Q1.Your network contains an Active Directory domain named contoso.com. The domain contains a servernamed Windows Server 2012 R2. You create a group Managed Service Account named gservice1. Youneed to configure a service named Service1 to run as the gservice1 account. How should you configureService1?
A. From the Services console, configure the General settings.
B. From Windows PowerShell, run Set-Service and specify the -StartupType parameter.
C. From a command prompt, run sc.exe and specify the config parameter.
D. From a command prompt, run sc.exe and specify the privs parameter.
Option C is correct.
A. General settings only allow you to stop, start and set type/paramaters
B. Set-Service provides a way for you to change the Description, StartupType, or DisplayName of a service
C. Modifies service configuration
D. Sets the response/action on service failure
http://windows.microsoft.com/en-us/windows-vista/using-system-configuration http://technet.microsoft.com/en-us/library/ee176963.aspx http://technet.microsoft.com/en-us/library/cc990290(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc738230(v=ws.10).aspx
Q2.Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC1 that runs Windows Server 2012 R2. A user named User1 attempts to log on to DO,but receives the error message shown in the exhibit.
You need to ensure that User1 can log on to DC1. What should you do?
A. Modify the Account is sensitive and cannot be delegated setting of the User1 account.
B. Grant User1 the Allow log on locally user right.
C. Modify the Logon Workstations setting of the User1 account.
D. Add User1 to the Remote Management Users group.
Option B is correct.
Domain controllers, by default, restrict the types of user accounts that have the ability to log on locally.Domain controllers, by default, restrict the types of user accounts that have the ability to log on locally.By default, only members of the Account Operators, Administrators, Backup Operators, Print Operators,andServer Operators groups have the Allowed logon locally system right. If you want to grant a useraccount theability to log on locally to a domain controller, you must either make that user a member of agroup that alreadyhas the Allowed logon locally system right or grant the right to that user account.Edit Default Domain Controllers Policy Expand Computer Configuration, Policies, Windows Settings,Security Settings, Local Policies, click UserRights Assignment.Double-click Allow Logon Locally.http://technet.microsoft.com/en-us/library/ee957044(v=ws.10).aspx
Q3.Your company has a remote office that contains 600 client computers on a single subnet. You need toselect a subnet mask for the network that will support all of the client computers. The solution mustminimize the number of unused addresses. Which subnet mask should you select?
Option A is correct.
Using a subnet mask of 255.255.252.0 will result in the fewest number of unused IP addresses.
Q4.Your network contains an Active Directory domain named contoso.com. The network contains 500 clientcomputers that run Windows 8. All of the client computers connect to the Internet by using a web proxy.You deploy a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Serverserver role installed. You configure all of the client computers to use Server1 as their primary DNS server.You need to prevent Server1 from attempting to resolve Internet host names for the client computers. Whatshould you do on Server1?
A. Configure the Security settings of the contoso.com zone.
B. Remove all root hints.
C. Create a primary zone named ".".
D. Create a primary zone named "root".
E. Create a primary zone named "GlobalNames".
F. Create a forwarder that points to 169.254.0.1.
G. Create a stub zone named "root".
H. Create a zone delegation for GlobalNames.contoso.com.
Option B,C are correct.
B. necessary to remove the default root hints files
C. Create a primary zone named "." ( dot zone, root )
When you install DNS on a Windows server that does not have a connection to the Internet, the zone forthe domain is created and a root zone, also known as a dot zone, is also created. This root zone mayprevent access to the Internet for DNS and for clients of the DNS. If there is a root zone, there are no otherzones other than those that are listed with DNS, and you cannot configure forwarders or root hint servers.Root domain This is the top of the tree, representing an unnamed level; it is sometimes shown as twoempty quotation marks (""), indicating a null value. When used in a DNS domain name, it is stated by atrailing period (.) to designate that the name is located at the root or highest level of the domain hierarchy. Inthis instance, the DNS domain name is considered to be complete and points to an exact location in thetree of names. Names stated this way are called fully qualified domain names (FQDNs).
http://technet.microsoft.com/en-us/library/cc772774%28v=ws.10%29.aspx http://youtu.be/KjMDtlR6Mhk http://support.microsoft.com/kb/298148/en-us
Q5.Your network contains a single Active Directory domain named contoso.com. The network contains twosubnets. The subnets are configured as shown in the following table.
