Computer Virtualization - ITNW-1313
If you need to manually enable or disable the drain on the shutdown functionality option, configure the cluster's DrainOnShutdown property. You can check the current configuration using the (Get-Cluster).DrainOnShutdown PowerShell cmdlet. What is returned if this functionality is enabled? What is returned if this functionality is disabled?
1, 0
What is the decimal form of the following binary IP address? 11001110.00111010.10101010.01000011
206.58.170.67
Which of the following are valid IP addresses? (Select three.)
224.0.0.1, 137.65.1.1, 172.17.1.3
What is the default pool size of ports for Windows Server 2022?
2500
Your network has a network address of 172.17.0.0 with a subnet mask of 255.255.255.0. Which of the following are true concerning this network? (Select two.)
254 IP addresses can be assigned to host devices., 172.17.0.255 is the network broadcast address.
You need to configure access using Remote Desktop Gateway you have opened port 443 in the external firewall. Which port should you open in the internal firewall?
3389
What is the maximum capacity of the Azure VM disk that holds the operating system?
4095 GB
Which of the following ports does TACACS use?
49
Which of the following BEST describes a WAP?
A Windows Server service that allows users to use any device to access applications from outside the corporate network.
Which of the following BEST describes a Hyper-V replica?
A back up if the Hyper-V server has failed.
Which of the following best describes a restricted groups policy?
A client configuration that can be used to control membership for groups that require high security.
Which of the following best describes Azure Active Directory?
A cloud-based authentication service.
Which of the following best describes an RODC?
A domain controller that hosts read-only partitions of Active Directory's database.
Which of the following BEST describes a guest cluster?
A failover cluster where the nodes are virtual machines running on Hyper-V servers.
Which of the following are items needed to implement an Azure extended network? (Select two.)
A firewall configured to allow for asymmetric routing. Site-to-Site (S2S) VPN connection or the Azure express connection.
What is the key difference between a managed service account and a group-managed service account?
A managed service account can be used on only one computer in a domain.
Which of the following BEST describes ADUC?
A management console used for administering Active Directory objects.
Which of the following is true about a default trust automatically created between domains in a forest?
A parent/child trust exists between a parent domain and the immediate child domain.
Which of the following best describes an Active Directory site?
A physical grouping of well-connected IP subnets which are connected with high-speed links.
Which of the following BEST describes an Azure network adapter?
A point-to-site (P2S) VPN connection
Which of the following devices is MOST LIKELY to be assigned a public IP address?
A router that connects your home network to the internet.
Which of the following BEST describes a network policy?
A set of conditions, constraints, and settings used to authorize which remote users and computers can or cannot connect to a network.
You need to add a new Windows server to an Active Directory domain. You intend to make this new server a domain controller. This server was installed with a server core deployment, so you'll need to install the Active Directory Domain Services role from the PowerShell console. From the drop-down list, select the name of the service you would enter to complete the following PowerShell command: Install-WindowsFeature -Name ________________________ -includemanagementtools
AD-Domain-Services
You are the network administrator for westsim.com. The network consists of one Active Directory domain that contains 1,500 users. westsim.com has one main office and 15 branch offices. There are three domain controllers at the main office and one domain controller at each branch office. You have been asked to identify which domain controller hosts the schema master role. Which utilities should you use? (Select two.)
Active Directory Schema snap-in, Dsquery
You manage a network with a single domain named eastsim.com. The network currently has three domain controllers. During installation, you did not designate one of the domain controllers as a global catalog server. Now you need to make the domain controller a global catalog server. Which tool should you use to accomplish this task?
Active Directory Users and Computers or Active Directory Sites and Services
Which group is assigned to the Allow log on locally right assigned to by default for workstations and member servers?
Administrators
Which of the following BEST describes an Azure relay?
Allows for scoping instead of the shotgun approach of a VPN connection.
What is the primary purpose of RADIUS?
Authenticate remote clients before access to the network is granted.
You manage several Windows workstations in your domain. You want to configure a GPO that will make them prompt for additional credentials whenever a sensitive action is taken. What should you do?
Configure User Account Control (UAC) settings.
You are the network administrator for a small company using Windows Server 2016 and Windows 10 clients. A few of the company's employees want to work from home occasionally . You have decided to provide access using a VPN. What should you do?
Configure a remote access VPN.
You manage a network with a single domain named widgets.com. The network has multiple domain controllers at two locations: Chicago and Baltimore. A WAN link connects the two locations. You create two site objects and configure a site link object to connect the two sites. To reduce WAN traffic between the two sites, you would like to take advantage of the remote differential compression feature for SYSVOL replication. What should you do?
Configure all domain controllers to use DFS replication.
You are the network administrator for your company. Your network consists of two Active Directory domains, named research.westsim.local and sales.westsim.local. Your company has two sites, Dallas and Houston. Each site has two domain controllers, one for each domain. Users in Houston who are members of the sales.westsim.local domain report slow performance when logging in and accessing files in Dallas. Users in Dallas do not report any problems logging in and accessing local resources. You want all users in Houston to experience adequate login and resource access response time. What should you do?
Configure one of the domain controllers in Houston to be a Global Catalog server.
There are several terms used to describe Azure AD application proxy services. Which of the following terms refers to lightweight agents that communicate between Azure AD application proxy architecture components?
Connectors
You are the network administrator of a network that spans two locations, Atlanta and Dallas. Atlanta and Dallas are connected using a dedicated WAN link. The Atlanta location is also connected to the internet. A single Active Directory domain spans both locations, and each location has a single domain controller. You have not used the Active Directory Sites and Services snap-in to make any changes to the default configuration. Users in Dallas complain that internet access is very slow at times. After monitoring the network traffic across the WAN link, you discover that the slow performance occurs after major changes are made to Active Directory. What is the first step for solving this problem?
Create a new site object in Active Directory and move the server object for the Dallas domain controller into the new site.
You manage a single domain named southsim.com. The network has three locations: Seattle, Portland, and Boise. You need to configure Active Directory sites so that resource access and logon are localized for each location and WAN traffic is minimized. See the image for a diagram of the WAN links connecting each location, as well as the number of users and domain controllers in each location. What should you do?
Create a site for Seattle and a site that includes both the Portland and Boise locations.
You are the network administrator for corpnet.com. You have implemented Active Directory Federation Services (AD FS) to enable single sign-on to a web application named WApp1. You need to enable internet users to access WApp1 using AD FS. You install WAP in the perimeter network. You need to enable internet users to contact the federation proxy server. What should you do first?
Create an A record in the corpnet.com zone hosted on the internet.
Which of the following can be configured using permissions?
Deny access to files
You are configuring a new external virtual switch in your Hyper-V host. You want the virtual machines running on the host to be able to use the physical network adapter installed in the system instead of virtual network interfaces. Click the option you would use to configure the virtual switch in this manner.
Enable single-root I/O virtualization (SR-IOV)
You are the administrator for the widgets.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. From your workstation, you create a GPO that configures settings from a custom .admx file. You link the GPO to the Sales OU. You need to make some modifications to the GPO settings from the server console. However, when you open the GPO, the custom administrative template settings are not shown. What should you do?
Enable the Administrative Templates central store in Active Directory. Copy the .admx file to the central store location.
Which of the following is a virtual network where virtual machines are bound to a physical NIC that connects them to a physical network that the Hyper-V host is connected to?
External Virtual Network
Click on the menu option that allows you to verify that the virtual machine queue feature is enabled for a virtual machine.
Hardware Acceleration
When you initially created your external virtual switch in Hyper-V Manager, you configured the virtual machines to directly use the Broadcom NetXtreme 57xx Gigabit Controller installed on the host, instead of a virtual network adapter. You recently created a new Windows Server virtual machine on this host named DevSrv and connected its network adapter to the external virtual switch. You now want to enable the virtual machine to use the physical adapter on the host. Click the option you would use in the virtual machine's settings to do this.
Hardware Acceleration
Which of the following is a setting usually made in the BIOS or UEFI that enables efficient virtualization use of the hardware environment?
Hardware-Assisted Virtualization
You want to implement an Azure WAN solution where there is a central management location for external connections and hosting services and VNnets to connect to the central location to host workloads. Which of the following Azure WAN solutions will meet your networking requirements?
Hub-and-spoke architecture
You are the network administrator for corpnet.com. The company has a main office and two branch offices named Branch1 and Branch2. The main office has two domain controllers named DC1 and DC2. The Branch1 branch office has one domain controller named DC3. There are no domain controllers at the Branch2 location. In Active Directory Sites and Services, you have created a site that corresponds to each location. You have also created IP site links between each site. You discover that users from Branch2 are being authenticated by all three domain controllers. You need to ensure that users in Branch2 are only authenticated by DC1 or DC2. Users in Branch2 should only be authenticated by DC3 if the domain controllers at the main office are unavailable. What should you do?
Increase the cost of the site link between Branch1 and Branch2.
You are working in Hyper-V Manager on a system that hosts several Windows Server 2008 R2 virtual machines. You create snapshots of these virtual machines nightly as part of your disaster recovery plan. Users are complaining that they can no longer access the virtual servers. In Hyper-V Manager, they are identified as being in a Paused-Critical state. What should you do? (Select two. Each answer is a part of the overall solution.)
Install a new physical hard disk in the hypervisor host., Move the snapshot files to the new hard disk.
An Azure AD application proxy is designed to provide access for a specific type of application. Which of the following BEST describes that application type?
Legacy applications not capable of modern protocol usage.
Which of the following is TRUE regarding an Azure extended network?
Lets on-premises VMs keep their original on-premises private IP addresses when migrating to Azure.
What does the netdom query fsmo command do?
Lists the FSMO roles and identifies the server on which they are running.
During which migration type can be the migration be planned or unplanned?
Live migration
There are several terms used to describe Azure AD application proxy services. Which of the following terms refers to using either hardware or software to distribute the workload among at least two servers?
Load balancing
The sales department in your organization needs you to deploy a new web-based contact management application for them. The application runs only on Windows Server 2008 R2. You don't have a budget for new hardware, but you do have unused licenses available for this operating system. You decide to create a new virtual machine on an existing Windows Server 2016 Hyper-V host in your network. You plan to configure the virtual machine as follows: Specify a Generation 2 virtual machine. Create a 200 GB virtual SCSI hard disk (VHDX) for the system volume. Create a 1 TB virtual SCSI hard disk (VHDX) for application data. Create a virtual SCSI optical drive. Install a 64-bit version of Windows Server 2008 R2. Will this configuration work?
No. Windows Server 2008 R2 is not supported in Generation 2 virtual machines.
What should you do before you start configuring a remote desktop gateway?
Obtain an SSL certificate
You manage the remote access solution for your network. Currently, you have two remote access servers, RA1 and RA2, with an additional server, RA3, configured as a RADIUS server. You need to configure RA1 and RA2 to forward authentication requests to RA3. What should you do?
On RA1 and RA2, run Routing and Remote Access. Edit the properties of the server and configure it to use RA3 for authentication.
You are the administrator for a network with a single Active Directory domain named widgets.local. The widgets.local domain has an organizational unit object for each major department in the company, including the Information Systems department. User objects are located in their respective departmental OUs. Users who are members of the Domain Admins group belong to the Information Systems department. However, not all employees in the Information Systems department are members of the Domain Admins group. To simplify employees' computing environment and prevent problems, you link a Group Policy object (GPO) to the widgets.local domain that disables the control panel for users. How can you prevent this Group Policy object from applying to members of the Domain Admins group?
On the Group Policy object's access control list, deny the apply Group Policy permission for members of the Domain Admins group.
What are the two types of DNS servers used in a hybrid network environment? (Select two.)
On-premises, Azure
Which of the following is true regarding VHDX fixed drives?
Performance is improved because the entire virtual disk is a contiguous block.
Which of the following security functions does CHAP perform?
Periodically verifies the identity of a peer using a three-way handshake.
What type of zone does Azure DNS use?
Private
Continuous delivery (CD) and continuous integration (CI) can be set up so that when a developer starts a new build or updates an application, it's automatically deployed to the application server. Which component is used to store the most recent version of a developer's code?
Repository
Which of the following is TRUE regarding the Windows Admin Center (WAC)?
Requires latest version of Azure Network Adapter.
You want to configure a computer to boot to a Windows installation on a VHD file. You will use the install.wim image on the Windows installation disk. You have downloaded the Windows AIK tools. You created and attached a virtual disk file using Disk Management. You ran ImageX to apply the image to the VHD file. What should you do next?
Run BCDEdit to create a BCD entry pointing to the VHD file.
You have Windows installed on a VHD on a system that is not running a hypervisor. Which of the following are you unable to do?
Run Windows from the VHD concurrently with the system's host operating system.
Which of the following are network access setting limitations for an Azure AD application proxy? (Select two.)
Terminating connector TLS traffic. Load-balanced connector.
You need to failover a virtual machine running on a Windows Server hypervisor host using the following parameters: A temporary copy of the virtual machine must be created and run on the replica server. The original virtual machine on the primary server must remain running to service client requests. The test virtual machine must not be connected to any network to prevent conflicts with the original virtual machine on the primary server. When you are finished, the temporary virtual machine must be deleted. Which type of failover should you use?
Test
Drag the hypervisor type on the left to the failover that is initiated from it on the right. (Answers may be used more than once.)
Test Failover - Replica Server Planned Failover - Primary Server Unplanned Failover - Replica Server
You manage a single domain running Windows Server. You have configured a Restricted Group policy as shown in the image. When this policy is applied, which action will occur?
The Backup Operators group will be made a member of the Desktop Admins group.
Which utility would you use to seize a role?
The Ntdsutil.exe tool
On a typical network, what happens if a client attempts to receive DHCP configuration from a DHCP server that's located on a different subnet?
The router drops the DHCP request.
Which of the following is the last step in a DHCP request process that uses a DHCP relay agent?
The server returns the DHCP ACK packet which the relay agent forwards to the client.
Which of the following were drawbacks to splitting the DHCP scope feature that was available in Windows Server 2008 and earlier? (Select two.)
The servers did not share information on active leases., Backup servers that already had a large number of addresses couldn't handle the additional load.
What is the computer that remote users connect to?
The web application proxy
Which of the following allows a machine to see traffic from multiple VLANs?
Trunking
You are the administrator of a network with a single Active Directory domain. You need to create 75 user accounts in the domain Users container. You have a list of new user accounts that include an IP telephone number. The user accounts are available via an export from your company's HR application in the form of a comma-delimited file. You want to create the new accounts as quickly and easily as possible. What is the easiest way to accomplish this task?
Use Csvde to import user accounts using the .csv file.
Which of the following BEST describes VNets?
Virtual networks hosted in Azure Cloud.
Which of the following are considered RADUIS clients? (Select two.)
Wireless access points VPN servers
You want to create a VHD file with the following settings: Size: 200 GB Location: F:\VHDS Name: Win10vhd Which DiskPart command should you use?
create vdisk file=f:\VHDS\Win10vhd.vhd maximum=204800
You manage a single-domain network with a domain named widgets.com. You have received funding to upgrade all of your domain controllers from Windows Server 2003 to Windows Server 2012 R2. You upgrade all domain controllers to Windows Server 2012 R2. You then set the domain and forest functional levels to Windows Server 2012 R2. You decide to migrate from FRS replication to DFS replication using a staged migration approach. You start replication and progress to the point where both FRS and DFS replication are running. Because everything looks like it is working properly, you configure replication to now use only DFS replication. After a few days, you notice several replication errors. You decide that you want to configure replication so that only FRS replication is used (DFS replication will no longer operate). Which command should you use?
dfsrmig /setglobalstate 0
You manage a Windows server that functions as your company's domain controller. You want to test a new network application in a lab environment prior to rolling it on to your production network. To make the test as realistic as possible, you want to export all Active Directory objects from your production domain controller and import them to a domain controller in the test environment. Which tools could you use to do this? (Select two. Each option is a complete solution.)
ldifde, csvde
Match each decimal value on the left with the corresponding hexadecimal value on the right. Not all decimal values have a corresponding hexadecimal value.
