Server Pro 1,2,3,4,5,7,8

You have a Nano Server virtual hard disk image named DNS23-Nano.vhdx. You are now creating a virtual machine that will use the virtual hard disk. Click on the option you must use to connect this virtual machine to the DNS23-Nano.vhdx virtual hared disk image.

(Select) Use an existing virtual hard disk

You would like to prevent users from running any software with .exe or.com extensions on computers in the domain unless they have been digitally signed. The rule should apply to all known and unknown software. How should you configure this rule in AppLocker?

Configure an executable rule with a publisher condition.

When you initially created your external virtual switch in Hyper-v manager,m you configure the virtual machines connected to directly use the broadcom netxtreme 57xx Gigabit controller installed on the host instead of a virtual network adapter. you create a new vm and connect it to external switch. Now you need to enable vm to switch adapter on the host. Click the option you would use in the virtual machine's settings to do this.

Enable SR-IOV (bottom)

You completeted the installation of a new Nano server. you are now at the Nano server's initial configuration interface. Which of the following management tasks can you perform from the initial configuration interface? (Select three.)

Enable Windows Remote Management. Configure inbound and outbound firewall rules. Configure basic network settings.

You are configuring a new external virtual switch in your hyper-v host. You want the virtual machines running on the host to be able to use the physical network adapter installed in the system instead of virtual network interfaces. Click the option you would use to configure the virtual switch in this manner.

Enable single-root I/O virtualization (SR-IOV)

You manage 20 Windows workstations in your domain. You want to prevent the sales team members from making system changes. Whenever a change is initiated, you want to allow only those who can enter administrator credentials to be able to make the change. What should you do?

Configure the User Account Control: Behavior of the elevation prompt for standard users settings in Group Policy to prompt for credentials.

Which NIC Teaming configuration option uses the IEEE 802.1ax Link Aggregation Control Protocol (LACP) to identify the links that form the team?

Dynamic teaming

Virtualization is the ability to install and urn multiple operating systems concurrently on a single physical machine. windows virtualization includes several standard components. Drag the component on the left to the appropriate description on the right.

A file that resides within the host operating system and serves a storage device for the virtual machines - Virtual Hard Disk (VHD) A thin layer of software that resides between the guest operating system and the hardware - Hypervisor The guest operating system that is a software implementation of a computer that executes programs - Virtual Machine The host operating system that has hardware, such as storage devices, RAM, and a motherboard - Physical Machine Appears to be self-contained and autonomous system - Virtual Machine Allows virtual machines to interact with the hardware without going through the host operating system - Hypervisor

You are configuring a NIC Team on a Windows Server system using two physical network adapters in the system. You want the new team to aggregate the throughput of both network adapters to increase performance. You want to configure the team such that all packets from the same stream are sent to the same network adapter in the team. From the drop-down list, select the load balancing mode you need to choose to implement this configuration.

Address Hash

Click on the user right policy that is used to grant a user local access to the desktop of a Windows Server.

Allow log on locally

You are configuring a new external virtual switch in your hyper-v host. The host has two physical network interfaces installed. You want the physical host to exclusively use one network interface and virtual machines running on the host to exclusively use the other. Click the option you would use to configure the virtual switch in this manner.

Allow management operating system to share this network adapter

You are the network administrator for eastsim.com. The network consists of one Active Directory domain. You have been instructed to map a drive to a department share for all users. The company no longer uses login scripts, so you must ensure that the department share is mapped using Group Policy. What should you do?

Configure a Drive Maps policy in a GPO linked to the domain.

You are the network administrator for westsim.com. The network copnsists of a single Active Directory domain. You have enabled outbound filtering for publiuc networks in the windows firewall with advanced security node of a group policy that applies to member servers. APP1 hosts wewbb app named application 1 that contacts server on internet port 735. Installed on APP1, unable to contact source server. What should you do?

Configure a custom outbound rule server is making a connection, so outbound

The Large Block Corporation has a network with three subnets. The network has a DNS server that provides name resolution. Stacy has been asked to implement a DHCP solution for her network. Currently, all hosts use manually configured static IP addresses. She installs a DHCP server and configures it to deliver IP address, default gateway, and DNS server configuration information. What must Stacy do at each client to complete the configuration? (Select two.)

Configure each host to obtain DNS server address automatically Configure each host to obtain an IP address automatically

You are in charge of managing several servers. Your company requires many custom firewall rules in Windows Firewall with Advanced Security. What should you do?

Configure firewall settings in Group Policy. Apply the GPO so that it applies to all applicable servers

You have a single router with three subnets as follows: - SubnetA = 60 hosts - SubnetB = 25 hosts - SubnetC = 31 hosts Which mask values should you use?

SubnetA = 172.22.16.64 255.255.255.192 SubnetB = 172.22.19.32 255.255.255.224 SubnetC = 172.22.19.192 255.255.255.192 make sure it is valid on the subnet

You have a single router with three subnets as follows: - SubnetA = 50 hosts - SubnetB = 15 hosts - SubnetC = 65 hosts Which mask values should you use?

SubnetA = 255.255.255.192 SubnetB = 255.255.255.224 SubnetC = 255.255.255.128 26 bits = 62 hosts 27 bits = 30 hosts 25 bits = 128 hosts

You are configuring a NIC team that is being used for failover only and not bandwidth aggregation. Which NIC teaming configuration must you use?

Switch-independent teaming

You have completed the installation of Windows Server 2016. Which of the following tasks is best to perform before joining the server to an Active Directory domain?

Change the computer name.

Which of the following actions will display a menu that will allow you to start Device Manager?

Right-click the Start button.

Which of the following PowerShell cmdlets is used to retrieve information about an existing object?

get

You have a laptop that you use for remote administration from home and while traveling. The laptop has been joined to the domain using the name of admin remote. The processor in your laptop overheats one day, causing extensive damage. Rather than repair the computer, you purchase a new one. The computer arrives, and you edit the system properties and name it AdminRemote. When you try to join the computer to the domain, you receive an error message and are unable to proceed. You want the new computer to be joined to the domain using the same name as the old computer. Wh\at commands should you run?

netdom reset and then netdom join

You are using DISM to apply a Windows update to an existing image. Following are the details you need to know to perform this task: • Image mount directory: C:\images\win10mount • Update file location: C:\images • Update file name: Windows 10 Update.cab (Note: a typical Windows update file name is much longer than the generic name being used here.) From the drop-down list, select the parameter that is needed to fill in the blank in the following command: dism /image:c:\images\win10mount /add-package __________________

packagepath:"c:\images\Windows 10 Update.cab"

After completing a Server Core deployment on a new server, you need to prepare the server to be joined to an Active Directory domain by completing the following tasks: • Change the name of the computer to something that fits your server naming rules. • Set the time and time zone to match your local time zone. • Assign a static IP address to the server. Which of the following is a server configuration utility you can use to perform these tasks?

sconfig

You are ready to export the DHCP role migration file from the FS1 server to the local C:\Temp folder so it can be migrated to the FS10 server. Both servers are running Windows Server 2016, and both have the Windows Server Migration Tools (WSMT) feature installed. You have determined that the ID of the DHCP role is DHCP. From the drop-down list, fill in the blank with the parameter that is missing from the following command: Export -SmigServerSetting ___________ -Path C:\Temp\DHCP

-FeatureID DHCP

You completed the installation of a new Nano server. You are now at the Nano server's initial configuration interface. Which of the following management tasks can you perform from the initial configuration interface? (Select three.)

-Configure inbound and outbound firewall rules. -Configure basic network settings. -Enable Windows Remote Management.

You are the administrator of the westsim.com domain. Within the domain, you have OUs for the accounting, manufacturing, sales, and administration departments. You also have smaller OUs within each department OU, such as the ITAdmins OU in the Administration OU. You need to follow the principle of least privilege as you use the delegation of control wizard to complete the following: - Give one user in each OU the rights necessary to manage user accounts in their OU - Give your assistants in the ITAdmins group rights to nmanbage passwords for all users in the domain. Which of the following approaches can you use as you delegate control? (Select two.)

-Create a UnderAdmin group in each department OU -Make the user in each OU a member of the USerAdmin group -In each department OU, delegate control the the UserAdmin group to perform user account tasks -Create a PasswordAdmin group in the ITAdmins OU -Make your assistants members of the PasswordAdmin group -In the westsim.com domain, delegate control to the PasswordAdmin group to perform password tasks

You are creating a Nano Server image as a virtual machine that you plan to use as a DNS server. You will use the New-NanoServerImage cmdlet to perform this task. Following are the details you need to know to generate this image: -Nano server edition: Standard -Computer name: DNS23-Nano -Image location and name: C:\NanoHardDisks\DNS23-Nano.vhdx -Installation media location: F:\ -Temporary file location: C:\Temp -Package name: Microsoft-NanoServer-DNS-Package Drag the details listed on left to the appropriate New-NanoServerImage cmdlet options on the right.

-Edition Standard -MediaPath F:\ -BasePath C:\Temp -TargetPath C:\NanoHardDisks\DNS23-Nano.vhdx -DeploymentType Guest -ComputerName DNS23-Nano -Package Microsoft-NanoServer-DNS-Package

You are creating a Nano Server image as a virtual machine that you plan to use as a DNS server. You will use the New-NanoServerImage cmdlet to perform this task. Following are the details you need to know to generate this image: • Nano Server edition: Standard • Computer name: DNS23-Nano • Image location and name: C:\NanoHardDisks\DNS23-Nano.vhdx • Installation media location: F:\ • Temporary file location: C:\Temp • Package name: Microsoft-NanoServer-DNS-Package Drag the details listed on left to the appropriate New-NanoServerImage cmdlet options on the right.

-Edition-Standard -MediaPath-F:\ -BasePath-C:\Temp -TargetPath-C:\NanoHardDisks\DNS23-Nano.vhdx -DeploymentType-Guest -ComputerName-DNS23-Nano -Package-Microsoft-NanoServer-DNS-Package

You are at the PowerShell command line preparing to install the Telnet Client feature on the server. You enter the get-windowsfeature command, and you see the following information about the Telnet Client feature: • Display Name: Telnet Client • Name: Telnet-Client • Install State: Available This gives you the information you need to enter the command that will install the Telnet Client feature. Fill in the blank with the part of the command that is missing: install-windowsfeature ______________________ -Restart

-Name Telnet-Client

You have created a Nano Server virtual hard disk image named DNS23-Nano.vhdx. You are now creating a virtual machine that will use this virtual hard disk. Click on the option you must use to connect this virtual machine to the DNS23-Nano.vhdx virtual hard disk image.

-Use an existing virtual hard disk -Attach a virtual hard disk later

You are using DISM to mount an image file so you can change some settings in the image before deploying it. Following are the details you need to know about this image before you can mount it: -Image directory and file name: C:\images\win10install.wim -Image index: 2 -Target mount directory: C:\images\win10mount From the drop-down list, select the parameter that is needed to fill in the blank in the following command: dism\mount-win /wimfile:c:\images\win10install.wim /index:2

/mountdir:c:\images\win10mount

You are using DISM to mount an image file so you can change some settings in the image before deploying it. Following are the details you need to know about this image before you can mount it: • Image directory and file name: C:\images\win10install.wim • Image index: 2 • Target mount directory: C:\images\win10mount From the drop-down list, select the parameter that is needed to fill in the blank in the following command:

/mountdir:c:\images\win10mount

You are using DISM to apply a Windows update to an existing image. Following are the details you need to know to perform this task: -Image mount directory: C:\images\win10mount -Update file location: C:\images -Update file name: Windows 10 Update.cab (Note: a typical Windows update file name is much longer that the generic name being used here.) From the drop-down list, select the parameter that is needed to fill in the blank in the following command: dism/image:c:\images\win10mount /add-package

/packagepath:"c:\images\Windows 10 Update.cab"

You are creating a DSC configuration that will be used to install the IIS Web server on various servers on the network. In the script below, click the line that creates a consumable MOF file.

001 Configuration AddIIS

You are creating a DSC configuration that will be used to install the IIS Web server on various servers on the network. In the script below, click the line that installs the Web Server role on the target server.

007 WindowsFeature IIS

You manage two small remote networks, one in Portland and one in Seattle. Both sites are connected to the Internet through a single Windows server using NAT. Both sites use IPv6. Want to enable hosts to communicate through the internet. Want to use site-to-site tunneling. Which strategies would accomplish your goal? (Select two.)

6to4 tunneling Manually configured tunneling

Why is Nano Server sometimes referred to as a headless deployment?

A Nano Server deployment provides practically no user interface

Why is Nano Server sometimes referred to as a headless deployment?

A Nano Server deployment provides practically no user interface.

Drag the type of server software listed on the left to its appropriate description on the right.

1.A set of software features that provides a specific server function.""-Role"" 2.A software program that adds functionality to all server functions.""-Feature"" 3.A specific program that adds functions to a role.""-Role Service""

You are installing Windows Server 2016 on a system that has a used hard drive that contains important data. The hard drive does not contain any operating system files. Which steps must you perform to complete this installation and save the data? (Select two.)

1.Back up the data to another drive. 2.Use the Custom installation type

Which Windows editions are not available in Windows Server 2012? (Select two.)

