+ All Categories
Home > Documents > Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC...

Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC...

Date post: 30-Aug-2020
Category:
Upload: others
View: 0 times
Download: 0 times
Share this document with a friend
92
Microsoft TestPrep 70-417 v2013-02-01 Number : 070-417 Passing Score : 700 Time Limit : 175 min File Version : 2.0 http://www.gratisexam.com/ Microsoft TestPrep 70-417 v2012-12-12 by Examer 100q Number: 70-417 Passing Score: 700 Time Limit: 150 min File Version: 2013-01-05 NOTE: The information within this VCE is sourced from Examer's file (found here: http:// www.examcollection.com/microsoft/Microsoft.TestPrep.70-417.v2012-12-13.by.Examer.100q.vce.file.html) The questions have been researched, and explanation information has been added for reference. If you find any issues with the questions and answers provided, please let us know so that it can be corrected. Also, there have been Sections added to this VCE, although the questions haven't been categorized as of yet. If you would like to assist with this, please let us know. Exam 70-410 Install and Configure Servers (25%) Install Servers. This objective may include but is not limited to: Plan for a server installation; plan for server roles; plan for a server upgrade; install Server Core; optimize resource utilization by using Features on Demand; migrate roles from previous versions of Windows Server Configure servers. This objective may include but is not limited to: Configure Server Core; delegate administration; add and remove features in offline images; deploy roles on remote servers; convert Server Core to/from full GUI; configure services; configure NIC teaming Configure local storage. This objective may include but is not limited to: Design storage spaces; configure basic and dynamic disks; configure MBR and GPT disks; manage volumes; create and mount virtual hard disks (VHDs); configure storage pools and disk pools Configure Server Roles and Features (24%) Configure servers for remote management. This objective may include but is not limited to: Configure WinRM; configure down-level server management; configure servers for day-to-day management tasks; configure multi-server management; configure Server Core; configure Windows Firewall Configure Hyper-V (25%)
Transcript
Page 1: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Microsoft TestPrep 70-417 v2013-02-01

Number: 070-417Passing Score: 700Time Limit: 175 minFile Version: 2.0

http://www.gratisexam.com/

Microsoft TestPrep 70-417 v2012-12-12 by Examer 100 qNumber: 70-417Passing Score: 700Time Limit: 150 minFile Version: 2013-01-05

NOTE: The information within this VCE is sourced from Examer's file (found here: http://www.examcollection.com/microsoft/Microsoft.TestPrep.70-417.v2012-12-13.by.Examer.100q.vce.file.html)

The questions have been researched, and explanation information has been added for reference. If you findany issues with the questions and answers provided, please let us know so that it can be corrected.

Also, there have been Sections added to this VCE, although the questions haven't been categorized as of yet. Ifyou would like to assist with this, please let us know.

Exam 70-410Install and Configure Servers (25%)

Install Servers.This objective may include but is not limited to: Plan for a server installation; plan for server roles; plan fora server upgrade; install Server Core; optimize resource utilization by using Features on Demand; migrateroles from previous versions of Windows Server

Configure servers. This objective may include but is not limited to: Configure Server Core; delegate administration; add andremove features in offline images; deploy roles on remote servers; convert Server Core to/from full GUI;configure services; configure NIC teaming

Configure local storage. This objective may include but is not limited to: Design storage spaces; configure basic and dynamicdisks; configure MBR and GPT disks; manage volumes; create and mount virtual hard disks (VHDs); configurestorage pools and disk pools

Configure Server Roles and Features (24%)Configure servers for remote management.

This objective may include but is not limited to: Configure WinRM; configure down-level servermanagement; configure servers for day-to-day management tasks; configure multi-server management;configure Server Core; configure Windows Firewall

Configure Hyper-V (25%)

Page 2: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Create and configure virtual machine settings. This objective may include but is not limited to: Configure dynamic memory; configure smart paging;configure Resource Metering; configure guest integration services

Create and configure virtual machine storage. This objective may include but is not limited to: Create VHDs and VHDX; configure differencing drives;modify VHDs; configure pass-through disks; manage snapshots; implement a virtual Fibre Channel adapter

Create and configure virtual networks. This objective may include but is not limited to: Implement Hyper-V Network Virtualization; configureHyper-V virtual switches; optimize network performance; configure MAC addresses; configure networkisolation; configure synthetic and legacy virtual network adapters

Install and Administer Active Directory (26%)Install domain controllers.

This objective may include but is not limited to: Add or remove a domain controller from a domain;upgrade a domain controller; install Active Directory Domain Services (AD DS) on a Server Core installation;install a domain controller from install from media (IFM); resolve DNS SRV record registration issues;configure a global catalog server

Exam 70-411Deploy, Manage, and Maintain Servers (20%)

Monitor servers. This objective may include but is not limited to: Configure Data Collector Sets (DCS); configure alerts;monitor real-time performance; monitor virtual machines (VMs); monitor events; configure event subscriptions;configure network monitoring

Configure Network Services and Access (20%)Configure DirectAccess.

This objective may include but is not limited to: Implement server requirements; implement clientconfiguration; configure DNS for Direct Access; configure certificates for Direct Access

Configure a Network Policy Server Infrastructure (1 7%)Configure Network Access Protection (NAP).

This objective may include but is not limited to: Configure System Health Validators (SHVs); configurehealth policies; configure NAP enforcement using DHCP and VPN; configure isolation and remediation of non-compliant computers using DHCP and VPN; configure NAP client settings

Configure and Manage Active Directory (22%)Configure Domain Controllers.

This objective may include but is not limited to: Configure Universal Group Membership Caching (UGMC);transfer and seize operations masters; install and configure a read-only domain controller (RODC); configureDomain Controller cloning

Maintain Active Directory. This objective may include but is not limited to: Back up Active Directory and SYSVOL; manage ActiveDirectory offline; optimize an Active Directory database; clean up metadata; configure Active Directorysnapshots; perform object- and container-level recovery; perform Active Directory restore

Configure and Manage Group Policy (21%)Configure Group Policy processing.

This objective may include but is not limited to: Configure processing order and precedence; configureblocking of inheritance; configure enforced policies; configure security filtering and WMI filtering; configureloopback processing; configure and manage slow- link processing; configure client-side extension (CSE)behavior

Exam 70-412

Page 3: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Configure and Manage High Availability (20%)Configure failover clustering.

This objective may include but is not limited to: Configure Quorum; configure cluster networking; restoresingle node or cluster configuration; configure cluster storage; implement Cluster Aware Updating; upgrade acluster

Manage failover clustering roles. This objective may include but is not limited to: Configure role-specific settings including continuouslyavailable shares; configure VM monitoring; configure failover and preference settings

Manage Virtual Machine (VM) movement. This objective may include but is not limited to: Perform live migration; perform quick migration; performstorage migration; import, export, and copy VMs; migrate from other platforms (P2V and V2V)

Configure File and Storage Solutions (19%)Implement Dynamic Access Control (DAC).

This objective may include but is not limited to: Configure user and device claim types; implement policychanges and staging; perform access-denied remediation; configure file classification

Implement Business Continuity and Disaster Recovery (22%)Configure and manage backups.

This objective may include but is not limited to: Configure Windows Server backups; configure WindowsOnline backups; configure role-specific backups; manage VSS settings using VSSAdmin; create SystemRestore snapshots

Configure site-level fault tolerance. This objective may include but is not limited to: Configure Hyper-V Replica including Hyper-V ReplicaBroker and VMs; configure multi-site clustering including network settings, Quorum, and failover settings

Configure Network Services (21%)Deploy and manage IPAM.

This objective may include but is not limited to: Configure IPAM manually or by using Group Policy;configure server discovery; create and manage IP blocks and ranges; monitor utilization of IP address space;migrate to IPAM; delegate IPAM administration; manage IPAM collections

Configure Identity and Access Solutions (18%)Implement Active Directory Federation Services 2.1 (AD FSv2.1).

This objective may include but is not limited to: Implement claims-based authentication including RelyingParty Trusts; configure Claims Provider Trust rules; configure attribute stores including Active DirectoryLightweight Directory Services (AD LDS); manage AD FS certificates; configure AD FS proxy

Sections1. Install and Configure Servers2. Configure Server Roles and Features3. Configure Hyper-V4. Install and Administer Active Directory5. Deploy, Manage, and Maintain Servers6. Configure Network Services and Access7. Configure a Network Policy Server Infrastructure8. Configure and Manage Active Directory9. Configure and Manage Group Policy10.Configure and Manage High Availability11.Configure File and Storage Solutions12. Implement Business Continuity and Disaster Recovery13.Configure Network Services14.Configure Identity and Access Solutions

Page 4: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Exam A

QUESTION 1Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2 that run Windows Server 2012. You log on to Server1. You need toretrieve the IP configurations of Server2. Which command should you run from Server1?

A. dsquery * -scope base -attr ip,server2B. winrs -r:server2 ipconfigC. winrm get server2D. ipconfig > server2.ip

Correct Answer: BSection: (none)Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/dd163506.aspx

You can do anything using WinRS that you can do at the local command prompt.The basic syntax for WinRS commands is as follows: winrs -r: target command

QUESTION 2Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012. On a server named Server2, you perform a Server Core Installation ofWindows Server 2012. You join Server2 to the contoso.com domain. You need to ensure that you can manageServer2 by using the Computer Management console on Server1. What should you do on Server2?

A. Run the Disable-NetFirewallRule cmdlet.B. Run the Enable-NetFirewallRule cmdlet.C. Run sconfig.exe and configure the network settings.D. Run sconfig.exe and configure remote management.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/jj554869.aspxhttp://technet.microsoft.com/en-us/library/jj574205.aspx

To configure Windows Firewall to allow MMC snap-in(s) to connect To allow all MMC snap-ins to connect, run

Enable-NetFirewallRule -DisplayGroup "Remote Administration" To allow only specific MMC snap-ins to connect, run:

Enable-NetFirewallRule -DisplayGroup "<rulegroup>"Where: Rulegroup is one of the values from the table below, depending on which snap-in you want toconnect.

Page 5: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

QUESTION 3Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012 and a server named Server2 that runs Windows Server 2008 R2Service Pack 1 (SP1). Both servers are member servers. On Server2, you install all of the software required toensure that Server2 can be managed remotely from Server Manager. You need to ensure that you can manageServer2 from Server1 by using Server Manager. Which two tasks should you perform on Server2? (Eachcorrect answer presents part of the solution. Choose two.)

A. Run the Configure-SMRemoting.ps1 script.B. Run the Enable-PSSessionConfiguration cmdlet.C. Run the Set-ExecutionPolicy cmdlet.D. Run the SystemPropertiesRemote.exe commandE. Run the Enable-PSRemoting cmdlet.

Correct Answer: CESection: (none)Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/ee176961.aspx

The Set-ExecutionPolicy cmdlet enables you to determine which Windows PowerShell scripts (if any) will be

Page 6: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

allowed to run on your computer. Windows PowerShell has four different execution policies:Restricted - No scripts can be run. Windows PowerShell can be used only in interactive mode.AllSigned - Only scripts signed by a trusted publisher can be run.RemoteSigned - Downloaded scripts must be signed by a trusted publisher before they can be run.Unrestricted - No restrictions; all Windows PowerShell scripts can be run.

http://technet.microsoft.com/en-us/library/hh849694.aspx

The Enable-PSRemoting cmdlet configures the computer to receive Windows PowerShell remote commandsthat are sent by using the WS-Management technology.On Windows Server® 2012, Windows PowerShell remoting is enabled by default. You can use Enable-PSRemoting to enable Windows PowerShell remoting on other supported versions of Windows and to re-enable remoting on Windows Server 2012 if it becomes disabled.CAUTION: On systems that have both Windows PowerShell 3.0 and the Windows PowerShell 2.0 engine, donot use Windows PowerShell 2.0 to run the Enable-PSRemoting and Disable-PSRemoting cmdlets. Thecommands might appear to succeed, but the remoting is not configured correctly. Remote commands, andlater attempts to enable and disable remoting, are likely to fail.