11 - 17 B - 11 D - 13 F - 15 C - 12 10 - 16
You are the network manager for the westsim.private domain. The SRV1 server runs all file and print services for the network. The DNS database has an A record that maps srv1.westsim.private to the IP address of 192.168.16.10. You want to create a PTR record that maps the IP address to the hostname. Which zone should you create the record in?
16.168.192.in-addr.arpa
Which port is a DHCP Discover packet sent out on when a device first connects to a network?
67
Which port does the relay agent use when sending DHCP information back to the client?
68
You administer a network with Windows Server 2022, UNIX servers, and Windows 10, and Macintosh clients. A Windows computer user calls you one day and says that he is unable to access resources on the network. You type ipconfig on the user's computer and receive the following output: 0 Ethernet adapter: IP address. . . . . . . . . : 169.254.1.17Subnet Mask . . . . . . . . : 255.255.0.0Default Gateway . . . . . . : You also check your NIC and see that the link light is on. What might the problem be in this scenario?
An unavailable DHCP server
Rachel is a system administrator. She decides to use IPAM to manage her DHCP servers. Which of the following DHCP features can be configured within IPAM? (Select two.)
Configuring DHCP exclusions., Create and configure DHCP scopes.
You need to define a new IPv4 DHCP scope on the DC1 server in the westsim.com domain. Click the option in the IPAM console that you should use to accomplish this task.
DNS and DHCP Servers
Which of the following is needed for clients to communicate with hosts outside of the local subnet?
Default gateway
You are setting up a new network in a single location with a single domain named eastsim.com. You install a DHCP server and configure it with a scope for the single subnet. You install a DNS server with a primary zone for the domain. What should you do to use dynamic updates to update DNS records in the zone automatically?
Enable dynamic updates on the eastsim.com zone.
You need to view a list of all IP addresses sorted by device type that have been assigned by DHCP servers in the westsim.com domain. Click the option in the IPAM console that you should use to view this information.
IP Address Inventory
Which of the following would a device use to receive NTP configuration from a NTP server that's located on a different network?
IP helper
Which DHCP high-availability option typically assigns both servers 50% of the IP leases?
Load balance
Which of the following best describes the purpose of using subnets?
Subnets divide an IP network address into multiple network addresses.
You are the network administrator for a small consulting firm. Users are complaining that they are unable to reach network resources. After some troubleshooting, you've confirmed that the DHCP server is down. Your network devices should be receiving an APIPA address so that they can at least communicate on the internal network, but many devices are not receiving this address. Which of the following is the MOST likely reason the devices are not receiving their APIPA addresses?
The DHCP lease has not expired.
After you install a new DHCP server on your network, you need to verify that the network devices are receiving IP addressing via DHCP. You reboot a Windows 10 client system and, using the ipconfig /all command, receive the following information: Ethernet adapter Local Area Connection 1:Description . . . . . . . . . . . : Intel(R) Ethernet ConnectionPhysical Address. . . . . . . . . : 02-00-4C-4F-3F-50DHCP Enabled. . . . . . . . . . . : YesAutoconfiguration Enabled . . . . : YesAutoconfiguration IPv4 Address. . : 169.254.25.129Subnet Mask . . . . . . . . . . . : 255.255.0.0Default Gateway . . . . . . . . . :DNS Servers . . . . . . . . . . . : Which of the following statements are true? (Select two).
The client system is configured to use DHCP., The client system is unable to reach the DHCP server.
Which TCP/IP utility gives you the following output?
ipconfig
You've been called in to troubleshoot a connectivity problem on a newly installed Windows Server system. The system is operating well and is able to communicate with other systems on the local network. However, it's unable to access any systems on other segments of the corporate network. You suspect that the system's default gateway parameter hasn't been configured or may be configured incorrectly. Which of the following utilities are you MOST likely to use to view the system's default gateway information?
ipconfig
Mary calls to tell you that she can't connect to an intranet server called WebSrv1. From her computer, you ping the server's IP address. The ping test is successful. Which tool would you use on her workstation next to troubleshoot the problem?
nslookup
Which of the following can you append to the end of the dig command to run a query for all the records in the zone?
-axfr
Which of the following identifies both the logical host and logical network addresses?
IP address
You are a network technician for a small consulting firm. One of your users is complaining that they are unable to connect to the local intranet site. After some troubleshooting, you've determined that the intranet site can be connected to by using the IP address but not the hostname. Which of the following would be the MOST likely reason for this?
Incorrect DNS settings
Which of the following is true regarding Active Directory-integrated (ADI) zone data?
Only members of the domain can update records.
Which of the following protocols does DHCP use when it sends out IP configuration?
UDP
You manage a network that has multiple internal subnets. You connect a workstation to the 192.168.1.0/24 subnet. This workstation cannot communicate with any other host on the network. You run ipconfig /all and see the following: Ethernet adapter Local Area Connection:Connection-specific DNS Suffix. : mydomain.localDescription . . . . . . . : Broadcom network adapterPhysical Address . . . . . : 00-AA-BB-CC-74-EFDHCP Enabled. . . . . . . : NoAutoconfiguration Enabled . . : YesIPv4 Address. . . . . . . : 192.168.2.102(Preferred)Subnet Mask . . . . . . . : 255.255.255.0Default Gateway. . . . . . : 192.168.1.1DNS Servers . . . . . . . : 192.168.2.20 What is the MOST likely cause of the problem?
Incorrect IP address
Which of the following were drawbacks to using the Windows failover cluster feature that was available in Windows Server 2008 and earlier? (Select two.)
It was difficult and time consuming to configure., The shared storage was a single point of failure.
When a DHCP relay agent receives a broadcast message requesting an available DHCP server, the DHCP uses an IP address as the source IP address. Which of the following is the IP address used by the DHCP relay agent?
Its own IP address
You are installing DHCP in four subnets. Three of the subnets have Windows 10 desktop computers, and the fourth subnet has only Windows 10 laptop computers. On the subnet with the laptops, you want any computer that has not logged on in two days to release its IP address. On the desktop subnets, you want computers that have not logged on in 30 days to release their IP addresses. How should you configure the DHCP scopes?
Set up one scope for each subnet and set the lease period as a part of each scope's configuration.
A host has an address of 100.55.177.99/16. Which of the following is the broadcast address for the subnet?
100.55.255.255
Microsoft recommends staying within how many sub-tree levels when creating OUs in your network design?
5
You can adjust how often the data is synchronized to the replica VM. What is the default setting?
5 minutes
Virtualization is the ability to install and run multiple operating systems concurrently on a single physical machine. Windows virtualization includes several standard components. Drag the component on the left to the appropriate description on the right. (Each component can be used once, more than once, or not at all.)
A file that resides within the host operating system and serves a storage device for the virtual machine. - Virtual hard disk (VHD) A thin layer of software that resides between the guest operating system and the hardware. - Hypervisor The guest operating system that is a software implementation of a computer that executes programs. - Virtual machine The host operating system that has hardware, such as storage devices, RAM, and a motherboard. - Physical machine Appears to be a self-contained and autonomous system. - Virtual machine Allows virtual machines to interact with the hardware without going through the host operating system. - Hypervisor
Which of the following are features of Azure Active Directory? (Select three.)
A flat system (not hierarchical)., An Identity as a Service (IDaaS)., Can provide authentication through Security Assertion Markup Language (SAML).
Which of the following BEST describes Node.js?
A free (open-source) backend runtime environment that works across multiple platforms.
Which of the following is a common user identifier used for authentication and authorization in the cloud and on-premises?
A hybrid identity
Which of the following BEST describes a service account?
A special user account that an application or service uses to interact with the OS.
Which of the following best describes a transitive trust?
A trust relationship which allows the trust to flow among domains.
Which of the following best describes a forest trust?
A trust which creates a trusted relationship between forests.
When implementing an Azure extended network, you need a pair of Windows Server VMs. Both VMs act as virtual appliances. Drag the VM type on the left to the proper connections on the right. (You can use a VM type more than once.)
A virtual network adapter to the routable subnet. - On-premise Second network interface to the extended subnet. - In the cloud A second virtual network adapter to the extended subnet. - On-premise Primary network interface to the routable subnet. - In the cloud
Permissions give you the ability to do which of the following?
Access a printer
Which of the following features are used by clients and provided by the RADIUS server? (Select three.)
Accounting Authentication Authorization
Which of the following is TRUE regarding asynchronous replication?
Acknowledgment of the write operation is sent to the application without waiting for an acknowledgment from the replication partner.
Which of the following is an established relationship between domains that allow authentication, communication, and access to resources?
Active Directory trust
You are the network administrator for westsim.com. The network consists of a single Active Directory domain. You are responsible for a server named HV1 that has the Hyper-V role installed. HV1 hosts a virtual machine that runs a custom web application that is in use 24 hours per day. The virtual machine has one hard drive that is hosted on a 127 GB expanding virtual hard drive (.vhdx). The server is running out of room. Management would like to upload 100 GB of new media files for use in the web application. You need to provide more storage space inside the virtual machine while minimizing downtime for the custom web application. What should you do?
Add a new virtual hard drive (.vhdx) to a SCSI controller.
You have created a group policy that prevents users in the accounting department from accessing records in a database that has confidential information. The group policy is configured to disable the search function for all users in the Accounting OU no matter which workstation is being used. After you configure and test the policy, you learn that several people in the Accounting OU have valid reasons for using the search function. These users are part of a security group named Managers. What can you do to prevent the Group Policy object (GPO) that you have configured from applying to members of the Managers group?
Add the Managers group to the GPO's discretionary access control list (DACL). Deny the apply Group Policy and read permissions to the Managers group.
To join a computer to a domain, you must be a member of which of the following groups?
Administrators group on the local computer
For security testing purposes, you need to change the source MAC address in outgoing packets originating from a Hyper-V virtual machine. Click the option you would use in the virtual machine's settings to do this.
Advanced Features
Click on the user right policy that is used to grant a user local access to the desktop of a Windows server.
Allow log on locally
You are configuring a new external virtual switch in your Hyper-V host. The host has two physical network interfaces installed. You want the physical host to exclusively use one network interface and virtual machines running on the host to exclusively use the other. Click the option you would use to configure the virtual switch in this manner.
Allow management operating system to share this network adapter
You are an administrator over several Windows servers. You also manage a domain in Active Directory. Your responsibilities include managing permissions and rights to make sure users can do their jobs while also keeping them from doing things they should not be doing. With Windows Server systems and Active Directory, the concepts of permissions and rights are used to describe specific and different kinds of tasks. Drag the concept on the left to the appropriate task examples on the right. (Each concept can be used more than once.)
Allow members of the Admins group to back up the files in the Marketing folder on the CorpFiles server. - Rights Assign members of the Admins group read-only access to the files in the Marketing folder on the CorpFiles server. - Permissions Allow members of the Admins group to restore the files in the Marketing folder on the CorpFiles server. - Rights Assign members of the Marketing group read-write access to the files in the Marketing folder on the CorpFiles server. - Permissions Allow members of the Admins group to log on locally to the CorpFiles server. - Rights Allow members of the Admins group to shut down the CorpFiles server. - Rights Allow members of the Marketing group to send print jobs to the Marketing color printer. - Permissions
Which of the following requires rights to perform the action?
Allow members of the IT group to back up the files in the Sales folder on the SalesData server.
Match each Hyper-V virtual networking feature on the left with its appropriate description on the right.
Allows a VM to see traffic from multiple VLANs - Trunking Allows network traffic to be distributed across multiple CPU cores - Virtual Machine Queue (VMQ) Controls the throughput of data to virtual disks - Storage Quality of Service (QoS) Establishes rules that are applied to virtual switch ports - Port ACLs Provides bandwidth aggregation - NIC Teaming Copies traffic from one switch port to another - Port Mirroring Prevents a VM from being used as a rogue DHCP server - DHCP Guard
Which of the following BEST describes Azure Bastion?
Allows a user to connect to a virtual machine using the Azure portal on a browser.
Which of the following BEST describes split DNS?
Allows the same name to resolve to different IP addresses.
Which of the following are characteristics of TACACS+? (Select two.)
Allows three different servers (one each for authentication, authorization, and accounting)., Uses TCP.
With RADIUS, network managers can centrally manage connection authentication, authorization, and accounting (sometimes referred to as AAA) for many types of network access, such as VPN or wireless access points. Which of the following options best describes authorization?
Allows users to use specific network services or connect to specific network resources.
Which UAC level is recommended as the most secure configuration option because it will always provide a standard user the option to log in as an administrator?
Always notify.
Which of the following do you need in order to install the Group Policy Management Tools? (Select three.)
An Azure Active Directory tenant, A server management VM that's joined to the managed domain, An Azure AD DS managed domain
Which of the following BEST describes MAP?
An agentless inventory assessment and reporting tool used to assess network environments.
Which of the following best describes Azure AD Connect?
An on-premises Active Directory synchronization service.
Which of the following are true regarding the Members group name? (Select two.)
Any user included in the list who is not currently a member of the restricted group becomes a member of the restricted group automatically when the policy is applied., Any user not included in the Members list is removed from the restricted group. The exception is the administrator in the Administrators group.
You want to configure a Windows computer to boot to a Windows 10 installation on a VHD file. You will use the image on the Windows installation disk. You have downloaded the Windows AIK tools and created a virtual disk file using Disk Management. What should you do next?
Attach the VHD.
Which of the following will happen when a user attempts to log on if the WAN link to a writeable domain controller is not available and the password for a computer account is cached on an RODC?
Authentication will be granted only locally.
IT administrators can use Azure Active Directory for which of the following management strategies?
Automation of user provisioning between existing Windows server Active Directory and cloud-based apps.
If IT administrators want to create a hybrid directory service between Azure Active Directory and Active Directory Domain Services, they must use which of the following to create this hybrid service?
Azure AD Connect
Which of the following can automatically synchronize user credentials, group accounts, and computer accounts between an on-premises Active Directory and cloud-based Azure services?
Azure AD Connect
Ben is developing a cloud-based application. He wants his application users to be able to use the same credentials that they use for their Microsoft 365 account. He also wants to use OpenID for a secure authentication process. Which of the following is the BEST match for what Ben wants?
Azure Active Directory
Jim is the network administrator for a large company with multiple offices. All the employees at the company need access to various services like SQL database, machine learning, and Microsoft 365. Jim is spending a lot of time helping employees who have forgotten their credentials to the many different services they use for their jobs. Which of the following would be the BEST solution for Jim to implement to provide a single sign-on option for employees?
Azure Active Directory
SAML, OpenID, and OAuth 2.0 can be used by which of the following for cloud-based application authentication?
Azure Active Directory
Which of the following authentication services do current subscribers of Microsoft 365, Office 365, and Dynamic CRM already have an account with?
Azure Active Directory
Continuous delivery (CD) and continuous integration (CI) can be set up so that when a developer starts a new build or updates an application, it's automatically deployed to the application server. Which component does Microsoft recommend for running automated test pipelines?
