Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
|
|
|
|
Answer: C Explanation: A. Wrong Domain B. Wrong Domain C. Right domain, RID Master must be online D. Right domain but Not needed to be onlineRelative ID (RID) Master:Allocates active and standby RID pools to replica domain controllers in the same domain. (corp.contoso.com) Must be online for newly promoted domain controllers to obtain a local RIDpool that is required to advertise or when existing domain controllers have to update their current or standby RID pool allocation.The RID master is responsible for processing RID pool requests from all domain controllers in aparticular domain. When a DC creates a security principal object such as a user or group, it attaches a unique Security ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs created in a domain), and a relative ID (RID) that is unique for each security principal SID created in a domain. Each DC in a domain is allocated a pool of RIDs that it is allowed to assign to the security principals it creates. When a DC's allocated RID pool falls below a threshold, that DC issues a request for additional RIDs to the domain's RID master. The domain RID master responds to the request by retrieving RIDs from the domain's unallocated RID pool and assigns them to the pool of the requesting DC At any one time, there can be only one domain controller acting as the RID master in the domain. |
|
QUESTION 23Your network contains an Active Directory domain named contoso.com. You log on to a domain controller by using an account named Admin1. Admin1 is a member of the Domain Admins group. You view the properties of a group named Group1 as shown in the exhibit. (Click the Exhibit button.) Group1 is located in an organizational unit (OU) named OU1.You need to ensure that users from Group1 can modify the SecurityWhat should you do from Active Directory Users and Computers? A. Modify the Managed By settings on OU1. B. Right-click contoso.com and select Delegate Control. C. Right-click OU1 and select Delegate Control. D. Modify the Security settings of Group1. |
Answer: C Explanation: A. The distinguished name of the user that is assigned to manage this object. B. Would delegate control to the whole domain C. Delegates control to the OU OU1 only D. Wrong Feature An organizational unit is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority. A user can have administrative authority for all organizational units in a domain or for a single organizational unit.You can delegate administrative control to any level of a domain tree by creating organizational units within a domain and delegating administrative control for specific organizational units to particular users or groups. Administrative control can be assigned to a user or group by using the Delegation of Control Wizard or through the Authorization Manager console. Both of these tools allow you to assign rights or permissions to particular users or groups. |
|
|
Your network contains an Active Directory forest named contoso.com. All domain controllers currently run Windows Server 2008 R2. You plan to install a new domain controller named DC4 that runs Windows Server 2012 R2.The new domain controller will have the following configurations:- Schema master- Global catalog server- DNS Server server role- Active Directory Certificate Services server roleYou need to identify which configurations Administrators by using the Active Directory Installation Wizard.Which two configurations should you identify? (Each correct answer presents part of the solution. Choose two.) A. Transfer the schema master. B. Enable the global catalog server. C. Install the DNS Server role D. Install the Active Directory Certificate Services role. |
|
|
Your network contains an Active Directory domain named contoso.com. The domain contains twodomain controllers. The domain controllers are configured as shown in the following table.In the perimeter network, you install a new server named Server1 that runs Windows Server 2012 R2. Server1 is in a workgroup. You need to perform an offline domain join of Server1 to the contoso.com domain. What should you do first? A. Transfer the PDC emulator role to Dc1. B. Run the djoin.exe command. C. Run the dsadd.exe command. D. Transfer the infrastructure master role to DC1. |
Answer: B Explanation: A. Creates a new Active Directory computer. B. Use djoin for offline join in the perimeter network C. Adds specific types of objects to the directory. D. Add the local computer to a domain or workgroup. To perform an offline domain join, you run commands by using a new tool named Djoin.exe. You use Djoin.exe to provision computer account data into AD DS. You also use it to insert the computer account data intothe Windows directory of the destination computer, which is the computer that you want to join to the domain.Create the account djoin /provision /domain winsrvtuts.wst /machine Win7 /savefile c:\yourFile.txt Run on the target systemdjoin /requestodj /loadfile c:\yourFile.txt /windowspath c:\Windows /localos |
|
