title6-15

Ace your homework & exams now with Quizwiz!

You have pulled the microsoft/nanoserver image from the Docker Hub website. Now you need to 12/4/2018 create a new Hyper-V container from the image and run the cmd command to open the command line interface in the container. From the drop-down list, select the command that fills in the blank: docker run -it microsoft/nanoserver ______________ cmd

-isolation=hyperv

You manage a group of 10 Windows workstations that are currently configured as a workgroup. Which are advantages you could gain by installing Active Directory and adding the computers to a domain? (Select two.)

1. Centralized authentication 2. Centralized configuration control

Which of the following container objects are Active Directory built-in containers? (Select four.)

1. Computers 2. Foreign Security Principals 3. Managed Service Accounts 4. Users

You manage a network with a single Active Directory domain called westsim.com. Organizational units have been created for the Accounting, Sales, and Support departments. User and computer accounts for each department are in their respective OUs. The Support department has very high turnover. Nearly every week, you need to add new user accounts. All user accounts have the same department and fax number settings. Each user account must also have permission to the Orders shared folder. You want to create a template account to use when creating new accounts in the future. What should you do? (Select three. Each is a required part of the solution.)

1. Create a user account with the department and fax Number settings. 2. Disable the user account. 3. Create a group called Support. Make the template account a member of the Support group. Assign permissions for the group to the Orders shared folder.

You have just started a new job as the administrator of the eastsim.com domain. The manager of the accounting department has overheard his employees joke about how many employees are using "password" as their password. He wants you to configure a more restrictive password policy for employees in the accounting department. Before creating the password policy, you open the Active Directory Users and Computers structure and see the following containers and OU: • eastsim.com • Builtin • Users • Computers • Domain Controllers Which steps must you perform to implement the desired password policy? (Select three. Each correct answer is part of the complete solution.)

1. Create an OU in eastsim.com for the accounting employees. 2. Put the accounting employees user objects into the OU created for the accounting employees. 3. Configure the password policy and link it to the OU created for the accounting employees.

You are the network administrator of a network that spans three locations, Atlanta, Chicago, and Denver. Your organization started in Atlanta, and that's where you installed your first Active Directory domain controller. The Chicago and Denver locations were later added to the domain with their own domain controllers. These three locations each have their own subnet and are connected using dedicated WAN links. You have used Active Directory Sites and Services to change to the name of the Default-FirstSite-Name to Atlanta, but that's all you've done so far. The IT manager wants you to continue configuring Active Directory Sites and Services to direct clients to local network resources for authentication. He does Which of the following steps must you perform to complete this configuration? (Select three.)

1. Create subnet objects for Chicago, Denver, and Atlanta, and then link them to their respective sites. 2. Create site objects for Chicago and Denver. 3. Move the Chicago and Denver server objects into their respective site objects.

Data deduplication finds and removes duplicate information across files without compromising data integrity. The data deduplication optimization process uses a four-step process. Use the left/right arrow buttons to move the steps that are part of the data deduplication optimization process from the list on the left to the list on the right. Use the up/down arrows to put the steps into the correct order on the right.

1. Files are segmented into 32-128 KB chu 2. Duplicate chunks are identified. 3. One copy of each chunk is saved. 4.Chunks are compressed and organized.

You have completed the installation of the Active Directory Domain Services role on a new server. Now you want to promote this server to be a domain controller in an existing domain. The server was installed with a Server Core deployment, so you will need to make this server a domain controller in an existing domain from the PowerShell command line. Which of the following PowerShell cmdlets will you need to enter? (Select two. Each correct answer is part of the complete solution.)

1. Import-Module ADDSDeployment 2. Install-ADDSDomainController

You manage a network with a single Active Directory domain called westsim.com. Organizational units have been created for the accounting, sales, and shipping departments. User and computer accounts for each department are in their respective OUs. At 5:30 pm, you get a call from Mary Hurd, a user in the Sales department, stating that she can't log in. You use Active Directory Users and Computers and see the information shown in the image. You need to make sure Mary can log in. What should you do? (Select three. Each answer is a possible solution.)

1. Mary's account to never expire. 2. Change the log in hours to extend past 5:30 pm. 3. Unlock Mary's account.

You manage a network with a single Active Directory domain called westsim.com. Organizational units have been created for the accounting, sales, and shipping departments. User and computer accounts for each department are in their respective OUs. Maria Hurd is going on a seven-week sabbatical and will not be in to work during that time. Which of the following can you perform to secure her user account to prevent it from being used to access network resources while she is away? (Select two.)

1. Set an account expiration time for the last day Maria will be in the office. 2. Disable the user account.

You have not yet installed Active Directory Domain Services (ADDS) on a new Windows Server system. You are planning to use the computer as a domain controller in Active Directory. Which of the following steps is it recommended that you perform before you install the ADDS role? (Select two.)

1. Set the system time and time zone. 2. Configure the computer name.

You need to enable data deduplication on your server's data volume. You add the Data Deduplication role service and then use the DDPEval.exe utility to analyze server volumes for data deduplication. Now you need to use Server Manager to configure data deduplication on the data volume. Which of the following steps are part of the configuration process? (Select three.)

1. Specify the number of days that should elapse from the date of file creation until files are deduplicated. 2.Enable data deduplication. 3. Specify the extensions of any file types that should not be deduplicated.

Virtualization is the ability to install and run multiple operating systems concurrently on a single physical machine. Windows virtualization includes several standard components. Drag the component on the left to the appropriate description on the right. (Each component can be used once, more than once, or not at all.)

1.A file that resides within the host operating system and serves a storage device for the virtual machine. -Virtual Hard Disk (VHD) 2.A thin layer of software that resides between the guest operating system and the hardware. -Hypervisor 3.The guest operating system that is a software implementation of a computer that executes programs.- Virtual Machine 4. The host operating system that has hardware, such as storage devices, RAM, and a motherboard. -Physical Machine 5.Appears to be a self-contained and autonomous system.- Virtual Machine 6. Allows virtual machines to interact with the hardware without going through the host operating system.- Hypervisor

You want to use Hyper-V to create two virtual machines that each use a common parent installation. Listed below are the steps necessary to complete the configuration. Drag each required step from the list on the left to the spaces on the right. Use only the necessary steps to complete the configuration.

1.Create one fixed disk. 2.Create the virtual machine(s). 3.Install the operating system. 4.Make the disk(s) read only. 5.Create two differencing disks. 6. Create the virtual machine(s).

You are working in Hyper-V Manager on a system that hosts several Windows Server 2008 R2 virtual machines. You create snapshots of these virtual machines nightly as part of your disaster recovery plan. Users are complaining that they can no longer access the virtual servers. In Hyper-V Manager, they are identified as being in a Paused-Critical state. What should you do? (Select two. Each answer is a part of the overall solution.)

1.Install a new physical hard disk in the hypervisor host. 2.Move the snapshot files to the new hard disk.

You are the network manager for the westsim.private domain. The SRV1 server runs all file and print services for the network. The DNS database has an A record that maps srv1.westsim.private to the IP address of 192.168.16.10. You want to create a PTR record that maps the IP address to the host name. Which zone should you create the record in?

16.168.192.in-addr.arpa

You enter the ipconfig /all command and see, as a part of the results, the information shown in the image below. If you enter the nslookup command on this same system, which of the following do you expect to see as the address of the default server?

163.128.80.93

You need to add a new Windows server to an Active Directory domain. You intend to make this new server a domain controller. This server was installed with a server core deployment, so you'll need to install the Active Directory Domain Services role from the PowerShell console. From the drop-down list, select the name of the service you would enter to complete the following PowerShell command: Install-WindowsFeature ________________

AD-Domain-Services

You manage a network with a single Active Directory domain called westsim.com. You have just deployed an Azure AD domain controller in the Azure cloud. You have created a user account for yourself in the new Azure AD domain. You are now testing the configuration of the Azure AD domain from home by trying to join your home computer to this domain. Click on the option in the System menu in the Settings app that allows you to join your computer to the domain in Azure AD.

About <===

You need to use the New Share wizard on a Windows server to create a new share for the C:\Shares\WidgetProject folder. Sales reps for your organization will connect to the share using Windows notebook systems. You want to configure the share so that Windows will hide the file or folder from users that do not have at least read permissions to a file or folder . Which option on the Settings screen should you enable?

Access-based enumeration

You manage a network with a single domain named eastsim.com. The network currently has three domain controllers. During installation, you did not designate one of the domain controllers as a global catalog server. Now you need to make the domain controller a global catalog server. Which tool should you use to accomplish this task?

Active Directory Users and Computers or Active Directory Sites and Services

SRV02 holds a shared folder named Forecast for the Managers group. Maria is a member of the Managers group. You would like to grant the Managers group full control to the folder named Forecast, but limit Maria's access to read only. You have added the Managers group to the access list for the Forecast folder and granted Full Control access. You now need to limit Maria's access to the folder. What should you do? (Choose two. Each choice is a complete solution.)

Add Maria to the NTFS permissions for the folder. Grant read access. Remove Maria's account from the Managers group and grant read access.

You have configured a failover cluster with two servers as hosts, Srv1 and Srv2. You have configured the DHCP service as a clustered service. You configure Srv1 as the preferred owner for the DHCP service. You simulate a failure of Srv1 by taking it offline. The DHCP service does not switch to Srv2. How can you make sure that Srv2 is used for the DHCP service if Srv1 is not available?

Add Srv2 as a possible owner.

You have added a new color printer to the network. You have only given certain users throughout the network permission to send print jobs to this printer. Some of these users are complaining that it takes a long time to find the new color printer in Active Directory to add it to their list of printers. What can you do to make this printer faster to find?

Add a global catalog server.

You manage a Windows server that is used to store user data files. You install a tape drive in the server. Following the installation, you check Device Manager and the device appears to be working correctly. You run Windows Server Backup and start the Backup Schedule wizard. After configuring the schedule, you get a message stating that there is no available backup destination. What should you do?

Add a new external hard disk to the system.

You have connected a print device to the Srv11 server and created a printer for it. You have shared the printer as Printer1 and granted the Everyone group permission to print to it. A third-party technician is visiting your company today to clean the company's printers. You check the print queue and find numerous jobs in the queue. An identical print device is attached to Srv5. The printer on Srv5 is shared as Printer2. You want to let the technician clean the printer attached to Srv11 while allowing the print jobs in queue to print. What should you do?

Add a new local port and configure Printer1 to print to it.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. You are responsible for a server named HV1 that has the Hyper-V role installed. HV1 hosts a virtual machine that runs a custom web application that is in use 24 hours per day. The virtual machine has one hard drive that is hosted on a 127 GB expanding virtual hard drive (.vhdx). The server is running out of room. Management would like to upload 100 GB of new media files for use in the web application. You need to provide more storage space inside the virtual machine while minimizing downtime for the custom web application. What should you do?

Add a new virtual hard drive (.vhdx) to a SCSI controller.

You manage a network with Windows clients, multiple subnets, and Windows DNS servers. You want to be able to resolve a host name for a server on your network to its IPv4 address. What should you do?

Add an A record on the DNS server.

You are the administrator of a network with two Active Directory domains. Each domain currently includes 35 global groups and 75 domain local groups. You have been reading the Windows Server help files and have come to the conclusion that universal groups may be the answer to ease administrative management of these groups. You decide to incorporate universal groups. How can you make sure to not include changes to any group that will affect group member's assigned permissions?

Add global groups to universal groups and then add those to domain local groups.

Click on the scope management component you would edit to create a DHCP exclusion.

Address pool <== Address Pool <==

On your Windows server, you share the D:\Reports folder using a share name Reports. You need to configure permissions on the shared folder as follows: • Members of the Accounting group should be able to view files but not be able to modify them. • Phil, a member of the Accounting group, needs to be able to open and edit files in the Shared folder. You need to assign the necessary permissions without assigning extra permissions beyond what is required and without affecting other access that might already be configured on the computer. You need to complete the task using the least amount of effort possible. What should you do?

Add the Accounting group and assign the read permission. Add the Phil user account and assign read/write permission.

You have created a group policy that prevents users in the accounting department from accessing records in a database that has confidential information. The group policy is configured to disable the search function for all users in the Accounting OU no matter which workstation is being used. After you configure and test the policy, you learn that several people in the Accounting OU have valid reasons for using the search function. These users are part of a security group named Managers. What can you do to prevent the Group Policy object (GPO) that you have configured from applying to members of the Managers group?

Add the Managers group to the GPO's discretionary access control list (DACL). Deny the apply Group Policy and read permissions to the Managers group.

Which of the following describes an additional domain?

Additional domains are second-level domains with names registered to an individual or organization for use on the Internet.

For security testing purposes, you need to change the source MAC address in outgoing packets originating from a Hyper-V virtual machine. Click the option you would use in the virtual machine's settings to do this.

Advanced Features <====

You are configuring a new external virtual switch in your Hyper-V host. The host has two physical network interfaces installed. You want the physical host to exclusively use one network interface and virtual machines running on the host to exclusively use the other. Click the option you would use to configure the virtual switch in this manner.

Allow Management operting system to share this network adapter <====

The C:\Shares\WidgetProject folder on your Windows server has been shared with network users. The server is a member of the westsim.com Active Directory domain. The westsim.com\Users group has been granted the following Allow NTFS permissions: • Read and execute • List folder contents • Read The westsim.com\Administrators group has been granted the allow full control NTFS permission. In addition, the Everyone principal has been assigned the following allow share permissions: • Full Control • Change • Read The vhammer user is a member of the westsim.com\Users and the westsim.com\Administrators group. She accesses data in the folder through the network share from her Windows workstation. What permissions does this user have to data in the folder?

Allow full control

Click on the user right policy that is used to grant a user local access to the desktop of a Windows server.

Allow log on locally <==

You are an administrator over several Windows servers. You also manage a domain in Active Directory. Your responsibilities include managing permissions and rights to make sure users can do their jobs while also keeping them from doing things they should not be doing. With Windows Server systems and Active Directory, the concepts of permissions and rights are used to describe specific and different kinds of tasks. Drag the concept on the left to the appropriate task examples on the right. (Each concept can be used more than once.)

Allow members of the Admins group to back up the files in the Marketing folder on the CorpFiles server.-Rights Assign members of the Admins group read-only access to the files in the Marketing folder on the corpfiles server- Permissions Allow members of the Admins group to restore the files in the Marketing folder on the CorpFiles server- Rights Assign members of the Marketing group read-write access to the files in the Marketing folder on the CorpFiles server.-Permissions Allow members of the Admins group to log on locally to the CorpFiles server.-rights Allow members of the Admins group to shut down the CorpFiles server.-rights Allow members of the Marketing group to send print jobs to the Marketing color printer.-permissions

The C:\Shares\WidgetProject folder on your Windows server has been shared with network users. The server is a member of the westsim.com Active Directory domain. The westsim.com\Users group has been granted the following allow NTFS permissions: • Write • Read and execute • List folder contents • Read In addition, the Everyone principal has been assigned the allow read share permission. The smarsden user is a member of the westsim.com\Users group. She accesses data in the folder through the network share from her Windows workstation. What permissions does this user have to data in the folder?

Allow read

The C:\Shares\WidgetProject folder on your Windows server has been shared with network users. The server is a member of the westsim.com Active Directory domain. The westsim.com\Users group has been granted the following Allow NTFS permissions: • Read and execute • List folder contents • Read In addition, the Everyone principal has been assigned the following Allow share permissions: • Full Control • Change • Read The ksanders user is a member of the westsim.com\Users group. She accesses data in the folder through the network share from her Windows workstation. What permissions does this user have to data in the folder?

Allow read and execute, list folder contents, and read

The C:\Shares\WidgetProject folder on your Windows server has been shared with network users. The server is a member of the westsim.com Active Directory domain. The westsim.com\Users group has been granted the following allow NTFS permissions: • Write • Read and execute • List folder contents • Read In addition, the Everyone principal has been assigned the allow read share permission. The jmarshall user is a member of the westsim.com\Users group. She accesses data in the folder by using Remote Desktop to establish a remote access session on the server. What permissions does this user have to data in the folder?

Allow write, read and execute, list folder contents, and read

Your server runs a regularly scheduled backup of user data and the server's system state. A user has accidentally deleted an important file and has no backup. You use the recovery wizard, which brings you to the recovery options screen shown below. Select an option you could use to make sure you don't copy over a potentially newer version of the file you are recovering.

Another Location <== Create Copies so that you have both versions <==

You manage a single domain running Windows Server. You have configured a restricted Group Policy as shown in the image. When this policy is applied, which actions will occur? (Select two.)

Any other members of the Backup Operators group will be removed. The Desktop Admins group will be made a member of the Backup Operators group.

Mark is the system administrator for a network with a single Active Directory domain. The network has just expanded to include an additional subnet. Mark has installed a new server running Windows Server on the new subnet and configured it as a DHCP server. When he checks the server icon in the DHCP Management console, he notices the server has a down icon. He notices that the DHCP server service has started, but the server still does not respond to DHCP lease requests. What should Mark do to solve the problem?

Ask a member of the Enterprise Admins group to authorize the server.

You have connected a print device to the Srv9 server and created a printer for it. You have shared the printer as Printer1 and published it to Active Directory. You are leaving on vacation and want to let Chad pause, restart, and delete print jobs on the printer while you are gone. Chad should not be allowed to delete the printer or change its properties. Chad is a member of the Help Desk Technicians domain local group. Currently, the Everyone group has the allow print permission to the printer. What should you do?

Assign Chad the allow manage documents permission to the printer.

You manage a Windows server that has an attached printer that is used by the Sales department. The sales manager has asked you to restrict access to the printer as follows: • Sally needs to connect to a printer, print documents, and pause and resume her own print jobs. • Damien needs to pause and resume documents for all users, but does not need to change printer properties. You want to assign the most restrictive permissions that meet the sales manager's requirements. What should you do? (Choose two. Each choice is part of the correct solution.)

Assign Sally the print permission. Assign Damien the manage documents permission.

You are the network administrator for your company. A Windows server named Srv1 has a shared folder called SalesResearch that shares the F:\Sales\Research folder. This folder has three subfolders, Projects, Analysis, and Reports. Permission inheritance is enabled on F:\Sales\Research and all subfolders and files. Only the Administrators group and one designated employee have permission to each subfolder. Permissions are configured as follows: Resource Type of Permission Effective Permissions SalesResearch share Share Everyone: Allow-Full Control F:\Sales\Research NTFS Administrators: Allow-Full Control F:\Sales\Research\Analysis NTFS Anne: Allow-Modify Administrators: Allow-Full Control F:\Sales\Research\Projects NTFS Billy: Allow-Modify Administrators: Allow-Full Control F:\Sales\Research\Reports NTFS Gavin: Allow-Modify Administrators: Allow-Full Control Stan needs to read all of the documents within the SalesResearch share and its subfolders. Stan does not need to make changes to these documents. You need to give Stan appropriate permissions without giving him unnecessary permissions. What should you do?

Assign Stan the allow read NTFS permission to F:\Sales\Research.

You need to share a folder that contains data used by your accounting department. You want Phil, the manager of the department, to be able to add and remove files. You want members of the department to be able to connect to the share and see the files it contains, but you do not want them to have the ability to make changes. Everyone else in the company should be blocked from connecting to the share. There is a global group called Accounting that contains all the accounting department users, including Phil. You need to configure permissions on the share. What should you do?

Assign allow change permissions for Phil, allow read for Accounting, and nothing else.

You need to control access to the D:\Reports folder as follows: • Members of the Accounting group should be able to open and view all files, but not modify them. • Mary needs to be able to modify existing files in the folder and add new files to the folder, but should not be able to delete or rename files. Mary is a member if the Accounting group. You want to assign NTFS permissions taking the least amount of actions possible. What should you do?

Assign allow read and execute, list folder contents, and read to the Accounting group. Assign allow write to Mary.

You need to control access to the D:\Reports folder as follows: • Members of the Accounting group should be able to open and view all files, edit them, and add new files. They should not be able to delete or rename files. • Mary needs to be able to open and view files, but should not be able to modify the files. Mary is a member if the Accounting group. You want to assign NTFS permissions taking the least amount of actions possible and affecting existing permissions as little as possible. What should you do?

Assign allow read and execute, list folder contents, read, and write to the Accounting group. For the Mary user account, deny the write permission.

You are configuring access for a shared folder on a Windows server. There is a global group called Appusers who need read-only access. However, there is a member of Appusers, jsmith, who should not have any access at all. How can you configure your share so that the members of Appusers have access but jsmith does not while creating the least disruption to your existing administrative structure?

Assign allow read permission to Appusers and assign deny read permissions to jsmith.

On your Windows server, you share the D:\Apps folder using the share name Apps. You need to configure permissions to the share as follows: • Members of the Appusers group should be able to open and view files in the shared folder. • User JohnS should not have any access to files in the shared folder. JohnS is a member of the Appusers group. You need to assign the necessary permissions without assigning extra permissions beyond what is required and without affecting other access that might already be configured on the computer. You need to complete the task using the least amount of effort possible. What should you do?

Assign allow read permissions to Appusers and assign deny read permissions to JohnS.

You are the administrator for a small network with several servers. There is only one printer, which is centrally located. Although indications are that this printer is over-utilized, there is neither space nor budget to add additional printers at this time. There are often cases where a document is needed urgently, but when it is printed, it goes into the queue and is printed in the order received, not the order of the document's priority. You would like to allow Gladys, the administrative assistant, to have the ability to maintain the print queue. Specifically, you want her to be able to alter the order of printing for the documents waiting to be printed. You need to permit Gladys to make this change without adding her to the local Administrators group or making significant changes to the way your office operates. What should you do?

Assign the manage documents permission for the printer to Gladys.

Drag the DHCP mechanism on the left to the appropriate description on the right. (Each mechanism can be used once, more than once, or not at all.)

Associates a client's MAC address with an IP address the client should always receive. -Reservation Specifies computers that can be DHCP server clients. -Filter Ensures a client always receives the same IP address from the DHCP server. -Reservation Prevents the DHCP server from assigning certain IP addresses. -Exclusion Specifies computers that cannot be DHCP server clients. -Filter Identifies IP addresses within the range that cannot be assigned. -Exclusion

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. The network contains two servers named FS11 and FS12. Both servers are running Windows Server 2016 Datacenter edition. You have implemented Storage Replica as a disaster recovery solution with FS11 and FS12 as replication partners. The FS11 server is located in your main office. The FS12 server is located in a branch office in another city. Your offices are connected by a WAN link where latency is usually higher than five milliseconds. Which replication type should be used between FS11 and FS12?

