Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
119 Cards in this Set
- Front
- Back
|
Which of the following is not a function of the global catalog? |
Facilitates inter-site replication |
|
|
Which of the following is a feature first introduced with the Windows Server 2012 R2 domain functional level? |
Protected Users group |
|
|
What are the reasons to use multiple domains? |
Need for different name identities, Replication control, Need for differing account policies |
|
|
Which of the following is a component of Active Directory's physical structure? |
Sites |
|
|
A user calls the help desk to change her forgotten password. A minute later, she attempts to log on with the new password but gets a logon failed message. She verifies that she's enter-ing the correct password. She tries logging on again about 30 minutes later and is successful. What's the most likely cause of the delay in her ability to log on? |
The domain controller holding the PDC emulator role wasn't contacted by the domain controller that authenticated the user |
|
|
You have three sites: Boston, Chicago, and LA. You have created site links between Boston and Chicago and between Chicago and LA with the default site link settings. What do you need to do to make sure replication occurs between Boston and LA? |
Do nothing; replication will occur between Boston and LA with the current configuration (A) |
|
|
Which of the following is created automatically by the KCC and is responsible for replication parameters between intra site replication partners? |
Connection object (D) |
|
|
By default, how often does inter site replication occur? |
Every 180 minutes (D) |
|
|
What should you do if client computers can't find domain controller services? |
Configure entries in the hosts file (C) |
|
|
When does non-urgent intrasite replication occur? |
15 seconds after any change occurs, with a 3-second delay between partners |
|
|
When might you want to upgrade Active Directory replication from FRS to DFSR? |
You upgraded domain controllers from Windows Server 2003 (D) |
|
|
Which of the following is true about using SMTP in site links? (Choose all that apply.) |
A certification authority must be configured, Domains can span the sites included in the site link, It's best used on slow or unreliable network links (A, B, C) |
|
|
Which of the following is true about site links? (Choose all that apply.) |
Determine replication schedule between DCs, Involved in intersite replication, Can be configured with differing schedules (A, C, D) |
|
|
Which of the following requires urgent replication? |
Changes to the password policy, Changes to the account lockout policy (A, D) |
|
|
What's the default lease duration on a Windows DHCP server? |
8 days |
|
|
What should you create if you need to service multiple IPv4 subnets on a single physical network? |
Super scope |
|
|
What do you configure if you need to assign addresses dynamically to applications or services that need a class D IP address? |
Multicast scope |
|
|
Which type of DNS query instructs the DNS server to process the query until it responds with an address that satisfies the query or with an "I don't know" message? |
Recursive |
|
|
Which of the following uses digital signatures contained in DNSSEC related resource records to verify DNS responses? |
Zone signing |
|
|
Which security feature should you use if you want to prevent DNS records retrieved from other DNS servers from being overwritten until the TTL is at least 75% expired? |
Cache locking |
|
|
You have four Web servers, all with the same name for load balancing. Your client computers are using a Web server in a remote subnet, even though there's a Web server in their local subnet. What should you do to ensure that client computers use the Web server in their local subnet whenever possible? |
Configure net mask ordering |
|
|
You want to give a junior administrator access to DNS servers so that he can configure zones and resource records, but you don't want to give him broader administrative rights in the domain. What should you do? |
Delegate control for the OU where the DNS computer accounts are |
|
|
Which of the following is true about the DHCP protocol? (Choose all that apply.) |
There are eight message types, It uses the UDP Transport-layer protocol |
|
|
You want to set DAC permissions on folders on several servers in the domain by using group policies. Which of the following should you do first? |
Create a central access policy |
|
|
You want to restrict access to a folder based on a user's job title. What do you need to create to use this criteria in a permission condition? |
Claim type |
|
|