Your network contains two Active Directory forests named adatum.com and contoso.com.Both forests contain multiple domains. A two-way trust exists between the forests. The contoso.com domain contains a domain local security group named Group1. Group1 contains contoso\user1 and adatum\user1.You need to ensure that Group1 can only contain users from the contoso.com domain.Which three actions should you perform? To answer, move three actions from the list of actions to the answer area and arrange them in the correct order. |
Explanation:Domain local Groups that are used to grant permissions within a single domain. Members ofdomain local groups can include only accounts (both user and computer accounts) and groups from thedomain in which they are defined.----------- to review.......... Universal groups can only include objects from its own forest Groups can have -- domain local, built-in local, global, and universal. That is, the groups have different areas in different scopes which they are valid.A domain local group is a security or distribution group that can contain universal groups, global groups, other domain local groups from its own domain, and accounts from any domain in the forest. You can give domain local security groups rights and permissions on resources that reside only in the same domain where the domain local group is located. A global group is a group that can be used in its own domain, in member servers and in workstations of the domain, and in trusting domains. In all those locations, you can give a global group rights and permissions and the global group can become a member of local groups. However, a global group can contain user accounts that are only from its own domain. A universal group is a security or distribution group that contains users, groups, and computers from any domain in its forest as members. You can give universal security groups rights and permissions on resources in any domain in the forest. Universal groups are not supported.Domain local -Groups that are used to grant permissions within a single domain. Members of domain local groups can include only accounts (both user and computer accounts) and groups from the domain in which they are defined. Built-in local - Groups that have a special group scope that have domain local permissions and, for simplicity, are often referred to as domain local groups. The difference between built-in local groups and other groups is that built-in local groups can't be created or deleted. You can only modify built-in local groups. References to domain local groups apply to built-in local groups unless otherwise noted. Global -Groups that are used to grant permissions to objects in any domain in the domain tree or forest. Members of global groups can include only accounts and groups from the domain in which they are defined. Universal - Groups that are used to grant permissions on a wide scale throughout a domain tree or forest. Members of global groups include accounts and groups from any domain in the domain tree or forest.Global to universal. This conversion is allowed only if the group that you want to change is not a member of another global scope group. Domain local to universal. This conversion is allowed only if the group that you want to change does not have another domain local group as a member. Universal to global. This conversion is allowed only if the group that you want to change does not have another universal group as a member. Universal to domain local. There are no restrictions for this operation. |
|
|
Your network contains an Active Directory domain named contoso.com.You discover that when you join client computers to the domain manually, the computer accounts are created in the Computers container.You need to ensure that new computer accounts are created automatically in an organizational unit (OU) named Corp.Which tool should you use?A. net.exe B. redircmp.exe C. regedit.exe D. dsadd.exe |
Answer: B Explanation: A. Used to stop/start protocols B. Redirects the default container for newly created computers to a specified, target organizational unit C. Modify local registry entries D. Adds specific types of objects to the directory Redirects the default container for newly created computers to a specified, target organizational unit (OU) so that newly created computer objects are created in the specific target OU instead of in CN=Computers.You must run the redircmp command from an elevated command prompt.Redircmp.exe is located in the C:\Windows\System32 folder.You must be a member of the Domain Admins group or the Enterprise Admins group to use this tool. |
|
You have a server named Server2 that runs Windows Server 2012 R2. Server2 has the Hyper-Vserver role installed. The disks on Server2 are configured as shown in the exhibit. (Click the Exhibit button.) You create a virtual machine on Server2 named VM1.You need to ensure that you can configure a pass-through disk for VM1.What should you do? A. Convert Disk 1 to a basic disk. B. Take Disk 1 offline. C. Create a partition on Disk 1. D. Convert Disk 1 to a MBR disk. |
Answer: B Explanation:http://blogs.technet.com/b/askcore/archive/2008/10/24/configuring-pass-through-disks-inhyperv.aspx Pass-through Disk ConfigurationHyper-V allows virtual machines to access storage mapped directly to the Hyper-V server without requiring the volume be configured. The storage can either be a physical disk internal to the Hyper-V server or it can be a Storage Area Network (SAN) Logical Unit (LUN) mapped to the Hyper-V server. To ensure the Guest has exclusive access to the storage, it must be placed in an Offline state from the Hyper-V server perspective |
