Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
95 Cards in this Set
- Front
- Back
|
What feature should you enable to prevent the sIDHistory attribute from being used to falsely gain administrative privileges in a trusting forest? |
SID Filtering |
|
|
Which of the following is NOT a function of the global catalog? |
Facilitates intersite replication |
|
|
You have a forest with three trees and twelve domains. Users are complaining that access to resources in other domains is slow. You suspect the delay is caused by authentication referrals. What can you do to mitigate the problem? |
Create a shortcut trust |
|
|
You have just installed two new Linux servers to handle a new application. You want to integrate user authentication between Linux and your existing Windows Server 2012 R2 domain controllers. What can you do? |
Create a realm trust |
|
|
The transfer of Active Directory information among domain controllers is referred to as which of the following? |
Replication |
|
|
Why might it be a good idea to configure multiple domains in a forest? |
Need for differing account policies |
|
|
Which feature was first introduced with the Windows Server 2012 R2 domain functional level? |
Authentication Policy silos |
|
|
Which is responsible for facilitating forest-wide Active Directory searches? |
Global catalog server |
|
|
An Active Directory forest consists of three trees and twelve domains. You haven’t transferred or seized any FSMO roles. On which domain controller is the Schema Master? |
The first domain controller in the forest root domain |
|
|
In an Active Directory forest, what component is responsible for determining the replication topology? |
KCC |
|
|
What features should you configure if you want limit access to resources by users in a trusted forest, regardless of permission settings on these resources? |
Selective authentication |
|
|
What is the first domain installed in a forest called? |
Forest Root |
|
|
Why might you need to configure multiple forests? |
Need for differing account policies |
|
|
Your company has purchased another company that also uses Windows Server 2012 R2 and Active Directory. Both companies need to be able to access each other's forest resources. How can you achieve this goal with the least administrative effort? |
Create a two-way forest trust |
|
|
Which of the following is a feature first introduced with the Windows Server 2012 R2 domain functional level? |
Protected Users group |
|
|
Before you configure a forest trust, what should you configure to ensure you can contact the forest root of both forests from both forests? |
Stub zones |
|
|
Which Active Directory component is part of Active Directory's physical structure? |
Domain controllers |
|
|
Which of the following is a component of Active Directory’s physical structure? |
Sites |
|
|
Which component of a site makes a site link transitive? |
site link bridge |
|
|
What is the schedule for nonurgent intrasite replication? |
15 seconds after any change occurs, with a 3-second delay between partners |
|
|
You want to change the replication schedule between two domain controllers in the same site to occur six times per hour. You don't want to affect the replication schedule of any other DCs. What should you do to make this change? |
Create a new connection object for the two domain controllers, and set the schedule to six times per hour. Tell the KCC to check the replication topology. |
|
|
Which is responsible for determining the replication topology between sites? |
ISTG |
|
|
What is created automatically by the KCC and allows the configuration of replication between sites? |
Connection object |
|
|
Which command shows you detailed information about replication status, including information on each partition? |
repadmin \showrepl |
|
|
Which of the following is responsible for assigning a bridgehead server to handle replication for each directory partition? |
Inter-Site Topology Generator |
|
|
Which command analyzes the overall health of Active Directory and performs replication security checks? |
dcdiag |
|
|
Your network is configured in a hub-and-spoke topology. You want to control the flow of replication traffic between sites, specifically reducing the traffic across network links between hub sites to reach satellite sites. What should you configure? |
Site link bridges |
|
|
You have four sites: San Francisco, Phoenix, Houston, and Pittsburgh. You have created site links between San Francisco and Phoenix and between Phoenix and Houston, and between Houston and Pittsburgh with the default site link settings. What do you need to do to make sure replication occurs between San Francisco and Pittsburgh? |
Do nothing; replication will occur between all sites with the current configuration. |
|
|
A partition stored on a domain controller in the HQ site isn’t being replicated to other sites, but all other partitions on domain controllers in the HQ site are being replicated. The problem partition is stored on multiple domain controllers in HQ. What should you investigate as the source of the problem? |
A manually configured bridgehead server |
|
|
Which of the following is an advantage of having multiple sites when you have multiple physical locations? |
Application efficiency |
|
|
All your domain controllers are running Windows Server 2012 R2 in a new forest. What should you check if GPT replication is not occurring correctly? |
DFSR |
|
|
Mike calls the help desk to change his forgotten password. The help desk operator says the password has been changed and Mike immediately attempts to log on with the new password but gets a logon failed message. He tries logging on again a few minutes later and is successful. What’s the most likely reason Mike wasn't able to immediately log on? |