Asynchronous

You want to monitor processor and memory utilization on Srv4. You create a single data collector set configured to save log files every day. You add the processor and memory data collectors to the data collector set. After running the data collector set for several days, you have several separate log files. You would like to compare the statistics for the first day with the statistics reported for the last day. In particular, you would like to be able to see a single graph that lines up the processor utilization on an hour-by-hour basis. What should you do?

At a command prompt, run Perfmon /sys multiple times to open a view of each log file. Use the Compare option to transparently overlay each log onto the first log.

Nadine is the systems administrator for a network with a single subnet. The subnet uses 192.168.1.0 with a mask of 255.255.255.0. The network has 10 servers running Windows Server. Srv1 currently provides both DHCP and DNS services. Nadine wants to increase the fault tolerance for her DHCP servers. She installs a new server, Srv11, and configures it for DHCP. She configures a scope on Srv11 to match the scope on Srv1 and then excludes half of the addresses in the scope on Srv1 and the other half of the addresses on the Srv11. Nadine decides to test her solution and shuts down Srv1. As a test, she forces a workstation to release its IP address and request a new one. She finds that the workstation has 169.254.0.15 with a mask of 255.255.0.0 for its IP address. What should Nadine do to fix the problem?

Authorize Srv11.

Match each default Active Directory object on the left with the appropriate description on the right. (Each object may be used once, more than once, or not at all.)

Builtin Container- Holds the default service administrator accounts Users contrainer- The default location for new user accounts and groups Domain Controller OU - The default location for domain controller computer accounts Domain Container - The root container to the hierarchy Computers container - The default location for workstations when they join the domain

You are system administrator with hundreds of host workstations to manage and maintain. You need to enable hosts on your network to find the IP addresses of alphanumeric host names such as srv1.myserver.com. Which of the following would you use?

DNS server

You manage the intranet servers for EastSim Corporation. The company network has three domains: eastsim.com, asiapac.eastsim.com, and emea.eastsim.com. The main company website runs on the web1.eastsim.com server with a public IP address of 101.12.155.99. A host record for the server already exists in the eastsim.com zone. You want Internet users to be able to use the URL http://www.eastsim.com to reach the website. What type of DNS record should you create?

CNAME

You are the network administrator for your company. You recently replaced the previous network administrator. The sales manager, Jim, calls you and reports that he cannot update a file in the \\ACCTSRV1\Reports share, which the previous network administrator created for him last Wednesday. Jim is a member of the Managers group, which should have full control of all files in the share. You examine the Reports share and the D:\Data\Reports folder on the server. Following is a summary of the current configuration: Folder NTFS Permissions Share Permissions D:\Data\Reports Shared as Reports Administrators (Allow-Full Control) Managers (Allow-Full Control) Everyone (Allow-Read) Everyone (Allow-Read) You need to give Jim the permissions intended for the Managers group and let him update files in the Reports share. What should you do?

Change the Reports share permissions for the Everyone group to allow full control.

You are the network administrator for Corpnet.com. You have created a Network Load Balancing cluster to provide high availability for the intranet website. The NLB cluster consists of three web servers, Web1, Web2 and Web3. Each web server has one network card installed. After configuring the NLB cluster, you determine that the web servers in the cluster are unable to communicate with each other. What must you do to reconfigure the cluster to allow communication between the cluster members?

Change the cluster operation mode to Multicast.

You need to create a snapshot of a virtual machine currently running on a Windows Server Hyper-V host. The server was installed using a Server Core installation, so you must do this from the command line within a PowerShell window. Which cmdlet should you use to do this?

Checkpoint-VM

You have configured a failover cluster with two servers as hosts, Srv1 and Srv2. Each server has three network interface cards: • NIC1 connects the server to the main network. Clients connect to the cluster through NIC1. • NIC2 connects the server to the storage area network (SAN). The SAN is used only for access to the storage. • NIC3 is a private network used only by Srv1 and Srv2 for sending out heartbeat signals and performing convergence. How should you configure the networking settings for NIC2 in the Failover Clustering Management console?

Choose Do not allow the cluster to use this network.

When you originally deployed the AccServer virtual machine on your Windows Server 2012 R2 hypervisor, it stored accounting data from all departments in your organization. Therefore, it required a very large virtual disk. However, as your organization has grown, additional department-specific accounting servers have been deployed and much of the data that used to be stored on AccServer has migrated to them. Because the virtual hard disk file for the AccServer virtual machine is set to grow dynamically, the unused space in the file can be reclaimed on the physical hard drive in the Windows server. Click the option you would use in the Edit Virtual Hard Disk wizard to accomplish this without reducing the overall storage capacity of the virtual hard disk.

Compact <===

You currently manage a virtual machine named VM18 that has been installed on the Srv5 physical server. The virtual machine uses a single dynamic disk of 100 GB. You notice that the physical size of the virtual hard disk is 40 GB, but that the virtual machine reports only a total of 20 GB of files. You want to reduce the physical space used by the virtual hard disk. What should you do?

Compact the disk.

You are the administrator of a network with a single Active Directory domain. The domain includes two domain controllers. Your company's security policy requires that locked out accounts are unlocked by administrators only. Upon reviewing the account lockout policy, you notice the account lockout duration of 99999. You need to configure your domain's account lockout policy to comply with your company's security policy. What should you do next?

Configure Account lockout duration as 0.

You are the server administrator for the eastsim.com domain. You have a DHCP server named DHCP-Srv1 configured with a single scope. You are concerned that a failure of the DHCP server could cause disruptions on the network. You would like to provide redundancy for the DHCP server. You install DHCP on a second server named DHCP-Srv2. Your solution should meet the following requirements: • DHCP-Srv1 should continue to respond to all client requests. • If DHCP-Srv1 is down, DHCP-Srv2 should be able to respond to clients. DHCP-Srv2 should be aware of all leases granted by DHCP-Srv1. • Following a failure, when DHCP-Srv1 comes back online, it should resume responding to all DHCP requests. What should you do?

Configure DHCP-Srv1 and DHCP-Srv2 in a failover clustering cluster.

You are the network administrator for eastsim.com. The network consists of one Active Directory domain. Several users have received new computers to replace their older systems that were out of warranty. You are preparing to join the new computers to the domain. Your company has several limitations on what users can do with their workstations. For example, users are not allowed to use USB removable media devices or create any kind of executable files. You must make sure each new computer configuration is in compliance with these limitations, but you do not want to go from computer to computer to make the changes. Which of the following can you perform to meet these requirements with the least possible effort?

Configure Group Policy preferences.

You are the network administrator for a small manufacturing company. You have ten regional sales people who travel extensively and have been provided Windows laptop computers. The mobile users have complained that, although they can take copies of important files with them into the field, occasionally they have been caught with out of date documents because no one told them the files had been updated. Additionally, some of these files need to be distributed to all the other sales staff. You need to address this problem and easily provide the appropriate access to these shared files. What should you do?

Configure Offline Files for the folder that contains these files.

The image depicts the network layout for NorthSim Corporation. Currently, the network uses static IP addressing. You want to use DHCP instead. You configure SRV1 as a DHCP server, and you create two scopes on the server. You configure all clients on both subnets to request IP addressing and other configuration parameters from the DHCP server. After starting the service, you find that hosts on subnet 192.168.1.0 have obtained addresses from the DHCP server. However, all hosts on subnet 192.168.2.0 have assigned themselves addresses in the APIPA range. What should you do?

Configure SRV2 as a relay agent.

You have configured a failover cluster with three servers as hosts, Srv1, Srv2, and Srv3. You have configured the DHCP service as a clustered service. You want to use Srv1 and Srv2 for the DHCP service. Srv1 should be the primary server used to respond to DHCP requests. If Srv1 is unavailable, Srv2 should take over the DHCP service. Srv3 should never be used for the DHCP service. What should you do?

Configure Srv1 and Srv2 as possible owners. Configure Srv1 as a preferred owner.

You have configured a failover cluster with two servers as hosts, Srv1 and Srv2. You have configured the DHCP service as a clustered service. Srv1 should be the primary server used to respond to DHCP requests. If Srv1 is unavailable, Srv2 should take over the DHCP service. Once Srv1 comes back online, the DHCP service should continue to run on Srv2 unless manually moved. How do you configure the cluster service to behave this way?

Configure Srv1 and Srv2 as possible owners. Configure Srv1 as the preferred owner. Disable failback.

You manage a network with two locations, San Jose and Oakland. The two networks are connected with a WAN link, and each site has its own Internet connection. Srv1 is in San Jose, and Srv2 is in Oakland. You decide to implement a WSUS solution using Srv1 and Srv2 as WSUS servers. Your solution should meet the following requirements: • Client computers should contact the WSUS server in their site for a list of approvals and download the updates from the WSUS server in their site. • All updates for both sites are approved from Srv1. • You must minimize traffic on the WAN link between the two sites. You have completed the configuration of the WSUS server in the San Jose location. How should you configure Srv2 in Oakland to meet the design requirements?

Configure Srv2 to synchronize with Srv1 as a downstream server to Srv1. Configure the server to store updates locally and download updates from Microsoft Update.

You are the systems administrator for WestSim Corporation. You have been assigned to set up a new branch office in Tulsa. The branch will be represented by a single domain. You install a single DNS server called TulsaDNS and configure a primary zone for the branch office domain. You test name resolution and find that hosts can only resolve names for hosts within the domain. You need to enable clients in the Tulsa location to resolve names for hosts in other domains within your private network. You would like to minimize traffic across the WAN link between the sites. What should you do?

Configure TulsaDNS to use forwarders.

You manage several Windows workstations in your domain. You want to configure a GPO that will make them prompt for additional credentials whenever a sensitive action is taken. What should you do?

Configure User Account Control (UAC) settings.

You are the network administrator for eastsim.com. The network consists of one Active Directory domain. You have been instructed to map a drive to a department share for all users. The company no longer uses login scripts, so you must ensure that the department share is mapped using Group Policy. What should you do?

Configure a Drive Maps policy in a GPO linked to the domain.

You are the server administrator for the eastsim.com domain. You have implemented a network load balancing (NLB) cluster for several application servers. Client computers use several proxy servers to connect to the NLB cluster. You would like client connections to be directed to a cluster node based on the Class C subnet address. What should you do?

Configure a port rule with the filtering mode set to Multiple host. Configure Network for the client affinity.

You are the server administrator for the eastsim.com domain. You have an intranet site for your company using IIS and running on Srv5. Because of recent growth, this server is becoming unable to process all incoming requests in a timely manner. You decide to use network load balancing (NLB) as your solution. You add a second server named Srv10. Both Srv5 and Srv10 have similar hardware with a single network adapter. Your NLB should meet the following requirements: • New client requests should be directed to either of the two servers. • Because of differences in hardware between the two servers, two-thirds of the client requests should be directed to Srv5 with the remaining going to the new server. • Both Srv5 and Srv10 must be able to support peer-to-peer communications. How can you configure a solution that meets these requirements? (Select two. Each choice is a required part of the solution.)

Configure a port rule with the filtering mode set to Multiple host. Configure Srv5 with a weight of 60 and Srv10 with a weight of 30. Configure the cluster to operate in multicast mode.

Your company is responsible for processing payroll for other businesses. Because the pay days for many businesses are the same, your servers experience heavy loads during some days and light loads on other days. Payroll processing is done by a custom application running on an application server. To handle the load, you configure failover clustering on a cluster of six servers. You want the cluster to keep operating even in the event of a failure of up to three of the nodes. If more than three nodes fail, the cluster should stop. What should you do?

Configure a witness disk. Use node and disk majority for the quorum mode

You have just received a new laptop at work that you will use on your company network and at home. The company network uses dynamic addressing, while your home network uses static addressing. You connect the laptop to the company network, and everything works fine. When you take your laptop home, you cannot connect to devices on your home network or the Internet. You run ipconfig on the laptop and receive the following output: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 169.254.22.74 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : You need to be able to connect to both the company network and your home network with the least amount of configuration and cost. What should you do?

Configure an alternate TCP/IP configuration.

You are the network administrator for a single domain network with a single subnet. Server Prod2 is configured to provide DHCP services for the subnet. The current network configuration is shown in the first image. Because of some recent business expansion, a new subnet is added to the network. You install the Sales1 server in Subnet B and configure it as a DHCP server with a scope for Subnet B as shown in the second image. The router is configured to forward BootP packets. How should you configure Sales1 to provide redundancy for DHCP services on Subnet A? (Select two. Each choice is a required part of the solution.)

Configure an exclusion for addresses 192.168.1.51-192.168.1.210. Configure a scope with the address range 192.168.1.51-192.168.1.250.

You would like to prevent users from running any software with .exe or .com extensions on computers in the domain unless they have been digitally signed. The rule should apply to all known and unknown software. How should you configure this rule in AppLocker?

Configure an executable rule with a publisher condition.

You are the network administrator for corpnet.com. You have six Windows servers that are members of a failover cluster named Cluster1. This cluster is a stretch cluster because three nodes are grouped at the main office site while the other three nodes are grouped at the branch office site. The main office is located on the east coast, while the branch office is located on the west coast. The WAN link between the main office and the branch office has occasional issues with latency, especially during normal business hours. What measures can you take to make sure cluster performance is optimized for these conditions? (Select two. Each correct answer is part of the complete solution.)

Configure asynchronous replication between the main office site and the branch office site. Increase the CrossSubnetThreshold value.

You are the server administrator for the eastsim.com domain. You have an application server named Srv12 that runs a stateless web application using IIS. Because of recent growth, this server is becoming unable to process all incoming requests in a timely manner. You would like to add a second server to run the application. Your solution should meet the following requirements: • Client requests should be divided evenly between the two servers. • If one server goes down, all requests should go to the other server. • All application data will be stored on internal parallel SCSI drives on each server. You install the application on the second server. You now need to configure a solution to meet the requirements. What should you do?

Configure both servers in a Network Load Balancing (NLB) cluster.

You are the server administrator for the eastsim.com domain. Srv5 is an application server that runs an application used by the sales team. You are concerned that this server is a single point of failure--if the server goes down, the application will be unavailable. You would like to add a second server to provide redundancy. Your solution should meet the following requirements: • All client requests should be directed to Srv5 if it is available. • If Srv5 goes down, all requests should be directed to the new server. • Both servers should use the same set of data files. You want to configure Srv10 to provide redundancy for Srv5. Both Srv5 and Srv10 are configured to use DHCP for IP addressing information. You need to configure a solution to meet the requirements. What should you do?

Configure both servers in a failover clustering cluster. Configure a storage area network for the application data.

You are the server administrator for the eastsim.com domain. Srv5 is an application server that runs an application used by the sales team. You are concerned that this server is a single point of failure--if the server goes down, the application will be unavailable. You would like to add a second server to provide redundancy. Your solution should meet the following requirements: • • All client requests should be directed to Srv5 if it is available.If Srv5 goes down, all requests should be directed to the new server. • Both servers should use the same set of data files. You want to configure Srv10 to provide redundancy for Srv5. Both Srv5 and Srv10 are configured to use DHCP for IP addressing information. You need to configure a solution to meet the requirements. What should you do?

Configure both servers in a failover clustering cluster. Configure a storage area network for the application data.

You are the server administrator for the eastsim.com domain. You have an intranet site for your company using IIS and running on Srv5. Because of recent growth, this server is becoming unable to process all incoming requests in a timely manner. You would like to add a second server to run the application. Your solution should meet the following requirements: • New client requests should be directed to either of the two servers. • Because of differences in hardware between the two servers, two-thirds of the client requests should be directed to Srv5, with the remaining going to the new server. • If one server goes down, all requests should go to the other server. • If the same client computer creates multiple sessions at the same time, all sessions should be created on the same server. You install the website on the second server and copy the website content to the server. How can you configure a solution that meets these requirements?

Configure both servers in a network load balancing (NLB) cluster. Configure a port rule with client affinity set to Single.

You are the server administrator for the eastsim.com domain. You have an intranet site for your company using IIS and running on Srv5. You are concerned that this server is a single point of failure--if the server goes down, the intranet site will be unavailable. You would like to add a second server to provide redundancy. Your solution should meet the following requirements: • All client requests should be directed to Srv5 if it is available. • If Srv5 goes down, all requests should be directed to the new server. • Both servers should have a separate copy of the website data. Website content will be managed separately on each server. You install the website on a second server named Srv10 and copy the website content to the server. How can you configure a solution that meets these requirements? (Select two. Each choice is a required part of the solution.)

Configure both servers with a static IP address. Configure both servers in a network load balancing (NLB) cluster. Configure a port rule with the filtering mode set to Single host. Configure Srv5 with a handling priority of 1 and Srv10 with a handling priority of 2.

You have a folder on your Windows server that you would like members of your development team to access. You want to restrict network and local access to only specific users. All other users must not be able to view or modify the files in the folder. What should you do? (Select two. Each choice is a required part of the solution.) Place

Configure both share and NTFS permissions. Place the files on an NTFS partition.

You manage a network with a single location. You have previously deployed a WSUS server in your location to specify the approved list of updates. All client computers are configured to download updates from your local WSUS server. Members of the accounting department report that a new system update causes instability with their accounting software. You want to prevent this update from being applied to the accounting department computers, but you still want to ensure that all other updates are being applied properly. What should you do?

Configure client-side targeting on the WSUS server and computers in the accounting department.

You are a network engineer working for WestSim Corporation. The company has an Internet domain named westsim.com. The private network uses the namespace of private.westsim.com. Your company manages its own Domain Name System (DNS) servers that are authoritative for both of the company's name spaces. Your network consists of several subnets at multiple locations. Sites are connected with WAN links. www.private.westsim.com is an intranet web server that is commonly used throughout the company. You want to ensure that users can always access this server by name, even if an authoritative DNS server is not available. What should you do?

Configure each client computer's HOSTS file with an entry for www.private.westsim.com.

You are the administrator of what will become a large Windows Server network using the TCP/IP protocol. Currently, the network consists of three Windows servers and 50 Windows workstations all on the same subnet. During the last meeting you had with the CIO, it was determined that company growth would mean adding workstations and printers to the existing network for a total of 235 devices. No one segment is to have more than 85 hosts. The existing hardware will be used on the network as the new devices are added. How should you assign IP addresses to the workstations on the network to minimize administration?

Configure each workstation to use DHCP. Install a DHCP server and configure a single scope.

You are the server administrator for the eastsim.com domain. Srv5 is an application server that runs an application used by the sales team. You are concerned that this server is a single point of failure--if the server goes down, the application will be unavailable. You would like to add a second server to provide redundancy. Your solution should meet the following requirements: • All client requests should be divided between both servers. • If either server goes down, client requests should be redirected to the other server. • If the application stops but the server is up, the server should automatically try to restart the application to make it available. You want to configure Srv10 to provide redundancy for Srv5 based on the stated requirements. What should you do?

Configure failover clustering with node and disk majority.

You are the network administrator for eastsim.com. The network consists of a single domain. All the servers run Windows Server. You support a print server named PS1 that provides print services for 100 users. After installing a new printer on the print server, you observe that the print spooler needs to be restarted more frequently. You believe the problem is related to the new printer driver that has just been installed. However, investigation of the event logs is inconclusive. You need to determine if the driver for the new printer is the cause of the recent failures using the least amount of administrative effort. Your solution must not affect the ability of users to print to the new printer. What should you do?

Configure the print driver isolation settings for the new driver.

You are an administrator for a company that uses Windows servers. In addition to Active Directory, you also provide file and print services, DHCP, DNS, and email services. There is a single domain and a single site. There are two member servers, one that handles file and print services only, and one database server. You are considering adding additional servers as business increases. Your company produces mass mailings for its customers. The mailing list and contact information provided to your company by its clients is strictly confidential. Because of the private information sometimes contained in the data (one of your clients is a hospital), and because of the importance of the data to your operation, the data can also be considered a trade secret. You want to ensure the data stored on your member servers is only accessed by authorized personnel for business purposes. You've set file permissions to restrict access, but you want to track the authorized users. How should you configure your security policy to track access to the data files?

Configure object access auditing in a GPO and link it to the domain.

You are the network administrator for your company. Your network consists of two Active Directory domains, research.westsim.local and sales.westsim.local. Your company has two sites, Dallas and Houston. Each site has two domain controllers, one domain controller for each domain. Users in Houston who are members of the sales.westsim.local domain report slow performance when logging in and accessing files in Dallas. Users in Dallas do not report any problems logging in and accessing local resources. You want all users in Houston to experience adequate login and resource access response time. What should you do?

Configure one of the domain controllers in Houston to be a global catalog server.

Your network consists of a single Active Directory domain. The OU structure of the domain consists of a parent OU named HQ_West and the child OUs Research, HR, Finance, Sales, and Operations. You have created a Group Policy Object (GPO) named DefaultSec, which applies security settings that you want to apply to all users and computers. You have created a second GPO named HiSec, which has more restrictive security settings that you want to apply to the HR and research departments. Both GPOs use custom security templates. You also want to ensure that strong password policies are applied to all client computers. How should you link the GPOs to the OUs? (Select three. Each correct answer is part of the complete solution.)

Configure password policies on a GPO linked to the domain. Link DefaultSec to the HQ_West OU. Link HiSec to the HR and Research OUs

You administer a single DHCP server for his network of three subnets. The DHCP server is configured with three scopes, one for each subnet. The three subnet addresses are 192.168.1.0, 192.168.2.0, and 192.168.3.0 using the default subnet mask. In addition to assigning IP addresses to network hosts, the DHCP server needs to configure the following: • DNS server address for all hosts: 192.168.1.11 • Default gateway for hosts on the 192.168.1.0 subnet: 192.168.1.1 • Default gateway for hosts on the 192.168.2.0 subnet: 192.168.2.1 • Default gateway for hosts on the 192.168.3.0 subnet: 192.168.3.1 How should you configure the DHCP scope options to minimize administrative effort?

Configure server options to deliver the DNS server address. Configure scope options for each scope to deliver each subnet's designated default gateway address.

You are the server administrator for the Srv12 server. This server is running the File Services role and is used for user home folders. Each user has a folder that they can use for storing personal files. Management wants a solution that meets the following requirements: • Allow only the specified user to save files in their home folder. • User should not be allowed to view or edit files in other user's home folders. • The list of files and folders that users can view should show only the files that they have rights to access. What should you do?

Configure share and NTFS permissions with access-based enumeration.

You are the security administrator for a large metropolitan school district. You are reviewing security standards with the network administrators for the high school. The school's computer center has workstations for anyone's use. All computers in the computer center are members of the Computer Center Computers global group. All workstations are currently located in the Computers container. The computer center computers have access to the Internet so users can perform research. Any user who uses these computers should be able to run Internet Explorer only. Other computers in the high school should not be affected. To address this security concern, you create a Group Policy object (GPO) named Computer Center Security. How can you configure and apply this GPO to enforce the computer center's security?