The network contains a member server named Server1 that runs Windows Server 2012 R2. Server1 hasthe DHCP Server server role installed. Server1 is configured to lease IP addresses to the two subnets. Youdiscover that computers on the Warehouse subnet that have static IP addresses can communicate with thecomputers on the MainOffice subnet. Computers on the Warehouse subnet that obtain an IP addressautomatically can only communicate with other computers on the Warehouse subnet. You need to ensurethat all of the computers on the Warehouse subnet can communicate with the computers on the MainOfficesubnet. Which DHCP option should you configure on Server1?
A. 003 Router
B. 011 Resource Location Servers
C. 020 Nonlocal Source Routing
D. 019 IP Layer Forwarding
Option A is correct.
A. This option is normally used to assign a default gateway to DHCP clients on a subnet. A DHCP
clientrequests this option.
B. This option specifies a list of IP addresses for resource location servers
C. This option specifies whether the DHCP client enables or disables the forwarding at the IP layer
ofdatagrams that contain source routing information and were sent by a non-local host.
D. This option specifies whether the DHCP client should enable or disable forwarding of datagrams at the
Q6.Your network contains three servers that run Windows Server 2012 R2. The servers are configured asshown in the following table.
Server3 is configured to obtain an IP address automatically. You need to prevent Server3 from receiving anIP address from Server1. What should you create on Server1?
A. A reservation
B. A filter
C. A scope option
D. An exclusion
Option B is correct.
A. For clients that require a constant IP address
B. Filter to exclude MAC address of Server3
C. Range of allowed IP's to be assigned
D. Exclude range of IP's
MAC address based filtering ensure that only a known set of devices in the system are able to obtain anIPAddress from the DHCP
Reservation and Exclusion, two incredibly different concepts. An exclusion is an address or range ofaddresses taken from a DHCP scope that the DHCP server is notallowed to hand out. For example, if youhave set a DHCP server to exclude the address range 192.168.0.1-192.168.0.10 then the only way acomputer on your network would get an address of 192.168.0.4 would be ifyou assigned it statically on thatmachine. This is because DHCP knows NOT to give this range of IPaddresses out. A reservation is aspecific IP addresses that is tied to a certain device through its MAC address. Forexample, if we have aworkstation on the network that requires a certain IP address, but we don't want to gothrough to trouble ofassigning it statically, then we can create a reservation for it. So if the MAC address of theNIC on thecomputer is AA-BB-00FF-CC-AA and we want it to maintain the IP address of 192.168.0.100 thenwe wouldcreate a DHCP reservation under that particular scope saying that the IP address 192.168.0.100 is reservedonly for the MAC address AA-BB-00-FF-CC-AA.http://technet.microsoft.com/en-us/magazine/ff521761.aspx http://technet.microsoft.com/en-us/library/cc726954(v=ws.10).aspx http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Network/DHCPReservationsandExclusions.html
Q7.Your network contains an Active Directory domain named contoso.com. The domain contains two domaincontrollers. The domain controllers are configured as shown in the following table.
In the perimeter network, you install a new server named Server1 that runs Windows Server 2012 R2.Server1 is in a workgroup. You need to perform an offline domain join of Server1 to the contoso.comdomain. What should you do first?
A. Transfer the PDC emulator role to Dc1.
B. Run the djoin.exe command.
C. Run the dsadd.exe command.
D. Transfer the infrastructure master role to DC1.
Option B is correct.
A. Creates a new Active Directory computer.
B. Use djoin for offline join in the perimeter network
C. Adds specific types of objects to the directory.
D. Add the local computer to a domain or workgroup.
To perform an offline domain join, you run commands by using a new tool named Djoin.exe. You useDjoin.exe to provision computer account data into AD DS. You also use it to insert the computer accountdata intothe Windows directory of the destination computer, which is the computer that you want to join tothe domain. Create the account djoin /provision /domain winsrvtuts.wst /machine Win7 /savefile c:\yourFile.txt Run on the target systemdjoin /requestodj /loadfile c:\yourFile.txt /windowspath c:\Windows /localos http://technet.microsoft.com/en-us/library/ee617245.aspx http://technet.microsoft.com/en-us/library/ff793312(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc753708(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh849798.aspx http://winsrvtuts.com/2011/08/off-line-domain-join-with-djoin-exe/ http://technet.microsoft.com/en-us/library/offline-domain-join-djoin-step-bystep%28v=ws.10%29.aspx
Q8.Your network contains an Active Directory forest. The forest contains two domains named contoso.com andcorp.contoso.com. The forest contains four domain controllers. The domain controllers are configured asshown in the following table.
