Q1. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2008 R2. All domain controllers are installed on physical servers. The network contains several Hyper-V hosts.
The network contains a Microsoft System Center 2012 infrastructure.
You plan to use domain controller cloning to deploy several domain controllers that will run Windows Server 2012.
You need to recommend which changes must be made to the network infrastructure before you can use domain controller cloning.
What should you recommend?
A. Upgrade a global catalog server to Windows Server 2012. Deploy Virtual Machine Manager (VMM).
B. Upgrade a global catalog server to Windows Server 2012. Install the Windows Deployment Services server role on a server that runs Windows Server 2012.
C. Upgrade the domain controller that has the PDC emulator operations master role to Windows Server 2012. Deploy a Hyper-V host that runs Windows Server 2012.
D. Upgrade the domain controller that has the infrastructure master operations master role to Windows Server 2012. Install the Windows Deployment Services server role on a server that runs Windows Server 2012.
Answer: C
Explanation: The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows Server 2012, but it does not have to be running on a hypervisor.
Reference: Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100)
Q2. - (Topic 8)
You are designing an Active Directory forest for a company named Contoso, Ltd. Contoso identifies the following administration requirements for the design:
. User account administration and Group Policy administration will be performed by
network technicians. The technicians will be added to a group named OUAdmins.
. IT staff who are responsible for backing up servers will have user accounts that are members of the Backup Operators group in the domain.
. All user accounts will be located in an organizational unit (OU) named AllEmployees.
You run the Delegation of Control Wizard and assign the OUAdmins group full control to all of the objects in the AllEmployeesOU.
After delegating the required permissions, you discover that the user accounts of some of the IT staff have inconsistent permissions on the objects in AllEmployees.
You need to recommend a solution to ensure that the members of OUAdmins can manage all of the objects in AllEmployees.
What should you include in the recommendation?
A. Remove the IT staff user accounts from Backup Operators and place them in a new group. Grant the new group the Backup files and directories user right and the Restore files and directories user right. Enforce permission inheritance on all of the objects in the AllEmployeesOU.
B. Create separate administrator user accounts for the technicians. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Delegate permissions to the new user accounts.
C. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard.
D. Move the user accounts of the technicians to a separate OU. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard on the AllEmployeesOU.
Answer: C
Q3. - (Topic 1)
You are evaluating the implementation of data deduplication on the planned Windows Server 2012 file servers.
The planned servers will have the identical disk configurations as the current servers.
You need to identify which volumes can be enabled for data deduplication.
Which volumes should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
A. C
B. D
C. E
D. The CSV
E. DATA
Answer: C,E
Explanation:
* Scenario: A mounted virtual hard disk (VHD) named DATA that is formatted NTFS A simple volume named E that is formatted NTFS * It slices, it dices, and it cleans your floors! Well, the Data Deduplication feature doesn't do everything in this version. It is only available in certain Windows Server 2012 editions and has some limitations. Deduplication was built for NTFS data volumes and it does not support boot or system drives and cannot be used with Cluster Shared Volumes (CSV). We don't support deduplicating live VMs or running SQL databases. See how to determine which volumes are candidates for deduplication on Technet.
Q4. - (Topic 8)
You have a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role installed.
You need to recommend changes to the DNS infrastructure to protect the cache from cache poisoning attacks.
What should you configure on Server1?
A. DNS cache locking
B. The global query block list
C. DNS Security Extensions (DNSSEC)
D. DNS devolution
Answer: A
Explanation: Ache locking is a new feature available if your DNS server is running Windows Server 2008 R2. When you enable cache locking, the DNS server will not allow cached records to be overwritten for the duration of the time to live (TTL) value. Cache locking provides for enhanced security against cache poisoning attacks.
Q5. - (Topic 8)
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The main office contains domain controllers that run Windows Server 2012. The branch office contains a read-only domain controller (RODC) that runs Windows Server 2012.
You need to recommend a solution to control which Active Directory attributes are replicated to the RODC.
What should you include in the recommendation?