QUESTION 4Your network contains an Active Directory domain named contoso.com. The network contains a server namedServer1 that runs Windows Server 2012 and a server named Server2 that runs Windows Server 2008 R2Service Pack 1 (SP1). Server1 and Server2 are member servers. You need to ensure that you can manageServer2 from Server1 by using Server Manager. Which two tasks should you perform? (Each correct answerpresents part of the solution. Choose two.)

A. Install Windows Management Framework 3.0 on Server2.B. Install Remote Server Administration Tools on Server1.C. Install the Windows PowerShell 2.0 engine on Server1.D. Install Microsoft .NET Framework 4 on Server2.E. Install Remote Server Administration Tools on Server2.

Correct Answer: ADSection: (none)Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/hh831456.aspx#BKMK_softconfig

Server Manager is installed by default with all editions of Windows Server 2012. Although you can use ServerManager to manage Server Core installation options of Windows Server 2012 and Windows Server 2008 R2that are running on remote computers, Server Manager does not run directly on Server Core installationoptions.

To fully manage remote servers that are running Windows Server 2008 or Windows Server 2008 R2, install thefollowing updates, in the order shown.1. .NET Framework 42. Windows Management Framework 3.0 The Windows Management Framework 3.0 download package

updates Windows Management Instrumentation (WMI) providers on Windows Server 2008 and WindowsServer 2008 R2. The updated WMI providers let Server Manager collect information about roles andfeatures that are installed on the managed servers. Until the update is applied, servers that are runningWindows Server 2008 or Windows Server 2008 R2 have a manageability status of Not accessible Verifyearlier versions run Windows Management Framework 3 .0.

3. The performance update associated with Knowledge Base article 2682011 allows Server Manager to collectperformance data from Windows Server 2008 and Windows Server 2008 R2.

QUESTION 5Your network contains an Active Directory domain named contoso.com. All servers run either Windows Server

Page 7: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

2008 R2 or Windows Server 2012. All client computers run either Windows 7 or Windows 8. The domaincontains a member server named Server1 that runs Windows Server 2012. Server1 has the File and StorageServices server role installed. On Server1, you create a share named Share1. You need to ensure that userscan use Previous Versions to restore the files in Share1. What should you configure on Server1?

http://www.gratisexam.com/

A. A data recovery agentB. The Shadow Copies settingsC. The Recycle Bin propertiesD. A Windows Server Backup schedule

Correct Answer: BSection: (none)Explanation

Explanation/Reference:I know that "B" is the correct answer, but I can't find a decent TechNet article to use as a reference.

QUESTION 6You have a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-V server roleinstalled. Server1 is connected to two Fibre Channel SANs and is configured as shown in the following table.

You have a virtual machine named VM1. You need to configure VM1 to connect to SAN1. What should you dofirst?

A. Create a virtual Fibre Channel SAN.B. Configure network adapter teaming.C. Add one HBA.D. Create a Hyper-V virtual switch.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/hh831413.aspx

Excerpt from reference: Windows Server 2012 provides Fibre Channel ports within the guest operating system,which allows you to connect to Fibre Channel directly from within virtual machines. Hyper-V users can now useFibre Channel SANs to virtualize workloads that require direct access to SAN logical unit numbers (LUNs).

Page 8: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

QUESTION 7You have a file server named Server1 that runs Windows Server 2012. Server1 has following hardwareconfigurations:

16 GB of RAMA single quad-core CPUThree network teams that have two network adapters each

You add additional CPUs and RAM to Server1. You repurpose Server1 as a virtualization host. You install theHyper-V server role on Server1. You need to create four external virtual switches in Hyper-V. Which cmdletshould you run first?

A. Add-VMNetworkAdapterB. Add-NetLbfoTeamNicC. Set-NetAdapterD. Remove- NetLbfoTeam

Correct Answer: DSection: (none)Explanation

Explanation/Reference:(NOTE: Could be "C" or "D")

http://technet.microsoft.com/en-us/library/jj130848.aspx

NOTE: There is no indication that you cannot have 2 external Virtual Switches using the same NIC Team.However, the question states that you want to create 4 external virtual switches, so in my opinion the answerwould be "C" (if the entry here was a typo and is missing the full "Set-VMNetworkAdapter" wording). Otherwisethe only answer left that would relate, would be "D".

The Add-VMNetworkAdapter cmdlet adds a virtual network adapter to a virtual machine.The Add-NetLbfoTeamNic cmdlet adds a new team interface to the specified NIC team.The Set-VMNetworkAdapter cmdlet configures features of the virtual network adapter in a virtual machine orthe management operating system.The Remove-NetLbfoTeam cmdlet removes the specified NIC team from the host. This cmdlet disconnects allassociated team members and providers from the team.

QUESTION 8You perform a Server Core Installation of Windows Server 2012 on a server named Server1. You need to adda graphical user interface (GUI) to Server1. Which tool should you use?

A. The setup.exe commandB. The imagex.exe commandC. The Install-RoleService cmdletD. The Add-WindowsFeature cmdlet

Correct Answer: DSection: (none)Explanation

Explanation/Reference:http://blogs.technet.com/b/yungchou/archive/2012/07/18/windows-server-2012-installation-options.aspx

Add-WindowsFeature is same as Install-WindowsFeatureInstall-WindowsFeature Server-Gui-Shell

Page 9: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

QUESTION 9You have a server named Server 1 that runs Windows Server 2012. Server1 has five network adapters. Threeof the network adapters are connected to a network named LAN1. The two other network adapters areconnected to a network named LAN2. You create a network adapter team named Team1 from two of theadapters connected to LAN1. You create a network adapter team named Team2 from the two adaptersconnected to LAN2. A company policy states that all server IP addresses must be assigned by using a reservedaddress in DHCP. You need to identify how many DHCP reservations you must create for Server1.How many reservations should you identify?

A. 2B. 3C. 5D. 7

Correct Answer: BSection: (none)Explanation

Explanation/Reference:3 adapter on LAN 12 adapters on LAN 22 adapters on LAN 1 used in a team, so that's 3 - 2 leaving 1.2 adapaters on LAN 2 used in a team, so that's 2 - 2 leaving 0.1 team on LAN 1 + 1 team on LAN 2 + remaining adapter on LAN 1 = 3.

QUESTION 10You have a server named Server 1 that runs Windows Server 2012. You connect three new hard disks toServer 1. You need to create a storage space that contains the three disks. The solution must meet thefollowing requirements:

Provide fault tolerance if a single disk fails.Maximize the amount of useable storage space.

What should you create?

A. A spanned volumeB. A simple spaceC. A parity spaceD. A mirrored space

Correct Answer: CSection: (none)Explanation

Explanation/Reference:http://arstechnica.com/information-technology/2012/10/storage-spaces-explained-a-great-feature-when- it-works/

If all you want to do is combine two or more physical drives into one logical drive, you can do that by creating a"simple" storage space--however, if any one of your disks fails, you risk losing all of the data stored on that disk.

There are three different data resiliency options available: two-way mirroring requires at least two physicaldisks, and will place a copy of each of your files on both drives; three-way mirroring requires at least five disksand will store a copy of each file on three of the five; and "parity" mode requires at least three disks andduplicates your data using less physical space on each disk, but has higher performance overhead.

QUESTION 11

Page 10: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

You have a server named Server1 that runs a full installation of Windows Server 2012. You need to uninstallthe graphical user interface (GUI) on Server1. You must achieve this goal by using the minimum amount ofadministrative effort. What should you do?

A. From Server Manager, uninstall the User Interfaces and Infrastructure feature.B. From Windows PowerShell, run Uninstall-WindowsFeature PowerShell-ISE.C. From Windows PowerShell, run Uninstall-WindowsFeature Desktop-Experience.D. Reinstall Windows Server 2012 on the server.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:http://blogs.technet.com/b/yungchou/archive/2012/07/18/windows-server-2012-installation-options.aspx

QUESTION 12Your network contains an Active Directory domain named contoso.com. The domain contains two domaincontrollers. The domain controllers are configured as shown in the following table.

In the perimeter network, you install a new server named Server1 that runs Windows Server 2012. Server1 is ina workgroup. You need to perform an offline domain join of Server1 to the contoso.com domain. What shouldyou do first?

A. Run the djoin.exe command.B. Run the dsadd.exe command.C. Transfer the PDC emulator role to DC1.D. Transfer the infrastructure master role to DC1.

Page 11: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Correct Answer: ASection: (none)Explanation

Explanation/Reference:There do not appear to be any requirements on operations master roles for this specific requirement.

http://technet.microsoft.com/en-us/library/offline-domain-join-djoin-step-by-step(v=ws.10).aspx

Offline domain join is a new process that computers that run Windows® 7 or Windows Server® 2008 R2 canuse to join a domain without contacting a domain controller. This makes it possible to join computers to adomain in locations where there is no connectivity to a corporate network.

QUESTION 13Your network contains an Active Directory domain named contoso.com. All domain controllers run WindowsServer 2008 R2. One of the domain controllers is named DC1. The network contains a member server namedServer1 that runs Windows Server 2012. You need to promote Server1 to a domain controller by using installfrom media (IFM). What should you do first?

A. Create a system state backup of DC1.B. Run the Active Directory Domain Services Installation Wizard on DC1.C. Run the Active Directory Domain Services Configuration Wizard on Server1.D. Create IFM media on DC1.E. Upgrade DC1 to Windows Server 2012.

Correct Answer: ESection: (none)Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/cc770654(v=ws.10).aspx

Installation from media does not work across different operating system versions. In other words, you must usea Windows Server 2008 domain controller to generate installation media to use for another Windows Server2008 domain controller installation.

QUESTION 14Your network contains an Active Directory domain named contoso.com. The domain contains two domaincontrollers named DC1 and DC2. You install Windows Server 2012 on a new computer named DC3. You needto manually configure DC3 as a domain controller. Which tool should you use?

A. winrm.exeB. Server ManagerC. dcpromo.exeD. Active Directory Domains and Trusts

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

Page 12: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

http://technet.microsoft.com/en-us/library/hh472162.aspx#BKMK_GUI

AD DS can be installed in Windows Server 2012 by using the Add Roles Wizard in Server Manager, followed bythe Active Directory Domain Services Configuration Wizard, which is new beginning in Windows Server 2012.The Active Directory Domain Services Installation Wizard (dcpromo.exe) is deprecated beginning in WindowsServer 2012.

QUESTION 15Your network contains an Active Directory forest named contoso.com. All domain controllers currently runWindows Server 2008 R2. You plan to install a new domain controller named DC4 that runs Windows Server2012. The new domain controller will have the following configurations:

Schema masterGlobal catalog serverDNS Server server roleActive Directory Certificate Services server role

You need to identify which configurations cannot be fulfilled by using the Active Directory Installation Wizard.Which two configurations should you identify? (Each correct answer presents part of the solution. Choose two.)

A. Enable the global catalog server.B. Install the Active Directory Certificate Services role.C. Transfer the schema master.D. Install the DNS Server role.

Correct Answer: BCSection: (none)Explanation

Explanation/Reference:AD Installation Wizard will automatically install DNS and allows for the option to set it as a global catalog server.ADCS and schema must be done separately.

Page 13: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

QUESTION 16Your network contains an Active Directory forest. The forest contains two domains named contoso.com andcorp.contoso.com. The forest contains four domain controllers. The domain controllers are configured asshown in the following table.

All domain controllers are DNS servers. In the corp.contoso.com domain, you plan to deploy a new domaincontroller named DC5. You need to identify which domain controller must be online to ensure that DC5 can bepromoted successfully to a domain controller. Which domain controller should you identify?