All domain controllers are DNS servers. In the corp.contoso.com domain, you plan to deploy a new domaincontroller named DCS. You need to identify which domain controller must be online to ensure that DCS canbe promoted successfully to a domain controller. Which domain controller should you identify?
Option C is correct.
A. Wrong Domain
B. Wrong Domain
C. Right domain, RID Master must be online
D. Right domain but Not needed to be online
Relative ID (RID) Master:Allocates active and standby RID pools to replica domain controllers in the same domain.(corp.contoso.com) Must be online for newly promoted domain controllers to obtain a local RID pool that isrequired to advertise or when existing domain controllers have to update their current or standby RID poolallocation.The RID master is responsible for processing RID pool requests from all domain controllers in a particulardomain. When a DC creates a security principal object such as a user or group, it attaches a uniqueSecurity ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs created in adomain), and a relative ID (RID) that is unique for each security principal SID created in a domain. Each DCin a domain is allocated a pool of RIDs that it is allowed to assign to the security principals it creates. Whena DC's allocated RID pool falls below a threshold, that DC issues a request for additional RIDs to thedomain's RID master. The domain RID master responds to the request by retrieving RIDs from thedomain's unallocated RID pool and assigns them to the pool of the requesting DC At any one time, therecan be only one domain controller acting as the RID master in the domain.
Q9.Your network contains an Active Directory domain named contoso.com. You log on to a domain controllerby using an account named Admin1. Admin1 is a member of the Domain Admins group. You view theproperties of a group named Group1 as shown in the exhibit. Group1 is located in an organizational unit(OU) named OU1. You need to ensure that users from Group1 can modify the Security settings of OU1only. What should you do from Active Directory Users and Computers?
A. Modify the Managed By settings on OU1.
B. Right-click contoso.com and select Delegate Control.
C. Right-click OU1 and select Delegate Control.
D. Modify the Security settings of Group1.
Option C is correct.
A. The distinguished name of the user that is assigned to manage this object.
B. Would delegate control to the whole domain
C. Delegates control to the OU OU1 only
D. Wrong Feature
An organizational unit is the smallest scope or unit to which you can assign Group Policy settings ordelegate administrative authority. A user can have administrative authority for all organizational units in adomain or for a single organizational unit. You can delegate administrative control to any level of a domaintree by creating organizational units within a domain and delegating administrative control for specificorganizational units to particular users or groups. Administrative control can be assigned to a user or groupby using the Delegation of Control Wizard or through the Authorization Manager console. Both of thesetools allow you to assign rights or permissions to particular users or groups. http://technet.microsoft.com/en-us/library/cc758565%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/cc778807%28v=ws.10%29.aspx http://msdn.microsoft.com/en-us/library/windows/desktop/ms676857(v=vs.85).aspx http://technet.microsoft.com/en-us/library/cc732524.aspx
Q10.Your network contains an Active Directory forest named contoso.com. All domain controllers currently runWindows Server 2008 R2. You plan to install a new domain controller named DC4 that runs WindowsServer 2012 R2. The new domain controller will have the following configurations:- Schema master- Global catalog server- DNS Server server role- Active Directory Certificate Services server roleYou need to identify which configurations Administrators by using the Active Directory Installation Wizard.Which two configurations should you identify? (Each correct answer presents part of the solution. Choosetwo.)
A. Transfer the schema master.
B. Enable the global catalog server.
C. Install the DNS Server role
D. Install the Active Directory Certificate Services role.
Option A,D are correct.
AD Installation Wizard will automatically install DNS and allows for the option to set it as a global catalogserver. ADCS and schema must be done separately.