CIS 292 70-410 Chapter Questions
You have a large IP-routed network using the address 137.25.0.0; it is composed of 20 subnets, with a maximum of 300 hosts on each subnet. Your company continues on a merger-and-acquisitions spree, and your manager has told you to prepare for an increase to 50 subnets with some containing more than 600 hosts. Using the existing network address, which of the following subnet masks would work for the requirement set by your manager? A. 255.255.252.0 B. 255.255.254.0 C. 255.255.248.0 D. 255.255.240.0
Answer: A A Class B address with a default subnet mask of 255.255.0.0 will support up to 65,534 hosts. To increase the number of networks that this network will support, you need to subnet the network by borrowing bits from the host portion of the address. The subnet mask 255.255.252.0 uses 6 bits from the host's area, and it will support 64 subnets while leaving enough bits to support 1,022 hosts per subnet. The subnet mask 255.255.248.0 uses 5 bits from the hosts and will support 32 subnetworks while leaving enough bits to support 2,046 hosts per subnet. 255.255.252.0 is the better answer because it leaves quite a bit of room for further growth in the number of networks while still leaving room for more than 1,000 hosts per subnet
You are the administrator of an organization with a single Active Directory domain. A user who left the company returns after 16 weeks. The user tries to log onto their old computer and receives an error stating that authentication has failed. The user's account has been enabled. You need to ensure that the user is able to log onto the domain using that computer. What do you do? A. Reset the computer account in Active Directory. Disjoin the computer from the domain and then rejoin the computer to the domain. B. Run the ADadd command to rejoin the computer account. C. Run the MMC utility on the user's computer, and add the Domain Computers snap-in. D. Re-create the user account and reconnect the user account to the computer account.
Answer: A A computer account and the domain authenticate each other by using a password. The password resets every 30 days. Since the machine has not connected to the domain for 16 weeks, the computer needs to be rejoined to the domain.
Maria is a user who belongs to the Sales distribution global group. She is not able to access the laser printer that is shared on the network. The Sales global group has full access to the laser printer. How do you fix the problem? A. Change the group type to a security group. B. Add the Sales global group to the Administrators group. C. Add the Sales global group to the Printer Operators group. D. Change the Sales group to a local group.
Answer: A Distribution groups are for emails only, and distribution groups cannot be assigned rights and permissions to objects.
GPOs assigned at which of the following level(s) will override GPO settings at the domain level? A. OU B. Site C. Domain D. Both OU and site
Answer: A GPOs at the OU level take precedence over GPOs at the domain level. GPOs at the domain level, in turn, take precedence over GPOs at the site level.
You are the administrator for an organization that has multiple locations. You are running Windows Server 2012 R2, and you have only one domain with multiple OUs set up for each location. One of your locations, Boston, is connected to the main location by a 256Kbps ISDN line. You configure a GPO to assign a sales application to all computers in the entire domain. You have to be sure that Boston users receive the GPO properly. What should you do? A. Disable the Slow Link Detection setting in the GPO. B. Link the GPO to the Boston OU. C. Change the properties of the GPO to publish the application to the Boston OU. D. Have the users in Boston run the GPResult/force command.
Answer: A If the data transfer rate from the domain controller providing the GPO to the computer is slower than what you have specified in the slow link detection setting, the connection is considered to be a slow connection and the application will not install properly.
You are a domain administrator for a large domain. Recently, you have been asked to make changes to some of the permissions related to OUs within the domain. To restrict security for the Texas OU further, you remove some permissions at that level. Later, a junior system administrator mentions that she is no longer able to make changes to objects within the Austin OU (which is located within the Texas OU). Assuming that no other changes have been made to Active Directory permissions, which of the following characteristics of OUs might have caused the change in permissions? A. Inheritance B. Group Policy C. Delegation D. Object properties
Answer: A Inheritance is the process by which permissions placed on parent OUs affect child OUs. In this example, the permissions change for the higher-level OU (Texas) automatically caused a change in permissions for the lowerlevel OU (Austin).
You are the administrator for a Windows Server 2012 R2 network that uses DHCP. You notice that your DHCP database is getting too large, and you want to reduce the size of the database. What should you do? From the folder containing the DHCP database, run A. jetpack.exe dhcp.mdb temp. mdb. B. From the folder containing the DHCP database, run shrinkpack.exe dhcp.mdb temp .mdb. C. From the folder containing the DHCP database, run jetshrink.exe dhcp.mdb temp. mdb. D. From the folder containing the DHCP database, run shrinkjet.exe dhcp.mdb temp. mdb.
Answer: A Microsoft's jetpack.exe utility allows you to compact a JET database. Microsoft JET databases are used for WINS and DHCP databases.
You want to publish a printer to Active Directory. Where would you click in order to accomplish this task? A. The Sharing tab B. The Advanced tab C. The Device Settings tab D. The Printing Preferences button
Answer: A The Sharing tab contains a check box that you can use to list the printer in Active Directory.
Your company is growing dramatically via acquisitions of other companies. As the network administrator, you need to keep up with the changes because they affect the workstations, and you need to support them. When you started, there were 15 locations connected via routers, and now there are 25. As new companies are acquired, they are migrated to Windows Server 2012 R2 and brought into the same domain as another site. Management says that they are going to acquire at least 10 more companies in the next two years. The engineers have also told you that they are redesigning the company's Class B address into an IP addressing scheme that will support these requirements and that there will never be more than 1,000 network devices on any subnet. What is the appropriate subnet mask to support this network when the changes are completed? A. 255.255.252.0 B. 255.255.248.0 C. 255.255.255.0 D. 255.255.255.128
Answer: A The network mask applied to an address determines which portion of that address reflects the number of hosts available to that network. The balance with subnetting is always between the number of hosts and individual subnetworks that can be uniquely represented within one encompassing address. The number of hosts and networks that are made available depends on the number of bits that can be used to represent them. This scenario requires more than 35 networks and fewer than 1,000 workstations on each network. If you convert the subnet masks as described in the chapter, you will see that the mask in option A allows for more than 60 networks and more than 1,000 hosts.