A. DC3B. DC4C. DC2D. DC1

Correct Answer: ASection: (none)Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/cc773108(v=ws.10).aspx

Page 14: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Domain-wide operations master rolesEvery domain in the forest must have the following roles:

Relative ID (RID) masterPrimary domain controller (PDC) emulator masterInfrastructure master

These roles must be unique in each domain. This means that each domain in the forest can have only one RIDmaster, PDC emulator master, and infrastructure master.

QUESTION 17Your network contains an Active Directory domain named contoso.com. The domain contains servers namedServer1 and Server2 that run Windows Server 2012. Server1 has the IP Address Management (IPAM) Serverfeature installed. You install the IPAM client on Server2. You open Server Manager on Server2 as shown in theexhibit. (Click the Exhibit button.) Exhibit: {See PDF file, unable to copy image to Word document}

You need to manage IPAM from Server2. What should you do first?

A. On Server2, open Computer Management and connect to Server1.B. On Server1, add the Server2 computer account to the IPAM ASM Administrators group.C. On Server2, add Server1 to Server Manager.D. On Server1, add the Server2 computer account to the IPAM MSM Administrators group.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:NOTE: Missing Exhibit

QUESTION 18Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC1 and a member server named Server1. Server1 has the IP Address Management (IPAM)Server feature installed. On DC1, you configure Windows Firewall to allow all of the necessary inbound ports forIPAM. On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.) You need to

Page 15: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

ensure that you can use IPAM on Server1 to manage DNS on DC1. What should you do?

A. Modify the outbound firewall rules on Server1.B. Add Server1 to the Remote Management Users group.C. Add Server1 to the Event Log Readers group.D. Modify the inbound firewall rules on Server1.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:Since no exhibit, the guess here is it's not using the GPO to manage the Event Log Readers group-- evidencedby the fact that the firewall was configured manually instead of with the GPO. If the GPO was being used thenthe IPAM server would be in the Event Log Readers group due to restricted group settings in the GPO asshown below

{Image unable to be copied from PDF}

In the above example, the IPAM server is as member of the VDI\IPAMUG group.

QUESTION 19Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012. Server1 has the IP Address Management (IPAM) Server featureinstalled. IPAM is configured currently for Group Policy-based provisioning. You need to change the IPAMprovisioning method on Server1. What should you do?

A. Run the ipamgc.exe command.B. Run the Set-IPAMConfiguration cmdlet.C. Reinstall the IP Address Management (IPAM) Server feature.D. Delete IPAM Group Policy objects (GPOs) from the domain.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:You cannot change the provisioning method after completing the initial setup.

QUESTION 20Your network contains an Active Directory domain named contoso.com. The domain contains four servers. The

Page 16: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

servers are configured as shown in the following table.

You plan to deploy an enterprise certification authority (CA) on a server named Server5. Server5 will be used toissue certificates to domain-joined computers and workgroup computers. You need to identify which server youmust use as the certificate revocation list (CRL) distribution point for Server5. Which server should you identify?

A. Server1B. Server3C. Server4D. Server2

Correct Answer: BSection: (none)Explanation

Explanation/Reference:CRL is published to a web site

http://technet.microsoft.com/en-us/library/dd379499(v=ws.10).aspx

The CRL distribution point extension is defined during CA setup and includes a default HTTP URI that refers tothe CA server. If the Web Server role is not installed on the CA server, then the default HTTP URI included inthe extension is not valid.Many applications require revocation status checking during certificate validation. The CRL is retrieved by therevocation provider, which reads the CRL distribution point extension of issued certificates to identify thenetwork location of the CRL.

QUESTION 21Your network contains three Active Directory forests. Each forest contains an Active Directory RightsManagement Services (AD RMS) root cluster. All of the users in all of the forests must be able to accessprotected content from any of the forests. You need to identify the minimum number of AD RMS trusts required.How many trusts should you identify?

A. 2B. 3C. 4D. 6

Correct Answer: DSection: (none)

Page 17: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/dd772648(v=ws.10).aspx

Number One important consideration when you deploy this kind of trust is that the number of of trusts requiredto interact between all AD RMS domains could grow significantly.Trusts For example, if you have ten AD RMS domains and all of them should be able to exchange informationbetween each other, there must be (10 × 9) 90 trusts configured to achieve this goal. N*(N-1)

QUESTION 22Your network contains an Active Directory domain named contoso.com. The network contains a file servernamed Server1 that runs Windows Server 2012. You create a folder named Folder1. You share Folder1 asShare1. The NTFS permissions on Folder1 are shown in the Folder1 exhibit. (Click the Exhibit button.) TheEveryone group has the Full control Share permission to Folder1. You configure a central access policy asshown in the Central Access Policy exhibit.

(Click the Exhibit button.)

Members of the IT group report that they cannot modify the files in Folder1. You need to ensure that the ITgroup members can modify the files in Folder1. The solution must use central access policies to control thepermissions. Which two actions should you perform? (Each correct answer presents part of the solution.Choose two.)

A. On the Security tab of Folder1, remove the permission entry for the IT group.B. On the Classification tab of Folder1, set the classification to Information Technology.C. On the Security tab of Folder1, assign the Modify permission to the Authenticated Users group.D. On Share1, assign the Change Share permission to the IT group.E. On the Security tab of Folder1, add a conditional expression to the existing permission entry for the IT

group.

Correct Answer: BESection: (none)Explanation

Explanation/Reference:Really do need an exhibit here.

http://technet.microsoft.com/en-us/library/hh831425.aspxhttp://technet.microsoft.com/en-us/library/hh846167.aspx#BKMK_1_2

Central access policies for files enable organizations to centrally deploy and manage authorization policies thatinclude conditional expressions that use user groups, user claims, device claims, and resource properties.If a DACL on a file allows access to a specific user, but a central policy that is applied to the file restricts accessto the same user, the user cannot obtain access to the file. If the central access policy allows access, but theDACL does not allow access, the user cannot obtain access to the file.

QUESTION 23Your network contains two servers named Server1 and Server2 that run Windows Server 2012. Both servershave the Hyper-V server role installed. Server1 and Server2 are located in different offices. The offices connectto each other by using a high-latency WAN link. Server2 hosts a virtual machine named VM1. You need toensure that you can start VM1 on Server1 if Server2 fails. The solution must minimize hardware costs. Whatshould you do?

A. On Server2, install the Multipath I/O (MPIO) feature. Modify the storage location of the VHDs for VM1.B. From the Hyper-V Settings of Server1, modify the Replication Configuration settings. Enable replication for

VM1.C. On Server1, install the Multipath I/O (MPIO) feature. Modify the storage location of the VHDs for VM1.

Page 18: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

D. From the Hyper-V Settings of Server2, modify the Replication Configuration settings. Enable replication forVM1.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:You first have to enable replication on the Replica server (which is Server1 in this scenario) by going to theserver and modifying the "Replication Configuration" settings under Hyper-V settings. You then go to VM1(which is on Server 2) and run the "Enable Replication" wizard on VM1.

Page 19: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

QUESTION 24You have a server named File1 that runs Windows Server 2012. File1 has the File Server role service installed.You plan to back up all shared folders by using Microsoft Online Backup. You download and install theMicrosoft Online Backup Service Agent on File1. You need to ensure that you use Windows Server Backup toback up data to Microsoft Online Backup. What should you do?

A. From Computer Management, add the File1 computer account to the Backup Operators group.B. From the Services console, modify the Log On settings of the Microsoft Online Backup Service Agent.C. From Windows Server Backup, run the Register Server Wizard.D. From a command prompt, run wbadmin.exe enable backup.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:http://blogs.technet.com/b/windowsserver/archive/2012/03/28/microsoft-online-backup-service.aspx

You can choose the Register Server action in the Microsoft Online Backup MMC snap-in to start the registrationwizard, and sign in using a pre-provisioned Microsoft Online Services ID.

Page 20: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

QUESTION 25Your network contains an Active Directory domain named contoso.com. The domain contains three serversnamed Server1, Server2, and Server3 that run Windows Server 2012. All three servers have the Hyper-Vserver role installed and the Failover Clustering feature installed. Server1 and Server2 are nodes in a failovercluster named Cluster1. Several highly available virtual machines run on Cluster1. Cluster1 has the Hyper-VReplica Broker role installed. The Hyper-V Replica Broker currently runs on Server1. Server3 currently has novirtual machines. You need to configure Cluster1 to be a replica server for Server3 and Server3 to be a replicaserver for Cluster1. Which two tools should you use? (Each correct answer presents part of the solution.Choose two.)

A. The Hyper-V Manager console connected to Server3B. The Hyper-V Manager console connected to Server2C. The Failover Cluster Manager console connected to Cluster1D. The Failover Cluster Manager console connected to Server3E. The Hyper-V Manager console connected to Server1

Correct Answer: ACSection: (none)Explanation

Explanation/Reference:http://www.biztechmagazine.com/article/2012/12/introducing-hyper-v-replica-windows-server-2012 Open Hyper-V Settings in the Actions pane of Hyper-V Manager, click on Replication Configuration and selectEnable this computer as a replica server in the Details pane.

http://blogs.technet.com/b/virtualization/archive/2012/03/27/why-is-the-quot-hyper-v-replica-broker- quot-required.aspxFor a cluster on the replica site, the replication settings are configured via the Replication Settings which isavailable on clicking the Broker role in the Failover cluster console.

Page 21: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Exam B

QUESTION 1You have a server named Server1 that runs Windows Server 2012. You modify the properties of a systemdriver and you restart Server1. You discover that Server1 continuously restarts without starting Windows Server2012. You need to start Windows Server 2012 on Server1 in the least amount of time. The solution mustminimize the amount of data loss. Which Advanced Boot Option should you select?

A. Repair Your ComputerB. Disable Driver Signature EnforcementC. Last Know Good Configuration (advanced)D. Disable automatic restart on system failure

Correct Answer: CSection: (none)Explanation

Explanation/Reference:NOTE: Answer "C" seems like the correct answer, though no supporting reference material has been found tosupport this.

QUESTION 2You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012. You needto ensure that users can access previous versions of files that are shared on Server1 by using the PreviousVersions tab. Which tool should you use?

A. wbadminB. DiskpartC. StorreptD. Vssadmin

Correct Answer: DSection: (none)Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspx Displays current volume shadow copy backups and all installed shadow copy writers and providers.

Page 22: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

QUESTION 3Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-Vserver role installed. Server1 hosts 10 virtual machines that run Windows Server 2012. You add a new servernamed Server2. Server2 has faster hard disk drives, more RAM, and a different processor manufacturer thanServer1. You need to move all of the virtual machines from Server1 to Server2. The solution must minimizedowntime. What should you do for each virtual machine?

A. Perform a quick migration.B. Perform a storage migration.C. Export the virtual machines from Server1 and import the virtual machines to Server2.D. Perform a live migration.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:The different processor manufacturer is the key here. Storage, Live, and Quick all require same manufacturer.

http://technet.microsoft.com/en-us/magazine/gg299590.aspxhttp://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/5458918c-ecfd-49ea-b7ec-470911358648/

With identical processors, both live migration and Quick Migration work as expected.

Of Interest: Use the Processor Compatibility Mode only in cases where VMs will migrate from one Hyper-V-enabled processor type to another within the same vendor processor family. Note that, while the name of thisfeature may give the impression, Processor Compatibility Mode does not enable migrations between AMD- andIntel-based hosts

QUESTION 4You have a server named Server1 that runs Windows Server 2012. On Server1, you configure a custom DataCollector Set (DCS) named DCS1. You need to ensure that all performance log data that is older than 30 daysis deleted automatically. What should you configure?

A. A File Server Resource Manager (FSRM) file screen on the %Systemdrive%\PerfLogs folderB. The Data Manager settings of DCS1C. A schedule for DCS1D. A File Server Resource Manager (FSRM) quota on the %Systemdrive%\PerfLogs folder

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

Page 23: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""
Page 24: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

QUESTION 5Your network contains a single Active Directory domain named contoso.com. The domain contains a memberserver named Server1 that runs Windows Server 2012. Server1 has the Windows Server Updates Servicesserver role installed and is configured to download updates from the Microsoft Update servers. You need toensure that Server1 downloads express installation files from the Microsoft Update servers.What should you do from the Update Services console?