A user named Mike has some files on his computer that contain sensitive information. His computer is running Windows 8.1 Enterprise Edition and is a member of a Windows Server 2012 R2 domain. You want to be able to classify Mike's files so that access to them can be restricted based on their classification. What should you do first? |
Create a central access rule to classify the files on Mike's computer |
|
|
You want to classify some files on a Windows Server 2012 R2 server, using the Confidentiality and Department resource properties. What should you do to use these resource proper-ties in a permission entry? |
Open ADAC and enable the resource properties |
|
|
You've configured permissions on a folder by using user claims and resource properties and want to test permissions for several different users. What should you do so that you don't have to log on as each user to verify that these permissions are doing what you want? |
Open the Advanced Security Settings dialog box and click the Effective Access tab |
|
|
You want to create a central access rule that affects only folders classified as highly confidential. You don't want the rule to affect other folders on any servers. What should you do? |
Configure the Target Resources property on the central access rule |
|
|
You have just configured file servers in a new facility to share documents among all users. Users have been complaining that they're getting obscure messages when they try to access some shared folders, and they can't access the files. What should you do so that users get more helpful messages when they can't access shared folders? |
Use FSRM to create new file classifications |
|
|
You want to deploy IPAM in your network. You have four servers running and need to decide on which server you should install the IPAM Server feature. Which of the following server configurations is the best solution? |
Windows Server 2012 member server running DHCP |
|
|
You have recently installed IPAM on a server running Windows Server 2012 R2. Your network has four DHCP servers, six DNS servers, and three DCs. All the DHCP and DNS servers are domain members. When you look at the Server Inventory window, you don't see any of the DHCP servers, but you do see the DNS servers and DCs. What should you do to solve this problem? |
Configure the DHCP servers as workgroup servers |
|
|
You have recently installed the IPAM Server feature on a server running Windows Server 2012 R2. You chose manual provisioning during installation. You have 15 servers to be managed by IPAM and have decided the manual provisioning tasks are too much work. You want to use Group Policy provisioning instead. What should you do? |
Run the Invoke - IpamGpoProvisioning -GroupPolicy PowerShell cmdlet |
|
|
You have just installed a Microsoft SQL server and want to use it to store IPAM data, which is currently using the WID. What should you do? |
Run the Move - IpamDat abase PowerShell cmdlet from the IPAM server |
|
|
You have just finished the Add Roles and Features Wizard and clicked the IPAM node in Server Manager. The IPAM Server Tasks window indicates that you're connected to the IPAM server. What should you do next? |
Start server discovery |
|
|
Which of the following is true about Dynamic Access Control? (Choose all that apply.) |
File classifications are a necessary component of DAC, Central access rules can contain NTFS permissions |
|
|
Which of the following is true about resource properties? (Choose all that apply.) |
They're disabled by default, You have to create any resource property you might want to use, They're used to classify resources |
|
|
You want shared network storage that's easy to set up and geared toward file sharing with several file-sharing protocols, but you don't want the device to be dedicated to file sharing. What should you consider buying? |
NAS |
|
|
You have four servers that need access to shared storage because you will configure the servers in a cluster. Which storage solution should you consider for this application? |
SAN |
|
|
You have installed a new disk and created a volume on it. What should you do before you can store files on it? |
Format it |
|
|
Which of the following is the correct sequence of steps for creating a volume with Storage Spaces? |
Disk pool, virtual disk, volume |
|
|
What is RAID 0? |
The capacity of a RAID 0 volume is the sum of the capacities of the disks in the set, the same as with a spanned volume. There is no added redundancy for handling disk failures, just as with a spanned volume |
|
|
RAID 1 |
Data mirroring, without parity or striping. Data is written identically to two (or more) drives, thereby producing a "mirrored set" of drives |
|
|
RAID 2 |
RAID 2 consists of bit-level striping with dedicated Hamming-code parity. All disk spindle rotation is synchronized and data is striped such that each sequential bit is on a different drive |
|
|
RAID 3 |