You want to make sure that the hard disk space for your virtual machines is occupied only when needed. What type of virtual hard disk would you recommend? A. Dynamically expanding disk B. Fixed-size disk C. Differencing disk D. Physical or pass-through disk
Answer: A The only virtual hard disk that increases in size is the dynamically expanding disk. Thus, this is the only valid answer to this question. The fixed-size disk creates a disk of the size you specify, the differencing disk is a special disk that stores only the differences between it and a parent disk, and the physical disk uses a physical drive and makes it available to the virtual machine.
You work for a small printing company that has 75 workstations. Most of them run standard office applications such as word processing, spreadsheet, and accounting programs. Fifteen of the workstations are constantly processing huge graphics files and then sending print jobs to industrialsized laser printers. The performance of the network has always been an issue, but you have never addressed it. You have now migrated your network to Windows 8 and Windows Server 2012 R2 and have decided to take advantage of the routing capability built into Windows Server 2012 R2. You choose the appropriate server and place two NICs in the machine, but you realize that you have only one network address, 201.102.34.0, which you obtained years ago. How should you subnet this address to segment the bandwidth hogs from the rest of the network while giving everyone access to the entire network? A. 255.255.255.192 B. 255.255.255.224 C. 255.255.255.252 D. 255.255.255.240
Answer: A The subnet mask 255.255.255.192 borrows 2 bits from the hosts, which allows you to build four separate networks that you can route through the Windows server. This will allow you to have 62 hosts on each segment. A mask of 255.255.255.128 would have been even better, with two subnets of 126 hosts each, but that wasn't an option, and this solution gives you room for growth in the number of subnets. The subnet mask 255.255.255.224 borrows 3 bits from the hosts. This allows you to create 8 networks, which you don't need, and it leaves only enough bits for 30 hosts. The subnet mask 255.255.255.252 borrows 6 bits from the hosts. This allows you to create more than 60 networks, which you don't need, and it leaves only enough bits for 2 hosts.
Andy wants to change the memory of a virtual machine that is currently powered up. What does he need to do? A. Shut down the virtual machine, use the virtual machine's settings to change the memory, and start it again. B. Use the virtual machine's settings to change the memory. C. Pause the virtual machine, use the virtual machine's settings to change the memory, and resume it. D. Save the virtual machine, use the virtual machine's settings to change the memory, and resume it.
Answer: A This question focuses on the fact that you cannot change the memory if the virtual machine is running, paused, or saved. The only valid answer is to shut it down and then change the memory.
You are the administrator for a small organization with four servers. You have one file server named Paniva that runs Windows Server 2012 R2. You have a junior administrator who needs to do backups on this server. You need to ensure that the junior admin can use Windows Server Backup to create a complete backup of Paniva. What should you configure to allow the junior admin to do the backups? A. The local groups by using Computer Management B. A task by using Authorization Manager C. The User Rights Assignment by using the Local Group Policy Editor D. The Role Assignment by using Authorization Manager
Answer: A To allow the junior admin to do backups, their account needs to be part of the Backup Operators local group. To add their account to the local group, you need to use Computer Management.
You are the network administrator for Stellacon Corporation. Stellacon has a Windows Server 2012 R2 machine that needs to be able to communicate with all of the computers on the internal network. Stellacon has decided to add 15 new segments to its IPv6 network. How would you configure the IPv6 address so that the server can communicate with all the segments? A. Configure the IPv6 address as fd00:260:e0ff:dee9:4143/8. B. Configure the IPv6 address as fe80::2b0:00ff:dee9:4143/32. C. Configure the IPv6 address as ff80::2b0:00ff:dee9:4143/64. D. Configure the IPv6 address as fe80::2b0:00ff:dee9:4143/64.
Answer: A When you look at an IPv6 address, the first sections tell you the IPv6 address space prefix. Fdo0::/8 is the unique local unicast prefix, and this allows the server to communicate with all local machines within your intranet.
You are responsible for DNS in your organization. You look at the DNS database and see a large number of older records on the server. These records are no longer valid. What should you do? A. In the zone properties, enable Zone Aging and Scavenging. B. In the server properties, enable Zone Aging and Scavenging. C. Manually delete all of the old records. D. Set Dynamic Updates to None.
Answer: A Windows Server 2012 R2 DNS supports two features called DNS Aging and DNS Scavenging. These features are used to clean up and remove stale resource records. DNS zone or DNS server aging and scavenging flags old resource records that have not been updated in a certain amount of time (determined by the scavenging interval). These stale records will be scavenged at the next cleanup interval.
You are looking at upgrading your Windows Server 2008 R2 Enterprise with SP2 machine to Windows Server 2012 R2. Your organization is considering virtualizing its entire server room, which has 25 servers. To which version of Windows Server 2012 R2 would you upgrade? A. Windows Server 2012 R2 Datacenter B. Windows Server 2012 R2 Standard C. Windows Server 2012 R2 Essentials D. Windows Server 2012 R2 Foundation
Answer: A Windows Server 2012 R2 Datacenter was designed for organizations that are seeking to migrate to a highly virtualized, private cloud environment. Windows Server 2012 R2 Datacenter has full Windows Server functionality with unlimited virtual instances.
You have one Active Directory forest in your organization that contains one domain named Stellacon. com. You have two domain controllers configured with the DNS role installed. There are two Active Directory Integrated zones named Stellacon.com and Stellatest.com. One of your IT members (who is not an administrator) needs to be able to modify the Stellacon.com DNS server, but you need to prevent this user from modifying the Stellatest.com SOA record. How do you accomplish this? A. Modify the permissions of the Stellacon. com zone from the DNS Manager snap-in. B. Modify the permissions of the Stellatest.com zone from the DNS Manager snap-in. C. Run the Delegation Of Control Wizard in Active Directory. D. Run the Delegation Of Control Wizard in the DNS snap-in.
Answer: A You only need to give them rights to the Stellacon. com zone using the DNS snap-in. If they do not have any rights to the Stellatest.com zone, they will not be able to configure this zone in any way.