1.Enterprise 2.Small Business Server

You are currently working in the desktop environment on a Windows Server 2012 system and need to display the Charms panel. What should you do? (Select two. Each option is a complete solution.)

1.Hover the mouse over the lower-right corner of the screen. 2.Hover the mouse over the upper-right corner of the screen.

You are in the process of migrating the DHCP role from the FS1 server to the FS10 server. Both servers are running Windows Server 2016, and both have the Windows Server Migration Tools (WSMT) feature installed. You have exported the DHCP configuration on FS1 into a migration file. Which steps do you have to perform to

1.Install the DHCP role on FS10 and authorize it as a DHCP server. 2.Copy the migration file to a folder accessible to the FS10 server.

You are currently working in the desktop environment on a Windows Server 2012 system and need to switch to the Start screen. What should you do? (Select two. Each option is a complete solution.)

1.Press the Windows key on the keyboard. 2.Click the Start button in the lower-left corner of the screen to switch to the Start screen display.

Which of the following are features or benefits specific to a Windows Server 2016 Server Core deployment? (Select two.)

1.Reduced system requirements. 2.Stable environment

You manage several servers that are all in the same domain. Two of the servers, DC10 and DC13, are in different buildings that are on opposite sides of the company campus. Your desk is in the same building as DC10, and you want to complete management tasks, such as managing storage settings, on DC13 from the DC10 desktop. You decide to implement Remote MMC snap-ins on DC13 so you can manage it remotely. You know that Windows Remote Management is already enabled on DC13 by virtue of being joined to a domain. Which of the following exceptions need to enabled in the firewall on DC13? (Select two.)

1.Remote Administration 2.Windows Remote Management

You manage several servers that are all in the same domain. Two of the servers, DC10 and DC13, are in different buildings that are on opposite sides of the company campus. Your desk is in the same building as DC10, and you want to complete management tasks, such as managing storage settings, on DC13 from the DC10 desktop. You decide to implement Remote MMC snap-ins on DC13 so you can manage it remotely. You know that Windows Remote Management is already enabled on DC13 by virtue of being joined to a domain. Which of the following services need to running on DC13? (Select two.)

1.Remote Registry 2.Plug and Play

After completing a Server Core deployment on a new server, you need to prepare the server to join an Active Directory domain and then join it to the domain. Drag the commands on the left to the task they can be used to complete on the right. (Each command may be used once, more than once, or not at all.)

1.Set the time and time zone-Control 2.Assign a static IP address-netsch 3.Change the name of the computer-netdom 4.Join the server to a domain-netdom

After completing a Server Core deployment on a new server, you are preparing the server to join an Active Directory domain using PowerShell cmdlets. Drag the commands on the left to the task they can be used to complete on the right. (Each command may be used once, more than once, or not at all.)

1.Set the time zone-SetTimezone 2.Assign a static IP address-New-NetIPAddress 3.Change the name of the computer- Rename-Computer 4. Set the system time- Set-date

You are preparing to install Windows Server 2012 on a new server. The server has the following hardware: • 32 GB RAM • One quad-core Intel-VT processor • 100 GB mirrored hard disk for the system partition You will use this server for the DHCP server role and configure the server in a failover cluster with two nodes. You want to select the minimum Windows Server 2012 edition to support the required roles. Which editions could you install? (Select two.)

1.Standard edition 2.Datacenter edition

After installing Windows Server, the computer will have several settings that were configured during installation by default. These settings can be seen on the Local Server Properties page. Which of the following Local Server properties will you most likely need to configure? (Select two.)

1.The time zone that matches the server's location. 2.A static IP address for Ethernet0.

You manage a network with a single active directory domain called westsim.com. You have just deployed an azure ad domain controller in the azure cloud. You have created a user account for yourself in the new azure AD domain. You are now testing the configuration of the azure ad domain from home by trying to join your home computer to this domain. Click on the option in the system menu in the settings app that allows you to join your computer to the domain in azure AD.

About (bottom)

Your manager has asked you to install the Web Server (IIS) role on one of your Windows Server 2016 systems so it can host an internal website. Which Windows feature can you use to do this?

Add Roles and Features

You manage several servers that are all in the same domain. One of the servers, SERV16-02, is a Server Core deployment that is in a different building across the company campus from your office. You are in the same building as SERV16-01, and you want add a role to SERV16-02 from Server Manager running on the SERV16-01 desktop. You see the screen shown below when you select All Servers in the Server Manager tool. What do you need to do so can add a role to SERV16-02 from here?

Add SERV16-02 to the server pool on SERV16-01.

You are the network administrator for westsim.com. The network consists of a single active directory domain. You are responsible for a server named HV1 that has the hyper-v role installed. HV1 hosts a vm that runs a custom web app that is in use 24/7. VM has one drive that is hosted on a 127 GB vhdx, and the server is running out of room. 100 GB needs to be added with minimal downtime. What should you do?

Add a new virtual hard drive (.vhdx) to a SCSI controller

You need to configure Windows Firewall with Advanced Security to allow traffic for an application that dynamically opens up multiple ports on an as-needed basis. What should you do?

Add a program rule

You manage several Windows workstations in your domain. You want to configure a GPO that will make them prompt for additional credentials whenever a sensitive action is taken. What should you do?

Configure User Account Control (UAC) settings.

You are the administrator of a network with two active directory domains. Each domain currently includes 35 global groups and 75 domain local groups. You have been reading the windows server help files and have come to the conclusion that universal groups may be the answer to ease administrative management of these groups You decide to incorporate universal groups. How can you make sure to not include changes to any group that will affect group member's assigned permissions?

Add global groups to universal groups and then add those to domain local groups

You have created a group policy that prevents users in the accounting department from accessing records in a database that has confidential information. The group policy is configured to disable the search function for all users in the Accounting OU no matter which workstation is being used. After you configure and test the policy, you learn that several people in the Accounting OU have valid reasons for using the search function. These users are part of a security group named Managers. What can you do to prevent the Group Policy object (GPO) that you have configured from applying to members of the Managers group?

Add the Managers group to the GPO's discretionary access control list (DACL). Deny the apply Group Policy and read permissions to the Managers group.

Match each Hyper-v virtual networking feature on the left with its appropriate description on the right.

Allows a VM to see traffic from multiple VLANS - trunking Allows network traffic to be distributed across multiple cpu cores - Virtual Mchine Queue (VMQ) Controls the throughput of data to virtual disks - Storage quality of Services (QoS) Establishes rules that are applied to virtual switch ports - Port ACLs Provides bandwidth aggregation - NIC teaming Copies traffic from one switch port to another - Port Mirroring Prevents a VM from being used as a rogue DHCP server - DHCP guard

You manage a group of 10 Windows workstations that are currently configured as a workgroup. Which are advantages you could gain by installed Active Directory and adding the computers to a domain? (Select two.)

Centralized authentication Centralized configuration control

Match each active directory component on the left with the appropriate description on the right. (Each component may be used once, more than once, or not at all.)

An object that cannot be created, moved, renamed, or deleted - Generic Container A database that contains a partial replica of every object from every domain - Global Catalog Facilitates faster searches - Global Catalog A type of container object that can be created by the administrator to simplify security administration - Organizational Unit Identifies the types of objects that can exist in the tree - Schema Information about an object, such as a user's name - Attributes Used to logically organize network resources within a domain - Organizational Unit

After completing a server core deployment on a new server, you prepare the server to be joined to an Active Directory domain by completing the following tasks: • Change the name of the computer to something that fits your server naming rules. • Set the time and time zone to match your local time zone. Which of the following tasks should you still perform before joining the server to the domain?

Assign a static IP address to the server.

You manage a small private network with three subnets, as shown in the image. The App1 server on SubnetC runs only IPv6. IPv4 only routers connects A and B, while servers runs routing and remote access connects B and C. Wrk2 comp runs both IPv6/4. Need it to communicate. What should you do?

Configure Rtr1 as an ISATAP router

You have a server connected to two networks: - SubnetA uses a 26-bit mask - SubnetB uses a 29-bit mask Wrk1 is on SubnetA, and Wrk2 is on SubnetB, Wrk1 cannot communicate with Wrk2. You run ipconfig on both workstations and see the following information: Wrk1: IPv4 - 192.168.201.135 Mask - 255.255.255.192 Default Gateway - 192.168.201.190 Wrk2: IPv4 - 172.30.199.70 Mask - 255.255.255.248 Default Gateway - 172.30.199.70 Which of the following actions would most likely correct the problem?

Change the IP address assigned to Wrk2 Same address on subnet as Default Gateway

You have a small network as shown in the image. You are unable to ping Wrk2 from Wrk1. What should you do to fix the problem?

Change the subnet mask on Wrk1 subnet on Wrk1 is wrong 0 - 0 / \

Which statements about Active Directory is true?

Changes are made on a domain controller and pushed out to workstations.

You need to create a snapshot of a virtual machine currently running on a Windows Server Hyper-V host. The server was installed using a Server core installation, so you must do this from the command line within a PowerShell windows. Which cmdlet should you use to do this?

Checkpoint-VM

You have implemented a network where computers are assigned specific roles, such as file sharing and printing . Other computers access those resources, but do not host services of their own. What type of network have you implemented?

Client/server

When you originally deployed the AccServer virtual machine on your windows server 2012 R2 hypervisor, it stored accounting data from all departments in your organization. Therefore, it required a very large virtual disk. More accounting servers have been added, and data has been migrated to them, Space can be reclaimed on the original server. Click the option you would use in the edit hard disk wizard to accomplish this without reducing the overall storage capacity of the victual hard disk.

Compact

you currently manage a virtual machine named VM18 that has been installed on the Srv5 physical server. The virtual machine uses a single dynamic disk of 100 GB. You notice that the physical size of the virtual hard disk is 40 GBV, but that the virtual machine reports only a total of 20 GB of files. You want to reduce the physical space used by the virtual hard disk. What should you do?

Compact the disk

You are the administrator of a network with a single Active Directory domain. The domain includes two domain controllers. Your company's security policy requires that locked out accounts are unlocked by administrators only. Upon reviewing the account lockout policy, you notice the account lockout duration of 99999. You need to configure your domain's account lockout policy to comply with your company's security policy/ What should you do next?

Configure Account lockout duration as 0.

You are an administrator for a company that uses Windows servers. In addition to Active Directory, you also provide file and print services, DHCP, DNS and email services. There is a single domain and a single site. There are two member servers, one that handles files and print services only, and one database server. You are considering adding additional servers as business increases. Your company produces mass mailings for its customers. The mailing list and contact information provided to your company by its clients is strictly confidential. Because of the private information sometimes contained in the data (one of your clients is a hospital), and because of the importance of the data to your operation, the data can also be considered a trade secret. You want to ensure the data stored on your member servers is only accessed by authorized personnel for business purposes. You've set file permissions to restrict access, but you want to track the authorized users. How should you configure your security policy to track access to the data files?

Configure object access auditing in a GPO and link it to the domain.

You are the network administrator for your company. Your network consists of two Active Directory domains, research.westsim.local and sales.westsim.local. Your company has two sites, Dallas and Houston. Each site has two domain controllers, one domain controller for each domain. Users in Houston report slow performance when logging on. Users in Dallas do hot have any problems. You want to fix the Houston problem. What should you do?

Configure one of the domain controllers in Houston to be a global catalog server

Your network consists of single Active Directory domain. The OU structure of the domain consists of a parent OU named HQ_West and the child OUs Research, HR, Finance, Sales, and Operations. You have created a Group Policy Object (GPO) named DefaultSec, which applies security settings that you want to apply to all users and computers. You have created a second GPO named HiSec, which has more restrictive security settings that you want to apply to the HR and research departments. Both GPOs use custom security templates. You also want to ensure that strong password policies are applied to all client computers. How should you link the GPOs to the OUs? (Select three. Each correct answer is part of the complete solution.)

Configure password policies on a GPO linked to the domain. Link DefaultSec to the HQ_West OU. Link HiSec to the HR and Research OUs.

You are the security administrator for a large metroplitan school district. You are reviewing security standards with the network administrators for the high school. The school's computer center has workstations for anyone's use. All computers in the computer center are members of the Computer Center Computers global group. All workstations are currently located in the Computers container. The computer center computers have access to the Internet so users can perfrom research. Any user who uses these computers should be able to run Internet Explorer only. Other computers in the high school should not be affected. To address this security concern, you create a Group Policy object (GPO) named Computer Center Security. How can you configure and apply this GPO to enforce the computer center's security?

Configure the Computer Configuration node of the Computer Center Security GPO to restrict software to Internet Explorer only. Link the GPO to the domain and allow access to the Computer Center Computers group only.

You currently manage a virtual machine named VM12 that has been installed on the Srv5 physical server. The virtual machine uses a single fixed disk of 100 GB saved in the vdisk.vhd file. Physical disk space on the server is getting low. When you run disk management within the virtual machine, you notice that only 30 GB of space is being used, but the vdisk1.vhd file occupies 100 GB. You want to reduce the physical size of the virtual hard disk. What should you do?

