70-411by.ADELINE.255

Microsoft.Braindumps.70-411.v2014-08-18.by.ADELINE.255q.fix

Number: 70-411Passing Score: 700Time Limit: 120 minFile Version: 14.6

Exam Code: 70-411

Exam Name: Administering Windows Server 2012

Version 14.6

196q Annette V2

QUESTION 1V31 Q1: Heidi Q51 = McK Q4-17 = Snowden:Q178 David:Q237 Ricardo:Q184 ScottCha:D24 = V32-Q1 # V31-Q1 is wrong

Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 R2.

Server1 has the following role services installed:DirectAccess and VPN (RRAS)Network Policy Server

Remote users have client computers that run either Windows XP, Windows 7, or Windows 8.

You need to ensure that only the client computers that run Windows 7 or Windows 8 can establish VPNconnections to Server1.

What should you configure on Server1?

A. A condition of a Network Policy Server (NPS) network policy

B. A constraint of a Network Policy Server (NPS) network policy

C. A condition of a Network Policy Server (NPS) connection request policy

D. A vendor-specific RADIUS attribute of a Network Policy Server (NPS) connection request policy

Correct Answer: ASection: (none)Explanation

Explanation/Reference:A choice = Brittany = McK Q4-17 = Snowden:Q178 = David:Q237 = Ricardo:Q184 = ScottCha:D24 = V32-Q1C choice = V31-Q1 = Lucille

Lucille: http://technet.microsoft.com/library/cc753603(v=ws.10).aspx

KidFisto Austria May 05, 2014 Q1 - I think the correct answer is A - A condition of a Network Policy Server (NPS) network policy. In the answer C that is given as the correct there is no option to select the operating system option. But in Network policy underConditions little bit down there is an option to choose which OS you want to select. Somebody correct me if i am wrong.

Ginolard Luxembourg May 23, 2014 Q1 - the requirement is that clients are disconnected after 3 minutes idle timeAnswer is B (constraint of a network policy)

I known Heidi Q51 is 100% correct question. But I think Microsoft have different version of the same question.

Sunny_day Canada May 18, 2014 The answer is Chttp://msdn.microsoft.com/en-us/library/cc753603.aspx

Somebody wrote at my exam there were a condition "idle after 3 minutes"

QUESTION 2V31 Q2 = McK 4-27 = Snowden:Q171 David:Q213 Ricardo:Q150 ScottCha:D17

You are a network administrator of an Active Directory domain named contoso.com.

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server serverrole and the Network Policy Server role service installed.

You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1.

You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP clients.

Which criteria should you specify when you create the DHCP policy?

A. The client identifier

B. The user class

C. The vendor class

D. The relay agent information

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

To configure a NAP-enabled DHCP server

On the DHCP server, click Start, click Run, in Open, type dhcpmgmt.smc, and then press ENTER.1.In the DHCP console, open \IPv4.2.Right-click the name of the DHCP scope that you will use for NAP client computers, and then click 3.Properties.On the Network Access Protection tab, under Network Access Protection Settings, choose Enable for 4.this scope, verify that Use default Network Access Protection profile is selected, and then click OK. In the

DHCP console tree, under the DHCP scope that you have selected, right-click Scope Options, 5.and then click Configure Options.On the Advanced tab, verify that Default User Class is selected next to User class.6.Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the 7.default gateway used by compliant NAP client computers, and then click Add. Select the 006 DNS Serverscheck box, and in IP Address, under Data entry, type the IP address for 8.each router to be used by compliant NAP client computers, and then click Add. Select the 015 DNS DomainName check box, and in String value, under Data entry, type your 9.organization's domain name (for example, woodgrovebank.local), and then click Apply. This domain is a full-access network assigned to compliant NAP clients.On the Advanced tab, next to User class, choose Default Network Access Protection Class.10.Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the 11.default gateway used by noncompliant NAP client computers, and then click Add. This can be the same defaultgateway that is used by compliant NAP clients.Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for 12.each DNS server to be used by noncompliant NAP client computers, and then click Add. These can be thesame DNS servers used by compliant NAP clients.Select the 015 DNS Domain Name check box, and in String value, under Data entry, type a name to 13.identify the restricted domain (for example, restricted.woodgrovebank.local), and then click OK. This domain isa restricted-access network assigned to noncompliant NAP clients.Click OK to close the Scope Options dialog box.14.Close the DHCP console.15.

http://technet.microsoft.com/en-us/library/dd296905%28v=ws.10%29.aspx

QUESTION 3V31-Q3 = Mck Q4-13 = Snowden:Q229 David:Q270 Ricardo:Q260 ScottCha:E23

Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.

An administrator creates a RADIUS client template named Template1.

You create a RADIUS client named Client1 by using Template 1.

You need to modify the shared secret for Client1.What should you do first?

A. Configure the Advanced settings of Template1.

B. Set the Shared secret setting of Template1 to Manual.

C. Clear Enable this RADIUS client for Client1.

D. Clear Select an existing template for Client1.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:The bold word was in the exam, it is more easy to understand with the bold words, the bold words was missing in V31

QUESTION 4V31 Q4 new question - please verify

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012R2.

The domain contains a server named Server1 that has the Network Policy Server server role and the RemoteAccess server role installed. The domain contains a server named Server2 that is configured as a RADIUS server.

Server1 provides VPN access to external users.

You need to ensure that all of the VPN connections to Server1 are logged to the RADIUS server on Server2.

What should you run?

A. Add-RemoteAccessRadius -ServerName Server1 -AccountingOnOffMsg Enabled -SharedSecret "Secret" -Purpose Accounting

B. Set-RemoteAccessAccounting -AccountingOnOffMsg Enabled -AccountingOnOffMsg Enabled

C. Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled -SharedSecret "Secret" -Purpose Accounting

D. Set-RemoteAccessAccounting -EnableAccountingType Inbox -AccountingOnOffMsg Enabled

Correct Answer: CSection: (none)Explanation

Explanation/Reference:The bold word is mine

Lucille: http://technet.microsoft.com/en-us/library/hh918425.aspx

QUESTION 5V31 Q5 = McK Q4-4 = Snowden:Q116 David:Q126,Q250 ,Q205 ScottCha:C14 Korede:A43 Tara:C13

Your network contains four Network Policy Server (NPS) servers named Server1, Server2, Server3, andServer4.

Server1 is configured as a RADIUS proxy that forwards connection requests to a remote RADIUS server groupnamed Group1.

You need to ensure that Server2 and Server3 receive connection requests. Server4 must only receiveconnection requests if both Server2 and Server3 are unavailable.

How should you configure Group1?

A. Change the Weight of Server4 to 10.

B. Change the Weight of Server2 and Server3 to 10.

C. Change the Priority of Server2 and Server3 to 10.

D. Change the Priority of Server4 to 10.


Explanation/Reference:During the NPS proxy configuration process, you can create remote RADIUS server groups and then addRADIUS servers to each group. To configure load balancing, you must have more than one RADIUS server perremote RADIUS server group. While adding group members, or after creating a RADIUS server as a groupmember, you can access the Add RADIUS server dialog box to configure the following items on the LoadBalancing tab:

Priority. Priority specifies the order of importance of the RADIUS server to the NPS proxy server. Prioritylevel must be assigned a value that is an integer, such as 1, 2, or 3. The lower the number, the higherpriority the NPS proxy gives to the RADIUS server. For example, if the RADIUS server is assigned the highestpriority of 1, the NPS proxy sends connection requests to the RADIUS server first; if servers with priority 1 arenot available, NPS then sends connection requests to RADIUS servers with priority 2, and so on. You canassign the same priority to multiple RADIUS servers, and then use the Weight setting to load balancebetween them.

Weight. NPS uses this Weight setting to determine how many connection requests to send to each groupmember when the group members have the same priority level. Weight setting must be assigned a valuebetween 1 and 100, and the value represents a percentage of 100 percent. For example, if the remote RADIUSserver group contains two members that both have a priority level of 1 and a weight rating of 50, the NPS proxyforwards 50 percent of the connection requests to each RADIUS server.

Advanced settings. These failover settingsprovide a way for NPS to determine whether the remote RADIUS

server is unavailable. If NPS determines that a RADIUS server is unavailable, it can start sending connectionrequests to other group members. With these settings you can configure the number of seconds that the NPSproxy waits for a response from the RADIUS server before it considers the request dropped; the maximumnumber of dropped requests before the NPS proxy identifies the RADIUS server as unavailable; and thenumber of seconds that can elapse between requests before the NPS proxy identifies the RADIUS server asunavailable.

The default priority is 1 and can be changed from 1 to 65535. So changing server 2 and 3 to priority 10 is notthe way to go.

http://technet.microsoft.com/en-us/library/dd197433(WS.10).aspx

QUESTION 6V31 Q6 = McK Q6-22 = Snowden:Q13 David:Q12 Ricardo:Q93 ScottCha:A12 Jimi:C2 Korede:B73 Molly1:A34

Your network contains an Active Directory domain named adatum.com.

A network administrator creates a Group Policy central store.