RAID 3 consists of byte-level striping with dedicated parity. All disk spindle rotation is synchronized and data is striped such that each sequential byte is on a different drive. Parity is calculated across corresponding bytes and stored on a dedicated parity drive |
|
|
RAID 4 |
RAID 4 consists of block-level striping with dedicated parity. The main advantage of RAID 4 over RAID 2 and 3 is I/O parallelism: in RAID 2 and 3, a single read/write I/O operation requires reading the whole group of data drives, while in RAID 4 one I/O read/write operation does not have to spread across all data drives. |
|
|
RAID 5 |
RAID 5 consists of block-level striping with distributed parity. Unlike RAID 4, parity information is distributed among the drives, requiring all drives but one to be present to operate. Upon failure of a single drive, subsequent reads can be calculated from the distributed parity such that no data is lost. RAID 5 requires at least three disks |
|
|
RAID 6 |
RAID 6 consists of block-level striping with double distributed parity. Double parity provides fault tolerance up to two failed drives. |
|
|
You need a disk system that provides the best performance for a new application that frequently reads and writes data to the disk. You aren't concerned about disk fault tolerance because the data will be backed up each day; performance is the main concern. What type of volume arrangement should you use? |
RAID 0 volume |
|
|
You have just installed Windows Server 2012 R2 and want to run a full server backup. What do you need to do first? |
Run Install –Windows Feature Windows -Server-Backup from a PowerShell prompt |
|
|
Which command should you use if you want a Windows Server 2012 R2 server to start in Safe Mode the next time it restarts? |
bcdedit |
|
|
Which command enables you to replace corrupt boot files on a virtual disk you have mounted on the server's V drive? The server is running Windows Server 2012 R2, which is also loaded on the virtual disk |
bcdboot C: \ windows /s V: |
|
|
What command should you use to revert a volume to an existing shadow copy? |
Disk shadow |
|
|
Which of the following is a disadvantage of using differential backups? |
More space is required for backups |
|
|
Which item is not included in a system state backup of a member server? |
Local users and groups |
|
|
You have a domain controller that suffered a system crash, and you have to perform a full server recovery. You have two other DCs on the network, and they have been working fine during the two days the DC was offline. What type of Active Directory restore should you perform? |
Non authoritative restore |
|
|
Which of the following contains settings that determine how Windows Server 2012 R2 boots? |
BCD store |
|
|
Which command do you use to configure Windows Server 2012 R2 to boot to a virtual hard disk? |
bcdboot C:\Windows |
|
|
You have two sites running Hyper-V servers. All servers in both sites are members of the same domain. You want to ensure high availability of the VMs running on Hyper-V servers and can't afford data loss as a result of a failover. What should you use? |
Hyper-V Replica |
|
|
You have configured highly available virtual machines in the Failover Cluster Manager, and all cluster nodes are in the primary site. You want to make sure the VMs are available at a secondary site in case of a disaster. The secondary site is also running Hyper-V in a failover cluster. Some data loss is acceptable if there's a failover to the secondary site. What should you configure? |
Configure the Hyper-V Replica Broker role in the Failover Cluster Manager on the primary site cluster |
|
|
You want to configure a multisite cluster between two sites named SiteA and SiteB. You have a third site named SiteC. The cluster will have a total of six nodes. Which quorum con-figuration should you choose? |
Node majority |
|
|
You have a multisite cluster named Multi Cluster with a high latency link between sites and are using default failover settings. Periodically, a failover occurs when the primary server is still online. What command should you use to prevent these errant failovers? |
Cluster /cluster:MultiCluster /prop SameSubnetThreshold=2500 |
|
|
Which of the following situations typically requires the availability of a backup created by Windows Server Backup? (Choose all that apply.) |
You need continuous availability of a network service, There's been accidental deletion of folders or files, A server's registry appears to be corrupted. |
|
|
Which of the following backup operations isn't possible with Microsoft Azure Backup? (Choose all that apply.) |
OS volume backup, System State backup |
|
|
Which of the following is a requirement for configuring a server in hosted cache mode? |
Windows Server 2008 R2 or later |
