when a user accesses a namespace root or a DFS
folder with targets?

Replication list

SID control list

Referrals

Target priority list

Question 30 of 50

31. You create a Server OU. You want to isolate the Server OU so that it will not be affected
by any of the domain GPOs. What should you do?

Use a WMI filter.

Use block policy inheritance.

Use a security group filter.

Use the enforce option.

Question 31 of 50

32. You are an administrator at the Contoso Corporation. You have the responsibility to make
sure that the passwords for all users are at least eight characters and that are changed every 90 days. You must ensure that each password is a strong password. What should you do?

Modify default domain password policy

Change Complexity requirements

Create new fine-grained password policies

Create new domain password policy

Question 32 of 50

33. You have a main office and 12 branch offices. The users and computers are within a
single domain. All servers are Windows Server 2008 R2 and Windows Server 2012. You
must make sure that all data is encrypted by using end-to-end encryption. In addition,
instead of using usernames and passwords, you need to use computer-level authentication.
What should you do?

Configure a PPTP connection and MS-CHAPv2.

Configure L2TP with IPsec and MS-CHAPv2.

Configure L2TP with IPsec and EAP-TSL authentication.

Configure SSTP with IPsec and PAP.

Question 33 of 50

34. Your domain is primarily based in the United States. Your company acquires an office in
France. You need to ensure that the group policies that you have established support the
French language. What do you need to do?

Load the French Language pack in the GPMC

Copy the DML files to the FR folder in the central store.

Create a second set of GPOs with the French language.

Run the ADM migrator and convert the current GPOs to French.

Question 34 of 50

35. You found that you your default GPO policied corrupted. You want to restore them to their default state. Which command allows you to restore the Default Domain Policy or the Default Domain Controllers Policy to their default settings?

ResetGPO

DCGPOFix

GPODef

GPORestore

Question 35 of 50

36. To make your server more stable you decided to use reliability monitor to find faulted application which affect server. When you open Reliability Monitor you did not find any data you can use to troubleshoot faulted application. Which three steps should you take to enable Reliablity Monitor in order you can use it (choose three steps in correct order)

1 Open Task Scheduler and enable and run the MicrosoftWindowsRACRacTask in
Task Scheduler.
Enable event subsctiption in Event Viewer.
3 Reboot the computer
Reliability AnalysisWMIWMIEnable value to 1.
2 Use the Registry Editor to change the HKEY_LOCAL_MACHINESOFTWAREMicrosoft

Question 36 of 50

37. Identify the benefits of using Active Directory-integrated zones. (Not all answers will be
used.)

Customized selected replication

Self-healing

Security

Efficient replication

Fault tolerance

Question 37 of 50

38. Which minimum domain controller is needed to use Group Policy Preferences (GPP)?

Windows Server 2008 R2

Windows Server 2003 R2

Windows Server 2008

Windows Server 2012

Question 38 of 50

39. You decided to use managed service account in your domain to run custom service. You need to create root key to be able to generate group Managed Service Account passwords. Which command would you use to create the root key?

Set-KDSRootKey.CurrentDate()

Set-KDSRootKey_EFFECTIVETIME ((GET-DATE).NOW())

Add-KDSRootKey _EFFECTIVETIME ((GET-DATE).AddHours(-10))

GenerateRootKey_EFFECTIVETIME()

Question 39 of 50

40. You have five domain controllers in your domain. You decided to implement Central Store location for your administrative templates. Where is the Central Store located?

C:WindowsPolicyDefinitions

C:WindowsStore

C:WindowsCentral

C:WindowsSYSVOLdomainPoliciesPolicyDefinitions

Question 40 of 50

41. You have domain contoso.com. You have set of GPO to comply with security requirements in your company. Your company acquired another company bubble.com. You want to apply same GPO to new domain to match same in your domain. What needs to be redefined when you copy GPOs between domains?

Security settings

Account settings

Password policy

Security principals

Question 41 of 50

42. How do you decrypt an EFS-encrypted file for a person who has left an organization?

Use a USB with the username and username password in a text file.

Remove the computer with the files from the domain.

Use a DRA.

Create the master certificate to encrypt the certificate, and then decrypt the certificate.

Question 42 of 50

43. You have a new server called Server1 that you just assigned an IPv6 address. You need to
ensure that clients can find the server’s address. Which resource record should you use?

SRV

AAAA

CNAME

Question 43 of 50

44. Which policy is used to establish sets of conditions and settings that specify which
RADIUS servers perform the authentication, authorization, and accounting of connection
requests received by the NPS server from RADIUS clients?

Connection request policies

Network policies

Health policies

Accounting policies

Question 44 of 50

45. In order of first to last, specify the tasks that must be completed before you can deploy
updates using WSUS. (Not all tasks will be required.)

2 Create computer groups.
Configure Internet Options in Internet Explorer to use the proxy server.
3 Configure the clients to use WSUS using group policies.
1 Select the type of updates to download and synchronize updates.
Add *Microsoft.com* to the Windows firewall to allow all packets.
4 Approve the updates for deployment.

Question 45 of 50

46. You have the following servers for DirectAccess:
• Domain Controller/DNS server running Windows Server 2008 operating at
Windows Server 2003 domain functional level
• Certificate Authority running Windows Server 2012
• File server running Windows Server 2008 R2
• DirectAccess Server running Windows Server 2012
Which of the following servers do you need to modify?

Run the Certificate Authority in Windows Server 2008 R2 compatibilitymode.

Install the IIS 6.0 compatibility tools on the DirectAccess server

Upgrade the file server to Windows Server 2012

Upgrade the domain controller to Windows Server 2008 R2.

Question 46 of 50

47. Which account runs a service on multiple computers that belong to a cluster and that
automatically have the password changed on a regular basis?

Group managed service account

User account

Managed service account

Computer account

Question 47 of 50

48. You have domain contoso.com. You have two domain controllers in your domain Server1 and Server2 built on Windows Server 2012R2. Domain functional level of your domain Windows 2003. Forest functional level Windows Server 2008. You have remote site where you decided to deploy RODC due security requirements. What is the minimum forest functional level for deploying RODC?

Windows Server 2003

Windows Server 2008

Windows Server 2012

Windows Server 2008 R2

Question 48 of 50

49. You are an administrator of several regional offices. You install WDS on Server1 and
create three images for each regional office. You want to deploy the images using WDS,
but you want to ensure that the administrator for each regional office can view only the
images for his or her regional office. Which of the following actions should you perform?

Place the images for each regional office into a separate image group on the WDS server.Then grant each administrator permission to his or her regional office’s image group.

Add all images to an image group and assign administrator permissions to the imagegroup.

Create an OU for each regional office and place the computers in the appropriateregional OU.

Grant each administrator administrative permissions to the images assigned to theregional office.

Question 49 of 50

50. Which of the following are reasons not to enable auditing for everything? (Choose all
that apply.)

Makes it impossible to secure computer

Logs quickly fill up

Affects performance of computer

Makes it difficult to find relevant events

Question 50 of 50

Administering Windows Server 2012

About Us

Most Popular

Members

Newsletter

Secure Site

About Us

Most Popular

Members

Newsletter

Free IT Webinar Training

Secure Site