You have a server named Server1 that runs Windows Server 2012 R2. You have a subscription to Windows Azure. You need to register the Microsoft Azure Backup Agent on Server1.
What should you do first?
A. Install the Microsoft System Center 2012 Data Protection Manager (DPM) agent.
B. Create a backup vault.
C. Create Site Recovery vault.
D. Configure a passphrase for the Azure Backup Agent.
To back up files and data from your Windows Server to Azure, you must create a backup vault in the geographic region where you want to store the data.
The main steps include:
* the creation of the vault you will use to store backups
* downloading a vault credential
* the installation of a backup agent
You have a server named Server1 that runs Windows Server 2012 R2. Each day, Server1 is backed up fully to an external disk. On Server1, the disk that contains the operating system fails. You replace the failed disk. You need to perform a bare-metal recovery of Server1 by using the Windows Recovery Environment (Windows RE).
What should you use?
A. The Wbadmin.exe command
B. The Repair-bde.exe command
C. The Get-WBBareMetalRecovery cmdlet
D. The Start-WBVolumeRecovery cmdlet
Wbadmin enables you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt.
Wbadmin start sysrecovery runs a recovery of the full system (at least all the volumes that contain the operating system’s state). This subcommand is only available if you are using the Windows Recovery Environment.
* Wbadmin start sysrecovery -backupTarget
Specifies the storage location that contains the backup or backups that you want to recover. This parameter is useful when the storage location is different from where backups of this computer
Not B. Accesses encrypted data on a severely damaged hard disk if the drive was encrypted by using BitLocker. Repair-bde can reconstruct critical parts of the drive and salvage recoverable data as long as a valid recovery password or recovery key is used to decrypt the data.
Not C. Gets the value that indicates whether the ability to perform bare metal recoveries from backups has been added to the backup policy (WBPolicy object).
Not D. Starts a volume recovery operation.
Reference: Wbadmin start sysrecovery
You are employed as a network administrator at consoto.com. Contoso.com has in an Active Directory domain named contoso.com. All Servers on the contoso.com network have Windows Server 2012 R2 installed. A contoso.com server, named Server1,hosts the Active Directory Certificate Services Server role and utilizes a hardware security module(HSM) to safeguard its private key. You have beed instructed to backup the Active Directory Certificate Services (ADCS) database, log files,and private key regularly. You should not use a utility supplied by the hardware security module (HSM) creator.
Which of the following actions should you take?
A. You should consider scheduling an incremental backup
B. You Should consider making use of the certutil.exe command.
C. You should consider schedulling a differential backup
D. You should consider schedulling a copy backup
A. ADCS needs to be backup up using certutil
B. -Backup, -backupdb, -backupKey: You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
C. ADCS needs to be backup up using certutil
D. ADCS needs to be backup up using certutil
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server role installed. You need to store the contents of all the DNS queries received by Server1.
What should you configure?
A. Logging from Windows Firewall with Advanced Security
B. Debug logging from DNS Manager
C. A Data Collector Set (DCS) from Performance Monitor
D. Monitoring from DNS Manager
Debug logging allows you to log the packets sent and received by a DNS server. Debug logging is disabled by default, and because it is resource intensive, you should only activate it temporarily when you need more specific detailed information about server performance.
Reference: Active Directory 2008: DNS Debug Logging Facts…
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured. For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll the smart card certificates for the users. You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent.
Which setting should you modify? To answer, select the appropriate setting in the answer area.
/ In application policy drop-down list select Certificate Request Agent.
/ The Issuance Requirements Tab
* Application policy. This option specifies the application policy that must be included in the signing certificate used to sign the certificate request. It is enabled when Policy type required in signature is set to either Application policy or Both application and issuance policy.
Reference: Administering Certificate Templates
Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. You need to identify whether deleted objects can be recovered from the Active Directory Recycle Bin.
Which cmdlet should you use?
The Get-ADOptionalFeature cmdlet gets an optional feature or performs a search to retrieve multiple optional features from an Active Directory.
Example: Get a specified optional feature
This command gets the optional feature with the name Recycle Bin Feature.
PS C :\> Get-ADOptionalFeature -Identity ‘Recycle Bin Feature’
You have 30 servers that run Windows Server 2012 R2. All of the servers are backed up daily by using Windows Azure Online Backup. You need to perform an immediate backup of all the servers to Windows Azure Online Backup.
Which Windows PowerShell cmdlets should you run on each server?
A. Get-OBPolicy | StartOBBackup
B. Start-OBRegistration | StartOBBackup
C. Get-WBPolicy | Start-WBBackup
D. Get-WBBackupTarget | Start-WBBackup
This example starts a backup job using a policy.
PS C:\> Get-OBPolicy | Start-OBBackup
Not B. Registers the current computer to Windows Azure Backup.
Not C. Not using Azure
Not D. Not using Azure
You have a server named Server1 that runs Windows Server 2012 R2. Server1 is an enterprise subordinate certification authority (CA). Server1 is issued a server certificate. You need to ensure that users can request certificates from Server1 by using a web browser.
Which three actions should you perform? Each correct answer presents part of the solution.
A. From server manager, run the add roles and Features wizard.
B. from internet information services (iis) manager, modify the machine key validation method.
C. from internet information services (iis) manager, modify the binding of the default web site.
D. from internet information services (iis) manager, add an application pool.
E. from server manager, run the ADCS configuration wizard.
Which permission should you assign on a CA to a group of users that you want to allow to alter the list of recovery agents?
B. Issue And Manage Certificates
C. Manage CA
D. Request Certificates.
Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains an Active Directory Rights Management Services (AD RMS) root cluster. All servers run Windows Server 2012 R2. You need to ensure that the rights account certificates issued in adatum.com are accepted by the AD RMS root cluster in contoso.com.
What should you do in each forest? To answer, drag the appropriate actions to the correct forests. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
A trusted user domain, often referred as a TUD, is a trust between AD RMS clusters that instructs a licensing server to accept rights account certificates (the certificates identifying users) from another AD RMS server in a different Active Directory forest. An AD RMS trust is not the same as an Active Directory trust, but it is similar in that it refers to the ability of one environment to accept identities from another environment as valid subjects.