|
|
Which FSRM feature should you use if you want to set certain attributes of a file automatically based on its contents? |
Classification Management |
|
|
You want to use a predefined classification property named Confidentiality. What should you do before you use this property the first time? |
Run the update-FsrmclassificationPropertyDefinition cmdlet |
|
|
Which of the following is a logical storage space consisting of one or more virtual disks in an iSCSI system? |
iSCSI target |
|
|
What does iSCSI use to reference a logical drive provided by the iSCSI target? |
iSCSI Logical Unit Number (LUN) |
|
|
If you enable authentication on an iSCSI target, what authentication protocol is used? |
Challenge-Handshake Authentication Protocol (CHAP) |
|
|
Which of the following can benefit from using the Branch Cache role service? (Choose all that apply.) |
File Server, Web Server, Background Intelligence Transfer Service (BITS) |
|
|
Which of the following is not a step in creating and configuring an NLB cluster? |
Configuring a preferred owner |
|
|
Under which circumstances should you use the "none" option when setting the client affinity value? |
When the content being served is fairly static and stateless |
|
|
Which of the following describes a cluster that has been divided into two or more sub clusters because of lack of communication? |
Partitioned |
|
|
What's created in Active Directory during the failover cluster creation process? |
A computer object with the name of the cluster |
|
|
Which of the following failover cluster options specifies how many times a clustered service can restart or fail to another server in a certain period before the service is left in the failed state? |
Affinity value |
|
|
Which of the following is a valid quorum model? (Choose all that apply.) |
Node Majority, No Majority: Disk Only, Node and Disk Majority |
|
|
Which of the following is a requirement for creating a failover cluster? (Choose all that apply.) |
Windows Server 2012 /R2 Standard or Data centre edition, Servers that are Active Directory domain members or domain controllers |
|
|
You need to perform maintenance on a cluster and must take the entire cluster offline. Which of the following is the best approach? |
Right-click the cluster name, point to More Actions, and click Shut Down Cluster |
|
|
Which of the following is true about copying cluster roles? |
You need to install the clustered role on the nodes in the target cluster |
|
|
Which of the following is not a quorum witness configuration option? |
Configure a local disk witness |
|
|
What new feature in Windows Server 2012 R2 attempts to prevent a split vote from occurring? |
Dynamic witness |
|
|
You have six cluster nodes split evenly between SiteA and SiteB and no witness. The link between the sites goes down, leaving two separate cluster partitions. The SiteA cluster continues to function, and the SiteB cluster goes offline. All nodes are running Windows Server 2012 R2. Why did this problem occur? |
Dynamic quorum removed a vote from SiteB |
|
|
Which configuration results in the best performance and reliability for a Hyper-V failover cluster with VMs stored on a file share? |
Scale-out file server |
|
|
Which of the following is a prerequisite for deploying a clustered storage space? |
You need at least three unallocated disks |
|
|
There are two methods for deploying a clustered storage space. Which of the following steps is used in both methods? |
Install the MPIO feature |
|
|
What is MPIO? |
Microsoft Multipath I/O (MPIO) is a Microsoft-provided framework that allows storage providers to develop multipath solutions that contain the hardware-specific information needed to optimize connectivity with their storage arrays. These modules are called device-specific modules (DSMs). The concepts around DSMs are discussed later in this document. |
|
|
If you're using cluster shared volumes for highly available VMs, which of the following is a likely path for storing the VM files? |
C:\\ Cluster Storage |
|
|
Which option on a VM should you select if you want to enable virtual machine network health detection? |
Protected network |
|
|
Which of the following is true about a clustered virtual machine? (Choose all that apply.) |
You need to have shared storage available to the VM's guest OS, You need two or more host computers running Hyper-V, All host computers should be members of the same domain, CSVs are recommended for shared storage |
|
|
A PKI is based on symmetric cryptography. True or False? |
false |
|
|
Version 1 templates can't be modified, but they can be duplicated and then modified. True or False? |
true |
|
|
Which of the following is used in both ends of the cryptography process (encryption and decryption) and must be known by both parties? |