The domain controller holding the PDC emulator role couldn't be contacted by the domain controller that authenticated the user. |
|
|
What can you do if you notice that a DC failed to register its service records? |
Stop and start the Netlogon service. |
|
|
Which of the following is true about subnets with respect to Active Directory sites? |
By default, no subnets are created in Active Directory Sites and Services |
|
|
You have a network with three sites named SiteA, SiteB, and SiteC that are assigned the subnets 10.1.0.0/16, 10.2.0.0/16, and 10.3.0.0/16, respectively. You change the IP address of a domain controller in SiteB to 10.1.100.250/16. What should you do now? |
Move the computer object of the domain controller in Active Directory Sites and Services to SiteA. |
|
|
Where can you find connection objects? |
Under a server object's NTDS Settings node |
|
|
You want to configure two DHCP servers; one is running Windows Server 2012 R2 and the other is running Windows Server 2008 R2. One will be the primary server and the other should assign addresses to clients only if the primary server doesn't respond within about a second. You don't want replication to be part of the configuration. What should you configure? |
Split Scope |
|
|
Which of the following can be routed within a private network but not on the public Internet? |
fc40::18ff:0024:8e5a:60 |
|
|
Which high-availability option for DHCP should you configure if you want a DHCP server to operate in hot standby mode without having to configure shared storage? |
DHCP failover |
|
|
Which of the following is an IPv6 link-local address? |
fe80::18ff:0024:8e5a:60 |
|
|
What type of DNS query does a DNS client usually send to its local DNS server? |
Recursive |
|
|
Which feature is used to protect against DNS cache poisoning? |
Socket Pool |
|
|
Which option is NOT configured when you create a DHCPv6 scope? |
Default Gateway |
|
|
Which of the following is a suite of features and protocols for validating DNS server responses? |
DNSSEC |
|
|
Which feature allows you to prevent DNS records from being overwritten until the TTL is expired by a specified percentage? |
Cache locking |
|
|
What must you do on a member server before the server can begin providing DHCP services? |
Authorize the server |
|
|
What do DNS resolvers use to verify the digital signature in RRSIG records? |
DNSKEY |
|
|
You have created a new DHCP scope with address range 192.168.1.1 to 192.168.1.254. You have five servers configured with static addresses in the range 192.168.1.240 to 192.168.1.244. You plan on configuring as many as ten more servers to use static addresses in the range 192.168.1.245 to 192.168.1.254. What should you configure on your scope? |
Exclusion range |
|
|
Which of the following can be routed on the public Internet? |
2001::18ff:0024:8e5a:60 |
|
|
Which type of IPv6 configuration uses router advertisements for prefix assignment? |
Stateless autoconfiguration |
|
|
You have just installed a DHCP server and created a new scope with the default options. A DHCP client leases an IP address at 8:00am on Monday, February 3rd. When will the client lease expire if it is never renewed? |
February 11 at 8:00am |
|
|
You just got a shipment of 10 network-attached laser printers. You want these printers to always have the same address but you want the addresses to be assigned via DHCP. What should you do? |
Configure reservations |
|
|
You have expanded your current LAN from about 200 hosts to over 350 hosts. The first 200 hosts were getting IP addresses from a scope configured with the address range 10.1.1.1 to 10.1.1.250 with prefix length 24. You don't want to change the IP addressing scheme for the existing hosts, but you need to accommodate all 350 hosts with DHCP-assigned addresses. You don't have any VLANs or routers configured. What should you configure? |
Superscope |
|
|
You have installed a streaming video service on your network. You want selected hosts to be able to access this service via a dynamically assigned class D IP address. What do you need to configure? |
Multicast scope |
|
|
You have two LANs connected via a router. Network 1 has a DHCP server with a single Ethernet interface. Network 2 does not have a DHCP server. You want the hosts on Network 2 to be able to get IP addresses from the DHCP server on Network 1. What should you configure? |
Relay agent on Network 2 |
|
|
Which of the following allows you to manage a group of iSCSI devices from a central server? |
iSNS Server |
|
|
Which of the following sends commands to a logical storage space consisting of one or more virtual disks? |
iSCSI initiator |
|
|
You plan to create 4 VMs on a new Hyper-V server. The Hyper-V server has 2 TB of free disk space. You want each VM to have up to 600 GB of hard drive space. Which feature should you use when configuring these VMs? |
Thin provisioning |
|
|
Which command shows you the Windows features that have been removed from the default feature store? |
Get-WindowsFeature | where InstallState -eq Removed |
|
|
You have an internetwork of four LANs connected via routers. You want to configure BranchCache to support all four LANs. What should you configure? |
Hosted cache mode |
|
|
Which feature of Hyper-V running on Windows Server 2012 R2 can help reduce the space used by virtual disks? |
Automatic trim and unmap |
|
|
Which authentication protocol can be used to allow an iSCSI target to authenticate to the iSCSI initiator? |
Reverse CHAP |
|
|
Which of the following provides high availability for the native UNIX file-sharing protocol? |
NFS data store |
|
|
If you use Features on Demand, from where are the roles and features files removed? |
C:\Windows\WinSxs |
|
|