Azure DevTest Labs
Which of the following uses Infrastructure as Code (IaC) templates to build your repository's application and infrastructure source code?
Azure Pipelines
Which of the following are use cases associated with implementing an Azure WAN? (Select two.)
Azure firewall Routing
Which of the following BEST describes an ExpressRoute?
Azure service that provides a private connection to ensure data does not travel across the public internet.
Which of the following are items needed to implement an Azure Network Adapter?
Azure subscription with active account. A connection to Azure for WAC server.
To ensure that the connection between Azure DNS and the on-premises DNS server is secure and encrypted, which of the following could you use? (Select two.)
Azure's ExpressRoute, VPN
A white exclamation mark inside a blue circle indicates which of the following about a Group Policy?
Block inheritance
You want to implement Storage Replica. Which of the following options would prevent the implementation?
Both storage device uses MBR
Which of the following is a benefit offered by Azure Active Directory to application developers?
By using Azure AD, application developers can integrate a user's preexisting credentials into the app for single sign-on authentication.
Which of the following commands allow you to view the socket pool size? (Select two.)
C:\>(Get-DnsServer).ServerSetting.SocketPoolSize, C:\>dnscmd /info /socketpoolsize
Your network has two sites, as shown in the graphic. You want to designate Computer1 as a preferred bridgehead server. Which object's properties would you edit to do this?
COMPUTER1
When using a VHDX differential drive, which of the following is true regarding the differencing drive file?
Can have different OS environments
Which of the following BEST describes Azure private zones?
Can only be queried by devices in the Azure virtual network.
You manage a group of 20 Windows 10 workstations that are currently configured as a Workgroup. Which advantages could you realize by installing Active Directory and adding the computers to a domain? (Select two.)
Centralized authentication, Centralized configuration control
You need to create a snapshot of a virtual machine currently running on a Windows Server Hyper-V host. The server was installed using a Server Core installation, so you must do this from the command line within a PowerShell window. Which cmdlet should you use to do this?
Checkpoint-VM
You have installed the Microsoft FTP Server service on a Windows Server 2016 host that is a member of the WestSim.com domain. The properties of this service are shown in the exhibit. You want the FTP Server service to log on and run on the system as a virtual service account named FTPSVC. Which should you do? (Select two.)
Click the Log On tab in the properties of the Microsoft FTP Service., Specify a logon account of NT SERVICE\FTPSVC.
When you originally deployed the AccServer virtual machine on your Windows Server 2012 R2 hypervisor, it stored accounting data from all departments in your organization and required a very large virtual disk. However, as your organization has grown, additional department-specific accounting servers have been deployed and much of the data that used to be stored on AccServer has migrated to them. Because the virtual hard disk file for the AccServer virtual machine is set to grow dynamically, the unused space in the file can be reclaimed on the physical hard drive in the Windows server. Click the option you would use in the Edit Virtual Hard Disk wizard to accomplish this without reducing the overall storage capacity of the virtual hard disk.
Compact
You currently manage a virtual machine named VM18 that has been installed on the Srv5 physical server. The virtual machine uses a single dynamic disk of 100 GB. You notice that the physical size of the virtual hard disk is 40 GB, but that the virtual machine reports only a total of 20 GB of files. You want to reduce the physical space used by the virtual hard disk. What should you do?
Compact the disk.
Which of the following Azure VM types is ideal for web servers with medium traffic?
Compute-optimized
What type of forwarder is configured for the on-premises DNS server to allow it to communicate with Azure DNS?
Conditional
Your company has recently added a traveling sales force. To allow salesmen access to the network while traveling, you install two additional servers. You configure the servers (REM1 and REM2) as remote access servers to accept incoming calls from remote clients. You configure network access policies on each server. The solution is working fine, but you find that you make constant changes to the remote access policies. You install the Network Policy and Access Services role on a third server (REM3). You configure network access policies on REM3. Following the installation, you verify that all clients can connect to REM1 and REM2. Then you delete the custom network access policies on both servers. Now, no clients can make a remote access connection. What should you do?
Configure REM1 and REM2 as REM3's RADIUS clients.
You manage the remote access solution for your network. Currently, you have 10 remote access servers named RA1 through RA10. A single RADIUS server named RA11 holds all network access policies for all remote access servers. Due to some recent changes, you decide to add a second RADIUS server, RA12, to your solution. Remote access connections should be directed to either RA11 or RA12 based on the characteristics of the connection. You decide to configure the RA13 server as a RADIUS proxy. Connection requests from RA1 through RA10 will be sent to RA13. All requests will then be forwarded to RA11 or RA12 based on the characteristics of the connection. Which of the following steps are part of your configuration on RA13? (Select three. Each choice is a required part of the solution.)
Configure connection request policies. Configure RA1 through RA10 as RADIUS clients to RA13. Configure RADIUS server groups.
You are the network administrator for your company. Your network consists of two Active Directory domains, research.westsim.local and sales.westsim.local. Your company has two sites, Dallas and Houston. Each site has two domain controllers, one domain controller for each domain. Users in Houston who are members of the sales.westsim.local domain report slow performance when logging in and accessing files in Dallas. Users in Dallas do not report any problems logging in and accessing local resources. You want all users in Houston to experience adequate login and resource access response time. What should you do?
Configure one of the domain controllers in Houston to be a global catalog server.
You are in charge of installing a remote access solution for your network. You decide you need a total of four remote access servers to service all remote clients. Because remote clients might connect to any of the four servers, you decide that each remote access server must enforce the exact same policies. You anticipate that the policies will change frequently. What should you do? (Select two. Each choice is a required part of the solution.)
Configure one of the remote access servers as a RADIUS server and all other servers as RADIUS clients. Configure network access policies on the RADIUS server.
You are the security administrator for a large metropolitan school district. You are reviewing security standards with the network administrators for the high school. The school's computer center has workstations for anyone's use. All computers in the computer center are members of the Computer Center Computers global group. All workstations are currently located in the Computers container. The computer center computers have access to the internet so users can perform research. Any user who uses these computers should be able to run Internet Explorer only. Other computers in the high school should not be affected. To address this security concern, you create a Group Policy object (GPO) named Computer Center Security. How can you configure and apply this GPO to enforce the computer center's security?
Configure the Computer Configuration node of the Computer Center Security GPO to restrict software to Internet Explorer only. Link the GPO to the domain and allow access to the Computer Center Computers group only.
You manage 20 Windows workstations in your domain network. You want to prevent the sales team members from making system changes. Whenever a change is initiated, you want to allow only those who can enter administrator credentials to be able to make the change. What should you do?
Configure the User Account Control: Behavior of the elevation prompt for standard users setting in Group Policy to prompt for credentials.
You are the network administrator for you company. The network consists of a single Active Directory domain. All the servers run Windows Server 2016. All the clients run Windows 10. You company has a number of product specialists who travel to remote areas. The product specialists complain that their internet connections frequently fail, forcing them to reconnect to the company VPN server. The server and the clients use the L2TP with IPSec VPN protocol. You need to improve VPN performance by allowing the clients to automatically reconnect to the company VPN if the clients' internet connection should fail. What should you do?
Configure the VPN connection to use the Internet Key Exchange version 2 (IKEv2) VPN protocol.
You are the network administrator of a network with a single Active Directory forest. The forest root domain is named westsim.local, and there are two child domains named europe.westsim.local and asia.westsim.local. All domain controllers are running Windows Server 2012 R2 or Windows Server 2016. Your network has five Active Directory sites in the United States, six in Europe, and three in Asia. All sites in Europe have two domain controllers from the europe.westsim.local domain and one domain controller from the westsim.local domain. Several sites in Europe are using outdated hardware for their domain controllers, and you have decided to update them. You install and configure a new domain controller for an office in Europe and move the server to the correct site. After several days, you notice that the new server is not being utilized for replication between sites. What should you do?
Configure the new server as a preferred bridgehead server for its site.
You are working for a company that has a large Active Directory network with locations in New York City, Washington, D.C., Seattle, Miami, and Des Moines. The company has just opened an office in Toronto. You are responsible for bringing the new Toronto site online. You have created a site link to represent a high-speed connection between Washington, D.C., and Toronto. You anticipate that the link between these two cities will be used heavily during normal Eastern Time Zone business hours (5:00 a.m. to 7:00 p.m.). You need to configure replication between Toronto and Washington, D.C., and minimize the impact of replication traffic during business hours. What should you do?
Configure the site link between Toronto and Washington, D.C. to be available between 7:00 p.m. and 5:00 a.m.
Which of the following are features and benefits of Windows containers? (Select two.)
Containers are disposable., Containers are highly portable.
You currently manage a virtual machine named VM12 that has been installed on the Srv5 physical server. The virtual machine uses a single fixed disk of 100 GB saved in the vdisk1.vhd file. Physical disk space on the server is getting low. When you run Disk Management within the virtual machine, you notice that only 30 GB of space is being used, but the vdisk1.vhd file occupies 100 GB. You want to reduce the physical size of the virtual hard disk. What should you do?
Convert the disk to a dynamically expanding disk named vdisk2.vhd. Delete vdisk1.vhd, and change vdisk2.vhd's name to vdisk1.vhd.
Which option gives the virtual machine a new UUID?
Copy
You have exported a virtual machine to a USB flash drive. You have just installed a new Hyper-V host, and you intend to build a lab environment consisting of several VMs on it. You plug the flash drive into the new host server and begin the import process. Partway through the process, the Import Virtual Machine wizard gives you several import types to choose from. Which of the following import types should you choose?
Copy the virtual machine (create a new unique ID)
You've just deployed a new Active Directory domain, as shown in the figure below. You now need to deploy Group Policy objects (GPOs) to apply configuration settings and enforce security policies. Click the container(s) to which a GPO can be applied.
Corp, Domain Controllers
Your organization has been using an in-house custom-developed application. The team that developed that application created a Group Policy template in the form of an ADMX file, which you have used to assign necessary rights to a group of users who use the application. Another group of users now needs to have the same rights. This group belongs to an OU to which one of your assistants has full control management rights to. When your assistant tries to use the Group Policy template to assign rights to this group, she cannot find the template in Active Directory. What must you do to give your assistant access to this Group Policy template?
Create a central store on the SYSVOL share and copy the ADMX file into it.
You are the network administrator for westsim.com. The network consists of a single Active Directory domain. There is one main office in New York and several branch offices, including one in Chattanooga, TN. All of the clients in Chattanooga, TN, are configured using DCHP and obtain addresses in the 172.16.0.0/16 subnet with the scope ranging from 172.16.3.1 to 172.16.3.254. There are two domain controllers in the Chattanooga office named TNDC1 and TNDC2. TNDC1 has a static IP address of 172.16.2.3/16, and TNDC2 has a static IP address of 172.16.2.4/16. During an IT audit, you notice that users authenticated by TNDC2 experience significant logon delays. You order a new server to replace TNDC2. As a temporary fix, you would like to ensure that all users in the Chattanooga, TN, site are authenticated by TNDC1. The solution should enable users to be authenticated by TNDC2 only if TNDC1 fails. What should you do?
Create a new Active Directory site. Create a new subnet object using the 172.16.2.4/32 subnet. Move TNDC2 to the new site.
You are the network administrator for corpnet.com. The company has a main office and four branch offices. All of the servers run Windows Server 2016. All of the sites have been added to the DEFAULTIPSITELINK object, which is set to replicate every 15 minutes. The Branch1 office contains one domain controller, DC3. The WAN link between the main and Branch1 offices has excellent bandwidth and very low latency. You frequently update the user accounts for users located at the Branch1 office and encounter conflicts that require you to force replication. You need to enable replication between the main and Branch1 offices to occur more frequently than every 15 minutes. The change must not affect replication between the main office and the other branch offices. What should you do? (Select three.)
Create a new IP Site Link and add the main office and the Branch1 office to the new link., Configure the Options attribute on the new link. Configure the Cost on the new link., Remove the Branch1 office from the DEFAULTIPSITELINK.
You are planning a server virtualization implementation using Hyper-V. Your virtualization solution must meet the following requirements: Both 32-bit and 64-bit operating systems will be installed as virtual machines. You need to install six virtual machines. All virtual machines must be able to communicate with each other. Virtual machines should not be able to communicate with any other network devices. Virtual machines should not be able to communicate with the management operating system. What should you do?
Create a private network
You are the administrator for the westsim.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective department OUs. Computers in the accounting department use a custom application. During installation, the application creates a local group named AcctMagic. This group is used to control access to the program. By default, the account used to install the application is made a member of the group. You install the application on each computer in the accounting department. All accounting users must be able to run the application on any computer in the department. You need to add each user as a member of the AcctMagic group. You create a domain group named Accounting and make each user a member of this group. You then create a GPO named Acct Software linked to the Accounting OU. You need to define the restricted group settings. What should you do?
Create a restricted group named AcctMagic. Add the Accounting domain group as a member.
You have received a call from a user telling you that his password no longer works. As you inquire about the reasons why the password doesn't work, he tells you that yesterday, he received a call from an administrator asking for his user account password, which he promptly supplied. You know that a legitimate administrator would have never made this request. You are concerned that the impersonator might have contacted other users with the same request. To protect your network, you would like to reset all user account passwords and force users to change their passwords at the next login. You want to accomplish this as quickly as possible. What should you do? (Select two. Each choice is a possible complete solution.)
Create a script that runs Dsmod. Specify the new password and account properties in the script. Run the script., Run Ldifde to export user account information. Edit the .ldif file to modify the user account properties and passwords. Run Ldifde to modify the existing user accounts.
You are the network administrator for corpnet.com. Users in the .sales.us.corpnet.com domain frequently need to access shares in sales.eu.corpnet.com, but report that it often takes a long time to be authenticated when accessing the shares. You need to reduce the amount of time it takes the users in sales.us.corpnet.com to be authenticated in sales.eu.corpnet.com. What should you do?
Create a shortcut trust.
You are planning a server virtualization implementation using Hyper-V. Your virtualization solution must meet the following requirements: Both 32-bit and 64-bit operating systems will be installed as virtual machines. You need to install six virtual machines. You will manage the services running on the virtual machines from a Windows computer. What should you do?
Create an external network
You are planning a server virtualization implementation using Hyper-V. Your virtualization solution must meet the following requirements: Both 32-bit and 64-bit operating systems will be installed as virtual machines. You need to install two virtual machines. Virtual machines must be able to communicate with each other and with the host operating system. What should you do?
Create an internal network
By default, Hyper-V Replica only handles updating the state of the operating system, but not the state of any applications running. What do you need to do if you need to recover the state of the applications?
Create app-consistent recovery points.
You are the network administrator for a company with a single Active Directory domain. The corporate office is located in Miami, and there are satellite offices in Boston and Chicago. There are Active Directory sites configured for all three geographic locations. The Default-First-Site-Name was renamed the Miami site. Each location has a single IP subnet configured and associated with the appropriate site. Each office has several domain controllers. The Boston office has recently expanded to three additional floors in the office building that they are in. The additional floors each have their own IP subnet and are connected by a router. The domain controllers for the Boston office are all located on one floor and are in the same subnet. You notice that the users working on the new floors in the Boston office are sometimes authenticating to domain controllers from other locations. You need to make sure that all authentication traffic over the WAN links is kept to a minimum. What should you do?
Create subnets for the new floors in the Boston office and link them to the Boston site.