A. The partial attribute set
B. The filtered attribute set
C. Application directory partitions
D. Constrained delegation
Answer: B
Explanation: RODC filtered attribute set
Some applications that use AD DS as a data store might have credential-like data (such as passwords, credentials, or encryption keys) that you do not want to be stored on an RODC in case the RODC is compromised. For these types of applications, you can dynamically configure a set of attributes in the schema for domain objects that will not replicate to an RODC. This set of attributes is called the RODC filtered attribute set. Attributes that are defined in the RODC filtered attribute set are not allowed to replicate to any RODCs in the forest.
Reference: AD DS: Read-Only Domain Controllers
Q6. - (Topic 8)
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the DHCP Server server role installed.
All of the client computers that are in a subnet named Subnet1 receive their IP address configurations from Server1.
You plan to add another DHCP server named Server2 to Subnet1.
You need to recommend changes to the DHCP infrastructure to ensure that the client computers continue to receive IP addressing information if a single DHCP server fails.
What should you do?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Create a Network Load Balancing (NLB) cluster.
B. Configure Failover for the scope.
C. Create a DHCP failover cluster.
D. Create a split scope.
Answer: B
Explanation:
One of the great features in Windows Server 2012 R2 is the DHCP failover for Microsoft DHCP scopes. Failover is where the environment suffers an outage of a service which triggers the failover of that service function to a secondary server or site. The assumption for most failover configurations is that the primary server is completely unavailable.
Q7. - (Topic 1)
You are planning the migration of research.contoso.com.
You need to identify which tools must be used to perform the migration.
Which tools should you identify?
A. Active Directory Migration Tool version 3.2 (ADMT v3.2) and Group Policy Management Console (GPMC)
B. Active Directory Federation Services (AD FS) and Microsoft Federation Gateway
C. Active Directory Migration Tool version 3.2 (ADMT v3.2) and Active Directory Federation Services (AD FS)
D. Active Directory Lightweight Directory Services (AD LDS) and Group Policy Management Console (GPMC)
Answer: A
Explanation:
* Scenario:
All of the users and the Group Policy objects (GPOs) in research.contoso.com will be
migrated to contoso.com.
two domain controllers for the research.contoso.com domain. The domain controllers run
Windows Server 2008 R2.
Q8. DRAG DROP - (Topic 8)
You manage a Network Policy Server (NPS) infrastructure that contains four servers named NPSPRX01, NPS01, NPS02, and NPS03. All servers run Microsoft Windows Server 2012 R2. NPSPRX01 is configured as an NPS proxy. NPS01, NPS02, and NPS03 are members of a remote RADIUS server group named GR01. GR01 is configured as shown below:
You need to ensure that authentication requests are identified even when a server is unavailable.
If a given server is unavailable, which percentage of authentication requests will another server manage? To answer, drag the appropriate value to the correct scenario. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q9. - (Topic 7)
A company has offices in multiple geographic locations. The sites have high-latency, low-bandwidth connections. You need to implement a multisite Windows Deployment Services (WDS) topology for deploying standard client device images to all sites.
Solution: At each site, you deploy a local WDS server that runs only the Transport role. You configure local DHCP servers to direct local clients to the local WDS server.
Does this meet the goal?
A. Yes
B. No
Answer: A
Reference: Windows Deployment Services Getting Started Guide for Windows Server 2012
Q10. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain
contains an organizational unit (OU) named OU1.
You have a Group Policy object (GPO) named GPO1 that is linked to contoso.com. GPO1 contains custom security settings.
You need to design a Group Policy strategy to meet the following requirements:
. The security settings in GPO1 must be applied to all client computers.
. Only GPO1 and other GPOs that are linked to OU1 must be applied to the client computers in OU1.
What should you include in the design?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Enable the Block Inheritance option at the domain level. Enable the Enforced option on GPO1.
B. Enable the Block Inheritance option on OU1. Link GPO1 to OU1.
C. Enable the Block Inheritance option on OU1. Enable the Enforced option on all of the GPOs linked to OU1.
D. Enable the Block Inheritance option on OU1. Enable the Enforced option on GPO1.
Answer: D
Explanation: * You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level.
* GPO links that are enforced cannot be blocked from the parent container.