After you have enabled a classification property, what should you do so that FSRM recognizes the new property? |
Run the Update-FsrmClassificationPropertyDefinition cmdlet |
|
|
Which of the following is an attribute of a file that can be used to categorize the file's contents? |
Classification property |
|
|
What feature available in Storage Spaces lets you combine traditional mechanical HDDs with SSDs to get better performance? |
Tiered storage |
|
|
You want to configure a BranchCache server in hosted cache mode. What is the minimum OS version requirement to do so? |
Windows Server 2008 R2 |
|
|
You have a main office and a branch office connected via a WAN link. Users have complained that access to file shares has been slow. What feature can you install in Windows Server 2012 R2 that might help the problem? |
BranchCache |
|
|
You have a main office and a branch office connected via a WAN link. Users have complained that access to file shares has been slow. What feature can you install in Windows Server 2012 R2 that might help the problem? |
iqn.1911-05.com.microsoft:SAN.domain1.local |
|
|
You need to monitor a group's access to a file that might be stored on several servers in the network. What should you do that requires the least administrative effort? |
Create a global object access auditing policy
|
|
|
If you want to be able to install roles and features on Windows Server 2012 R2 servers using a file share, what should you create? |
Feature file store |
|
|
You have several thousand documents in the Marketing share. You need to be able easily identify those files that contain sensitive data. Which feature can best help with this task? |
File classification |
|
|
Which of the following is a reference ID to a logical drive used by the iSCSI initiator? |
iSCSI LUN |
|
|
A group of engineers are working on a new project. The engineers have decided that the Linux OS works best for this particular project but they still need access to shared files on the Windows Server 2012 R2 servers. You want to allow the engineers to access the shared files using native Linux file sharing. What should you do? |
Install Server for NFS role service on the servers |
|
|
Which of the following should you do first if you want to set DAC permissions on several servers using Group Policy? |
Create a central access rule |
|
|
After you have install an IPAM server and have connected to it in Server Manager, what task should you perform next? |
Provision the IPAM server |
|
|
What property of a central access rule do you need to configure if you want the rule to affect only files with certain properties? |
Target Resources |
|
|
What must you do if you want to use a user account's job title attribute to restrict access to a folder using the Permission Entry dialog box? |
Create a claim type |
|
|
What must you do before you can use predefined resource properties in a permission entry? |
Enable the properties with ADAC |
|
|
Which IPAM topology should be used when you have servers at several branch offices that you wish to manage but no IT personnel at those branch offices? |
Centralized |
|
|
Which of the following sets permissions on targeted resources and can contain DAC and NTFS permissions. |
Central access rule |
|
|
What must you do to enable claims for use in DAC and Kerberos authentication? |
Configure a GPO and link it to the Domain Controllers OU |
|
|
What feature introduced in Windows Server 2012 allows users to solve problems related to file and folder access? |
Access-denied assistance |
|
|
You have six DHCP servers on your network, but only four of them are being displayed in the IPAM Server Inventory window. What action should you take that will most likely cause the other two servers to be displayed? |
Make the other two servers domain members |
|
|
You have recently completed IPAM installation and configuration. You have several each of DHCP servers, DNS servers, and domain controllers. Server discovery has completed but when you view the inventory, no DHCP servers are being displayed. Which of the following actions is most likely to solve the problem? |
Uninstall DHCP on the IPAM server |
|
|
A user account named JaneDoe with the job title Administration is a member of two security groups that have Read and Full Control permission respectively, to a folder named Marketing via assigned NTFS permissions. You create a central access policy that grants Modify permission to the folder to users with the job title Administration. What is JaneDoe's permission to the Marketing folder? |
Modify |
|
|
What must be true about a resource property before a file server can download and use it? |
It must be a member of a resource property list |
|
|
What's the best way to change IPAM storage from the WID to an SQL server? |
Run the Move-IpamDatabase cmdlet |
|
|
Which Windows feature must be installed to use file classifications to control access to files? |
DAC |
|
|
Which of the following is NOT a component of the IPAM infrastructure? |
Discovery agent |
|
|
Which tool allows you to configure automatic classification of files using resource properties? |
FSRM |
|
|
You have several member computers on your network running Windows 8.1 that contain sensitive files. Your DCs are running Windows Server 2012 R2. You need to be able to classify those files so that access is restricted based on the classification. What do you need to do first? |
Move the files to a member server running Windows Server 2012 R2 |
|
|
On which server should you install the IPAM Server feature? |
A member server running Windows Server 2012 R2 |
|
|
What should you do if you need to change the provisioning method for IPAM? |
Uninstall and reinstall IPAM and select a different provisioning method |
