What should you do?

Your network contains a Network Policy Server (NPS) server named Server1. The network contains a server named SQL1 that has Microsoft SQL Server 2008 R2 installed. All servers run Windows Server 2012 R2. You configure NPS on Server1 to log accounting data to a database on SQL1. You need to ensure that the accounting data is captured if SQL1 fails. The solution must minimize cost.
What should you do?
A. Implement Failover Clustering.
B. Implement database mirroring.
C. Run the Accounting Configuration Wizard.
D. Modify the SQL Server Logging properties.

Answer: C
Explanation:
In Windows Server 2008 R2, an accounting configuration wizard is added to the Accounting node in the NPS console.
By using the Accounting Configuration wizard, you can configure the following four accounting settings:
• SQL logging only. By using this setting, you can configure a data link to a SQL Server that allows NPS to connect to and send accounting data to the SQL server. In addition, the wizard can configure the database on the SQL Server to ensure that the database is compatible with NPS SQL server logging.
• Text logging only. By using this setting, you can configure NPS to log accounting data to a text file.
• Parallel logging. By using this setting, you can configure the SQL Server data link and database. You can also configure text file logging so that NPS logs simultaneously to the text file and the SQL Server database.
• SQL logging with backup. By using this setting, you can configure the SQL Server data link and database. In addition, you can configure text file logging that NPS uses if SQL Server logging fails.

What should you do?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
You configure a quota threshold as shown in the exhibit. (Click the Exhibit button.)

image394 - 
What should you do?
You need to ensure that a user named User1 receives an email notification when the threshold is exceeded.
What should you do?
A. Create a performance counter alert.
B. Create a classification rule.
C. Modify the members of the Performance Log Users group.
D. Configure the File Server Resource Manager Options.

Answer: D
Explanation:
When you create quotas and file screens, you have the option of sending e-mail notifications to users when their quota limit is approaching or after they have attempted to save files that have been blocked. If you want to routinely notify certain administrators of quota and file screening events, you can configure one or more default recipients.
To send these notifications, you must specify the SMTP server to be used for forwarding the e-mail messages.
To configure e-mail options
In the console tree, right-click File Server Resource Manager, and then click Configure options. The File Server Resource Manager Options dialog box opens.

image395 - 
What should you do?
On the E-mail Notifications tab, under SMTP server name or IP address, type the host name or the IP address of the SMTP server that will forward e-mail notifications.
If you want to routinely notify certain administrators of quota or file screening events, under Default administrator recipients, type each e-mail address.
Use the format [email protected] Use semicolons to separate multiple accounts.
To test your settings, click Send Test E-mail.

image397 - 
What should you do?

image399 - 
What should you do?

Which cmdlets should you use to meet each requirement?

HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2. Both servers have the DFS Replication role service installed.
You need to configure the DFS Replication environment to meet the following requirements:
• Increase the quota limit of the staging folder.
• Configure the staging folder cleanup process to provide the highest amount of free space possible.
Which cmdlets should you use to meet each requirement? To answer, select the appropriate options in the answer area.

image098 - 
Which cmdlets should you use to meet each requirement?

image100 - 
Which cmdlets should you use to meet each requirement?

Answer:

image102 - 
Which cmdlets should you use to meet each requirement?

To which server should you deploy the feature?

Your network contains an Active Directory domain named adatum.com. The domain contains five servers.
The servers are configured as shown in the following table.

image523 - 
To which server should you deploy the feature?
All desktop computers in adatum.com run Windows 8 and are configured to use BitLocker Drive Encryption (BitLocker) on all local disk drives. You need to deploy the Network Unlock feature. The solution must minimize the number of features and server roles installed on the network.
To which server should you deploy the feature?
A. Server3
B. Server1
C. DC2
D. Server2
E. DC1

Answer: B
Explanation:
The BitLocker-NetworkUnlock feature must be installed on a Windows Deployment Server (which does not have to be configured–the WDSServer service just needs to be running).

Which type of record should you create?