Secret key |
|
|
Camille and Sophie want to engage in secure communication. Both hold a public/private key pair. Camille wants to send an encrypted message to Sophie. Which of the following happens first? |
Camille encrypts the message with her public key |
|
|
In a three-level CA hierarchy, the middle-level servers are referred to as which type of CA? |
Intermediate |
|
|
Which of the following identifies the CA and describes the CA's certificate renewal policy? |
CPS |
|
|
A certificate is issued on July 1, 2015. Its validity period is 2 years, and its renewal period is 2 months. When can the certificate first be renewed? |
September 1, 2017 |
|
|
You want to prevent tampering on your internetworking devices by issuing these devices certificates to run IPsec. What should you install? |
Intermediate CA |
|
|
Which role can renew the CA certificate? |
CA Administrator |
|
|
You want to create a separate backup for the certificate store and make sure the backup occurs every Friday at 11:00 p.m. How should you do this? |
Use certutil and Windows Task Scheduler |
|
|
To reduce the amount of traffic generated when clients download the CRL, which of the following should you use? |
CDP |
|
|
You want to begin using smart cards for user logon. The number of enrolment stations you have is limited, so you want to assign department administrators to enrol only other users in their departments in smart card certificates. How should you go about this? |
Issue the designated department administrators an Enrolment Agent certificate. Configure the CA server's properties to restrict enrolment agents. Publish the smart card certificate template. Have the designated enrolment agents use Web enrolment to enrol departmental users in the smart card certificates |
|
|
Your company runs a commercial Web site that enables your business partners to purchase products and manage their accounts. You want to increase the site's security by issuing certificates to business partners to augment logon security and protect data transmissions with encryption. What should you install? |
An intermediate CA |
|
|
Which of the following is a service provided by a PKI? (Choose all that apply.) |
Confidentiality, Nonrepudiation |
|
|
Which of the following steps is necessary to configure an online responder? |
Configure an OCSP Response Signing certificate template, Enrol the OR with the OCSP Response Signing certificate., Configure revocation for the OR |
|
|
Your CA has issued several hundred certificates and private keys to several hundred users. More than once, a user's private key has been lost or corrupted, resulting in lost data. You want to make sure your users' private keys can be recovered if needed. What should you do? |
Key Archival(Feedback) |
|
|
In a federation trust, the company whose users are accessing resources is referred to as which of the following |
Account partner |
|
|
What's the term for an agreed-on set of user attributes that both parties in a federation trust use to determine a user's credentials? |
Token |
|
|
You're installing AD FS to facilitate transactions with a business partner. You want to keep the federation server secure behind a firewall and don't want direct communication between your partner's computer and the federation server. What should you use? |
Federation service proxy |
|
|
You have several Web applications that you want trusted Internet clients to be able to access with a single sign-on. The Internet clients aren't from a single company; they can be from anywhere on the Internet. Which AD DS design should you use? |
Web SSO |
|
|
Which of the following role services do you use with AD FS deployed on a Windows Server 2012 R2 server if you need a proxy on the perimeter network? |
Web Application Proxy |
|
|
Which of the following isn't part of a typical AD FS deployment? |
DHCP |
|
|
What should you configure in AD FS when you want the claims provider to trust the relying party from which claims are made? |
Claims provider trust |
|
|
What should you configure if certain attributes from the claims provider must be mapped to attributes the relying party can accept? |
Authentication policies |
|
|
Which of the following isn't part of a typical AD RMS installation in a production environment? |
AD RMS database server |
|
|
Which of the following is true about an AD RMS deployment? |
The service account must be a regular domain user |
|
|
Which of the following is true about AD RMS installation and configuration? |
A self-signed certificate can be used for the server certificate |
|
|
Which of the following contains the public key of the AD RMS server? |
Server licensor certificate |
|
|
Which of the following is created when a client publishes a rights-protected document? |
Publishing license |