You are the network administrator for a large company that creates widgets. Management asks you to implement a new Windows Server 2012 R2 system. You need to implement federated identity management. Which of the following will help you do this? A. Active Directory Federation Services B. Active Directory DNS Services C. Active Directory IIS Services D. Active Directory IAS Services
Answer: A You'll need to use Active Directory Federation Services (AD FS) in order to implement federated identity management. Federated identity management is a standards-based and information technology process that will enable distributed identification, authentication, and authorization across organizational and platform boundaries. The AD FS solution in Windows Server 2012 R2 helps administrators address these challenges by enabling organizations to share a user's identity information securely.
You are the network administrator for a large organization that uses Windows Server 2012 R2 domain controllers and DNS servers. All of your client machines currently have the Windows XP operating system. You want to be able to have client computers edit the domain-based GPOs by using the ADMX files that are located in the ADMX Central Store. How do you accomplish this task? (Choose all that apply.) A. Upgrade your clients to Windows 8. B. Upgrade your clients to Windows 7. C. Add the client machines to the ADMX edit utility. D. In the ADMX store, choose the box Allow All Client Privileges.
Answer: A;B If you want your clients to be able to edit domain-based GPOs by using the ADMX files that are stored in the ADMX Central Store, you must be using Windows Vista, Windows 7, Windows 8, or Windows Server 2003/2008/2008 R2/2012/2012 R2.
What are the minimum CPU requirements for running Hyper-V on a machine? (Choose all that apply.) A. An x64-based processor (Intel or AMD). B. Hardware Data Execution Protection (DEP) must be enabled. C. Hardware-assisted virtualization must be enabled. D. The processor must at least have a dual core.
Answer: A;B;C The minimum CPU requirement for running Hyper-V is a x64-based processor (Itanium is not supported), hardware Data Execution Protection must be enabled, and hardware-assisted virtualization must be enabled. There is no minimum requirement for a dual-core processor.
Which of the following are benefits of using Windows Server 2012 R2 Server Core? (Choose all that apply.) A. Reduced management B. Minimal maintenance C. Smaller footprint D. Tighter security
Answer: A;B;C;D All four answers are advantages of using Windows Server 2012 R2 Server Core. Server Core is a smaller installation of Windows Server, and therefore all four answers apply.
A system administrator is planning to implement Group Policy objects in a new Windows Server 2012 R2 Active Directory environment. In order to meet the needs of the organization, he decides to implement a hierarchical system of Group Policy settings. At which of the following levels is he able to assign Group Policy settings? (Choose all that apply.) A. Sites B. Domains C. Organizational units D. Local system
Answer: A;B;C;D GPOs can be set at all of the levels listed. You cannot set GPOs on security principals such as users or groups.
Your company has decided to implement a Windows 2012 R2 server. The company IT manager who came before you always used FAT32 as the system partition. Your company wants to know whether it should move to NTFS. Which of the following are some advantages of NTFS? (Choose all that apply.) A. Security B. Quotas C. Compression D. Encryption
Answer: A;B;C;D Improved security, quotas, compression, and encryption are all advantages of using NTFS over FAT32. These features are not available in FAT32. The only security you have in FAT32 is shared folder permissions.
A system administrator creates a local Printer object, but it doesn't show up in Active Directory when a user executes a search for all printers. Which of the following are possible reasons for this? (Choose all that apply.) A. The printer was not shared. B. The printer is offline. C. The client does not have permission to view the printer. D. The printer is malfunctioning.
Answer: A;C A printer may not show up within Active Directory if the printer has not been shared or if the client does not have permission to view the printer. The printer will appear as an object in Active Directory even if it is offline or malfunctioning.
You are promoting a Windows Server 2012 R2 computer to an Active Directory domain controller for test purposes. The new domain controller will be added to an existing domain. While you are using the Active Directory Installation Wizard, you receive an error message that prevents the server from being promoted. Which of the following might be the cause of the problem? (Choose all that apply.) A. The system does not contain an NTFS partition on which the Sysvol directory can be created. B. You do not have a Windows Server 2012 R2 DNS server on the network. C. The TCP/IP configuration on the new server is incorrect. D. The domain has reached its maximum number of domain controllers.
Answer: A;C The Sysvol directory must be created on an NTFS partition. If such a partition is not available, you will not be able to promote the server to a domain controller. An error in the network configuration might prevent the server from connecting to another domain controller in the environment.
You have been asked to configure a Windows Server 2012 R2 Datacenter Server Core machine. Which remote configuration applications can you use to configure this server from your machine? (Choose all that apply.) A. Windows Remote Management B. Command prompt C. Windows PowerShell D. Microsoft Remote Admin (MRA)
Answer: A;C Windows Remote Management and Windows PowerShell allow an administrator to configure a Windows Server 2012 R2 machine remotely. The command prompt is used locally on a Windows Server 2012 R2 Server Core system, and there is no application called Microsoft Remote Admin (MRA).
On what operating systems can you install the Hyper-V Manager MMC? (Choose all that apply.) A. Windows Server 2008 R2 B. Windows Server 2003 C. Windows XP SP3 D. Windows 7, Windows 8
Answer: A;D The Hyper-V Manager is available only for Windows Server 2008, Windows 7, and Windows 8. There is no version available that runs on Windows Server 2003 or on Windows XP SP3.
For security reasons, you have decided that you must convert the system partition on your removable drive from the FAT32 file system to NTFS. Which of the following steps must you take in order to convert the file system? (Choose two.) A. Run the command CONVERT /FS: NTFS from the command prompt. B. Rerun Windows Server 2008 R2 Setup and choose to convert the partition to NTFS during the reinstallation. C. Boot Windows Server 2008 R2 Setup from the installation CD-ROM and choose Rebuild File System. D. Reboot the computer.
Answer: A;D To convert the system partition to NTFS, you must first use the CONVERT command-line utility and then reboot the server. During the next boot, the file system will be converted.