Configure the Computer Configuration node of the Computer Center Security GPO to restrict software to Internet Explorer only. Link the GPO to the domain and allow access to the Computer Center Computers group only.

You manage 20 Windows workstations in your domain network. You want to prevent the sales team members from making system changes. Whenever a change is initiated, you want to allow only those who can enter administrator credentials to be able to make the change. What should you do?

Configure the User Account Control: Behavior of the elevation prompt for standard users setting in Group Policy to prompt for credentials.

Members of the accounting department use a custom application for entering payroll and tracking accounts receivable and accounts payable. The application runs on an application server and is cluster-aware. You would like to use failover clustering to provide redundancy, fault tolerance, and load balancing for the application. Your solution should meet the following requirements: • All cluster nodes should be active and respond to client requests. • When a cluster node fails, requests should be redistributed between the remaining cluster members. • The cluster should continue to operate as long as there are more than half of the cluster members still available. You install Failover Clustering on five servers. Following Microsoft's recommendations, how should you configure the cluster? (Select two. Each choice is a required part of the solution.)

Configure the application as a multiple-instance application. Use node majority for the quorum mode.

You want to find out who has been running a specific game on the client computers. You do not want to prevent users from running the program, but instead want to log information when the file runs. The application is not digitally signed. How should you configure this rule in AppLocker?

Create an executable rule with a path condition that identifies the file. Set the enforcement mode to audit only.

You have connected a print device to Srv3 and created a printer for it. You have shared the printer as Printer1 and granted the Everyone group permission to print to it. Users in the art department frequently send multiple page graphics to the printer. The jobs often take a long time to print. Other users, whose jobs are typically short, must wait for a long time for their documents to print. You want to prevent large print jobs from delaying the print jobs of non-art users. You want to accomplish this with least amount of administrative effort. What should you do?

Configure the priority of Printer1 to 1. Add a new printer and set the priority to 99. For the new printer, deny the print permission for users in the art department. Instruct all users except those in the art department to use the new printer.

You manage a Windows server that is used to hold user data files. You configure a script that runs as a scheduled task that runs wbadmin start backup and saves backups to a shared folder. The first day, the script runs correctly, and the backup is made as required. The second day, you arrive at work and find that the backup has failed. Not only that, but the backup from the previous day no longer exists. You want to make sure that you can save multiple backups to the shared folder if possible. If a backup fails, it should not affect existing backups. What should you do?

Configure the script to save the backups in subfolders in the shared folder.

You are the administrator of a large network. You have one location serving several thousand users. You have 100 Windows servers. Your users are using Windows desktops. You are installing another server into the network. The server's role is as a web server that will be hosting the company intranet site. The server will require an IP address on the 10.1.1.0 /24 subnet. At present, this subnet contains only servers, and one of the servers is providing addresses through DHCP. You need to assign this server an IP address. How should you assign the IP address to the web server? (Choose two. Each answer is a complete solution.)

Configure the web server to use DHCP. Create a reservation on the DHCP server. Manually configure the IP address on the web server. Create an exclusion on the DHCP server.

Which of the following statements best describes container storage?

Container storage is not persistent, which is by design because containers are meant to be isolated and disposable.

Which of the following are features and benefits of Windows containers? (Select three.)

Containers are highly portable. Containers use operating system licenses more efficiently. Containers are disposable.

You are the administrator of a multi-domain Active Directory forest. You have a universal group called SalesExecs. This group has successfully been used as an email distribution group. Later, you try to assign the group permissions to a shared folder, but SalesExecs does not appear as a choice. What should you do?

Convert the SalesExecs group from a distribution group to a security group.

You currently manage a virtual machine named VM12 that has been installed on the Srv5 physical server. The virtual machine uses a single fixed disk of 100 GB saved in the vdisk1.vhd file. Physical disk space on the server is getting low. When you run Disk Management within the virtual machine, you notice that only 30 GB of space is being used, but the vdisk1.vhd file occupies 100 GB. You want to reduce the physical size of the virtual hard disk. What should you do?

Convert the disk to a dynamically expanding disk named vdisk2.vhd. Delete vdisk1.vhd, and change vdisk2.vhd's name to vdisk1.vhd.

You are planning a server virtualization implementation using Hyper-V. Your virtualization solution must meet the following requirements: • Both 32-bit and 64-bit operating systems will be installed as virtual machines. • You need to install six virtual machines. • You will manage the services running on the virtual machines from a Windows computer. What should you do?

Create an external network

You are the administrator for ABC Corporation. The network has a single Active Directory domain called xyz.com. The Sales team has a shared folder on Srv1 that is used to hold sales contact information. You need to control access to this folder so that only members of the sales team can access the folder. You create a group called Sales and add all members of the sales team as members of the group. However, when you try to assign permissions to the shared folder, the Sales group you created does not show in the list of available objects. You check the properties of the group and find the details shown in the image. What do you need to do to assign permissions to the sales team?

Convert the group to a security group.

You are the network administrator for eastsim.com. The network consists of a single Active Directory domain. The company has a main office in New York and several international locations, including facilities in Germany and France. You have been asked to build a domain controller that will be deployed to the eastsim.com office in Germany. The network administrators in Germany plan to use Group Policy administrative templates to manage Group Policy in their location. You need to install the German version of the Group Policy administrative templates so they will be available when the new domain controller is deployed to Germany. What should you do?

Copy the German .ADML files to the appropriate directory in the SYSVOL on a local domain controller.

You manage a network with a single Active Directory domain called westsim.com. Organizational units have been created for the accounting, sales, and shipping departments. User and computer accounts for each department are in their respective OUs. Mary Hurd is a manager in the sales department. Mary is a member of the Managers global group. This group also has members from other organizational units. The Managers group has been given the read share permission to the Reports shared folder. Mary's user account (mhurd) has also been given the change share permission to the Reports shared folder. You need to create several new user accounts that have the same group membership and permission settings as the mhurd user account. How can you complete this configuration with the least amount of effort?

Copy the mhurd user account. Assign the new account the change share permission to the Reports shared folder.

You have exported a virtual machine to a USB flash drive. You have just installed a new Hyper-V host, and you intend to build a lab environment consisting of several VMs on it. You plug the flash drive into the new host server and begin the import process. Partway through the process, the Import Virtual Machine wizard gives you several import types to choose from. Which of the following import types should you choose?

Copy the virtual machine (create a new unique ID)

You've just deployed a new Active Directory domain, as shown in the figure below. You now need to deploy Group Policy objects (GPOs) to apply configuration settings and enforce security policies. Click the container(s) to which a GPO can be applied.

Corp <=== Domain Controllers <===

You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. As you manage Group Policy objects (GPOs), you find that you often make similar user rights, security options, and Administrative Template settings in different GPOs. Rather than make these same settings each time, you would like to create some templates that contain your most common settings. What should you do? (Select two. Each choice is a possible solution.)

Create GPOs with the common settings. Take a backup of each GPO. After creating new GPOs, import the settings from one of the backed up GPOs. Create GPOs with the common settings. When creating new GPOs, copy one of the existing GPOs.

You are in charge of managing the servers in your network. Recently, you have noticed that many of the domain member servers are being shut down. You would like to use auditing to track who performs these actions. What should you do to only monitor the necessary events and no others? (Select two. Each choice is a required part of the solution.)

Create a GPO to configure auditing. Link the GPO to the domain. Audit successful system events.

Your organization has been using an in-house custom-developed application. The team that developed that application created a Group Policy template in the form of an ADMX file, which you have used to assign necessary rights to a group of users who use the application. Another group of users now needs to have the same rights. This group belongs to an OU that one of your assistants has full control management rights to. When your assistant tries to use the Group Policy template to assign rights to this group, she cannot find the template in Active Directory.What must you do to give your assistant access to this Group Policy template?

Create a central store on the SYSVOL share and copy the ADMX file into it.

You manage a single domain named widgets.com. Organizational units (OUs) have been created for all company departments. Computer and user accounts have been moved into their corresponding department OUs. The CEO has requested the ability to send emails to managers and team leaders. He'd like to send a single email and have it automatically forwarded to all users in the list. Because the email list might change frequently, you do not want the email list to be used for assigning permissions. What should you do?

Create a distribution global group. For each user on the email list, make their user account a member of the group.

You are the domain administrator for a single domain forest. You have 10 file servers that are member servers running Windows Server. Your company has designed its top-level OU structure based on the 15 divisions for your company. Each division has a global security group containing the user accounts for division managers. You have folders on your file servers that all division managers should have permission to access. For some resources, all division managers will need full control. For others, they will only need read or change permissions. You need a group strategy that will facilitate the assignment of permissions but minimize administrative effort. What should you do?

Create a global group called AllMgrs; make each of the existing division managers groups a member.

You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. How can you make the change with the least amount of effort? (Select two.)

Create a group for the members of the Directors OU and then apply a granular password policy to the group. Implement a granular password policy for each user in the Directors OU.

You are the network administrator of a network that spans two locations, Atlanta and Dallas. Your organization started in Atlanta, and that's where you installed your first Active Directory domain controller. The Dallas location was later added to the domain with its own domain controller. Atlanta and Dallas are connected using a dedicated WAN link. You have not used Active Directory Sites and Services to make any changes to the default sites configuration. Users in Dallas complain that logging on to the network often takes a long time. After monitoring the network traffic across the WAN link, you discover that users in Dallas are often authenticating to the domain controller in Atlanta. What is the first step in solving this problem?

Create a new site object and move the server object for the Dallas domain controller into the new site.

You are a systems administrator for WestSim Corporation. As part of a new security initiative, the IT department has developed a custom application that reports the host name of all clients that try to access three sensitive servers in the accounting department. The application has been working for the last three months. The company expands and adds a new building with a LAN connection to the rest of the network. This building has its own subnet, 192.168.5.0. You create a scope on an existing DHCP server for this subnet. During a random check of the reporting software, you discover that the application reports the IP address but not the host name for clients on the new subnet. Everything works as designed for hosts on other subnets. You check the DNS database and find that none of the hosts on that subnet have an associated PTR record. What should you do?

Create a primary reverse lookup zone for subnet 192.168.5.0.

You are planning a server virtualization implementation using Hyper-V. Your virtualization solution must meet the following requirements: • Both 32-bit and 64-bit operating systems will be installed as virtual machines. • You need to install six virtual machines. • All virtual machines must be able to communicate with each other. • Virtual machines should not be able to communicate with any other network devices. Virtual machines should not be able to communicate with the management operating system. What should you do?

Create a private network

You are the network administrator for a single domain network with 15 servers running Windows Server, 200 Windows clients, and 10 Linux workstations. Windows servers on the network provide DNS and DHCP services. The Linux workstations run a custom application that validates the workstation identity based on its IP address. For the program to run successfully, each workstation must have the same IP address each time it runs the program. Which of the following can you do to meet this requirement?

Create a reservation for each Linux workstation. Configure the workstations to receive IP addresses from DHCP.

You are planning a server virtualization implementation using Hyper-V. Your virtualization solution must meet the following requirements: • Both 32-bit and 64-bit operating systems will be installed as virtual machines. • You need to install two virtual machines. • Virtual machines must be able to communicate with each other and with the host operating system. What should you do?

Create an internal network

You are the administrator for the westsim.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective department OUs. Computers in the accounting department use a custom application. During installation, the application creates a local group named AcctMagic. This group is used to control access to the program. By default, the account used to install the application is made a member of the group. You install the application on each computer in the accounting department. All accounting users must be able to run the application on any computer in the department. You need to add each user as a member of the AcctMagic group. You create a domain group named Accounting and make each user a member of this group. You then create a GPO named Acct Software linked to the Accounting OU. You need to define the restricted group settings. What should you do?

Create a restricted group named AcctMagic. Add the Accounting domain group as a member.

You manage a Server Core deployment that stores user data files. You will use Windows Server Backup to configure a backup schedule. You want to perform a complete system backup every Monday, Wednesday, and Friday. You want to be able to restore the entire system or individual files from the backup. What should you do? (Select two. Each choice is a required part of the solution.)

Create a scheduled task that runs wbadmin start backup. Save backups to a shared folder.

You manage a Windows server server that is used to store user data files. You will use Windows Server Backup to configure a backup schedule. You want to perform a complete system backup daily. You want to be able to restore the entire system or individual files from the backup. What should you do? (Select three. Each choice is a complete solution.)

Create a scheduled task that runs wbadmin start backup. Save backups to a shared folder. In Windows Server Backup, run the Backup Schedule wizard. Save backups to a shared folder. Use Windows PowerShell cmdlets for Windows Server Backup to schedule the backups. Save the backups to an external hard drive attached to the server.

You want to prevent users from running any file with a .bat or .vbs extension unless the file is digitally signed by your organization. How should you configure this rule in AppLocker?

Create a script rule with a publisher condition.

You have connected a print device to Srv6, which runs Windows Server. You have also shared the printer as Printer1 and granted the Everyone group permission to print to it. The department manager prints an important document. After waiting a few minutes for the document to print, he calls you to say it hasn't printed yet. You examine the print queue and notice two large documents ahead of his document in the queue. You increase the priority of his document so it will print as soon as possible. You want to configure the printer so that the manager's documents print as quickly as possible in the future. What should you do?

Create a second printer called Printer2. • Configure permissions on Printer2 to allow only the manager to print. • Set the priority on Printer1 to 1, and set the priority on Printer2 to 99.

You have connected a print device to the Srv2 server and created a printer for it. You have shared the printer as Printer1 and published it to Active Directory. During the hours of 11:00 am to 2:00 pm, you want to restrict access to the print device to members of the Help Desk Reports group. No other users should be able to print to your print device during those hours. During all other hours, all users in the company should have equal access to the print device. What should you do?

Create a second printer for your print device and name it Printer2. Keep the default configuration for Printer1, but configure Printer1's availability to 2:00 pm to 11:00 am. For Printer2, remove permissions for the Everyone group and grant the print permission to the Help Desk Reports group.

You are the domain administrator for a single domain forest. Your company has based its top- level OU structure on the four divisions for your company, manufacturing, operations, marketing, and transportation. Each division has a global security group containing the user accounts for division managers. You want to have a single group that can be used when you need grant access to resources to all of your organization's managers. What should you do? (Choose two. Each selection is a complete solution.)

Create a universal security group called AllMgrs and make each of the existing Division Manager groups a member. Create a global security group called AllMgrs and make each of the existing Division Manager groups a member.

You are the network administrator for Corpnet.com. Management has requested that the intranet website intranet.corpnet.com be configured for high availability. You have two Windows servers named Web1 and Web2. IIS has been installed and configured with a copy of the website on both servers. The Network Load Balancing feature has also been installed on both servers. You need to prepare the environment to create a Network Load Balancing cluster to provide high availability for the intranet web site. What must you do so clients are able to access the website using http://intranet.corpnet.com? (Choose two.)

Create an A record in DNS that maps intranet.corpnet.com to the IP address reserved for the NLB cluster. Reserve an unused valid IP address on the network to be assigned to the NLB cluster.

You are the network administrator for corpnet.com. You are creating a Network Load Balancing cluster to provide high availability for the intranet website www.corpnet.com. You have three web servers, web1.corpnet.com, web2.corpnet.com, and web3.corpnet.com. You have performed the following configuration tasks: • Each server has one network card installed. • Each server has the same data.its own disk storage. • Each server has a static IP address. • Each server has the IIS role installed. • Each server has the NLB feature installed. • Each server has been added to the cluster. • The cluster has been assigned its own IP address. When you test access to www.corpnet.com, you get a message that the site can't be reached. Which step still needs to be done?

Create an A record in DNS that points www.corpnet.com to the cluster's IP address.

You are the network administrator for a company with a single Active Directory domain. The corporate office is located in Miami, and there are satellite offices in Boston and Chicago. There are Active Directory sites configured for all three geographic locations. The Default-FirstSite-Name was renamed Miami. Each location has a single IP subnet configured and associated with the appropriate site. Each office has several domain controllers. The Boston office has recently expanded to three additional floors in the office building that they are in. The additional floors each have their own IP subnet and are connected by a router. The domain controllers for the Boston office are all located on one floor and are in the same subnet. You notice that the users working on the new floors in the Boston office are sometimes authenticating to domain controllers from other locations. You need to make sure that all authentication traffic over the WAN links is kept to a minimum. What should you do to the Active Directory Sites and Services configuration?

Create subnet objects for the new floors in the Boston office and link them to the Boston site.

You are the network administrator for Corpnet.com. A small group of software developers in your organization have to use Linux workstations. You are creating a share for these Linux users on your file server, which is named File1. How can you allow clients running Linux-based operating systems to connect to a share on File1?

Create the share using the Network File System (NFS).

You have decided to install multiple virtual servers. You install Hyper-V on a server that is running Windows Server 2016 Datacenter edition. You need to install the following virtual machines: • Four servers running the Windows Server 2008 R2 Standard edition (64-bit) • Three servers running the Windows Server 2012 R2 Datacenter edition (64-bit) • Three servers running the Windows Server 2016 Standard edition (64-bit) To conserve disk space, you decide to use parent and differencing disks. You need to create the virtual hard disks used by the virtual machines. What should you do?

Create three fixed disks and ten differencing disks.

You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. As part of your security plan, you have analyzed the use of Internet Explorer in your organization. You have defined three different groups of users. Each group has different needs for using Internet Explorer. For example, one group needs ActiveX controls enabled, and you want to disable ActiveX for the other two groups. You would like to create three templates that contain the necessary settings for each group. When you create a GPO, you want to apply the settings in the corresponding template rather than manually set the corresponding Administrative Template settings for Internet Explorer. What should you do?

Create three starter GPOs with the necessary settings. When creating the GPOs, select the starter GPO with the desired settings.

The DHCP server and the client use broadcasts to communicate with each other. Clients go through four steps to obtain an address from a DHCP server. Move the correct steps from the left to the right, and then place them in the order they occur when a client is obtaining its IP configuration from a DHCP server.

DHCP Discover DHCP Offer DHCP Request DHCP ACK

You are troubleshooting an issue with your DHCP server. You view the DHCP server statistics, which are shown in the top half of the image below. You go to a user's workstation and run the ipconfig /release command followed by ipconfig /renew. You view the DHCP server statistics again, which are shown in the bottom half of the image below. What should you expect to see in the statistics that is not happening?

DHCP discovers are not increasing.

You have configured Active Directory Sites and Services to represent the physical layout of your network. As shown in the table below, each site has its own domain controller and subnet: Site Object Server Object Subnet Object Atlanta DC-ATL 192.168.1.0/24 Chicago DC-CHI 192.168.2.0/24 Denver DC-DEN 192.168.3.0/24 Phoenix DC-PHX 192.168.4.0/24 A user authenticates from a workstation with an IP address of 192.168.2.225 and a subnet mask of 255.255.255.0. Which domain controller is Active Directory going to send this authentication request to?

DC-CHI

You are the administrator of the eastsim.com domain. Your Active Directory structure has organizational units (OUs) for each company department. You have assistants who help with resetting passwords and managing group membership. You also want your assistants to help create and delete user accounts. Which of the following tools can you use to allow your assistants to perform these additional tasks?

Delegation of Control Wizard

Your Active Directory network uses the internal DNS namespace private.westsim.com. Several other Active Directory domains also exist, which are children to the private.westsim.com domain. On the Internet, your company uses westsim.com for its public domain name. Your company manages its own DNS servers that are authoritative for the westsim.com zone. The private.westsim.com zone has been delegated to your company's Active Directory domain controllers, which are also DNS servers. Computers that are members of the private.westsim.com domain and all child domains must be able to resolve DNS names of Internet resources. However, to help secure your network, DNS queries for resources in the private.westsim.com domain and all child domains must never be sent to Internet DNS servers. Queries for Internet names must go first to your public DNS server that is authoritative for the westsim.com domain. You need to configure your company's DNS servers to meet these requirements. What should you do? (Choose two. Each correct choice is part of the solution.)

Delete root hints to Internet DNS servers on all DNS servers that are authoritative for the private.westsim.com zone or any child zone. On all DNS servers that are authoritative for the private.westsim.com zone or any child zone, create a forwarders list. Forward to DNS servers that are authoritative for the parent zone.

You have a shared folder called Reports on the Sales1 server in the sales.westsim.com domain. The following two users need access to this shared folder: • Mark in the westsim.com domain • Mary in the sales.westsim.com domain You create a global group called Sales in westsim.com. You grant this group the necessary permissions to the Reports shared folder. You add Mark as a member of the group; however you are unable to add Mary as a group member. What should you do? (Select two. Each choice is a possible answer.)

Delete the existing group. Create a domain local group in sales.westsim.com. Add Mark and Mary as members and assign permissions to the share. Convert the group to a universal group

Your company uses westsim.com as its public Internet domain name. Your private network has a single Active Directory domain named westsim.local. All westsim.local authoritative DNS servers are configured to forward DNS requests across a firewall to external westsim.com authoritative DNS servers. Based on your security policy, the westsim.local authoritative DNS servers are not to contact other computers across the firewall. You manage all DNS servers that are authoritative for the westsim.com and westsim.local DNS domains. All client computers are members of the westsim.local Active Directory domain and are configured to use westsim.local authoritative DNS servers. Currently, all DNS servers have a root zone. Also, all DNS servers have the default configured cache.dns file in their %systemroot%\dns folder. Client computers on your network must resolve names in the Internet namespace and names in the westsim.local domain. You need to configure your company's DNS servers to meet these requirements. What should you do? (Select three. Each correct answer is part of the correct solution.)

Delete the root zone on all westsim.local authoritative DNS servers. Delete the cache.dns file on all westsim.local authoritative DNS servers. Delete the root zone on all westsim.com authoritative DNS servers

You manage the DNS servers for the eastsim.com domain. You have a domain controller named DC1 that holds an Active Directory-integrated zone for the eastsim.com zone. You would like to configure DC1 to use forwarders and root name servers to resolve all DNS name requests for unknown zones. You edit the DNS server properties for DC1. On the Forwarders tab, you find that the Use root hints if no forwarders are available option is disabled. You also find that the entire Root Hints tab is disabled, and you are unable to add any root hint servers. How can you configure the server to use the Internet root name servers for name resolution?

Delete the zone named . on DC1.

Organizational units organize network resources. You can use the organizational model that best meets your needs. Drag the organizational model on the left to the appropriate example OU on the right. (Organizational models can be used once, more than once, or not at all.)