After the central store is created, you discover that when you create new Group Policy objects (GPOs), theGPOs do not contain any Administrative Templates.You need to ensure that the Administrative Templates appear in new GPOs.

What should you do?

A. Add your user account to the Group Policy Creator Owners group.

B. Configure all domain controllers as global catalog servers.

C. Copy files from %Windir%\Policydefinitions to the central store.

D. Modify the Delegation settings of the new GPOs.


Explanation/Reference:In earlier operating systems, all the default Administrative Template files are added to the ADM folder of aGroup Policy object (GPO) on a domain controller. The GPOs are stored in the SYSVOL folder. The SYSVOLfolder is automatically replicated to other domain controllers in the same domain. A policy file usesapproximately 2 megabytes (MB) of hard disk space. Because each domain controller stores a distinct versionof a policy, replication traffic is increased.

In Group Policy for Windows Server 2008 and Windows Vista, if you change Administrative template policysettings on local computers, Sysvol will not be automatically updated with the new .ADMX or .ADML files. Thischange in behavior is implemented to reduce network load and disk storage requirements, and to preventconflicts between .ADMX files and. ADML files when edits to Administrative template policy settings are madeacross different locales. To make sure that any local updates are reflected in Sysvol, you must manually copythe updated .ADMX or .ADML files from the PolicyDefinitions file on the local computer to the Sysvol\PolicyDefinitions folder on the appropriate domain controller.

To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on adomain controller. The Central Store is a file location that is checked by the Group Policy tools. The GroupPolicy tools use any .admx files that are in the Central Store. The files that are in the Central Store are laterreplicated to all domain controllers in the domain.

To create a Central Store for .admx and .adml files, create a folder that is named PolicyDefinitions in thefollowing location:\\FQDN\SYSVOL\FQDN\policies

http://support.microsoft.com/kb/929841

QUESTION 7V31 Q7 = McK Q6-39 = Snowden:Q25 David:Q25,Q148 Ricardo:Q139 ScottCha:A20 Korede:B11,B60

Your network contains an Active Directory domain named contoso.com. All domain controllers run WindowsServer 2012 R2. The domain contains 500 client computers that run Windows 8 Enterprise.

You implement a Group Policy central store.

You have an application named App1. App1 requires that a custom registry setting be deployed to all of thecomputers.

You need to deploy the custom registry setting. The solution must minimize administrator effort.

What should you configure in a Group Policy object (GPO)?

A. The Software Installation settings

B. The Administrative Templates

C. An application control policy

D. The Group Policy preferences

Correct Answer: D

Section: (none)Explanation

Explanation/Reference:Group Policy preferences provide the means to simplify deployment and standardize configurations. They addto Group Policy a centralized system for deploying preferences (that is, settings that users can change later).

You can also use Group Policy preferences to configure applications that are not Group Policy- aware. By usingGroup Policy preferences, you can change or delete almost any registry setting, file or folder, shortcut, andmore. You are not limited by the contents of Administrative Template files. The Group Policy ManagementEditor (GPME) includes Group Policy preferences.http://technet.microsoft.com/en-us/library/gg699429.aspxhttp://www.unidesk.com/blog/gpos-set-custom-registry-entries-virtual-desktops-disabling-machine- password

QUESTION 8V31-Q8 = Heide Q44 new question please verify

Your network contains two Active Directory forests named contoso.com and dev.contoso.com. Thecontoso.com forest contains a domain controller named DC1. The dev.contoso.com forest contains a domaincontroller named DC2. Each domain contains an organizational unit (OU) named OU1.

Dev.contoso.com has a Group Policy object (GPO) named GPO1. GPO1 contains 200 settings, includingseveral settings that have network paths. GPO1 is linked to OU1.

You need to copy GPO1 from dev.contoso.com to contoso.com.

What should you do first on DC2?

A. From the Group Policy Management console, right-click GPO1 and select Copy.

B. Run the mtedit.exe command and specify the /Domaintcontoso.com /DC:DC 1 parameter.

C. Run the Save-NetGpocmdlet.

D. Run the Backup-Gpocmdlet.


Explanation/Reference:V31: D = V32: D - no explanationJeannettte = Muriel = Carolyn ACorics Ph. May 26, 2014: A

zacky Sri Lanka May 13, 2014: A

Marvin Netherlands Apr 26, 2014:

Answer A; From the Group Policy Management console, right click GPO1 and select copy

Copy. A copy operation allows you to transfer settings from an existing GPO in Active Directory directly into anew GPO. The new GPO created during the copy operation is given a new GUID and is unlinked. You can usea copy operation to transfer settings to a new GPO in the same domain, another domain in the same forest, ora domain in another forest. Because a copy operation uses an existing GPO in Active Directory as its source,trust is required between the source and destination domains. Copy operations are suited for moving GroupPolicy between production environments, and for migrating Group Policy that has been tested in a test domainor forest to a production environment, as long as there is trust between the source and destination domains.The two domain controllers are in the same forest.

http://technet.microsoft.com/en-us/library/cc785343(v=ws.10).aspx

QUESTION 9V31-Q9 = McK Q6-40 = Snowden:Q197 David:Q235 Ricardo:Q179 ScottCha:D39

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012R2.

Client computers run either Windows 7 or Windows 8. All of the client computers have an application namedApp1 installed.

The domain contains a Group Policy object (GPO) named GPO1 that is applied to all of the client computers.

You need to add a system variable named App1Data to all of the client computers.

Which Group Policy preference should you configure?

A. Environment

B. Ini Files

C. Data Sources

D. Services



QUESTION 10V31-Q10 = McK Q6-35 = Snowden:Q180 David:Q216 Ricardo:Q153 ScottCha:D26

Your network contains an Active Directory domain named contoso.com.

All user accounts reside in an organizational unit (OU) named OU1.

You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policypreference of GPO1 to add a shortcut named Link1 to the desktop of each user. You discover that when a userdeletes Link1, the shortcut is removed permanently from the desktop.

You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again.

What should you do?

A. Enforce GPO1.

B. Modify the Link1 shortcut preference of GPO1.

C. Enable loopback processing in GPO1.

D. Modify the Security Filtering settings of GPO1.


Explanation/Reference:This is the old Q & A. please compare with the new one in Q45 = Heidi Q45, just to confuse you !

This type of preference item provides a choice of four actions: Create, Replace, Update, and Delete. Thebehavior of the preference item varies with the action selected and whether the shortcut already exists.

http://technet.microsoft.com/en-us/library/cc753580.aspxhttp://technet.microsoft.com/en-us/library/cc753580.aspx

QUESTION 11V31-Q11 see Q59

You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Servicesserver role installed.

You have a desktop computer that has the following configuration:Computer name: Computer1Operating system: Windows 8MAC address: 20-CF-30-65-D0-87GUID: 979708BF-C04B-4525-9FE0-C4150BB6C618

You need to configure a pre-staged device for Computer1 in the Windows Deployment Services console.

Which two values should you assign to the device ID? (Each correct answer presents a complete solution.Choose two.)

A. 20CF3065D08700000000000000000000

B. 979708BFC04B45259FE0C4150BB6C618

C. 979708BF-C04B-452S-9FE0-C4150BB6C618

D. 0000000000000000000020CF306SD087

E. 00000000-0000-0000-0000-C41S0BB6C618

Correct Answer: CDSection: (none)Explanation

Explanation/Reference:Lavonia 18 april 2014 without any explanation: B & D

* To add or remove pre-staged client to/from AD DS, specify the name of the computer or the device ID, whichis a GUID, media access control (MAC) address, or Dynamic Host Configuration Protocol (DHCP) identifierassociated with the computer.

* Example: Remove a device by using its ID from a specified domain

This command removes the pre-staged device that has the specified ID. The cmdlet searches the domainnamed TSQA.Contoso.com for the device.

Windows PowerShell

PS C:\> Remove-WdsClient -DeviceID "5a7a1def-2e1f-4a7b-a792-ae5275b6ef92" -Domain -DomainName"TSQA.Contoso.com"

QUESTION 12V31 Q12

You have Windows Server 2012 R2 installation media that contains a file named Install.wim. You need to identify the permissions of the mounted images in Install.wim.

What should you do?

A. Run dism.exe and specify the /get-mountedwiminfo parameter.

B. Run imagex.exe and specify the /verify parameter.

C. Run imagex.exe and specify the /ref parameter.

D. Run dism.exe and specify the/get-imageinfo parameter.


Explanation/Reference:Be aware of the words "mounted images" compare the diffent to V31-Q61 where the answer is /get-imageinfo.

Almost same question as McK Q1-5 Snowden:Q82 David:Q91 Ricardo:Q98 ScottCha:B24 Jimi:C1 Korede:A52 Tara:C1 Molly1:A33 wtihanswer A /get-mountedwiminfo

But second line was: "You need to identify which images are present in Install.wim."

http://technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/dd744382(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/hh825224.aspx

A. /Get-MountedWimInfo Lists the images that are currently mounted and information about themounted image such as read/write permissions, mount location, mounted file path, and mounted image index.Example:Dism /Get-MountedImageInfo

D. /Get-ImageInfo retrieve the name or index number for the image that you want to updateArguments:/ImageFile:[{/Index: | /Name:}]Displays information about the images that are contained in the .wim, .vhd or .vhdx file. When used with the /Index or /Name argument, information about the specified image is displayed. The /Name argument does not

apply to VHD files. You must specify /Index:1 for VHD files.