A. From the Products and Classifications options, configure the Products settings.B. From the Products and Classifications options, configure the Classifications settings.C. From the Update Files and Languages options, configure the Update Files settings.D. From the Automatic Approvals options, configure the Update Rules settings.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/cc708480(v=ws.10).aspx

To specify where to store downloaded update files1. On the WSUS console toolbar, click Options , and then click Synchronization Options .

Page 25: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

2. Under Update Files and Languages , click Advanced .3. Under Update Files , select whether to store update files on the server running Windows Server UpdateServices (WSUS) or on Microsoft Update. If you choose to store update files on your server, you can chooseeither to download update files only when they are approved, or to download express installation files.

QUESTION 6Your network contains a domain controller named DC1 that runs Windows Server 2012. You create a customData Collector Set (DCS) named DCS1. You need to configure DCS1 to collect the following information:

The amount of Active Directory data replicated between DC1 and the other domain controllers The current values of several registry settings

Which two should you configure in DCS1? (Each correct answer presents part of the solution. Choose two.)

A. System configuration informationB. A Performance Counter AlertC. Event trace dataD. A performance counter

Correct Answer: ADSection: (none)

Page 26: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/dd736504(v=ws.10).aspxWhile you can use Windows Reliability and Performance Monitor to monitor directory replication from theperspective of the volume of data traffic, there are additional tools available that you can use to monitor otheraspects of the replication topology.

http://technet.microsoft.com/en-us/library/cc766404.aspxSystem configuration information allows you to record the state of, and changes to, registry keys.

QUESTION 7You have a server named Server1 that runs Windows Server 2012. You create a custom Data Collector Set(DCS) named DCS1. You need to configure DCS1 to meet the following requirements:

Automatically run a program when the amount of total free disk space on Server1 drops below 10 percent ofcapacity.Log the current values of several registry settings.

Which two should you configure in DCS1? (Each correct answer presents part of the solution. Choose two.)

A. System configuration informationB. A Performance Counter AlertC. Event trace dataD. A performance counter

Correct Answer: ABSection: (none)Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/cc766404.aspxSystem configuration information allows you to record the state of, and changes to, registry keys.

http://technet.microsoft.com/en-us/library/cc722414.aspxYou can create a custom Data Collector Set containing performance counters and configure alert activitiesbased on the performance counters exceeding or dropping below limits you define.

QUESTION 8Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC1. On DC1, you add a new volume and you stop the Active Directory Domain Services (ADDS) service. You run ntdsutil.exe and you set NTDS as the active instance. You need to move the ActiveDirectory database to the new volume. Which Ntdsutil context should you use?

A. FilesB. IFMC. Configurable SettingsD. Partition management

Correct Answer: ASection: (none)Explanation

Explanation/Reference:http://support.microsoft.com/kb/816120

How to Move the Database

Page 27: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

You can move the Ntds.dit data file to a new folder. If you do so, the registry is updated so that DirectoryService uses the new location when you restart the server.

To move the data file to another folder, follow these steps:1. Click Start , click Run , type ntdsutil in the Open box, and then press ENTER.2. At the Ntdsutil command prompt, type files , and then press ENTER.3. At the file maintenance command prompt, type move DB to new location (where new location is an existingfolder that you have created for this purpose), and then press ENTER.4. To quit Ntdsutil, type quit , and then press ENTER.5. Restart the computer.

QUESTION 9Your network contains an Active Directory domain named adatum.com. The domain contains a domaincontroller named Server1. On Server1, you create a new volume named E. You restart Server1 in DirectoryService Restore Mode. You open ntdsutil.exe and you set NTDS as the active instance. You need to move theActive Directory logs to E:\NTDS\. Which Ntdsutil context should you use?

A. IFMB. Files

http://www.gratisexam.com/

C. Configurable SettingsD. Partition management

Correct Answer: BSection: (none)Explanation

Explanation/Reference:http://support.microsoft.com/kb/816120#5

How to Move Log FilesUse the move logs to command to move the directory service log files to another folder. For the new settingsto take effect, restart the computer after you move the log files.

To move the log files, follow these steps:1. Click Start , click Run , type ntdsutil in the Open box, and then press ENTER.2. At the Ntdsutil command prompt, type files , and then press ENTER.3. At the file maintenance command prompt, type move logs to new location (where new location is anexisting folder that you have created for this purpose), and then press ENTER.4. Type quit , and then press ENTER.5. Restart the computer.

QUESTION 10Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC1. You run ntdsutil as shown in the exhibit. (Click the Exhibit button.)

Page 28: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

You need to ensure that you can access the contents of the mounted snapshot. What should you do?

A. From the snapshot context of ntdsutil, run activate instance "NTDS".B. From a command prompt, run dsamain.exe -dbpath

c:\$snap_201204131056_volumec$\windows\ntds\ntds.dit Idapport 389.C. From the snapshot context of ntdsutil, run mount {79f94f82-5926-4f44-8af0-2f56d827a57d}.D. From a command prompt, run dsamain.exe -dbpath

c:\$snap_201204131056_volumec$\windows\ntds\ntds.dit Idapport 33389.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:This is a live DC, so 389 is already in use; 33389 would not be so is a valid port.

http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx

To expose an AD DS or AD LDS snapshot as an LDAP server1. Log on to a domain controller as a member Enterprise Admins groups or the Domain Admins group.2. Click Start , right-click Command Prompt , and then click Run as administrator .3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, andthen click Continue .4. At the elevated command prompt, type the following command, and then press ENTER. Be sure to include aspace between the name of the parameter and the value that you specify.dsamain /dbpath <path_to_database_file> /ldapport < port_#>If you plan to view the snapshot data on a domain controller, specify ports that are different from the ports thatthe domain controller will use. For example, type:dsamain/dbpath E:\$SNAP_200704181137_VOLUMED$\WINDOWS\NTDS\ntds.dit /ldapport 51389 A messageindicates that Active Directory Domain Services startup is complete.

QUESTION 11Your network contains an Active Directory domain named contoso.com. All domain controllers run WindowsServer 2012. You pre-create a read-only domain controller (RODC) account named RODC1. You export thesettings of RODC1 to a file named File1.txt. You need to promote RODC1 by using File1.txt.Which tool should you use?

A. The Install-WindowsFeature cmdletB. The Add-WindowsFeature cmdletC. The Dism commandD. The Dcpromo command

Page 29: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

E. The Install-ADDSDomainController cmdlet

Correct Answer: DSection: (none)Explanation

Explanation/Reference:DCPromo is gone, HOWEVER, it is still used for unattend installations using unattended files. This allowsadministrators the chance to get used to using powershell commands instead of the unattended file.

http://technet.microsoft.com/en-us/library/hh472162.aspx

Beginning with Windows Server 2012, you can install AD DS using Windows PowerShell. Dcpromo.exe isdeprecated beginning with Windows Server 2012, but you can still run dcpromo.exe by using an answer file(dcpromo /unattend:<answerfile> or dcpromo /answer:<answerfile>). The ability to continue runningdcpromo.exe with an answer file provides organizations that have resources invested in existing automationtime to convert the automation from dcpromo.exe to Windows PowerShell. For more information about runningdcpromo.exe with an answer file, see http://support.microsoft.com/kb/947034.

QUESTION 12Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC5. DC5 has a Server Core Installation of Windows Server 2012. You need to uninstallActive Directory from DC5 manually. Which tool should you use?

A. The ntdsutil.exe commandB. The dcpromo.exe commandC. The Remove-WindowsFeature cmdletD. The Remove-ADComputer cmdlet

Correct Answer: BSection: (none)Explanation

Explanation/Reference:DCPromo has been phased out in 2012, but can still be used for unattended and force removal functions.Remove-WindowsFeature may allow you to remove the ADDS feature, but it won't allow you to remove it untilit's been demoted first. Since there are no other valid commands in this question, then the force removal is theonly option. If the "Uninstall-ADDSDomainController" option was present, then that would be the correctanswer.

http://technet.microsoft.com/en-us/library/hh472163.aspxNOTE: Based on this article, the previous explanation seems flawed. The question mentions manuallyuninstalling AD. However, this article shows that you can use PowerShell with the "-ForceRemoval" command,

Page 30: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

or the Remove Roles Wizard, but does not mention the use of the cmdlet. A second opinion is needed on thisquestion/answer.

The command syntax for removing AD DS is as follows. Optional parameters appear within brackets.

Uninstall-ADDSDomainController ForceRemoval [-skipprechecks] LocalAdministratorPassword <SecureString> [-Credential <PS Credential>] [-DemoteOperationsMasterRole] [-NoRebootOnCompletion] [-Force] [-WhatIf] [-Confirm] [<common parameters>]

To Remove AD DS using the Remove Roles Wizard

The validation error appears by design because the AD DS server role binaries cannot be removed while theserver is running as a domain controller. Click Demote this domain controller .

QUESTION 13Your network contains an Active Directory domain named contoso.com. Domain controllers run either WindowsServer 2008, Windows Server 2008 R2, or Windows Server 2012. You have a Password Settings object(PSOs) named PSO1. You need to view the settings of PSO1. Which tool should you use?

A. Get-ADDomainControllerPasswordReplicationPolicyB. Get-ADDefaultDomainPasswordPolicyC. Server ManagerD. Get-ADFineGrainedPasswordPolicy

Correct Answer: DSection: (none)Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/ee617231.aspx

Get-ADFineGrainedPasswordPolicyGets one or more Active Directory fine grained password policies.

Page 31: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

QUESTION 14Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named DC4 that runs Windows Server 2012. You create a DCCIoneConfig.xml file. You need toclone DC4. Where should you place DCCIoneConfig.xml on DC4?

A. %Systemroot%\SYSVOLB. %Systemdrive%C. %Systemroot%\NTDSD. %Programdata%\Microsoft

Correct Answer: CSection: (none)Explanation

Explanation/Reference:http://blogs.technet.com/b/askpfeplat/archive/2012/10/01/virtual-domain-controller-cloning-in-windows- server-2012.aspx

Starting in Windows Server 2012, we now support DC cloning as well as snapshot restoration of domaincontrollers.

DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when itboots. This includes network settings, DNS, WINS, AD site name, new DC name and more.

The XML file is written to c:\windows\ntds. That's one of three valid locations where the file can be placed forcloning. All three locations are:

%windir%\NTDSWherever the DIT lives (if you've changed the path to D:\NTDS, for example) The root of any removable media

QUESTION 15Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named dc1.contoso.com. You discover that the Default Domain Policy Group Policy objects (GPOs)and the Default Domain Controllers Policy GPOs were deleted. You need to recover the Default Domain Policyand the Default Domain Controllers Policy GPOs. What should you run?

A. dcgpofix.exe /target:domainB. dcgpofix.exe /target:bothC. gpfixup.exe /oldnb:contoso/newnb:dc1D. gpfixup.exe /dc:dc1.contoso.com

Correct Answer: BSection: (none)Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/cc739095(v=ws.10).aspx

Dcgpofix restores the default Group Policy objects to their original default state after initial installation of adomain controller. The Dcgpofix tool recreates the two default Group Policy objects and creates the settingsbased on the operations that are performed only during Dcpromo. It is important to understand that Dcgpofixdoes not restore the security settings to the state they were in before you run Dcpromo.

Type the following at the command prompt: dcgpofix [/ignoreschema][/target: {domain | dc | bo th}]

Where:/ignoreschema is an optional parameter. If you set this parameter, the Active Directory schema version

Page 32: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

number is ignored./target: {domain | dc | both} is an optional parameter that specifies the target domain, domain controller, orboth. If you do not specify /target , dcgpofix uses both by default.