Denver OU - Physical Location model Printers OU - Object type model Sales OU - Corporate structure model Engineering OU - Corperate structure model Brazil OU - Physical location model Brazil OU containing the Sales OU - Hybrid model

The C:\Shares\WidgetProject folder on your Windows server has been shared with network users. The server is a member of the westsim.com Active Directory domain. The westsim.com\Users group has been granted the following allow NTFS permissions: • Read and execute • List folder contents • Read The westsim.com\Research group has been granted the allow full control NTFS permission. In addition, the Everyone principal has been assigned the allow read share permission. The vhammer user accesses data in the folder through the network share from her Windows workstation. She is a member of the westsim.com\Users and westsim.com\Research groups. The vhammer user has also been assigned the deny read NTFS permission to the folder. What permissions does this user have to data in the folder?

Deny read

Members of the Accounting group use a set of special printers in a locked room for printing all print jobs. You want to make sure that these printers and any others you might add for the group are always available for any member of the Accounting group, regardless of the computer they are using. You create a Group Policy object (GPO) called AcctGroup that is linked to the Accounting OU. All computers and users in the Accounting department are in this OU. What should you do?

Deploy the printers in the AcctGroup policy, adding the printers to the User Configuration section.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. The company has a mission-critical database application. You must design a high-availability solution to support this application. You have four servers that connect to Ethernet switches. Your solution should meet the following requirements: • Allocate storage to the servers as needed • Utilize the existing network infrastructure • Maximize fault tolerance What should you do?

Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN).

You are the network administrator for an Active Directory forest with a single domain. The network has three sites with one domain controller at each site. You have created and configured sites in Active Directory Sites and Services, and replication is operating normally between sites. You configure two universal groups for use in securing the network. All users are members of one universal group or the other. After configuring the universal groups, users at sites 2 and 3 report slow login and slow access to the corporate database. Users at site 1 can log in and access the corporate database with acceptable performance. You want to improve login and resource access performance for users in sites 2 and 3. What should you do?

Designate the domain controllers at sites 2 and 3 as global catalog servers.

Which Hyper-V feature allows you to create read-only parent virtual hard disk files that are linked to child virtual hard disk files that contain only changes made to the parent disk?

Differencing disks

You manage a single domain named widgets.com. Recently, you noticed that there have been several unusual changes to objects in the Sales OU. You would like to use auditing to keep track of those changes. You want to only enable auditing that shows you the old and new values of the changed objects. Which directory service auditing subcategory should you enable?

Directory Service Changes

You want to create a new Hyper-V container from the base container image and run the cmd command to open the command line interface in the container. However, you have not pulled the image from Docker Hub. What will happen when you run the following command: docker run -it microsoft/nanoserver -isolation=hyperv cmd

Docker will look for the image on your container host; if it is not there, it will pull the image from Docker Hub and create a Hyper-V container.

When Active Directory is installed, several containers are created by default. Which default container would you be able to apply a Group Policy to?

Domain Controllers OU

You need to be able to create standard Windows Server containers on a Windows Server 2016 system that is using the Desktop Experience deployment. Which of the following tasks must be completed on the server? (Select two. Each correct answer is part of the complete solution.)

Download and install the Docker engine. Install the Containers feature.

You have installed the necessary roles and features so your Windows Server 2016 server can support Hyper-V containers. Now you need to install the Docker engine. Use the left/right arrows to move the steps for the Docker installation process from the left to the right. Use the up/down arrows to put the steps in the most appropriate order.

Download the docker.zip file Extract docker.zip to C:\Program Files\do Add C:\Program Files\docker to PATH Register the dockerd.exe service Start the dockerd.exe service Configure Docker service to autostart

You manage an NLB cluster named Cluster1. You need to perform some maintenance on Cluster1. You need to stop the cluster, but do not want to disrupt current connections. You want the cluster to continue processing current connections, but not accept any new ones. Once all active connections are ended, the cluster should stop. What should you do?

Drainstop the cluster.

Which of the following DNS components automatically creates and deletes host records when an IP address lease is created or released?

Dynamic DNS

You are the network administrator for Corpnet.com. All the servers run Windows Server. You are in the process of building a failover cluster with six nodes. You need the cluster to recalculate the quorum on the fly so that the cluster can continue to run even if the number of nodes remaining in the cluster is less than 50 percent. What kind of quorum should you use?

Dynamic Quorum

You are the administrator for the corp.westsim.com domain. The network has two child domains, acct.corp.westsim.com and sales.corp.westsim.com. You need to configure DNS name resolution properties on the Srv2.sales.corp.westsim.com server. When a single label name is submitted for name resolution, you want the server to search using the following suffixes: • sales.corp.westsim.com • acct.corp.westsim.com • corp.westsim.com • westsim.com What should you do?

Edit the DNS suffix search list policy to configure the custom search suffixes of sales.corp.westsim.com, acct.corp.westsim.com, corp.westsim.com, and westsim.com.

You have three shared printers that are used by the sales team. To simplify administration, you use a Group Policy object (GPO) to deploy these printers to all sales team members. You have received a new printer to replace one of the older printers. You install the printer and deploy it in the same GPO as the other printers. You check and find that the printer is automatically added to the sales team members' computers. You need to remove the printer object for the older printer from all sales team members' computers. What should you do?

Edit the GPO and remove the specific deployed printer.

You manage a network with a single location. You want to use WSUS to make sure that only approved updates are applied to all client computers. Client computers should download all approved updates from a WSUS server in your location. You install WSUS on one server. You synchronize the list of updates on the server and approve the updates that you want applied to client computers. You check the client computers and find that only the approved updates are being applied, but updates are being downloaded from the Microsoft Update website, not your local WSUS server. What should you do?

Edit the WSUS server properties to store updates locally on the server.

You manage a single domain named widgets.com. Recently, you noticed that there have been several unusual changes to objects in the Sales OU. You would like to use auditing to keep track of those changes. You enable successful auditing of directory service access events in a GPO and link the GPO to the domain. After several days, you check Event Viewer, but you do not see any events listed in the event log indicating changes to Active Directory objects. What should you do?

Edit the access list for the OU. Identify specific users and events to audit.

You are the network administrator for your company. Rodney, a user in the research department, shares a computer with two other users. One day, Rodney notices that some of his documents have been deleted from the computer's local hard drive. You restore the documents from a recent backup. Rodney now wants you to configure the computer so he can track all users who delete his documents in the future. You enable auditing of successful object access events in the computer's local security policy. Rodney then logs on and creates a sample document. To test auditing, you then log on and delete the document. However, when you examine the computer's security log, no auditing events are listed. How can you make sure an event is listed in the security log whenever one of Rodney's documents is deleted?

Edit the advanced security properties of the folder containing Rodney's documents. Configure an auditing entry for the Everyone group. Configure the entry to audit success of the Delete permission.

You manage a company network with a single Active Directory domain running on two domain controllers. The two domain controllers are also DNS servers and hold an Active Directoryintegrated copy of the zone used on the private network. The network has five subnets with DHCP servers delivering IP address and other configuration to host computers. All host computers run Windows 10. You want to ensure that all client computers use the DNS server for DNS host name resolution. Hosts should not be able to automatically discover DNS host names, even for computers on their own subnet. What should you do?

Edit the default domain Group Policy object (GPO). Enable the Turn off Multicast Name Resolution policy.

You are the manager of the eastsim.com domain. Your Active Directory structure has organizational units (OUs) for each company department. Assistant administrators help you manage Active Directory objects. For each OU, you grant one of your assistants full control over the OU. You come to work one morning to find that while managing some user accounts the administrator in charge of the Sales OU has deleted the entire OU. You restore the OU and all of its objects from a recent backup. You want to make sure that your assistants can't delete the OUs they are in charge of. What should you do? (Select two. Each choice is a possible solution.)

Edit the properties for each OU to prevent accidental deletion. Remove full control permissions from each OU. Run the Delegation of Control wizard for each OU, granting permissions to perform the necessary management tasks.

The D:\ drive in your Windows server is formatted with NTFS. The Sales group on your computer has been given allow modify permissions to the D:\Sales folder. The Mary user account is a member of the Sales group. You want to accomplish the following: • Mary should not be allowed access to the D:\Sales\2013sales.doc file. • Mary should be able to read, write, and create new files in the D:\Sales folder. • Your solution should not affect the abilities of other Sales group members to access files in the D:\Sales folder. What should you do?

Edit the properties for the file; assign Mary the deny full control permission.

You want to monitor memory statistics on your Windows server named Srv12. During the afternoon, users report that the server is running slow. You want to gather memory statistics for the server every week day between the hours of 12:00 pm and 4:00 pm. You do not need data for the server outside of those hours. In Performance Monitor, you create a new data collector set and add the required data collectors for the statistics you want to monitor. What should you do to complete the configuration? (Select two. Each choice is a required part of the solution.)

Edit the properties of the data collector set. Configure a stop condition overall duration of four hours. Edit the properties of the data collector set. Create a schedule for Monday through Friday at 12:00 pm.

After configuring a password policy to require users to create strong passwords, you start to notice sticky notes stuck to monitors throughout the organization. The sticky notes often have strings of characters written on them that appear to be passwords. What can you do to prevent the security risk that this practice presents?

Educate users on how to create and remember strong passwords.

You are the server administrator for the network shown in the first image. SRV2 is a domain controller that hosts an Active Directory-integrated zone for the network. SRV1 is an application server. Both subnets use the default subnet mask. SRV2 has also been recently configured as a DHCP server for both subnets, and all clients have been modified to receive their IP configuration information from the DHCP server. The user at Host A reports that he cannot access SRV2. Others on the same subnet seem to be having the same problem. Users on the same subnet as SRV2 report no problems. You run ipconfig /all to verify the TCP/IP configuration of Host A. The output is shown in the second image. What should you do?

Enable BOOTP forwarding on the router.

You are the administrator of a network with a single subnet. A single Windows server (Srv1) on Subnet1 is the domain controller, DNS server, and DHCP server. Due to recent expansion, you are adding a second subnet. The second subnet is connected to the first using a dedicated router. On Subnet2, you add a second Windows server (Srv2) that provides file and print services for hosts on that subnet. You want hosts on Subnet2 to receive IP addressing information from the server on Subnet1. What should you do? (Select two. Each choice is a complete solution.)

Enable BootP forwarding on the router connecting Subnet1 to Subnet2. On Srv2, add the Remote Access role with routing. In Routing and Remote Access, configure the Relay Agent protocol.

You manage a network with a single Active Directory domain called westsim.com. Organizational units have been created for the accounting, sales, and shipping departments. User and computer accounts for each department are in their respective OUs. At 5:30 pm, you get a call from Mary Hurd, a user in the sales department, stating that she can't log in. You use Active Directory Users and Computers and see the information shown in the image. How can you make sure Mary can log in?

Enable Mary's account.

When you initially created your external virtual switch in Hyper-V Manager, you configured the virtual machines connected to directly use the Broadcom NetXtreme 57xx Gigabit Controller installed on the host instead of a virtual network adapter. You recently created a new Windows Server virtual machine on this host named DevSrv and connected its network adapter to the external virtual switch. You now want to enable the virtual machine to use the physical adapter on the host. Click the option you would use in the virtual machine's settings to do this.

Enable SR-IOV

You are the manager for Windows servers at your company. You have configured Windows Server Backup to take regular backups once per day and save those backups to an external disk. You find that users working on a new project are constantly overwriting files and asking you to restore older versions of files that exist on backups from as far back as a week ago. You would like to implement a solution that allows users to restore files without an administrator's help. What should you do?

Enable VSS on the volume that holds user data.

You are the server manager for your company. You have just installed a new Windows server. You have configured Windows Server Backup to take regular backups once per day and save those backups to an external disk. You find that users working on a new project are constantly overwriting files and asking you to restore older versions of files that exist on backups from as far back as a week ago. You would like to implement a solution so that users can restore files without an administrator's help. What should you do?

Enable VSS on the volume that holds user data.

You are the server administrator for the westsim.com domain. You have a server named FS12 that holds a shared folder named Reports. Within this folder, subfolders have been created for each company department. All company employees have read access to the shared folder. The board of directors uses a subfolder in the shared folder named BoardReports for their reports. They would like this subfolder to only be visible to members of the board of directors and specific people that they authorize to see the folder and its contents. What should you do?

Enable access-based enumeration on the shared folder. Configure NTFS permissions on the BoardReports folder to control access.

The image shows the current scavenging settings for the eastsim.com domain. As you check records in the zone, you find several records that have not been updated for 16 days or longer. You need to make sure that records are automatically removed if they have not been updated in What should you do?the last 14 days.

Enable automatic scavenging on the zone.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. The network contains a storage area network (SAN). The network contains two servers, CS1 and CS2. Both servers have the Hyper-V role installed. You create a new cluster named Cluster1 and add both servers to Cluster1. You plan to create multiple virtual machines on the new cluster. You need to ensure that each virtual machine can be moved between CS1 and CS2 independently of the other virtual machines. What should you do?

Enable cluster shared volumes.

You are setting up a new network in a single location with a single domain named eastsim.com. You install a DHCP server and configure it with a scope for the single subnet. You install a DNS server with a primary zone for the domain. What should you do to use dynamic updates to update DNS records in the zone automatically?

Enable dynamic updates on the eastsim.com zone.

You have connected two identical print devices to the Srv12 server and created two printers for them named Printer1 and Printer2. You have shared both printers using their default names and granted the Everyone group permission to print to them. Printer1 receives the vast majority of print jobs submitted from users on the network. You want to distribute the printing load evenly between the two print devices. You want to do this while minimizing hardware costs. What should you do?

Enable printer pooling for Printer1 and configure it to print to both local printer ports in use by your print devices.

You are the network administrator for a single domain with three subnets. Two subnets have all Windows 10 computers. The conference room uses the third subnet. Traveling salesmen come to the conference room and plug in their laptops to gain network access. You have configured a DHCP server to deliver configuration information to hosts on this subnet. DNS is configured for dynamic updates. Over time, you notice that the size of the DNS database continues to grow. It is beginning to have an adverse effect on DNS server performance. What should you do?

Enable scavenging of stale resource records on the zone and the DNS server.

Which of the following is a task that you are not able to perform with the Volume Shadow Copy service (VSS)?

Enable shadow copies on specific folders or files.

You are configuring a new external virtual switch in your Hyper-V host. You want the virtual machines running on the host to be able to use the physical network adapter installed in the system instead of virtual network interfaces. Click the option you would use to configure the virtual switch in this manner.

Enable signle-root I/O virtualization (SR-IOV) <====

You are the administrator for the widgets.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. From your workstation, you create a GPO that configures settings from a custom .admx file. You link the GPO to the Sales OU. You need to make some modifications to the GPO settings from the server console. However, when you open the GPO, the custom administrative template settings are not shown. What should you do?

Enable the Administrative Templates central store in Active Directory. Copy the .admx file to the central store location.

You are the network administrator of a small network consisting of three Windows servers and 150 Windows workstations. Your network has a password policy in place with the following settings: • Enforce password history: 10 passwords remembered • Maximum password age: 30 days • Minimum password age: 0 days • Minimum password length: 8 characters • Password must meet complexity requirements: Disabled • Store password using reversible encryption: Disabled One day, while sitting in the cafeteria, you overhear a group of co-workers talk about how restrictive the password policy is and how they have found ways to beat it. When required to change the password, they simply change the password 10 times at the same sitting. Then they go back to the previous password. Your company has started a new security crackdown, and passwords are at the top of the list. You thought you had the network locked down, but now you see that you need to put an end to this practice. Users need to have passwords that are a combination of letters and numbers and do not contain a complete dictionary word. Users should not be able to reuse a password immediately. What should you do? (Choose two. Each answer is part of the solution.)

Enable the Password must meet complexity requirements setting. Enable the Minimum password age setting.

You have configured a new GPO. You use a scoping method to prevent it from applying to a specific user using a specific computer. Which tool can you use to see if your scoping method is successful?

Group Policy Results

You have been asked to troubleshoot a Windows workstation that is a member of your domain. The director who uses the machine said he is able to install anything he wants and change system settings on demand. He has asked you to figure out why User Account Control (UAC) is not being activated when he performs a sensitive operation. You verify that the director's user account is a standard user and not a member of the local Administrators group. You want the UAC prompt to show. What should you do?

Enable the Run all administrators in Admin Approval Mode setting in the Group Policy .

You are the administrator for a small company that uses a Windows server to host a single domain. Mary Hurd, a user in the sales department, calls and reports that she is unable to log in using her computer (Sales1). You use Active Directory Users and Computers and see the screen shown in the image. What can you do to allow Mary to log in?

Enable the computer account.

You are the security administrator for your organization. Your multiple domain Active Directory forest uses Windows servers for domain controllers and member servers. The computer accounts for your member servers are located in the Member Servers OU. Computer accounts for domain controllers are in the Domain Controllers OU. Computer accounts for workstations are located in the Workstations OU. You are creating a security template that you plan to import into a GPO. What should you do to log whenever a user is unable to log on to any computer using a domain user account? (Select two. Each choice is a required part of the solution.)

Enable the logging of failed account logon events. Link the GPO to the Domain Controllers OU.

You are the security administrator for your organization. Your multiple domain Active Directory forest uses Windows Server domain controllers and member servers. The computer accounts for your member servers are located in the Member Servers OU. Computer accounts for domain controllers are in the Domain Controllers OU. You are creating a security template that you plan to import into a GPO. You want to log all domain user accounts that connect to the member servers. What should you do to be able to check each server's log for the events? (Choose two. Each choice is a required part of the solution.)

Enable the logging of logon events. Link the GPO to the Member Servers OU.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. The network contains three Windows servers named FS1, FS2, and FS3. These servers are used for storing files in shared folders. You want to implement failover clustering to make these servers highly available for your users, so you have installed the Failover Clustering feature on each server. You are using Storage Spaces Direct (SSD) to set up the shared storage for the cluster, so you install new SATA hard drives in each server and leave them blank, offline, and uninitialized. You used PowerShell cmdlets to verify that the new drives can be added to an SSD pool, and then you created a cluster named FileServ with FS1, FS2, and FS3 as the cluster nodes. From the drop-down list, select the cmdlet you would now enter to enable SSD on the FileServ cluster.

Enable-ClusterStorageSpacesDirect

You need to view resource usage for a Hyper-V virtual machine named AccServer that is running on a Windows Server system. Before you can actually retrieve resource usage information, you first need to turn resource metering on for the virtual machine. Which PowerShell command can you use to do this?

Enable-VMResourceMetering -VMName AccServer

You need to be able to access a partner organization's network using a VPN connection from within a Windows virtual machine running on a Windows server. However, the VPN connection requires a smart card for authentication. In order to connect, you need to redirect the smart card from the local physical hardware to the virtual machine. Click the option in the Hyper-V settings on the server you can use to enable this.

Enchanced Session Mode Policy. No Enchanced session Mode

During the course of the Docker installation, you add C:\Program Files\docker to the PATH statement. You want to verify that C:\Program Files\docker is one of the file paths listed in PATH. You open the Advanced System Properties window, as shown in the image below. Click the button that will allow you to see what is in PATH.

Enviroment Variables <==

You currently manage a virtual machine named VM12 that has been installed on the Srv5 physical server. The virtual machine uses a single fixed disk of 40 GB saved in the vdisk1.vhd file. The virtual machine is running out of free disk space. The virtual machine currently uses about 39.5 GB of the available disk space. You need to add more disk space to the virtual machine. What should you do?

Expand the vdisk1.vhd disk.

You are the network administrator for Corpnet.com. You have two Windows servers named HV1 and HV2. Both servers have the Hyper-V role installed. HV1 has an Intel processor, and HV2 has an AMD processor. HV2 hosts a virtual machine named VM1. You build another server named HV3 and install the Hyper-V role. HV3 has an Intel processor. You need to move VM1 from HV2 to HV3 with the least amount of downtime. What should you do?

Export VM1 on HV2 and then import it on HV3.

The Srv1 server runs Hyper-V and has several virtual servers installed. You would like to copy the VM4 virtual machine and create two new virtual machines running on Srv1. You are using the Hyper-V Manager console and want to complete the task with as little effort as possible. Which of the following procedures will let you create two virtual machines from the original VM4?

Export VM4 to the C:\Export folder. Copy the C:\Export folder to C:\Export2. Import the configuration using C:\Export\VM4 as the path. Import the configuration again using C:\Export2\VM4 as the path.

You have configured a failover cluster with three servers as hosts, FS1, FS2, and FS3. You named the cluster FSCluster1 and configured it to host the general purpose file server role, which is named FileServ. FS1 is configured as the preferred owner of the file server role. FS2 and FS3 are configured as possible owners. The role is configured for immediate failback. You begin the process of configuring continuously available shares (CAFS) on top of this generalpurpose file server. The process requires you to define the share location by indicating the name of the server and the share location. Which of the following is the server name you must use in this CAFS configuration?

FileServ

Your server runs a regularly scheduled backup of user data and the server's system state. A user has accidentally deleted an important file and has no backup. You begin the recovery wizard, which brings you to the recovery type screen shown below. Select the option you would use to recover only the file the user accidentally deleted.

Files and folders <==

You are the server administrator for the eastsim.com domain. You have an application server named Srv5 that is used by members of the sales team. The server runs three applications, App1, App2, and App3. Each application uses a different TCP/IP port. Because of recent growth, this server is becoming unable to process all incoming requests in a timely manner. You decide to use network load balancing (NLB) as your solution. You add a second server named Srv10. Your NLB should meet the following requirements: • Requests for App1 and App2 should be evenly distributed between Srv5 and Srv10. • Because App3 is not running on Srv10, all requests for that application should be sent to Srv5. Requests should never be directed to Srv10. You need to configure a solution to meet the requirements. What should you do?

For App3, configure a port rule with the filtering mode set to Multiple host. Configure Srv5 with a weight of 30 and Srv10 with a weight of 0.

You have configured a failover cluster with two servers as hosts, Srv1 and Srv2. Each server has two network interface cards: • NIC1 connects the server to the main network. Clients connect to the cluster through NIC1. • NIC2 connects the server to the storage area network (SAN). This network is also used for sending out heartbeat signals and performing convergence. How should you configure NIC2 in the Failover Clustering Management console? (Select two. Each choice is a required part of the solution.)

For NIC2, choose Allow the cluster to use this network and clear the Allow clients to connect through this network option. For NIC1, choose Allow the cluster to use this network and select the Allow clients to connect through this network option.

Active Directory uses certain objects to represent the logical organization of a computer network and other objects to represent its physical structure. Drag the representation type on the left to the types of objects it uses on the right. (Representation types can be used more than once.)