QUESTION 13V31 Q13 new question

You have a server named Server1 that runs Windows Server 2012 R2. You create a Data Collector Set (DCS)named DCS1.You need to configure DCS1 to log data to D:\logs.

What should you do?

A. Right-click DCS1 and click Properties.

B. Right-click DCS1 and click Export list...

C. Right-click DCS1 and click Data Manager...

D. Right-click DCS1 and click Save template...


Explanation/Reference:V31 = D, V32 = A

Quinntin Apr 24, 2014: Agreed: A

Lavonia 18 april 2014 without any explanation: ACorics Ph. May 26, 2014: Azacky Sri Lanka May 13, 2014: A

MM Australia Apr 14,2014You create a Data Collector Set named DCS1. You need to configure DCS1 to log data to D:\logs. What shouldyou do? I don't understand why you are saving it as a template, wouldn't you just goto the properties of the DataCollector Set?

Umar UK: A

Marvin Netherlands = Jeannette: A

In addition to defining a root directory for storing Data Collector Set data, you can specify a single Subdirectoryor create a Subdirectory name format by clicking the arrow to the right of the text entry field. The Exampledirectory at the bottom of the page provides a real-time sample of the directory and/or subdirectory where theData Collector Set data will be stored

QUESTION 14V31-Q14 = McK Q1-34 = David:Q262 Ricardo:Q210

Your network contains an Active Directory domain named adatum.com. The domain contains a member servernamed Server1 and 10 web servers. All of the web servers are in an organizational unit (OU) namedWebServers_OU. All of the servers run Windows Server 2012 R2.

On Server1, you need to collect the error events from all of the web servers. The solution must ensure thatwhen new web servers are added to WebServers_OU, their error events are collected automatically onServer1.

What should you do?

A. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configurethe Configure target Subscription Manager setting.

B. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configurethe Configure forwarder resource usage setting.

C. On Server1, create a collector initiated subscription. From a Group Policy object (GPO), configure theConfigure forwarder resource usage setting.

D. On Server1, create a collector initiated subscription. From a Group Policy object (GPO), configure theConfigure target Subscription Manager setting.


Explanation/Reference:Corics Ph. May 26, 2014 = Czacky Sri Lanka May 13, 2014 = C

QUESTION 15V31 Q15 = Carrie Q2 new question

Your network contains a Hyper-V host named Hyperv1. Hyperv1 runs Windows Server 2012 R2.Hyperv1 hosts four virtual machines named VM1, VM2, VM3, and VM4. AH of the virtual machines runWindows Server 2008 R2.

You need to view the amount of memory resources and processor resources that VM4 currently uses.

Which tool should you use on Hyperv1?

A. Windows System Resource Manager (WSRM)

B. Task Manager

C. Hyper-V Manager

D. Resource Monitor


Explanation/Reference:V31: A , V32: C

Lavonia 18 april 2014 without any explanation: CCorics Ph. May 26, 2014: Czacky Sri Lanka May 13, 2014 = C

Marvin Netherlands Apr 26, 2014

Answer C; Hyper-V ManagerWSRM is removed in 2012

QUESTION 16V31- Q16 = Carrie Q4 = new question please verify

Your network contains an Active Directory domain named contoso.com. The domain contains a member servernamed Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.

Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts aprocessor-intensive application named App1.

Users report that App1 responds more slowly than expected.You need to monitor the processor usage on VM1 to identify whether changes must be made to thehardware settings of VM1.

Which performance object should you monitor on Server1?

A. Processor

B. Hyper-V Hypervisor Virtual Processor

C. Hyper-V Hypervisor Logical Processor

D. Hyper-V Hypervisor Root Virtual Processor

E. Process


Explanation/Reference:V31 = V32 = CLucille = B

Logical and virtual processor is confusing

I found this:Logical processors are what's presented to the Hyper-V host as CPU's. While there is a difference between a physical CPU and a CPU core,Logical Processors are used to describe the amount of CPU a Hyper-V host can make use of, which areusually CPU cores, but hyperthreaded cores will show up as logical processors as well.

This is further explained in this article: http://social.technet.microsoft.com/wiki/contents/articles/1234.hyper-v-concepts-vcpu.aspx

Lucille: http://www.fastvue.co/tmgreporter/blog/understanding-hyper-v-cpu-usage-physical-and-virtualSome cut & paste from this link:

Monitoring Physical CPUsThe counter you want to look for is Hyper-V Hypervisor Logical Processor. Specifically % Total Run Time

Monitoring Virtual CPUsA very useful counter is Hyper-V Hypervisor Virtual Processor. Specifically % Total Run Time. When youselect this counter you will notice that it lists the virtual machines VPUs. Each virtual processor here maps to alogical processor as seen above.

This allows us to see if there is a process running on the VM that might not be threading efficiently and spikinga single CPU core to 100% while the remainder stays low. In TMG Reporters case you will not see this badbehavior since it multi-threads rather nicely. The graph below shows a good spread across the CPUs.

A virtual CPU does map to a physical core, but you most likely will have multiple virtual CPUs tied to a physicalcore. This over subscription is one of the main benefits but also potential problem areas for virtualization.

QUESTION 17V31-Q17 = Heidi Q17 = McK-Q2-12 = Snowden:Q203 David:Q240 Ricardo:Q188 ScottCha:E3

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012R2. The functional level of both the domain and the forest is Windows Server 2008 R2.

The domain contains a domain-based Distributed File System (DFS) namespace that is configured as shown inthe exhibit. (Click the Exhibit button.)

You need to enable access-based enumeration on the DFS namespace.What should you do first?

A. Raise the domain functional level.

B. Raise the forest functional level.

C. Install the File Server Resource Manager role service on Server3 and Server5.

D. Delete and recreate the namespace.


Explanation/Reference:Answer: D = V31-Q17 = Heidi Q17 = McK-Q2-12 = Snowden:Q203 David:Q240 Ricardo:Q188 ScottCha:E3

Sunny_day Canada Apr 23, 2014

looking at the exhibit, it would be D. "delete and create namespace" because it is win 2000 domain mode.Thanks, guys!

Lavonia 18 april 2014 without any explanation: C

sdkome Uzbekistan Apr 22, 2014 Q17. correct answer is D. you need to recreate a namespace. when you creat a namespace choode "enablewindowserver 2008 mode" option.

davidlac Apr 18, 2014 Q17 => right answer must be C http://heineborn.com/tech/enable-access-based-enumeration-in-windows-server-2012/

Rick James Portugal Apr 18, 2014 Q.17 states that "The functional level of both domain and the forest is Windows Server 2008 R2" however theexhibit states otherwise: "Domain-based in Windows 2000 Server mode". Which mode counts??

Gabriele Italy Apr 17, 2014 Q17 is correct D . The namespace is 2000 Domain based . http://technet.microsoft.com/en-us/library/dd759150.aspx

Sunny_day Canada Apr 16, 2014 I really think that Question 17 is c, not d. Install the FSRM, because d, an existing namespace can have theabe installed. [Question about the Lpe.exe, earlier, it is the administrative centre (ad recycle bin) ] ?????

QUESTION 18V31-18 = McK Q2-31 =Snowden:Q74 David:Q82 ScottCha:B19 Korede:A21 Tara:C11

Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 R2.

A local account named Admin1 is a member of the Administrators group on Server1.

You need to generate an audit event whenever Admin1 is denied access to a file or folder.


A. auditpol.exe /set /userradmin1 /failure:enable

B. auditpol.exe /set /user:admin1 /category:"detailed tracking" /failure:enable

C. auditpol.exe /resourcesacl /set /type:file /user:admin1 /failure

D. auditpol.exe /resourcesacl /set /type:key /user: admin1 /failure /access:ga


Explanation/Reference:http://technet.microsoft.com/en-us/library/ff625687.aspxset a global resource SACL to audit successful and failed attempts by a user to perform generic read and writefunctions on files or folders:auditpol /resourceSACL /set /type:File /user:MYDOMAINmyuser /success /failure /access:FRFWhttp://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspxSyntax

auditpol /resourceSACL[/set /type: [/success] [/failure] /user: [/access:]] [/remove /type: /user: [/type:]][/clear [/type:]][/view [/user:] [/type:]]http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspxhttp://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspxhttp://technet.microsoft.com/en-us/library/ff625687.aspxhttp://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx

QUESTION 19V31-Q19 = McK Q2-13 = QSnowden:Q61 David:Q66 Ricardo:Q94 ScottCha:B7 Jimi:C14 Korede:A77 Molly1:A41

You have a server named Server1 that runs Windows Server 2012 R2.

An administrator creates a quota as shown in the Quota exhibit. (Click the Exhibit button.)

You run the dir command as shown in the Dir exhibit. (Click the Exhibit button.)

You need to ensure that D:\Folder1 can only consume 100 MB of disk space.

What should you do?