QUESTION 16Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012. Server1 has the Network Policy Server role service installed. You planto configure Server1 as a Network Access Protection (NAP) health policy server for VPN enforcement by usingthe Configure NAP wizard. You need to ensure that you can configure the VPN enforcement method onServer1 successfully. What should you install on Server1 before you run the Configure NAP wizard?

A. The Remote Access server roleB. A system health validator (SHV)C. A computer certificateD. The Host Credential Authorization Protocol (HCAP)

Correct Answer: CSection: (none)Explanation

Explanation/Reference:When running the wizard:You cannot continue without a valid certificate:

Page 33: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

NOTE: No clear documentation was able to be referenced for this answer.

QUESTION 17Your network contains an Active Directory domain named contoso.com. All client computers run Windows8. Your company has users who work from home. Some of the home users have desktop computers. Otherhome users have laptop computers. All of the computers are joined to the domain. All of the computer accountsare members of a group named Group1. Currently, the home users access the corporate network by using aPPTP VPN. You implement DirectAccess by using the default configuration and you specify Group1 as theDirectAccess client group. The home users who have desktop computers report that they cannot useDirectAccess to access the corporate network. The home users who have laptop computers report that theycan use DirectAccess to access the corporate network. You need to ensure that the home users who havedesktop computers can access the network by using DirectAccess. What should you modify?

A. The WMI filter for Direct Access Client Settings GPOB. The conditions of the Connections to Microsoft Routing and Remote Access server policy

Page 34: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

C. The membership of the RAS and IAS Servers groupD. The security settings of the computer accounts for the desktop computers

Correct Answer: ASection: (none)Explanation

Explanation/Reference:The default settings includes creating a GPO that has a WMI filter for laptops only.

http://technet.microsoft.com/en-us/library/jj574145.aspx

There are two decisions to make when planning your client deployment:Will DirectAccess be available to mobile computers only, or to any computer?

When you configure DirectAccess clients in the Enable DirectAccess wizard, you can choose to allow onlymobile computers in the specified security groups to connect using DirectAccess. If you restrict access tomobile computers, Remote Access automatically configures a WMI filter to ensure that the DirectAccess clientGPO is applied only to mobile computers in the specified security groups. The Remote Access administratorrequires permissions to create or modify group policy WMI filters to enable this setting.

http://technet.microsoft.com/en-us/library/hh918408.aspxBy default DA is deployed on all domain laptop and netbook computers that belong to the domain specified inthe client GPO. This is achieved by adding the Domain Computers AD group as the client SG and creating aWMI filter to filter out devices that are classified as either non-laptops and netbooks. If a client GPO is notspecified then the domain of the DA server is used and a client GPO with default name is created in thatdomain. If the user running the cmdlet does not have the permissions to create the WMI filter, then no client SGis added.

QUESTION 18Your network contains an Active Directory forest. The forest contains two domains named contoso.com andfabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012. The network containstwo servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com.Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to eachother by using a WAN link. Client computers that connect to Server1 for name resolution cannot resolve namesin fabrikam.com. You need to configure Server1 to support the resolution of names in fabrikam.com. Thesolution must ensure that users in contoso.com can resolve names in fabrikam.com if the WAN link fails. Whatshould you do on Server1?

Page 35: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

A. Create a stub zone.B. Create a secondary zone.C. Add a forwarder.D. Create a conditional forwarder.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/cc771898(v=ws.10).aspx

Stub zone doesn't host the records themselvesForwarder and conditional forwarders simply give instructions on where to forward DNS requests to.

Secondary Zone: When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondarysource for information about this zone.Stub Zone: When a zone that this DNS server hosts is a stub zone, this DNS server is a source only forinformation about the authoritative name servers for this zone.

QUESTION 19Your network contains an Active Directory domain named contoso.com. The domain contains a Web servernamed www.contoso.com. The Web server is available on the Internet. You implement DirectAccess by usingthe default configuration. You need to ensure that users never attempt to connect to www.contoso.com byusing DirectAccess. The solution must not prevent the users from using DirectAccess to access otherresources in contoso.com. Which settings should you configure in a Group Policy object (GPO)?

A. Network ConnectionsB. DirectAccess Client Experience SettingsC. DNS ClientD. Name Resolution Policy

Correct Answer: DSection: (none)Explanation

Explanation/Reference:http://www.techrepublic.com/blog/10things/10-things-you-should-know-about-directaccess/1371

Page 36: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Name Resolution Policy Table provides policy-based DNS queries The DirectAccess client uses the Name Resolution Policy Table (NRPT) to determine which DNS server to useto resolve names. When the DirectAccess client is on the corpnet, the NRPT is turned off. When theDirectAccess client detects that it is on the Internet, the DirectAccess client turns on the NRPT and checks itsentries to see which DNS server it should use to connect to a resource. You put your internal domain namesand possible servers on the NRPT and configure it to use an internal DNS server to resolve names.

When the DirectAccess client on the Internet needs to connect to a resource using a FQDN, it checks theNRPT. If the name is on it, the query is sent to an intranet DNS server. If the name is not on the NRPT, theDirectAccess client sends the query to the DNS server configured on its NIC, which is an Internet DNS server.The name of the NLS server is also placed on the NRPT, but it's included as an exemption -- meaning that theDirectAccess client should never use an intranet server to resolve the name of the NLS server. So theDirectAccess client on the Internet will never be able to resolve the name of the NLS server and thus will knowthat it is on the Internet and will turn on its DirectAccess client components. Even more important, when itconnects to the corpnet over the DirectAccess connection, it doesn't think that it's connected to the corpnet byresolving the name of the NLS server.

Page 37: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

QUESTION 20Your network contains an Active Directory domain named contoso.com. Domain controllers run either WindowsServer 2003, Windows Server 2008 R2, or Windows Server 2012. A support technician accidentally deletes auser account named User1. You need to use tombstone reanimation to restore the User1 account. Which toolshould you use?

A. EsentutlB. LdpC. NtdsutilD. Active Directory Administrative Center

Correct Answer: BSection: (none)Explanation

Explanation/Reference:ADAC would be the perfect solution if this environment was in 2008 R2 functional level; however it is currentlybelow that due to there being a Windows Server 2003 DC. This means you must use the LDP utility aspreviously.

http://technet.microsoft.com/en-us/library/hh831702.aspx

If you plan to enable Active Directory Recycle Bin in Windows Server 2012, consider the following:By default, Active Directory Recycle Bin is disabled. To enable it, you must first raise the forest functionallevel of your AD DS or AD LDS environment to Windows Server 2008 R2 or higher. This in turn requires thatall domain controllers in the forest or all servers that host instances of AD LDS configuration sets be runningWindows Server 2008 R2 or higher.The process of enabling Active Directory Recycle Bin is irreversible. After you enable Active DirectoryRecycle Bin in your environment, you cannot disable it.To manage the Recycle Bin feature through a user interface, you must install the version of Active DirectoryAdministrative Center in Windows Server 2012.

http://wintelteams.wordpress.com/2012/07/13/restore-deleted-objects-in-active-directory-database- using-tombstone-reanimation-ldp-exe/The Deleted Objects container is hidden and can not be viewed by using Active Directory Users andComputers and ADSIEDIT.MSC. But you can use LDP.EXE.

QUESTION 21Your network contains an Active Directory domain named contoso.com. All domain controllers run WindowsServer 2012. On all of the domain controllers, Windows is installed in C:\Windows and the Active Directorydatabase is located in D:\Windows\NTDS\. All of the domain controllers have a third-party application installed.The operating system fails to recognize that the application is compatible with domain controller cloning. Youverify with the application vendor that the application supports domain controller cloning. You need to prepare adomain controller for cloning. What should you do?

A. In C:\Windows\System32\Sysprep\Actionfiles\, add the application information to an XML file namedRespecialize.xml.

B. In D:\Windows\NTDS\, create an XML file named DCCIoneConfig.xml and add the application informationto the file.

C. In D:\Windows\NTDS\, create an XML file named CustomDCCIoneAllowList.xml and add the applicationinformation to the file.

D. In C:\Windows\, create an XML file named DCCIoneConfig.xml and add the application information to thefile.

Correct Answer: CSection: (none)Explanation

Page 38: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Explanation/Reference:http://blogs.technet.com/b/askpfeplat/archive/2012/10/01/virtual-domain-controller-cloning-in-windows- server-2012.aspx

It tells us that applications were found that are not on the allowed list. What's on the allowed list? Goodquestion. You can find it at C:\Windows\System32\DefaultDCCloneAllowList.xml. This list exists by default onWindows Server 2012 domain controllers and should not be modified. If you want to add a discoveredapplication to the list, you'll need to generate a custom DC allow list.

You've verified with the application vendor that the service is OK to clone. Generating the allow list is easy.Run Get-ADDCCloningExcludedApplicationList again, but specify the GenerateXML switch.

The cmdlet generates the XML and writes it out to c:\windows\ntds, as the output shows.

(Notice the name of the file in this screenshot, "CustomDCCloneAllowList").

QUESTION 22Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012.The domain contains two servers. The servers are configured as shown in the following table.

All client computers run Windows 8 Enterprise. You plan to deploy Network Access Protection (NAP) by usingIPSec enforcement. A Group Policy object (GPO) named GPO1 is configured to deploy a trusted server groupto all of the client computers. You need to ensure that the client computers can discover HRA serversautomatically. Which three actions should you perform? (Each correct answer presents part of the solution.Choose three.)

A. On Server2, configure the EnableDiscovery registry key.B. On DC1, create an alias (CNAME) record.C. On DC1, create a service location (SRV) record.D. In a GPO, modify the Trusted Server setting for the NAP Client Configuration.E. On all of the client computers, configure the EnableDiscovery registry key.

Correct Answer: CDESection: (none)Explanation

Page 39: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Explanation/Reference:http://technet.microsoft.com/en-us/library/dd296901(v=ws.10).aspx

Requirements for HRA automatic discoveryThe following requirements must be met in order to configure trusted server groups on NAP client computersusing HRA automatic discovery:

Client computers must be running Windows Vista® with Service Pack 1 (SP1) or Windows XP with ServicePack 3 (SP3).The HRA server must be configured with a Secure Sockets Layer (SSL) certificate.The EnableDiscovery registry key must be configured on NAP client computers.DNS SRV records must be configured.The trusted server group configuration in either local policy or Group Policy must be cleared.

QUESTION 23Your network contains an Active Directory domain named adatum.com. The domain contains a server namedServer1 that runs Windows Server 2012. Server1 is configured as a Network Policy Server (NPS) server and asa DHCP server. The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP scopefor each subnet. You need to ensure that noncompliant computers on Subnet1 receive different networkpolicies than noncompliant computers on Subnet2. Which two settings should you configure? (Each correctanswer presents part of the solution. Choose two.)

A. The NAS Port Type constraintsB. The Health Policies conditionsC. The Called Station ID constraintsD. The NAP-Capable Computers conditionsE. The MS-Service Class conditions

Correct Answer: DESection: (none)Explanation

Explanation/Reference:The MS-Service Class is how you can specify which subnet the computer must be coming from in order toapply the policy.

http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx

MS-Service Class: Restricts the policy to clients that have received an IP address from a DHCP scope thatmatches the specified DHCP profile name. This condition is used only when you are deploying NAP with theDHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name thatidentifies your DHCP scope , type the name of an existing DHCP profile.

NAP-Capable Computers: Restricts the policy to either clients that are capable of participating in NAP or clientsthat are not capable of participating in NAP. This capability is determined by whether the client sends a SoH toNPS.

Page 40: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

QUESTION 24Your network contains an Active Directory domain named adatum.com. The domain contains a server namedServer1 that runs Windows Server 2012. Server1 is configured as a Network Policy Server (NPS) server and asa DHCP server. You need to ensure that only computers that send a statement of health are checked forNetwork Access Protection (NAP) health requirements. Which two settings should you configure? (Each correctanswer presents part of the solution. Choose two.)