Forest - Logical Organization Site - Physical Structure Subnet - Physical Structure Domain - Logical Organization OU - Logical Organization

Match each Active Directory component on the left with the appropriate description on the right. (Each component may be used once, more than once, or not at all.)

Generic Container - An object type that cannot be created, moved, renamed, or deleted Global Catalog - A database that contains a partial replica of every object from every domain Global Catalog - Facilitates faster searches Organizational Unit - A type of container object that can be created by the administrator to simplify security administration. Schema - Identifies the types of objects that can exist in the tree. Attributes - Information about an object, such as a user's name. Organizational Unit - Used to logically organize network resources within a domain

You manage a Windows server that stores user data files. You have previously configured several scheduled backups in Windows Server Backup. A user comes to you wanting a file restored from a recent backup. You check your backup media and find that you have a DVD from today. You also have a hard disk with a backup taken last night, but that disk is stored in an offsite location. You need to restore the file as soon as possible with the least amount of disruption to other users. What should you do?

Get the hard disk with last night's backup. Run the Recovery wizard using the backup on the disk.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. The network contains three Windows servers named FS1, FS2, and FS3. These servers are used for storing files in shared folders. You want to implement failover clustering to make these servers highly available for your users, so you have installed the Failover Clustering feature on each server and have created a cluster with FS1, FS2, and FS3 as the cluster nodes. You are using Storage Spaces Direct (SSD) to set up the shared storage for the cluster, so you install new SATA hard drives in each server and leave them blank, offline, and uninitialized. You open a PowerShell session to begin the SSD implementation. From the drop-down list, select the command you would enter to identify all storage devices that can be added to an SSD pool.

Get-PhysicalDisk -CanPool $True

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. The network contains three Windows servers named FS1, FS2, and FS3. These servers are used for storing files in shared folders. You want to implement failover clustering to make these servers highly available for your users, so you have installed the Failover Clustering feature on each server. You used PowerShell cmdlets to create a cluster named FileServ with FS1, FS2, and FS3 as the cluster nodes, and then you enabled Storage Spaces Direct (SSD) on the FileServ cluster. From the drop-down list, select the cmdlet you would now enter to verify that the SSD pool was created.

Get-StoragePool

On a Windows server, you share a folder named Public using the default share name and share permissions. Later you receive a phone call from Sally, a member of the Sales group, claiming that she cannot save a file to the Public shared folder. You examine the NTFS permissions for the folder and see share and NTFS permissions shown in the exhibits. No other permissions are granted or denied. Sally is not a member of any other groups. You want to make sure Sally and other members of the Sales group can open, edit, save, and delete files to the Public shared folder. You want to make as few assignments as possible without affecting permissions for other users. What should you do?

Grant Everyone the change share permission. Grant the Sales group the allow modify NTFS permission.

Sally, a member of the sales department, is borrowing a laptop computer from her supervisor to do some work from home in the evenings. Sally contacts you and indicates that she cannot access the C:\Reports folder on the laptop. This folder contains documents that she needs to edit. You log on to the laptop as a domain administrator to check the folder's access control list. You are denied access to view the permissions. You contact Sally's supervisor to verify that Sally should receive access to the folder. Sally's supervisor indicates that Sally should be able to read, change, and delete documents in the folder, but that only the supervisor should be able to configure permissions. You need to grant Sally appropriate permissions to the C:\Reports folder. What should you do? (Choose two. Each correct choice is part of the solution.)

Grant Sally the allow modify permission to the C:\Reports folder. Take ownership of the C:\Reports folder.

You are the owner of the D:\Reports folder. Judith needs to be able to see the files and subfolders in the D:\Reports folder. Dalton needs to be able to do these same things and also delete folders. You need to assign the necessary NTFS permissions to the D:\Reports folder. What should you do?

Grant read and execute to Judith and modify to Dalton.

Click on the tool you can use to configure Restricted Groups to control membership for groups that require high security

Group Policy Management <===

Click on the menu option that allows you to verify that the virtual machine queue feature is enabled for a virtual machine.

Hardware acceleration

You want to prevent users in your domain from running a common game on their machines. This application does not have a digital signature. You want to prevent the game from running even if the executable file is moved or renamed. You decide to create an AppLocker rule to protect your computer. Which type of condition should you use in creating this rule?

Hash

You need to view a list of infected files that Windows Defender has quarantined. Click the option in Windows Defender you would use to do this.

History <==

You are a technical consultant for many businesses in your community. One of your clients, a small law firm, has a single Active Directory domain and two Windows servers. Both servers are configured as domain controllers while also serving as file and printer servers. This client is calling you on a regular basis because users are deleting or damaging their files. You must visit the client's site and restore the files from backup. Your client has asked you to create an alternate solution. What should you do?

Implement shadow copies on the relevant data.

Listed below are several DNS record types. Match the record type on the left with its function on the right. (Record types may be used once or not at all.) Identify a domain controller.

Identify a domain controller.-SRV Identify a mail server -MX Map a host name to an IPv4 address.-A Map an IPv4 address to a host name.-PTR

You are the network administrator for northsim.com. The network consists of a single Active Directory domain. The company has offices throughout the United States and internationally. You have two Windows servers named HV1 and HV2 that are located in the New York office. Both servers have the Hyper-V role installed. Both servers have quad core processors and 16 GB of RAM. HV1 hosts two virtual machines named APP1 and APP2: • • APP1 hosts an application used heavily by users in New York.APP2 hosts an application used heavily by users in London. During the day, you observe poor performance on APP1 due to a shortage of memory. During the evening, APP1 performs fine. However, APP2 experiences poor performance during peak business hours in London due to a shortage of memory. There are no empty slots to add memory to the server, and management does not have budget to upgrade HV1 for at least 6 months. You need to improve performance for APP1 and APP2 using the least amount of administrative effort. What should you do?

Implement Dynamic Memory in the properties of APP1 and APP2.

You are the network administrator for corpnet.com. You have two Windows servers that are members of a failover cluster named Cluster1. When a server in the cluster receives an update from Microsoft, a failover is triggered in Cluster1. What can you do to prevent cluster failovers caused by automatic updates?

Implement cluster-aware updating on the cluster.

You are the administrator of the eastsim.com domain, which has two domain controllers. Your Active Directory structure has organizational units (OUs) for each company department. You have assistant administrators who help manage Active Directory objects. For each OU, you grant one of your assistants Full Control over the OU. You come to work one morning to find that while managing some user accounts, the administrator in charge of the Sales OU has deleted the entire OU. You restore the OU and all of its objects from a recent backup. You want to configure the OU to prevent accidental deletion. You edit the OU properties, but can't find the Protect object from accidental deletion setting. What should you do so you can configure this setting?

In Active Directory Users and Computers, select View > Advanced Features.

Your company's internal namespace is westsim.local. This domain has two additional child domains named support.westsim.local and research.westsim.local. Due to security concerns, your company's internal network is not connected to the Internet. Following are the DNS servers that you manage for your company: • Dns1, authoritative for . and westsim.local, IP address = 192.168.1.1 • Dns2, authoritative for support.westsim.local, IP address = 192.168.2.1 • Dns3, authoritative for research.westsim.local, IP address = 192.168.3.1 All internal DNS domains are Active Directory-integrated domains. You have configured Dns1 with appropriate delegation records for the child zones. How should you configure root hints for Dns2 and Dns3?

In DNS Manager, edit the properties for Dns2 and Dns3. On the Root Hints tab, remove all default root hints entries and then add an entry for Dns1.

You manage a network with a single Active Directory domain called westsim.com. Organizational units have been created for the accounting, sales, and shipping departments. User and computer accounts for each department are in their respective OUs. You have hired a temporary worker named John Miller to work in the shipping department during the holidays. John should only be allowed to log on to the Ship01 workstation and no others. What should you do?

In John's user account, add Ship01 to the Log On To list.

You are troubleshooting a custom application on a Windows server named Srv4. On a periodic basis, the application writes or modifies several registry entries. You want to monitor these registry keys so that you can create a report that shows their corresponding settings over the next five days. What should you do?

In Performance Monitor, define a configuration data collector.

You want to monitor processor and memory utilization on Srv4. You create a single data collector set configured to save log files every day. You add the processor and memory data collectors to the data collector set. After running the data collector set for several days, you have several separate log files. You would like to combine the multiple files into a single view so you can see a graphic in Performance Monitor for the entire time period. What should you do? (Select two. Each choice is a possible solution.)

In Performance Monitor, use the View Log Data option to select all log files in the range. Expand the date range to include all log files. At a command prompt, run the Relog command. Open the resulting log in Performance Monitor.

The network you manage has 200 workstations split into two network segments. Each segment has two servers, each running Windows Server. The two segments are connected by a single router that is not BootP enabled. To get around this, you've set up a DHCP server on Subnet1 and a DHCP Relay Agent on Subnet2. Over the weekend, you receive an email alert that the DHCP server went down. When you arrive onsite, you find the DHCP server has suffered a critical failure from which it will not easily recover. You decide to replace it. You add the DHCP role to the other server on Subnet1 and configure it with both scopes. You configure all server and scope options. When you arrive for work Monday morning, you receive reports that computers on one subnet cannot communicate with computers on the other subnet. Computers are able to communicate with workstations on the same subnet. You find that computers on Subnet1 have received IP addresses from the DHCP server, but computers in Subnet2 have not. What should you do?

In Routing and Remote Access, change the IP address configured for the Relay Agent protocol.

You are the administrator for westsim.com. You have recently installed Windows Server on new hardware in your environment. You have been experiencing a hardware problem with this new server, so you open Reliability Monitor to view your server's reliability and problem history in hopes of identifying the problem. Unfortunately, you find that no reliability information has been collected. What should you do?

In Task Scheduler, enable the One time trigger in the RacTask task

You manage a network with two locations, San Jose and Oakland. The two networks are connected with a WAN link, and each site has its own Internet connection. You decide to implement a WSUS solution with a single WSUS server in the San Jose location. You want to make sure that client computers only download updates that have been approved on the WSUS server. To minimize bandwidth use between the two locations, all client computers in Oakland should download the updates from the Microsoft Update website using the local Internet connection. You install WSUS on Srv1 in the Oakland location. What should you do to complete the configuration for hosts in Oakland? (Select two. Each choice is a required part of the solution.)

In a GPO that applies to all client computers in Oakland, edit the Specify Intranet Microsoft Update service location policy and specify Srv1. Configure Srv1 to not store updates locally.

You manage a network with two locations, San Jose and Oakland. The two networks are connected with a WAN link, and each site has its own Internet connection. You decide to implement a WSUS solution using a WSUS server in each location. Srv1 is in San Jose, and Srv2 is in Oakland. Client computers should contact the WSUS server in their site for a list of approvals, with all approved updates being downloaded directly from the Microsoft Update website. You want to centrally manage all updates, approving updates for both sites from Srv1. You configure Srv1 and Srv2 as WSUS servers, with Srv2 as a replica of Srv1. How should you complete the configuration for the Oakland location? (Select two. Each choice is a required part of the solution.)

In a GPO that applies to all client computers in Oakland, edit the Specify Intranet Microsoft Update service location policy and specify Srv2. Configure Srv2 to not store updates locally.

You manage a network with a single location. You want to use WSUS to make sure that only approved updates are applied to all client computers. Client computers should download all approved updates from the Microsoft Update website. You install WSUS on one server. You synchronize the list of updates on the server and approve the updates that you want applied to client computers. You check the client computers and find that they are downloading updates from the Microsoft Update website, but they are downloading updates that you have not approved. What should you do?

In a GPO that applies to all client computers, edit the Specify intranet Microsoft Update service location policy and specify your internal WSUS server

You want to monitor memory statistics on your Windows server named Srv12. You want the monitor to run continuously and create a new log file every hour. In Performance Monitor, you create a new data collector set and add the required data collectors for the statistics you want to monitor. How should you complete the configuration? (Select two. Each choice is a required part of the solution.)

In the Data Collector Set properties, select When a limit is reached, restart the data collector set and configure a limit of one hour. In the Data Collector Set properties, deselect Overall duration.

You are the administrator for a network with a single Active Directory domain called westsim.com. All computer accounts reside in organizational units (OUs) that correspond to departments. You have previously deployed a WSUS server in your location to specify the approved list of updates. All client computers are configured to download updates from your local WSUS server. You decide that you need to configure a separate update approval list for all computers in the Marketing department. You want the update list to be automatically identified based on the department membership for the computer. What should you do? (Select three. Each choice is a required part of the solution.)

In the WSUS console, edit the options for Computers and specify Use Group Policy or registry settings on computers. Link a GPO to the Marketing OU. In the GPO, edit the Enable client-side targeting policy and specify the Marketing Computers group. In the WSUS console, create a Marketing Computers group.

You want to monitor memory statistics on your Windows server named Srv12. You want the monitor to run continuously, saving an hour's worth of data in a new file. In Performance Monitor, you create a new data collector set and add the required data collectors for the statistics you want to monitor. In the data collector set properties, you select When a limit is reached, restart the data collector set and configure a limit of 1 hour. You manually start the data collector set. The next day, you view the report. There is a single file, and its contents shows data for only the first minute after you started the data collector set. What should you do to capture the data as desired?

In the data collector set, set the overall duration to zero seconds.

Mary is in charge of DNS administration for her network. The private network consists of a single Active Directory domain called private.westsim.com. DNS data is stored in an Active Directoryintegrated zone. The sales department has just installed a web server called SalesWeb. This server will host an intranet site for use by the sales team. They want this server to be accessible using the URL sales.westsim.com. What should Mary do?

In the westsim.com domain, create a CNAME record called sales. Identify SalesWeb.private.westsim.com as the target.

You are the network administrator for corpnet.com. You have two Windows servers that are members of a failover cluster named Cluster1. One node is located in the main office, and the other node is located in a branch office. The sites communicate using IPSec in tunnel mode. After changing ISPs, you discover that the rate of failover increases. You suspect this may be due to latency on the new WAN link. What can you do to ensure that slow connectivity between the sites does not cause failover?

Increase the CrossSubnetThreshold on Cluster1.

The serial number contained within the Start of Authority (SOA) record for a DNS zone on the primary server has been incremented. What condition does this indicate?

Information within the DNS zone has been changed, and secondary servers should initiate a zone transfer.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. The network contains two Windows servers named HV1 and HV2 that have the Hyper-V role installed. If HV1 fails, you need the virtual machines hosted by HV1 to be migrated to HV2, and you need them to remain available during the migration. What should you do?

Install the Failover Cluster feature on HV1 and create a failover cluster with HV2. Then enable Live Migration.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. The network contains three Windows servers named FS1, FS2, and FS3. These servers are used for storing files in shared folders. You plan to implement high availability through Failover Clustering and to use Storage Spaces Direct to set up the shared storage for the cluster. Your file servers have been in production for a while. Their data disks use varying sizes of SATA drives and have varying amounts of space available.What must you do before you can implement Storage Spaces Direct? (Select two.)

Install the Failover Clustering feature on each server. Install new hard drives in each server and leave the drives blank, offline, and uninitialized.

An application developer needs a container for testing a server application that is designed to run on a Windows server in a Server Core deployment. The developer has a Windows 10 Professional workstation. Which of the following must be done on this workstation before the developer can deploy a Server Core container? (Select two. Each correct answer is part of the complete solution.)

Install the Hyper-V role. Install the Containers feature.

Software developers in your organization want to use Hyper-V to create virtual machines to test their new code. You need to add a virtual switch to the system. The virtual switch must allow communication between virtual machines running on the hypervisor, as well as with the hypervisor host itself. However, to contain the effects of bugs that may arise with the code being tested, you want to isolate the virtual machines from other hosts on the physical network. Click on the type of virtual switch you should create.

Internal <===

You are the network administrator of the westsim.com domain. You have several users in the Sales OU who use Windows laptop machines because they travel frequently. These laptops are all in the Computers OU along with the desktop computers used by other users in the Sales OU. The Computers OU is a child of the Sales OU. There is a service preference that need to be applied to the laptops that does not need to be applied to desktop computers. You configure a Group Policy preference for this service that you want to apply to just the laptops. You link this Group Policy to the Computers OU. Click on the Group Policy preferences Common option setting you would use to configure the preference to apply only to the laptop computers in the Computers OU.

Item-level targeting <===

You've configured an NFS share on your Windows server to support Linux client systems already joined to your domain. Click the options in the NFS Advanced Sharing window you would use to allow these clients to connect to the share. (Select three.)

Kerbos v5 privacy and authenication<== Kerbos v5 intergrity and autentication<== Kerbos v5 autentication<==

You are the network administrator for eastsim.com. The network consists of a single domain. All of the servers run Windows server. The company has one main office. The main office has 200 Windows client computers, 10 Linux workstations, and 20 Windows servers. The Linux workstations do not have a graphical user interface. There is one print server named PS1. Which printer role service must you install on PS1 to provide printing services to the Linux workstations?

Line Printer Daemon (LPD)

You have decided to install third-party anti-malware software on your Windows notebook system. During the installation, the installer warns you that the third-party anti-malware conflicts with Windows Defender, which is already running on the system. Which tool do you use to disable Windows Defender so you can proceed with the installation?

Local Group Policy Editor

You are consulting with the owner of a small network that has a Windows server functioning as a workgroup server. There are six Windows desktop computers. There is no Internet connectivity. The server contains possibly sensitive information, so the owner wants to make sure that no unauthorized access occurs. You suggest that auditing be configured so that access to sensitive files can be tracked. What can you do to make sure that the files generate audit results? (Choose three. Each correct answer is part of the required solution.)

Make sure the Object Access auditing policy is configured for success and failure. Make sure the correct users and groups are listed in the auditing properties of the files. Make sure the files to be audited are on NTFS partitions.

Your organization's IT department has developed a custom application that reports the host name of each client that tries to access three servers in the accounting department that store sensitive information. You do a random test and find that the program is not reporting the host names for some clients, even though it properly records their IP addresses. This is because the custom application submits reverse lookup requests to the DNS server to discover the host names for the specified IP addresses. As you investigate further, you learn that the clients whose host names could not be reported have static IP addresses and are on subnet 192.168.3.0. What should you do?

Manually create a PTR record in the 3.168.192.in-addr.arpa zone for each host.

You need to view resource usage for a Hyper-V virtual machine named AccServer that is running on a Windows Server system. Which PowerShell command can you use to do this?

Measure-VM -VMName AccServer

You are managing a Windows Server 2012 virtual machine on a Hyper-V hypervisor host. Dynamic Memory is enabled in the virtual machine's configuration. The virtual machine will run several Web applications that are known to create system memory utilization spikes during heavy use. Because Dynamic Memory is enabled, you are concerned that memory could be unallocated from this virtual machine and reallocated to another, resulting in insufficient memory. You need to ensure that some physical RAM is held in reserve to prevent this from happening. Click the option you would use in the virtual machine's memory configuration to do this.

Memory buffer: ==> 20%

You have a folder on your Windows server that you would like to share with members of your development team. Users should be able to view and edit any file in the shared folder. You share the folder and give everyone full control permission to the shared folder. Users connect to the shared folder and report that they can open the files, but they cannot modify any of the files. What should you do?

Modify the NTFS permissions on the folder.

You are the network administrator for Corpnet.com. You install the Windows Server Backup feature on a Windows Server file server named File1 and schedule a nightly backup to a network shared folder. When you attempt to perform a restore, you discover that only the last backup is available. You need to ensure that multiple backups of the server are available for restores. What should you do?

Modify the backup location for the schedule backup.

You are working with a container that you are using to test a new application that is under development. You need to move the container to another container host, but you don't want to lose the changes you've made and the files you've created within the container. What can you do preserve the container's system changes and files? (Select two. Each correct answer is complete solution.)

Mount a directory in the container host's file system in the file system of the container following this syntax: docker run -it -v <container_dircontainer_dir>:<host_dirhost_dir> <image_namemage_name> cmd.exe Create a new image file from the current container instance using the docker commit command.

You are a domain administrator for a large multi-domain network. There are approximately 2,500 computers in your domain. Organizational Units (OUs) have been created for each department. Group Policy objects (GPOs) are linked to each OU to configure department-wide user and computer settings. While you were on vacation, another 20 computers were added to the network. The computers appear to be functioning correctly with one exception: the computers do not seem to have the necessary GPO settings applied. What should you do?

Move the computer accounts from their current location to the correct OUs.

You manage a Windows server. For the D:\Reports\Finances.xls file, you explicitly grant the Mary user account the Allow Modify NTFS permissions. You need to move the file from the existing folder to the D:\Confidential folder. You want to keep the existing NTFS permissions on the file. You want to accomplish this with the least amount of effort possible. What should you do?

Move the file to the new folder.

With the Hyper-V Replica Broker role installed, you can configure several types of virtual machine migrations. Drag the migration on the left to the appropriate description on the right.

Moves only the virtual machine data to other clustered storage while the virtual machine is still running. -Storage Migration Performs a live migration of all running virtual machines to another cluster node if the node is shut down without first being put into maintenance mode. -Drain on shutdown Ownership of the clustered virtual machine is moved to another node without pausing the role. -Live migration The virtual machine is paused, the state is saved, the role is moved to another node, and the virtual machine is started on the other node. -Quick Migration

You've configured an NFS share on your Windows Server to support Linux client systems that are Click the option in the NFS Advanced Sharing window you would use to allow these clients to use anonymous access when connecting to the share.

No Server authentication [auth sys]

Match each zone type on the left with the corresponding characteristics on the right. Each zone type may be used once, more than once, or not at all.

Multiple servers hold read-write copies of the zone data -Active Directory-integrated The only writeable copy of the zone database -Primary A read-only copy of the zone database -Secondary Initiates Zone transfers -Secondary The replication scope specifies domain controllers that can receive a copy of zone data -Active Directory-integrated

You have several containers running on your container host. You need the containers to have private network communication with each other. You also want them to have access to the Internet. Which of the following container networking options should you use?

NAT

You need to configure the ENSERV16-VM03 server as a global catalog server. Where do you click in the Properties dialog to open the page that will allow you to select the global catalog option?

NTDS Settings

You configured the IP address and DNS name of a new internal web server named WEB3. Your first test from a web browser on your workstation was successful. But when you came to work this morning, you were not able access WEB3 from the same workstation using the same browser. You get an error that this site cannot be reached. You have not changed the server's IP configuration since the successful test of the night before. You ping WEB3 using its IP address, and you get a response back. Next, you ping WEB3 using its fully qualified domain name (FQDN), and you get a message indicating that the host could not be found. What can you assume from this message?

Name resolution is not working properly.