A. From File Server Resource Manager, create a new quota.

B. From File Server Resource Manager, edit the existing quota.

C. From the Services console, set the Startup Type of the Optimize drives service to Automatic.

D. From the properties of drive D, enable quota management.


Explanation/Reference:Create a new Quota on path, without using the auto apply template and create quota on existing and newsubfolders.

http://technet.microsoft.com/en-us/library/cc755603(v=ws.10).aspx

QUESTION 20V31-Q20 = McK Q2-6 = Snowden:Q72 David:Q79 Ricardo:A130 ScottCha:B17 Korede:A18

Your company has a main office and two branch offices. The main office is located in New York. The branchoffices are located in Seattle and Chicago.

The network contains an Active Directory domain named contoso.com. An Active Directory site exists for eachoffice. Active Directory site links exist between the main office and the branch offices. All servers run WindowsServer 2012 R2.

The domain contains three file servers. The file servers are configured as shown in the following table.

You implement a Distributed File System (DFS) replication group named ReplGroup.

ReplGroup is used to replicate a folder on each file server. ReplGroup uses a hub and spoke topology. NYC-SVR1 is configured as the hub server.

You need to ensure that replication can occur if NYC-SVR1 fails.What should you do?

A. Create an Active Directory site link bridge.

B. Create an Active Directory site link.

C. Modify the properties of ReplGroup.

D. Create a connection in ReplGroup.



http://faultbucket.ca/2012/08/fixing-a-dfsr-connection-problem/http://faultbucket.ca/2012/08/fixing-a-dfsr-connection-problem/http://technet.microsoft.com/en-us/library/cc771941.aspx

QUESTION 21V31-Q21 = McK Q2-17 = Snowden:Q219 David:Q255 Ricardo:Q232 ScottCha:E15

Your network contains an Active Directory domain named contoso.com. The domain contains a file servernamed Server1 that runs Windows Server 2012 R2. Server1 has a share named Share1.

When users without permission to Share1 attempt to access the share, they receive the Access Deniedmessage as shown in the exhibit. (Click the Exhibit button.)

You deploy a new file server named Server2 that runs Windows Server 2012 R2.

You need to configure Server2 to display the same custom Access Denied message as Server1.

What should you install on Server2?

A. The Remote Assistance feature

B. The Storage Services server role

C. The File Server Resource Manager role service

D. The Enhanced Storage feature



We need to install the prerequisites for Access-Denied Assistance.

Because Access-Denied Assistance relies up on e-mail notifications, we also need to configure each relevantfile server with a Simple Mail Transfer Protocol (SMTP) server address. Let's do that quickly with WindowsPowerShell:

Set-FSRMSetting -SMTPServer mailserver.nuggetlab.com -AdminEmailAddress [email protected] -FromEmailAddress [email protected]

You can enable Access-Denied Assistance either on a per-server basis or centrally via Group Policy. To mymind, the latter approach is infinitely preferable from an administration standpoint.

Create a new GPO and make sure to target the GPO at your file servers' Active Directory computer accountsas well as those of your AD client computers. In the Group Policy Object Editor, we are looking for the followingpath to configure Access-Denied Assistance:\Computer Configuration\Policies\Administrative Templates\System\Access-Denied Assistance

The Customize message for Access Denied errors policy, shown in the screenshot below, enables us to createthe actual message box shown to users when they access a shared file to which their user account has noaccess.

What's cool about this policy is that we can "personalize" the e-mail notifications to give us administrators (and,optionally, file owners) the details they need to resolve the permissions issue quickly and easily.

For instance, we can insert pre-defined macros to swap in the full path to the target file, the administrator e-mailaddress, and so forth. See this example:

Whoops! It looks like you're having trouble accessing [Original File Path]. Please click Request Assistance tosend [Admin Email] a help request e-mail message. Thanks!

You should find that your users prefer these human-readable, informative error messages to the cryptic, non-descript error dialogs they are accustomed to dealing with.

The Enable access-denied assistance on client for all file types policy should be enabled to force clientcomputers to participate in Access-Denied Assistance. Again, you must make sure to target your GPO scopeaccordingly to "hit" your domain workstations as well as your Windows Server 2012 file servers.

Testing the configurationThis should come as no surprise to you, but Access-Denied Assistance works only with Windows Server 2012and Windows 8 computers. More specifically, you must enable the Desktop Experience feature on your serversto see Access-Denied Assistance messages on server computers.

When a Windows 8 client computer attempts to open a file to which the user has no access, the customAccess-Denied Assistance message should appear:

If the user clicks Request Assistance in the Network Access dialog box, they see a secondary message:

At the end of this process, the administrator(s) will receive an e-mail message that contains the key informationthey need in order to resolve the access problem:The user's Active Directory identity

The full path to the problematic file

A user-generated explanation of the problem

So that's it, friends! Access-Denied Assistance presents Windows systems administrators with an easy- to-

manage method for more efficiently resolving user access problems on shared file system resources. Ofcourse, the key caveat is that your file servers must run Windows Server 2012 and your client devices must runWindows 8, but other than that, this is a great technology that should save admins extra work and end-usersextra headaches.http://4sysops.com/archives/access-denied-assistance-in-windows-server-2012/


You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server ResourceManager role service installed.

Each time a user receives an access-denied message after attempting to access a folder on Server1, an emailnotification is sent to a distribution list named DL1.

You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder1.

You need to ensure that when a user receives an access-denied message while attempting to access Folder1,an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receivingnotifications about other access-denied messages.

What should you do?

A. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share- Advanced option.

B. From the File Server Resource Manager console, modify the Access-Denied Assistance settings.

C. From the File Server Resource Manager console, modify the Email Notifications settings.

D. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share-Applications option.


Explanation/Reference:V31 = C, V32 = A (no explanations)

V31 = C explanation: (but I don't think it is valid if we trust V32 = A)Configure the email notification settingsYou must configure the email notification settings on each file server that will send the access-deniedassistance messages.1. Open File Server Resource Manager. In Server Manager, click Tools, and then click File Server ResourceManager.2. Right-click File Server Resource Manager (Local), and then click Configure Options.3. Click the Email Notifications tab.4. Configure the following settings: In the SMTP server name or IP address box, type the name of IP address of the SMTP server in yourorganization. In the Default administrator recipients and Default "From" e-mail address boxes, type the email address ofthe file server administrator.5. Click Send Test E-mail to ensure that the email notifications are configured correctly.6. Click OK.

Sunny_day Canada May 16, 2014: B http://technet.microsoft.com/en-us/library/hh831402.aspx


Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC1 that runs Windows Server 2012 R2. DC1 is backed up daily.The domain has the Active Directory Recycle Bin enabled.

During routine maintenance, you delete 500 inactive user accounts and 100 inactive groups. One of the deletedgroups is named Group1. Some of the deleted user accounts are members of some of the deleted groups.

For documentation purposes, you must provide a list of the members of Group1 before the group wasdeleted.

You need to identify the names of the users who were members of Group1 prior to its deletion.

You want to achieve this goal by using the minimum amount of administrative effort.

What should you do first?

A. Mount the most recent Active Directory backup.

B. Reactivate the tombstone of Group1.

C. Perform an authoritative restore of Group1.

D. Use the Recycle Bin to restore Group1.


Explanation/Reference:The question is not to restore, the question is to document what was deleted !

QUESTION 24V31-Q24 = McK-Q5-19 = Snowden:Q157

Your network contains an Active Directory domain named contoso.com. The domain contains six domaincontrollers. The domain controllers are configured as shown in the following table.

The network contains a server named Server1 that has the Hyper-v server role installed. DC6 is a virtualmachine that is hosted on Server1.

You need to ensure that you can clone DC6.

Which FSMO role should you transfer to DC2?

A. Rid master

B. Domain naming master

C. PDC emulator

D. Infrastructure master


Explanation/Reference:The clone domain controller uses the security context of the source domain controller (the domain controllerwhose copy it represents) to contact the Windows Server 2012 R2 Primary Domain Controller (PDC) emulatoroperations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows Server 2012 R2, but it does not have to be running on ahypervisor.http://technet.microsoft.com/en-us/library/hh831734.aspx

QUESTION 25V31-Q25 ~ McK Q5-46 = Snowden:Q215 David:Q247 Ricardo:Q203,Q269 ScottCha:E11

Your network contains an Active Directory domain named contoso.com. All domain controllers run eitherWindows Server 2008 or Windows Server 2008 R2.

You deploy a new domain controller named DC1 that runs Windows Server 2012 R2.

You log on to DC1 by using an account that is a member of the Domain Admins group.

You discover that you cannot create Password Settings objects (PSOs) by using Active Directory AdministrativeCenter.

You need to ensure that you can create PSOs from Active Directory Administrative Center.

What should you do?

A. Modify the membership of the Group Policy Creator Owners group.

B. Transfer the PDC emulator operations master role to DC1.

C. Upgrade all of the domain controllers that run Window Server 2008.

D. Raise the functional level of the domain.


Explanation/Reference:We don't known the functional level of the domain!

Fine-grained password policies allow you to specify multiple password policies within a single domain so thatyou can apply different restrictions for password and account lockout policies to different sets of users in adomain. To use a fine-grained password policy, your domain functional level must be at least Windows Server 2008.