You create a GPO and link it to the Sales OU. You want to monitor users in the Sales OU who connect to the file server. What type of auditing do you enable? A. Audit Object Access B. Audit Logon Events C. Audit System Events D. Audit Process Tracking
Answer: B Account logon events are created for domain account activity. For example, you have a user who logs onto a server so that they can access files; the act of logging onto the server creates this audit event.
You are the network administrator for the ABC Company. Your network consists of two DNS servers named DNS1 and DNS2. The users who are configured to use DNS2 complain because they are unable to connect to Internet websites. The following table shows the configuration of both servers: DNS1 msdcs.abc. Comabc.com DNS2 . (root) msdcs.abc. Comabc.com The users connected to DNS2 need to be able to access the Internet. What needs to be done? A. Build a new Active Directory Integrated zone on DNS2. B. Delete the . (root) zone from DNS2 and configure conditional forwarding on DNS2. C. Delete the current cache.dns file. D. Update your cache.dns file and root hints.
Answer: B Because of the . (root) zone, users will not be able to access the Internet. The DNS forwarding option and DNS root hints will not be configurable. If you want your users to access the Internet, you must remove the . (root) zone.
You are the network administrator for Stellacon Corporation. Stellacon has two trees in its Active Directory forest, stellacon.com and abc.com. Company policy does not allow DNS zone transfers between the two trees. You need to make sure that when anyone in abc.com tries to access the stellacon. com domain, all names are resolved from the stellacon.com DNS server. What should you do? A. Create a new secondary zone in abc.com for stellacon.com. B. Configure conditional forwarding on the abc.com DNS server for stellacon.com. C. Create a new secondary zone in stellacon.com for abc.com. D. Configure conditional forwarding on the stellacon.com DNS server for abc.com.
Answer: B Conditional forwarding allows you to send a DNS query to different DNS servers based on the request. Conditional forwarding lets a DNS server on a network forward DNS queries according to the DNS domain name in the query.
You are the administrator of your network, which consists of two Windows Server 2012 R2 systems. One of the servers is a domain controller, and the other server is a file server for data storage. The hard drive of the file server is starting to fill up. You do not have the ability to install another hard drive, so you decide to limit the amount of space everyone gets on the hard drive. What do you need to implement to solve your problem? A. Disk spacing B. Disk quotas C. Disk hardening D. Disk limitations
Answer: B Disk quotas allow you to limit the amount of space on a volume or partition. You can set an umbrella quota for all users and then implement individual users' quotas to bypass the umbrella quota.
Rich bought a new server with an Itanium IA-64 processor, 4GB RAM, and a SAN that provides 1TB hard disk space. After installing Windows Server 2012 R2 for Itanium-based systems, he wants to install Hyper-V on this server. Can Hyper-V be installed on this system? A. Yes B. No
Answer: B Hyper-V is not supported on Itanium-based systems; thus, he cannot install it.
You are the administrator for your company, and you are looking at upgrading your Windows Server 2008 web server to Windows Server 2012 R2. Which version of Windows Server 2012 R2 does Microsoft recommend you use? A. Windows Server 2012 R2 Datacenter B.Windows Server 2012 R2 Standard C. Windows Server 2012 R2 Essentials D. Windows Server 2012 R2 Foundation
Answer: B Microsoft recommends that you upgrade your Windows Server 2008 or Windows Server 2008 R2 web server to Windows Server 2012 R2 Standard.
You are the network administrator for a midsize coffee bean distributor. Your company's network has four Windows 2012 R2 servers, and all of the clients are running either Windows 8 or Windows 7. Most of your end users use laptops to do their work, and many of them work away from the office. What should you configure to help them work on documents when away from the office? A. Online file access B. Offline file access C. Share permissions D. NTFS permissions
Answer: B Offline files give you the opportunity to set up files and folders so that users can work on the data while outside the office.
You are the network administrator for your organization. A new company policy states that all inbound DNS queries need to be recorded. What can you do to verify that the IT department is compliant with this new policy? A. Enable Server Auditing - Object Access. B. Enable DNS debug logging. C. Enable server database query logging. D. Enable DNS Auditing - Object Access.
Answer: B On a Windows Server 2012 R2 DNS machine, debug logging is disabled by default. When it is enabled, you have the ability to log DNS server activity, including inbound and outbound queries, packet type, packet content, and transport protocols.
A system administrator wants to ensure that only the GPOs set at the OU level affect the Group Policy settings for objects within the OU. Which option can they use to do this (assuming that all other GPO settings are the defaults)? A. The Enforced option B. The Block Policy Inheritance option C. The Disable option D. The Deny permission
Answer: B The Block Policy Inheritance option prevents group policies of higher-level Active Directory objects from applying to lower-level objects as long as the Enforced option is not set.
You are the network administrator for a large organization that has multiple sites and multiple OUs. You have a site named Sales Site that is for the sales building across the street. In the domain, there is an OU for all salespeople called Sales. You set up a GPO for the Sales Site, and you need to be sure that it applies to the Sales OU. The Sales OU GPOs cannot override the Sales Site GPO. What do you do? A. On the GPO, disable the Block Child Inheritance setting. B. On the GPO, set the Enforce setting. C. On the GPO, set the priorities to 1. D. On the Sales OU, set the Inherit Parent Policy settings.
Answer: B The Enforced option can be placed on a parent GPO, and this option ensures that all lower-level objects inherit these settings. Using this option ensures that Group Policy inheritance is not blocked at other levels.
You are the system administrator responsible for your company's infrastructure. You think you have an issue with name resolution, and you need to verify that you are using the correct hostname. You want to test DNS on the local system and need to see whether the hostname server-1 resolves to the IP address 10.1.1.1. Which of the following actions provides a solution to the problem? A. Add a DNS server to your local subnet. B. Add the mapping for the hostname server-1 to the IP address 10.1.1.1 in the local system's HOSTS file. C. Add an A record to your local WINS server. D. Add an MX record to your local DNS server.
Answer: B The HOSTS file is a text-file-based database of mappings between hostnames and IP addresses. It works like a file-based version of DNS. DNS resolves a hostname to an IP address.