For most of the year, the AccSrv virtual machine is only lightly utilized. However, at quarter-end and at year-end, it is heavily utilized as accountants in your organization prepare reports and reconcile accounts. You need to ensure the virtual network adapter in this virtual machine has sufficient bandwidth available for these peak periods, so you decide to enable bandwidth management on the adapter. Click the option you would use in the virtual machine's settings to do this.

Network Adapter <=====

You are the network administrator of the westsim.com domain. You have several users who use Windows laptop machines because they travel frequently. When they are on the road, they need to use a VPN connection to access network resources in the domain. Click on the Group Policy preferences Control Panel setting you would use to configure these laptops with the correct VPN connection settings.

Network Options <===

You are the network administrator for westsim.com. There is one main office and seven branch offices. You have been asked to create a script that can be used in the event of a disaster that destroys the entire network. The script must be able to recreate the company's Active Directory users, computers, and groups, as well as sites and subnet objects. Which command should you use in your script?

New-ADObject

You want to implement Hyper-V so you can create a lab environment that mirrors your production network for testing applications before deploying them into your production environment. You're planning on having four virtual Windows Servers in this lab environment. You plan to use a file server already in production to create your first Hyper-V host system. You have a system with the following specifications and OS installed: • A 64-bit processor with second-level address translation (SLAT). • VM monitor mode extensions. • UEFI that supports virtualization with the following features: • Hardware-assisted virtualization with Intel VT. • Data Execution Prevention (DEP) enabled with Intel Execute Disable Bit (XD). • 64 GB RAM. • Windows Server 2016 Standard edition with the Server Core deployment. Is this system a good choice for hosting your lab environment?

No, best practice suggests that the system should be a dedicated hypervisor host with only the Hyper-V role installed.

You are the network administrator for corpnet.com. You are creating a Network Load Balancing cluster to provide high availability for the intranet website. You have three web servers, Web1, Web2, and Web3, which are configured as follows: • Each server has one network card installed. • Each server has its own disk storage. • Each server has the same data. • Each server receives an IP address dynamically from the DHCP server. • Each server has the IIS role installed. • Each server has the NLB feature installed. Are you ready to configure these servers into an NLB cluster?

No. Each server should be assigned a static IP address

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. The network contains two servers named FS1 and FS2. You want to implement Storage Replica as a disaster recovery solution. FS1 and FS2 will be replication partners with FS1 as the source server and FS2 as the destination server. These servers are configured as follows: Specifications FS1 FS2 OS Windows Server 2016 Windows Server 2016 Edition Datacenter Datacenter RAM 16.00 GB 32.00 GB Disk 0 (C:) 500 GB 700 GB Disk 1 (Data D:) 1.5 TB 2.2 TB Network adapter 1.0 Gbps 1.0 Gbps Can you implement a Storage Replica partnership between these two servers?

No. The Disk 1 (Data D:) disks are not exactly the same size.

You want to create a cluster using two virtual machines. You perform the following steps: • Create two virtual machines on the same Hyper-V host. • Configure a private virtual switch and connect each VM to it. • Install the Windows Server operating system on each VM. • Add the Failover Clustering role on each VM. • Launch Failover Cluster Manager. • Begin the validation process for this configuration by selecting the two VMs as nodes in the cluster. When you run the validation tests, will this configuration pass?

No. There is no shared storage device configured for the cluster nodes to use.

You want to implement Hyper-V so you can create a lab environment that mirrors your production network for testing applications before deploying them into your production environment. You're planning on having four virtual Windows servers in this lab environment. Your lab environment will need access to the physical network and the Internet. You plan to use hardware that you already have on hand to create your first Hyper-V host system. You have an unused system with the following specifications and OS installed: • A 64-bit processor with second-level address translation (SLAT) • VM monitor mode extensions • UEFI that supports virtualization with the following features: • Hardware-assisted virtualization with Intel VT • Data Execution Prevention (DEP) enabled with Intel Execute Disable Bit (XD) • 64 GB RAM • Windows Server 2016 Standard edition with the Server Core deployment • A single 1 Gbps network adapter Is this system a good choice for hosting the lab environment you plan to build?

No. When guest systems need network access, best practice suggests that a host should have its own network adapter and an additional network adapter for every four virtual machines.

The sales department in your organization needs you to deploy a new web-based contact management application for them. The application runs only on Windows Server 2008 R2. You don't have a budget for new hardware, but you do have unused licenses available for this operating system. You decide to create a new virtual machine on an existing Windows Server 2016 Hyper-V host in your network. You plan to configure the virtual machine as follows: • Specify a generation 2 virtual machine. • Create a 200 GB virtual SCSI hard disk (VHDX) for the system volume. • Create a 1 TB virtual SCSI hard disk (VHDX) for application data. • Create a virtual SCSI optical drive. • Install a 64-bit version of Windows Server 2008 R2. Will this configuration work?

No. Windows Server 2008 R2 is not supported in generation 2 virtual machines.

The sales department in your organization needs you to deploy a new web-based contact management application for them. The application runs on Windows Server 2012. You don't have a budget for new hardware, but you do have unused licenses available for this operating system. You decide to create a new virtual machine on an existing Windows Server 2016 Hyper-V host in your network. You created the virtual machine as follows: • Generation 1 virtual machine • 200 GB virtual IDE hard disk (VHDX) for the system volume • 1 TB virtual SCSI hard disk (VHDX) for application data • IDE virtual optical drive • Windows Server 2012 After several months in production, you decide that you would like to implement the Secure Boot feature in the virtual machine. You know this feature is only available on generation 2 virtual machines, so you decide to upgrade the virtual machine and then implement the new feature. Will this configuration work?

No. You cannot change the generation of a virtual machine after it has been created.

You want to implement Hyper-V so you can create a lab environment that mirrors your production network for testing applications before deploying them into your production environment. You're planning on having four virtual Windows servers in this lab environment. You plan to use hardware that you already have on hand to create your first Hyper-V host system. You have an unused system with the following specifications and OS installed: • A 64-bit processor with second-level address translation (SLAT). • VM monitor mode extensions. • UEFI that supports virtualization with the following features: • Hardware-assisted virtualization with Intel VT. • Data Execution Prevention (DEP) enabled with Intel Execute Disable Bit (XD). • 4 GB RAM. • Windows Server 2016 Standard Edition with the Desktop Experience deployment. Will this system allow you to create your lab environment?

No. You need more RAM to support four virtual machines.

Your company's Internet namespace is westsim.com, and your company's internal namespace is internal.westsim.com. Your network has two DNS servers, DNS1 and DNS2. DNS1 is configured with a root zone and is authoritative for the internal.westsim.com domain. DNS2 is authoritative for the westsim.com domain. All client computers are members of the internal.westsim.com domain and are configured to use DNS1 as the primary DNS server. Client computers on your internal network cannot resolve Internet DNS names. You verify that client computers can resolve internal DNS names successfully. You also verify that the internal DNS server is configured to forward all unresolvable DNS names to the company's Internet DNS server. You must keep your internal network as secure as possible while making sure that all client computers can resolve Internet DNS names successfully. What should you do?

On DNS1, delete the . zone.

You are the network administrator for a single domain network with a single subnet. Server Prod2 is configured to provide DHCP services for the subnet. The current configuration is shown in Image 1. Because of some recent business expansion, a new subnet is added to the network. You want to increase the fault tolerance of the DHCP solution. You install the Prod4 server on the same subnet as the Prod2 server and configure it as a DHCP server. How should you configure both Prod2 and Prod4 to provide load balancing and fault tolerance to DHCP clients on Subnet A? (Select all that apply.)

On Prod4, exclude addresses 192.168.1.51-192.168.1.150. On Prod2, exclude addresses 192.168.1.151-192.168.1.250. On Prod4, create a scope with the address range 192.168.1.51-192.168.1.250.

You have a Windows server named Srv9 running Server Core. You want to view the current operating statistics of Srv9 from another Windows Server server named Srv3. From Srv3, you open Performance Monitor and try to connect to Srv9. You get the following error: When attempting to connect to the remote computer the following system error occurred: The RPC server is unavailable. What should you do?

On Srv9, start the Remote Registry service. Try the connection again from Srv3.

You are the network administrator for corpnet.com. You have three Windows servers that are members of a failover cluster named Cluster1. All three nodes are running Windows Server 2012. You build three new servers running Windows Server 2016. You install the Failover Cluster feature on the three new nodes and then use them to create a new failover cluster named Cluster2. How can you move the applications from Cluster1 to Cluster2?

On a server in Cluster2, click Migrate Roles.

Your network has a single domain named southsim.com. DNS data for the domain is stored on the following servers: • DNS1 holds the primary zone for southsim.com. • DNS2 and DNS3 hold secondary zones for southsim.com. All three DNS servers are located on domain controllers. The DNS zone for the domain is configured to allow dynamic updates. You want to allow client computers to send DNS updates to any of the three servers and allow any of the three servers to update DNS records in the zone. What should you do?

On all three servers, change the zone type of the DNS zone to Active Directoryintegrated.

You are the network administrator of a network with 90 workstations on a single subnet. All client computers are configured to receive IP address assignments using DHCP. A single server called SRV1 provides DHCP services and is configured with a single scope, 194.172.64.10- You want to add a second DHCP server for redundancy and fault tolerance. The existing DHCP194.172.64.254. server should assign most of the addresses, while the second server will primarily be a backup. You want the two servers to work together efficiently to assign the available addresses. However, you want to do this while using Microsoft's best practices and with as little administrative overhead possible. You install a Windows Server named SRV2 as the secondary server and configure it with the DHCP service. How should you configure the scopes on both servers?

On both servers, set the scope range to 194.172.64.10-194.172.64.254. On SRV1, exclude addresses 194.172.64.206-194.172.64.254. On SRV2, exclude addresses 192.172.64.10-192.172.64.205.

You are the manager for the westsim.com domain. The network has a single subnet with five servers all running Windows Server. The 100 client computers are all Windows desktops. One of the servers is configured as a DHCP server configured with a single scope for the 10.0.0.0/24 subnet. Your network has three printers with built-in print servers. These printers are configured as DHCP clients. You want to make sure that each printer gets the same IP address each time it starts up. You configure an exclusion range of 10.0.0.12 to 10.0.0.14 for the printers. You also configure a reservation for each printer. You are informed that no one is able to connect to the printers. You use management software and find that none of the printers have been assigned appropriate IP addresses. What should you do?

On the DHCP server, delete the exclusion range.

You are the DNS manager for the eastsim.com domain. You have a domain controller named DC1 that holds an Active Directory-integrated zone for the eastsim.com zone. Users have complained about multiple DNS name resolution errors. You have examined the configuration, but can't see anything wrong. To help identify the problem, you would like to track the DNS packets sent and received by the server. You would also like to filter by IP address. What should you do?

On the DNS server, enable debug logging.

You are the administrator for the corp.westsim.com domain. The network has two child domains, acct.corp.westsim.com and sales.corp.westsim.com. You need to configure DNS name resolution properties on the Srv2.sales.corp.westsim.com server. When an unqualified name is submitted for name resolution, you want the server to search using the following suffixes: • sales.corp.westsim.com • corp.westsim.com • westsim.com You want to configure the solution with the least amount of effort possible. What should you do?

On the DNS tab, select Append parent suffixes of the primary DNS suffix.

You are the administrator for a network with a single Active Directory domain named widgets.local. The widgets.local domain has an organizational unit object for each major department in the company, including the information systems department. User objects are located in their respective departmental OUs. Users who are members of the Domain Admins group belong to the Information Systems department. However, not all employees in the Information Systems department are members of the Domain Admins group. To simplify employees' computing environment and prevent problems, you link a Group Policy object (GPO) to the widgets.local domain that disables the control panel for users. How can you prevent this Group Policy object from applying to members of the Domain Admins group?

On the Group Policy object's access control list, deny the apply Group Policy permission for members of the Domain Admins group.

You manage user accounts in the southsim.com domain. Each department is represented by an Organizational Unit (OU). Computer and user accounts for each department have been moved to their respective OUs. You want to control access to a new color printer named ColorMagic. To do this, you create the following groups: • A domain local group named ColorMagic-DL • A global group named Sales-GG You want all users in the sales department to have access to the new printer. What should you do? (Select three. Each choice is a required part of the solution.)

On the Members tab for the Sales-GG group, add all sales user accounts. On the ColorMagic printer object, assign permissions to the ColorMagic-DL group. On the Member Of tab for the Sales-GG group, add the ColorMagic-DL group.

You want to monitor the processor utilization on your Windows server named Srv12. You want to generate a report that shows the processor utilization on the server over the next three days, capturing utilization data every five minutes. You want to save all data from the report in a single file. What should you do? (Select two. Each choice is a required part of the solution.)

On the Performance Counters tab for the data collector, configure a sample interval of five minutes. On the Stop Condition tab for the data collector set, configure an overall duration of three days. Create a new data collector set with a performance counter data collector.

Your company has an Internet domain of westsim.com. Your internal network has three Active Directory domains named westsim.local, support.westsim.local, and research.westsim.local. You install a server named SL-SRV1 as a member of the westsim.local domain. You configure SLSRV1 with a static IP address of 192.168.0.23. You configure the server to dynamically register its DNS name. Clients in the support.westsim.local domain need to access the SL-SRV1 server. Some users in the support.westsim.local domain are accustomed to using the support.westsim.local suffix when accessing network resources. To accommodate these users, you want to dynamically register the name SL-SRV1.support.westsim.local in addition to the SL-SRV1.westsim.local name in DNS. What should you do?

On the SL-SRV1 server, edit the advanced TCP/IP properties of the server's local area connection. Add a connection-specific suffix of support.westsim.local. Apply the changes and then run ipconfig /registerdns.

You have installed WSUS on a single member server for your entire network. You have configured the server to automatically approve new versions of previously approved updates. You store updates locally on the D:\WSUS\content folder, and clients download updates directly from your WSUS server. You verify that clients are downloading the updates. You get an email notifying you of a new security patch. You check a client system and find that the newest update has not yet been applied. On the WSUS server, you see the new patch in the list of available updates, but it is not being applied to client systems. What should you do?

On the WSUS server, approve the new update.

You are the network administrator for Corpnet.com. You have created a network load balancing cluster for the intranet website. The NLB cluster consists of three Windows servers named Web1, Web2, and Web3. Users access the intranet website using the URL Http://Intranet.Corpnet.com. Management would like to use SSL to secure the intranet website. During the test phase, only Web1 will service SSL requests. You have installed a certificate on the Web1 server and modified the bindings in IIS. You need to configure Network Load Balancing to ensure that only the Web1 server services SSL requests for the intranet website. What should you do? (Choose three.)

On the Web1 server, set the handling priority for the new port rule to 1. Set the affinity for the new port rule to Single Host. Create a new port rule that runs from port 443 to port 443.

You have a Windows server named Print1 that is the print server for five shared printers. You have configured a printer object for each printer and shared each printer. Users start complaining that one of the printers, the FastPrint 6000, is missing parts of graphics when it prints. You check the manufacturer's website and find an updated printer driver that is supposed to fix the problem. You need to update each client computer with the new driver. You need to do so as quickly as possible with the least amount of effort. What should you do?

On the server, update the printer object with the new driver.

You manage the DNS servers that are authoritative for the private.westsim.com zone. Two servers are authoritative for the zone. DNS1 hosts the primary DNS zone, and DNS2 holds a secondary copy of the zone. You have just manually created an A resource record for a new web server on your network that is configured with a static IP address. From your workstation, you open a browser and try to connect to the new web server. You get an error message stating that the web site is not found. You run ipconfig /all and find that your workstation is correctly configured to use the DNS1 server as its preferred DNS server. But, as you continue to troubleshoot the problem, you discover that you incorrectly typed the server's IP address while creating its A resource record. You correct the IP address in the A record and retry connecting to the web site. However, you get the same error on your workstation. What should you do?

On your computer, run ipconfig /flushdns.

You are the network administrator for corpnet.com. The network has two Windows servers named HV1 and HV2. Both servers are running the Hyper-V Role. The network does not have a storage area network (SAN). HV1 has a virtual machine named VM1. You need to ensure that you can start VM1 on HV2 if HV1 fails. What should you do? (Select two.)

Open the Hyper-V settings on HV1 and modify the Replication Settings. In the properties of VM1, enable replication.

You have connected a print device to your server and created a printer for it. You have shared the printer as Printer1 and granted the Everyone group permission to print to it. The server is called Srv1 and has a reserved IP address of 192.168.1.27. You want to manage printing to a network printer on your local subnet. The printer is connected directly to the network and uses an IP address of 192.168.1.14. What should you do?

Open the Print Management console on Srv1 and create a new TCP/IP printer using the 192.168.1.14 IP address. Select the appropriate printer driver according to the make and model of the printer.

You have been hired as a consultant for a small business that is using Windows Server. Three months ago, they installed a new server. Since that time, they report that from time to time, the system has had slowdowns and crashes. You want to look at a report that shows important events for the server since it was installed. You'd like to see when software was installed and any hardware or application failures. You want to view this information with as little effort as possible. What should you do?

Open the System Stability chart in Reliability Monitor.

Active Directory term on the left to its corresponding definition on the right. (Each component may be used once, more than once, or not at all.)

Organizational Unit -Logical organization of resources network resources Domain- Collection of network resources Forest- Collection of related domain trees Object - Resource in the directory Tree - Group of related domains Object - User or group of users

Management is concerned that users are spending time during the day playing games and have asked you to create a restriction that will prevent all standard users and administrators from running the Games app. Click on the option you would use in Group Policy Management Editor to implement this restriction.

Packaged app Rules <===

You need to conduct a planned failover of Win7VM virtual machine on your Windows Server hypervisor. Click the virtual machine option you would use in Hyper-V Manager to accomplish this task

Replication <==

You are the network administrator for Corpnet.com. The network has two servers that run Windows Server. They are named HV1 and HV2. Both servers are running the Hyper-V role and are members of a cluster named Cluster1. HV1 hosts a virtual machine running a Windows server named VM1. HV1 is running low on space. You would like to transfer the .VHD file for VM1 to HV2 while you requisition additional space. VM1 must remain available while space is added to HV1. What should you do?

Perform a storage migration.

You want to monitor the processor utilization on your Windows server named Srv12. You want to get an email notification every time the processor utilization exceeds 90%. You create a new Data Collector set in Performance Monitor. What type of Data Collector should you create?

Performance counter alert

You need to add additional disk space to the AccServ virtual machine running on a Windows server. To accomplish this, you decide to create a pass-through disk. Click the option you would use in the virtual machine's settings screen to do this.

Physical Hard Disk:

You configured the IP address and DNS name of a new internal web server named WEB3. Your first test from a web browser on your workstation was successful. But when you came to work this morning, you were not able access WEB3 from the same workstation using the same browser. You get an error message stating that this site cannot be reached. You have not changed the server's IP configuration since the successful test the night before. Which troubleshooting step should you try first to discover what the problem might be?

Ping WEB3 using its IP address.

You manage a network with a single Active Directory domain called westsim.com. You have just deployed an Azure AD domain controller in the Azure cloud so that remote users can authenticate to the westsim.com domain over the Internet. By default, replication is set to occur on this domain controller every 180 minutes. Your manager wants you to change this setting so that replication occurs every six hours. Which of the following must you perform to make it possible to configure replication on the Azure AD domain controller?

Place the Azure AD domain controller in its own site.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. The network has two sites. One site is located in your main office, and the other site is located in a branch office in another city. A WAN link with occasional latency issues is used for the network connection between the two locations. All servers in your network are running Windows Server 2016 Datacenter edition. The main office and branch office sites each have three servers. There are users at both offices that rely on the same mission-critical server application to perform their jobs. If a disaster happens at either site, your manager wants you to be prepared so that all data can be recovered. Your manager also wants the users at either site to be able to keep on working if something happens to the network at the other site or the network connection between sites goes down. Which plan could you follow to accomplish what your manager wants you to do?

Plan 1 • Configure two SANs, one at each location, for the servers to use as shared storage. • Implement Failover Clustering and create one cluster for the main office site and one for the branch office site. • Set up Storage Replica in a stand-alone configuration to replicate the data between clusters. Plan 3 • Configure two SANs, one at each location, for the servers to use as shared storage. • Implement Failover Clustering and place all the servers from both sites in the same cluster (a stretch cluster). • Set up Storage Replica in a stretch cluster configuration to replicate the data between sites.

You are in charge of designing the Active Directory tree. You have a small company that has only one location. You have determined that you will have approximately 500 objects in your completed tree. Your company is organized with four primary departments, accounting, manufacturing, sales, and administration. Each area is autonomous and reports directly to the CEO. The managers in each department want to make sure that some management control of their users and resources remains in the department. Which of the following design plans will best meet these requirements?

Plan 3 • Create an organizational unit object for each department. • Train a member of each department to perform limited administrative duties. • Use the Delegation of Control wizard to give a member of each OU enough rights to perform the necessary administrative tasks only in the appropriate OU.

You are the network administrator for your company. Your company has three standalone servers that run Windows Server. All servers are located in a single location. You have decided to create a single Active Directory domain for your network. Currently, each department has one employee designated as the department's computer support person. Employees in this role create user accounts and reset passwords for the department. As you design Active Directory, your goal is to allow these users to maintain their responsibilities while not giving them more permissions than they need. Which of the following design plans will best meet your goals?

Plan 4 • Create an organizational unit (OU) structure where each department has its own OU. • Use the Delegation of Control wizard to grant each computer support user appropriate permissions to their department OUs.

You need to fail over a virtual machine running on a Windows Server hypervisor host using the following parameters: • The latest changes made to the primary virtual machine must be replicated to its replica virtual machine. • The primary virtual machine must be brought down. • The replica virtual machine starts, which transfers the workload from the primary server to the replica server with no loss of information. Which type of failover should you use?

Planned

You manage a single domain named widgets.com. This morning, you noticed that a trust relationship you established with another forest has changed. You reconfigured the trust, but you want to be able to identify if this change happens again in the future. You want to configure auditing to track this event. Which auditing category should you enable?

Policy change events

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. A user named Mary Merone is working on location in Africa. She called to report that her laptop had failed. The hardware vendor replaced the laptop, and now you need to join the new computer to the domain. However, there is no connectivity from the current location to the domain. You must ensure that the laptop is joined to the domain immediately, even if it cannot be physically connected to a domain controller. What should you do first?

Prepare the computer to perform an offline domain join by creating an Active Directory account for the computer using the Djoin /provision command.

You have just ordered several laptop computers that will be used by members of the programming team. The laptops will arrive with Windows. You want the computer account for each new laptop to be added to the Developers OU in Active Directory. You want each programmer to join his or her new laptop to the domain. What should you do?