To enable fine-grained password policies, you first create a Password Settings Object (PSO). You then configure the same settings that you configure for the password and account lockout policies. You can create and apply PSOs in the Windows Server 2012 environment by using the Active DirectoryAdministrative Center (ADAC) or Windows PowerShell.

Step 1: Create a PSOApplies To: Windows Server 2008, Windows Server 2008 R2

http://technet.microsoft.com/en-us//library/cc754461%28v=ws.10%29.aspx

QUESTION 26V31 - Q26 = Carrie Q8 = Cheryl Q9 new question

Your network contains an Active Directory forest named contoso.com. The functional level of the forest isWindows Server 2008 R2.All of the user accounts in the marketing department are members of a group named Contoso\MarketingUsers.All of the computer accounts in the marketing department are members of a group named Contoso\MarketingComputers.

A domain user named User1 is a member of the Contoso\MarketingUsers group. A computer namedComputer1 is a member of the Contoso\MarketingComputers group.

You have five Password Settings objects (PSOs). The PSOs are defined as shown in the following table.

When User1 logs on to Computer1 and attempts to change her password, she receives an error messageindicating that her password is too short.

You need to tell User1 what her minimum password length is.

What should you tell User1?

A. 10

B. 11

C. 12

D. 14



The above question is from march 2014 and V31 does not have any explanation.----

The old McKenzie Q5-41 look like this, the new questions is just changed precedence and min-length for PS01and PS05.The old answer was 14:

If you have multiple PSOs that are applied to a user or group that the user is a member of, the followingprocess determines the resultant PSO.

1. If a single PSO is linked directly to a user object, the resultant PSO is the singlePSO.

2. If multiple PSOs are linked directly to the user object, the PSO with the lowestmsDSPasswordSettingsPrecedence value is the resultant PSO. If two PSOs have the sameprecedence, the PSO with the mathematically smallest objectGUID is the resultant PSO.

3. If no PSOs are assigned to the user object, and if a single PSO is assigned to a group that the user is amember of, the assigned PSOs is applied.

4. If multiple PSOs are linked to a group that the user is a member of, the PSO with the lowest msDS-PasswordSettingsPrecedence value is the resultant PSO. If two PSOs have the same precedence, the PSOwith the mathematically smallest objectGUID is the resultant PSO.

5. If you do not link any PSOs to the user object, either directly or through group membership, the policydefined in the Default Domain Policy is applied.

To determine which PSO is applied to a user, you can view the msDS-ResultantPSO attribute.

http://web-foro.com/wl/CompanionContent/course/crse6425b_00_09_01_08.htm

QUESTION 27V31 Q27 = Heide Q28 new question

Your network contains an Active Directory domain named contoso.com. The Active Directory Recycle bin isenabled for contoso.com.A support technician accidentally deletes a user account named User1. You need to restore the User1 account.

Which tool should you use?

A. Ldp

B. Esentutl

C. Active Directory Administrative Center

D. Ntdsutil


Explanation/Reference:Aug 05, 2014: Changed to C - Selected C in Exam and got 100% in Section Administrating Active Directory.--The bold words in the question is mine

No explanation in V31-Q27! Be aware of the question.

Active Directory Recycle Bin was first introduced in Windows Server 2008 R2.

Prior to Windows Server 2012, the recycle bin was accessible only from the command line using PowerShell. Windows Server 2012 contains a graphical user interface for working with and enabling the recycle bin as partof the Active Directory Administrative Center.

V31-Q27 choice C: Active Directory Administrative Center | which is not a 100 % correct answer.----------------------------codename007 India Apr 22, 2014 Q.28. Correct answer is A. not C, as question didn't mentioned about server 2012

davidlac Apr 11, 2014Q27 => restore user1 accountUsing ldp.exe seems better. Correct answer must be A.

Please compare McKenzie-Q5-30 and some of the explanations.

Your network contains an Active Directory domain named contoso.com. Domain controllers run eitherWindows Server 2003, Windows Server 2008 R2, or Windows Server 2012. A support technician accidentally deletes a user account named User1.You need to use tombstone reanimation to restore the User1 account.Which tool should you use?

Same choices - but the right answer were Ldp

explanation:A. You can use the ntdsutil commands to perform database maintenance of AD DS, manage and control singlemaster operations, and remove metadata

B. Use Ldp.exe to restore a single, deleted Active Directory object

C. ESEnTUtl Utility Repair/Defragment/backup. Provides database utilities for the Extensible Storage Engine (ESE) including Windows 2012

D. ADAC offers no options to restore deleted objects. (My comment: Prior to Windows Server 2012)

Tombstone reanimation for Active Directory was introduced in Windows Server 2003.This feature takes advantage of the fact that Active Directory keeps deleted objects in the database for a periodof time before physically removing them.use Ldp.exe to restore a single, deleted Active Directory object

The LPD.exe tool, included with Windows Server 2012, allows users to perform operations against any LDAP-compatible directory, including Active Directory. LDP is used to view objects stored in Active Directory alongwith their metadata, such as security descriptors and replication metadata.

http://www.petri.co.il/manually-undeleting-objects-windows-active-directory-ad.htmhttp://technet.microsoft.com/en-us/magazine/2007.09.tombstones.aspxhttp://technet.microsoft.com/nl-nl/library/dd379509(v=ws.10).aspx#BKMK_2http://technet.microsoft.com/en-us/library/hh875546.aspxhttp://technet.microsoft.com/en-us/library/dd560651(v=ws.10).aspx

Snowden:Q143 David:Q155 Ricardo:Q17 Peggy:Q14 ScottCha:C31 Jimi:B17 Korede:B17 Molly1:B15

QUESTION 28V31-Q28 = Heide Q23 more or less than McK Q5-34 = Snowden:Q154 David:Q169 Ricardo:Q227 ScottCha:C40 Jimi:C27 Korede:B29

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. Alldomain controllers run Windows Server 2012 R2.

The domain contains two domain controllers. The domain controllers are configured as shown in the followingtable.

Active Directory Recycle Bin is enabled.

You discover that a support technician accidentally removed 100 users from an Active Directory group namedGroup1 an hour ago.

You need to restore the membership of Group1.

What should you do?

A. Recover the items by using Active Directory Recycle Bin.

B. Modify the is Recycled attribute of Group1.

C. Perform tombstone reanimation.

D. Perform an authoritative restore.


Explanation/Reference:The bold line in the question is mineIn this real exam Heide Q23 he B choice was B1, but in V31-Q28 it is B2

A (deleted) or D (only removed) !!!!V31 = C, V32 = DCorics Ph. May 26, 2014: Azacky Sri Lanka May 13, 2014: A

Be aware McKenzie: "Recover the items by using Active Directory Recycle Bin".

V32: (D) Explanation: The users havent been deleted. The group hasnt been deleted. This rules out the two Recycle Bin answers and theTombstone Reanimation answer. The users have just been removed from the group. We therefore need to restore the group to its previous state (with all the users in it). We can do this by performing an authoritative restore from yesterdays backup.

V31: (C)Tombstone reanimation provides the only way to recover deleted objects without taking a DC offline, and it's the only way to recover adeleted object's identity information, such as its objectGUID and objectSid attributes. It neatly solves the problem of recreating a deleteduser or group and having to fix up all the old access control list (ACL) references, which contain the objectSid of the deleted object.

TT Australia May 07, 2014 Q28. I think the answer should be D. "Perform an authoritative restore".Need to read the wording of this question carefully.. "accidently removed 100 users from an active directory group namedgroup1" (referring to membership of the group), the user's object and group object were NOT deleted, so AD recycle bin and tombstonereanimation would be wrong.

Johan Netherlands Apr 30, 2014 @Promocode wrote:

"QUESTION 28, the correct answer is: A. Recover the items by using Active Directory Recycle Bin. not C. Perform tombstonereanimation"But in Q28???? (something wrong) there are memberships deleted from a group. There are NO groups deleted and there are NO usersdeleted. Answer C is correct!!

Promocode Apr 29, 2014 QUESTION 28, the correct answer is A. Recover the items by using Active Directory Recycle Bin.


Correct; A Recover the items by using Active Directory Recycle Bin.

http://technet.microsoft.com/en-us/magazine/2007.09.tombstones.aspxhttp://blogs.technet.com/b/askds/archive/2009/08/27/the-ad-recycle-bin-understanding-implementing-best-practices-and-troubleshooting.aspxStarting in Windows Server 2008 R2, Active Directory now implements a true recycle bin. No longer will youneed an authoritative restore to recover deleted users, groups, OUs, or other objects. Instead, it is nowpossible to use PowerShell commands to bring back objects with all their attributes, backlinks, groupmemberships, and metadata. AD Recycle Bin (ADRB) was a long time coming and it definitely has its idiosyncrasies, but I think you are goingto love it.

http://prajwaldesai.com/active-directory-recycle-bin-feature-in-windows-server-2012-r2/

McKenzie:All deleted AD object information including attributes, passwords and group membership can be selected inmass then undeleted from the user interface instantly or via Powershell Need to know what objects were deleted so you can filter for them or a specific time period

You could undelete all objects during a specific time period but if you have multiple location where adminsare making changes to AD, an intentional change may have occurred which you may not be aware of at thetime. It is possible that users were terminated during the same time as the accidental deletions so you wantto be cautious to not accidently undelete a terminated employee for security reasons.

http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx)http://windowsitpro.com/active-directory/windows-server-2012-active-directory-recycle-binhttp://communities.quest.com/community/quest-itexpert/blog/2012/09/24/the-windows-server-2012-recycle-bin-and-recovery-manager-for-active-directory

QUESTION 29V31-29, V31-73, McK Q5-16 ............ same questions but different choices

Your network contains an Active Directory domain named contoso.com. The domain contains a read-onlydomain controller (RODC) named RODC1.

