Q121. DRAG DROP
Your network contains an Active Directory domain named contoso.com.
You need to ensure that third-party devices can use Workplace Join to access domain resources on the Internet.
Which four actions should you perform in sequence?
To answer, move the appropriate four actions from the list of actions to the answer area
and arrange them in the correct order.
Answer:
Q122. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. Cluster1 hosts 10 virtual machines. All of the virtual machines run Windows Server 2012 R2 and are members of the domain.
You need to ensure that the first time a service named Service1 fails on a virtual machine, the virtual machine is moved to a different node.
You configure Service1 to be monitored from Failover Cluster Manager.
What should you configure on the virtual machine?
A. From the Recovery settings of Service1, set the First failure recovery action to Take No Action.
B. From the General settings, modify the Startup type.
C. From the Recovery settings of Service1, set the First failure recovery action to Restart the Service.
D. From the General settings, modify the Service status.
Answer: A
Explanation:
When a monitored service fails the Recovery features of the service will take action.
Example:
Service Recovery
In this case for the first failure the service will be restarted by the Service Control Manager inside the guest operating system, if the service fails for a second time the service will again be restarted via guest operating system. In case of a third failure the Service Control Manager will take no action and the Cluster service running on the Hyper-V host will take over recovery actions.
Reference: How to configure VM Monitoring in Windows Server 2012
Q123. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. All servers run Windows Server 2012 R2.
You install the DHCP Server server role on both servers.
On Server1, you have the DHCP scope configured as shown in the exhibit. (Click the Exhibit button.)
You need to configure the scope to be load-balanced across Server1 and Server2.
What Windows PowerShell cmdlet should you run on Server1? To answer, select the appropriate options in the answer area.
Answer:
Q124. Your network contains an Active Directory domain named contoso.com. All servers run
Windows Server 2012 R2. The domain contains a domain controller named DC1 that is
configured as an enterprise root certification authority (CA).
All users in the domain are issued a smart card and are required to log on to their domain-
joined client computer by using their smart card.
A user named User1 resigned and started to work for a competing company.
You need to prevent User1 immediately from logging on to any computer in the domain.
The solution must not prevent other users from logging on to the domain.
Which tool should you use?
A. Server Manager
B. The Certification Authority console
C. Active Directory Administrative Center
D. Active Directory Sites and Services
Answer: C
Q125. You configure the nodes to use the port rule shown in the exhibit. (Click the Exhibit button.)
You need to configure the NLB cluster to meet the following requirements:
. HTTPS connections must be directed to Server1 if Serverl is available. . HTTP connections must be load balanced between the two nodes.
Which three actions should you perform? {Each correct answer presents part of the solution. Choose three.
A. From the host properties of Server2, set the Handling priority of the existing port rule to 2.
B. Create a port rule for TCP port 80. Set the Filtering mode to Multiple host and set the Affinity to None.
C. Create an additional port rule for TCP port 443. Set the Filtering mode to Multiple host and set the Affinity to Single.
D. From the host properties of Server1, set the Handling priority of the existing port rule to 2.
E. From the host properties of Server2, set the Priority (Unique host ID) value to 1.
F. From the host properties of Server1, set the Handling priority of the existing port rule to 1.
Answer: A,B,F
Explanation:
Multiple hosts. This parameter specifies that multiple hosts in the cluster handle network traffic for the associated port rule. This filtering mode provides scaled performance in addition to fault tolerance by distributing the network load among multiple hosts. You can specify that the load be equally distributed among the hosts or that each host handle a specified load weight.
Note: Handling priority: When Single host filtering mode is being used, this parameter specifies the local host's priority for handling the networking traffic for the associated port rule. The host with the highest handling priority (lowest numerical value) for this rule among the current members of the cluster will handle all of the traffic for this rule. The allowed values range from 1, the highest priority, to the maximum number of hosts allowed (32). This value must be unique for all hosts in the cluster.
Reference: Network Load Balancing parameters.
Q126. Your network contains a perimeter network and an internal network. The internal network contains an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store.
You plan to deploy a federation server proxy to a server named Server2 in the perimeter network.
You need to identify which value must be included in the certificate that is deployed to Server2.
What should you identify?