Convert the disk to a dynamically expanding disk named vdisk2.vhd. Delete vdisk.vhd, and change vdisk2.vhd's name to vdisk1.vhd

You are the administrator for ABC Corporation. The network has a single active directory domain called xyz.com The Sales team has a shared folder on Srv1 that is used to hold sales contact information. You need to control access to this folder so that only members of the sales team can access the folder. You create a group called Sales and add all members of the sales team as members of the group. However, when you try to assign permissions to the shared folder, the sales group you created does not show in the list of available objects. You check the properties of the group and fine the details down in the image. What do you need to do to assign permissions to the sales team?

Convert the group to a security group

You are the administrator for a network with two domains, westsim.com and sales.westsim.com. You have a shared folder called reports on the sales1 server in the sales.westsim.com domain. The following two users need access to this shared folder: - Mark in the westsim.com domain - Mary in the sales.westsim.com domain You create a global group called sales in westsim.com. You grant this group the necessary permissions to the reports shared folder. you add mark as a member of the group; however you are unable to add mary as a group member. What should you do? (Select two.)

Convert the group to a universal group Delete the exisiting group. Create a domain local group in sales.westsim.com. Add mary and mary as members and assign permissions to the share

You are the administrator of a multi-domain active directory forest. You have a universal group called salesexecs. This group has successfully been used as an email distribution group. Later, you try to assign the group permissions to a shared folder, but salesexecs does not appear as a choice. What should you do?

Convert the salesexec group from a distribution group to a security group

You are the network administrator for eastsim.com. The network consists of a Single Active Directory domain. The company has a main office in New York and several international locations, including facilities in Germany and France. You have been asked to build a domain controller that will be deployed to the eastsim.com office in Germany. The network administrators in Germany plan to use Group Policy administrative templates to manage Group Policy in their location. You need to install the German version of the Group Policy administrative templates so they will be available when the new domain controller is deployed to Germany. What should you do?

Copy the German .ADML files to the appropriate directory in the SYSVOL on a local domain controller.

You have exported a virtual machine to a USB flash drive. You have just installed a new hyper-v host, and you intend to build a lab environment consisting of several VMs on it. You plug the flash drive into the new host server and begin the import process. Partway through the process, the import virtual machine wizard gives you several import types to choose form. Which of the following import types should you choose?

Copy the virtual machine (create a new unique ID)

You've just deployed a new Active Directory domain, as shown in the figure below. You now need to deploy Group Policy objects (GPOs) to apply configuration settings and enforce security policies. Click the container(s) to which a GPO can be applied.

Corp Domain Controllers

You manage a single domain named widgets.com. Organization units (OUs) have been created for all company departments. Computer and user accounts have been moved into their corresponding department OUs. The CEO has requested the ability to send emails to managers and team leaders. He'd like to send a single email and have it automatically forwarded to all users in the list. Because the email list might change frequently, you do not want the email list to be used for assigning permissions. What should you do?

Create a distribution global group. For each user on the email list, make their user account a member of the group

You are the domain administrator for a single domain forest. You have 10 file servers that are member servers running windows server. Your company has designed its top-level OU structure based on the 15 divisions for your company. Each division has a global security group containing the user accounts for division managers. Division managers have permissions to folders on all file servers. They need different permissions for folders. What should you do?

Create a global group called AllMgrs; make each of the existing managers groups a member

You are the administrator for a network with two domains, westsim.com and branch.westsim.com. User accounts for the sales team are in both domains. You have a shared folder called reports on the sales1 server in the westsim.com domain. You also have a shared folder called contacts on the sales6 server in the branch.westsim.com domain., All sales users need access to both shared folders. What do you need to do to implement a group strategy to provide access to the necessary resources?

Create a global group in each domain. Add users within each domain to the group Create a universal group in westsim.com Add the global groups from each domain to the universal group Add the universal group to domain local groups in each domain Assign permissions to the domain local groups

You manage a network with a single active directory domain called westsim.com. Organizational units have been created for the accounting, sales, and support departments. User and computer accounts for each department are in their respective OUs. The support department have very high turnover. Nearly every week you need to add new user accounts. All user accounts have the same department and fax number settings. Each user account must also have permission to the orders shared folder. You want to create a template account to use when creating new accounts in the future, What should you do? (Select three.)

Create a group called support. make the template account a member of the support group. assign permissions for the group to the orders shared folder Disable the user account Create a user account with the department and fax number settings

You are the network administrator of a network that spans two locations, Atlanta and Dallas. Your organization started in Atlanta, and that's where you installed your first Active Directory domain controller. The Dallas location was later added to the domain with its own domain controller. Atlanta and Dallas are connected using a dedicated WAN link. You have not made any changes to default sites. Dallas users complain of long login times. Dallas users have been authenticating to DC in Atlanta. What is the first step in solving this problem?

Create a new site object and move the server object for the Dallas domain controller into the new site

You are planning a server virtualization implementation using Hyper-V. Your virtualization solution must meet the following requirements: - Both 32/64 bit os will be installed on vms - Need 6 vms - All vms will communicate - VMs should not communicate with any other network device What should you do?

Create a private network

You are the administrator for the westsim.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective department OUs. Computers in the accounting department uses a custom application. During installation, the application creates a local group named AcctMagic. This group is used to control access to the program. By default, the account used to install the application is made a member of the group. You install the application on each computer in the accounting department. All accounting users must be able to run the application on any computer in the department. You need to add each user as a member of the AcctMagic group. You create a domain group named Accounting and make each user a member of this group. You then create a GPO named Acct Software linked to the Accounting OU. You need to define the restricted group settings. What should you do?

Create a restricted group named AcctMagic. Add the Accounting domain group as a member.

You want to prevent users from running any file with a .bat or .vbs extension unless the file is digitally signed by your organization. How should you configure this rule in AppLocker?

Create a script rule with a publisher condition.

You get a call from a user one day telling you that his password no longer works. As you inquire about the reasons why the password doesn't work, he tells you that yesterday he got a call from an administrator asking for his user account passwords, which he promptly supplied. You want to reset all account passwords and force users to change on next login. What should you do? (Select two.)

Create a script that runs Dsmod. Specify the new password and account properties in the script. Run the script Run Ldifde to export user account information. Edit the .ldif file to modify the user account properties and passwords. Run Ldifde to modify the existing accounts

You are the domain administrator for a single domain forest. Your company has based its top-level OU structure on the four divisions for your company, manufacturing, operations, marketing, and transportation. Each division has a global security group containing the user accounts for division managers. You want to have a single group that can be used when you need grant access to resources to all of your organization's mangers. What should you do? (Select two.)

Create a universal security group called AllMgrs and make each of the existing division manager groups a member Create a global security group called AllMgrs and make each of the existing division manager groups a member

You want to find out who has been running a specific game on the client computers. You do not want to prevent users from running the program, but instead want to log information when the file runs. The application is not digitally signed. How should you configure this rule in AppLocker?

Create an executable rule with a path condition that identifies the file. Set the enforcement mode to audit only.

You are planning a server virtualization implementation using Hyper-V. Your virtualization solution must meet the following requirements: - Both 32/64 bit os will be installed on vms - Need 6 vms - You will manage the services running on the vms from a windows computer What should you do?

Create an external network

You are planning a server virtualization implementation using Hyper-V. Your virtualization solution must meet the following requirements: - Both 32/64 bit os will be installed on vms - Need 2 vms - Virtual machines must be able to communicate with each other and with the host operating system What should you do?

Create an internal network

You are the network administrator for a company with a single Active Directory domain. The corporate office is locate din Miami, and there are satellite offices in Boston and Chicago. AD sites configured for all three locations. Default site was renamed Miami. Each location has a single IP subnet, and each office has several DCs. Boston office has expanded, each new floor having a subnet. DCs for Boston as on one floor in the same subnet. You notice that users working on the new floors are authenticating to domain controllers from other locations. What should you do to the Active Directory Sites and Services configuration?

Create subnets for the new floors in the Boston office and link them to the Boston site

You have decided to install multiple virtual servers. You install hyper-v on a server that is running windows server 2016 datacenter edition. You need to install the following virtual machines: - Four servers running Windows Server 2008 R2 Standard (64-bit) - Three servers running Windows server 2012 R2 datacenter (64-bit) - Three servers running Windows Server 2016 Standard (64-bit) To conserve disk space, you decide to use parent and differencing disks. You need to create the virtual hard disks used by the virtual machines. What should you do?

Create three fixed disks and ten differencing disks

You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. As part of your security plan, you have analyzed the use of Internet Explorer in your organization. You have defined three different groups of users. Each group has different needs for using Internet Explorer. For example, one group needs ActiveX controls enabled, and you want to disable ActiveX for the other two groups. You would like to create three templates that contain the necessary settings for each group. When you create a GPO, you want to apply the settings in the corresponding template rather than manually set the corresponding Administrative Template settings for Internet Explorer. What should you do?

Create three starter GPOs with the necessary settings. When creating the GPOs, select the starter GPO with the desired settings.

You are installing Windows Server 2016 on a system with a clean hard drive. The hard drive contains no data files or operating system files. Which installation type should you choose?

Custom

You have configured Active Directory Sites and Serivces to represent the physical layout of your network. As shown in the table below, each site has its own domain controller and subnet: Atlanta / DC-ATL / 192.168.1.0/24 Chicago / DC-CHI / 192.168.2.0/24 Denver / DC-DEN / 192.168.3.0/24 Phoenix / DC-PHX / 102.168.4.0/24 A user authenticates from a workstation with an IP address of 192.168.2.255 and a subnet mask of 255.255.255.0. Which domain controller is Active Directory going to send this authentication request to?

DC-CHI

You are preparing to install Windows Server 2012 on a new server. The server has the following hardware: • 4 TB RAM • 8 64-bit Intel-VT processors • 1 TB mirrored hard disk for the system partition You will install Hyper-V on the server and create seven virtual servers, with each server running Windows Server 2012. Which Windows Server 2012 edition should you install?

Datacenter edition

You are the administrator of the eastsim.com domain. Your Active Directory structure has organization units (OUs) for each company department. You have assistants who help resetting passwords and managing group memberships. You also want your assistants to help create and delete user accounts. Which of the following tools can you use to allow your assistants to perform these additional tasks?

Delegation of Control Wizard

Which Hyper-V feature allows you to create read-only parent virtual hard disk files that are linked to child virtual hard disks that contain only changes made to the parent disk?

Differencing disks

When Active Directory is installed, several containers are created by default. Which default container would you be able to apply a Group Policy to?

Domain Controllers OU

You manage a Windows computer connected to a business network that uses switches and multiple subnets. You connect a workstation to the 192.168.1.0/24 subnet. The workstation can communicate with some hosts on the private network, but not with other hosts. You run ipconfig /all and see the following: ...Default Gateway: 192.168.2.1

Edit the IPv4 properties and change the default gateway

You manage a network with all windows clients. As part of your ipv6 migration strategy, you have implemented isatap on your network. you would like to test the communication of a client computer using isatap. What should you do?

Ping the address beginning with FE80: ISATAP prefix - FE80: /16

You are the network administrator for your company. Rodney, a user in the research department, shares a computer with two other users. One day, Rodney notices some of his documents have been deleted from the computer's local hard drive. You restore the documents from a recent backup. Rodney now wants you to configure the computer so he can track all users who delete his documents in the future. You enable auditing of successful object access events in the computer's local security policy. Rodney then logs on and creates a sample document. To test auditing, you then log on and delete the document. However, when you examine the computer's security log, no auditing events are listed. How can you make sure an event is listed in the security log whenever one of Rodney's documents is deleted?

Edit the advanced security properties of the folder containing Rodney's documents. Configure an auditing entry for Everyone group. Configure the entry to audit success of the Delete permission.

Your company has started the migration to ipv6 on your network. your network administrator tells you that the network is using stateless autoconfiguration. You need to configure your computer for IPv6 so it is correctly configured with the IPv6 address, default gateway, and DNS server address. What should you do?

Edit the internet protocol version 6 (TCP/IPv6) properties for the network adapter. Select the obtain an ipv6 address automatically and use the following dns server addresses option stateless auto - clients automatically generate int id and learn subnet prefix and default gateway through neighbor discovery. need to manually configure dns

After configuring a password policy to require users to create a strong passwords, you start to notice sticky notes stuck to monitors throughout the organization. The sticky notes often have strings of characters written on them that appear to be passwords. What can you do to prevent the security risk that this practice presents?

Educate users on how to create and remember strong passwords.

You need to design a network that supports 275 hosts. You want to place all hosts in a single broadcast domain, and want to make sure you do not waste IP addresses. How should you implement your plan?

Place all hosts on the same subnet. Use a mask of 255.255.254.0

You are the administrator for the widgets.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. From your workstation, you create a GPO that configures settings from a custom .admx file. You link the GPO to the Sales OU. You need to make some modifications to the GPO settings from the server consol. However, when you open the GPO, the custom administrative template settings are not shown. What should you do?

Enable the Administrative Templates central store in Active Directory. Copy the .admx file to the central store location.

