Q61. DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains four member servers named Server1, Server2, Server3, and Server4. All servers run Windows Server 2012 R2.
Server1 and Server3 are located in a site named Site1. Server2 and Server4 are located in a site named Site2. The servers are configured as nodes in a failover cluster named Cluster1.
Dynamic quorum management is disabled.
Cluster1 is configured to use the Node Majority quorum configuration.
You need to ensure that users in Site2 can access Cluster1 if the network connection between the two sites becomes unavailable.
What should you run from Windows PowerShell?
To answer, drag the appropriate commands to the correct location. Each command may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q62. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1. Both servers connect to the same switch.
Cluster1 hosts a secure web Application named WebApp1. WebApp1 saves user state information in a central database.
You need to ensure that the connections to WebApp1 are distributed evenly between the nodes. The solution must minimize port flooding.
What should you configure? To answer, configure the appropriate affinity and the appropriate mode for Cluster1 in the answer area.
Answer:
Q63. Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 and Server2 are nodes in a failover cluster named Cluster1. The network contains two servers named Server3 and Server4 that run Windows Server 2012 R2. Server3 and Server4 are nodes in a failover cluster named Cluster2.
You need to move all of the applications and the services from Cluster1 to Cluster2.
What should you do first from Failover Cluster Manager?
A. On a server in Cluster2, configure Cluster-Aware Updating.
B. On a server in Cluster2, click Move Core Cluster Resources, and then click Best Possible Node.
C. On a server in Cluster1, click Move Core Cluster Resources, and then click Best Possible Node.
D. On a server in Cluster1, click Migrate Roles.
Answer: D
Explanation:
Incorrect:
Not A. Cluster Aware Updating can greatly simplify the process of applying operating
system patches to Windows Server 2012 or 2012 R2 failover cluster nodes.
Not B. Not C. Move Core Cluster Resources is used to resources from one node to another
within the same cluster.
Reference: Migrating Clustered Services and Applications to Windows Server 2012,
Migration Between Two Multi-Node Clusters
https://technet.microsoft.com/en-us/library/dn486774.aspx#BKMK_Steps_for_migrating
Q64. Your network contains an Active Directory domain named contoso.com. The domain contains four servers named Server1, Server2, Server3, and Server4 that run Windows Server 2012 R2. All servers have the Hyper-V server role and the Failover Clustering feature installed.
You need to replicate virtual machines from Cluster1 to Cluster2.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. From Hyper-V Manager on a node in Cluster2, create three virtual machines.
B. From Cluster2, add and configure the Hyper-V Replica Broker role.
C. From Failover Cluster Manager on Cluster1, configure each virtual machine for replication.
D. From Cluster1, add and configure the Hyper-V Replica Broker role.
E. From Hyper-V Manager on a node in Cluster2 modify the Hyper-V settings.
Answer: C,D,E
Explanation:
D. You must configure the Hyper-V Replica Broker for cluster1.
E. We must configure configure the Replica server to receive replication from primary servers: In Hyper-V Manager, click Hyper-V Settings in the Actions pane.
In the Hyper-V Settings dialog, click Replication Configuration.
In the Details pane, select Enable this computer as a Replica server.
C. Enable virtual machine replication.
Once the hosting server is configured for Replica, you can enable replication for each
virtual machine that you want to be replicated.
Reference: Deploy Hyper-V Replica
https://technet.microsoft.com/en-us/library/jj134207.aspx
Q65. Your network contains one Active Directory domain named contoso.com. The domain contains an IP Address Management (IPAM) server named Server1. Server1 manages several DHCP and DNS servers.
From Server Manager on Server1, you create a custom role for IPAM.
You need to assign the role to a group named IP_Admins.
What should you do?
A. From Windows PowerShell, run the Add-Member cmdlet.
B. From Server Manager, create an access policy.
C. From Windows PowerShell, run the Set-IpamConfiguration cmdlet.
D. From Server Manager, create an access scope.
Answer: B
Explanation: A role is a collection of IPAM operations. You can associate a role with a user or group in Windows using an access policy. Several built-in roles are provided, but you can also create customized roles to meet your business requirements.
Reference: Manage IPAM, Access Control
https://technet.microsoft.com/en-us/library/dn741281.aspx
Q66. HOTSPOT
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The network has the physical sites and TCP/IP subnets configured as shown in the following table.
You have a web application named App1 that is hosted on six separate Web servers. DNS has the host names and IP addresses registered as shown in the following table.