You create a global group named RODC_Admins.

You need to provide the members of RODC_Admins with the ability to manage the hardware and the softwareon R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.

What should you do?

A. From Active Directory Site and Services, configure the Security settings of the RODC1 server object.

B. From Windows PowerShell, run the Set-ADAccountControlcmdlet.

C. From a command prompt, run the dsmgmt local roles command.

D. From Active Directory Users and Computers, configure the Member Of settings of the RODC1 account.


Explanation/Reference:The above bold words is mine. Please verify the answers

V31 Q73 (D) = Q29 (C) : "From a command prompt, run the dsmgmt local roles command".Same question but be aware of the different choices !!!!

McKenzie Q5-16.: From Active Directory Users and Computers, configure the Managed By settings of theRODC1 account.

RODC: using the dsmgmt.exe utility to manage local administrators

One of the benefits of of RODC is that you can add local administrators who do not have full access to thedomain administration. This gives them the abiltiy to manage the server but not add or change active directoryobjects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at thecommand prompt.

McKenzie:Dsadd is a command-line tool that is built into Windows Server 2008. It is available if you have the ActiveDirectory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) server roleinstalled. To use dsadd, you must run the dsadd command from an elevated command prompt. To open anelevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

You can delegate local administrative permissions for an RODC to any domain user without granting thatuser any user rights for the domain or other domain controllers. This permits a local branch user to log on toan RODC and perform maintenance work on the server, such as upgrading a driver. However, the branchuser cannot log on to any other domain controller or perform any other administrative task in the domain. Inthis way, the branch user can be delegated the ability to effectively manage the RODC in the branch officewithout compromising the security of the rest of the domain.

Modify the Managed By tab of the RODC account properties in the Active Directory Users and Computerssnap-in, as shown in the following figure. You can click Change to change which security principal is thedelegated RODC administrator. You can choose only one security principal. Specify a security group ratherthan an individual user so you can control RODC administration permissions most efficiently. This methodchanges the managedBy attribute of the computer object that corresponds to the RODC to the SID of thesecurity principal that you specify. This is the recommended way to specify the delegated RODC administratoraccount because the information is stored in AD DS, where it can be centrally managed by domainadministrators.

http://technet.microsoft.com/en-us/library/cc755310%28v=ws.10%29.aspx

David-Q223: A="From Active Directory Site and Services, configure the Security settings of the RODC1

server object." B "From Windows PowerShell, run the Set-ADAccountControl cmdlet." A

Ricardo-Q162: A="You need to provide the members of RODC_Admins" C C="From Windows PowerShell, run the Set-ADAccountControlcmdlet." ARicardo-Q174: A="From Active Directory Users and Computers, configure the Member Of settings of the RODC1

account." ACD

Ricardo-Q229: A="From Windows PowerShell, run the Set-ADAccountControl cmdlet" C C="From a commandprompt, run the dsadd computer command." A

Ricardo-Q261: CDA D="From Active Directory Site and Services, configure the Security settings of theRODC1 server object"

Snowden:Q155 David:Q170,Q223 Ricardo:Q162,Q174,Q229,Q262 ScottCha:D1 Jimi:C28 Korede:B30 Tara:C10

QUESTION 30V31-Q30 = McK Q5-28 = Snowden:Q138 David:Q150 Ricardo:Q145 ScottCha:C26 Korede:B12

Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC1 that runs Windows Server 2012 R2.

You create an Active Directory snapshot of DC1 each day.

You need to view the contents of an Active Directory snapshot from two days ago.

What should you do first?

A. Run the dsamain.exe command.

B. Stop the Active Directory Domain Services (AD DS) service.

C. Start the Volume Shadow Copy Service (VSS).

D. Run the ntdsutil.exe command.


Explanation/Reference:V31 = DCorrect A or D?

Not all agreed in the choice, look below. Please verify

McKenzie: Mounting an Active Directory snapshot

Before connecting to the snapshot we need to mount it. By looking at the results of the List All command in step#8 above, identify the snapshot that you wish to mount, and note the number next to it.

In order to mount an Active Directory snapshot follow these steps:1. Log on as a member of the Domain Admins group to one of your Windows Server 2008 Domain Controllers.

2. Open a Command Prompt window by clicking on the CMD shortcut in the Start menu, or by typing CMD andpressing Enter in the Run or Quick Search parts of the Start menu.Note: You must run NTDSUTIL from an elevated command prompt. To open an elevated command prompt,click Start, right-click Command Prompt, and then click Run as administrator.

3. In the CMD window, type the following command:ntdsutil

4. In the CMD window, type the following command:snapshot

5. To view all available snapshots, in the CMD window, type the following command:list all

The result should look like this:snapshot: List All1: 2008/10/25:03:14 {ec53ad62-8312-426f-8ad4-d47768351c9a}2: C: {15c6f880-cc5c-483b-86cf-8dc2d3449348}

6. In this example we only have one snapshot available, one from 2008/10/25 at 03:14AM (yes, I write articlesat this time). We'll mount this one.

In the CMD window, type the following command:mount 2

The result should look like this:snapshot: mount 2Snapshot {15c6f880-cc5c-483b-86cf-8dc2d3449348} mounted asC:'$SNAP_200810250314_VOLUMEC$'

7. Next, you can leave the NTDSUTIL running, or you can quit by typing quit 2 times.

Note: Like the above command, the mounting process can also be run in one line. However, note thatNTDSUTIL requires that the "list all" command be run in the same session that you mount thesnapshot. So in order to mount the snapshot with a one-liner, you will need to run "list all" first.

ntdsutil snapshot "list all" "mount 2" quit quit

Note: You do not need to quit from the NTDSUTIL command, you can keep it open assuming that you'llprobably want to unmount the snapshot right after working with it.

http://mcitp12.blogspot.de/2012/11/

Snowden:Q138 David:Q150 Ricardo:Q145 ScottCha:C26 Korede:B12


Dsamain.exe is a new tool that allows you to view a snapshot as a LDAP server so you can browse andcompare the contents of the image. The Ntdsutil.exe utility allows you to create, mount and delete VSS snapshots. So if there is a situation where the DC needs to be restored from a Ntdsutil snapshot the Dsamain utility can beused to examine the contents of the snapshot log files and Active directory databases.http://activedirectorytools.com/archives/windows-server-2008-snapshots-with-ntdsutil-and-dsamain/Answer A: "Run the dsamain.exe command"

Lucille: Ahttp://technet.microsoft.com/en-us/library/cc772168.aspx

Corics Ph. May 26, 2014: Azacky Sri Lanka May 13, 2014: A

QUESTION 31V31-Q31 more or less Mck Q5-18 = Snowden:Q184 Ricardo:Q228,Q253 ScottCha:D29

Your network contains an Active Directory domain named contoso.com. All domain controllers run WindowsServer 2012 R2.

In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2. DC10is currently a member of a workgroup.

You plan to promote DC10 to a read-only domain controller (RODC).

You need to ensure that a user named Contoso\User1 can promote DC10 to a RODC in the contoso.comdomain. The solution must minimize the number of permissions assigned to User1.

What should you do?

A. From Active Directory Users and Computers, run the Delegation of Control Wizard on the contoso.comdomain object.

B. From Active Directory Administrative Center, pre-create an RODC computer account.

C. From Ntdsutil, run the local roles command.

D. Join DC10 to the domain. Run dsmod and specify the /server switch.


Explanation/Reference:A staged read only domain controller (RODC) installation works in two discrete phases:1. Staging an unoccupied computer account2. Attaching an RODC to that account during promotion

Reference: Install a Windows Server 2012 R2 Active Directory Read-Only Domain Controller (RODC)

QUESTION 32V31-Q32 = Heidi Q57 = McK Q6-2 = Snowden:Q7 David:Q6 Ricardo:Q37,Q45 Peggy:Q31,Q38 ScottCha:A7 Jimi:B37 Korede:A3Tara:B15

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100Group Policy objects (GPOs). Currently, there are no enforced GPOs.

You have two GPOs linked to an organizational unit (OU) named OU1.

You need to change the precedence order of the GPOs.

What should you use?

