What should you do first?

You have a server named Server1 that runs Windows Server 2012 R2. You have a subscription to Windows Azure. You need to register the Microsoft Azure Backup Agent on Server1.
What should you do first?
A. Install the Microsoft System Center 2012 Data Protection Manager (DPM) agent.
B. Create a backup vault.
C. Create Site Recovery vault.
D. Configure a passphrase for the Azure Backup Agent.

Answer: B
Explanation:
To back up files and data from your Windows Server to Azure, you must create a backup vault in the geographic region where you want to store the data.
The main steps include:
* the creation of the vault you will use to store backups
* downloading a vault credential
* the installation of a backup agent
https://azure.microsoft.com/sv-se/documentation/articles/backup-configure-vault/

What should you use?

You have a server named Server1 that runs Windows Server 2012 R2. Each day, Server1 is backed up fully to an external disk. On Server1, the disk that contains the operating system fails. You replace the failed disk. You need to perform a bare-metal recovery of Server1 by using the Windows Recovery Environment (Windows RE).
What should you use?
A. The Wbadmin.exe command
B. The Repair-bde.exe command
C. The Get-WBBareMetalRecovery cmdlet
D. The Start-WBVolumeRecovery cmdlet

Answer: A
Explanation:
Wbadmin enables you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt.
Wbadmin start sysrecovery runs a recovery of the full system (at least all the volumes that contain the operating system’s state). This subcommand is only available if you are using the Windows Recovery Environment.
* Wbadmin start sysrecovery -backupTarget
Specifies the storage location that contains the backup or backups that you want to recover. This parameter is useful when the storage location is different from where backups of this computer
Incorrect:
Not B. Accesses encrypted data on a severely damaged hard disk if the drive was encrypted by using BitLocker. Repair-bde can reconstruct critical parts of the drive and salvage recoverable data as long as a valid recovery password or recovery key is used to decrypt the data.
Not C. Gets the value that indicates whether the ability to perform bare metal recoveries from backups has been added to the backup policy (WBPolicy object).
Not D. Starts a volume recovery operation.
Reference: Wbadmin start sysrecovery
http://technet.microsoft.com/en-us/library/cc742118.aspx

Which of the following actions should you take?

You are employed as a network administrator at consoto.com. Contoso.com has in an Active Directory domain named contoso.com. All Servers on the contoso.com network have Windows Server 2012 R2 installed. A contoso.com server, named Server1,hosts the Active Directory Certificate Services Server role and utilizes a hardware security module(HSM) to safeguard its private key. You have beed instructed to backup the Active Directory Certificate Services (ADCS) database, log files,and private key regularly. You should not use a utility supplied by the hardware security module (HSM) creator.
Which of the following actions should you take?
A. You should consider scheduling an incremental backup
B. You Should consider making use of the certutil.exe command.
C. You should consider schedulling a differential backup
D. You should consider schedulling a copy backup

Answer: B
Explanation:
A. ADCS needs to be backup up using certutil
B. -Backup, -backupdb, -backupKey: You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
C. ADCS needs to be backup up using certutil
D. ADCS needs to be backup up using certutil
http://technet.microsoft.com/library/cc732443.aspx
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backup
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupDB
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupKey
http://blogs.technet.com/b/pki/archive/2010/04/20/disaster-recovery-procedures-for-theactive-directorycertificate-services-adcs.aspx

image536 - 
Which of the following actions should you take?

What should you configure?

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server role installed. You need to store the contents of all the DNS queries received by Server1.
What should you configure?
A. Logging from Windows Firewall with Advanced Security
B. Debug logging from DNS Manager
C. A Data Collector Set (DCS) from Performance Monitor
D. Monitoring from DNS Manager

Answer: B
Explanation:
Debug logging allows you to log the packets sent and received by a DNS server. Debug logging is disabled by default, and because it is resource intensive, you should only activate it temporarily when you need more specific detailed information about server performance.
Reference: Active Directory 2008: DNS Debug Logging Facts…

Which setting should you modify?

HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured. For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll the smart card certificates for the users. You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent.
Which setting should you modify? To answer, select the appropriate setting in the answer area.

image039 - 
Which setting should you modify?

Answer:

image040 - 
Which setting should you modify?
Explanation:
/ In application policy drop-down list select Certificate Request Agent.
/ The Issuance Requirements Tab
* Application policy. This option specifies the application policy that must be included in the signing certificate used to sign the certificate request. It is enabled when Policy type required in signature is set to either Application policy or Both application and issuance policy.
Reference: Administering Certificate Templates
http://technet.microsoft.com/en-us/library/cc725621(v=WS.10) .aspx

Which cmdlet should you use?

Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. You need to identify whether deleted objects can be recovered from the Active Directory Recycle Bin.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature

Answer: E
Explanation:
The Get-ADOptionalFeature cmdlet gets an optional feature or performs a search to retrieve multiple optional features from an Active Directory.
Example: Get a specified optional feature
This command gets the optional feature with the name Recycle Bin Feature.
Windows PowerShell
PS C :\> Get-ADOptionalFeature -Identity ‘Recycle Bin Feature’
Reference: Get-ADOptionalFeature
https://technet.microsoft.com/en-us/library/hh852212(v=wps.630).aspx

Which Windows PowerShell cmdlets should you run on each server?

You have 30 servers that run Windows Server 2012 R2. All of the servers are backed up daily by using Windows Azure Online Backup. You need to perform an immediate backup of all the servers to Windows Azure Online Backup.
Which Windows PowerShell cmdlets should you run on each server?
A. Get-OBPolicy | StartOBBackup
B. Start-OBRegistration | StartOBBackup
C. Get-WBPolicy | Start-WBBackup
D. Get-WBBackupTarget | Start-WBBackup

Answer: A
Explanation:
This example starts a backup job using a policy.
Windows PowerShell
PS C:\> Get-OBPolicy | Start-OBBackup
Incorrect:
Not B. Registers the current computer to Windows Azure Backup.
Not C. Not using Azure
Not D. Not using Azure
Reference: Start-OBBackup
http://technet.microsoft.com/en-us/library/hh770406(v=wps.620).aspx

Which three actions should you perform?

You have a server named Server1 that runs Windows Server 2012 R2. Server1 is an enterprise subordinate certification authority (CA). Server1 is issued a server certificate. You need to ensure that users can request certificates from Server1 by using a web browser.
Which three actions should you perform? Each correct answer presents part of the solution.
A. From server manager, run the add roles and Features wizard.
B. from internet information services (iis) manager, modify the machine key validation method.
C. from internet information services (iis) manager, modify the binding of the default web site.
D. from internet information services (iis) manager, add an application pool.
E. from server manager, run the ADCS configuration wizard.

Answer: ACE

Which permission should you assign on a CA to a group of users that you want to allow to alter the list of recovery agents?

Which permission should you assign on a CA to a group of users that you want to allow to alter the list of recovery agents?
A. Read
B. Issue And Manage Certificates
C. Manage CA
D. Request Certificates.

Answer: C

What should you do in each forest?

DRAG DROP
Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains an Active Directory Rights Management Services (AD RMS) root cluster. All servers run Windows Server 2012 R2. You need to ensure that the rights account certificates issued in adatum.com are accepted by the AD RMS root cluster in contoso.com.
What should you do in each forest? To answer, drag the appropriate actions to the correct forests. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

image185 - What should you do in each forest?

Answer:

image187 - What should you do in each forest?
Explanation:
A trusted user domain, often referred as a TUD, is a trust between AD RMS clusters that instructs a licensing server to accept rights account certificates (the certificates identifying users) from another AD RMS server in a different Active Directory forest. An AD RMS trust is not the same as an Active Directory trust, but it is similar in that it refers to the ability of one environment to accept identities from another environment as valid subjects.
Illustration:

image188 - What should you do in each forest?
Reference: Trusted User Domain