You are the network administrator of a small network consisting of three Windows servers and 150 Windows workstations. Your network has a password policy in place with the following settings: * Enforce password history: 10 passwords remembered * Maximum password age: 30 days * Minimum password age: 0 days * Minimum password length: 8 characters * Password must meet complexity requirements: Disabled * Store password using reversible encryption: Disabled One day, while sitting in the cafeteria, you overhear a group of co-workers talk about how restrictive the password policy is and how they found ways to beat it. When required to change the password, they simply change the password 10 times at the same sittings. Then they go back to the previous password. Your company has started a new security crackdown, and passwords are at the top of the list. You thought you had the network locked down, but now you see that you need to put an end to this practice. Users need to have passwords that are combination of letters and numbers and do not contain a complete dictionary word. Users should not be able to reuse a password immediately. What should you do? (Choose two. Each answer is part of the solution.)

Enable the Minimum password age setting. Enable the Password must meet complexity requirements settings.

You have been asked to troubleshoot a Windows workstation that is a member of your domain. The director who uses the machine said he is able to install anything he wants and change system settings on demand. He has asked you to figure out why User Account Control (UAC) is not being activated when he performs a sensitive operation. You verify that the director's user account is a standard user and not a member of the local Administrator group. you want the UAC prompt to show. What should you do?

Enable the Run all administrators in Admin Approval Mode setting in the Group Policy.

You are the administrator for a small company that uses a windows server to host a single domain. MAry Hurd, a user in the sales department, calls and reports that she is unable to log in using her computer (Sales1). You use active directory users and computers and see the screen shown in the image. (Sales1 is disabled) What can you do to allow Mary to log in?

Enable the computer account

You are the security administrator for your organization. Your multiple domain Active Directory forest uses Windows servers for domain controllers and member servers. The computer accounts for your member servers are located in the Member Servers OU. Computer accounts for workstations are located in the Workstations OU. You are creating a security template that you plan to import into a GPO. What should you do to log whenever a user is unable to log on to any computer using a domain user account? (Select two. Each choice is a required part of the solution.)

Enable the logging of failed account logon events. Link the GPO to the Domain Controllers OU.

You need to view resource usage for a Hyper-V virtual machine named AccServer that is running on a windows Server system. Before you can actually retrieve resource usage information, you first need to turn resource metering on for the virtual machine. Which PowerShell command can you use to do this?

Enable-VMResourceMetering -VMName AccServer

You need to be able to access a partner organization's network using a vpn connection from within a windows virtual machine on a windows server. However, the vpn connection requires a smart card for authentication. In order to connect, you need to redirect the smart card from the local physical hardware to the virtual machine. Click the option in the hyper-v settings on the server you can use to enable this.

Enhanced Session Mode Policy

You are managing a Windows Server 2012 system from the command line using PowerShell. You need to use the Get-Service cmdlet to generate a list of all services installed on the system but are unsure of the syntax to use. What should you do?

Enter Get-Help Get-Service at the PowerShell prompt.

You are preparing to install Windows Server 2012 on a new server. The server has the following hardware: • 64 GB RAM • One quad-core Intel-VT 64-bit processor • 100 GB mirrored hard disk for the system partition You will use the server for the following server roles: • DNS Server • DHCP Server You want to select the minimum Windows Server 2012 edition to support the required roles. Which edition should you install?

Essentials edition

You are configuring nic teaming on a windows server system using four physical network adapters. Each network adapter is connected to a different network switch. You want to configure the team to provide both load balancing and failover protection. You want the day-to-day network load to be balanced between the first three network interfaces. You want to use the fourth network adapter as a favor adapter so that it can immediately take over if the other adapters in the team fails. From the drop-down list, select the standby adapter option you need to choose to implement this configuration.

Ethernet3 Choose the four adapter as the standby

you currently manage a virtual machine named VM12 that has been installed on the Srv5 physical server. The virtual machine uses a single fixed disk of 40 GB saved in the vdisk1.vhd file. The virtual machine is running out of free disk space. The virtual machine currently uses about 39.5 GB of the available disk space. You need to add more disk space to the virtual machine. What should you do?

Expand the vdisk1.vhd disk

You are the network administrator for Corpnet.com. You have two windows servers named HV1 and HV2. Both servers have the hyper-v role installed. HV1 has an intel processor, and HV2 has an AMD processor. HV2 hosts a virtual machine named VM1. You build another server named HV3 and install the hyper-v role. HV3 has an intel processor. You need to move VM1 from HV2 to HV3 with the least amount of downtime. What should you do?

Export VM1 on HV2 and then import it on HV3

The Srv1 server runs hyper-v and has several virtual servers installed. You would like to copy the VM4 virtual machine and create two new virtual machines running on Srv1. You are using the hyper-v manager console and want to complete the task with as little effort as possible. Which of the following procedures will let you create two virtual machines form the original VM4?

Export VM4 to the C:\Export folder. Copy the C:\Export folder to C:\Export2. Import the configuration using C:\Export\VM4 as the path. Import the configuration again using C:\Export2\VM4 as the path

You manage a company network with multiple subnets. As a part of a recent upgrade, you have upgraded all servers to Windows Server 2016. Client systems run Windows 10. ... You want to manually assign private IPv6 addresses to the servers and the client computers. Which of the following prefixes should you use? (Choose two.)

FC00: FD00:

Which of the following are used in PowerShell to specify an option in the command?

Flags

Which of the following contain objects are Active Directory built-in containers?

ForeignSecurityPrincipals ManagedServiceAccounts Users Computers

Active Directory uses certain objects to represent the logical organization of a computer network and other objects to represent its physical structure. Drag the representation type on the left to the types of objects it uses on the right.

Forest - Logical Site - Physical Subnet - Physical Domain - Logical OU - Logical

You are preparing to install Windows Server 2012 on a new server. The server has the following hardware: • 32 GB RAM • One quad-core Intel-VT 64-bit processor • 100 GB mirrored hard disk for the system partition You will use the server for the following server roles: • File and Storage Services • Print and Document Services You want to select the minimum Windows Server 2012 edition to support the required roles. Which edition should you install?

Foundation edition

You are in the process of migrating the DHCP role from the FS1 server to the FS10 server. Both servers are running Windows Server 2016, and both have the Windows Server Migration Tools (WSMT) feature installed. You have started WSMT on the FS1 server, which has launched a PowerShell window with the WSMT snap-ins loaded. You need to find out the ID of the DHCP role. Which cmdlet must you enter at the command prompt to get the ID?

Get-SmigServerFeature

You are at the PowerShell command line, and you need to see a list of all available roles and features that you can install on the Windows server. Fill in the blank with the PowerShell command that will display this list.

Get-WindowsFeature

You are upgrading a Windows Server 2008 system to Windows Server 2012. One of the first choices you have to make is about installing updates. Which of the following options is recommended for a production system?

Go online to install updates during the upgrade

Click on the tool you can use to configure Restricted Groups to control membership for groups that require high security.

Group Policy Management

You have configured a new GPO. You use a scoping method to prevent it from applying to a specific user using a specific computer. Which tool can you use to see if your scoping method is successful?

Group Policy Results

Match each default active directory object on the left with the appropriate description on the right.

Holds the default service administrator accounts - Builtin container The default location for new user accounts and groups - User container The default location for domain controller computer accounts - Domain controller OU The root container to the hierarchy - Domain container The default location for workstations when they join the domain - Computers container

You manage the small network that is connected to the internet, as shown in the graphic. You add HostA to the network. All hosts use manually-assigned TCP/IP values. The subnet where HostA resides uses a 28-bit subnet mask. Which TCP/IP configuration values should you choose for HostA?

IP address - 10.0.0.97 Mask - 255.255.255.240 Default Gateway - 10.0.0.110 O - 0 - 0 - H

You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. How can you make the change with the least amount of effort? (Select two.)

Implement a granular password policy for each user in the Directors OU. Create a group for the members of the Directors OU and then apply a granular password policy to the group.

You are the network administrator for northsim.com. The network consists of a single Active Directory domain.The company has offices throughout the United States and internationally. Two servers, HV1 amnd HV2, are in new york. Both have hyper-v installed and have quad-core cpus and 16 GB of RAM. HV1 hosts two vms named APP1 and APP2: - APP1 hosts an application used heavily by users in new york - APP2 hosts an application used heavily by users in London During the day, APP1 has poor performance, but at night it works fine. APP2 has poor performance during business hours in London. No way to add RAM to host, and there is no budget to upgrade HV1. You need to improve performance for APP1 and APP2. What should you do?

Implement dynamic memory in the properties of APP1 and APP2

You copy the Nano Server Image Generator files to a folder on your C: drive. You then open a PowerShell session and enter a command to create a Nano Server image using the NewNanoServerImage cmdlet. The system returns an error saying New-NanoServerImage is not recognized as the name of a cmdlet,. What must you do so the system recognizes this cmdlet?

Import the NanoServerImageGenerator.psm1 module

You copy the Nano Server Image Generator files to a folder on your C: drive. You then open a PowerShell session and enter a command to creat a Nano Server image using the New-NanoServerImage cmdlet. The system returns an error saying New-NanoServerImage is not recognized as the name of a cmdlet,. What must you do so the system recognized this cmdlet?

Import the NanoServerImageGenerator.psm1 module.

You are the administrator of the eastsim.com domain, which has two domain controllers. Your Active Directory structure has organizational units (OUs) for each company department. You have assistant administrators who help manage Active Directory objects. for each OU, you grant one of your assistants Full Control over the OU. You come to work one morning to find that while managing some user accounts, the administrator in charge of the Sales OU has deleted the entire OU. You restore the OU and all of its objects from a recent backup. You want to configure the OU to prevent accidental deletion. What should you do so you can configure this setting?

In Active directory Users and Computers, select View > Advanced Features

You manage a network with a single active directory domain called westsim.com. Organizational units have been created for the accounting, sales, and support departments. User and computer accounts for each department are in their respective OUs. You have hired a temporarily worker named John Miller to work in the shipping department during the holidays. John should only be allowed to log on to the Ship01 workstation and no others. What should you do?

In John's user account, add Ship01 to the log on to list

You run a custom application on a Windows server. You want to configure the firewall to allow the application to use a specific port but restrict access to only Wrk1 and Wrk2. How can you make the change using the least amount of effort possible?

In Windows Firewall with Advanced Security, add an inbound rule. Require only secure connections for the rule, and add the users to the list of authorized computers

You run a custom application on a Windows server. You want to configure the firewall to allow the application to use a specific port but restrict access to specific users. How can you make the change using the least amount of effort possible?

In Windows Firewall with Advanced Security, add an inbound rule. Require only secure connections for the rule, and add the users to the list of authorized users

You are the network administrator for westsim.com. The network consists of a single active directory domain. Westsim.com often hosts business meetings for its partners and contractors at the new york office. during these meetings, personal laptops belonging to the contractors, partners, and some employees are connected to the company network. FS1 in new york contains confidential data. Ensure that only computers that are members of westsim domain and only valid user can connect. Provide highest security. What should you do?

In Windows Firewall with Advanced Security, create a new Isolation Connection Security Rule and require authentication for inbound and outbound connections

You manage a company network with multiple subnets. As a part of a recent upgrade, you have upgraded all servers to Windows Server 2016. Client systems run Windows 10. You have previously configured all hosts on the network with static IPv6 addresses, default gateway, and DNS server address. IPv6 is working correctly between all hosts. Prefix and dg assigned by routers, host generates int id, dns through dhcp. What additional tasks must you perform to complete the configuration? (Choose two.)

In the network connection properties on each client, select Obtain DNS server address automatically In the network connection properties on each client, select Obtain an IPv6 address automatically

You are upgrading a Windows Server 2012 system to Windows Server 2016. The server currently contains data and applications that you want to continue to use after it is upgraded. This server also has some reliability issues that you have not been able to resolve. Which of the following installation types is recommended?

Keep nothing

You are the domain administrator for north.westsim.com, which is a child domain in westsim.com You have a high-end color laser printer that is shared on a server in north.westsim.com. Because of the high price per page, you have removed the print permission from the everyone group. You need to grant the print permissions to marketing users in the north.westsim.com, east.westsim.com, and west.westsim.com domains. What should you do?

In the north domain, create a domain local group called CLR-PRT In all three domains, create a global group named Marketing Add all three global groups to the north clr-prt group and assign the print permission to the group

You are working in Hyper-V Manager on a system that hosts several Windows Server 2008 R2 virtual machines. You create snapshots of these virtual machines nightly as part of your disaster recovery plan. Users are complaining that they can no longer access virtual servers. In Hyper-V manager, they are identified as being in a paused-critical state. What should you do? (Select two.)

Install a new physical hard disk in the hypervisor host Move the snapshot files to the new hard disk

You need to move the DHCP role from the FS1 server to the FS10 server. Both servers are running Windows Server 2016. Which of the following is the first task you need to perform?

Install the Windows Server Migration Tools feature on both servers.

You have completed the installation of the Active Directory Domain Services role on a new server. Now you want to promote this server to be a domain controller in an existing domain. The server was installed with a Server Core deployment, so you will need to make this server a domain controller in an existing domain from the Powershell command line. Which of the following powershell cmdlets will you need to enter? (Select two.)