A. Dcgpofix

B. Get-GPOReport

C. Gpfixup

D. Gpresult

E. Gpedit.msc

F. Import-GPO

G. Restore-GPO

H. Set-GPInheritance

I. Set-GPLink

J. Set-GPPermission

K. Gpupdate

L. Add-ADGroupMember

Correct Answer: ISection: (none)Explanation

Explanation/Reference:The Set-GPLinkcmdlet sets the properties of a GPO link.You can set the following properties:-- Enabled. If the GPO link is enabled, the settings of the GPO are applied when Group Policy is processed forthe site, domain or OU.-- Enforced. If the GPO link is enforced, it cannot be blocked at a lower-level (in the Group Policy processinghierarchy) container.-- Order. The order specifies the precedence that the settings of the GPO take over conflicting settings in otherGPOs that are linked (and enabled) to the same site, domain, or OU.http://technet.microsoft.com/en-us/library/ee461022.aspx

QUESTION 33Heidi Q33 = V31-Q114 = Mck Q3-22 = Snowden:Q192 David:Q231 Ricardo:Q173 ScottCha:D35


A network administrator accidentally deletes the Default Domain Policy GPO.You do not have a backup of any of the GPOs.

You need to recreate the Default Domain Policy GPO.


A. Dcgpofix

B. Get-GPOReport

C. Gpfixup

D. Gpresult

E. Gpedit.msc

F. Import-GPO

G. Restore-GPO


I. Set-GPLink

J. Set-GPPermission

K. Gpupdate



Explanation/Reference:DcgpofixRestores the default Group Policy objects to their original state (that is, the default state after initial installation).http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx

QUESTION 34Heidi Q55 = V31-Q34 = McK Q6-4 = Snowden:Q12 David:Q11 Ricardo:Q47 Peggy:Q39 ScottCha:A11 Jimi:B47 Korede:B72

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100Group Policy objects (GPOs). Currently, there are no enforced GPOs. The domain contains a top-levelorganizational unit (OU) for each department. A group named Group1 contains members from eachdepartment.

You have a GPO named GPO1 that is linked to the domain.

You need to configure GPO1 to apply settings to Group1 only.


A. Dcgpofix

B. Get-GPOReport

C. Gpfixup

D. Gpresult

E. Gpedit.msc

F. Import-GPO

G. Restore-GPO


I. Set-GPLink

J. Set-GPPermission

K. Gpupdate


Correct Answer: JSection: (none)Explanation

Explanation/Reference:Set-GPPermission grants a level of permissions to a security principal (user, security group, or computer) forone GPO or all the GPOs in a domain. You use the TargetName and TargetType parameters to specify a user,security group, or computer for which to set the permission level.

-Replace Specifies that the existing permission level for the group or user is removed before the new permission level isset. If a security principal is already granted a permission level that is higher than the specified permission leveland you do not use the Replace parameter, no change is made.

http://technet.microsoft.com/en-us/library/ee461038.aspx

QUESTION 35V31-Q35 = Heidi Q54 = McK Q6-6 = Snowden:Q11 David:Q10 Ricardo:Q46 ScottCha:A10 Jimi:B46 Korede:B71 Tara:B20 Molly1:A3


The domain is renamed to adatum.com.Group Policies no longer function correctly.

You need to ensure that the existing GPOs are applied to users and computers. You want to achieve this goalby using the minimum amount of administrative effort.


A. Dcgpofix

B. Get-GPOReport

C. Gpfixup

D. Gpresult

E. Gpedit.msc

F. Import-GPO

G. Restore-GPO


I. Set-GPLink

J. Set-GPPermission

K. Gpupdate



Explanation/Reference:You can use the gpfixup command-line tool to fix the dependencies that Group Policy objects (GPOs) andGroup Policy links in Active Directory Domain Services (AD DS) have on Domain Name System (DNS) andNetBIOS names after a domain rename operation.http://technet.microsoft.com/en-us/library/hh852336(v=ws.10).aspx

QUESTION 36V31-Q36 = Heidi Q31 - old question but new choices

Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.

You log on to Server1 by using a user account named User2.

From the Remote Access Management Console, you run the Getting Started Wizard and you receive a warningmessage as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that you can configure DirectAccess successfully. The solution must minimize the numberof permissions assigned to User2.

To which group should you add User2?

A. Enterprise Admins

B. Administrators

C. Account Operators

D. Server Operators


Explanation/Reference:V31: CV32; B

Sunny_day Canada May 20, 2014

Question 36 = B (My comment : Sunny wrote Question 36 b Account operators, But I think he mean B = Administrator, seehis link below)

http://technet.microsoft.com/en-us/library/hh918408.aspx

EXAMPLE 1 (below in this link)This example logs in as a test user who is not a domain user or an administrator on the server. This results in the error specifying that DA can only be configured by a user with local administratorpermissions.

Windows PowerShellPS C:\> Install-RemoteAccess PreRequisiteWarning: The current user does not have the required permissions to configure WMI filtering in the domain. Verify permissions. Install-RemoteAccess : DirectAccess can only be configured by a user with local administrator permissions on the server. Addthe current user to local administrator group At line:1 char 1 + install-remoteaccess prerequisite ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +CategoryInfo : NotSpecified: (ServerProvider:root/Microsoft/...PS_RemoteAccess) [Install-RemoteAccess], CimException + FullyQualifiedErrorId : REMOTEACCESSERROR 104, Install-RemoteAccess

===============McKenzie Q3-48 Snowden:Q210 David:Q243 Ricardo:Q195 ScottCha:E9A: Enterprise AdminsB: Domain Admins (Correct in McKenzie Q3-48)C: Server OperatorsD: Account Operators

QUESTION 37V31-Q37 = Heidi Q37 new question, please verify

Your network contains an Active Directory domain named contoso.com.

You need to install and configure the Web Application Proxy role service.

What should you do?

A. Install the Active Directory Federation Services server role and the Remote Access server role on differentservers.

B. Install the Active Directory Federation Services server role and the Remote Access server role on the sameserver.

C. Install the Web Server (IIS) server role and the Application Server server role on the same server.

D. Install the Web Server (IIS) server role and the Application Server server role on different servers.


Explanation/Reference:A or B ?

V31 = V32 = ALavonia = B

Sunny_day Canada Apr 23, 2014

Thanks Pab. These questions are somewhat confusing. Q 37 is definitely A

Pab Russian Federation Apr 18, 2014

@Sunny_Day Q37 on different. quote from your source "Configure the Web Application Proxy Server toconnect to an AD FS server."Sunny_day Canada Apr 17, 2014: B http://technet.microsoft.com/en-us/library/dn383662.aspx

Lavonia 18 april 2014: B with this explanation:http://technet.microsoft.com/en-us/library/dn383662.aspx (the same as above)

QUESTION 38V31-Q38 = McK 3-38 = Snowden:Q190 David:Q187,Q229 Ricardo:Q171 ScottCha:D33

Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1. Server1 is configured as a VPN server.

You need to configure Server1 to perform network address translation (NAT).

What should you do?

A. From Network Connections, modify the Internet Protocol Version 4 (TCP/IPv4) setting of each networkadapter.

B. From Network Connections, modify the Internet Protocol Version 6 (TCP/IPv6) setting of each networkadapter.

C. From Routing and Remote Access, add an IPv6 routing protocol.

D. From Routing and Remote Access, add an IPv4 routing protocol.



QUESTION 39V31-39 = McK Q3-20 = Snowden:Q53 David:Q57,Q198 Ricardo:Q79 Peggy:Q61 ScottCha:B1 Jimi:A32 Korede:B51 Tara:A14 Molly1:A23

You have a DNS server named Served that has a Server Core Installation on Windows Server 2012 R2.You need to view the time-to-live (TTL) value of a name server (NS) record that is cached by the DNS Serverservice on Server1.


A. Show-DNSServerCache

B. nslookup.exe

C. ipconfig.exe /displaydns

D. dnscacheugc.exe


Explanation/Reference:A. Shows the records in a DNS Server Cache

C. display a client resolver cache.

D. Nslookup.exe is a command-line administrative tool for testing and troubleshooting DNS servers

Show-DnsServerCache - Shows the records in a DNS Server Cache.The Show-DNSServerCache shows all cached Domain Name System (DNS) server resource records in thefollowing format: Name, ResourceRecordData, Time-to-Live (TTL).

PS C:\> Show-DnsServerCache ComputerName "Win12S-05.DNSServer-01.Contoso.com"

HostName RecordType Timestamp TimeToLive

RecordData-------- ---------- --------- ---------- ----------@ NS 0 00:00:00 a.root-servers.net.@ NS 0 00:00:00 b.root-servers.net.@ NS 0 00:00:00 c.root-servers.net.@ NS 0 00:00:00 d.root-servers.net.@ NS 0 00:00:00 e.root-servers.net.@ NS 0 00:00:00 f.root-servers.net.@ NS 0 00:00:00 g.root-Win12S-05.DNSServer-01....A 0 00:46:48 172.23.90.136localhost A 0 17089.09:29:04 127.0.0.1a.root-servers.net A 0 00:00:00 198.41.0.4b.root-servers.net A 0 00:00:00

http://www.windowsnetworking.com/articles_tutorials/Managing-DNS-servers-using-PowerShell.htmlhttp://technet.microsoft.com/en-us/library/jj649915.aspxhttp://technet.microsoft.com/en-us/library/cc758108(v=ws.10).aspxhttp://support.microsoft.com/kb/200525

QUESTION 40V31-40 = Carrie Q9 = McK Q3-9 Snowden:Q235 David:Q248 Ricardo:Q274 ScottCha:E28

You have a DNS server named DNS1 that runs Windows Server 2012 R2.