|
|
Answer: B Explanation: You need your virtualized workloads to connect easily and reliably to your existing storage arrays. WindowsServer 2012 provides Fibre Channel ports within the guest operating system, which allows you toconnect to Fibre Channel directly from within virtual machines. This feature protects your investments inFibre Channel, enables you to virtualize workloads that use direct access to Fibre Channel storage, allows youto cluster guest operating systems over Fibre Channel, and provides an important new storage option forservers hosted in your virtualization infrastructure.With this Hyper-V virtual Fibre Channel feature, you can connect to Fibre Channel storage from within a virtualmachine. This allows you to use your existing Fibre Channel investments to support virtualized workloads.Support for Fibre Channel in Hyper-V guests also includes support for many related features, such as virtualSANs, live migration, and MPIO. |
|
|
Answer: ACExplanation:Offline Files have four modes of operation:OnlineSlow linkAuto offlineManual offlineOffline Files transition between the three modes online, slow link and auto offline depending on connection speed. The user can always override the automatic mode selection by manually switching to manual offline mode.To determine the connection speed two pings with default packet size are sent to the file server. If the average round-trip time is below 80 ms (Windows 7) or 35 ms (Windows 8), the connection is put into online mode, otherwise into slow link mode. The latency value of 35/80 ms is configurable through the Group Policy setting Configure slow-link mode.Reads, Writes and SynchronizationIn online mode, changes to files are made on the file server as well as in the local cache (this induces a performance hit - see this article for details). Reads are satisfied from the local cache (if in sync).In slow link mode, changes to files are made in the local cache. The local cache is background-synchronized with the file server every 6 hours (Windows 7) or 2 hours (Windows 8), by default. This can be changed through the Group Policy setting Configure Background Sync. . In auto offline mode, all reads and writes go to the local cache. No synchronization occurs. . In manual offline mode, all reads and writes go to the local cache. No synchronization occurs by default, but background synchronization can be enabled through the Group Policy setting Configure Background Sync. |
|
|
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You need to configure a central store for the Group Policy Administrative Templates. What should you do on DC1? A. From Server Manager, create a storage pool. B. From Windows Explorer, copy the PolicyDefinitions folder to the SYSVOL\contoso.com\policies folder. C. From Server Manager, add the Group Policy Management feature D. From Windows Explorer, copy the PolicyDefinitions folder to the NETLOGON share. |
Answer: B Explanation: A. Create Disk Storage Pool B. PolicyDefinitions folder in SYSVOL C. Group Policy Management is a console for GPO Mgmt D. Folder is for logon scripts PolicyDefinitions folder within the SYSVOL folder hierarchy. By placing the ADMX files in this directory,they are replicated to every DC in the domain; by extension, the ADMX-aware Group Policy ManagementConsole in Windows Vista, Windows 7, Windows Server 2008 and R2 can check this folder as an additionalsource of ADMX files, and will report them accordingly when setting your policies.By default, the folder is not created. Whether you are a single DC or several thousand, I would stronglyrecommend you create a Central Store and start using it for all your ADMX file storage. It really does work well.The Central Store To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder ona domain controller. The Central Store is a file location that is checked by the Group Policy tools. The GroupPolicy tools use any .admx files that are in the Central Store. The files that are in the Central Store are laterreplicated to all domain controllers in the domain. To create a Central Store for .admx and .adml files, create a folder that is named PolicyDefinitions in thefollowing location:\\FQDN\SYSVOL\FQDN\policies Note: FQDN is a fully qualified domain name. |
|
|
You install Windows Server 2012 R2 on a standalone server named Server1.You configure Server1 as a VPN server.You need to ensure that client computers can establish PPTP connections to Server1.Which two firewall rules should you create? (Each correct answer presents part of the solution. Choose two.) A. An inbound rule for protocol 47 B. An outbound rule for protocol 47 C. An inbound rule for TCP port 1723 D. An inbound rule for TCP port 1701 E. An outbound rule for TCP port 1723 F. An outbound rule for TCP port 1701 |