Install-ADDSDomainController Import-Module ADDSDeployment

Software developers in your organization want to use hyper-v to create virtual machines to test their new code. You add a vswitch, and it must allow vms and host to communicate. Click on the type of virtual switch you should create

Internal

In the Windows Server 2016 interface, which type of tile displays content that changes dynamically?

Live tile

Drag each Active Directory term on the left to its corresponding definition on the right.

Logical organization of resources - Organization Unit Collection of network resources - Domain Collection of related domain trees - Forest Resource in the directory - Object Group of related domains - Tree User or group of users - Object

You are consulting with the owner of a small network that has a Windows server functioning as a workgroup server. There are six Windows desktop computers. There is no Internet connectivity. The server contains possibly sensitive information, so the owner wants to make sure that no unauthorized access occurs. You suggest that auditing be configured so that access to sensitive files can be tracked. What can you do to make sure that the files generate audit results? (Choose three. Each correct answer is part of the required solution.)

Make sure the Object Access auditing policy is configured for success or failure. Make sure the correct users and groups are listed in the auditing properties of the files. Make sure the files to be audited are on NTFS partitions.

You need to view resource usage for a Hyper-V virtual machine named AccServer that is running on a windows Server system. Which PowerShell command can you use to do this?

Measure-VM -VMName AccServer

You need to add the Active Directory Domain Services role to a Windows Server 2012 system. Click the option you would use in Server Manager to access the Add Roles and Features Wizard.

Manage Icon

You need to create a new server group and add your Windows Server 2012 system to it. Click the Server Manager option you use to do this.

Manage Icon

You are tasked with managing multiple servers. You want to manage them all from one Server Manager interface so you don't have to manage them one at a time by physically moving from one server to another. You need to access the Add Servers dialog so you can add your other servers to this server management pool. Click on a menu selection that will allow you to access the Add Servers dialog.

Manage or all Servers

You are managing a Windows 2012 virtual machine on a hyper-v hypervisor host. Dynamic memory is enabled in the virtual machine's configuration. the VM will run multiple web apps. With Dynamic memory enabled, memory might be reallocated from one vm to this one. Enbsure that some physical RAM is held in reserve. Click the option you would use in the virtual machine's memory configuration to do this.

Memory Buffer manages RAM assigned to VM compared to RAM needed by apps and services running on VM.

Virtualization offers several advantages for server administrators. As an administrator, your job can be made easier because of the several tasks you can perform on or with a virtual machine instead of on a physical machine. The advantages of virtualization can be organized into the categories listed on the left. Drag the advantage category on the left to the task that matches it on the right.

Move many physical servers onto a few host servers with many virtual machines - Server Consolidation Verify updates and patches before rolling them out into the production environment - Testing Functions Create a sandboxed environment where malware can be executed with minimal risk to equipment and software - Isolation Move virtual machines between hypervisor and hosts as needed - Flexibility Create a lab environment that mirrors your production network to see how an application runs before putting it into production - Testing Functions Migrate an older system off of aging hardware and into a virtual machine - Server Consolidation

You are the network administrator of a network that spans three locations, Atlanta, Chicago, and Denver. Your organization started in Atlanta, and that's where you installed your first Active Directory domain controller. The Chicago and Denver locations were later added to the domain with their own domain controllers. these three locations each have their own subnet and are connected using dedicated WAN links. Which of the following steps must you perform to complete this configuration? (Select three.)

Move the Chicago and Denver server objects into their respective site objects Create site objects for Chicago and Denver Create subnet objects for Chicago, Denver and Atlanta, and then link them to their respective sites

You are a domain administrator for a large multi-domain network. There are approximately 2,500 computers in your domain. Organization units (OU) have been created for each department. Group policies (GPOs) are linked to each OU to configure department-wide user and computer settings. While you were on vacation, another 20 computers were added to the network. The computers appear to be functioning correctly with one exception: the computers do not seem to have the necessary GPO settings applied. What should you do?

Move the computer accounts from their current location to the correct OUs

You need to configure the ENSERV16-VM03 server as a global catalog server. Where do you click in the properties dialog to open the page that will allow you to select the global catalog option?

NTDS Settings...

For security testing purposes, you need to change the source MAC address in outgoing packets originating from a Hyper-V virtual machine. Click the option you would use in the virtual machine's settings to do this.

Network Adapter > Advanced Features (Bottom)

Click on the menu option that allows you to verify that the virtual machine queue feature is enabled for a virtual machine.

Network Adapter > Hardware acceleration

You manage a small private network with two subnets, as shown in the image. wrk1 and wrk2 use ipv6. ipv4 router connects A and B. on A, run netsh to configure srv3 as ISATAP router. wrk1 can't communicate with wrk2. What should you do?

On the DNS server for the network, create an A record named ISATAP that points to Srv3 windows clients checks for isatap routers. adding a record helps clients find it

You are the network administrator of the westsim.com domain. You have several users who use Windows laptop machines because they travel frequently. When they are on the road, they need to use a VPN connection to access network resources in the domain. Click on the Group Policy preferences Control Panel setting you would use to configure these laptops with the correct VPN connection settings.

Network Options

Click on the menu option that allows you to enable bandwidth management.

Network adapter

For most of the year, the AccSrv virtual machine is only lightly utilized. However, at quarter-end and at year-end, it is heavily utilized as accountants in your organization prepare reports and reconcile accounts. Need to make sure virtual adapter has sufficient bandwidth, so you turn on bandwidth management. Click thew option you would use in the virtual machine's settings on the adapter.

Network adapter

Which is an advantage of a peer-to-peer network?

Network implementation is fast and easy.

You are the network administrator for westsim.com. There is one main office and seven branch offices. You have been asked to create a script that can be used in the event of a disaster that destroys the entire network. Thee script must be able to recreated the company's active directory users, computers, and groups, as well as sites and subnet objects. Which command should you use in your script?

New-ADObject

You want to implement hyper-v so you can create a lab environment that mirrors your production network for testing applications before deploying them into your production environment. You're planning on having four virtual windows servers in this lab environment. You plan to use a file server already in production to create your first hyper-v host system. System specs: - 64-bit processor with SLAT - VM monitor mode extensions - UEFI that supports virtualization - Intel VT - DEP enabled with XD - 64 GB RAM - Windows Server 2016 Standard with Server Core IS this system a good choice for hosting your lab environment?

No, best practice suggests that the system should be a dedicated hypervisor host with only the hyper-v role installed

You want to implement hyper-v so you can create a lab environment that mirrors your production network for testing applications before deploying them into your production environment. You're planning on having four virtual windows servers in this lab environment. Your lab environment will need access to the physical network and the internet. You plan to use hardware that you already have on hand to create your first hyper-v host system. System specs: - 64-bit processor with SLAT - VM monitor mode extensions - UEFI that supports virtualization - Intel VT - DEP enabled with XD - 64 GB RAM - Windows Server 2016 Standard with Server Core - A single 1 Gbps network adapter Is this system a good choice for hosting the lab environment you plan to build?

No. When guest systems need network access, best practice suggests that a host should have its own network adapter and an additional adapter for every four virtual machines

The sales department in your organization needs you to deploy a new web-based contact management application for them. The application runs only on Windows Server 2008 R2. You don't have a budget for new hardware, but you do have unused licenses available for this operating system. You decider to create a new vm on an existing windows server 2016 hyper-v host. Configure vm as follows: - Generation 2 - 200 GB virtual SCSI drive VHDX for system volume - 1 TB virtual SCSI drive VHDX for application data - Virtual SCSI optic drive - 64-bit Windows Server 2008 R2 Will this configuration work?

No. Windows Server 2008 R2 is not supported in generation 2 virtual machines

The sales department in your organization needs you to deploy a new web-based contact management application for them. The application runs only on Windows Server 2012. You don't have a budget for new hardware, but you do have unused licenses available for this operating system. You decider to create a new vm on an existing windows server 2016 hyper-v host. Configure vm as follows: - Generation 1 - 200 GB virtual SCSI drive VHDX for system volume - 1 TB virtual SCSI drive VHDX for application data - IDE virtual optical drive - Windows Server 2012 After months in production, you decide to use secure boot. You need to upgrade the vm. Will this configuration work?

No. You cannot change the generation of a virtual machine after it has been created

You want to implement hyper-v so you can create a lab environment that mirrors your production network for testing applications before deploying them into your production environment. You're planning on having four virtual windows servers in this lab environment. You plan to use hardware that you already have on hand to create your first hyper-v host system. System specs: - 64-bit processor with SLAT - VM monitor mode extensions - UEFI that supports virtualization - Intel VT - DEP enabled with XD - 4 GB RAM - Windows Server 2016 Standard with Desktop Experience Will this system allow you to create your lab environment?

No. You need more RAM to support four virtual machines

You are the network administrator for westsim.com, and you manage a server named Web1 that is running the Web Server (IIS) role and hosting an internal company website. The website has no internal security. Contractors use AD accounts and connect to internal network on domain comps. Management wants to prevent them from accessing internal company website for duration of project. Contractors might need to connect to Web1 using RDP. How can you ensure that contractors cannot access the internal company website on Web1 using the least amount of administrative effort?

On Web1, you should create a custom inbound firewall rule that allows HTTP traffic to Web1 from Domain Users. add the TechContractors group as an exception to the rule

You manage the westsim.com domain. All servers run Windows Server, and all workstations run Windows 10. Members of the sales team have been issued laptops that they use both to connect to the local network and dial in when they are on the road. A single DHCP server at the main office assigns IP addresses on the 192.168.1.0/24 subnet. ... ...run ipconfig, and you note the IP address is 169.254.12.4. You want to enable access on both the main office and the branch office. What should you do?

On each laptop, configuration an alternate IP configuration

You are the administrator for a network with a single Active Directory domain named widgets.local. The widgets.local domain has an organizational unit object for each major department in the company, including the information systems department. User objects are located in their respective departmental OUs. Users who are members of the Domain Admins group belong to the Information Systems department. However, not all employees in the Information Systems department are members of the Domain Admins group. To simplify employees' computing environment and prevent problems, you link a Group Policy object (GPO) to the widgets.local domain that disables the control panel for users. How can you prevent this Group Policy object from applying to members of the Domain Admins group?

On the Group Policy object's access control list, deny the apply Group Policy permission for members of the Domain Admins group.

You need to add additional disk space to the AccServ virtual machine running on a Windows server. To accomplish this, you decide to create a pass-through disk. Click the option you would use in the virtual machine's settings screen to do this.

Physical hard disk:

You manage a network with all windows clients. As part of your ipv6 migration strategy, you have implemented isatap on your network. you would like to test the communication of a client computer using teredo. What should you do?

Ping the address beginning with 2001:

You manage user accounts in the southsim.com domain. Each department is represented by an Organizational Unit (OUs). Computer and user accounts for each department have been moved to their respective OUs. You want to control access to a new color printer named ColorMagic. To do this, you create the following groups: - A domain local group named ColorMagic-DL - A global group named Sales-GG You want all users in the sales department to have access to the new printer. What should you do? (Select three.)

On the member of tab for the sales-gg group, add the colormagic-dl group on the colormagic printer object, assign permissions to the colormagic-dl group on the members tab for the sales-gg group, add all sales user accounts

You are installing Windows Server 2016 on a new computer. Using the RAID controller on the motherboard, you configure three hard disks in a RAID 5 array. You leave the array unpartitioned and unformatted. You edit the BIOS boot order to boot from the optical drive. You insert the installation DVD, boot to the disc, and start the installation. When you are prompted to select the disk where you want to install Windows, the RAID array you created does not show as a possible destination disk. What can you do to get Windows to recognize the RAID array?

On the screen where you select the disk to install Windows, click Load Driver.

Management is concerned that users are spending time during the day playing games and have asked you to create a restriction that will prevent all standard users and administrators from running the Games app. Click on the option you would use in Group Policy Management Editor to implement this restriction.

Packaged app Rules

You have implemented a network where each device shares files with all other devices on the network. What type of network do you have?

Peer-to-peer

You are the network administrator for Corpnet.com. The network has two servers that run windops server. They are named HV1 and HV2. Both servers are running the hyper-v role and are members of a cluster named Cluster1. HV1 hosts a virtual machine running a windows server named VM1. HV1 is running low on space. You would like to transfer the .VHD file for VM1 to HV2 while you requisition additional space. VM1 must remain available while space is added to HV1. What should you do?

Perform a storage migration

You manage a network with a single active directory domain called westsim.com. You have just deployed an azure ad domain controller in the azure cloud so tat remote users can authenticate to the westsim.coim domain over the internet. By default, replication is set to occur on this domain controller every 180 minutes. Your manager wants you to change this setting so that replication occurs every six hours. Which of the following must you perform to make it possible to configure replication on the azure ad domain controller?

Place the azure ad domain controller in its own site

You are in charge of designing the active directory tree. You have a small company that has only one location. You have determined that you will have approximately 500 objects in your completed tree. Your company is organized with four primary departments, accounting, manufacturing, sales, and administration. Each area is autonomous and reports directly to the CEO. The managers in each department want to make sure that some management control of their users and resources remains in the department. Which of the following design plans will best meet these requirements?