You discover that when users connect to appl.contoso.com, they are connected frequently to a server that is not on their local subnet.
You need to ensure that when the users connect to appl.contoso.com, they connect to a server on their local subnet. The connections must be distributed across the servers that host appl.contoso.com on their subnet.
Which two settings should you configure?
To answer, select the appropriate two settings in the answer area.
Answer:
Q67. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. The system properties of Server1 are shown in the exhibit. (Click the Exhibit button.)
You need to configure Server1 as an enterprise subordinate certification authority (CA).
What should you do first?
A. Add RAM to the server.
B. Set the Startup Type of the Certificate Propagation service to Automatic.
C. Install the Certification Authority Web Enrollment role service.
D. Join Server1 to the contoso.com domain.
Answer: D
Explanation:
Enterprise CAs must be domain members. From the exhibit we see that it is only a
Workgroup member.
Note:
A new CA can be the root CA of a new PKI or subordinate to another in an existing PKI.
Enterprise subordinate certification authority.
An enterprise subordinate CA must get a CA certificate from an enterprise root CA but can
then issue certificates to all users and computers in the enterprise. These types of CAs are
often used for load balancing of an enterprise root CA.
Reference: Install a Subordinate Certification Authority
Q68. Your network contains an Active Directory domain named adatum.com. The domain contains a server named CA1 that runs Windows Server 2012 R2. CA1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery.
You need to ensure that a user named User1 can decrypt private keys archived in the Active Directory Certificate Services (AD CS) database. The solution must prevent User1 from retrieving the private keys from the AD CS database.
What should you do?
A. Assign User1 the Issue and Manage Certificates permission to CA1.
B. Assign User1 the Read permission and the Write permission to all certificate templates.
C. Provide User1 with access to a Key Recovery Agent certificate and a private key.
D. Assign User1 the Manage CA permission to CA1.
Answer: C
Explanation:
Understanding the Key Recovery Agent Role KRAs are Information Technology (IT) administrators who can decrypt users’ archived private keys. An organization can assign KRAs by issuing KRA certificates to designated administrators and configure them on the CA. The KRA role is not one of the default roles defined by the Common Criteria specifications but a virtual role that can provide separation between Certificate Managers and the KRAs. This allows the separation between the Certificate Manager, who can retrieve the encrypted key from the CA database but not decrypt it, and the KRA, who can decrypt private keys but not retrieve them from the CA database.
Reference: Understanding User Key Recovery
Q69. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 has the IP Address Management (IPAM) Server feature installed.
A technician performs maintenance on Server1.
After the maintenance is complete, you discover that you cannot connect to the IPAM server on Server1.
You open the Services console as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can connect to the IPAM server.
Which service should you start?
A. Windows Process Activation Service
B. Windows Event Collector
C. Windows Internal Database
D. Windows Store Service (WSService)
Answer: C
Explanation:
Explanation Windows Internal Database
Windows Internal Database is a relational data store that can be used only by Windows
roles and features.
IPAM does not support external databases. Only a Windows Internal Database is
supported.
IPAM stores 3 years of forensics data (IP address leases, host MAC addresses, user
login/logoff information) for 100,000 users in a Windows Internal Database. There is no
database purge policy provided, and the administrator must purge data manually as
needed.
Incorrect:
Not A. IPAM works even if the Windows Process Activation Service is not running.
Not B. IPAM does not require the Windows Event Collector Service. It need to be running
on the managed DC/DNS/DHCP computers.
Not D. IPAM does not require the Windows Store Service. It provides infrastructure support
for Windows Store.This service is started on demand and if disabled applications bought
using Windows Store will not behave correctly.
Reference: IPAM Deployment Planning
Q70. Your network contains an Active Directory forest named contoso.com. The forest contains
a single domain. The forest functional level is Windows Server 2012 R2.
You have a domain controller named DC1.
On DC1, you create a new Group Policy object (GPO) named GPO1. You need to verify that GPO1 was replicated to all of the domain controllers.
Which tool should you use?
A. Group Policy Management
B. Active Directory Sites and Services
C. DFS Management
D. Active Directory Administrative Center
Answer: A
Explanation:
In Windows Server 2012, the Group Policy Management Console (GPMC) was enhanced to provide a report for the overall health state of the Group Policy infrastructure for a domain, or to scope the health view to a single GPO.
Reference: Check Group Policy Infrastructure Status
http://technet.microsoft.com/en-us/library/jj134176.aspx