You have decided to install multiple virtual servers. You install Hyper-V on a server that is running Windows Server 2016 Datacenter edition. You need to install the following virtual machines: Four servers running the Windows Server 2008 R2 Standard edition (64-bit) Three servers running the Windows Server 2012 R2 Datacenter edition (64-bit) Three servers running the Windows Server 2016 Standard edition (64-bit) To conserve disk space, you decide to use parent and differencing disks. You need to create the virtual hard disks used by the virtual machines. What should you do?
Create three fixed disks and ten differencing disks.
You are the network administrator of a network that spans two locations, Atlanta and Dallas. The network has only one Active Directory domain named company.local. The Atlanta and Dallas locations are connected using a T1 line. You have also configured an on-demand dial-up connection between the two locations, which should only be used for backup if the T1 line becomes unavailable. You create two site objects named Atlanta and Dallas using the Active Directory Sites and Services snap-in. How should you configure Active Directory to perform replication over the T1 line rather than the dial-up connection?
Create two Site Link objects representing the T1 and dial-up connections. Configure the T1 Site Link object with a lower cost than the dial-up Site Link object.
You have a TCP/IP network with 50 hosts. There have been inconsistent communication problems between these hosts. You run a protocol analyzer and discover that two of them have the same IP address assigned. Which protocol can you implement on your network to help prevent problems such as this?
DHCP
Which of the following helps prevent attacks that attempt to pollute information in the cache to direct traffic to a malicious site?
DNS cache locking
Which of the following verifies that a server's response was not changed in transit and that the server sending the response is really who it claims to be?
DNSSEC
What does storage replica replicate?
Data blocks
Which of the following is TRUE regarding a unplanned failover?
Data loss may occur.
You are the administrator of the eastsim.com domain. Your Active Directory structure has organizational units (OUs) for each company department. You have assistants who help with resetting passwords and managing group membership. You want your assistants to also help create and delete user accounts. Which of the following tools can you use to allow your assistants to perform these additional tasks?
Delegation of Control wizard
Organizational units organize network resources. You can use the organizational model that best meets your needs. Drag the organizational model on the left to the appropriate example OU on the right. (Organizational models can be used once, more than once, or not at all.)
Denver OU - Physical location model Printers OU - Object type model Sales OU - Corporate structure model Engineering OU - Corporate structure model Brazil OU - Physical location model Brazil OU containing the Sales OU - Hybrid model
You are the network administrator for an Active Directory forest with a single domain. The network has three sites with one domain controller at each site. You have created and configured sites in Active Directory Sites and Services, and replication is operating normally between sites. You configure two universal groups for use in securing the network. All users are members of one universal group or the other. After configuring the universal groups, users at Sites 2 and 3 report slow login and slow access to the corporate database. Users at Site 1 can log in and access the corporate database with acceptable performance. You want to improve login and resource access performance for users in Sites 2 and 3. What should you do?
Designate the domain controllers at Sites 2 and 3 as Global Catalog servers.
You are the network administrator for Corpnet.com. The company has three domains named corpnet.com, east.corpnet.com, and west.corpnet.com. The DNS servers in each domain are only authoritative for the zones for their domains and are all member servers. You sign the corpnet.com DNS zone with DNSSEC. You need to enable the DNS servers that are not authoritative for the corpnet.com zone to perform DNSSEC validation of DNS responses for the corpnet.com zone. What should you do?
Distribute a Trust Anchor to all DNS servers that are not authoritative for the corpnet.com zone.
Match the Active Directory term on the right with its corresponding definition on the left. Not every definition on the left have an associated term on the right.
Domain Controller - A server that holds a copy of the Active Directory database that can be written to. Forest Root Domain - The first domain created in an Active Directory forest. Tree Root Domain - The highest level domain in a tree.
When Active Directory is installed, several containers are created by default. Which default container would you be able to apply a Group Policy to?
Domain Controllers OU
You have installed the necessary roles and features so your Windows Server 2022 server can support Hyper-V containers. Now you need to install the Docker engine. Use the left/right arrows to move the steps for the Docker installation process from the left to the right. Use the up/down arrows to put the steps in the most appropriate order.
Download the docker.zip file Extract docker.zip to C:\Program Files\docker Add C:\Program Files\docker to PATH Register the dockerd.exe service Start the dockerd.exe service Configure Docker service to autostart
Which type of VHD file allocates additional physical disk space in the file as virtual disk storage is used?
Dynamically expanding
You are the network administrator for a network with a single Active Directory forest. All domains in the forest are at Windows Server 2008 functional level, and the forest is also at a Windows Server 2008 functional level. Offices are located in Denver, Chicago, and Miami. Each geographic location has an Active Directory site configured. The links that connect the Denver and Miami sites to the corporate headquarters in Chicago are highly utilized, and you want to minimize replication traffic over them. Company headquarters is located in Chicago, and that location has multiple global catalog servers to service global queries efficiently. Several users in Denver and Miami are members of universal groups throughout the forest. You need to make sure that, in the event of a WAN link failure, group membership will be protected, and logons will be available. What should you do?
Enable Universal Group Membership Caching for the Denver and Miami sites.
You have been asked to troubleshoot a Windows workstation that is a member of your domain. The director who uses the machine said he is able to install anything he wants and change system settings on demand. He has asked you to figure out why User Account Control (UAC) is not being activated when he performs a sensitive operation. You verify that the director's user account is a standard user and not a member of the local Administrators group. You want the UAC prompt to show. What should you do?
Enable the Run all administrators in Admin Approval Mode setting in the Group Policy .
You are the administrator for a small company that uses a Windows server to host a single domain. Mary Hurd, a user in the sales department, calls and reports that she is unable to log in using her computer (Sales1). You use Active Directory Users and Computers and see the screen shown in the image. What can you do to allow Mary to log in?
Enable the computer account.
When you install Hyper-V, it creates a couple of firewall rules that can be used for replication, but they're left disabled until you actually activate them. What is the PowerShell command to enable the firewall rules?
Enable-NetFirewallRule
You need to view resource usage for a Hyper-V virtual machine named AccServer that is running on a Windows Server system. Before you can actually retrieve resource usage information, you first need to turn resource metering on for the virtual machine. Which PowerShell command can you use to do this?
Enable-VMResourceMetering -VMName AccServer
Which of the following BEST describes Single-root I/O virtualization?
Enables Network traffic to bypass the software switch layer of the Hyper-V virtualization stack.
Which of the following BEST describes an Azure extended network?
Enables you to stretch an on-premises subnet into Azure.
Which of the following is a characteristic of TACACS+?
Encrypts the entire packet, not just authentication packets.
You need to be able to access a partner organization's network using a VPN connection from within a Windows virtual machine running on a Windows server. However, the VPN connection requires a smart card for authentication. In order to connect, you need to redirect the smart card from the local physical hardware to the virtual machine. Click the option in the Hyper-V settings on the server you can use to enable this.
Enhanced Session Mode Policy
During the course of the Docker installation, you add C:\Program Files\docker to the PATH statement. You want to verify that C:\Program Files\docker is one of the file paths listed in PATH. You open the Advanced System Properties window, as shown in the image below. Click the button that will allow you to see what is in PATH.
Environment Variables...
You currently manage a virtual machine named VM12 that has been installed on the Srv5 physical server. The virtual machine uses a single fixed disk of 40 GB saved in the vdisk1.vhd file. The virtual machine is running out of free disk space. The virtual machine currently uses about 39.5 GB of the available disk space. You need to add more disk space to the virtual machine. What should you do?
Expand the vdisk1.vhd disk.
You are the network administrator for Corpnet.com. You have two Windows servers named HV1 and HV2. Both servers have the Hyper-V role installed. HV1 has an Intel processor, and HV2 has an AMD processor. HV2 hosts a virtual machine named VM1. You build another server named HV3 and install the Hyper-V role. HV3 has an Intel processor. You need to move VM1 from HV2 to HV3 with the least amount of downtime. What should you do?
Export VM1 on HV2 and then import it on HV3.
The Srv1 server runs Hyper-V and has several virtual servers installed. You would like to copy the VM4 virtual machine and create two new virtual machines running on Srv1. You are using the Hyper-V Manager console and want to complete the task with as little effort as possible. Which of the following procedures will let you create two virtual machines from the original VM4?
Export VM4 to the C:\Export folder. Copy the C:\Export folder to C:\Export2. Import the configuration using C:\Export\VM4 as the path. Import the configuration again using C:\Export2\VM4 as the path.
You want to implement an Azure WAN solution that does not utilize the public internet and increases security, speed, and reliability. In addition, you want to utilize P2P Ethernet network connectivity. Which of the following Azure WAN solutions will meet your networking requirements?
ExpressRoute
Which of the following password synchronization options in Azure AD Connect utilizes proxy servers as an extra layer of security in the authentication process?
Federation authentication
Which of the following password synchronization options offers the highest level of security in Azure AD Connect?
Federation authentication
Which of the following is used with VM generations 1 and 2?
Fiber Channel adapters
You currently use a Windows 7 desktop system. You have been asked to evaluate Windows 10 as a possible upgrade for the Windows 7 systems you manage. You decide to install Windows 10 in a VHD file on your Windows 7 system. To ensure that the evaluation is realistic, you need to ensure the best possible performance. Which type of VHD file should you use?
Fixed size
Which of the following does the DHCP relay agent use to tell the DHCP server which pool of addresses to use?
GIADDR
Which of the following cmdlets is used to display the members of the allowed list or the denied list of the RODC PRP ?
Get-ADDomainControllerPasswordReplicationPolicy
You are the network administrator for westsim.com. The network consists of a single Active Directory domain. All of the servers run Windows Server, and all of the clients run the Windows operating system. The company has a branch office in Atlanta that has a read-only domain controller (RODC) named ATLRODC1. Management has requested a list of the users who have been authenticated by ATLRODC1 in the past and whose user accounts are cached on the RODC. Which command should you use to retrieve this information?
Get-ADDomainControllerPasswordReplicationPolicyUsage
Which PowerShell cmdlet should you use to check the services being monitored by the failover cluster? Enter the PowerShell cmdlet.
Get-ClusterVMMonitoredItem
You want to implement an Azure WAN solution that provides a traditional hub-and-spoke connectivity model that can provide for a variety of spoke types. Which of the following Azure WAN solutions will meet your networking requirements?
Global transit network architecture
Click on the tool you can use to configure Restricted Groups to control membership for groups that require high security.
Group Policy Management
Which tool can be used to customize existing GPOs or to create custom GPOs?
Group Policy Management Editor
You have configured a new GPO. You use a scoping method to prevent it from applying to a specific user using a specific computer. Which tool can you use to see if your scoping method is successful?
Group Policy Results
Which of the following is true about organizational units (OUs)?
Group Policy can be applied to organizational units.
Which of the following is true about the default containers in Active Directory?
Group Policy cannot be applied to default containers.
Which of the following is true about Group Policy inheritance?
Group Policy settings are applied to all objects below the container where the GPO is linked.
Azure Active Directory accesses resources through which of the following?
HTTP
Match each default Active Directory object on the left with the appropriate description on the right. (Each object may be used once, more than once, or not at all.)
Holds the default service administrator accounts - Built-in container The default location for new user accounts and groups - Users container The default location for domain controller computer accounts - Domain Controller OU The root container to the hierarchy - Domain container The default location for workstations when they join the domain - Computers container
Which options are found on the settings tab of the network policy components? (Select four.)
IP settings IP filters Encryption Multilink and bandwidth allocation protocol
Which of the following BEST describes node fairness?
Identifies overloaded nodes and then redistributes virtual machines to the other nodes.
Which of the following is true about the direction of access in a one-way trust relationship?
If Domain A trusts Domain B, then Domain B has access to Domain A's resources.
You are the network administrator for eastsim.com. The network consists of a single Active Directory domain. All of the servers run Windows Server 2016 Standard edition. All of the clients run Windows 10. A domain controller named DC1 functions as a DNS server that hosts a standard primary zone, eastsim.com. All of the other domain controllers host standard secondary zones for eastsim.com. A new corporate directive requires that all DNS communication be secure. The DNS records must be cryptographically signed by the DNS server so that clients can validate that the DNS server responses are authentic and have not been subject to tampering. You must configure DNS to comply with the new policy. What should you do?
Implement DNS Security Extensions (DNSSEC).
You are the network administrator for northsim.com. The network consists of a single Active Directory domain. The company has offices throughout the United States and internationally. You have two Windows servers named HV1 and HV2 that are located in the New York office. Both servers have quad core processors, 16 GB of RAM, and the Hyper-V role installed. HV1 hosts two virtual machines named APP1 and APP2: APP1 hosts an application used heavily by users in New York. APP2 hosts an application used heavily by users in London. During the day, you observe poor performance on APP1 due to a shortage of memory. During the evening, APP1 performs fine. However, APP2 experiences poor performance during peak business hours in London due to a shortage of memory. There are no empty slots to add memory to the server, and management does not have budget to upgrade HV1 for at least 6 months. You need to improve performance for APP1 and APP2 using the least amount of administrative effort. What should you do?
Implement Dynamic Memory in the properties of APP1 and APP2.
You are working for a company that has a large Active Directory network with locations in New York City, Washington, D.C., Seattle, Miami, and Des Moines. The company has just opened an office in Toronto. You are responsible for bringing the new Toronto site online. You configure a site link to represent the connection between Toronto and Washington, D.C. You make the site link available between 7:00 p.m. and 5:00 a.m. only. You configure the replication interval at 180 minutes. The link between Toronto and Washington, D.C., appears to work as expected and has been operating for several days without any apparent problems. On Monday at 9:00 a.m., you publish a new printer named ColorLaser to Active Directory. At noon, a user calls from Toronto to say that a print job must be sent to the new color printer, but the printer does not show up in Active Directory. You instruct the user to be patient and check again in an hour. One hour later, the user calls back and still cannot see the printer. You think there is a problem with replication. You want the Toronto user to have access to the printer from Active Directory as quickly as possible. What should you do?
In Active Directory Sites and Services, force replication between a Washington, D.C. domain controller and a Toronto domain controller.
You are the administrator of the eastsim.com domain, which has two domain controllers. Your Active Directory structure has organizational units (OUs) for each company department. You have assistant administrators who help manage Active Directory objects. For each OU, you grant one of your assistants Full Control over the OU. You come to work one morning to find that while managing some user accounts, the administrator in charge of the Sales OU has deleted the entire OU. You restore the OU and all of its objects from a recent backup. You want to configure the OU to prevent accidental deletion. You edit the OU properties, but can't find the Protect object from accidental deletion setting. What should you do so you can configure this setting?
In Active Directory Users and Computers, select View > Advanced Features.
Where does authentication take place in the passthrough authentication process?
In Active Directory on-premises
You are responsible for managing a Windows Server 2016 system named DNS1 that functions as a DNS server. One of the domains owned by your organization is westsim.com, which is not integrated with Active Directory. Your DNS server is authoritative for this zone. Two other DNS servers in your organization named DNS2 and DNS3 contain a copy of the zone data in a multi-master configuration. You want to use DNSSEC to sign zone data digitally. You want to use DNS1 as the Key Master for DNSSEC. Which should you do?
In DNS Manager, right-click the westsim.com zone and click DNSSEC > Sign the Zone.
You are the network administrator for corpnet.com. A new corporate policy requires that DNSSEC be implemented on the corpnet.com zone. A server named DNS1 is authoritative for the corpnet.com zone. You sign the corpnet.com zone and distribute trust anchors to all non-authoritative DNS servers that will perform DNSSEC validation of data from the zone. You need to prepare the clients to perform DNSSEC validation for the corpnet.com. What should you do?