Plan 3 -Create an OU object for each department -Train a member of each department for an admin task -Use Delegation Wizard for principle of least privilege for appropriate OU

You are the network administrator for your company. Your company has three standalone servers that run Windows Server. All servers are located in a single location. You have decided to create a single active directory domain for your network. Currently, each department has one employee designated as the department's computer support person. Employees in this role create user accounts and reset passwords for the department. As you design active directory, your goal is to allow these users to maintain their responsibilities while not giving them more permissions than they need. Which of the following design plans will best meet your goals?

Plan 4 -Create department OUs -Use Delegation wizard to grant support user permissions to specific OU

You manage a single domain running Windows Server. You have configured a restricted Group Policy as shown in the image. When this policy is applied, which action will occur?

The Backup Operators group will be made a member of the Desktop Admins group.

You manage a single domain named widgets.com. This morning, you noticed that a trust relationship you established with another forest has changed. You reconfigured the trust, but you want to be able to identify if this change happens again in the future. You want to configure auditing to track this event. Which auditing category should you enable?

Policy change events.

You've been assigned to manage a Windows Server system named AccServer. This server was deployed using a Server Core installation. You need to make several configuration changes to the system. Which utility could you use to do this?

PowerShell

You are the network administrator for westsim.com. The network consists of a single active directory domain. A user named Mary Merone is working on location in Africa. She called to report that her laptop had failed. The hardware vendor replaced the laptop, and now you need to join the new computer to the domain. However, there is no connectivity from the current location to the domain. What should yo do first?

Prepare the computer to perform an offline domain join by creating an active directory account for the computer using the djoin /provision command

You have just ordered several laptop computers that will be used by members of the programming team. The laptops will arrive with windows. You want the computer account for each new laptop to be added to the developer ou in active directory. you want each programmer to join his or her new laptop to the domain. What should you do?

Prestage the computer accounts in active directory. grant the programmers the rights to join the workstation to the domain

Scoping allows you to target to given GPO to specific users and/or computers. Drag the scoping method on the left to the appropriate description on the right. (Methods can be used once, more than once, or not at all.)

Prevents settings in GPOs linked to parent objects from being applied to child objects - Block Inheritance Causes computer settings to be reapplied after user login - Loopback Processing Prevents inheritance from being blocked for a specific GPO - Enforced Causes computer settings to take precedence over user settings - Loopback Processing

You are configuring a NIC Team on a Windows Server system using two physical network adapters in the system. You want the new team to aggregate the throughput of both network adapters to increase performance. You IP network is divided into several VLANS. You need to specify which VLAN the new NIC team will be a member of. Click the option under additional properties in the nic teaming window to select to do this.

Primary team interface

You have a computer running Windows. Prior to installing some software, you turn off User Account Control (UAC), reboot the computer, and install the software. You turn UAC back on, but it does not prompt you before performing sensitive actions. You want the protection of UAC, but it is not working at all. What should you do?

Reboot the machine.

You are consider implementing NIC teaming in a virtual machine running in hyper-v The virtual machine is configured with 8 GB of system RAM, a 1 TB virtual hard disk file, and four virtual network adapters. You want to use all of the network adapters in the team to provide load balancing and failover. What should you do?

Reduce the number of virtual NICs in the team to two

Which of the following server roles cannot be added to a Windows Server 2016 Server Core deployment?

Remote Desktop Services

You manage a network with a single active directory domain called westsim.com. Most of your users work from the office and access your on-premise domain controllers when they authenticate and use network resources. Your company has just moved to office365 and is using the cloud-hosted versions of Exchange and SharePoint for employees who work from home. You are considering using Azure AD to allow these employees to authenticate to the domain. Which of the following are advantages of deploying Azure AD? (Select two.)

Remote users can have single sign-on access to Exchange and SharePoint Remote users can authenticate to the domain from any location that has internet access

To save disk space on your Windows Server 2016 system, you decide to remove unneeded roles and features. Which Windows feature can you use to do this?

Remove Roles and Features

You are the manager of eastsim.com domain. Your active directory has organizational units (OUs) for each company department. Assistant administrators help you manage active directory objects. For each OU, you grant one of your assistants full control over the OU. You come to work one morning to find that while managing some user accounts the administrator in charge of the sales ou has deleted the entire ou. You restore the ou and all of its objects from a recent backup. You want to make sure that your assistants can't delete the ous they are in charge of. What should you do? (Select two.)

Remove full control permissions from each ou. run the delegation of control wizard for each ou, granting permissions to perform the necessary management tasks Edit the properties for each ou to prevent accidental deletion

You are the administrator for a small network. you have approximately 50 users who are served by a single windows server. You are providing active directory, dns, and dhcp with this server. Your clients will use windows workstations. An employee quit, and a replacement is on the way. They will need all the previous worker's settings. What should you do?

Rename the existing account, changing the name fields to match the new employee

You are the administrator for a large single-domain network. You have several windows server domain controllers and member servers. Your 3,500 client computers are windows workstations. Today, one of your users has called for help. Their computer cannot establish trust to DC. Nothing seems wrong with the account. Need to allow user to log in. What should you do?

Reset the computer account and rejoin the domain

You are upgrading a Windows Server 2008 system to Windows Server 2012. During the installation, you have to make a choice about the type of installation you want to use. You want to keep the data, settings, and applications that are currently on the server. Which of the following installation types meets this requirement?

Upgrade

You have a laptop that you use for remote administration from home and while traveling. The laptop has been joined to the domain using the name of AdminRemote. The processor in your laptop overheats one day, causing extensive damage. Rather than repair the computer, you purchase a new one. The computer arrives, and you edit the system properties and name it AdminRemote. When you try to join the computer to the domain, you receive an error message and are unable to proceed. What should you do?

Reset the computer account in active directory

You are logged into your system as a user that is a member of the Administrator group, and you need to perform some tasks using the Computer Management tool. Many of the tasks in Computer Management require you to have administrator privileges. You have opened the shortcut list from the Start menu, as shown below.Which of the following steps would be the easiest way for you to run the Computer Management tool as administrator?

Right-click Computer Management and select More > Run as Administrator.

Prior to installing active directory on your network, you set up a test network in your lab. You created several user accounts that correspond to actual network users. Want to move accounts from test to new domain. Want to use Ldifde command and set new passwords. How can you perform this task with the least amount of effort?

Run Ldifde to export the user accounts. Run ldifde to import the user accounts. Edit the .ldif file to specify user account passwords. Run LDifde to modify the existing accounts

You have a windows laptop that uses ipv6. the network connection is configured to obtain an ipv6 address automatically. you need to see the ipv6 address that the network connection is currently using. What should you do? (Select two.)

Run the netsh command View the status for the network connection. Click the details button

The Srv1 server runs Hyper-v and has several virtual servers installed currently, most virtual servers are used for testing purposes. Physical system is running out of RAM because all vms are active. You want to stop three of them. You want to stop the vms so that all open applications are sill open and running when they start again. What should you do?

Save the virtual machine

You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. You would like to configure all computers in the Sales OU to prevent the installation of unsigned drivers. Which GPO category would you edit to make the necessary changes?

Security Options

You are the network administrator for your company. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify denied attempts to change a user's group membership in a computer's local database. How can you create a policy that meets these requirements?

Select Failure for Audit account management.

You are the network administrator for your company. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify denied attempts to manipulate files on computers that have been secured through NTFS permissions. How can you create a policy that meets these requirements?

Select Failure for Audit object access

You manage a network with a single active directory domain called westsim.com. You have just deployed an azure ad domain controller in the azure cloud. You have created a user account for yourself in the new azure AD domain. You have successfully joined your home computer to this domain, so you are ready to make sure you can log on to the domain with your azure ad user account. Which of the following steps do you need to perform to log on to the azure ad user account? (Select two.)

Select Other user and sign in using the azure ad user account credentials Sign out as the local user

You are upgrading a Windows Server 2008 system to Windows Server 2012. One of the choices you have to make is about the version of Windows Server 2012 you want to install. This server will be managed remotely most of the time, and it's important that it runs as fast as possible. Which of the following options meets these requirements?

Server Core installation

You are the network administrator of the westsim.com domain. You have several users who use Windows laptop machines because they travel frequently. These users have very sensitive information on their laptops, so you have been asked to take additional security measures with these machines. You install smart card readers on each laptop so that no one can access a lost or stolen laptop unless they also have the smart card. Click on the Group Policy preferences Control Panel setting you would use to configure these laptops so the Smart Card Reader services starts when the laptop is powered on.

Services

You manage a windows server that is an active directory domain controller for your organization. You need to use command line tools to generate a list of all users in the domain and then view the value of the office property of each user. Which command should you use?

dsquery user -name * | dsget user -display -office

Your new Nano server has been installed and configured with an IP address of 192.168.0.25. You need to join this server to your corpnet.com domain. You use the djoin command to create a blob file and then copy the file to the root of the Nano Server's C: drive. You start a PowerShell session on your management server so you can manage the Nano server. Before the Nano server can be managed from the management server, it must be added to the trusted hosts list. From the drop-down list, select the PowerShell cmdlet you must use to fill in the blank in the following command to add the Nano server to the trusted hosts list: ______ WSMan:\localhost\Client\TrustedHosts "192.168.0.25"

Set-Item

Your new Nano server has been installed and configured with an IP address of 192.168.0.25. You need to join this server to your corpnet.com domain. You use the djoin command to create a blob file and then copy the file to the root of the Nano Server's C: drive. You start a PowerShell session on your management server so you can manage the Nano server. Before the Nano server can be managed from the management server, it must be added to the trusted hosts list. From the drop-down list, select the PowerShell cmdlet you must use to fill in the blank in the following command to add the Nano server to the trusted hosts list: _____________ WSMan:\localhost\Client\TrustedHosts "192.168.0.25"

Set-Item

Several new updates for your Windows Server 2012 system have been downloaded and are available for installation. The updates require a system restart after installation. It's late at night and no one is using the server, so you decide to update and restart the system. Click the charm in the Charms panel you would use to select Update and restart under Power Options.

Settings charm

You need to access Control Panel on your Windows Server 2012 system to manage the schedule for downloading and installing updates. Click the charm in the Charms panel you would use to access Control Panel.

Settings charm

Your organization has two sites that are members of the same active directory domain. Three domain controllers are deployed at each site. You have just installed three virtual domain machines in the azure cloud and made them domain controllers in the same domain. The virtual domain machines in the azure cloud will support your organization as it adds branch offices in various locations. You will not have to hire additional server administrators for the branch offices because users in these locations will be able to use these cloud-based domain controllers for authentication. You need to ensure that domain authentication and synchronization traffic remains secure in their deployment. Click the network segments where a vpn connection will need to be used.

Site A to Azure VM Site B to Azure VM

Which Hyper-V feature found in windows Server provides temporary memory that allows a virtual machine to restart even when there is not enough physical memory available?

Smart Paging

You are preparing to install Windows Server 2012 on a new server. The server has the following hardware: • 2 TB RAM • 16 64-bit Intel-VT processors • 10 GB mirrored hard disk for the system partition You will use the server for the following server roles: • File and Storage Services • Print and Document Services • Windows Deployment Services You want to select the minimum Windows Server 2012 edition to support the required roles and hardware. Which edition should you install?

Standard

You would like to have better control over the applications that run on the computers in your domain, so you have decided to implement AppLocker. You have created default rules and an executable rule that only allows the company's accounting application to run. When you test these rules, you find that you can still run any program on your test client. What should you do? (Select two. Each correct answer is part of the solution.)

Start the Application Identity service on the client. Ensure that the enforcement mode for executable rules is set to Enforce rules.

You are configuring NIC Teaming on a Windows Server system using two physical network adapters. You want to aggregate the bandwidth of both network adapters to provide better throughput. both adapters are connected to the same network switch. You decide to manually identify the links forming the team on both the switch and the server. Click the option under additional properties in the nic teaming windows that must be selected to configure this team.

Static Teaming

You want to use Hyper-V to create two virtual machines that each use a common parent installation. Listed below are the steps necessary to complete the configuration. Drag each required step from the list in the left to the spaces on the right.

Step 1 - Create one fixed disk Step 2 - Create the virtual machines(s) Step 3 - Install the operating system Step 4 - make the disk(s) read only Step 5 - Create two differencing disks Step 6 - Create the virtual machine(s)

You need to migrate the DHCP role from the FS1 server to the FS10 server. Both servers are running Windows Server 2016, and both have the Windows Server Migration Tools feature installed. Which of the following do you need to perform with the Services tool before you can perform the role migration?

Stop the DHCP service.

You are configuring NIC Teaming on a Windows Server system using two physical network adapters. You want to increase the availability of the system by configuring one of the adapters as a primary adapter and the other as a standby adapter. Each adapter is connected to a different network switch. Click the option under additional properties in the nic teaming windows that must be selected to configure this team.

Switch Independent

You are configuring a NIC Team on a Windows Server system using two physical network adapters in the system. You want the new team to provide fault tolerance. To accomplish this, the two network adapters are each connected to separate network switches. Should the network switch or the network adapter connected to it fail, you want the second adapter to immediately take over. From the drop-down list, select the NIC Teaming mode you need to select to implement this configuration.

Switch Independent

You are managing a Windows server. You type the PowerShell verb new followed by a dash (new -). At this point, you are not sure which options this command supports. Which key(s) can you press to cycle through the available options?