A. The NAP-Capable Computers conditionsB. The MS-Service Class conditionsC. The NAS Port Type constraintsD. The Called Station ID constraintsE. The Health Policies conditions

Correct Answer: AESection: (none)Explanation

Explanation/Reference:The NAP-Capable ensures that the machine is able to send a statement of health, and the Health Policy tells itwhich policy to evaluate against.

http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx

NAP-Capable Computers: Restricts the policy to either clients that are capable of participating in NAP or clientsthat are not capable of participating in NAP. This capability is determined by whether the client sends a SoH toNPS.

Page 41: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Health Policies: Restricts the policy to clients that meet the health criteria specified in the health policy. Forexample, you might have two Health Policies that you have configured using the Windows SHV -- one healthpolicy created for circumstances where client computers pass all health checks and one policy created forcircumstances where client computers fail all health checks specified in the Windows SHV. If you select thehealth policy that designates that all client computers must pass all health checks, the SoH sent to NPS fromNAP agent on the client computer must state that the client passed all health checks required by the WindowsSHV in order for the conditions of the network policy to be met.

QUESTION 25Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 andhave the DNS Server server role installed. On Server1, you create a standard primary zone namedcontoso.com. You need to ensure that Server2 can host a secondary zone for contoso.com. What should youdo from Server1?

A. Create a zone delegation that points to Server2.B. Create a trust anchor named Server2.C. Convert contoso.com to an Active Directory-integrated zone.D. Add Server2 as a name server.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/cc816885(v=ws.10).aspx

Typically, adding a secondary DNS server to a zone involves three steps:1. On the primary DNS server, add the prospective secondary DNS server to the list of name servers that areauthoritative for the zone.2. On the primary DNS server, verify that the transfer settings for the zone permit the zone to be transferred tothe prospective secondary DNS server.3. On the prospective secondary DNS server, add the zone as a secondary zone.

Note: Active Directory-integrated zones do not ordinarily employ secondary DNS servers. Active Directory-integrated zones use Active Directory replication instead of zone transfer to synchronize zone data among DNSservers.

Page 42: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Exam C

QUESTION 1You have a server named Server1 that runs Windows Server 2012. On Server1, you configure a custom DataCollector Set (DCS) named DCS1. DCS1 is configured to store performance log data inC:\Logs. You need to ensure that the contents of C:\Logs are deleted automatically when the folder reaches100 MB in size. What should you configure?

A. A File Server Resource Manager (FSRM) file screen on the C:\Logs folderB. A schedule for DCS1C. The Data Manager settings of DCS1D. A File Server Resource Manager (FSRM) quota on the C:\Logs folder

Correct Answer: CSection: (none)Explanation

Explanation/Reference:http://technet.microsoft.com/en-us/library/cc765998.asp

Age: The age in days or weeks of the data file. If the value is 0, the criterion is not used.Size: The size in megabytes (MB) of the folder where log data is stored. If the value is 0, the criterion is notused.Cab: A cabinet file, which is an archive file format. Cab files can be created from raw log data and extractedlater when needed. Choose create or delete to take action based on the age or size criteria.Data: Raw log data collected by the Data Collector Set. Log data can be deleted after a cab file is created to

Page 43: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

save disk space while still retaining a backup of the original data.Report: The report file generated by Windows Performance Monitor from raw log data. Report files can beretained even after the raw data or cab file has been deleted.

QUESTION 2You have a VHD that contains an image of Windows Server 2012. You plan to apply updates to the image. Youneed to ensure that only updates that can install without requiring a restart are installed.Which DISM option should you use?

A. /Apply-UnattendB. /Add-ProvisionedAppxPackageC. /PreventPendingD. /Cleanup-Image

Correct Answer: CSection: (none)Explanation

Explanation/Reference:Use the /PreventPending option to skip the installation of the package if the package or Explanation:Windows image has pending online actions. This option can only be used when servicing Windows 8, WindowsServer 2012, or Windows® Preinstallation Environment (Windows PE) 4.0 images.

http://technet.microsoft.com/en-us/library/hh825265.aspxhttp://technet.microsoft.com/en-us/library/hh825265.aspx

QUESTION 3Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Server1 and Server2 that run Windows Server 2012. Server1 has the IP Address Management (IPAM)Server feature installed. Server2 has the DHCP Server server role installed. A user named User1 is a memberof the IPAM Users group on Server1. You need to ensure that User1 can use IPAM to modify the DHCP scopeson Server2. The you add User1?solution must minimize the number of permissions assigned to User1. To which group should

A. IPAM ASM Administrators on Server1B. IPAMUG in Active DirectoryC. DHCP Administrators on Server2D. IPAM MSM Administrators on Server1

Correct Answer: CSection: (none)Explanation

Explanation/Reference:Explanation: Members of the DHCP Administrators group can view and modify any data at the DHCP server.DHCP Administrators can create and delete scopes, add reservations, change option values, createsuperscopes, or perform any other activity needed to administer the DHCP server, including export or import ofthe DHCP server configuration and database. DHCP Administrators perform these tasks using the Netshcommands for DHCP or the DHCP console

Explanation/Reference: http://technet.microsoft.com/en-us/library/cc737716(v=ws.10).aspx

QUESTION 4Your network contains an Active Directory domain named contoso.com. The domain contains a main office anda branch office. An Active Directory site exists for each office. The domain contains two servers named Server1and Server2 that run Windows Server 2012. Both servers have the DHCP Server server role installed. Server1is located in the main office site. Server2 is located in the branch office site. Server1 provides IPv4 addresses

Page 44: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

to the client computers in the main office site. Server2 provides IPv4 addresses to the client computers in thebranch office site. You need to ensure that if either Server1 or Server2 are offline, the client computers can stillobtain IPv4 addresses. The solution must meet the following requirements:

The storage location of the DHCP databases must not be a single point of failure. Server1 must provide IPv4 addresses to the client computers in the branch office site only if Server2 isoffline. Server2 must provide IPv4 addresses to the client computers in the main office site only if Server1 is offline.

Which configuration should you use?

A. Load sharing mode failover partnersB. Hot standby mode failover partnersC. A Network Load Balancing (NLB) clusterD. A failover cluster

Correct Answer: BSection: (none)Explanation

Explanation/Reference:Explanation: As discussed in the blog on Load balanced mode, the free IP address pool of a scope which ispart of a failover relationship in Load Balance mode, will be apportioned in the configured load distributionpercentage to enable both DHCP servers to respond to client requests for new IP addresses. However, in a hotstandby failover mode, free IP address pool is owned by the Active server entirely as it is serving all the clientrequests. In the event of an outage of the active server, the standby server needs to be able to renew existingIP address leases as well as give out new IP address leases to clients who request a new lease. For leasingnew IP addresses to clients, the standby server needs a free IP address pool the later scenario available to itfrom which it can give out new leases. The standby server will take over the free IP address pool of the activeserver only after it transitions into Partner Down state from Communicated Interrupted state and a time periodof MCLT (Maximum Client Lead Time) has expired. This is as per the DHCP failover protocol. To enable thestandby server to serve new IP address leases to clients during this interim period - i.e. till it a percentage offree IP transitions to Partner Down and takes over the entire free IP address pool of a scope address poolneeds to be available to standby server. This can be provided by the configuration parameter reserve addresspercentage.

The percentage of addresses reserved for the hot standby server can be configured for a failover relationshipconfigured for hot standby mode. Free IP addresses in proportion to the percentage value configured would beassigned to the hot standby server. If address reserve percentage is set to 0, no addresses will be reserved forthe hot standby server and new client leases cannot be granted by the hot standby server in case of outage ofactive server. The default value for reserve address percentage is 5%. Since the reserve address percentage ismeant for an interim period as discussed above, the value chosen for it can typically be small (5- 10%).

Explanation/Reference: http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failover-hot- standby-mode.aspx

QUESTION 5Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed.You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1and Server2. You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2.To which group on Server2 should you add Tech1.

A. IPAM MSM AdministratorsB. IPAM AdministratorsC. winRMRemoteWMIUsers_D. Remote Management Users

Page 45: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Correct Answer: CSection: (none)Explanation

Explanation/Reference:Explanation: If you are accessing the IPAM server remotely using Server Manager IPAM client RSAT, then youmust be a member of the WinRMRemoteWMIUsers group on the IPAM server, in addition to being a memberof the appropriate IPAM security group (or local Administrators group).

This is another case of Remote Management Users and winRMRemoteWMIUsers_ providing the exact samepermissions. The description of each group is exactly the same. However since the user is already a memberof IPAM adinistrators group and the IPAM MSM Administrators Administrators group provides access that isalready available to the IPAM Administrators group.

Explanation/Reference: http://www.microsoft.com/en-us/download/details.aspx?id=29012 - Read Page 3

QUESTION 6Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012. Server1 has the Active Directory Certificate Services server roleinstalled and is configured as an enterprise certification authority (CA). You need to ensure that all of the usersin the domain are issued a certificate that can be used for the following purposes:

Email securityClient authenticationEncrypting File System (EFS)

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Modify the properties of the User certificate template, and then publish the template.B. From a Group Policy, configure the Certificate Services Client - Certificate Enrollment Policy settings.C. From a Group Policy, configure the Automatic Certificate Request Settings settings.D. Duplicate the User certificate template, and then publish the template.E. From a Group Policy, configure the Certificate Services Client - Auto-Enrollment settings.

Correct Answer: DESection: (none)Explanation

Explanation/Reference:The default user template supports all of the requirements EXCEPT autoenroll as shown below:

However a duplicated template from users has the ability to autoenroll:

Page 46: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.

QUESTION 7You manage an environment that has many servers. The servers run Windows Server 2012 and use iSCSIstorage. Administrators report that it is difficult to locate available iSCSI resources on the network. You need toensure that the administrators can locate iSCSI resources on the network by using a central repository.Which feature should you deploy?

A. The iSNS Server service featureB. The iSCSI Target Storage Provider featureC. The Windows Standards-Based Storage Management featureD. The iSCSI Target Server role service

Correct Answer: ASection: (none)Explanation

Explanation/Reference:Explanation: Features of iSNS Server

iSNS Server is a repository of currently active iSCSI nodes, as well as their associated portals, entities, etc.

Nodes can be initiators, targets, or management nodes.

Typically, initiators and targets register with the iSNS server, and the initiators query the iSNS server for the listof available targets.

A dynamic database of the iSCSI devices and related information that are currently available on the network:The database helps provide iSCSI target discovery functionality for the iSCSI initiators on the network. Thedatabase is kept dynamic by using the Registration Period and Entity Status Inquiry features of iSNS.Registration Period allows the server to automatically deregister stale entries. Entity Status Inquiry provides theserver a functionality similar to ping to determine whether registered clients are still present on the network, andallows the server to automatically deregister those clients which are no longer present.

State Change Notification Service: This allows registered clients to be made aware of changes to the databasein the iSNS server. It allows the clients to maintain a dynamic picture of the iSCSI devices available on thenetwork.

Discovery Domain Service: This allows an administrator to assign iSCSI nodes and portals into one or moregroups called discovery domains. Discovery domains provide a zoning functionality by which an iSCSI initiatorcan only discover those iSCSI targets who have at least one discovery domain in common with it.

Explanation/Reference: http://technet.microsoft.com/en-us/library/cc772568.aspx

QUESTION 8You have a server named Server1 that runs Windows Server 2012. You download and install the MicrosoftOnline Backup Service Agent on Server1. You need to ensure that you can configure an online backup from

Page 47: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Windows Server Backup. What should you do first?

A. From a command prompt, run wbadmin.exe enable backup.B. From Windows Server Backup, run the Register Server Wizard.C. From the Services console, modify the Log On settings of the Microsoft Online Backup Service Agent.D. From Computer Management, add the Server1 computer account to the Backup Operators group.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:Explanation: If you select Online Backup entry in the Windows Server Backup console, you will get additionaloptions on the right-hand side. Select Register Server option to start a wizard for configuring the online backup.