In Group Policy, configure a Name Resolution Policy.
A user reports that they cannot browse to a specific website on the internet. From their computer, you find that a ping test to the web server succeeds. A traceroute test shows 17 hops to the destination web server. What is the MOST likely cause of the problem?
Incorrect DNS server address
You've configured your organization's DHCP server to dynamically assign IP addresses to DHCP clients using a lease duration of four days. You're using a Windows server for DHCP, and the default lease time is eight days. What impact, if any, will this have on the network?
Increased network traffic
You are the network administrator for northsim.com, a company that specializes in extreme sports vacations. The company has one main office and 30 branch offices. All of the branch offices have 3 to 10 users on location, and all of them are located in remote areas of the country. Due to the need to be located near natural resources, many of the branch offices lack basic security, and almost all of them are connected to the main office via a very slow connection. Users at the branch offices complain that it takes a long time to log on to the domain. Management has authorized the purchase and deployment of one Windows Server for each branch office. You have been asked to develop a standard installation for the new servers being deployed. Your solution must meet the following requirements: Each branch office server should perform authentication for users located at that branch office. Each branch office server should be configured to minimize the amount of Active Directory information that will be compromised in the event that the server is stolen. Each branch office server should be configured to minimize the amount of user data that will be compromised in the event that the server is stolen. What should you do?
Install a read-only domain controller (RODC) in each branch office. Configure the hard drive to use BitLocker drive encryption.
You manage a network with a single Active Directory domain named eastsim.com. Your company has a single office in Dallas. You open a second office in San Antonio. The San Antonio location is connected to the Dallas location by a WAN link. All user and computer accounts in the branch office are members of the eastsim.com domain. You did not install a domain controller in the branch office. Recently, the WAN connection between Dallas and San Antonio went down. During the outage, several problems existed because of the lack of a domain controller in the San Antonio location. You want to eliminate these problems in the future. You want to ensure that user passwords are cached on a server in San Antonio and that directory service replication only happens from Dallas to San Antonio. Changes should not be made in San Antonio and replicated back to domain controllers in Dallas. What should you do?
Install a read-only domain controller (RODC) in the branch office.
You need to be able to create standard Windows Server containers on a Windows Server 2016 system that is using the Desktop Experience deployment. Which of the following tasks must be completed on the server? (Select two. Each correct answer is part of the complete solution.)
Install the Containers feature., Download and install the Docker engine.
An application developer needs a container for testing a server application that is designed to run on a Windows server in a Server Core deployment. The developer has a Windows 10 Professional workstation. Which of the following must be done on this workstation before the developer can deploy a Server Core container? (Select two. Each correct answer is part of the complete solution.)
Install the Containers feature., Install the Hyper-V role.
You are the manager for the westsim.com domain. Your company has just started a collaborative effort with a partner company. Their network has a single domain named eastsim.com. You decide to implement Active Directory Federation Services (AD FS) to allow users in the partner organization to access a Web application running on your network. You have three servers available, Srv1, Srv2, and Srv3. Srv3 is a web server that runs the claims-aware application. You want to use the Federation Service Web Application Proxy service in your design. You want to use the least number of servers possible. What should you do?
Install the Federation Service on Srv1. Install WAP and the claims-aware web agent on Srv3.
Under which security option category would you enable a prompt for users to change their password before it expires?
Interactive logon.
What is the web application proxy's job?
Intercepts outside traffic that's headed to internal applications.
Software developers in your organization want to use Hyper-V to create virtual machines to test their new code. You need to add a virtual switch to the system. The virtual switch must allow communication between virtual machines running on the hypervisor, as well as with the hypervisor host itself. However, to contain the effects of bugs that may arise with the code being tested, you want to isolate the virtual machines from other hosts on the physical network. Click on the type of virtual switch you should create.
Internal
Which of the following facilitates transitive connectivity for virtual networks in an Azure WAN solution?
Intra-cloud connectivity
Which of the following statements about Dynamic Host Configuration Protocol (DHCP) are true? (Select two.)
It can deliver other configuration information in addition to IP addresses., A DHCP server assigns addresses to requesting hosts.
Which of the following is TRUE regarding a Hyper-V replica?
It contributes to a disaster recovery strategy by replicating virtual machines.
Your network consists of a single Active Directory domain. The OU structure of the domain consists of a parent OU named HQ_West and the child OUs Research, HR, Finance, Sales, and Operations. You have created a Group Policy Object (GPO) named DefaultSec, which applies security settings that you want to apply to all users and computers. You have created a second GPO named HiSec, which has more restrictive security settings that you want to apply to the HR and research departments. Both GPOs use custom security templates. You also want to ensure that strong password policies are applied to all client computers. How should you link the GPOs to the OUs? (Select three. Each correct answer is part of the complete solution.)
Link DefaultSec to the HQ_West OU., Configure password policies on a GPO linked to the domain., Link HiSec to the HR and Research OUs.
You are managing rights on a standalone server. You want to make changes to the settings of the Restore files and directories policy. Which of the following is the tool you must use to make changes to this policy?
Local Group Policy Editor
Which built-in local user account is a member of the local Administrators group?
Local System
What is the order of precedence for group policy processing?
Local group policy, Site policy, Domain policy, OU policy
Drag each Active Directory term on the left to its corresponding definition on the right.
Logical organization of resources - Organizational Unit Collection of network resources - Domain Collection of related domain trees - Forest Resource in the directory - Object Group of related domains - Tree
You are the network administrator for a network with a single Active Directory domain and a default site configuration. Your domain consists of three domain controllers, two at the company headquarters in Los Angeles and one in New York. Active Directory Domains and Trusts shows that all three domain controllers are replicating without errors. You have implemented a group structure using Microsoft's recommendation. You have global groups, which are members of universal groups. The universal groups are members of domain local groups. You have assigned permissions to the domain's local groups. Users in Los Angeles aren't reporting any difficulties logging in and accessing local resources. However, users in New York report that login is very slow and that resource access is also very slow as well, even for local resources. You want to improve login and resource access performance for New York users. What should you do? (Select two. Each answer is part of the complete solution.)
Make the domain controller in New York a Global Catalog server., Create two sites, one called Los Angeles and one called New York. Assign the IP subnet in use at each location to the appropriate site.
Which of the following is a potential use for the restricted group policy?
Manage the membership of local groups on domain member servers and workstations.
Select the container in Active Directory where group-managed service accounts are created by default.
Managed Service Account
You need to view resource usage for a Hyper-V virtual machine named AccServer that is running on a Windows Server system. Which PowerShell command can you use to do this?
Measure-VM -VMName AccServer
You are managing a Windows Server 2012 virtual machine on a Hyper-V hypervisor host. Dynamic Memory is enabled in the virtual machine's configuration. The virtual machine will run several Web applications that are known to create system memory utilization spikes during heavy use. Because Dynamic Memory is enabled, you are concerned that memory could be unallocated from this virtual machine and reallocated to another, resulting in insufficient memory. You need to ensure that some physical RAM is held in reserve to prevent this from happening. Click the option you would use in the virtual machine's memory configuration to do this.
Memory buffer
Which of the following Azure VM types is ideal for relational database servers?
Memory-optimized
What is stored in a GPO container?
Metadata including the GPO version, when it was created, and how often the computer and user settings were modified.
Which of the following lets you measure virtual adapter traffic sent to or received from a specified address range?
Meter Port ACLs
Which of the following are examples of Type 2 hypervisors? (Select three.)
Microsoft Hyper-V, Oracle VirtualBox, VMware Workstation
Which report includes SQL Server, SharePoint Server, and Exchange Server?
Microsoft workload discovery report
You are the network administrator for corpnet.com. corpnet.com uses a vendor named partner.com. You create a cross-forest trust with Selective Authentication between the corpnet.com Active Directory forest and the partner.com Active Directory forest. On a file server named File1, you create a share named Share1 and assign the following permissions: Partner\SalesUsers - Allow-Modify NTFS permissions. Partner\SalesUsers - Allow-Full Control share permissions. Users in the Partner\SalesUsers group report that they cannot connect to the \\File1\Share1 share. You need to ensure that users in the Partner\SalesUsers group can connect to the share and modify data. What should you do?
Modify the properties of the File1 computer account in Active Directory Users and Computers.
You are deploying Active Directory Domain Services (AD DS) in an Azure virtual network. Which items should you consider when it comes to scalability? (Select two.)
Monitor the VMs and scale up or down when necessary., Configure VMs to the correct size for the network load requirements.
You are the network administrator for westsim.com. The network consists of a single domain. All the servers run Windows Server 2016. All the clients run Windows 10. There is one main office located in Chicago. The main office is protected from the internet by a perimeter network. A server named VPN1 located in the perimeter network provides VPN remote access for external clients. A server named NPS1 has the Network Policy Server (NPS) role installed and provides RADIUS services for VPN1. NPS1 is located in the perimeter network and is configured to use Active Directory for authentication requests. There are three domain controllers on the internal network. A new company policy requires that the firewall between the internal network and the perimeter network be configured to allow traffic only between specific IP addresses. The amount of internal servers that can be contacted from the perimeter network must be kept to a minimum. You need to configure remote access to minimize the number of servers on the internal network that can be contacted by servers on the perimeter network. Your solution should not impact the availability of remote access services. What should you do?
Move NPS1 to the internal network and implement a RADIUS proxy in the perimeter network.
Virtualization offers several advantages for server administrators. As an administrator, your job can be made easier because of the several tasks you can perform on or with a virtual machine instead of on a physical machine. The advantages of virtualization can be organized into the categories listed on the left. Drag the advantage category on the left to the task that matches it on the right. (Each category can be used once, more than once, or not at all.)
Move many physical servers onto a few host servers with many virtual machines. - Server consolidation Verify updates and patches before rolling them out into the production environment. - Testing functions Create a sandboxed environment where malware can be executed with minimal risk to equipment and software. - Isolation Move virtual machines between hypervisor hosts as needed. - Flexibility Create a lab environment that mirrors your production network to see how an application runs before putting it into production. - Testing functions Migrate an older operating system off of aging hardware and into a virtual machine. - Server consolidation
You are a domain administrator for a large multi-domain network. There are approximately 2,500 computers in your domain. Organizational Units (OUs) have been created for each department. Group Policy objects (GPOs) are linked to each OU to configure department-wide user and computer settings. While you were on vacation, another 20 computers were added to the network. The computers appear to be functioning correctly with one exception: the computers do not seem to have the necessary GPO settings applied. What should you do?
Move the computer accounts from their current location to the correct OUs.
Match each zone type on the left with the corresponding characteristics on the right. Each zone type may be used once, more than once, or not at all.
Multiple servers hold read-write copies of the zone data - Active Directory-integrated The only writeable copy of the zone database - Primary A read-only copy of the zone database - Secondary Initates zone transfers - Secondary The replication scope specifies domain controllers that can receive a copy of zone data - Active Directory-integrated
Which of the following are the responsibilities of the domain naming master? (Select three.)
Must be accessible to add or remove a domain from the forest., Ensures that domain names are unique., Must be a global catalog server if it resides in a multiple domain environment.
VPN tunneling protocols encrypts packet contents and wraps them in an unencrypted packets. Which of the following networking devices or services prevents (in most cases) the use of IPsec as a VPN tunneling protocol?
NAT
Which of the following is a UDP-based protocol that uses an IP helper to perform the same actions as a DHCP relay agent?
NTP
Click on the menu option that allows you to enable bandwidth management.
Network Adapter
For most of the year, the AccSrv virtual machine is only lightly utilized. However, at quarter-end and year-end, it is heavily utilized as accountants in your organization prepare reports and reconcile accounts. You need to ensure the virtual network adapter in this virtual machine has sufficient bandwidth available for these peak periods, so you decide to enable bandwidth management on the adapter. Click the option you would use in the virtual machine's settings to do this.
Network Adapter
You are configuring the network for an Azure virtual machine. Which resource holds a list of access control list (ACL) rules?
Network security group
You are the network administrator for your company. There is one main office and seven branch offices. You have been asked to create a script that can be used in the event of a disaster that destroys the entire network. The script must be able to recreate the company's Active Directory users, computers, and groups, as well as sites and subnet objects. Which command should you use in your script?
New-ADObject
You are working in PowerShell on a Windows Server 2016 domain controller. You need to create a group-managed service account that will be used by a new service that you will install later on the server. Which cmdlet should you use to do this?
New-ADServiceAccount
Which of the following administrative models for a RODC provides the most security in small branch location?
No accounts cached model
Which options are associated with CredSSP authentication?
No additional configuration, Must sign in on source server
You want to implement Hyper-V so you can create a lab environment that mirrors your production network for testing applications before deploying them into your production environment. You're planning on having four virtual Windows Servers in this lab environment. You plan to use a file server already in production to create your first Hyper-V host system. You have a system with the following specifications and OS installed: A 64-bit processor with second-level address translation (SLAT). VM monitor mode extensions. UEFI that supports virtualization with the following features:Hardware-assisted virtualization with Intel VT.Data Execution Prevention (DEP) enabled with Intel Execute Disable Bit (XD). 64 GB RAM. Windows Server 2016 Standard edition with the Server Core deployment. Is this system a good choice for hosting your lab environment?
No, best practice suggests that the system should be a dedicated hypervisor host with only the Hyper-V role installed.
You are working in PowerShell on a Windows Server 2016 domain controller. You need to create a new group-managed service account to be used by a new application that will be installed later on the Windows 7 workstations that are members of the domain. The domain functional level is set to Windows Server 2008. Can you do this?
No. Group managed service accounts cannot be used by Windows operating systems prior to Windows 8.
You want to create a cluster using two virtual machines. You perform the following steps: Create two virtual machines on the same Hyper-V host. Configure a private virtual switch and connect each VM to it. Install the Windows Server operating system on each VM. Add the Failover Clustering role on each VM. Launch Failover Cluster Manager. Begin the validation process for this configuration by selecting the two VMs as nodes in the cluster. When you run the validation tests, will this configuration pass?
No. There is no shared storage device configured for the cluster nodes to use.
You want to implement Hyper-V so you can create a lab environment that mirrors your production network for testing applications before deploying them into your production environment. You're planning on having four virtual Windows servers in this lab environment. Your lab environment will need access to the physical network and the Internet. You plan to use hardware that you already have on hand to create your first Hyper-V host system. You have an unused system with the following specifications and OS installed: A 64-bit processor with second-level address translation (SLAT) VM monitor mode extensions UEFI that supports virtualization with the following features:Hardware-assisted virtualization with Intel VTData Execution Prevention (DEP) enabled with Intel Execute Disable Bit (XD) 64 GB RAM Windows Server 2016 Standard edition with the Server Core deployment A single 1 Gbps network adapter Is this system a good choice for hosting the lab environment you plan to build?
No. When guest systems need network access, best practice suggests that a host should have its own network adapter and an additional network adapter for every four virtual machines.
The sales department in your organization needs you to deploy a new web-based contact management application for them. The application runs on Windows Server 2012. You don't have a budget for new hardware, but you do have unused licenses available for this operating system. You decide to create a new virtual machine on an existing Windows Server 2016 Hyper-V host in your network. You created the virtual machine as follows: Generation 1 virtual machine 200 GB virtual IDE hard disk (VHDX) for the system volume 1 TB virtual SCSI hard disk (VHDX) for application data IDE virtual optical drive Windows Server 2012 After several months in production, you decide that you would like to implement the Secure Boot feature in the virtual machine. You know this feature is only available on Generation 2 virtual machines, so you decide to upgrade the virtual machine and then implement the new feature. Will this configuration work?
