Which rule should you modify?

HOTSPOT
Your network contains an Active Directory domain named corp.contoso.com. The domain contains a domain controller named DC1.
When you run ping dc1.corp.contoso.com, you receive the result as shown in the exhibit. (Click the Exhibit button.)

image275 - 
Which rule should you modify?
You need to ensure that DC1 can respond to the Ping command.
Which rule should you modify? To answer, select the appropriate rule in the answer area.

image277 - 
Which rule should you modify?

Answer:

image279 - 
Which rule should you modify?
Explanation:
ICMP should have been enabled when ADDS was installed
Reference:
http://social . technet . microsoft .com /wiki/contents/articles/16566 . windows-active-directory-role-for-windowsservers . aspx

Which of the following is TRUE with regards to connecting a physical disk to a virtual machine?

You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed. Contoso.com has a server, named ENSUREPASS-SR07, which has two physical disks installed. The C: drive hosts the boot partition, while the D: drive is not being used. Both disks are online.
You have received instructions to create a virtual machine on ENSUREPASS-SR07. Subsequent to creating the virtual machine, you have to connect the D: drive to the virtual machine.
Which of the following is TRUE with regards to connecting a physical disk to a virtual machine?
A. The physical disk should not be online.
B. The physical disk should be uninstalled and re-installed.
C. The physical disk should be configured as a striped disk.
D. The physical disk should be configured as a mirrored disk.

Answer: A
Explanation:
Your virtual machines can also be connected to physical hard disks on the virtualization server virtual hard disks. (This is sometimes referred to as having a “pass-through” disk connected to a virtual machine.)
The physical hard disk that you connect to a virtual machine can also be a network-attached disk, like a logical unit number (LUN) in a storage area network (SAN). A common example is an iSCSI LUN that has been mapped to the virtualization server by using Microsoft iSCSI Initiator. Because the virtualization server sees network-attached storage as local disks, the iSCSI LUN can be connected to a virtual machine.
The most important limitation about having a physical hard disk connected to a virtual machine is that it cannot be connected to the virtualization server or to other virtual machines at the same time. The virtual machine must have exclusive access to the physical hard disk.
Pass-through Disk Configuration Hyper-V allows virtual machines to access storage mapped directly to the Hyper-V server without requiring the volume be configured. The storage can either be a physical disk internal to the Hyper-V server or it can be a Storage Area Network (SAN) Logical Unit (LUN) mapped to the Hyper-V server. To ensure the Guest has exclusive access to the storage, it must be placed in an Offline state from the Hyper-Vserver perspective.

What command should you run?

HOTSPOT
Your network contains one Active Directory forest named contoso.com. The forest contains a single domain. A user named User5 has the required permissions to link Group Policy (GPOs) to any container in the domain.
You need to assign permissions to User5 to meet the following requirements:
• User5 must be able to edit the GPO settings for all of the GPOs linked to the contoso.com domain.
• User5 must be able to edit the GPO settings for all of the unlinked GPOs in the domain.
• User5 must use the principle of least priviledge.
What command should you run? To answer, select the appropriate options in the answer area.

image618 - 
What command should you run?

Answer:

image620 - 
What command should you run?
Explanation:
The Set-GPPermissions command grants a level of permissions to a security principal for one GPO or all the GPOs in a domain.
The parameter -All <SwitchParameter> specifies that the permission level is set for the specified security principal for all GPOs in the domain.
The parameter -PermissionLevel <GPPermisssionType> specifies the permission level to set for the security principal. The valid permission levels are: GpoRead, GpoApply, GpoEdit, GpoEditDeleteModifySecurity or None.
Reference: Set-GPPermissions
https://technet.microsoft.com/en-us/library/ee461038.aspx

What should you do?

Your network contains a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2. You create a checkpoint of VM1, and then you install an application on VM1. You verify that the application runs properly. You need to ensure that the current state of VM1 is contained in a single virtual hard disk file. The solution must minimize the amount of downtime on VM1.
What should you do?
A. From a command prompt, run dism.exe and specify the /delete-image parameter.
B. From a command prompt, run dism.exe and specify the /commit-image parameter.
C. From Hyper-V Manager, delete the checkpoint.
D. From Hyper-V Manager, inspect the virtual hard disk.

Answer: C

What should you do?

You have a server named Server1 that has a Server Core installation of Windows Server 2008 R2. Server1 has the DHCP Server role and the File Server role installed. You need to upgrade Server1 to Windows Server 2012 R2 with the graphical user interface (GUI).
The solution must meet the following requirements:
• Preserve the server roles and their configurations.
• Minimize administrative effort.
What should you do?
A. On Server1, run setup.exe from the Windows Server 2012 R2 installation media and select Server with a GUI.
B. Start Server1 from the Windows Server 2012 R2 installation media and select Server Core Installation.
When the installation is complete, add the Server Graphical Shell feature.
C. Start Server1 from the Windows Server 2012 R2 installation media and select Server with a GUI.
D. On Server1, run setup.exe from the Windows Server 2012 R2 installation media and select Server Core Installation.
When the installation is complete, add the Server Graphical Shell feature

Answer: D
Explanation:
A. Server is on 2008 R2 core, must install 2012 R2 core and then GUI
B. Not least effort
C. Not least effort
D. Upgrade to 2012 R2 and install GUI shell
http://technet.microsoft.com/en-us/library/jj574204.aspx Upgrades that switch from a Server Core installation to the Server with a GUI mode of Windows Server 2012 R2 in one step (and vice versa) are not supported.
However, after upgrade is complete, Windows Server 2012 R2 allows you to switch freely between Server Core and Server with a GUI modes.