You are a server administrator, and you are trying to save hard drive space on your Windows Server 2012 R2 Datacenter machine. Which feature can help you save hard disk space? A. HDSaver.exe B. Features On Demand C. ADDS D. WinRM
Answer: B Windows Server 2012 R2 Features On Demand allows an administrator not only to disable a role or feature but also to remove the role or feature's files completely from the hard disk.
You are the administrator for the ABC Company. You are looking to install Windows Server 2012 R2, and you need to decide which version to install. You need to install a version of Windows that is just for logon authentication and nothing else. You want the most secure option and cost is not an issue. What should you install? A. Windows Server 2012 R2 Datacenter with GUI B. Windows Server 2012 R2 Datacenter Server Core C. Server 2012 R2 Standard with GUI D. Windows Server 2012 R2 Web Server Core
Answer: B Windows Server 2012 R2 Server Core is a more secure, slimmed-down version of Windows Server. Web versions of Windows Server 2012 R2 are not available. You would use Windows Server 2012 R2 Standard as a web server.
What is the maximum number of domains that a Windows Server 2012 R2 computer configured as a domain controller may participate in at one time? A. Zero B. One C. Two D. Any number of domains
Answer: B A domain controller can contain Active Directory information for only one domain. If you want to use a multidomain environment, you must use multiple domain controllers configured in either a tree or a forest setting.
Your network contains a single Active Directory domain. The domain contains five Windows Server 2008 R2 domain controllers. You plan to install a new Windows Server 2012 R2 domain controller. Which two actions would you need to perform? (Each correct answer presents part of the solution. Choose two.) A. Run adprep.exe /rodcprep at the command line. B. Run adprep.exe / forestprep at the command line. C. Run adprep.exe /domainprep at the command line. D. From Active Directory Domains and Trusts, raise the functional level of the domain. o E. From Active Directory Users and
Answer: B;C You need to run the Adprep command when installing your first Windows Server 2012 R2 domain controller onto a Windows Server 2008 R2 domain. Adprep / rodcprep actually gets the network ready to install a read-only domain controller and not a GUI version.
You are the system administrator of a large organization that has recently implemented Windows Server 2012 R2. You have a few remote sites that do not have very tight security. You have decided to implement read-only domain controllers (RODCs). What forest and function levels does the network need for you to do the install? (Choose all that apply.) A. Windows 2000 Mixed B. Windows 2008 R2 C.Windows 2003 D. Windows 2008
Answer: B;C;D The forest and function levels have to be Windows 2003 or newer to install an RODC.
You work for Carpathian Worldwide Enterprises, which has more than 50 administrative and manufacturing locations around the world. The size of these organizations varies greatly, with the number of computers per location ranging from 15 to slightly fewer than 1,000. The sales operations use more than 1,000 facilities, each of which contains 2 to 5 computers. Carpathian is also in merger talks with another large organization. If the merger materializes as planned, you will have to accommodate another 100 manufacturing and administrative locations, each with a maximum of 600 computers, as well as 2,000 additional sales facilities. You don't have any numbers for the future growth of the company, but you are told to keep growth in mind. You decide to implement a private addressing plan for the entire organization. More than half of your routers don't support variablelength subnet masking. Which subnet masks would work for this situation? (Choose all that apply.) A. 255.255.224.0 B. 255.255.240.0 C. 255.255.248.0 D. 255.255.252.0
Answer: B;C;D When you add up the locations that currently need to be given a network address, the total is 3,150, and the maximum number of hosts at any one of these locations is fewer than 1,000. The subnet masks need to support those requirements. Assuming that you choose the Class A private address space 10.0.0.0/8, the subnet masks given in options B, C, and D will provide the address space to support the outlined requirements. The subnet mask 255.255.240.0 supports more than 4,000 subnets and more than 4,000 hosts. The subnet mask 255.255.248.0 supports more than 8,000 subnets and more than 2,000 hosts. The subnet mask 255.255.252.0 supports more than 16,000 subnets and more than 1,000 hosts.
You are the network administrator for your organization. A new company policy has been released wherein if a user enters their password incorrectly 3 times within 5 minutes, they are locked out for 30 minutes. What three actions do you need to set to comply with this policy? (Choose all that apply.) A. Set Account Lockout Duration to 5 minutes. B. Set Account Lockout Duration to 30 minutes. C. Set the Account Lockout Threshold setting to 3 invalid logon attempts. D. Set the Account Lockout Threshold setting to 30 minutes. E. Set the Reset Account Lockout Counter setting to 5 minutes. F. Set the Reset Account Lockout Counter setting to 3 times.
Answer: B;C;E The Account Lockout Duration setting states how long an account will be locked out if the password is entered incorrectly. Account Lockout Threshold is the number of bad password attempts, and Account Lockout Counter is the time in which the bad password attempts are made. Once the Account Lockout Counter value reaches 0, the number of bad password attempts returns to 0.
On which of the following x64 editions of Windows Server 2012 R2 does Hyper-V run? (Choose all that apply.) A. Windows Server 2012 R2 Web Edition B. Windows Server 2012 R2 Standard Edition C. Windows Server 2012 R2 Itanium Edition D. Windows Server 2012 R2 Datacenter Edition
Answer: B;D Hyper-V can be installed on the Standard or Datacenter Editions of Windows Server 2012 R2. Itanium, x86, and Web Editions are not supported.
You ask one of your technicians to get the IPv6 address of a new Windows Server 2012 R2 machine, and she hands you a note with FE80::0203:FFFF:FE11:2CD on it. What can you tell from this address? (Choose two.) A. This is a globally unique IPv6 address. B. This is a link-local IPv6 address. C. This is a multicast IPv6 address. D. In EUI-64 format, you can see the MAC address of the node. E. In EUI-64 format, you can see the IPv4 address of the node.