No. You cannot change the generation of a virtual machine after it has been created.
You want to implement Hyper-V so you can create a lab environment that mirrors your production network for testing applications before deploying them into your production environment. You're planning on having four virtual Windows servers in this lab environment. You plan to use hardware that you already have on hand to create your first Hyper-V host system. You have an unused system with the following specifications and OS installed: A 64-bit processor with second-level address translation (SLAT). VM monitor mode extensions. UEFI that supports virtualization with the following features:Hardware-assisted virtualization with Intel VT.Data Execution Prevention (DEP) enabled with Intel Execute Disable Bit (XD). 4 GB RAM. Windows Server 2016 Standard Edition with the Desktop Experience deployment. Will this system allow you to create your lab environment?
No. You need more RAM to support four virtual machines.
Which of the following UAC levels prompts the user only when a program tries to change the computer or a program not included with Windows attempts to modify Windows settings?
Notify me only when apps try to make changes to my computer (do not dim my desktop)
When a device renews its DHCP lease, which two steps in the DHCP process are skipped?
Offer, Discover
The Djoin command is used in which of the following methods for adding computer accounts to Active Directory?
Offline domain join
Each computer has a password that is automatically generated when the computer joins the domain. When the computer boots, this password is used to authenticate the computer to the domain and establish a secure channel between the computer and the domain controller. Where is this password stored?
On the local computer and in Active Directory.
Listen to exam instructions In a hybrid network that consists of an on-premises network and an Azure networked environment, which devices can query Azure DNS?
Only Azure virtual network clients.
Which of the following authentication protocols transmits passwords in cleartext and is considered too unsecure for modern networks?
PAP
Organizations want to make applications available to users without having to install the application on each user's computer. This can be done using Remote Desktop Gateway applications with a web interface. Which authentication mode skips the normal authentication request and passes the request to the server that hosts the application?
Pass-through
Which of the following password synchronization options in Azure AD Connect require an authentication agent to be installed?
Passthrough authentication
Which of the following password synchronization options in Azure AD Connect stores the user's credentials in Azure AD?
Password hash authentication
Which Azure AD Connect option uses the following password synchronization process? Active Directory creates a hash for a user's password, then Azure AD Connect makes a cryptographic hash of the local hash and stores that cryptographic hash in Azure AD.
Password hash synchronization
Which of the following password synchronization options provided by Azure AD Connect is the simplest for both the administrator to set up and for the user to use, for access to cloud apps and AD resources?
Password hash synchronization
Which of the following is one of the BEST benefits of a group managed service account over a basic domain user account used for a service?
Passwords are managed and reset automatically.
You are the network administrator for Corpnet.com. The network has two servers that run Windows Server. They are named HV1 and HV2. Both servers are running the Hyper-V role and are members of a cluster named Cluster1. HV1 hosts a virtual machine running a Windows server named VM1. HV1 is running low on space. You would like to transfer the VHD file for VM1 to HV2 while you requisition additional space. VM1 must remain available while space is added to HV1. What should you do?
Perform a storage migration.
Which of the following is true regarding the primary zone?
Permission is required to get a copy of the zone.
You need to add additional disk space to the AccServ virtual machine running on a Windows server. To accomplish this, you decide to create a pass-through disk. Click the option you would use in the virtual machine's settings screen to do this.
Physical hard disk
You need to failover a virtual machine running on a Windows Server hypervisor host using the following parameters: The latest changes made to the primary virtual machine must be replicated to its replica virtual machine. The primary virtual machine must be brought down. The replica virtual machine starts, which transfers the workload from the primary server to the replica server with no loss of information. Which type of failover should you use?
Planned
When you create a computer account in a specific OU, and the computer is matched to the already-created computer account when it joins the domain, you are using which of the following methods?
Pre-stage account method
You have just ordered several laptop computers that will be used by members of the programming team. The laptops will arrive with Windows installed. You want the computer account for each new laptop to be added to the Developers OU in Active Directory. In addition, you want each programmer to join their new laptop to the domain. What should you do?
Pre-stage the computer accounts in Active Directory. Grant the programmers the rights to join the workstation to the domain.
You are the network administrator for westsim.com. The network consists of a single Active Directory domain. A user named Mary Merone is working on location in Africa. She calls to report that her laptop has failed. The hardware vendor replaced the laptop, and now you need to join the new computer to the domain. However, there is no connectivity from the current location to the domain. You must ensure that the laptop is joined to the domain immediately, even if it cannot be physically connected to a domain controller. What should you do first?
Prepare the computer to perform an offline domain join by creating an Active Directory account for the computer using the Djoin /provision command.
You manage the network with a single Active Directory domain. You have installed a read-only domain controller in your branch office. As part of the configuration, you added the Sales Users group and the Sales Computers group as members of the Allowed RODC Password Replication Group group. You get a call from a user in the branch office saying that she can't log on. You verify that her user and computer accounts are members of the correct groups. You check and find that the WAN link to the branch office is down. You need to modify the configuration so that the user can log on even when the WAN link is down. What should you do?
Prepopulate passwords on the RODC.
Scoping allows you to target a given GPO to specific users and/or computers. Drag the scoping method on the left to the appropriate description on the right. (Methods can be used once, more than once, or not at all.)
Prevents settings in GPOs linked to parent objects from being applied to child objects. - Block Inheritance Causes computer settings to be reapplied after user login. - Loopback Processing Prevents inheritance from being blocked for a specific GPO. - Enforced Causes computer settings to take precedence over user settings. - Loopback Processing
Which zone contains authoritative DNS records that can be changed and copied to other zones?
Primary zone
When implementing an Azure AD application proxy, where must CNAME records be created?
Public DNS
You have just started a new job as the administrator of the eastsim.com domain. The manager of the accounting department has overheard his employees joke about how many employees are using "password" as their password. He wants you to configure a more restrictive password policy for employees in the accounting department. Before creating the password policy, you open the Active Directory Users and Computers structure and see the following containers and OU: eastsim.com Built-in Users Computers Domain Controllers Which steps must you perform to implement the desired password policy? (Select three. Each correct answer is part of the complete solution.)
Put the accounting employees user objects into the OU created for the accounting employees., Configure the password policy and link it to the OU created for the accounting employees., Create an OU in eastsim.com for the accounting employees.
During which migration type is the virtual machine paused?
Quick migration
Which of the following are differences between RADIUS and TACACS+?
RADIUS combines authentication and authorization into a single function, while TACACS+ allows these services to be split between different servers.
Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (Select two.)
RADIUS, TACACS+
You have a computer running Windows. Prior to installing some software, you turn off User Account Control (UAC), reboot the computer, and install the software. You turn UAC back on, but it does not prompt you before performing sensitive actions. You want the protection of UAC, but it is not working at all. What should you do?
Reboot the machine.
You are considering implementing NIC Teaming in a virtual machine running in Hyper-V. The virtual machine is configured with 8 GB of system RAM, a 1 TB virtual hard disk file, and four virtual network adapters. You want to use all of the network adapters in the team to provide load balancing and failover. What should you do?
Reduce the number of virtual NICs in the team to two.
You want to make applications available to your company employees without having to install the application on each employee's computer. You can do this by using which of the following?
Remote Desktop Gateway applications
You often travel away from the office. While traveling, you would like to use a modem on your laptop computer to connect directly to a server in your office to access needed files. You want the connection to be as secure as possible. Which type of connection do you need?
Remote access
What does a remote access server use for authorization?
Remote access policies
Which of the following are the specific users for which the AD application proxy is designed?
Remote users that need access to legacy applications.
You are the administrator for a large single-domain network. You have several Windows Server domain controllers and member servers. Your 3,500 client computers are Windows workstations. Today, one of your users has called for help. It seems that their computer is reporting that trust cannot be established between their Windows computer and the domain controller. The user is unable to log on to the domain. You examine the computer's account using Active Directory Users and Computers, and there is nothing obviously wrong. You need to allow this user to log on to the domain. What should you do?
Reset the computer account and rejoin the domain.
You have a laptop that you use for remote administration from home and while traveling. The laptop has been joined to the domain using the name of AdminRemote. The processor in your laptop overheats one day, causing extensive damage. Rather than repair the computer, you purchase a new one. The computer arrives, and you edit the system properties and name it AdminRemote. When you try to join the computer to the domain, you receive an error message and are unable to proceed. What should you do?
Reset the computer account in Active Directory.
You are a network technician for a small consulting firm. Many users have reported issues with accessing the network. After some initial troubleshooting, you discover that many devices have the same IP address assigned or incorrect IP configurations. Which of the following would be the MOST likely cause for this?
Rogue DHCP server
Prior to installing Active Directory on your network, you set up a test network in your lab. You created several user accounts that correspond to actual network users. Now that your test is done, you'd like to move all user accounts from your test network to a new domain that you've just installed. You decide to use the Ldifde command to import the user accounts into the production domain. You want to set passwords for the new user accounts. How can you perform this task with the least amount of effort?
Run Ldifde to export the user accounts. Run Ldifde to import the user accounts. Edit the .ldif file to specify user account passwords. Run Ldifde to modify the existing accounts.
You need to copy files to a VHD file that contains a Windows installation. Which of the following steps can you use to make this possible?
Run diskpart.exe and then use the list, select, and attach commands.
You are an administrator for the northsim.com domain. The domain has two domain controllers, DC1 and DC2. DC1 is located in the main office, and DC2 is located in a branch office. You work in a branch office and manage the network there. The main office is connected to the branch office with a WAN link. A site object has been created for each location. The DEFAULTIPSITELINK object connects the two locations. To reduce WAN traffic, replication between sites occurs between 8:00 p.m. and 5:00 a.m. The branch office has recently hired three new employees. An administrator in the main office has created the user accounts. However, users are unable to log on. You need to make sure the users can log on as soon as possible. What should you do?
Run repadmin /replicate DC2 DC1.
You are the network administrator. The network consists of a single Active Directory domain. All the servers run Windows Server 2016, and all the clients run Windows 10. Company policy requires all users in the domain to change their passwords every 30 days. An application named App1 uses a service account named App1Svc. Every 30 days, App1 fails. When the App1Svc account password is reset, the application works fine. You need to prevent App1 from failing in the future without compromising corporate security standards. What should you do?
Run the New-ADServiceAccount cmdlet.
Which of the following is equipment that facilitates branch connectivity for an Azure WAN solution?
SD-WAN CPE
There are several terms used to describe Azure AD application proxy services. Which of the following terms refers to a service that provides trust to a user's browser while accessing a website or application?
SSL certificates
The Srv1 server runs Hyper-V and has several virtual servers installed. Currently, most virtual servers are used for testing purposes. The physical system is running out of memory because of all of the virtual machines that are currently active. You want to stop three virtual machines to free up system resources. You want to stop the virtual machines so that all open applications are still open and running when they start again. What should you do?
Save the virtual machine.
Which of the following roles are forest roles? (Select two.)
Schema master, Domain naming master
You have been put in charge of providing a VPN solution for all members of the sales team. Sales team members have been issued new laptop computers running Windows 10. All remote access servers run Windows Server 2016. The salesmen have been complaining that with the previous VPN solution, there were many times that they were unable to establish the VPN solution because the hotel or airport firewalls blocked the necessary VPN ports. You need to come up with a solution that will work in most instances. Which VPN method should you choose?
Secure Socket Tunneling Protocol (SSTP)
You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. You would like to configure all computers in the Sales OU to prevent the installation of unsigned drivers. Which GPO category would you edit to make the necessary changes?
Security Options
As a network administrator you would like to allow only the group of HR users from another forest the right to authenticate to the resources within your forest. Which of the following security settings would be the best choice for allowing the needed access but also following the principle of least privilege?
Selective authentication
What is the first thing a device does when it connects to a network?
Sends a DHCP Discover packet
You have not yet installed Active Directory Domain Services (ADDS) on a new Windows Server system. You are planning to use the computer as a domain controller in Active Directory. Which of the following steps is it recommended that you perform before you install the ADDS role? (Select two.)
Set the system time and time zone., Configure the computer name.
Which of the following is a Hyper-V created virtual machine that prevents unauthorized administrators from accessing the VM?
Shielded VM
If you want to increase the speed of authentication and resource access between two domains within the same forest, which of the following is the best trust to create manually?
Shortcut trust
Which of the following is TRUE regarding a test failover?
Should be performed monthly.
Which of the following are standard VPN types used for implementing an Azure WAN solution? (Select two.)
Site-to-site Private connectivity
Which of the following is true about Active Directory sites?
Sites are linked to one or more subnets.
Which Hyper-V feature found in Windows Server provides temporary memory that allows a virtual machine to restart even when there is not enough physical memory available?
Smart Paging
You want to use Hyper-V to create two virtual machines that each use a common parent installation. Listed below are the steps necessary to complete the configuration. Drag each required step from the list on the left to the spaces on the right. Use only the necessary steps to complete the configuration.
Step 1 - Create one fixed disk. Step 2 - Create the virtual machine(s). Step 3 - Install the operating system. Step 4 - Make the disk(s) read only. Step 5 - Create two differencing disks. Step 6 - Create the virtual machine(s).
Put the continuous delivery and continuous integration workflow in the correct order.
Step 1: Azure Pipelines is automatically triggered to build and test new jobs. Step 2: VM applications push to the VM Registry. Step 3: Azure DevTest Labs manages the application deployment and test environment. Step 4: Application changes are deployed to the production environment. Step 5: Azure Monitor collects data in the form of logs and metrics.
Put the steps to configure a DNS private resolver in Azure in order.
Step 1: Configure two subnets in Azure. Step 2: Create the forwarding rules. Step 3: Create a conditional forwarder.
You need to configure WAP to forward requests to AD FS servers that are not accessible from the internet. Arrange the WAP configuration tasks that you need to complete on the left in the appropriate order on the right.
Step 1: Export the internal AD FS server certificate. Step 2: Import AD FS server certificate. Step 3: Configure an SSL certificate on the default IIS website. Step 4: Add an entry for the AD FS server to the hosts file. Step 5: Install the AD FS Proxy role service. Step 6: Configure the AD FS Proxy. Step 7: Configure DNS records.
Which of the following is true regarding stretching a subnet?
Stretching a subnet is another term for extending a subnet from on-premise to Azure.
You are configuring a NIC team that is being used for failover only and not bandwidth aggregation. Which NIC teaming configuration must you use?
Switch-independent teaming
There are several terms used to describe Azure AD application proxy services. Which of the following terms refers to a cryptographic protocol that provides end-to-end security of data sent between applications over the internet?
TLS 1.2
You currently manage a virtual machine named VM18 that has been installed on the Srv5 physical server. The virtual machine runs Windows Server and a custom application. You receive an update to the application. You want to save the current state so if the update causes any problems, you can easily revert back to the state before the update was installed. What should you do?
Take a snapshot of the virtual machine.
Group Policies can be used to set the same notification levels at the domain level that can be set for local machines using the User Account Control (UAC) tool. You need to configure the Notify me only when programs try to make changes to my computer notification level using Group Policy. Which of the following Group Policies must be set to complete this configuration?
The Behavior of the elevation prompt for administrators in Admin Approval Mode policy setting is set to Prompt for consent for non-Windows binaries. The User Account Control: Switch to the secure desktop when prompting for elevation policy setting is enabled.
You manage a single domain running Windows Server. You have configured a restricted Group Policy as shown in the image. When this policy is applied, which actions will occur? (Select two.)