Answer: AC Explanation:To enable VPN tunnels between individual host computers or entire networks that have a firewall between them, you must open the following ports:PPTPTo allow PPTP tunnel maintenance traffic, open TCP 1723. To allow PPTP tunneled data to pass through router, open Protocol ID 47. http://www.windowsitpro.com/article/pptp/which-ports-do-you-need-to-open-on-a-firewall-to-allow-pptp-andl2tp-over-ipsec-vpn-tunnels--46811 If you use a personal firewall or a broadband router, or if there are routers or firewalls between the VPN client and the VPN server, the following ports and protocol must be enabled for PPTP on all firewalls and routers that are between the VPN client and the VPN server:Client ports Server port Protocol1024-65535/TCP 1723/TCP PPTPAdditionally, you must enable IP PROTOCOL 47 (GRE).http://support.microsoft.com/kb/314076/en-us |
|
|
Your network contains an Active Directory domain named adatum.com. The computer accountsfor all member servers are located in an organizational unit (OU) named Servers. You link a Group Policy object (GPO) to the Servers OU.You need to ensure that the domain's Backup Operators group is a member of the local Backup Operators group on each member server. The solution must not remove any groups from the local Backup Operators groups.What should you do? A. Add a restricted group named adatum\Backup Operators. Add Backup Operators to the This group is a member of list. B. Add a restricted group named adatum\Backup Operators. Add Backup Operators to the Members of this group list. C. Add a restricted group named Backup Operators. Add adatum\Backup Operators to the This group is a member of list. D. Add a restricted group named Backup Operators. Add adatum\Backup Operators to the Members of this group list. |
Answer: A Explanation: A. The Member Of list specifies which other groups the restricted group should belong to B. Needs to be added to member of list C. Wrong group D. Wrong groupRestricted groups allow an administrator to define two properties for security -sensitive groups (that is,"restricted" groups). The two properties are Members and Member Of . The Members list defines who should and should not belongto the restricted group. The Member Of list specifies which other groups the restricted group should belong to.When a restricted Group Policy is enforced, any current member of a restricted group that is not Get Latest&Actual 70-410 Exam Dumps from Braindump2gohttp://www.braindump2go.com/70-410.htmlGuarantee All Exams 100% Pass Or Full Money Backon theMembers list is removed. Any user on the Members list which is not currently a member of the restrictedgroup is added.The Restricted Groups folder is available only in Group Policy objects associated with domains, OUs,and sites. The Restricted Groups folder does not appear in the Local Computer Policy object. If a Restricted Group is defined such that it has no members (that is, the Members list is empty), then allmembers of the group are removed when the policy is enforced on the system. If the Member Of list is emptyno changes are made to any groups that the restricted group belongs to. In short, an empty Members listmeans the restricted group should have no members while an empty Member Of list means "don't care" whatgroups the restricted group belongs to. |
|
|
Your network contains an Active Directory domain named contoso.com. All servers run WindowsServer 2012 R2. An application named Appl.exe is installed on all client computers. Multiple versions of Appl.exe are installed on different client computers. Appl.exe is digitally signed.You need to ensure that only the latest version of Appl.exe can run on the client computers.What should you create? A. An application control policy packaged app rule B. A software restriction policy certificate rule C. An application control policy Windows Installer rule D. An application control policy executable rule |
Answer: D Explanation: A. A publisher rule for a Packaged app is based on publisher, name and version B. You can create a certificate rule that identifies software and then allows or does not allow the software torun, depending on the security level. C. For .msi or .msp D. Executable Rules, for .exe and can be based on Publisher, Product name, filename and version. Use Certificate Rules on Windows Executables for Software Restriction Policies This security setting determines if digital certificates are processed when a user or process attempts to runsoftware with an .exe file name extension. This security settings is used to enable or disable certificate rules, atype of software restriction policies rule. With software restriction policies, you can create a certificate rule thatwill allow or disallow software that is signed by Authenticode to run, based on the digital certificate that isassociated with the software. In order for certificate rules to take effect, you must enable this security setting. When certificate rules are enabled, software restriction policies will check a certificate revocation list (CRL) tomake sure the software's certificate and signature are valid. This may decrease performance when start signedprograms. You can disable this feature. On Trusted Publishers Properties, clear the Publisher and Timestampcheck boxes. |
|
|
Your network contains an Active Directory domain named contoso.com.All domain controllers run Windows Server 2012 R2. You need to ensure that the local Administrator account on all computers is renamed to L_Admin. Which Group Policy settings should you modify? A. Security Options B. User Rights Assignment C. Restricted Groups D. Preferences |