What should you configure?

Topic 3, Volume C

HOTSPOT
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8. An administrator creates an application control policy and links the policy to an organizational unit (OU) named OU1. The application control policy contains several deny rules. The deny rules apply to the Everyone group. You need to prevent users from running the denied application.
What should you configure? To answer, select the appropriate object in the answer area.

image359 - 
What should you configure?

Answer:

image361 - 
What should you configure?
Explanation:
To enable the Enforce rules enforcement setting by using the Local Security Policy snap-in

Which two actions should you perform?

You have a server named Server1. Server1 runs Windows Server 2012 R2 and has the File and Storage Services server role installed. You attach four 500-GB disks to Server1.
You need to configure the storage to meet the following requirements:
• Storage for an application named Application1 must be provided. Application1 requires 20 GB and will require a maximum of 800 GB in three years.
• Storage for an application named Application2 must be provided. Application2 requires 20 GB and will require a maximum of 900 GB in three years.
• The solution must provide the ability to dynamically add storage without requiring configuration changes to the applications.
• The storage must be available if a single disk fails.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From File and Storage Services, create virtual disks by using fixed provisioning.
B. From File and Storage Services, create virtual disks by using thin provisioning.
C. From File and Storage Services, create a storage pool that uses all four disks.
D. From Disk Management, create a new RAID-5 volume that uses all four disks.
E. From Disk Management, create two new mirror volumes that use two disks each.

Answer: B, C
Explanation:
Reference: http://technet.microsoft.com/en-us/library/jj822937.aspx

Which Two security settings should you modify?

HOTSPOT
Your network contains one Active Directory domain named contoso.com. The domain contains 2,000 client computers used by students.
You recently discover an increase in calls to the helpdesk that relate to security policy to meet the following requirement:
• Modify the UserName of the built-in account named Administrator
• Support a time mismatch between client computers and domain controllers of up to three minutes.
Which Two security settings should you modify?
A. Account Policies
B. Password Policy
C. Account Lockout Policy
D. Kerberos Policy
E. Local Policies
F. Audit Policy
G. User Rights Assignment
H. Security Options

Answer: D, H

Which two firewall rules should you create?

You install Windows Server 2012 R2 on a standalone server named Server1. You configure Server1 as a VPN server. You need to ensure that client computers can establish PPTP connections to Server1.
Which two firewall rules should you create? (Each correct answer presents part of the solution. Choose two.)
A. An inbound rule for protocol 47
B. An outbound rule for protocol 47
C. An inbound rule for TCP port 1723
D. An inbound rule for TCP port 1701
E. An outbound rule for TCP port 1723
F. An outbound rule for TCP port 1701

Answer: A, C
Explanation:
The following is a list of firewall ports which need to be opened for the various VPN tunnel protocols:
For PPTP:
IP Protocol=TCP, TCP Port number=1723 <- Used by PPTP control path
IP Protocol=GRE (value 47) <- Used by PPTP data path
For L2TP:
IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv1 (IPSec control path)
IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv1 (IPSec control path)
IP Protocol Type=ESP (value 50) <- Used by IPSec data path
For SSTP:
IP Protocol=TCP, TCP Port number=443 <- Used by SSTP control and data path
For IKEv2:
IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv2 (IPSec control path)
IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv2 (IPSec control path)
IP Protocol Type=ESP (value 50) <- Used by IPSec data path

What should you do first?

Your network contains an Active Directory domain named contoso.com. The network contains a member server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server role installed and has a primary zone for contoso.com. The Active Directory domain contains 500 client computers. There are an additional 20 computers in a workgroup. You discover that every client computer on the network can add its record to the contoso.com zone. You need to ensure that only the client computers in the Active Directory domain can register records in the contoso.com zone.
What should you do first?
A. Move the contoso.com zone to a domain controller that is configured as a DNS server.
B. Configure the Dynamic updates settings of the contoso.com zone.
C. Sign the contoso.com zone by using DNSSEC
D. Configure the Security settings of the contoso.com zone.

Answer: A
Explanation:
If you install DNS server on a non-DC, then you are not able to create AD-integrated zones. DNS update security is available only for zones that are integrated into AD DS. When you directory- integrate a zone, access control list (ACL) editing features are available in DNS Managerso that you can add or remove users or groups from the ACL for a specified zone or resource record.