Answer: B;D If the first word of an IPv6 address is FE80 (actually the first 10 bits of the first word yields 1111 1110 10 or FE80:: 7/10), then the address is a link-local IPv6 address. If it's in EUI-64 format, then the MAC address is also available (unless it's randomly generated). The middle FF:FE is the filler and indicator of the EUI-64 space, with the MAC address being 00:03:FF:11:02:CD. Remember also the 00 of the MAC becomes 02 in the link-local IPv6 address, flipping a bit to call it local.
Windows Server 2012 R2 requires the use of which of the following protocols or services in order to support Active Directory? (Choose two.) A. DHCP B. TCP/P C. NetBEUI D. IPX/SPX E. DNS
Answer: B;E The use of LDAP and TCP/IP is required to support Active Directory. TCP/IP is the network protocol favored by Microsoft, which determined that all Active Directory communication would occur on TCP/IP. DNS is required because Active Directory is inherently dependent on the domain model. DHCP is used for automatic address assignment and is not required. Similarly, NetBEUI and IPX/SPX are not available network protocols in Windows Server 2012 R2.
Alexis is a system administrator for an Active Directory environment that contains four domains. Recently, several managers have reported suspicions about user activities and have asked her to increase security in the environment. Specifically, the requirements are as follows: - Audit changes to User objects that are contained within a specific OU. - Allow a special user account called Audit to view and modify all security-related information about objects in that OU. Which of the following steps should Alexis take to meet these requirements? (Choose all that apply.) A. Convert all volumes on which Active Directory information resides to NTFS. B. Enable auditing with the Active Directory Users and Computers tool. C. Create a new Active Directory domain and create restrictive permissions for the suspected users within this domain. D. Reconfigure trust settings using the Active Directory Domains and Trusts tool.
Answer: B;E;F The first step is to enable auditing. With auditing enabled, Alexis can specify which actions are recorded. To give permissions to the Audit user account, she can use the Delegation of Control Wizard.
You are the network administrator for a large company that has one main site and one branch office. Your company has a single Active Directory forest, ABC.com. You have a single domain controller (ServerA) in the main site that has the DNS role installed. ServerA is configured as a primary DNS zone. You have decided to place a domain controller (ServerB) in the remote site and implement the DNS role on that server. You want to configure DNS so that, if the WAN link fails, users in both sites can still update records and resolve any DNS queries. How should you configure the DNS servers? A. Configure Serverb as a secondary DNS server. Set replication to occur every five minutes. B. Configure Serverb as a stub zone. C. Configure ServerB as an Active Directory Integrated zone and convert ServerA to an Active Directory Integrated zone. D. Convert ServerA to an Active Directory Integrated zone and configure Serverb as a secondary zone.
Answer: C Active Directory Integrated zones store their records in Active Directory. Because this company has only one Active Directory forest, it's the same Active Directory that both DNS servers are using. This allows ServerA to see all of the records of ServerB and ServerB to see all the records of ServerA.
You are the administrator of an organization with a single Active Directory domain. One of your senior executives tries to log onto a machine and receives the error "This user account has expired. Ask your administrator to reactivate your account." You need to make sure that this doesn't happen again to this user. What do you do? A. Configure the domain policy to disable account lockouts. B. Configure the password policy to extend the maximum password age to 0. C.Modify the user's properties to set the Account Never Expires setting. D. Modify the user's properties to extend the maximum password age to 0.
Answer: C Checking the box Account Never Expires will prevent this user's account from expiring again.
You are the IT manager for a large organization. One of your co-workers installed a new Windows Server 2012 R2 Datacenter Server Core machine, but now the IT team has decided that it should be a Windows Server 2012 R2 Datacenter with GUI. What should you do? A. Reinstall Windows Server 2012 R2 Datacenter Server Core on the same machine. B. Install a new machine with Windows Server 2012 R2 Datacenter Server Core. C. Convert the current Windows Server 2012 R2 Datacenter Server Core to the Windows Server 2012 R2 Datacenter with GUI version. D. Dual-boot the machine with both Windows Server 2012 R2 Datacenter Server Core and Windows Server 2012 R2 Datacenter with GUI.
Answer: C One of the new advantages of Windows Server 2012 R2 is that you can convert Server Core and GUI versions without the need to reinstall the operating system files completely.
How do you add a physical disk to a virtual machine? A. Use the Virtual Hard Disk Wizard. B. Use the Edit Virtual Hard Disk Wizard. C. Use the virtual machine's settings. D. Use the New Virtual Machine Wizard.
Answer: C Physical hard disks cannot be configured using the Virtual Hard Disk Wizard, the Edit Virtual Hard Disk Wizard, or the New Virtual Machine Wizard. You can configure and attach a physical disk only by using the virtual machine's settings.
Which of the following subnet masks are represented with the CIDR of /27? A. 255.255.255.254 B. 255.255.255.248 C. 255.255.255.224 D. 255.255.255.240
Answer: C The CIDR /27 tells you that 27 Is are turned on in the subnet mask. Twenty-seven ls equals 11111111.11111111.11111111.11100000. This would then equal 255.255.255.224. The network address 192.168.11.192 with a subnet mask of 255.255.255.224 is perfect for Subnet A because it supports up to 30 hosts. The network address 192.168.11.128 with a subnet mask of 255.255.255.192 is perfect for Subnet B because it supports up to 62 hosts. The network address 192.168.11.0 with a subnet mask of 255.255.255.128 is perfect for Subnet C because it supports up to 126 hosts.
You are hired as a consultant to the ABC Company. The owner of the company complains that she continues to have desktop wallpaper that she did not choose. When you speak with the IT team, you find out that a former employee created 20 GPOs and they have not been able to figure out which GPO is changing the owner's desktop wallpaper. How can you resolve this issue? A. Run the RSoP utility against all forest computer accounts. B. Run the RSoP utility against the owner's computer account. C. Run the RSoP utility against the owner's user account. D. Run the RSoP utility against all domain computer accounts.
Answer: C The Resultant Set of Policy (RSoP) utility displays the exact settings that apply to individual users, computers, OUs, domains, and sites after inheritance and filtering have taken effect. Desktop wallpaper settings are under the User section of the GPO, so you would run the RSoP against the user account.