Prestage the computer accounts in Active Directory. Grant the programmers the rights to join the workstation to the domain.

Scoping allows you to target a given GPO to specific users and/or computers. Drag the scoping method on the left to the appropriate description on the right. (Methods can be used once, more than once, or not at all.)

Prevents settings in GPOs linked to parent objects from being applied to child objects.-Block Inheritance Causes computer settings to be reapplied after user login.-Loopback processing Prevents inheritance from being blocked for a specific GPO.-Enforced Causes computer settings to take precedence over user settings.-Loopback Processing

Windows printing uses the concept of a logical printer. Which of the following are the components of a logical printer? (Select three.)

Print device Printer driver Print spooler

Listed below are several DNS record types. Drag the record type on the left the appropriate function on the right.

Provides alternate names to hosts that already have a host record. CNAME Points an IP address to a host name. PTR Points a host name to an IPv6 address. AAAA Points a host name to an IPv4 address. A Identifies servers that can be used to deliver mail MX

Drag the Windows Defender feature on the left to the appropriate description on the right.

Provides real-time protection by sending Microsoft information about potential security threats discovered by Windows Defender. -Cloud-based protection Checks file system locations that are most likely to be infected by spyware. -Quick scan Allows Windows Defender to send information to Microsoft for use in analyzing and identifying new malware. -Automatic sample submission Alerts you when spyware or potentially unwanted software attempts to install itself or run on your computer. -Real-time protection Causes the system to reboot and Windows Defender to run a scan in an isolated state before returning to Windows. -Offline scanning

You have a computer running Windows. Prior to installing some software, you turn off User Account Control (UAC), reboot the computer, and install the software. You turn UAC back on, but it does not prompt you before performing sensitive actions. You want the protection of UAC, but it is not working at all. What should you do?

Reboot the machine.

You manage a Windows server named Srv12. Srv12 hosts an application that stores data in a custom database. You configure Windows Server Backup to back up the volume for the application and its data. The application has a VSS writer, and it is running when the backup completes. The hard disk holding the application and data has crashed. You check your backup media and find that you have a DVD from today. You also have a hard disk with a backup taken last night, but that disk is stored in an offsite location. You want to restore the application and its data as quickly as possible, but leave the database in an unrecovered and offline state. What should you do? (Select two. Each choice is a required part of the solution.)

Recover the application and its data from disk. Recover the backup to the original location. Do not perform roll-forward recovery.

You are considering implementing NIC Teaming in a virtual machine running in Hyper-V. The virtual machine is configured with 8 GB of system RAM, a 1 TB virtual hard disk file, and four virtual network adapters. You want to use all of the network adapters in the team to provide load balancing and failover. What should you do?

Reduce the number of virtual NICs in the team to two.

You manage a network with a single Active Directory domain called westsim.com. Most of your users work from the office and access your on-premise domain controllers when they authenticate and use network resources. But you also have a few users who work remotely. Your company has just moved to Office365 and is using the cloud-hosted versions of Exchange and SharePoint for employees who work from home. You are considering using Azure AD to allow these employees to authenticate to the domain. Which of the following are advantages of deploying Azure AD? (Select two.)

Remote users can authenticate to the domain from any location that has Internet access. Remote users can have single sign-on access to Exchange and SharePoint.

You need to control access to the D:\Reports folder as follows: • Members of the Accounting group should be able to open and view all files, edit them, add new files, and rename and delete files. • Mary needs to be able to open and view files, but should not be able to modify the files, rename files, or delete them. Mary is a member if the Accounting group. You want to assign NTFS permissions taking the least amount of actions possible and affecting existing permissions as little as possible. What should you do?

Remove Mary from the Accounting group. Assign allow read and execute, list folder contents, read, and modify to the Accounting group. Assign Allow allow read and execute, list folder contents, and read to Mary.

Mr. Yamashita needs to be able to modify the contents of the Promo share, a shared folder on one of your Windows servers. The share has been assigned the following permissions: User/Group Permission Telesales global group Allow read Training global group Deny full control Managers global group Allow change Mr. Yamashita user Allow change Mr. Yamashita is a member of each of these groups. How should you modify the share permissions to allow the necessary access? (Choose three. Each choice is a complete solution.)

Remove Mr. Yamashita's user account from the Training group. Change the Training group's permission to allow Read. Remove the Training group from the share.

You have a Windows server that is maintained by multiple administrators. Sally wants to access a file in the Reports folder. A group named Sales has been granted the full control permission to the Reports folder and all subfolders and files. You add Sally as a member of the Sales group, but she still cannot access the file that she needs. You want to let Sally access the Reports folder. What should you do?

Remove Sally from any other groups that have been explicitly denied access to the Reports folder.

You share a folder named Public and configure the following permissions. Share Permissions NTFS Permissions Everyone = Full Control Administrators = Full Control Sales = Modify Assistants = Deny Modify You receive a phone call from Sally, a member of the Sales group and Assistants group, claiming that she cannot save a file to the Public shared folder. You want to make sure that members of the Sales group (who are not members of the Assistants group) can save new files to the Public shared folder and access, update, and delete existing files in the Public share. You want to continue to ensure that members of the Assistants group cannot modify files in the Public shared folder even if they are members of the Sales group. However, you also want to let Sally update files in the Public share. What should you do?

Remove Sally from the Assistants group.

You have connected a print device to Srv4 and created a printer for it. You have shared the printer as Printer1 and published it to Active Directory. You assign the allow print permission for the printer to the Help Desk Technicians domain local group. However, you discover that users who are not members of the Help Desk technicians group can print to the printer. You want only members of the Help Desk Technicians group to print to Printer1. What should you do?

Remove the Everyone group from the printer's access control list.

On your Windows server, you share the D:\Promo folder using the share name Promo. The share has been assigned the following permissions: User/Group Permission Telesales group Allow read Training group Deny full control Managers group Allow change Mary user Allow change The Mary user account is a member of the Training group. NTFS permissions allow all access. Mary needs to be able to edit documents in the shared folder but cannot. You need to modify the share permissions to allow her the necessary access. What should you do? (Choose two. Each choice is a possible solution.)

Remove the Mary user account from the Training group. Change the Training group permission to allow read.

You have decided to create a shared folder that will contain sensitive information about planned changes in the personnel structure. Most users will be denied access to the share, which is named REORG. You have successfully created the share and set appropriate permissions. However, management feels the effect of having this share on the server, which denies access to most users, is damaging morale. You need to keep the information available to the users who currently access it. What can you do to avoid having the REORG share listed when users view shares on the network?

Remove the REORG share. Share the folder again as REORG$ with the same permissions as before.

You are the administrator for a small network. You have approximately 50 users who are served by a single Windows server. You are providing Active Directory, DNS, and DHCP with this server. Your clients all use Windows workstations. Last week, an employee quit. A replacement has been hired and will be starting next Monday. The new user will need to have access to everything the previous user had, including document files held in the Home folder. You need to set up an account for the new user that all the access required. What should you do?

Rename the existing account, changing the name fields to match the new employee.

You are the administrator for a large single-domain network. You have several Windows Server domain controllers and member servers. Your 3,500 client computers are Windows workstations. Today, one of your users has called for help. It seems that his computer is reporting that a trust cannot be established between his Windows computer and the domain controller. He is unable to log on to the domain. You examine the computer's account using Active Directory Users and Computers, and there is nothing obviously wrong. You need to allow this user to log on to the domain. What should you do?

Reset the computer account and rejoin the domain.

You have a laptop that you use for remote administration from home and while traveling. The laptop has been joined to the domain using the name of AdminRemote. The processor in your laptop overheats one day, causing extensive damage. Rather than repair the computer, you purchase a new one. The computer arrives, and you edit the system properties and name it AdminRemote. When you try to join the computer to the domain, you receive an error message and are unable to proceed. What should you do?

Reset the computer account in Active Directory.

You have a Windows server named Print1 that is the print server for five shared printers. You have configured a printer object for each printer and shared each printer. Your network has several hundred users. You would like users to be able to search for printers based on capabilities such as color, duplex, and other features, and to be able to select the printer that is appropriate for a specific task. What should you do?

Right-click each printer and choose List in Directory.

Your Windows system has been infected with malware that has replaced the standard boot loader on the hard disk with its own malicious software. Which type of exploit is being used in this scenario?

Rootkit

Prior to installing Active Directory on your network, you set up a test network in your lab. You created several user accounts that correspond to actual network users. Now that your test is done, you'd like to move all user accounts from your test network to a new domain that you've just installed. You decide to use the Ldifde command to import the user accounts into the production domain. You want to set passwords for the new user accounts. How can you perform this task with the least amount of effort?

Run Ldifde to export the user accounts. Run Ldifde to import the user accounts. Edit the .ldif file to specify user account passwords. Run Ldifde to modify the existing accounts.

You get a call from a user one day telling you that his password no longer works. As you inquire about the reasons why the password doesn't work, he tells you that yesterday he got a call from an administrator asking for his user account password, which he promptly supplied. You know that a legitimate administrator would have never made this request. You are concerned that the impersonator might have contacted other users with the same request. To protect your network, you would like to reset all user account passwords and force users to change their passwords at next login. You want to accomplish this as quickly as possible. What should you do? (Select two. Each choice is a possible solution.)

Run Ldifde to export user account information. Edit the .ldif file to modify the user account properties and passwords. Run Ldifde to modify the existing user accounts. Create a script that runs Dsmod . Specify the new password and account properties in the script. Run the script.

You are the network administrator for corpnet.com. You have four Windows servers that are members of a failover cluster named Cluster1. You need to schedule the installation of Windows updates on the cluster. Which solution can you use to minimize downtime for nodes during the application of updates?

Run the Add-CauClusterRole cmdlet.

You are the network administrator for corpnet.com. You have four Windows servers that are members of a failover cluster named Cluster1. The CorpNet finance department uses a legacy application named AcctRecv that was not designed to run in a failover cluster. How can you enable AcctRecv to run in Cluster1?

Run the Add-ClusterGenericApplicationRole cmdlet.

You have a computer that runs Windows connected to a domain network. One day, you find that the computer is unable to connect to the Internet, although it can communicate with a few other computers on the local subnet. You run the ipconfig command and find that the network connection has been assigned the address of 169.254.12.155 with a mask of 255.255.0.0. What can you try as first step to resolve this issue?

Run the ipconfig /release and ipconfig /renew commands.

You manage a Windows server that is used to hold user data files. You will use Windows Server Backup to configure a backup schedule. You are about to make some configuration changes to the server. You want to create a backup of the system state only right now, before making the changes. What should you do? (Select two. Each choice is a complete solution.)

Run wbadmin. Save the backup to a local disk. Run Windows Server Backup and start the Back up Once wizard. Save the backup to a shared folder on the network.

You manage a Windows server that is used to hold user data files. The system volume is drive C:, while all user data is on drive E:. You will use Windows Server Backup to configure a backup schedule. You want to back up only the E: volume twice per day. You want to be able to restore individual files and folders. If possible, you want to save backups on optical media so you can place the backup disc in a media catalog server for easy retrieval. What should you do? (Select two. Each choice is a required part of the solution.)

Save the backup to an external hard disk. Create a backup schedule in Windows Server Backup.

The Srv1 server runs Hyper-V and has several virtual servers installed. Currently, most virtual servers are used for testing purposes. The physical system is running out of memory because of all of the virtual machines that are currently active. You want to stop three virtual machines to free up system resources. You want to stop the virtual machines so that all open applications are still open and running when they start again. What should you do?

Save the virtual machine.

You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. You would like to configure all computers in the Sales OU to prevent the installation of unsigned drivers. Which GPO category would you edit to make the necessary changes?

Security Options

You are the network administrator for your company. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify attempts to break into a computer by having the computer that denies the authentication attempt note the failed attempt in its security database. How can you create a policy that meets these requirements?

Select Failure for Audit account logon events.

You are the network administrator for your company. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify denied attempts to change a user's group membership in a computer's local database. How can you create a policy that meets these requirements?

Select Failure for Audit account management.

You are the network administrator for your company. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify denied attempts to manipulate files on computers that have been secured through NTFS permissions. How can you create a policy that meets these requirements?

Select Failure for Audit object access.

You are the network administrator for Corpnet.com. A small group of software developers in your organization have to use Linux workstations. You are creating a share for these Linux users on your file server, which is named File1. Which feature must be installed on the Windows server to accomplish this?

Server for NFS

You are the network administrator of the westsim.com domain. You have several users who use Windows laptop machines because they travel frequently. These users have very sensitive information on their laptops, so you have been asked to take additional security measures with these machines. You install smart card readers on each laptop so that no one can access a lost or stolen laptop unless they also have the smart card. Click on the Group Policy preferences Control Panel setting you would use to configure these laptops so the Smart Card Reader service starts when the laptop is powered on.

Services <===

You are the network administrator for your network. Your network consists of a single Active Directory domain. Your company recently mandated the following user account criteria: • User accounts must be deactivated after three unsuccessful logon attempts. • User account passwords must be at least 12 characters long. • User accounts must be manually reset by an administrator once they are locked out. You must make the changes to affect everyone in the domain. You are editing the Default Domain Group Policy object. What should you do? (Choose three. Each correct choice represents part of the solution.) Set

Set Account lockout threshold to 3. Set Account lockout duration to 0. Set Minimum password length to 12.

Sally is an employee in the sales department. Important documents are stored in the D:\SalesDocs folder on a Windows server. Sally is a member of the Domain Users and Sales groups. The SalesDocs folder has been shared, and the following permissions are currently assigned to the SalesDocs folder: NTFS Permissions Share Permissions Domain Users = Allow-Read Sales = Allow-Modify Domain Users = Allow-Read Sales = Allow-Change Sally needs to read and modify all files in the SalesDocs folder except StyleGuide.doc. Sally should be able to read StyleGuide.doc, but not modify it. What should you do?

Set Sally's NTFS permission for StyleGuide.doc to deny write.

You have connected a print device to the SRV12 server and created a printer for it. You have shared the printer as Printer1 and granted the Everyone group permission to print to it. Terry, the company vice president, informs you that he just submitted a print job to your printer and needs it in five minutes. Upon checking the printer, you find that there are numerous print jobs ahead of Terry's. You need to print Terry's print job without causing other users to lose their print jobs. What should you do?

Set the priority of Terry's document to 99 and all others to 1.

The image shows the current scavenging settings for the eastsim.com zone. Automatic scavenging has been configured on the zone to run every hour. You want to modify the existing settings so that DNS records are deleted within 10 days after they have not been refreshed. What should you do?

Set the refresh interval to 3.

You are installing DHCP in four subnets. Three of the subnets have Windows desktop computers, and the fourth subnet has only Windows laptop computers. On the subnet with the laptops, you want any computer that has not logged on in two days to release its IP address. On the desktop subnets, you want computers that have not logged on in 30 days to release their IP addresses. How should you configure the DHCP scopes?

Set up one scope for each subnet and set the lease period as a part of each scope's configuration.

You want Windows Defender to automatically report malware infections to Microsoft. Click the option you must use to make that change.

Setting<==

SRV03 is a Windows server that holds the SalesDept folder. This folder contains documents specific to the sales department. You create two user groups: • The Sales group includes all members of the sales department. • The SalesAdmin group includes about ten members of the sales department who manage sales-related documents. You want the Sales group to have read only access to the content in the SalesDept folder. Members of the SalesAdmin group should have all permissions to the folder. No other users should have access. All access will be through the network. You want to assign as few permissions as possible. What should you do?

Share the SalesDept folder. Grant read permissions to the Sales group and full control permissions to the SalesAdmin group. Remove the Everyone group.

Your Windows server has a folder named D:\SalesDept. The D: drive is formatted with FAT32. You need to allow network access to the folder as follows: • Members of the Sales group should have read-only access to the content in the folder. • Members of the SalesAdmin group should be able to open, edit, and add new files to the folder. • No other users should have access. Members of the SalesAdmin group are also members of the Sales group. What can you do to configure the needed access while assigning as few permissions as possible?

Share the SalesDept folder. Grant the read permission to the Sales group and the change permission to the SalesAdmin group. Remove Everyone from the access control list.

Active Directory uses two broad categories of objects to represent the various components of a network: • Network resources • Security principals Drag the category on the left to the object on the right that belongs to that category. (Categories can be used more than once.)

Shared folder- Network resource User- Security Principal Group - Security Principal Printer - Network resource Computer Account - Security Principal

You manage a network with a single Active Directory domain called westsim.com. You have just deployed an Azure AD domain controller in the Azure cloud. You have created a user account for yourself in the new Azure AD domain. You are now testing the configuration of the Azure AD domain from home. You have successfully joined your home computer to this domain, so you are ready to make sure you can log on to the domain with your Azure AD user account. Which of the following steps do you need to perform to log on to the Azure AD user account? (Select two. Each correct answer is part of the complete solution.)

Sign out as the local user. Select Other user and sign in using the Azure AD user account credentials.

Which Hyper-V feature found in Windows Server provides temporary memory that allows a virtual machine to restart even when there is not enough physical memory available?

Smart Paging

You would like to have better control over the applications that run on the computers in your domain, so you have decided to implement AppLocker. You have created default rules and an executable rule that only allows the company's accounting application to run. When you test these rules, you find that you can still run any program on your test client. What should you do? (Select two. Each correct answer is part of the solution.)

Start the Application Identity service on the client. Ensure that the enforcement mode for executable rules is set to Enforce rules.

A server named RODC1 is a read-only domain controller located in a branch office. RODC1 uses Bitlocker to encrypt all drives for extra security. You have been notified that RODC1 failed. After obtaining the necessary hardware to repair the server, you need to perform a bare metal restore of the server. What should you do?

Start the computer from the Windows Server installation disk.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. The network contains three Windows servers named FS1, FS2, and FS3. These servers are used for storing files in shared folders. Your users must have access to these shared folders to do their jobs, so you want to implement high availability through failover clustering. However, there is no budget for purchasing a SAN to use as the shared storage in a failover cluster. Which of the following allows you to create a failover cluster without having to purchase a SAN?

Storage Spaces Direct

You are configuring a NIC team that is being used for failover only and not bandwidth aggregation. Which NIC teaming configuration must you use?

Switch-independent teaming

You have installed WSUS on a single member server for your entire network. You have configured the server to automatically approve new versions of previously approved updates. You store updates locally on the D:\WSUS\content folder, and clients download updates directly from your WSUS server. You verify that clients are downloading the updates. You get an email notifying you of an updated security patch that applies to an update that you have previously approved. You check a client system and find that the newest update has not yet been applied. On the WSUS server, you do not see the new update listed. What should you do?

Synchronize your WSUS server with Microsoft Update.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. The network contains two servers named FS11 and FS12. Both servers are running Windows Server 2016 Datacenter edition. You have implemented Storage Replica as a disaster recovery solution with FS11 and FS12 as replication partners. When a user makes changes to a file that is stored in a shared folder on FS11 and then saves those changes, the following process takes place: • FS11 writes the changes to its data disk but does not acknowledge the write operation to the user's application. • FS11 replicates the write operation to FS12. • FS12 writes the change to its data disk and acknowledge the write operation back to FS11. • FS11 sends an acknowledgement to the user's application, letting it know the write operation was successful. Which replication type is being used between FS11 and FS12?

Synchronous

You currently manage a virtual machine named VM18 that has been installed on the Srv5 physical server. The virtual machine runs Windows Server and a custom application. You receive an update to the application. You want to save the current state so if the update causes any problems, you can easily revert back to the state before the update was installed. What should you do?

Take a snapshot of the virtual machine.

An employee has quit under difficult circumstances. Unfortunately, the user had several files that are needed, and before the employee left, they assigned deny full control permission to domain users to all the files and folders. All users, including you, are now blocked from accessing these important files. You need to make these files available as quickly as possible. What should you do?

Take ownership of the files and change the permissions.

Question 3: Incorrect You need to fail over a virtual machine running on a Windows Server hypervisor host using the following parameters: • A temporary copy of the virtual machine must be created and run on the replica server. • The original virtual machine on the primary server must remain running to service client requests. • The test virtual machine must not be connected to any network to prevent conflicts with the original virtual machine on the primary server. • When you are finished, the temporary virtual machine must be deleted. Which type of failover should you use?

Test

Drag the hypervisor type on the left to the failover that is initiated from it on the right.

Test Failover -Replica Server Planned Failover -Primary Server Unplanned Failover -Replica Server

You want to follow server backup best practices so you can successfully recover from failed storage devices. Which of the following are examples of server backup best practices? (Select two. Each choice is a required part of the solution.)

Test your backups occasionally. Schedule backups to run automatically.

You manage a single domain running Windows Server. You have configured a restricted Group Policy as shown in the image. When this policy is applied, which action will occur?

The Backup Operators group will be made a member of the Desktop Admins group.

You are the network administrator for corpnet.com. The network has two Windows servers named HV1 and HV2. Both servers are running the Hyper-V Role and the Failover Cluster feature. The servers are configured as nodes in a failover cluster named Cluster1. The Hyper-V Replication Broker role is installed in Cluster1. A third server named HV3 also has the Hyper-V role installed, but is not a member of Cluster1. You need to ensure that Cluster1 can be a replica server for HV3 so that any virtual machines hosted on HV3 can be replicated to Cluster1. Which tools should you use? (Choose two.)

The Failover Cluster Manager console on Cluster1. The Hyper-V Manager console on HV3.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. The network contains two servers named FS1 and FS2. Both servers are running Windows Server 2016 Datacenter edition. You want to implement Storage Replica as a disaster recovery solution. FS1 and FS2 will be replica partners with FS1 as the source server and FS2 as the destination server. Which of the following must be completed before you can configure this replica partnership? (Select two.)

The File Server role must be installed on FS1 and FS2. The Storage Replica feature must be installed on FS1 and FS2.

You are the administrator for a domain named internal.widgets.com. This domain spans a single site (the Default-First-Site-Name site). You want to configure password and account lockout policies that Active Directory domain controllers will enforce. You have created a Group Policy object with the settings you want to apply. Most of the domain controllers are located in the Domain Controllers OU, although you have moved some domain controllers to a sub-OU called Secure Domain Controllers.Where should you link the Group Policy object that you created?

The internal.widgets.com domain.

The Domain Name service is made up of several components. Drag each component on the left to its appropriate description on the right. (Each component may used once, more than once, or not at all.)

The last part of a domain name (.com, .edu, .gov). -Top-level domain (TDL) Used to store entries for host names, IP addresses, and other information in the zone -Records Also called the root domain, it denotes a fully qualified, unambiguous domain name. -. (dot) domain A DNS server that has a full and complete copy of all the records for a particular domain. -Authoritative server Maps a DNS host name to an IPv4 (32-bit) address. -Records Includes the host name and all domain names separated by periods. -Fully qualified domain name (FQDN)

Drag the load balancing term on the left to the appropriate description on the right.