Explanation/Reference: http://blogs.msdn.com/b/mvpawardprogram/archive/2012/11/12/configuring- online-backup-for-windows-server-2012.aspx

QUESTION 9Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Server1 and Server2. Both servers have the Hyper-V server role installed. You plan to replicate virtualmachines between Server1 and Server2. The replication will be encrypted by using Secure Sockets Layer(SSL). You need to request a certificate on Server1 to ensure that the virtual machine replication is encrypted.Which two intended purposes should the certificate for Server1 contain? (Each correct answer presents part ofthe solution. Choose two.)

A. Server AuthenticationB. KDC AuthenticationC. Kernel Mode Code SigningD. IP Security end systemE. Client Authentication

Correct Answer: AESection: (none)Explanation

Explanation/Reference:Explanation/Reference: http://blogs.technet.com/b/virtualization/archive/2012/03/13/hyper-v-replica-certificate-requirements.aspx

QUESTION 10Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2 that run Windows Server 2012. Both servers have the Hyper-V server role

Page 48: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

installed. The network contains an enterprise certification authority (CA). All servers are enrolled automaticallyfor a certificate-based on the Computer certificate template. On Server1, you have a virtual machine namedVM1. VM1 is replicated to Server2. You need to encrypt the replication of VM1. Which two actions should youperform? (Each correct answer presents part of the solution. Choose two.)

A. On Server1, modify the settings of VM1.B. On Server2, modify the settings of the virtual switch to which VM1 is connected.C. On Server1, modify the Hyper-V Settings.D. On Server1, modify the settings of the virtual switch to which VM1 is connected,E. On Server2, modify the settings of VM1.F. On Server2, modify the Hyper-V Settings.

Correct Answer: AESection: (none)Explanation

Explanation/Reference:Explanation: Once you change the Hyper-V Settings of Server 2 to encrypt replications with a certificate, youthen need to change the replication information of VM1 to use the secure connection.Explanation/Reference: http://technet.microsoft.com/en-us/library/jj134240.aspx

QUESTION 11Your network contains an Active Directory domain named contoso.com. The domain contains a file servernamed Server1 that runs Windows Server 2012. You create a user account named User1 in the domain. Youneed to ensure that User1 can use Windows Server Backup to back up Server1. The solution must minimizethe number of administrative rights assigned to User1. What should you do?

A. Assign User1 the Back up files and directories user right.B. Add User1 to the Backup Operators group.C. Add User1 to the Power Users group.D. Assign User1 the Back up files and directories user right and the Restore files and directories user right.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:Backup Operators have these permissions by default:

However the question explicitly says we need to minimize administrative rights. Since the requirement is forbacking up the data only--no requirement to restore or shutdown--then assigning the "Back up files anddirectories user right" would be the correct. Answer.

Page 49: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

QUESTION 12You have a datacenter that contains six servers. Each server has the Hyper-V server role installed and runsWindows Server 2012. The servers are configured as shown in the following table.

Host4 and Hosts5 are part of a cluster named Cluster1. Cluster1 hosts a virtual machine named VM1. Youneed to move VM1 to another Hyper-V host. The solution must minimize the downtime of VM1. To which serverand by which method should you move VM1

A. To Host3 by using a storage migrationB. To Host6 by using a storage migrationC. To Host2 by using a live migrationD. To Host1 by using a quick migration

Correct Answer: ASection: (none)Explanation

Explanation/Reference:For Moving VM's Requirement1. One or more installations of Windows Server 2012 with the Hyper-V role installed.2. A server that is capable of running Hyper-V. Specifically, it must have processor support for hardwarevirtualization.3. Virtual machines that are configured to use only virtual hard disks for storage Moving virtual hard disks

Explanation - Moving Virtual Hard Disks1. Throughout most of the move operation, disk reads and writes go to the source virtual hard disk.2. While reads and writes occur on the source virtual hard disk, the disk contents are copied to the newdestination virtual hard disk.

Page 50: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

3. After the initial disk copy is complete, disk writes are mirrored to both the source and destination virtual harddisks while outstanding disk changes are replicated.4. After the source and destination virtual hard disks are completely synchronized, the virtual machine switchesover to using the destination virtual hard disk.5. The source virtual hard disk is deleted.

Explanation/Reference: http://technet.microsoft.com/en-us/library/hh831656.aspx

QUESTION 13Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Print andDocument Services server role installed. You connect a new print device to the network. The marketingdepartment and the sales department will use the print device. You need to provide users from bothdepartments with the ability to print to the network print device. The solution must ensure that if there aremultiple documents queued to print, the documents from the sales users print before the documents from themarketing users. What should you do on Server1?

A. Add one printer. Modify the printer priority and the security settings.B. Add two printers. Modify the priorities of each printer and the security settings of each printer.C. Add two printers and configure printer pooling.D. Add one printer and configure printer pooling.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:Explanation/Reference: Unable to find proper explanation for this Question

QUESTION 14Your network contains an Active Directory domain named adatum.com. The domain contains several thousandmember servers that run Windows Server 2012. All of the computer accounts for the member servers are in anorganizational unit (OU) named ServersAccounts. Servers are restarted only occasionally. You need to identifywhich servers were restarted during the last two days. What should you do?

A. Run dsquery computerand specify the -sra/epwc/parameter.B. Run Get-ADComputerand specify the SearcftScopeparameter.C. Run dsquery serverand specify the -oparameter.D. Run Get-ADComputerand specify the lastLogonproperty

Correct Answer: DSection: (none)

Page 51: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Explanation

Explanation/Reference:Explanation/Reference: http://kpytko.wordpress.com/2012/07/30/lastlogon-vs-lastlogontimestamp/

QUESTION 15Your network contains an Active Directory domain named adatum.com. The domain contains three domaincontrollers. The domain controllers are configured as shown in the following table.

DC3 loses network connectivity due to a hardware failure. You plan to remove DC3 from the domain. You logon to DC3. You need to identify which service location (SRV) records are registered by DC3.What should you do?

A. Open the %windir%\system32\dns\backup\adatum.com.dns file.B. Run ipconfig /displaydn*.C. Run dcdiag /test:dns,D. Open the %windir%\system32\config\netlogon.dns file.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:Explanation- The netlogon.dns file contains all registrations.Explanation/Reference:

QUESTION 16You have a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-V server roleinstalled. On Server1, you create a virtual machine named VM1. VM1 has a legacy network adapter. You needto assign a specific amount of available network bandwidth to VM1. What should you do first?

A. Add a second legacy network adapter, and then configure network adapter teaming.B. Remove the legacy network adapter, and then run the Set-VMNetworkAdaptercmdlet.C. Remove the legacy network adapter, and then add a network adapter.D. Add a second legacy network adapter, and then run the Set-VMNetworkAdaptercmdlet.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:Explanation: There is a second type of adapter available for additional to Hyper-V virtual machines: A legacynetwork adapter. A legacy network adapter is different from the default network adapter in a couple of keyways:

It's slower. The legacy network adapter runs in a different area of the host operating system than the defaultnetwork adapter. Because of the location of which it runs, it's slower than the default.It can do PXE boot. If you need your virtual machine to boot to a PXE server, the legacy network adapter isright for you.

Page 52: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Drivers. The default network adapter begins working once you've installed the Integrated Components tools.These tools add a synthetic driver to enable the network adapter. The legacy network adapter emulates a well-supported hardware device that enjoys broad operating system driver support. The legacy network adapter isbased on a DEC 21140 10/100 TX 100 MB Ethernet adapter. The legacy adapter doesn't support bandwidthmanagement.

Explanation/Reference: http://www.virtualizationadmin.com/articles-tutorials/microsoft-hyper-v- articles/management/managing-hyper-v-networking.html

QUESTION 17You have a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-V server roleinstalled. The disks on Server1 are configured as shown in the exhibit. (Click the Exhibit button.) You create avirtual machine on Server1. You need to ensure that you can configure a pass-through disk for the virtualmachine. What should you do?

A. Convert Disk 1 to a dynamic disk.B. Delete partition E.C. Convert Disk 1 to a GPT disk.D. Take Disk 1 offline.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:To ensure the Guest has exclusive access to the storage, it must be placed in an Offline state from the Hyper-V server perspective

Explanation/Reference: http://blogs.technet.com/b/askcore/archive/2008/10/24/configuring-pass- through-disks-in-hyper-v.aspx

QUESTION 18Your company's security policy states that all of the servers deployed to a branch office must not have thegraphical user interface (GUI) installed. In a branch office, a support technician installs a server with a GUIinstallation of Windows Server 2012 on a new server, and then configures the server as a DHCP server. Youneed to ensure that the new server meets the security policy. You want to achieve this goal by using theminimum amount of administrative effort. What should you do?

A. From Server Manager, uninstall the User Interfaces and Infrastructure feature.B. Reinstall Windows Server 2012on the server.C. From Windows PowerShell, run Uninstall-WindowsFeature Desktop-Experience.D. From Windows PowerShell, run Uninstall-WindowsFeature PowerShell-ISE.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:Turning the GUI OffIn Windows Server 8 the GUI has kept with the modular nature of recent Windows Server Operating Systemshas become a "Feature". This makes removing the GUI very easy. To get started launch Server Manager.When you reach the Features page, you need to uncheck the box next to the "User Interfaces andInfrastructure" option, and then click next.

Explanation/Reference: http://www.howtogeek.com/111967/how-to-turn-the-gui-off-and-on-in-windows- server-2012/

Page 53: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

QUESTION 19You have 3 server that runs Windows Server 2012. The server contains the disks configured as shown in thefollowing table.

You need to create a volume that can store up to 3 TB of user files. The solution must ensure that the user filesare available if one of the disks in the volume fails.What should you create?

A. A storage pool on Disk 2 and Disk 3B. A raid 5 volume on Disk 1, Disk 2 and Disk 3C. A storage pool on Disk 1 and Disk 3D. A mirrored volume on Disk l and Disk 4

Correct Answer: ASection: (none)Explanation

Explanation/Reference:Explanation - A storage pool can be created that is configured to mirror between the two disks.Explanation/Reference: http://arstechnica.com/information-technology/2012/01/windows-8-storage-spaces-detailed-pooling-redundant-disk-space-for-all/

QUESTION 20You have a server named Corel that has a Server Core Installation of Windows Server 2012. Corel has theHyper-V server role installed. Corel has two network adapters from different third- party hardware vendors. Youneed to configure network traffic failover to prevent connectivity loss if a network adapter fails. What should youuse?

A. netsh.exeB. Install-FeatureC. New-NetSwitchTeamD. Add -NetSwitchTeamMember

Correct Answer: CSection: (none)Explanation

Page 54: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Explanation/Reference:Explanation - The New-NetSwitchTeam cmdlet creates a new switch team. A switch team must have a namefor the team and must be created with one or more members, or network adapters.Explanation/Reference: http://technet.microsoft.com/en-us/library/jj553814.aspx

QUESTION 21You have a server named Server1 that runs Windows Server 2012. Server1 has five network adapters. Threeof the network adapters are connected to a network named LAN1. The two other network adapters areconnected to a network named LAN2. You need to create a network adapter team from the three networkadapters connected to LAN1. Which tool should you use?

A. Routing and Remote AccessB. Network Load Balancing ManagerC. Network and Sharing CenterD. Server Manager

Correct Answer: DSection: (none)Explanation

Explanation/Reference:Explanation/Reference: http://blogs.technet.com/b/kevinholman/archive/2012/06/02/windows-server-2012-creating-a-nic-team-for-load-balancing-and-failover.aspx

QUESTION 22Your network contains a server named Server1 that runs Windows Server 2012. Server1 has Hyper-v serverrole installed. Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4. Server1 is configured asshown in the following table.

You need to ensure that VM1 can use more CPU time than the other virtual machines when the CPUs onServer1 are under a heavy load. What should you configure?