Your IT team has been informed by the compliance team that it needs copies of the DNS Active Directory Integrated zones for security reasons. You need to give the Compliance department a copy of the DNS zone. How should you accomplish this goal? A. Run dns cmd / zonecopy. B. Run dns cmd / zoneinfo. C. Run dns cmd / zoneexport. D. Run dns cmd / zonefile.
Answer: C The dnscmd / zoneexport command creates a file using the zone resource records. This file can then be given to the Compliance department as a copy.
You want to build a test environment based on virtual machines on a single Windows Server 2012 R2 machine, but you also want to make sure that the virtual machines communicate only with each other. What type of virtual network do you need to configure? A. External B. Internal only C. Private virtual machine network D. Public virtual machine network
Answer: C The external virtual network type will allow the virtual machine to communicate with the external network as it would with the Internet, so A is wrong. The internal-only network type allows communication between the virtual machines and the host machine. Because the question says that only communication between the virtual machines should be allowed, the only valid answer is private virtual machine network. The last option, public virtual machine network, does not exist in Hyper-V.
You are the network administrator for a midsize organization that has installed Windows Server 2012 R2 onto the network. You are thinking of moving all machines to Windows 8 and IPv6. You decide to set up a test environment with four subnets. What type of IPv6 addresses do you need set up? A. Global addresses B. Link-local addresses C. Unique local addresses D. Site-local addresses
Answer: C The unique local address can be FC00 or FDO0, and it is used like the private address space of IPv4. Unique local addresses are not expected to be routable on the global Internet, but they are used for private routing within an organization.
What statement is correct for an external virtual network? A. The virtual machines can communicate with each other and with the host machine. B. The virtual machines can communicate with each other only. C. The virtual machines can communicate with each other, with the host machine, and with an external network. D. The virtual machines cannot communicate with each other.
Answer: C The virtual network type in which the machines communicate with each other and with the host machine is called internal only. In a private virtual network, the virtual machines can communicate only with each other, not with the network or the host machine. The external network type defines a network where the virtual machines can communicate with each other, with the host machine, and with an external network like the Internet.
What is the command to install Hyper-V on a Windows Server 2008 machine that was installed in Server Core? A. start /w Ocsetup Hyper-V B. start /w Ocsetup microsoft-hyper-V C. start /w ocsetup Microsoft-Hyper-V D. start /w Ocsetup hyper-V
Answer: C This question relates to the setup command used to install the Hyper-V server role on a Windows Server 2008 Server Core machine. It's important to remember that these commands are case sensitive and that the correct command is start /wocsetup Microsoft-Hyper-V, which is option C. All of the other commands will fail to install Hyper-V on a Server Core machine. If you were using a Windows Server 2012 R2 machine, you would use the DISM command.
You have been hired to help a small company set up its Windows network. It has 20 users, and it has no plans to expand. What version of Windows Server 2012 R2 would you recommend? A. Windows Server 2012 R2 Datacenter B. Windows Server 2012 R2 Standard C. Windows Server 2012 R2 Essentials D. Windows Server 2012 R2 Foundation
Answer: C Windows Server 2012 R2 Essentials is ideal for small businesses that have as many as 25 users and 50 devices. It has a simple interface, preconfigured connectivity to cloud-based services, and no virtualization rights.
What type of domain controller would you install into an area where physical security is a concern? A. Primary domain controller B. Backup domain controller C. Read-only domain controller D. Locked-down domain controller
Answer: C Windows Server 2012 R2 has a type of domain controller called a read-only domain controller (RODC). This gives an organization the ability to install a domain controller in an area or location (onsite or offsite) where security is a concern.
You are the network administrator for a small company with two DNS servers: DNS1 and DNS2. Both DNS servers reside on domain controllers. DNS1 is set up as a standard primary zone, and DNS2 is set up as a secondary zone. A new security policy was written stating that all DNS zone transfers must be encrypted. How can you implement the new security policy? A. Enable the Secure Only setting on DNS1. B. Enable the Secure Only setting on DNS2. C. Configure Secure Only on the Zone Transfers tab for both servers. D. Delete the secondary zone on DNS2. Convert both DNS servers to use Active Directory Integrated zones.
Answer: D Active Directory Integrated zones give you many benefits over using primary and secondary zones including less network traffic, secure dynamic updates, encryption, and reliability in the event of a DNS server going down. The Secure Only option is for dynamic updates to a DNS database.
You have been hired by a small company to implement new Windows Server 2012 R2 systems. The company wants you to set up a server for users' home folder locations. What type of server would you be setting up? A. PDC server B. Web server C. Exchange server D. File server
Answer: D File servers are used for storage of data, especially for users' home folders. Home folders are folder locations for your users to store data that is important and that needs to be backed up.
You work for an organization with a single Windows Server 2012 R2 Active Directory domain. The domain has ОUs for Sales, Marketing, Admin, R&D, and Finance. You need only the users in the Finance OU to get Windows Office 2013 installed automatically onto their computers. You create a GPO named OfficeApp. What is the next step in getting all of the Finance users Office 2013? A. Edit the GPO, and assign the Office application to the user's account. Link the GPO to the Finance OU. B. Edit the GPO, and assign the Office application to the user's account. Link the GPO to the domain. C. Edit the GPO, and assign the Office application to the computer account. Link the GPO to the domain. D. Edit the GPO, and assign the Office application to the computer account. Link the GPO to the Finance OU.
Answer: D If you assign an application to a user, the application does not get automatically installed. To have an application installed automatically, you must assign the application to the computer account. Since Finance is the only OU that should receive this application, you would link the GPO to Finance only.
A system administrator is trying to determine which file system to use for a server that will become a Windows Server 2012 R2 file server and domain controller. The company has the following requirements: • The file system must allow for file-level security from within Windows 2012 R2 Server. • The file system must make efficient use of space on large partitions. • The domain controller Sysvol must be stored on the partition. Which of the following file systems meets these requirements? Α. FAT B. FAT32 C.HPFS D. NTFS
Answer: D NTFS has file-level security, and it makes efficient usage of disk space. Since this machine is to be configured as a domain controller, the configuration requires at least one NTFS partition to store the Sysvol information.
