Q141. DRAG DROP
You have a file server named Server1 that runs Windows Server 2012 R2. The folders on Server1 are configured as shown in the following table.
A new corporate policy states that backups must use Windows Azure Online Backup whenever possible.
You need to identify which technology you must use to back up Server1. The solution must use Windows Azure Online Backup whenever possible.
What should you identify?
To answer, drag the appropriate backup type to the correct location or locations. Each backup type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q142. HOTSPOT
You have a server named Server1 that runs Windows Server 2012 R2. The volumes on Server1 are configured as shown in the following table.
A new corporate policy states that backups must use Windows Azure Online Backup whenever possible.
You need to identify which backup methods you must use to back up Server1. The solution must use Windows Azure Online Backup whenever possible.
Which backup type should you identify for each volume?
To answer, select the appropriate backup type for each volume in the answer area.
Answer:
Q143. Your network contains an Active Directory forest. The forest contains one domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
DC1 has all of the operations master roles installed.
You transfer all of the operations master roles to DC2, and then you uninstall Active Directory from DC1.
You need to ensure that you can use Password Settings objects (PSOs) in the domain.
What should you do?
A. Change the domain functional level.
B. Upgrade DC2.
C. Run the dcgpofix.exe command.
D. Transfer the schema master role.
Answer: A
Explanation:
The domain functional level must be Windows Server 2008 to use PSO's
Requirements and special considerations for fine-grained password and account lockout policies:
* Domain functional level: The domain functional level must be set to Windows Server 2008
or higher.
Etc.
Incorrect:
Not B. DC2 is also Windows Server 2008.
Not C. Recreates the default Group Policy Objects (GPOs) for a domain
Not D. Schema isn't up to right level
Reference: AD DS: Fine-Grained Password Policies
http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx
Q144. You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server 2012 R2.
You need to force every node in Cluster1 to contact immediately the Windows Server Update Services (WSUS) server on your network for updates.
Which tool should you use?
A. The Add-CauClusterRole cmdlet
B. The Wuauclt command
C. The Wusa command
D. The Invoke-CauScan cmdlet
Answer: A
Explanation:
The Add-CauClusterRole cmdlet adds the Cluster-Aware Updating (CAU) clustered role
that provides the self-updating functionality to the specified cluster. When the CAU
clustered role has been added to a cluster, the failover cluster can update itself on the
schedule that is specified by the user, without requiring an external computer to coordinate
the cluster updating process.
Incorrect:
Not B. The wuauclt utility allows you some control over the functioning of the Windows
Update Agent. It is updated as part of Windows Update.
The following are the command line for wuauclt.
OptionDescription
/a /ResetAuthorization
Initiates an asynchronous background search for applicable updates. If Automatic Updates
is disabled, this option has no effect.
/r /ReportNow
Sends all queued reporting events to the server asynchronously.
/? /h /help
Shows this help information.
Not D.
The Invoke-CauScan cmdlet performs a scan of cluster nodes for applicable updates and
returns a list of the initial set of updates that would be applied to each node in a specified
cluster.
Note: The Invoke-CauRun cmdlet performs a scan of cluster nodes for applicable updates
and installs those updates via an Updating Run on the specified cluster.
Reference: Add-CauClusterRole
http://technet.microsoft.com/en-us/library/hh847235(v=wps.620).aspx
Q145. Your network contains an Active Directory domain named adatum.com. The domain contains a server named CA1 that runs Windows Server 2012 R2. CA1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery.
You need to ensure that a user named User1 can decrypt private keys archived in the Active Directory Certificate Services (AD CS) database. The solution must prevent User1 from retrieving the private keys from the AD CS database.
What should you do?
A. Assign User1 the Issue and Manage Certificates permission to CA1.
B. Assign User1 the Read permission and the Write permission to all certificate templates.
C. Provide User1 with access to a Key Recovery Agent certificate and a private key.
D. Assign User1 the Manage CA permission to CA1.
Answer: C
Explanation:
Understanding the Key Recovery Agent Role KRAs are Information Technology (IT) administrators who can decrypt users’ archived private keys. An organization can assign KRAs by issuing KRA certificates to designated administrators and configure them on the CA. The KRA role is not one of the default roles defined by the Common Criteria specifications but a virtual role that can provide separation between Certificate Managers and the KRAs. This allows the separation between the Certificate Manager, who can retrieve the encrypted key from the CA database but not decrypt it, and the KRA, who can decrypt private keys but not retrieve them from the CA database.
Reference: Understanding User Key Recovery
Q146. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. Server1 has an IPv6 scope named Scope1.
You implement an additional DHCP server named Server2 that runs Windows Server 2012 R2.
You need to provide high availability for Scope1. The solution must minimize administrative effort.
What should you do?
A. Install and configure Network Load Balancing (NLB) on Server1 and Server2.
B. Create a scope on Server2.
C. Configure DHCP failover on Server1.
D. Install and configure Failover Clustering on Server1 and Server2.
Answer: C
Explanation:
Overview: Configure DHCP failover using the DHCP console To configure DHCP failover using the DHCP console, right-click a DHCP scope or right-click IPv4 and then click Configure Failover.
Configure Failover
The Configure Failover wizard guides you through configuring DHCP failover on the
selected scope.
Note: The DHCP server failover feature, available in Windows Server 2012 and later,
provides the ability to have two DHCP servers provide IP addresses and option
configuration to the same subnet or scope, providing for continuous availability of DHCP
service to clients.
Incorrect:
Not A. NLB is not related to DHCP scope availability.
Not B. DHCP failover requirements include:
DHCP Scopes requirement:
At least one IPv4 DHCP scope must be configured on the primary DHCP server.
The same DHCP scope ID, or an overlapping scope, must not be configured on the failover
partner.
Not D. Failover clustering is possibly, but would not minimize administration.
Reference: Deploy DHCP Failover