The Desktop Admins group will be made a member of the Backup Operators group., Any other members of the Backup Operators group will be removed.
You are a network administrator for a small company. All servers are running Windows Server 2016. All clients are running Windows 10. Your company has just opened a branch office in a different part of the country. To provide access to network resources between sites, you have determined that a Windows Server 2106 site-to-site VPN using a Remote Access Services (RAS) gateway would work best for your needs. Before creating the site-to-site VPN, what must you install first? (Select two.)
The Remote Access role The DirectAccess and VPN (RAS) role service.
Which of the following BEST describes the few accounts cached administrative model?
The administrative overhead of this model is greater because administrators must manually add users (or preferably groups) to the allowed list.
A client computer comes onto the network and first looks in its own site for a domain controller. A domain controller is not found within its site. Only the default settings are configured. Which of the following is most likely to happen next?
The client computer will search randomly for a domain controller in any site.
Site-link cost is determined by which of the following?
The speed of the link
User Account Control (UAC) is a tool that generates an alert when a task or operation needs administrative privileges. You use the UAC settings in Control Panel to configure the sensitivity of UAC. Drag the UAC notification level on the left to the appropriate description of what it does on the right.
The user is prompted only when programs try to make changes to the computer or Windows settings. The secure desktop is not displayed. - Notify me only when apps try to make changes to my computer (do not dim the desktop) A UAC prompt and the secure desktop are displayed for 150 seconds. The user cannot perform any other actions until they respond to the prompt. - Always notify The user is prompted only when programs try to make changes to the computer or Windows settings. The secure desktop is displayed for 150 seconds. - Notify me only when apps try to make changes to my computer If logged on as a standard user, all actions requiring privilege elevation are automatically denied. - Never notify
Which of the following is true when using group managed service accounts?
There are no domain or forest functional level requirements for using group managed service accounts.
Which of the following is true about forest trusts?
They are also called interforest trusts.
Match the group name on the left with the correct descriptions on the right.
This policy does not remove the restricted group from other groups. - Members of Any user included in the list who is not currently a member of the restricted group becomes a member of the restricted group automatically when the policy is applied. - Members Any user not included in the Members list is removed from the restricted group. The exception is the administrator in the Administrators group. - Members You can use this option to define membership in a local group by adding a restricted group. - Members of The restricted group to be added to the local group must be a group defined in Active Directory. - Members of
There are two restricted group properties that an administrator can define - members and members of. Which of the following is true about the members of property?
This policy ensures that the restricted group is a member of the defined groups but does not remove the restricted group from other groups.
When applying Group Policy in Active Directory, which of the following is true?
Through inheritance, settings applied to the domain or parent OUs apply to all child OUs and objects within those OUs.
In the basic naming convention for Azure VM sizes, what do the s, t, i, and c stand for? (Select four.)
Tiny memory Confidential Isolated size Premium Storage capable
When configuring a DNS private resolver in Azure, what are the two subnets used for? (Select two.)
To act as the inbound endpoint with the on-premises DNS server., To act as the outbound endpoint with the on-premises DNS server.
When configuring a DNS private resolver in Azure, what is the purpose of the forwarding rules?
To allow the Azure DNS to communicate with the on-premises DNS server.
Your network currently has the following Active Directory domains: westsim.com, emea.westsim.com, uk.emea.westsim.com, and us.westsim.com. Your company is closing its offices in the United States. Previously, most of the network administration took place in that office. Now all IT administration will take place in your London office. You have removed all domain controllers from the us.westsim.com domain except for the DC1 server. This server hosts the following roles: RID master PDC emulator Domain naming master Infrastructure master Prior to removing Active Directory from the domain controller, you need to transfer the necessary operation master roles to servers in the westsim.com domain. The westsim.com domain has the following domain controllers: WS1, WS2, WS3, and WS4. All servers are also global catalog servers except for WS3. What should you do to prepare for Active Directory removal on DC1?
Transfer the domain naming master to WS1, WS2, or WS4.
Your network currently has two domains, eastsim.com and sales.eastsim.com. You need to remove the sales.eastsim.com domain. You have removed all domain controllers in the domain except for the DC1.sales.eastsim.com server. This server holds the following infrastructure master roles: RID master PDC emulator Infrastructure master Domain naming master You are getting ready to remove Active Directory from DC1. What should you do first?
Transfer the domain naming master to a domain controller in eastsim.com.
Which of the following allows connections to be made between VNets to facilitate an Azure WAN solution?
Transitive connectivity
Match the type of VPN with its description.
Two hosts establish a secure channel and communicate directly. - Host-to-host Routers on the edge of each site establish a VPN with the router at the other location. - Site-to-site Allows individual users to establish secure connections with a remote computer network. - Remote access
You have implemented an Azure extended network with a firewall between on-premise and the cloud. Which port do you need to open?
UDP 4789
Which of the following strategies do we use to prevent duplicate IP addresses from being used on a network? (Select two.)
Use Automatic Private IP Addressing (APIPA)., Install a DHCP server on the network.
You want to view, but not modify, the Windows installation and data files in a VHD file. What should you do?
Use Disk Management to attach the VHD file as read-only.
You want to give the TPlask user the right to log on to any of the domain controllers in your domain and gain access to the desktop. This user does not belong to any of the default groups that have the Allow log on locally right by default. Which of the following steps can you take to give the Allow log on locally right to this user? (Select two. Each correct answer is a complete solution.)
Use Group Policy Management Editor to add the TPlask user account to the Allow log on locally policy., Use Active Directory Users and Computers to add the TPlask user account to the Administrators group.
You want your mobile devices to have a shorter lease duration than your desktop computers. You are using IPAM to manage your DHCP servers. How can you accomplish this task?
Use IPAM to create a DHCP policy.
You are deploying Active Directory Domain Services (AD DS) in an Azure virtual network. Which items should you consider when it comes to availability? (Select two.)
Use standby operations master on at least one server., Deploy VMs that run AD DS in two Availability Zones at the minimum.
You are the network administrator for corpnet.com. All of your servers run Windows Server 2016. You have a server named IPAM1 that has the IPAM feature installed on it. You need to configure IPAM1 to detect the DHCP and DNS servers in the corpnet.com domain. What should you do first?
Use the Configure server discovery link.
You are the administrator of a network with a single Active Directory domain. The domain currently includes 75 user accounts. You have been asked to add 50 additional accounts. Your Human Resources manager has an existing database of employees that can be imported to Active Directory. You would like to use an automated method for data import if possible. What should you do? (Select two. Each choice is a complete solution.)
Use the Ldifde.exe utility., Use the Csvde.exe utility
You are the network administrator for Corpnet.com. You have several virtual machines hosted on a VMware platform. You have installed a new Windows server that has the Hyper-V role installed. You need to migrate the VMware virtual machines to Hyper-V. What should you do?
Use the Microsoft Virtual Machine Converter (MVMC) tool.
Which of the following functions is available when using an RODC?
Use the RODC to provide a secure mechanism for granting non-administrative users rights.
You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. You have two OUs that contain temporary users, TempSales and TempMarketing. For all users within these OUs, you want to restrict what the users are able to do. For example, you want to prevent them from shutting down the system or accessing computers through a network connection. Which GPO category would you edit to make the necessary changes?
User Rights
Select the policy node you would choose to configure who is allowed to manage the auditing and security logs.
User Rights Assignment
If a standard user tries to perform an administrative task, they will be prompted to enter administrative credentials. Which security option is responsible for this prompting?
User account control
Before creating an Azure AD application proxy, which of the following is ALWAYS required?
Users must be synched from on-premise AD to Azure AD, or users must be created in Azure AD.
You want to use Restricted Groups to manage the membership of local groups on the domain member servers that you manage. You can define a restricted group in one of two ways: Members of this group This group is a member of The This group is a member of option is the preferred method for most use cases. Which of the following explains why this is the preferred method?
Using the This group is a member of option does not remove existing members of the group if they are not part of the restricted group.
Which of the following are connector types required to deploy an Azure AD application proxy? (Select two.)
VM hosted on any hypervisor On-premise physical hardware
Azure network adapter connection limitations are determined by which of the following? (Select three.)
VPN gateway SKU selected. Encryption algorithm used. Throughput speeds needed.
Which of the following is a traditional VPN setup for an Azure WAN solution?
VPN-CPE
Specific services running within clustered virtual machines can be monitored in Failover Cluster Manager. Before Failover Cluster Manager can be configured to monitor services, you must allow apps and features through the Windows firewall on the virtual machines you want to monitor. The image below shows the Allow apps and features dialog in Windows Server VM. Select the boxes in this dialog that must be enabled to allow Failover Cluster Manager to monitor services on this VM. (Select two.)
Virtual Machine Monitoring, Domain
What are the exceptions to be enabled inside of the firewall when you use virtual machine monitoring? (Select two.)
Virtual Machine Monitoring, Remote Service Management
Which of the following settings allows network traffic received on the virtual network adapter to be distributed across multiple CPU cores?
Virtual Machine Queue (VMQ)
You are configuring AD FS. Which server should you deploy on your organization's perimeter network to allow users to access web applications?
Web Application Proxy
Which service provides filtering based on hardware and software characteristics such as CPU, memory, disk space, registry data, or application data?
Windows Management Interface (WMI) filtering
Which of the following host operating systems can be used as the host of a Server Core Windows Server container? (Select two.)
Windows Server 2016 Desktop Experience, Windows Server 2016 Server Core
You are the network administrator for westsim.com. The network consists of a single Active Directory domain. All of the servers run Windows Server 2016. All of the clients run Windows 10. Clients routinely access a web application on a server named web1.westsim.com. During the course of the business day, you receive complaints that users attempting to access web1.westsim.com were directed to an unknown IP address on the internet. They accessed a website that looked similar to the web application on web1.westsim.co, but were provided with no functionality. After researching the internet IP address, you find it belongs to a group of attackers suspected of hacking into company websites. You determine that the compromise occurred because of DNS cache poisoning. To protect the server, you need to ensure that cache records on the DNS server cannot be overwritten until the Time to Live (TTL) period has expired. What should you do?
You should implement the DNS cache locking feature.
You are the network administrator for westsim.com. The network consists of a single Active Directory domain. All the servers run Windows Server 2016. All the clients run Windows 10. The company has one main office. There is one server named DNS1 with the DNS Server role installed. A new company security directive states that servers should not use port 49308. All other port ranges are acceptable and should not be excluded. You need to configure DNS1 to adhere to the new security requirement without any loss of DNS functionality. What should you do?
You should set the SocketPoolExcludedPortRanges setting in the registry on the DNS servers to 49308-49308.
In following a best practice approach to organizing your sites in your Active Directory network, you would normally organize by which of the following ways?
You would match the site link design to the physical network with a site link for each WAN link.
Which PowerShell cmdlet should you use to add a service to the list of services monitored by the failover cluster? Enter the PowerShell cmdlet.
add-ClusterVMMonitoredItem
You manage a single-domain network with a domain named widgets.com. You have received funding to upgrade all of your domain controllers from Windows Server 2003 to Windows Server 2012 R2. You upgrade all domain controllers to Windows Server 2012 R2. You then set the domain and forest functional levels to Windows Server 2012 R2. You decide to migrate from FRS replication to DFS replication using a staged migration approach. Which command would you run to use both DFS and FRS replication, with DFS replication being the primary replication method?
dfsrmig /setglobalstate 2
Consider the following output. ;; res options: init recurs defnam dnsrch;;got answer:;;->>HEADER<<-opcode:QUERY, status; NOERROR,id:4;;flags: qr rd ra; QUERY:1, ANSWER:1, AUTHORITY:2, ADDITIONAL:0;;QUERY SECTION:;; westsim111.com, type = A, class = IN;;ANSWER SECTION:westsim111.com. 7h33m IN A 76.141.43.129;;AUTHORITY SECTION:westsim111.com. 7h33m IN NS dns1.deriatct111.com.westsim111.com. 7h33m IN NS dns2.deriatct222.com.;;Total query time: 78 msec;;FROM: localhost.localdomain to SERVER: default -- 202.64.49.150;;WHEN: Tue Feb 16 23:21:24 2005;;MSG SIZE sent: 30 rcvd: 103 Which of the following utilities produced this output?
dig
You perform the following to prepare to deploy the Windows Containers feature on your Windows Server 2022 system: Install the required roles and features. Perform the Docker installation and configuration process. After completing these steps, you want to verify that everything needed for deploying Windows Containers has been successfully installed. Enter the command you would use at an elevated command prompt to complete this verification. (Use lower-case characters only.)
docker info
Which of the following Docker commands is used to display information about all the containers currently running on the container host?
docker ps
Docker is used to deploy and manage containers on a container host. Docker is composed of three components. Which of the following Docker components is used from the command line of the container host to deploy and manage containers?
docker.exe
You are installing the Docker engine on your Windows Server 2022 server. You have completed the following steps: Download the Docker zip file. Extract the Docker zip file to C:\Program Files\docker. Add C:\Program Files\docker to the PATH environment variable. Next, you need to register dockerd.exe as a service. Enter the command you would use to register dockerd.exe as a service. (Use lower-case characters only.)
dockerd.exe --register-service
You are the administrator of a network with a single Active Directory domain. You would like to create a script the Help Desk support staff can use to create domain user accounts. The Help Desk staff will input various user account values, and these values will be used in the script. Which of the following commands should your script include?
dsadd
You are the administrator of a network with a single Active Directory domain. The domain includes a user account named Bob Smith. The network security group has asked you to provide a list of all the domain groups to which Bob Smith is a member. You would prefer to use a command line utility so that the output can be saved and printed. Which command should you use?
dsget
You manage a Windows server that functions as your company's domain controller. Your organization was recently acquired by a larger organization, and the company name has changed as a result. You need to modify the Company property of each user account in Active Directory. Which tools could you use to make this change? (Select two. Each option is a complete solution.)
dsmod, ldifde
Which command should you enter at the command line to directly access the local Group Policy snap-in?
gpedit
Which command should you use to see how a network interface is configured in the command prompt?
ipconfig /all
Which of the following commands do you use to clear the local DNS cache?
ipconfig /flushdns
Which two commands do you use to force a new IP configuration?
ipconfig /release, ipconfig /renew
You have a laptop that you use for remote administration from home and while traveling. The laptop has been joined to the domain using the name of AdminRemote. The processor in your laptop overheats one day, causing extensive damage. Rather than repair the computer, you purchase a new one. The computer arrives, and you edit the system properties and name it AdminRemote. When you try to join the computer to the domain, you receive an error message and are unable to proceed. You want the new computer to be joined to the domain using the same name as the old computer. Which commands should you run?
netdom reset and then netdom join
Which of the following IP address ranges is reserved for Automatic Private IP Addressing (APIPA)?
169.254.0.1 - 169.254.255.254
Consider the following output from a dig command run on a Linux system. ; <<>> DiG 8.2 <<>> westsim111.com;;res options:init recurs defnam dnsrch;;got answer:;;->>HEADER<<-opcode:QUERY, status: NOERROR, id:4;;flags: qr rd ra; QUERY:1, ANSWER:1, AUTHORITY:2, ADDITIONAL:0;;QUERY SECTION:;; westsim111.com, type = A, class = IN;;ANSWER SECTION:westsim111.com. 7h33m IN A 76.141.43.129;;AUTHORITY SECTION:westsim111.com. 7h33m IN NS dns1.deriatct111.com.westsim111.com. 7h33m IN NS dns2.deriatct222.com.;;Total query time: 78 msec;;FROM: localhost.localdomain to SERVER:default -- 202.64.49.150;;WHEN: Tue Feb 16 23:21:24 2005;;MSG SIZE sent: 30 rcvd:103 What is the IP address of the DNS server that performed this name resolution?