You have a server named SRV1 that runs Windows Server 2012 R2. You want to remove Windows Explorer, Windows Internet Explorer, and all components and files from this machine. Which command should you run? A. msiexec.exe /uninstall iexplore.exe /x B. msiexec.exe /uninstall explorer.exe /x C. Uninstall-WindowsFeature Server-Gui-Mgmt-Infra Remove D. Uninstall-WindowsFeature Server-Gui-Shell Remove
Answer: D New to Windows Server 2012 R2, an administrator has the ability to turn a Windows GUI installation into a Server Core installation.
You are the network administrator for a Windows Server 2012 R2 network. You have multiple remote locations connected to your main office by slow satellite links. You want to install DNS into these offices so that clients can locate authoritative DNS servers in the main location. What type of DNS servers should be installed in the remote locations? A. Primary DNS zones B. Secondary DNS zones C. Active Directory Integrated zones D. Stub zones
Answer: D Stub zones are useful for slow WAN connections. These zones store only three types of resource records: NS records, glue host (A) records, and SOA records. These three records are used to locate authoritative DNS servers.
You are the primary system administrator for a large Active Directory domain. Recently, you have hired another system administrator upon whom you intend to offload some of your responsibilities. This system administrator will be responsible for handling help desk calls and for basic user account management. You want to allow the new employee to have permissions to reset passwords for all users within a specific OU. However, for security reasons, it's important that the user not be able to make permissions changes for objects within other OUs in the domain. Which of the following is the best way to do this? A. Create a special administration account within the OU and grant it full permissions for all objects within Active Directory. B. Move the user's login account into the OU that the new employee is to administer. C Move the user's login account to an OU that contains the OU (that is, the parent OU of the one that the new employee is to administer). D. Use the Delegation of Control Wizard to assign the necessary permissions on the OU that the new employee is to administer.
Answer: D The Delegation of Control Wizard is designed to allow administrators to set up permissions on specific Active Directory objects.
You are the network administrator for a midsize computer company. You have a single Active Directory forest, and your DNS servers are configured as Active Directory Integrated zones. When you look at the DNS records in Active Directory, you notice that there are many records for computers that do not exist on your domain. You want to make sure that only domain computers register with your DNS servers. What should you do to resolve this issue? A. Set dynamic updates to None. B. Set dynamic updates to Nonsecure And Secure. C. Set dynamic updates to Domain Users Only. D. Set dynamic updates to Secure Only.
Answer: D The Secure Only option is for DNS servers that have an Active Directory Integrated zone. When a computer tries to register with DNS dynamically, the DNS server checks Active Directory to verify that the computer has an Active Directory account. If the computer that is trying to register has an account, DNS adds the host record. If the computer trying to register does not have an account, the record gets tossed away, and the database is not updated.
Your company consists of a single Active Directory forest. You have a Windows Server 2012 R2 domain controller that also has the DNS role installed. You also have a Unix-based DNS server at the same location. You need to configure your Windows DNS server to allow zone transfers to the Unixbased DNS server. What should you do? A. Enable BIND secondaries. B. Configure the Unix machine as a stub zone. C. Convert the DNS server to Active Directory Integrated. D. Configure the Microsoft DNS server to forward all requests to the Unix DNS server.
Answer: D The Secure Only option is for DNS servers that have an Active Directory Integrated zone. When a computer tries to register with DNS dynamically, the DNS server checks Active Directory to verify that the computer has an Active Directory account. If the computer that is trying to register has an account, DNS adds the host record. If the computer trying to register does not have an account, the record gets tossed away, and the database is not updated.
You need to create a new user account using the command prompt. Which command would you use? A. dsmodify B. dscreate C. dsnew D. dsadd
Answer: D The dsadd command allows you to add an object (user's account) to the Active Directory database.
You are the network administrator for ABC Company. You have an IPv6 prefix of 2001:DB8:BBCC:0000::/53, and you need to set up your network so that your IPv6 addressing scheme can handle 1,000 more subnets. Which network mask would you use? A. 160 B. 161 C. 162 D. 163 E. 164
Answer: D To calculate the network mask, you need to figure out which power number (28) is greater than or equal to the number you need. Since you are looking for 1000, 210 = 1024. You then add the power (10) to the current network mask (53 + 10 = 63).
To disable GPO settings for a specific security group, which of the following permissions should you apply? A. Deny Write B. Allow Write C. Enable Apply Group Policy D. Deny Apply Group Policy
Answer: D To disable the application of Group Policy on a security group, you should deny the Apply Group Policy option. This is particularly useful when you don't want GPO settings to apply to a specific group, even though that group may be in an OU that includes the GPO settings.
You have been hired to help a small company set up its first Windows network. It has had the same 13 users for the entire two years it has been open, and the company has no plans to expand. What version of Windows Server 2012 R2 would you recommend? A. Windows Server 2012 R2 Datacenter B. Windows Server 2012 R2 Standard C. Windows Server 2012 R2 Essentials D. Windows Server 2012 R2 Foundation
Answer: D Windows Server 2012 R2 Foundation was designed for smaller companies that need a Windows Server experience for as few as 15 users. Windows Server 2012 R2 Foundation is general-purpose server with basic server functionality and no virtualization rights.
Ann is a system administrator for a medium-sized Active Directory environment. She has determined that several new applications that will be deployed throughout the organization use registry-based settings. She would like to do the following: - Control these registry settings using Group Policy - Create a standard set of options for these applications and allow other system administrators to modify them using the standard Active Directory tools Which of the following options can she use to meet these requirements? (Choose all that apply.) A. Implement the inheritance functionality of GPOs. B. Implement delegation of specific objects within Active Directory. C. Implement the No Override functionality of GPOs. D. Create administrative templates.
Answer: D;E Administrative templates are used to specify the options available for setting Group Policy. By creating new administrative templates, Ann can specify which options are available for the new applications. She can then distribute these templates to other system administrators in the environment.