Tab

you currently manage a virtual machine named VM18 that has been installed on the Srv5 physical server. The virtual machine runs windows server and a custom application. You receive an update to the application. You want to save the current state so if the update causes any problems, you can easily revert back to the state before the update was installed. What should you do?

Take a snapshot of the virtual machine

Group Policies can be used to set the same notification levels at the domain level that can be set for local machines using the User Account Control (UAC) tool. You need to configure the Notify me only when programs try to make changes to my computer notification level using Group Policy. Which of the following Group Policies must be set to complete this configuration?

The Behavior of the elevation prompt for Administrators in Admin Approval Mode policy settings is set to Prompt for consent for non-Windows binaries. The User Account Control: Switch to the secure desktop when prompting for elevation policy setting is enabled.

You are the administrator of a network with a single active directory domain. the domain includes a user account named bob smith. you have been asked by the network security group to provide a listing of all domain groups to which bob smith is a member. You would prefer to use a command line utility so that the output can be saved and printed. Which command should you use?

dsget

After you install Windows Server 2016, you must activate the server if you want to receive updates from Microsoft to keep your server secure and running smoothly. You have a 30-day grace period in which to activate the server. The vendor who sold the Windows Server license should provide a piece of information that you need to activate your installation. Which of the following do you need to activate your Windows server?

The product key

User Account Control (UAC) is a tool that generates an alert when a task or operation needs administrative privileges. You use the UAC settings in Control Panel to configure the sensitivity of UAC. Drag the UAC notification level on the left to the appropriate description of what it does on the right.

The user is prompted only when programs try to make changes to the computer or Windows settings. The secure desktop is not displayed - Notify me only when apps try to make changes to my comuter (do not dim the desktop) A UAC prompt and the secure desktop are displayed for 150 seconds. The user cannot perform any other actions until they respond to the prompt - Always notify The user is prompted only when programs try to make changes to the computer or Windows settings. The secure desktop is displayed for 150 seconds - Notify me only when apps try to make changes to my computer If logged on as a standard user, all actions requiring elevation are automatically denied - Never notify

You manage a network with a single active directory domain called westsim.com Organizational units have been created for the accounting, sales, and shipping departments. User and computer accounts for each department are in their respective OUs. At 5:30pm, you get a call from Mary Hurd, a user in the sales department, stating that she can't log in. You use active directory users and computers and see the information shown in the image. You need to make sure Mary can log in. What should you do? (Select three.)

Unlock Mary's account Change the log in hours to extend past 5:30 pm Change Mary's account to never expire

During the installation of Windows Server, several properties of the local server are configured by default. One of these properties is the time zone. Which time zone is selected for the server by default?

US Pacific

You are installing Windows Server 2016 on one of your data center systems that is already running Windows Server 2012. Which installation type should you choose if you want to keep existing data files and applications in place?

Upgrade

Recently, some users in your domain have downloaded and installed an open source program that contains malware. After download, the application is installed by running a program with a .msi extension. The file is not digitally signed. You have a copy of this open source program running on your server, and it did not install any malware. The users that got the malware likely obtained the program from a website they did not know was malicious. How can you prevent users from installing this software if it has been tampered with?

Use AppLocker to create a Windows installer rule with file hash condition.

You are the administrator of a network with a single active directory domain. You need to create 75 user accounts in the domain users container. You have a list of new user accounts that include an IP telephone number. The user accounts are available via an export from your company's HR application in the form of a comma-delimited file. You want to create the new accounts as quickly and easily as possible. What should you do?

Use Csvde to import user account using the .csv file.

Your company uses Windows images to deploy new computers for new employees or for existing employees whose computers get too old. You've just received a shipment of new computers that need a display driver that the image you've been using doesn't have in its driver store. Which of the following can you do to add this driver to the deployment image with the least amount of effort?

Use DISM to add the new display driver.

Your company uses Windows images to deploy new computers for new employees or for existing employees whose computers get too old. You've just received a shipment of new computers that need a display driver that the image you've been using doesn't have in its driver store. Which of the following can you do to add this driver to the deployment image with the least amount of effort?

Use DISM to add the new display driver.

You want to give the TPlask user the right to log on to any of the domain controllers in your domain and gain access to the desktop. This user does not belong to any of the default groups that have the Allow log on locally right by default. Which of the following steps can you take to give the Allow log on locally right to this user? (Select two. Each correct answer is a complete solution.)

Use Group Policy Management Editor to add the TPlask user account to the Allow log on locally policy. Use Active Directory Users and Computers to add the TPlask user account to the Administrators group.

You manage user accounts in the southsim.com domain. Each department is represented by an organizational unit (OU). Computer and user accounts for each department have been moved to their respective OUs. When a new employee is hired in the sales department, you create the user account, add the user account to multiple groups, assign the user permissions to the sales contact database, and configure permissions to home and shared folders. Because of high turnover, you find that as users leave the organization, you spend several hours tracking down file ownership and reassigning permissions to other users. How can you simplify this?

Use a programming language to create a deprovisioning solution. Write scripts or routines that run automatically and reassign ownership and permissions when the user account is deleted

You are the administrator for the westsim.com domain, which has five domain controllers running windows server. The active directory structure is shown in the image. All user and computer accounts have been placed in the department OUs. Main offices are located in Orlando, with additional offices in Boston, new york, and Chicago. There are three departments within the company, sales,. marketing, and accounting. Employees from each department are at each location. You want to appoint an employee in each department to help with changing passwords for users within their department. They should not be able to perform any other tasks. What should you do?

Use the Delegation of Control wizard. Grant each user administrator permissions to modify passwords for their department OU

You are the administrator of a network with a single active directory domain. The domain currently includes 75 user accounts. You have been asked to add 50 additional accounts. Your human resources manager has an existing database of employees that can be imported to active directory. you would like to use an automated method for data import if possible. What should you do? (Select two.)

Use the Ldifde.exe utility Use the Csvde.exe utility

You are the network administrator for Corpnet.com. You have several virtual machines hosted on a VMware platform. You have installed a new windows server that has the hyper-v role installed. You need to migrate the VMware virtual machines to hyper-v. What should you do?

Use the Microsoft Virtual Machine Converter (MVMC) tool

You are the administrator of a network with a single active directory domain. Your domain contains three domain controllers and five member servers. Your security policy states that all accounts should be locked out after three unsuccessful logon attempts and that accounts must be reset only by an administrator. A GPO enforces these settings. You get a call, seven users are unable to log on. All seven accounts are locked out. Need to unlock with lease amount of effort. What should you do next?

Using Active Directory Users and Computers, select Unlock Account for each account

You have a Windows laptop that uses DHCP for IPv4 addressing information. You need to see gthe IPv4 address, subnet mask, and DNS server addresses that the network connection is currently using. What should you do? (Select Two.)

View the status for the network connection. Click the details button Run the ipconfig command

Which of following is not true about Windows image (WIM) files?

WIM files use a sector-based format.

Question 4: Incorrect You are upgrading a Windows Server 2012 system to Windows Server 2016. One of the choices you have to make is about the version of Windows Server 2016 you want to install. This server is currently being used to: • Host an application that requires a graphical user interface • Host four virtual machines Which of the following options will allow the server to continue hosting the application and the virtual machines?

Windows Server 2016 Datacenter (Desktop Experience)

You have a small network with three subnets, as shown in the graphic. IP address for each router interface are also indicated. You need to connect Wrk1_A to SubnetA and Wrk5_C to SubnetC. Which Ip address should you use? (Select Two.)

Wrk1_A = 192.168.111.62 Wrk5_C = 10.155.64.97 0 - 0 / \

You manage a network with a single active directory domain called westsim.com. Most of your users work from the office and access your on-premise domain controllers when they authenticate and use network resources, but you also have a few users who work remotely. Your company has just moved to office365 and is using the cloud-hosted versions of exchange and sharepoint for employees who work from home. You are considering using Azure AD to allow these employees to authenticate to the domain. Which of the following are options for deploying Azure AD? (Select two.)

You can deploy active directory domain controllers using the windows azure active directory saas cloud service You can install active directory domain controllers on windows azure virtual machines in the cloud

Which is an advantage of a client/server network?

You can save time on other tasks once the network is implemented.

You are the network administrator for westsim.com, and you manage a server named App1 that is running an application that uses a services named Custom App Service. This service is required to contact an internal database running on a server named SQL1. After installing the application, you determine that Custom App Service is not able to contact SQL1. You need to enable the Custom App Service to contact SQL1. What should you do?

You should create a custom rule using Windows Firewall with Advanced Security

You are currently working at the administrator command prompt on the DC10 server. You need to run a series of commands to complete several management tasks on the DC13 server. DC10 and DC13 are in the same domain, but DC13 is in another building on the other side of your company campus. You want the command prompt on DC10 to behave as if it is the command prompt on DC13. Use the drop-down list to fill in the blank with the switch you must use to complete the following command. winrs -r:DC13 ____________

cmd

You have a base Windows Server 2016 image contained in an image file named server2016.wim. You have mounted the image file in c:\mount. You frequently use Remote Desktop to remotely manage servers in your organization, so you have decided to add this feature (Remote-Desktop-Services) to your base server image. What command should you use to do this?

dism /image:c:\mount /enable-feature /featurename:Remote-DesktopServices

You have a base Windows Server 2016 image contained in an image file named server2016.wim. You have mounted the image file in c:\mount. You frequently use Remote Desktop to remotely manage deployed servers in your organization, so you have added this feature (Remote-Desktop-Services) to your base server image using the dism enable-feature command option. What command must you use now to save the server2016.wim image with this feature enabled?

dism /unmount-image /mountdir:c:\mount /commit

You have a base Windows server 2016 image in an image file named server 2016.wim. You have mounted the image file in c:\mount. You frequently use Remote Desktop to remotely manage servers in your organization, so you have decided to add this feature (Remote-Desktop-Services) to your base server image. What command should you use to do this?

dism \image:c:/mount \enable-feature \featurename:Remote-Desktop-Services

You have a base Windows server 2016 image in an image file named server 2016.wim. You have mounted the image file in c:\mount. You frequently use Remote Desktop to remotely manage deployed servers in your organization, so you have added this feature (Remote-Desktop-Services) to your base server image using the dism enable-feature command option. What command must you use now to save the serer 2016.wim image with this feature enabled?

dism \unmount-image \mountdir:c:/mount /commit

You are the administrator of a network with a single active directory domain. You would like to create a script to distribute to the help desk support staff for their needs when creating domain user accounts. The help desk staff will input various user account values and these values will be used in the script. Which of the following commands should your script include?

dsadd

You need to use a powershell to generate a list of all active directory computer accounts located in just the computers container (cn=computers,dc=testoutdemo,dc=com)/ Which cmdlet should you use?

get-adcomputer -filter * -SearchBase "cn=Computers,dc=testoutdemo,dc=com"

Which PowerShell command would you use to get help for a particular cmdlet?

get-help

You manage several servers that are all in the same domain. One of the servers, DC12, is a Server Core deployment that is in a different building across the company campus from your office. You are in the same building as DC10, and you want to use Powershell tocomplete management tasks on DC12 from the DC10 desktop. You have loaded PowerShell on DC10. Which of the following PowerShell cmdlets will give you a list of the services installed on DC12?

icm DC12 {get-service}

You are the network administrator for westsim.com. The company is opening a new branch office in new york that will have 100 new users. all the information on the new accounts is contained in a file named branch.csv, which specifies a unique name and password for each user. You need to run a script to create the new accounts contained in the branch.csv file. The new accounts must be assigned the appropriate passwords as contained in the branch.csv file. Which commands should you run? (Select two.)

import-csv new-ADUser

You manage a windows server that functions as your company's domain controller. You want to test a new network application in a lab environment prior to rolling it on to your production network. To make the test as realistic as possible, you want to export all active directory objects from your production domain controller and import them to a domain controller in the test environment. Which tools could you use to do this? (Select two.)

ldifde csvde

You manage a windows server that functions as your company's domain controller. Your organization was recently acquired by a larger organization, and the company name has changed as a result. You need to modify the company property of each user account in active directory. Which tools could you use to make this change? (Select two.)

ldifde dsmod

You must manage the DC13 server remotely from the DC10 server. You have ensured that the following basic requirements to use Remote MMC snap-ins to manage a remote server have all been met: • The management server and the remote server are in the same domain. • Windows Remote Management is enabled on the remote server. • The Windows Remote Management firewall exception is enabled on the remote server. • The Remote Administration firewall exception is enabled on the remote server. • The Plug and Play service is running on the remote server. • The Remote Registry service is running on the remote server. Enter the command you must use at the DC10 admin-level command prompt to open the MMC console and select the necessary MMC snap-ins.

mmc

You have captured an image of a newly installed Windows computer. Your manager wants you to apply this image to several new computers that are going to be distributed to employees whose computers have gotten too old and need to be replaced. Your manager tells you to make sure you don't get computer name conflicts on the network when this image gets deployed Which of the following tools must you use to prevent causing computer name conflicts by deploying this image?

sysprep

You have captured an image of a newly installed Windows computer. Your manager wants you to apply this image to several new computers that are going to be distributed to employees whose computers have gotten too old and need to be replaced. Your manager tells you to make sure you don't get computer name conflicts on the network when this image gets deployed. Which of the following tools must you use to prevent causing computer name conflicts by deploying this image?

sysprep

You are at the PowerShell command line, and you need to enter the command that will remove the Telnet Client feature from the server. Use the drop-down list to fill in the blank with the part of the command that is missing: _______________________ -Name Telnet-Client -Restart

uninstall-windowsfeature

Which is the typical syntax of a PowerShell command?

verb-noun -adverb

You are currently working at the administrator command prompt on the DC10 server. At the moment, you don't need to manage the DC13 server, but you do need to know its IP configuration. DC10 and DC13 are in the same domain, but DC13 is in another building on the other side of your company campus. Which command can you enter on DC10 to find out the IP configuration on DC13?

winrs -r:DC13 ipconfig

Match each active directory component on the left with the appropriate description on the right. (Each component may be used once, more than once, or not at all.)