202.64.49.150
Drag each binary subnet mask on the left to its appropriate decimal equivalent on the right.
255.0.0.0 - 11111111.00000000.00000000.00000000 255.255.255.128 - 11111111.11111111.11111111.10000000 255.224.0.0 - 11111111.11100000.00000000.00000000 255.255.0.0 - 11111111.11111111.00000000.00000000 255.255.255.252 - 11111111.11111111.11111111.11111100
Which network address and subnet mask does APIPA use? (Select two.)
255.255.0.0, 169.254.0.0
When you enter a ping command at the command prompt how may echo packets are sent?
4
Your network uses a network address of 137.65.0.0 with a subnet mask of 255.255.0.0. How many IP addresses are available to assign to network hosts on this network?
65534
Which protocol is used by a device to ensure that an APIPA address is not already in use on the network?
ARP
You are the network administrator for corpnet.com. All of your servers run Windows Server 2016. You have deployed a server named IPAM1 that has the IPAM feature installed on it. A user named User1 works at the company help desk. You need to enable User1 to view all information in Server Discovery, IP Address Space, and Server Management as well as IPAM and DHCP server operational events. User1 should not be able to view IP address tracking information. What should you do?
Add User1 to the IPAM Users group.
You are the network administrator for corpnet.com. You have three DHCP servers named DHCP1, DHCP2 and DHCP3. Each DHCP server provides services to a different office and is configured with a scope corresponding to the network ID of the office. The main office is assigned addresses from the 192.168.1.0/24 network. The two branch offices are assigned addresses from the 192.168.2.0/24 and 192.168.3.0/24 networks. You have a server named IPAM1 manages the address space for all three offices. All three scopes appear as IP address ranges on the IPAM server. You need to determine the overall utilization of IP addresses across all three offices. What should you do?
Add an IP address block for the 192.168.0.0/16 network.
Which of the following is true regarding the secondary zone?
Always initiates the zone transfer.
At what percentage of the device's lease time does the DHCP renewal process occur?
At fifty percent
You are the network administrator for a small consulting firm. The office network consists of 30 computers, one server, two network printers, and a switch. Due to security concerns, there is no wireless network available in the office. One of your users, Bob, travels to client sites and is generally not in the office. When Bob goes to client sites, he typically just connects to their wireless networks. When he's in the office, Bob connects his laptop to the network with an Ethernet cable. You need to make sure that Bob's laptop is setup so that when he plugs the Ethernet cable into his laptop, no further configuration is needed. Which of the following would be the BEST option to achieve this?
Configure an alternate IP configuration.
You have just received a new laptop at work that you will use on your company network and at home. The company network uses dynamic addressing, while your home network uses static addressing. You connect the laptop to the company network, and everything works fine. When you take your laptop home, you cannot connect to devices on your home network or the internet. You run ipconfig on the laptop and receive the following output: Connection-specific DNS Suffix . :IP Address. . . . . . . . . . . . : 169.254.22.74Subnet Mask . . . . . . . . . . . : 255.255.0.0Default Gateway . . . . . . . . . : You need to be able to connect to both the company network and your home network with the least amount of configuration and cost. What should you do?
Configure an alternate TCP/IP configuration.
You are the network administrator for CorpNet.xyz. The company has a main office and a branch office. All the clients use DHCP to obtain IP addresses. There is a local DHCP server in each office configured with the appropriate scope for that location. The DHCP server in the branch office fails, and users are unable to obtain IP addresses. You need to configure DHCP to meet the following requirements: Users must obtain IP addresses from their local DHCP server if it is operational. Users should be able to obtain IP addresses from the other DHCP server only if the DHCP server in their office is offline. Both servers should contain a copy of the database of client leases for both scopes. What should you do?
Configure both DHCP servers as hot standby failover partners.
You have a network with 50 workstations. You want to automatically configure the workstations with the IP address, subnet mask, and default gateway values. Which device should you use?
DHCP server
You are the network administrator for a single domain with three subnets. Two subnets have all Windows 10 computers. The conference room uses the third subnet. Traveling salesmen come to the conference room and plug in their laptops to gain network access. You have configured a DHCP server to deliver configuration information to hosts on this subnet. DNS is configured for dynamic updates. Over time, you notice that the size of the DNS database continues to grow. It is beginning to have an adverse effect on DNS server performance. What should you do?
Enable scavenging of stale resource records on the zone and the DNS server.
Which of the following DHCP high availability options is ideal for smaller networks?
Hot standby
You manage a network that has multiple internal subnets. You connect a workstation to the 192.168.1.0/24 subnet. This workstation can communicate with some hosts on the private network, but not with other hosts. You run ipconfig /all and see the following: Ethernet adapter Local Area Connection:Connection-specific DNS Suffix . : mydomain.localDescription . . . . . . . : Broadcom network adapterPhysical Address. . . . . . : 00-AA-BB-CC-74-EFDHCP Enabled . . . . . . . : NoAutoconfiguration Enabled. . . : YesIPv4 Address . . . . . . . : 192.168.1.102(Preferred)Subnet Mask. . . . . . . . : 255.255.0.0Default Gateway . . . . . . : 192.168.1.1DNS Servers . . . . . . . : 192.168.1.20192.168.1.27 What is the MOST likely cause of the problem?
Incorrect subnet mask
Your network has a single domain named southsim.com. DNS data for the domain is stored on the following servers: DNS1 holds the primary zone for southsim.com. DNS2 and DNS3 hold secondary zones for southsim.com. All three DNS servers are located on domain controllers. The DNS zone for the domain is configured to allow dynamic updates. You want to allow client computers to send DNS updates to any of the three servers and allow any of the three servers to update DNS records in the zone. What should you do?
On all three servers, change the zone type of the DNS zone to Active Directory-integrated.
You are the network administrator for a large hospital. One of your users, Suzie, calls you stating that she is unable to access any network resources. After some initial troubleshooting, you realize that her computer is using the IP address 169.254.0.52. You've confirmed that the network's physical connection is connected properly. Which of the following should you do next?
Renew the IP address.
You are the network administrator for corpnet.com. All of your servers run Windows Server 2016. You have a server named IPAM1 that has the IPAM feature installed on it. All of the IP addresses in the address block for the 192.168.0.0/16 network appear to be in use. You suspect that some of the IP addresses are available for use on the network. You need to update the IPAM database to show which IP addresses are available. Which action should you take to accomplish this task?
Right-click the IP Address Ranges and then click Reclaim IP Addresses.
You have a computer that runs Windows connected to a domain network. One day, you find that the computer is unable to connect to the internet, although it can communicate with a few other computers on the local subnet. You run the ipconfig command and find that the network connection has been assigned the address of 169.254.12.155 with a mask of 255.255.0.0. Which of the following is the first step to resolving this issue?
Run the ipconfig /release and ipconfig /renew commands.
You are the network administrator for a large hospital. One of your users, Suzie, calls you stating that she is unable to access any network resources. After some initial troubleshooting, you realize that her computer is using the IP address 169.254.0.52. You've performed the following troubleshooting steps so far: Verified physical network connection Attempted to renew the IP address Discovered other devices are experiencing the same issue Which of the following is the MOST likely cause for Suzie's issue?
The DHCP server is misconfigured or down.
Due to widespread network expansion, you have decided to upgrade the network by configuring a DHCP server. The network uses Linux, Windows, and Mac OS X client systems. You configure the server to distribute IP addresses from 192.168.2.1 to 192.168.2.100. You use the subnet mask of 255.255.255.0. After making all setting changes on the DHCP server, you reboot each client system, but none is able to obtain an IP address from the DHCP server. Which of the following options explains the failure?
The clients must be configured to obtain IP addressing from a DHCP server.
Which of the following is true regarding the load balance DHCP failover mode?
When a client requests an IP configuration, a hash is generated using the client's MAC address.
You need to perform a reverse lookup of the IP address 10.0.0.3. Which commands can you use to accomplish this? (Select two.)
nslookup 10.0.0.3, dig -x 10.0.0.3
Examine the following output: Reply from 64.78.193.84: bytes=32 time=86ms TTL=115Reply from 64.78.193.84: bytes=32 time=43ms TTL=115Reply from 64.78.193.84: bytes=32 time=44ms TTL=115Reply from 64.78.193.84: bytes=32 time=47ms TTL=115Reply from 64.78.193.84: bytes=32 time=44ms TTL=115Reply from 64.78.193.84: bytes=32 time=44ms TTL=115Reply from 64.78.193.84: bytes=32 time=73ms TTL=115Reply from 64.78.193.84: bytes=32 time=46ms TTL=115 Which of the following utilities produced this output?
ping
You work in an office that uses Linux and Windows servers. The network uses the TCP/IP protocol. You're sitting at a workstation that uses Windows 10, but an application that you're using is unable to contact a Windows server named FileSrv2. Which command can you use to determine whether your computer can still contact the server?
ping
While working on a Linux server, you're unable to connect to your Windows Server system across the internet. You're able to ping the default gateway on your own network, so you suspect that the problem lies outside of the local network. Which utility would you use to track the route a packet takes as it crosses the network?
traceroute
Which of the following commands should you use to check the route a packet takes between a workstation and the DNS server?
tracert
You have a small network with a single subnet connected to the internet, as shown below. The router has been assigned the two addresses shown. You need to manually configure the workstation to connect to the network. The workstation should use RouterA as the default gateway and DNS1 as the DNS server address. From the drop-down menu options, select the appropriate parameters to configure the workstation's TCP/IP settings.
IP address - 192.168.12.46 Subnet mask - 255.255.255.240 Default gateway - 192.168.12.34 DNS server - 198.162.1.22
You are the network administrator for CorpNet.xyz. Your environment contains a mix of Windows 10 and non-Microsoft clients. All client computers use DHCP to obtain an IP address. Some Windows 10 clients report that they are experiencing DNS issues. When you investigate in the CorpNet.xyz zone, you notice that the IP addresses in the A records for those clients point to non-Microsoft clients. You need to ensure that non-Microsoft clients cannot overwrite the DNS records for Microsoft clients. Non-Microsoft clients must still be able to register records with the DNS servers. What should you do?
Implement DHCP Name Protection on the scope.
You are a systems administrator for your company's network. You have 600 workstations running Windows 10, three DHCP Servers, and two DNS Servers. You want to centrally managed your DHCP and DNS servers. What should you do?
Install IPAM to manage your DHCP and DNS servers.
You are troubleshooting a network connectivity issue on a Unix system. You're able to connect to remote systems by using their IP address, but you're unable to connect using the hostname. You check the TCP/IP configuration and notice that a DNS server IP address is configured. You decide to run some manual resolution queries to ensure that the communication between the Unix system and the DNS server are working correctly. Which utilities can you use to do this? (Select two.)
dig, nslookup
While troubleshooting network connectivity at your office, you need to check the routing table. Which of the following commands could you use? (Select two.)
tracert, traceroute
Due to wide network expansion, you've decided to upgrade your network by configuring a DHCP server. The network uses Linux, Windows, and Mac OS X client systems. You configure the server to distribute IP addresses from 192.168.2.1 to 192.168.2.100. You use the subnet mask of 255.255.255.0. After you make all the setting changes on the DHCP server, you reboot each client system, but they are not able to obtain an IP address from the DHCP server. Which of the following explains the failure?
You must configure the clients to obtain IP addressing from a DHCP server.
You are the network administrator for Corpnet.xyz. All of the servers run Windows Server 2016. You have installed the IPAM Feature on a server named IPAM1. You configured the server using the manual provisioning method. After you configured the server, management released a new policy that requires all IPAM servers to be provisioned using Group Policy. You need to change the provisioning method of the IPAM1 server. What should you do?
Uninstall and then reinstall the IPAM feature on IPAM1.
Which of the following is true regarding the hot standby DHCP failover mode?
While the backup server is actively handling leases, clients that need to renew an existing IP configuration have the configuration renewed. However, the IP configuration is assigned only for the MCLT duration, not the typical lease time.
You are a systems administrator for WestSim Corporation. As part of a new security initiative, the IT department has developed a custom application that reports the hostname of all clients that try to access three sensitive servers in the accounting department. The application has been working for the last three months. The company expands and adds a new building with a LAN connection to the rest of the network. This building has its own subnet, 192.168.5.0. You create a scope on an existing DHCP server for this subnet. During a random check of the reporting software, you discover that the application reports the IP address but not the hostname for clients on the new subnet. Everything works as designed for hosts on other subnets. You check the DNS database and find that none of the hosts on that subnet have an associated PTR record. What should you do?
Create a primary reverse lookup zone for subnet 192.168.5.0.
You manage a network that has multiple internal subnets. You connect a workstation to the 192.168.1.0/24 subnet. This workstation can communicate with some hosts on the private network, but not with other hosts. You run ipconfig /all and see the following: Ethernet adapter Local Area Connection:Connection-specific DNS Suffix . : mydomain.localDescription . . . . . . . : Broadcom network adapterPhysical Address. . . . . . : 00-AA-BB-CC-74-EFDHCP Enabled . . . . . . . : NoAutoconfiguration Enabled. . . : YesIPv4 Address . . . . . . . : 192.168.1.102(Preferred)Subnet Mask . . . . . . . : 255.255.255.0Default Gateway. . . . . . . . . : 192.168.2.1DNS Servers. . . . . . . . . . . : 192.168.2.20 What is the most likely cause of the problem?
Incorrect default gateway
You're troubleshooting an IP addressing problem and issue a command to view the system's TCP/IP configuration. The command you use produces the following output: fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500inet6 fe80::2a0:83ff:fe30:57a%fxp0 prefixlen 64 scopeid 0x1inet 192.168.1.235 netmask 0xfffffc00 broadcast 255.255.255.255ether 00:a0:83:30:05:7amedia: Ethernet autoselect (100baseTX <full-duplex>)status: activelo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384inet6 ::1 prefixlen 128inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7inet 127.0.0.1 netmask 0xff000000 Which of the following operating systems are you working on?
Linux
You are the network administrator of a network with 90 workstations on a single subnet. Workstations are running Windows 10. All client computers are configured to receive IP address assignments using DHCP. A single Windows 2016 server called SRV1 provides DHCP services and is configured with a single scope, 194.172.64.10 to 194.172.64.254. You want to add a second DHCP server for redundancy and fault tolerance. The existing DHCP server should assign most of the addresses, while the second server will primarily be a backup. You want the two servers to work efficiently together to assign the available addresses. However, you want to do this while using Microsoft's best practices and with as little administrative overhead possible. You install a Windows Server named SRV2 as the secondary server and configure it with the DHCP service. How should you configure the scopes on both servers?
On both servers, set the scope range to 194.172.64.10 to 194.172.64.254. On SRV1, exclude addresses 194.172.64.206 to 194.172.64.254. On SRV2, exclude addresses 192.172.64.10 to 192.172.64.205.
Which of the following DHCP scope options assigns a static IP configuration to a device using that device's MAC address?
Reservation
Examine the following output: Server: to.xct.mirrorxhq.netAddress: 209.53.4.130Name: westxsim.comAddress: 64.78.193.84 Which of the following utilities produced this output?
nslookup
Which TCP/IP utility gives you the following output?
ping
Which command should you use to verify that TCP/IP is correctly installed and configured on the local host?
ping 127.0.0.1