A. The FQDN of the AD FS server
B. The name of the Federation Service
C. The name of the Active Directory domain
D. The public IP address of Server2
Answer: A
Explanation:
To add a host (A) record to corporate DNS for a federation server On a DNS server for the corporate network, open the DNS snap-in.
1. In the console tree, right-click the applicable forward lookup zone, and then click New Host (A).
2. In Name, type only the computer name of the federation server or federation server cluster (for example, type fs for the fully qualified domain name (FQDN) fs.adatum.com).
3. In IP address, type the IP address for the federation server or federation server cluster (for example, 192.168.1.4).
4. Click Add Host.
Reference: Add a host (A) record to corporate DNS for a federation server
http://technet.microsoft.com/en-us/library/cc776786(v=ws.10).aspx
Q127. DRAG DROP
Your network contains an Active Directory domain named contoso.com. All file servers in the domain run Windows Server 2012 R2.
The computer accounts of the file servers are in an organizational unit (OU) named OU1. A Group Policy object (GPO) named GPO1 is linked to OU1.
You plan to modify the NTFS permissions for many folders on the file servers by using central access policies.
You need to identify any users who will be denied access to resources that they can currently access once the new permissions are implemented.
In which order should you Perform the five actions?
Answer:
Q128. Your network contains an Active Directory forest named contoso.com. The forest contains four domains. All servers run Windows Server 2012 R2.
Each domain has a user named User1.
You have a file server named Server1 that is used to synchronize user folders by using the Work Folders role service.
Server1 has a work folder named Sync1.
You need to ensure that each user has a separate folder in Sync1.
What should you do?
A. From Windows Explorer, modify the Sharing properties of Sync1.
B. Run the Set-SyncServerSetting cmdlet.
C. From File and Storage Services in Server Manager, modify the properties of Sync1.
D. Run the Set-SyncShare cmdlet.
Answer: D
Explanation:
The Set-SyncShare cmdlet modifies the settings for a sync share.
Example: Modify a sync share to add a user group
This example modifies settings on the share named Share01, and enables the user group
named ContosoEngGroup to access the share.
The first command uses the Get-SyncShare cmdlet to retrieve the sync share for Share01,
and assigns the results to the variable $Current.
The second command uses the Set-SyncShare cmdlet to modify the sync share and add
the current user and the ContosoEngGroup to the list of users allowed to access the share.
PS C:\> $Current = Get-SyncShare Share01
PS C:\> Set-SyncShare Share01 -User $Current.user,"ContosoEngGroup"
PS C:\> Get-SyncShare Share01 // See %username below% !!
ConflictResolutionPolicy : KeepLatest
Description :
DevicePolicy : Share01
Enabled : True ExclusiveAccessToUser : False Name : Share01 Path : K:\Share01 StagingFolder : K:\EcsStagingArea\Share01 StagingQuota : 1099511627776 StagingQuotaPerUser : 10737418240 Type : User Data User : {HRGroup, EngGroup} UserFolderName : %username% // <-- This line!! PSComputerName
Reference: Set-SyncShare
http://technet.microsoft.com/en-US/library/dn296649.aspx
Q129. DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2.
All domain user accounts have the Division attribute automatically populated as part of the user provisioning process. The Support for Dynamic Access Control and Kerberos armoring policy is enabled for the domain.
You need to control access to the file shares on Server1 based on the values in the Division attribute and the Division resource property.
Which three actions should you perform in sequence?
Answer:
Q130. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. All client computers run Windows 8.
You need to configure a custom Access Denied message that will be displayed to users when they are denied access to folders or files on Server1.
What should you configure?
A. A classification property
B. The File Server Resource Manager Options
C. A file management task
D. A file screen template
Answer: B
Explanation:
Access-denied assistance can be configured by using the File Server Resource Manager console on the file server.
Note: Access-denied assistance is a new feature in Windows Server 2012, which provides the following ways to troubleshoot issues that are related to access to files and folders:
* Self-assistance. If a user can determine the issue and remediate the problem so that they can get the requested access, the impact to the business is low, and no special exceptions are needed in the central access policy. Access-denied assistance provides an access-denied message that file server administrators can customize with information specific to their organizations. For example, an administrator could set the message so that users can request access from a data owner without involving the file server administrator.
Reference: Scenario: Access-Denied Assistance