A group of related domains that share the same DNS namespace - Tree A collection of related domain trees - Forest A server that holds a copy of the Active Directory database - Domain Controller The process of copying changes to the Active Directory database between domain controllers - Replication A collection of network resources that share a common directory database - Domain Can make changes to the Active Directory database - Domain Controller

You need to add a new Windows server to an Active Directory domain. You intend to make this new server a domain controller. This server was installed with a server core deployment, so you'll need to install the Active Directory Domain Services role from the PowerShell console. From the drop-down list, select the name of the service you would enter to complete the following PowerShell command: Install-WindowsFeature __________

AD-Domain-Services

You manage a network with a single domain named eastsim.com. The network currently has three domain controllers. During installation, you did not designate one of the domain controllers as a global catalog server. now you need to make the domain controller a global catalog server. Which tool should you use to accomplish this task?

Active Directory Users and Computers or Active Directory Sites and Services

You have added a new color printer to the network. You have only given certain users throughout the network permission to send print jobs to this printer. Some of these users are complaining that it takes a long time to find the new color printer in active Directory to add it to their list of printers. What can you do to make this printer faster to find?

Add a global catalog server

You are an administrator over several Windows servers. You also manage a domain in Active Directory. You also manage a domain in Active Directory. Your responsibilities include managing permissions and rights to make sure users can do their jobs while also keeping them from doing things they should not be doing. With Windows Server systems and Active Directory, the concepts of permissions and rights are used to describe specific and different kinds of tasks. Drag the concept on the left to the appropriate task examples on the right. (Each concept can be used more than once.)

Allow members of the Admins group to back up the files in the Marketing folder on the CorpFiles server - Rights Assign members of the Admins group read-only access to the files in the Marketing folder on the CorpFiles server - Permissions Allow members of the Admins group to restore the files in the Marketing folder on the CorpFiles server - Rights Assign members of the Marketing group read-write access to the files in the Marketing flder on the CorpFiles server - Permissions Allow members of the Admins group to log on locally to the CorpFiles server - Rights Allow members of the Admins group to shut down the CorpFiles server - Rights Allow members of the Marketing group to send print jobs to the Marketing color printer - Permissions

You are in charge of managing the servers in your network. Recently, you have noticed that many of the domain member servers are being shut down. You would like to use auditing to track who performs these actions. What should you do to only monitor the necessary events and no others? (Select two. Each choice is a required part of the solution.)

Audit successful system events Create a GPO to configure auditing. Link the GPO to the domain.

You are the network administrator for eastsim.com. The network consists of one Active Directory domain. Several users have received new computers to replace their older systems that were out of warranty. You are preparing to join the new computers to the domain. Your company has several limitations on what users can do with their workstations. For example, users are not allowed to use USB removable media devices or create any kind of executable files. You must make sure each new computer configuration is in compliance with these limitations, but you do not want to go from computer to computer to make the changes. Which of the following can you preform to meet these requirements with the least possible effort?

Configure Group Policy preferences.

You manage a network with a single active directory domain called westsim.com. Organizational units have been created for the accounting, sales, and support departments. User and computer accounts for each department are in their respective OUs. Mary Hurd is a manager in the sales department. Mary is a member of the managers global group. This group also has members from other organization units. The managers group has been given read share permission to the reports shared folder. You need to create several new user accounts that have the same group membership and permission settings as the mhurd user account. How can you complete this configuration with the least amount of effort?

Copy the mhurd user account. Assign the new account the change share permission to the reports shared folder

You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. As you manage Group Policy objects (GPOs), you find that you often make similar user rights, security options, and Administrative Template settings in different GPOs. Rather than make these same settings each time, you would like to create some templates that contain your most common settings. What should you do? (Select two. Each choice is a possible solution.)

Create GPOs with the common settings. When creating new GPOs, copy one of the existing GPOs. Create GPOs with the common settings. Take a backup of each GPO. After creating new GPOs, import the settings from one of the backed up GPOs.

You are managing rights on a standalone server. You want to make changes to the settings of the Restore Files and Directories policy. Which of the following is the tool you must use to make changes to this policy?

Local Group Policy Editor

Your organization has been using an in-house custom-developed application. The team that developed that application created a Group Policy template in the form of an ADMX file, which you have used to assign necessary rights to a group of users who use the application. Another group of users now needs to have the same rights. This group belongs to an OU that one of your assistants has full control management rights to. When your assistant tries to use the Group Policy template to assign rights to this group, she cannot find the template in Active Directory. What must you do to give your assistant access to the Group Policy template?

Create a central store on the SYSVOL share and copy the ADMX file into it.

Drag the organizational model on the left to the appropriate example OU on the right.

Denver OU - Physical Printers OU - Object Sales OU - Corporate Engineering OU - Corporate Brazil OU - Physical Brazil OU containing the Sales OU - Hybrid

You are the network administrator for an Active Directory forest with a single domain. The network has three sites with one domain controller at each site. You have created and configured sites in Active Directory Sites and Services, and replication is operating normally between sites. You configure two universal groups for use in securing the network. All users are members of one universal group or the other. After configuring the universal groups, users at sites 2 and 3 report slow login and slow access to the corporate database. Users at site 1 can log in and access the corporate database with acceptable performance. You want to improve login and resource speeds. What should you do?

Designate the domain controllers at sites 2 and 3 as global catalog servers

You manage a single domain named widgets.com. Recently, you noticed that there have been several unusual changes to objects in the Sales OU. You would like to use auditing to keep track of those changes. You want to only enable auditing that shows you the old and new values of the changed objects. Which directory service auditing subcategory should you enable?

Directory Service Changes

You manage a single domain named widgets.com. Recently, you noticed that there have been several unusual changes to objects in the Sales OU. You would like to use auditing to keep track of those changes. You enable successful auditing of directory service access events in a GPO and link the GPO to the domain. After several days, you check Event Viewer, but you do not see any events listed in the event log indicating changes to Active Directory objects. What should you do?

Edit the access list for the OU. Identify specific users and events to audit.

You manage a network with a single active directory domain called westsim.com. Organizational units have been created for the accounting, sales, and support departments. User and computer accounts for each department are in their respective OUs. At 5:30 pm, you get a call from Mary Hurd, a user in the sales department, stating that she can't log in. You use the Active directory users and computers and see the information shown in the image. (Her account is disabled) How can you make sure Mary can log in?

Enable Mary's Account

You are the security administrator for your organization. Your multiple domain Active Directory forest uses Windows Server domain controllers and Member Servers OU. Computer accounts for domain controllers are in the Domain Controllers OU. You are creating a security template that you plan to import into a GPO. You want to log all domain user accounts that connect to the member servers. What should you do to be able to check each server's log for the events? (Choose two. Each choice is required part of the solution.)

Enable the logging of logon events. Link the GPO to the Member Servers OU.

You want to prevent users in your domain from runninf a common game on their machines. This application does not have a digital signature. You want to prevent the game from running even if the executable file is moved or renamed. You decide to create an AppLocker rule to protect your computer. Which type of condition should you use in creating this rule?

Hash

You are the network administrator of the westsim.com domain. You have several users in the Sales OU who use Windows laptop machines because they travel frequently. These laptops are all in the Computers OU along with the desktop computers used by other users in the Sales OU. The Computers OU is a child of the Sales OU. There is a service preference that need to be applied to the laptops that does not need to be applied to desktop computers. You configure a Group Policy preference for this service that you want to apply to just the laptops. You link this Group Policy to the Computers OU. Click on the Group Policy preferences Common option setting you would use to configure the preference to apply only to the laptop computers in the Computers OU.

Item-level targeting.

You have just started a new job as the administrator of the eastsim.com domain. The manager of the accounting department has overheard his employees joke about how many employees are using "password" as their password. He wants you to configure a more restrictive password policy for employees in the accounting department. Before creating the password policy, you open the Active Directory users and computers structure and see the following containers and OU: - eastsim.com - Builtin - Users - Computers - Domain controllers Which steps must you perform to implement the desired password policy? (Select three.)

Put the accounting employees user objects into the OU created for the accounting employees Configure the password policy and link it to the OU created for the accounting employees. Create an OU in eastsim.com for the accounting employees

You are the network administrator for your company. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify attempts to break into a computer by having the computer that denies the authentication attempt note the failed attempt in its security database. How can you create a policy that meets these requirements?

Select Failure for Audit account logon events.

You are the network administrator for our network. Your network consists of a single Active Directory domain. Your company recently mandated the following user account criteria: * User accounts must be deactivated after three unsuccessful logon attempts * User accounts passwords must be at least 12 characters long * User accounts must be manually reset by an administrator once they are locked out. You must make the changes to affect everyone in the domain. You are editing the Default Domain Group Policy object. What should you do? (Choose three. Each correct choice represents part of the solution.)

Set Account lockout threshold to 3 Set Minimum password length to 12 Set Accounts lockout duration 0

You manage a network with a single active directory domain called westsim.com. Organizational units have been created for the accounting, sales, and support departments. User and computer accounts for each department are in their respective OUs. Maria Hurd is going on a seven-week sabbatical and will not be in to work during that time. Which of the following can you perform to secure her user account to prevent it from being used to access network resources while she is away? (Select two.)

Set account expiration time for the last day Maria will be in office Disable the user account

You have not yet installed Active Directory Domain Services (ADDS) on a new windows server system. You are planning to use this computer as a domain controller in Active Directory. Which of the following steps is it recommended that you perform before you install the ADDS role (Select two.)

Set the system time and time zone Configure the computer name

Active directory uses two broad categories of objects to represent the various components of a network: - Network resources - Security Principals Drag the category on the left to the object on the right that belongs to that category.

Shared folder - Network Resource User - Security Principal Group - Security Principal Printer - Network Resource Computer Account - Security Principal

You manage a single domain running Windows Server. You have configured a restricted Group Policy as shown in the image. When this policy is applied, which actions will occur? (Select two.)

The Desktop Admins group will be made a member of the Backup Operators group. Any other members of the Backup Operators group will be removed.

You are the administrator for a domain named internal.widgets.com. This domain spans a single site (the Default-First-Site-Name site). You want to configure password and account lockout policies that Active Directory domain controllers will enforce. You have created a Group Policy object with the settings you want to apply. Most of the domain controllers are located in the Domain Controllers OU, although you have moved some domain controllers to a sub-OU called Secure Domain Controllers. Where should you link the Group Policy object that you created?

The internal.widgets.com domain.

You are the administrator for the wisgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. You have two OUs that contain temporary users, TempSales and TempMarketing. For all users within these OUs, you want to restrict what the users are able to do. For example, you want to prevent them from shutting down the system or accessing computers through a network connection. Which GPO category would you edit to make the necessary changes?

User Rights

Select the policy node you would choose to configure who is allowed to manage the auditing and security logs.

User Rights Assignment

You want to use Restricted Groups to manage the membership of local groups on the domain member servers that you manage. You can define a restricted group in one of two ways: * Members of this group * This group is a member of The This group is a member of option is the preferred method for most use cases. Which of the following explains why this is the preferred method?

Using the This group is a member of option does not remove existing members of the group if they are not part of the restricted group.

Your network has a single Active Directory forest with two domains, eastsim.private and HQ.eastsin.private. The organizational units Accounting, Marketing, and Sales represent departments of the HQ domain. Additional OUs (not pictured) exist in both the eastsim.private and HQ.eastsim.private domains. All user and computer accounts for all departments company-wide are in their respective departmental OUs. You are in the process of designing Group Policy for the network. You want to accomplish the following goals: * You want to enforce strong passwords throughout the entire forest for all computers. All computers in both domains should use the same password settings. * The Accounting department has a custom software application that needs to be installed on computers in that department. * Computers in the marketing and sales departments need to use a custom background and prevent access to the Run command. You create the following three GPOs with the appropriate settings: Password Settings, Accounting App, and Desktop Settings. How should you link the GPOs to meet the design objectives? To answer, drag the label corresponding to the GPO to the appropriate boxes.

eastsim.private - blank, Password Settings, blank HQ.eastsim.private - Password Settings, blank, blank Accounting - Accouting App, blank Marketing - Desktop Settings, blank Sales - Desktop Settings, blank