You have a DNS server that runs Windows Server 2012 R2. The server hosts the zone for contoso.com and is accessible from the Internet. You need to create a DNS record for the Sender Policy Framework (SPF) to list the hosts that are authorized to send email for contoso.com.
Which type of record should you create?
A. mail exchanger (MX)
B. resource record signature (RRSIG)
C. text (TXT)
D. name server (NS)

Answer: C

Which settings should you configure in a Group Policy object (GPO)?

Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet. You implement DirectAccess by using the default configuration. You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com.
Which settings should you configure in a Group Policy object (GPO)?
A. DirectAccess Client Experience Settings
B. DNS Client
C. Name Resolution Policy
D. Network Connections

Answer: C
Explanation:
For DirectAccess, the NRPT must be configured with the namespaces of your intranet with a leading dot (for example, internal.contoso.com or. corp.contoso.com). For a DirectAccess client, any name request that matches one of these namespaces will be sent to the specified intranet Domain Name System (DNS) servers.
Include all intranet DNS namespaces that you want DirectAccess client computers to access.
There are no command line methods for configuring NRPT rules. You must use Group Policy settings. To configure the NRPT through Group Policy, use the Group Policy add-in at Computer Configuration \Policies\Windows Settings\Name Resolution Policy in the Group Policy object for DirectAccess clients. You can create a new NRPT rule and edit or delete existing rules. For more information, see Configure the NRPT with Group Policy.

What should you install on Server2?

Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. Server1 has a share named Share1.
When users without permission to Share1 attempt to access the share, they receive the Access Denied message as shown in the exhibit. (Click the Exhibit button.)

image104 - 
What should you install on Server2?
You deploy a new file server named Server2 that runs Windows Server 2012 R2.
You need to configure Server2 to display the same custom Access Denied message as Server1.
What should you install on Server2?
A. The Remote Assistance feature
B. The Storage Services server role
C. The File Server Resource Manager role service
D. The Enhanced Storage feature

Answer: C
Explanation:
Access-Denied Assistance is a new role service of the File Server role in Windows Server 2012.

image106 - 
What should you install on Server2?
We need to install the prerequisites for Access-Denied Assistance.
Because Access-Denied Assistance relies up on e-mail notifications, we also need to configure each relevant file server with a Simple Mail Transfer Protocol (SMTP) server address. Let’s do that quickly with Windows PowerShell:
Set-FSRMSetting -SMTPServer mailserver. nuggetlab.com -AdminEmailAddress [email protected] -FromEmailAddress [email protected]
You can enable Access-Denied Assistance either on a per-server basis or centrally via Group Policy. To my mind, the latter approach is infinitely preferable from an administration standpoint.
Create a new GPO and make sure to target the GPO at your file servers’ Active Directory computer accounts as well as those of your AD client computers. In the Group Policy Object Editor, we are looking for the following path to configure Access-Denied Assistance:
\Computer Configuration\Policies\Administrative Templates\System\Access-Denied Assistance

image108 - 
What should you install on Server2?
The Customize message for Access Denied errors policy, shown in the screenshot below, enables us to create the actual message box shown to users when they access a shared file to which their user account has no access.

image110 - 
What should you install on Server2?
What’s cool about this policy is that we can “personalize” the e-mail notifications to give us administrators (and, optionally, file owners) the details they need to resolve the permissions issue quickly and easily.
For instance, we can insert pre-defined macros to swap in the full path to the target file, the administrator e-mail address, and so forth. See this example:
Whoops! It looks like you’re having trouble accessing [Original File Path]. Please click Request Assistance to send [Admin Email] a help request e-mail message. Thanks!
You should find that your users prefer these human-readable, informative error messages to the cryptic, non-descript error dialogs they are accustomed to dealing with.
The Enable access-denied assistance on client for all file types policy should be enabled to force client computers to participate in Access-Denied Assistance. Again, you must make sure to target your GPO scope accordingly to “hit” your domain workstations as well as your Windows Server 2012 file servers.
Testing the configuration
This should come as no surprise to you, but Access-Denied Assistance works only with Windows Server 2012 and Windows 8 computers. More specifically, you must enable the Desktop Experience feature on your servers to see Access-Denied Assistance messages on server computers.
When a Windows 8 client computer attempts to open a file to which the user has no access, the custom Access-Denied Assistance message should appear:

image111 - 
What should you install on Server2?
If the user clicks Request Assistance in the Network Access dialog box, they see a secondary message:

image112 - 
What should you install on Server2?
At the end of this process, the administrator(s) will receive an e-mail message that contains the key information they need in order to resolve the access problem:

image114 - 
What should you install on Server2?
The user’s Active Directory identity

image114 - 
What should you install on Server2?
The full path to the problematic file

image114 - 
What should you install on Server2?
A user-generated explanation of the problem
So that’s it, friends! Access-Denied Assistance presents Windows systems administrators with an easy-to-manage method for more efficiently resolving user access problems on shared file system resources. Of course, the key caveat is that your file servers must run Windows Server 2012 and your client devices must run Windows 8, but other than that, this is a great technology that should save admins extra work and end-users extra headaches.
Reference:http://4sysops.com/archives/access-denied-assistance-in-windows-server-2012/

What should you run?

You have a DNS server named Served that has a Server Core Installation on Windows Server 2012 R2. You need to view the time-to-live (TTL) value of a name server (NS) record that is cached by the DNS Server service on Server1.
What should you run?
A. Show-DNSServerCache
B. nslookup.exe
C. ipconfig.exe /displaydns
D. dnscacheugc.exe

Answer: A
Explanation:
The Show-DNSServerCache shows all cached Domain Name System (DNS) server resource records in the following format: Name, ResourceRecordData, Time-to-Live (TTL).

What should you modify in the SOA record for the adatum.com zone?

HOTSPOT
Your network contains an Active Directory domain named contoso.com. All DNS servers host a DNS zone named adatum.com. The adatum.com zone is not Active Directory-integrated. An administrator modifies the start of authority (SOA) record for the adatum.com zone. After the modification, you discover that when you add or modify DNS records in the adatum.com zone, the changes are not transferred to the DNS servers that host secondary copies of the adatum.com zone.
You need to ensure that the records are transferred to all the copies of the adatum.com zone.
What should you modify in the SOA record for the adatum.com zone? To answer, select the appropriate setting in the answer area.

image165 - 
What should you modify in the SOA record for the adatum.com zone?

Answer:

image167 - 
What should you modify in the SOA record for the adatum.com zone?
Explanation:
When a DNS server receives an update through Active Directory replication:
If the serial number of the replicated record is higher than the serial number in the SOA record of the local copy of the zone, the local zone serial number is set to the serial number in the replicated record.
Note Each DNS record in the zone has a copy of the zone serial number at the time when the record was last modified.
If the serial number of the replicated record is the same or lower than the local serial number, and if the local DNS server is configured not to allow zone transfer of the zone, the local zone serial number is not changed.
If the serial number of the replicated record is the same or lower than the local zone serial number, if the DNS server is configured to allow a zone transfer of the zone, and if the local zone serial number has not been changed since the last zone transfer occurred to a remote DNS server, then the local zone serial number will be incremented. Otherwise that is if a copy of the zone with the current local zone serial number has not been transferred to a remote DNS server, the local zone serial number is not changed.

Which tool should you use?

Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2. You have a Password Settings object (PSOs) named PSO1.
You need to view the settings of PSO1.
Which tool should you use?
A. Get-ADDefaultDomainPasswordPolicy
B. Active Directory Administrative Center
C. Local Security Policy
D. Get-ADAccountResultantPasswordReplicationPolicy

Answer: B
Explanation:
In Windows Server 2012, fine-grained password policy management is made much easier than Windows Server 2008/2008 R2. Windows Administrators not have to use ADSI Edit and configure complicated settings to create the Password Settings Object (PSO) in the Password Settings Container. Instead we can configure fine-grained password policy directly in Active Directory Administrative Center (ADAC).