On DNS1, you create a standard primary DNS zone named adatum.com.

You need to change the frequency that secondary name servers will replicate the zone from DNS1.

Which type of DNS record should you modify?

A. Name server (NS)

B. Start of authority (SOA)

C. Host information (HINFO)

D. Service location (SRV)


Explanation/Reference:V31 = C which must be wrongV32 = B

Corics Ph. May 26, 2014: Bzacky Sri Lanka May 13, 2014: B


HINFO record gives a description of the type of computer/OS a host uses. The SOA record contains The zone is delivered to the destination server requesting the transfer with its version established by use of aSerial number field in the properties for the start of authority (SOA) resource record (RR). The SOA RR alsocontains a stated refresh interval in seconds (by default, 900 seconds or 15 minutes) to indicate when the

destination server should next request to renew the zone with the source server.http://technet.microsoft.com/en-us/library/cc781340(v=ws.10).aspxAnswer; B SOA

Sunny_day Canada Apr 17, 2014 q 40 is soa http://technet.microsoft.com/en-us/library/cc781340(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/bb727018.aspx

Lavonia 18 april 2014: Bhttp://technet.microsoft.com/en-us/library/bb727018.aspxhttp://technet.microsoft.com/en-us/library/cc781340(v=ws.10).aspx

I think this is from a new exam, because there were a scanner error.

But McKenzie Q3-9 Snowden:Q235 David:Q248 Ricardo:Q274 ScottCha:E28 all answer 'Start of authority(SOA)'100% same scenario, same question, but in different order.

QUESTION 41V31 - Q41 = Heidi Q36 new question please verify

Your network contains an Active Directory domain named contoso.com. The domain contains three servers.The servers are configured as shown in the following table.

You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect tothe network by using DirectAccess.

Which two actions should you perform? (Each correct answer presents part of the solution.Choose two.)

A. From the Remote Access Management Console, reload the configuration.

B. Add Server2 to a security group in Active Directory.

C. Restart the IPSec Policy Agent service on Server2.

D. From the Remote Access Management Console, modify the Infrastructure Servers settings.

E. From the Remote Access Management Console, modify the Application Servers settings.

Correct Answer: BESection: (none)Explanation

Explanation/Reference:When selecting application servers that require end-to-end encryption and authentication, it is important to notethat:

The selected end-to-end application servers must be members of one or more AD DS security groups.The selected end-to-end application servers must run Windows Server 2008 or later.The selected end-to-end application servers must be accessible via IPv6 (Native or ISATAP, not NAT64).The selected end-to-end application servers can be used with smart cards for an additional level ofauthorization.

Reference: Planning a Forefront UAG DirectAccess deployment strategy, Choosing an access model

QUESTION 42V31 Q42 = McK Q3-2 = Snowden:Q50 David:Q54 Ricardo:Q75,Q103 ScottCha:A38 Jimi:A28 Korede:B1 Molly1:A20

Your network contains an Active Directory forest. The forest contains two domains named contoso.com andfabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2.

The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integratedzone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 andServer2 connect to each other by using a WAN link.

Client computers that connect to Server1 for name resolution cannot resolve names in fabnkam.com.

You need to configure Server1 to support the resolution of names in fabnkam.com. The solution must ensurethat users in contoso.com can resolve names in fabrikam.com if the WAN link fails.

What should you do on Server1?

A. Create a stub zone.

B. Add a forwarder.

C. Create a secondary zone.

D. Create a conditional forwarder.

Correct Answer: C

Section: (none)Explanation

Explanation/Reference:C. When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source forinformation about this zone. The zone at this server must be obtained from another remote DNS servercomputer that also hosts the zone

With secondary, you have ability to resolve records from the other domain even if its DNS servers aretemporarily unavailableWhile secondary zones contain copies of all the resource records in the corresponding zone on the mastername server, stub zones contain only three kinds of resource records:

A copy of the SOA record for the zone.Copies of NS records for all name servers authoritative for the zone.Copies of A records for all name servers authoritative for the zone.

That's it; no CNAME records, MX records, SRV records, or A records for other hosts in the zone for a StubZone.

A. When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for informationabout the authoritative name servers for this zone. The zone at this server must be obtained from another DNSserver that hosts the zone.

Stub zone: What Happens if all Communication to Source Servers Is Lost?In this regard, a stub zone behaves just like a standard secondary zone. A DNS secondary zone must getrefreshed within a given expiration interval specified in the SOA record. The default zone expiration interval forWindows DNS is one day. If a DNS server cant refresh a secondary zone or stub zone within this interval, theserver stops answering queries for the zone. Clients configured to use that DNS server as their primary serverdont have any other way of finding another DNS server that might have a current copy of the zone. Once theirlocally-cached resource records begin to expire, any process that relies on DNS name lookups in thesource zone will start to fail.

http://www.windowsnetworking.com/articles-tutorials/windows-2003/DNS_Stub_Zones.htmlhttp://technet.microsoft.com/en-us/library/cc771898.aspxhttp://redmondmag.com/Articles/2004/01/01/The-Long-and-Short-of-Stub-Zones.aspx?Page=2

QUESTION 43V31-Q43 = McK Q3-4 = Snowden:Q33 David:Q35 Ricardo:Q33,Q88 Peggy:Q28 ScottCha:A27 Jimi:B34 Korede:A28 Molly1:B26

Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2and have the DNS Server server role installed.

On Server1, you create a standard primary zone named contoso.com.

You need to ensure that Server2 can host a secondary zone for contoso.com.

What should you do from Server1?

A. Add Server2 as a name server.

B. Create a trust anchor named Server2.

C. Convert contoso.com to an Active Directory-integrated zone.

D. Create a zone delegation that points to Server2.



You must add a new Name Server. To add a name server to the list of authoritative servers for the zone, youmust specify both the server's IP address and its DNS name. When entering names, click Resolve to resolvethe name to its IP address prior to adding it to the list.Secondary zones cannot be AD-integrated under any circumstances.

You want to be sure Server2 can host, you do not want to delegate a zone.

Secondary Domain Name System (DNS) servers help provide load balancing and fault tolerance. SecondaryDNS servers maintain a read-only copy of zone data that is transferred periodically from the primary DNSserver for the zone. You can configure DNS clients to query secondary DNS servers instead of (or in additionto) the primary DNS server for a zone, reducing demand on the primary server and ensuring that DNS queriesfor the zone will be answered even if the primary server is not available.

How-To: Configure a secondary DNS Server in Windows Server 2012We need to tell our primary DNS that it is ok for this secondary DNS to pull information from it. Otherwisereplication will fail and you will get this big red X.

Head over to your primary DNS server, launch DNS manager, expand Forward Lookup Zones, navigate to yourprimary DNS zone, right-click on it and go to Properties.

Go to "Zone Transfers" tab, by default, for security reasons, the "Allow zone transfers:" is un-checked to protectyour DNS information. We need to allow zone transfers, if you value your DNS records, you do not want toselect "To any server" but make sure you click on "Only to servers listed on the Name Servers tab"

Head over to the "Name Servers" tab, click Add

You will get "New Name Server Record" window, type in the name of your secondary DNS server. it is alwaysbetter to validate by name not IP address to avoid future problems in case your IP addresses change. Oncedone, click OK.

You will see your secondary DNS server is now added to your name servers selection, click OK.

Now if you head back to to your secondary DNS server and refresh, the big red X will go away and your primaryzone data will populate

Your secondary DNS is fully setup now. You can not make any DNS changes from your secondary DNS.Secondary DNS is a read-only DNS, Any DNS changes have to be done from the primary DNS.

http://technet.microsoft.com/en-us/library/cc816885%28v=ws.10%29.aspxhttp://technet.microsoft.com/en-us/library/cc816814%28v=ws.10%29.aspxhttp://blog.hyperexpert.com/how-to-configure-a-secondary-dns-server-in-windows-server-2012/ http://technet.microsoft.com/en-us/library/cc770984.aspxhttp://support.microsoft.com/kb/816101http://technet.microsoft.com/en-us/library/cc753500.aspxhttp://technet.microsoft.com/en-us/library/cc771640(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/ee649280(v=ws.10).aspx

QUESTION 44V31-Q44 = McK Q3-41 = Snowden:Q29 David:Q31 Ricardo:Q29 ScottCha:A24 Jimi:B30 Korede:A25 Molly1:B23

Your network contains an Active Directory domain named contoso.com. The domain contains a Web servernamed www.contoso.com. The Web server is available on the Internet.

You implement DirectAccess by using the default configuration.You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The

solution must not prevent the users from using DirectAccess to access other resources in contoso.com.

Which settings should you configure in a Group Policy object (GPO)?

A.

70-411by.ADELINE.255

Documents

Transcript of 70-411by.ADELINE.255