The process that cluster members use to reach a consistent state. -Convergence Periodic heartbeat signals sent by cluster members to maintain consistent information about cluster membership -Heartbeat Cluster hosts retain their network adapter's original hardware MAC address. -Multicast mode MAC addresses used by cluster hosts are replaced by a single cluster MAC address. -Unicast mode

User Account Control (UAC) is a tool that generates an alert when a task or operation needs administrative privileges. You use the UAC settings in Control Panel to configure the sensitivity of UAC. Drag the UAC notification level on the left to the appropriate description of what it does on the right.

The user is prompted only when programs try to make changes to the computer or Windows settings. The secure desktop is not displayed. *Notify me only when apps try to make changes to my computer (do not dim the desktop) A UAC prompt and the secure desktop are displayed for 150 seconds. The user cannot perform any other actions until they respond to the prompt. *Always notify The user is prompted only when programs try to make changes to the computer or Windows settings. The secure desktop is displayed for 150 seconds. *Notify me only when apps try to make changes to my computer If logged on as a standard user, all actions requiring privilege elevation are automatically denied. *Never notify

You are troubleshooting an issue with DHCP where clients are getting duplicate IP addresses, which causes users to get IP address conflict messages on their workstations. You view the statistics on your DHCP server, which are shown in the top half of the image below. A few minutes later, you view the statistics again and see the information shown in the bottom half of the image below. Based on this information, which of the following is a probable explanation for the duplicate IP addresses?

There is a rogue DHCP server on the network.

You have several containers running on your container host. You need the containers to function as if they were separate physical machines connected to the physical network segment. The containers need to get IP addressing information from the DHCP server on your physical network segment. Which of the following container networking options should you use?

Transparent

Match each Active Directory component on the left with the appropriate description on the right. (Each component may be used once, more than once, or not at all.) (Each component may be used once, more than once, or not at all.)

Tree - A group of related domains that share the same DNS namespace. Forest - A collection of related domain trees. A collection of related domain trees Domain Controller - Active Directory database. A server that holds a copy of the Active Directory database. Replication - The process of copying changes to the Active Directory database between domain controllers. Domain - A collection of network resources that share a common directory database. Domain Controller - Can make changes to the Active Directory database.

Match each Hyper-V virtual networking feature on the left with its appropriate description on the right. (Each description may be used once, more than once, or not at all.)

Trunking-Allows a VM to see traffic from multiple VLANs Virtual Machine Queue (VMQ)-Allows a VM to see traffic from multiple VLANs Storage QoS-Controls the throughput of data to virtual disks Port ACls-Establishes rules that are applied to virtual switch ports NIC Teaming-Provides bandwidth aggregation Port Mirroring-Copies traffic from one switch port to another DHCP Guard- Prevents a VM from being used as a rogue DHCP server

You have been hired as a consultant for a small business that is using Windows Server. Over the past week, the system has become unstable. You check the System Stability chart in Reliability Monitor and find the following information for the stability index each day: Monday = 9.19 Tuesday = 5.2 Wednesday = 6.4 Thursday = 8.7 Friday = 7.5 You want to look at information for the day that indicates the least stability. Which day would you look at first?

Tuesday

You want to give the TPlask user the right to log on to any of the domain controllers in your domain and gain access to the desktop. This user does not belong to any of the default groups that have the Allow log on locally right by default. Which of the following steps can you take to give the Allow log on locally right to this user? (Select two. Each correct answer is a complete solution.)

Use Active Directory Users and Computers to add the TPlask user account to the Administrators group. Use Group Policy Management Editor to add the TPlask user account to the Allow log on locally policy.

Recently, some users in your domain have downloaded and installed an open source program that contains malware. After download, the application is installed by running a program with a .msi extension. The file is not digitally signed. You have a copy of this open source program running on your server, and it did not install any malware. The users that got the malware likely obtained the program from a website they did not know was malicious. How can you prevent users from installing this software if it has been tampered with?

Use AppLocker to create a Windows installer rule with a file hash condition.

You are the administrator of a network with a single Active Directory domain. You need to create 75 user accounts in the domain Users container. You have a list of new user accounts that include an IP telephone number. The user accounts are available via an export from your company's HR application in the form of a comma-delimited file. You want to create the new accounts as quickly and easily as possible. What should you do?

Use Csvde to import user accounts using the .csv file.

You are the network administrator for westsim.com. The network consists of a single domain. The main office contains a file server named FS1. You need to determine whether the page file on FS1 has been set to the optimal size. What should you do?

Use Performance Monitor to monitor the Paging File, %Usage counter.

You are the server manager for your company. You have just installed a new Windows server. You need to design a backup and recovery strategy for the server that meets the following requirements: • You will use Windows tools for the backups. • Backups are to be taken to an offsite location for storage after they are performed. • Backups should only save data changed since the last backup. • You need to be able to recover individual files and folders. What should you do?

Use Windows Server Backup to create scheduled backups to a removable hard disk.

You manage user accounts in the southsim.com domain. Each department is represented by an organizational unit (OU). Computer and user accounts for each department have been moved to their respective OUs. When a new employee is hired in the sales department , you create the user account, add the user account to multiple groups, assign the user permissions to the sales contact database, and configure permissions to home and shared folders. Because of high turnover, you find that as users leave the organization, you spend several hours tracking down file ownership and reassigning permissions to other users. How can you simplify this process?

Use a programming language to create a deprovisioning solution. Write scripts or routines that run automatically and reassign ownership and permissions when the user account is deleted.

You manage a Windows computer that is shared by multiple users. Recently, a user downloaded and installed two malware programs on the computer. The applications had a .msi extension. What is the first line of defense in protecting your system against applications like these from being copied or downloaded to your system?

Use antimalware software that provides real-time protection.

You are the administrator of a network with a single Active Directory domain. The domain currently includes 75 user accounts. You have been asked to add 50 additional accounts. Your Human Resources manager has an existing database of employees that can be imported to Active Directory. You would like to use an automated method for data import if possible. What should you do? (Select two. Each choice is a complete solution.)

Use the Csvde.exe utility. Use the Ldifde.exe utility.

You are the administrator for the westsim.com domain, which has five domain controllers running Windows Server. The Active Directory structure is shown in the image. All user and computer accounts have been placed in the department OUs. Main offices are located in Orlando, with additional offices in Boston, New York, and Chicago. There are three departments within the company, sales, marketing, and accounting. Employees from each department are at each location. You want to appoint an employee in each department to help with changing passwords for users within their department. They should not be able to perform any other tasks. What should you do?

Use the Delegation of Control wizard. Grant each user administrator permissions to modify passwords for their department OU.

You are the network administrator for Corpnet.com. You have several virtual machines hosted on a VMware platform. You have installed a new Windows server that has the Hyper-V role installed. You need to migrate the VMware virtual machines to Hyper-V. What should you do?

Use the Microsoft Virtual Machine Converter (MVMC) tool.

You are the network administrator for westsim.com. The network consists of a single domain. The company has a file server named FS1 that hosts a share named SalesData for the sales department. You need to configure the SalesData share so that users will be allowed to view only the files and folders to which they have rights. What should you do?

Use the Shares panel in Server Manager to enable Access-based Enumeration (ABE) on the SalesData share.

You are the network administrator for eastsim.com. The network consists of a single domain. The main office contains a file server named FS1, which is running out of space. Another file server, which is named FS2, is available. It has 500 GB of free space. You need to move the C:\SalesData folder from FS1 to FS2. Before you move the folder, you need to perform a backup of the C:\SalesData folder in the minimum amount of time. What should you do?

Use the Windows Server Backup feature to perform a custom backup. On the Select Items for Backup page, select the C:\SalesData folder.

Your Windows Server has two volumes, C: and D:. For the D:\Reports\Finances.xls file, you explicitly grant the Mary user account the allow modify NTFS permission. You need to move the file from the existing folder to the C:\Reports2 folder. You want to keep the existing NTFS permissions on the file. You want to accomplish this with the least amount of effort possible. What should you do?

Use the robocopy command to copy the file to the C:\Reports2 folder.

You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. You have two OUs that contain temporary users, TempSales and TempMarketing. For all users within these OUs, you want to restrict what the users are able to do. For example, you want to prevent them from shutting down the system or accessing computers through a network connection. Which GPO category would you edit to make the necessary changes?

User Rights

Select the policy node you would choose to configure who is allowed to manage the auditing and security logs.

User rights assignement

Drag the DNS term on the left to the appropriate definition on the right. (Each term may be used once, more than once, or not at all.)

Uses the IP address to find the host name (or FQDN). -Reverse lookup Client computers submit a DNS request to the DNS server and wait for a complete response. -Recursion The process by which a DNS server or host uses root name servers and subsequent servers to perform name resolution. -Recursion Uses the hostname (or the FQDN) to find the IP address. -Forward lookup

You are the administrator of a network with a single Active Directory domain. Your domain contains three domain controllers and five member servers. Your security policy states that all accounts should be locked out after three unsuccessful logon attempts and that accounts must be reset only by an administrator. A GPO enforces these settings. You receive a call Monday morning from the help desk. There are seven users who are unable to log in to the domain. Upon further investigation, you notice all seven accounts have been locked out. You need to unlock the user accounts with the least amount of administrative effort while complying with your security policy. What should you do next?

Using Active Directory Users and Computers, select Unlock Account for each account.

You want to use Restricted Groups to manage the membership of local groups on the domain member servers that you manage. You can define a restricted group in one of two ways: • Members of this group • This group is a member of The This group is a member of option is the preferred method for most use cases. Which of the following explains why this is the preferred method?

Using the This group is a member of option does not remove existing members of the group if they are not part of the restricted group.

You manage a Windows computer connected to a business network using switches and multiple subnets. One day you find that the computer is unable to connect to the Internet although it can communicate with a few other computers on the local subnet. You type ipconfig /all on the computer and see the following output: Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : mydomain.local Description . . . . . . . : Broadcom network adapter Physical Address. . . . . . : 00-AA-BB-CC-74-EF DHCP Enabled . . . . . . . : Yes Autoconfiguration Enabled. . . : Yes IPv4 Address . . . . . . . : 169.254.155.1(Preferred) Subnet Mask . . . . . . . : 255.255.0.0 Default Gateway. . . . . . . . . : DNS Servers. . . . . . . . . . . : What should you do?

Verify that the DHCP server is up and functional.

You manage the branch office for your company network. The branch office has a single Active Directory domain, branch1.westsim.private. All computers in the branch office are members of the domain. The branch office consists of two subnets and 50 host computers. Each subnet has its own DHCP server, while a single server on Subnet2 is both the domain controller and DNS server. Dynamic updates are enabled on the DNS zone. On Subnet1, you have a shared printer attached to Wrk5. Only computers on Subnet1 use this shared printer. How can you most easily make sure that all hosts on Subnet1 will continue to connect to the shared printer by name, even if the DNS server becomes unavailable?

View the settings in the Default Domain GPO to verify that theTurn off Multicast Name Resolution option is not enabled.

Specific services running within clustered virtual machines can be monitored in Failover Cluster Manager. Before Failover Cluster Manager can be configured to monitor services, you must allow apps and features through the Windows firewall on the virtual machines you want to monitor. The image below shows the Allow apps and features dialog in Windows Server VM. Select the boxes in this dialog that must be enabled to allow Failover Cluster Manager to monitor services on this VM. (Select two.)

Virtual Machine Monitoring <=======> (Name and domain)

You are the network administrator for Corpnet.com. You have a server named File1 that has a number of volumes that need to be backed up. Management has requested an assessment to identify which volumes on the server can be backed up using Windows Azure Online Backup. Volume Name File System Disk Type Bitlocker Encrypted Volume 1 NTFS Internal SATA No Volume 2 NTFS Internal IDE No Volume 3 NTFS USB External Drive No Volume 4 Volume 5 NTFS NTFS Internal SATA iSCSI RAID 5 Array Yes No For each volume, identify whether it can be backed up using Windows Azure Online Backup or whether it must be backed up using Windows Server Backup. Drag the appropriate backup solution from the left to each volume on the right.

Vol 1 - Windows Azure Online Backup, Vol 2, Volume 5 Windows Server Backup-Vol 3, Vol 4, System state

Which of the following host operating systems can be used as the host of a Server Core Windows Server container? (Select all the apply.)

Windows Server 2016 Desktop Experience Windows Server 2016 Server Core

Which of the following host operating systems can be used as the host of a Nano Server Windows Server container? (Select all the apply.)

Windows Server 2016 Desktop Experience Windows Server 2016 Server Core Nano Server

You manage a network with a single Active Directory domain called westsim.com. Most of your users work from the office and access your on-premise domain controllers when they authenticate and use network resources, but you also have a few users who work remotely. Your company has just moved to Office365 and is using the cloud-hosted versions of Exchange and SharePoint for employees who work from home. You are considering using Azure AD to allow these employees to authenticate to the domain. Which of the following are options for deploying Azure AD? (Select two.)

You can deploy Active Directory domain controllers using the Windows Azure Active Directory SaaS cloud service. You can install Active Directory domain controllers on Windows Azure virtual machines in the cloud.

Windows Defender is configured to regularly scan your system; however, you also want to scan a removable storage device you have just connected to your Windows system. Click the scan option you should use to accomplish this task.

custom<==

You perform the following to prepare to deploy the Windows Containers feature on your Windows Server 2016 system: • Install the required roles and features. • Perform the Docker installation and configuration process. After completing these steps, you want to verify that everything needed for deploying Windows Containers has been successfully installed. Enter the command you would use at an elevated command prompt to complete this verification (use lower-case characters only).

docker info

You have several containers running on your container host. You need the containers to function as if they were separate physical machines connected to the physical network segment. The containers need to get IP addressing information from the DHCP server on your physical network segment. From the drop-down list, select the command that fills in the blank for the command to create a new bridged network: ______________ -d transparent

docker network create

From the drop-down list, select the command you would use to display a list of virtual networks on the container host:

docker network ls

From the drop-down list, select the command you would use to view all running containers on the container host:

docker ps

Which of the following Docker commands is used to display information about all the containers currently running on the container host.?

docker ps

You want to be able to run a Nano Server container from a base container image that is on Docker Hub. You are ready to download the microsoft/nanoserver image from the Docker Hub website. From the drop-down list, select the command that fills in the blank: : ______________ microsoft/nanoserver

docker pull

You have pulled the microsoft/nanoserver image from the Docker Hub website. Now you need to create a new Windows Server container from the image and run the cmd command to open the command line interface in the container. From the drop-down list, select the command that fills in the blank: ______________ microsoft/nanoserver cmd

docker run -it

Docker is used to deploy and manage containers on a container host. Docker is composed of three components. Which of the following Docker components is used from the command line of the container host to deploy and manage containers?

docker.exe

You are installing the Docker engine on your Windows Server 2016 server. You have completed the following steps: 1. Download the Docker zip file. 2. Extract the Docker zip file to C:\Program Files\docker. 3. Add C:\Program Files\docker to the PATH environment variable. Next, you need to register dockerd.exe as a service. Enter the command you would use to register dockerd.exe as a service (use lower-case characters only).

dockerd.exe --register-service

You are the administrator of a network with a single Active Directory domain. You would like to create a script to distribute to the help desk support staff for their needs when creating domain user accounts. The help desk staff will input various user account values and these values will be used in the script. Which of the following commands should your script include?

dsadd

You are the administrator of a network with a single Active Directory domain. The domain includes a user account named Bob Smith. You have been asked by the network security group to provide a listing of all the domain groups to which Bob Smith is a member. You would prefer to use a command line utility so that the output can be saved and printed. Which command should you use?

dsget

You manage a Windows server that functions as your company's domain controller. Your organization was recently acquired by a larger organization, and the company name has changed as a result. You need to modify the Company property of each user account in Active Directory. Which tools could you use to make this change? (Select two. Each option is a complete solution.)

dsmod ldifde

You manage a Windows server that is an Active Directory domain controller for your organization. You need to use command line tools to generate a list of all users in the domain and then view the value of the Office property of each user. Which command should you use?

dsquery user -name * | dsget user -display -office

You need to use a PowerShell to generate a list of all Active Directory computer accounts located in just the Computers container (cn=Computers,dc=testoutdemo,dc=com). Which cmdlet should you use?

get-adcomputer -filter * -SearchBase "cn=Computers,dc=testoutdemo,dc=com"

Your network has a single Active Directory forest with two domains, eastsim.private and HQ.eastsim.private. The organizational units Accounting, Marketing, and Sales represent departments of the HQ domain. Additional OUs (not pictured) exist in both the eastsim.private and HQ.eastsim.private domains. All user and computer accounts for all departments companywide are in their respective departmental OUs. You are in the process of designing Group Policy for the network. You want to accomplish the following goals: • You want to enforce strong passwords throughout the entire forest for all computers. All computers in both domains should use the same password settings. • The Accounting department has a custom software application that needs to be installed on computers in that department. • Computers in the marketing and sales departments need to use a custom background and prevent access to the Run command. You create the following three GPOs with the appropriate settings: Password Settings, Accounting App, and Desktop Settings. How should you link the GPOs to meet the design objectives? To answer, drag the label corresponding to the GPO to the appropriate boxes.

eastsim.private-password settings, leave blank, leave blank HQ.eastsimprivate-password settings, leave blank, leave blank Accounting-Accounting app Marketing-Desktop settings Sales- Desktop settings

You are the network administrator for westsim.com. The company is opening a new branch office in New York that will have 100 new users. All the information on the new accounts is contained in a file named branch.csv, which specifies a unique name and password for each user. You need to run a script to create the new accounts contained in the branch.csv file. The new accounts must be assigned the appropriate passwords as contained in the branch.csv file. Which commands should you run? (Select two. Each answer is a required part of the solution.)

import-csv new-ADUser

After reconfiguring the static address of an internal web server named WEB3, your computer can no longer connect to WEB3. However, other users are still able to connect to the same web server.

ipconfig /displaydns

You manage a Windows server that functions as your company's domain controller. You want to test a new network application in a lab environment prior to rolling it on to your production network. To make the test as realistic as possible, you want to export all Active Directory objects from your production domain controller and import them to a domain controller in the test environment. Which tools could you use to do this? (Select two. Each option is a complete solution.)

ldifde csvde

You are managing rights on a standalone server. You want to make changes to the settings of the Restore Files and Directories policy. Which of the following is the tool you must use to make changes to this policy?

local Group Policy Editor

You have created an NFS share on your file FS1 server in the corpnet.com domain. The path of the shared folder is C:\Shared\NFSShare. You are now testing the configuration by trying to mount it to the /mnt directory on your Linux workstation. Use the drop-down list to fill in the blank in the following to correctly enter the command that will mount this share. _______________ FS1.corpnet.com:/NFSShare /mnt -o nolock

mount -t nfs

You have a laptop that you use for remote administration from home and while traveling. The laptop has been joined to the domain using the name of AdminRemote. The processor in your laptop overheats one day, causing extensive damage. Rather than repair the computer, you purchase a new one. The computer arrives, and you edit the system properties and name it AdminRemote. When you try to join the computer to the domain, you receive an error message and are unable to proceed. You want the new computer to be joined to the domain using the same name as the old computer. Which commands should you run?

netdom reset and then netdom join

Click on the menu option that allows you to enable bandwidth management.

network adapter <=====

You are visiting one of your company's branch offices to set up a new server and complete some general server management tasks. Employees in the branch office tell you they have been experiencing intermittent issues accessing a server in the home office. You send ICMP requests to the server at the home office from a workstation at the branch office using ping with the -t option. As it continues to send ping requests and receive replies, you find that the ping request times out every few minutes. You suspect that one of the routers between the branch office and the home office may be experiencing issues. Which troubleshooting tool can you use from a Windows workstation to see a map of the routers between the branch office and the home office?

tracert

You are the administrator of the westsim.com domain. Within the domain, you have OUs for the accounting, manufacturing, sales, and administration departments. You also have smaller OUs within each department OU, such as the ITAdmins OU in the Administration OU. You need to follow the principle of least privilege as you use the Delegation of Control wizard to complete the following: • Give one user in each OU the rights necessary to manage user accounts in their OU. • Give your assistants in the ITAdmins group rights to manage passwords for all users in the domain. Which of the following approaches can you use as you delegate control? (Select two. Each correct answer is part of the complete solution.)

• Create a PasswordAdmin group in the ITAdmins OU. • Make your assistants members of the PasswordAdmin group. • In the westsim.com domain, delegate control to the PasswordAdmin group to perform password tasks • Create a UserAdmin group in each department OU. • Make the user in each OU a member of the UserAdmin group. • In each department OU, delegate control to the UserAdmin group to perform user account tasks in that OU.

You are the administrator for a network with two domains, westsim.com and branch.westsim.com. User accounts for the sales team are in both domains. You have a shared folder called Reports on the Sales1 server in the westsim.com domain. You also have a shared folder called Contacts on the Sales6 server in the branch.westsim.com domain. All sales users need access to both shared folders. What do you need to do to implement a group strategy to provide access to the necessary resources?

• Create a global group in each domain. Add users within each domain to the group. • Create a universal group in westsim.com. • Add the global groups from each domain to the universal group. • Add the universal group to domain local groups in each domain. • Assign permissions to the domain local groups

You are the domain administrator for north.westsim.com, which is a child domain in westsim.com. You have a high-end color laser printer that is shared on a server in north.westsim.com. Because of the high price per page, you have removed the print permission from the Everyone group. You need to grant the print permissions to marketing users in the north.westsim.com, east.westsim.com, and west.westsim.com domains. What should you do?

• In the North domain, create a Domain Local group called CLR-PRT. • In all three domains, create a global group named Marketing. • Add all three global groups to the North CLR-PRT group and assign the print permission to the group.

Group Policies can be used to set the same notification levels at the domain level that can be set for local machines using the User Account Control (UAC) tool. You need to configure the Notify me only when programs try to make changes to my computer notification level using Group Policy. Which of the following Group Policies must be set to complete this configuration?

• The Behavior of the elevation prompt for administrators in Admin Approval Mode policy setting is set to Prompt for consent for non-Windows binaries. • The User Account Control: Switch to the secure desktop when prompting for elevation policy setting is enabled.


Related study sets

COMM 428E: Social Media Strategies

View Set

Accounting 300 exam 1 (part two)

View Set

Week 2 HESI Case Study COPD with Pneumonia

View Set

수능기출어법 700제 OX퀴즈

View Set