Answer: A Explanation: A. Allows configuration of computers B. User Rights Assignment policies determines which users or groups have logon rights or privileges on thecomputer C. Restricted Groups defines what member or groups should exist as part of a group D. With Preferences, local and domain accounts can be added to a local group without affecting the existingmembers of the group In Group Policy Object Editor, click Computer Configuration, click Windows Settings, click Security Settings,click Local Policies, and then clickIn the details pane, double-click Accounts: Rename administrator account. |
|
You have a server that runs Windows Server 2012 R2. The disks on the server are configured asshown in the exhibit. (Click the Exhibit button.) You need to create a storage pool that contains Disk 1 and Disk 2. What should you do first? A. Delete volume E B. Convert Disk 1 and Disk 2 to dynamic disks C. Convert Disk 1 and Disk 2 to GPT disks D. Create a volume on Disk 2 |
Answer: A Explanation: A Storage Pools use unallocated spaceThere is no way to create a storage pool with existing data. Storage pools are only a collection of drives that are managed by windows. |
|
|
You have a server named Server1 that runs Windows Server 2012 R2.You add a 4-TB disk named Disk 5 to Server1. You need to ensure that you can create a 3-TB volume on Disk 5. What should you do? A. Create a storage pool. B. Convert the disk to a dynamic disk. C. Create a VHD, and then attach the VHD. D. Convert the disk to a GPT disk. |
Answer: D Explanation: MBR max is 2TB, the disk must be GPTFor any hard drive over 2TB, we need to use GPT partition. If you have a disk larger than 2TB size, the rest ofthe disk space will not be used unless you convert it to GPT. An existing MBR partition can't be converted to GPT unless it is completely empty; you must either deleteeverything and convert or create the partition as GPT. It is not possible to boot to a GPT partition, impossible to convert MBR to GPT without data loss. |
|
|
You have a server named Server1 that has a Server Core installation of Windows Server 2008 R2.Server1 has the DHCP Server server role and the File Server server role installed.You need to upgrade Server1 to Windows Server 2012 R2 with the graphical user interface (GUI). The solution must meet the following requirements: - Preserve the server roles and their configurations. - Minimize Administrative effort.What should you do? A. On Server1, run setup.exe from the Windows Server 2012 R2 installation media and select Server with a GUI. B. Start Server1 from the Windows Server 2012 R2 installation media and select Server Core Installation. When the installation is complete, add the Server Graphical Shell feature. C. Start Server1 from the Windows Server 2012 R2 installation media and select Server with a GUI. D. On Server1, run setup.exe from the Windows Server 2012 R2 installation media and select Server Core Installation. When the installation is complete, add the Server Graphical Shell feature |
Answer: D Explanation: A. Server is on 2008 R2 core, must install 2012 R2 core and then GUI B. Not least effort C. Not least effort D. Upgrade to 2012 R2 and install GUI shellhttp://technet.microsoft.com/en-us/library/jj574204.aspx Upgrades that switch from a Server Core installation to the Server with a GUI mode of Windows Server 2012 R2 in one step (and vice versa) are not supported. However, after upgrade is complete, Windows Server 2012 R2 allows you to switch freely between Server Core and Server with a GUI modes. For more information about these installation options, how to convert between them, and how to use the new Minimal Server Interface and Features on Demand, see |
|
|
Your network contains two servers named Server1 and Server2 that run Windows Server 2012R2. You need to install the Remote Desktop Services server role on Server2 remotely from Server1. Which tool should you use? A. The dsadd.exe command B. The Server Manager console C. The Remote Desktop Gateway Manager console D. The Install-RemoteAccess cmdlet |
Answer: B Explanation: A. Adds specific types of objects to the directory B. You can manage remote server by Server Manager and install roles/features C. Remote Desktop Gateway (RD Gateway) is a role service that enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run theRemote Desktop Connection (RDC) client. D. Performs prerequisite checks for DirectAccess (DA) to ensure that it can be installed, installsDA for remoteaccess (RA) (includes management of remote clients) or for management of remote clients only, and installsVPN (both Remote Access VPN and siteto-site VPN). |
|
|
You have a server named Server1 that runs a full installation of Windows Server 2012 R2.You need to uninstall the graphical user interface (GUI) on Server1. You must achieve this goal by using the minimum amount of Administrative effort. What should you do? A. Reinstall Windows Server 2012 R2 on the server. B. From Server Manager, uninstall the User Interfaces and Infrastructure feature. C. From Windows PowerShell, run Uninstall-WindowsFeature PowerShell-ISE D. From Windows PowerShell, run Uninstall-WindowsFeature Desktop-Experience. |
Answer: B Explanation: A. Not least effort B. Quick and Easy C. Uninstalls PS-ISE D. Doesn't remove all GUI components |