A. NUMA topologyB. Resource controlC. Resource meteringD. Virtual Machine ChimneyE. The VLAN IDF. Processor CompatibilityG. The startup orderH. Automatic Start ActionI. Integration Services

Page 55: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

J. Port mirroringK. Single-root I/O visualization

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 23Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-Vserver role installed. Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4. Server1 isconfigured as shown in the following table.

You install a network monitoring application on VM2. You need to ensure that all of the traffic sent to VM3 canbe captured on VM2. What should you configure?

A. NUMA topology

Page 56: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

B. Resource controlC. Resource meteringD. Virtual Machine ChimneyE. The VLAN IDF. Processor CompatibilityG. The startup orderH. Automatic Start ActionI. Integration ServicesJ. Port mirroringK. Single-root I/O virtualization

Correct Answer: JSection: (none)Explanation

Explanation/Reference:

QUESTION 24Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-Vserver role installed. Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4. Server1 isconfigured as shown in the following table.

You need to configure VM4 to track the CPU, memory, and network usage. What should you configure?

A. NUMA topologyB. Resource controlC. Resource meteringD. Virtual Machine ChimneyE. The VLAN IDF. Processor CompatibilityG. The startup orderH. Automatic Start Action

Page 57: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

I. Integration ServicesJ. Port mirroringK. Single-root I/O virtualization

Correct Answer: CSection: (none)Explanation

Explanation/Reference:Explanation - To assist with more accurate, streamlined chargebacks while protecting historical information, Vin Windows Server 2012 "Server 8 Beta" introduces Resource Metering, a feature that allows Hyper-customers to create cost-effective, usage-based billing solutions. With this feature, service providers canchoose the best billing strategy for their business model, and independent software vendors can develop morereliable, end-to-end chargeback solutions on top of Hyper-V.

Explanation/Reference: http://blogs.technet.com/b/meamcs/archive/2012/05/28/hyper-v-resource-metering- in-windows-server-2012-server-8-beta.aspx

QUESTION 25Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper- Vserver role installed. Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4. Server1 isconfigured as shown in the following table.

VM2 sends and receives large amounts of data over the network. You need to ensure that the network traffic ofVM2 bypasses the virtual switches of the parent partition. What should you configure?

A. NUMA topologyB. Resource controlC. Resource meteringD. Virtual Machine QueueingE. The VLAN IDF. Processor CompatibilityG. The startup orderH. Automatic Start ActionI. Integration ServicesJ. Port mirroringK. Single-root I/O virtualization

Correct Answer: KSection: (none)Explanation

Page 58: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Explanation/Reference:Explanation - This new feature allows you to assign a network adapter that supports single-root I/Ovirtualization (SR-IOV) directly to a virtual machine.

What value does this change add?Use of SR-IOV maximizes network throughput while minimizing network latency as well as the CPU overheadrequired for processing network traffic.

You can provide a virtual machine with direct connectivity to a physical network adapter. For more information,see Hyper-V Support for Scaling Up and Scaling Out Overview.

Explanation/Reference: http://technet.microsoft.com/en-us/library/hh831410.aspx

Page 59: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Exam D

QUESTION 1Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper- Vserver role installed. Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4. Server1 isconfigured as shown in the following table.

VM3 is used to test applications. You need to prevent VM3 from synchronizing its clock to Server1. Whatshould you configure?

A. NUMA topologyB. Resource controlC. Resource meteringD. Virtual Machine ChimneyE. The VLAN IDF. Processor CompatibilityG. The startup orderH. Automatic Start ActionI. Integration ServicesJ. Port mirroringK. Single-root I/O virtualization

Correct Answer: ISection: (none)Explanation

Explanation/Reference:Explanation- The key to a virtual machine performing correctly on any hypervisor is to ensure all drivers are inplace. Drivers are usually delivered through something called a guest enlightenment kit. For Hyper- V, this isincluded by default with operating systems newer than Windows 7 and Windows Server 2008 within theMicrosoft realm as Integration Services. Older operating systems have Integration Services available, andfurther, Linux VMs have Integration Services as well.Guest enlightenment kits provide drivers (if necessary) for storage, networking, and other core components ofthe virtual machine. They also can provide additional features such as time synchronization with the host, fileinteroperability, key tasks (like power down), and a heartbeat.

Windows Server 2012 with Hyper-V has a matured iteration of Integration Services for virtual machines.There are five options that are on by default for each virtual machine created in Hyper-V. These options areshown below in Figure A:

Page 60: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Explanation/Ref: http://www.techrepublic.com/blog/networking/configure-integration-services-options- for-hyper-v-vms/6141

QUESTION 2Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper- Vserver role installed. Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4. Server1 isconfigured as shown in the following table.

You plan to schedule a complete backup of Server1 by using Windows Server Backup. You need to ensure thatthe state of VM1 is saved before the backup starts. What should you configure?

A. NUMA topologyB. Resource controlC. Resource meteringD. Virtual Machine ChimneyE. The VLAN IDF. Processor CompatibilityG. The startup orderH. Automatic Start ActionI. Integration ServicesJ. Port mirroring

Page 61: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

K. Single-root I/O visualization

Correct Answer: ISection: (none)Explanation

Explanation/Reference:

QUESTION 3Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012. Server1 and Server2 have theFailover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.You add two additional nodes to Cluster1. You have a folder named Folder1 on Server1 that containsapplication data. You plan to provide continuously available access to Folder1. You need to ensure that all ofthe nodes in Cluster1 can actively respond to the client requests for Folder1. What should you configure?

A. Affinity - NoneB. Affinity - SingleC. The cluster quorum settingsD. The failover settingsE. A file server for general useF. The Handling priorityG. The host priorityH. Live migrationI. The possible ownerJ. The preferred ownerK. Quick migrationL. The Scale-Out File Server

Correct Answer: LSection: (none)Explanation

Explanation/Reference:

Page 62: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Explanation- Scale-Out File Server for application data (Scale-Out File Server) This clustered file server isintroduced in Windows Server 2012 and lets you store server application data, such as Hyper-V virtual machinefiles, on file shares, and obtain a similar level of reliability, availability, manageability, and high performance thatyou would expect from a storage area network. All file shares are online on all nodes simultaneously. Fileshares associated with this type of clustered file server are called scale-out file shares. This is sometimesreferred to as active-active.

Explanation/Reference: http://technet.microsoft.com/en-us/library/hh831349.aspx

QUESTION 4Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012. Server1 and Server2 have theFailover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.Cluster1 hosts an application named App1. You need to ensure that Server2 handles all of the client requeststo the cluster for App1. The solution must ensure that if Server2 fails, Server1 becomes the active node forApp1. What should you configure?

A. Affinity - NoneB. Affinity - SingleC. The cluster quorum settingsD. The failover settingsE. A file server for general useF. The Handling priorityG. The host priorityH. Live migrationI. The possible ownerJ. The preferred ownerK. Quick migrationL. The Scale-Out File Server

Correct Answer: JSection: (none)Explanation

Explanation/Reference:Explanation - The preferred owner in a 2 server cluster will always be the active node unless it is down.Explanation/Reference: http://blogs.msdn.com/b/clustering/archive/2008/10/14/9000092.aspx

QUESTION 5Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012. Server1 and Server2 have theNetwork Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster namedCluster1. Cluster1 hosts a secure web application named WebApp1. WebApp1 saves user state informationlocally on each node. You need to ensure that when users connect to WebApp1, their session state ismaintained. What should you configure?

A. Affinity - NoneB. Affinity - SingleC. The cluster quorum settingsD. The failover settingsE. A file server for general useF. The Handling priorityG. The host priorityH. Live migration

Page 63: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

I. The possible ownerJ. The preferred ownerK. Quick migrationL. The Scale-Out File Server

Correct Answer: BSection: (none)Explanation

Explanation/Reference:Explanation- NLB offers three types of client affinity to minimize response time to clients and provide genericsupport for preserving session state. Each affinity specifies a different method for distributing client requests. InApplication Center, the New Cluster Wizard sets affinity to Single by default. Later, you can usethe cluster Properties dialog box to modify the affinity. The following table describes the three types of affinity.

None - Multiple requests from the same client can access any member; useful for clusters that do not storesession state information on individual members.Single - Multiple requests from the same client must access the same member; useful for clusters within anintranet.Class C - Multiple requests from the same TCP/IP Class C address range must access the same member;useful for clusters on the Internet.

Explanation/Reference: http://technet.microsoft.com/en-us/library/bb687542.aspx

QUESTION 6Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012. Server1 and Server2 have theFailover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.You add two additional nodes to Cluster1. You need to ensure that Cluster1 stops running if three nodes fail.What should you configure?

A. Affinity - NoneB. Affinity - SingleC. The cluster quorum settingsD. The failover settingsE. A file server for general useF. The Handling priorityG. The host priorityH. Live migrationI. The possible ownerJ. The preferred ownerK. Quick migrationL. The Scale-Out File Server

Correct Answer: CSection: (none)Explanation

Explanation/Reference:Explanation- How the quorum configuration affects the clusterThe quorum configuration in a failover cluster determines the number of failures that the cluster can sustain. Ifan additional failure occurs, the cluster must stop running. The relevant failures in this context are failures ofnodes or, in some cases, of a disk witness (which contains a copy of the cluster configuration) or file sharewitness. It is essential that the cluster stop running if too many failures occur or if there is a problem withcommunication between the cluster nodes

Page 64: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Explanation/Reference: http://technet.microsoft.com/en-us/library/cc731739.aspx

QUESTION 7Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012. Server1 and Server2 have theFailover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.You add two additional nodes in Cluster1. You have a folder named Folder1 on Server1 that hosts applicationdata. Folder1 is a folder target in a Distributed File System (DFS) namespace. You need to provide highlyavailable access to Folder1. The solution must support DFS Replication to Folder1. What should youconfigure?

A. Affinity - NoneB. Affinity - SingleC. The cluster quorum settingsD. The failover settingsE. A file server for general useF. The Handling priorityG. The host priorityH. Live migrationI. The possible ownerJ. The preferred ownerK. Quick migrationL. The Scale-Out File Server

Correct Answer: ESection: (none)Explanation

Explanation/Reference:Explanation- File Server for general use - This is the continuation of the clustered file server that has beensupported in Windows Server since the introduction of Failover Clustering. This type of clustered file server,and thus all the shares associated with the clustered file server, is online on one node at a time. This issometimes referred to as active-passive or dual-active. File shares associated with this type of clustered fileserver are called clustered file shares.

Explanation/Reference:

Page 65: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

QUESTION 8Your network contains an Active Directory domain named contoso.com. The domain contains two memberservers named Server1 and Server2. All servers run Windows Server 2012. Server1 and Server2 have theFailover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.You configure File Services and DHCP as clustered resources for Cluster1. Server1 is the active node for bothclustered resources. You need to ensure that if two consecutive heartbeat messages are missed betweenServer1 and Server2, Server2 will begin responding to DHCP requests. The solution must ensure that Server1remains the active node for the File Services clustered resource for up to five missed heartbeat messages.What should you configure?

A. Affinity - NoneB. Affinity - SingleC. The cluster quorum settingsD. The failover settingsE. A file server for general useF. The Handling priorityG. The host priorityH. Live migrationI. The possible ownerJ. The preferred ownerK. Quick migrationL. The Scale-Out File Server

Correct Answer: DSection: (none)Explanation

Explanation/Reference:Explanation/Reference: http://technet.microsoft.com/en-us/library/dd197562(v=ws.10).aspx

QUESTION 9Your network contains an Active Directory domain named contoso.com. The domain contains more than 100

Page 66: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Group Policy objects (GPOs). Currently, there are no enforced GPOs. The domain contains a top-levelorganizational unit (OU) for each department. A group named Group1 contains members from eachdepartment. You have a GPO named GPO1 that is linked to the domain. You need to configure GPO1 to applysettings to Group1 only. What should you use?

A. DcgpofixB. Get-GPOReportC. GpfixupD. GpresultE. Gptedit.mscF. Import-GPOG. Restore-GPOH. Set-GPInheritanceI. Set-GPLinkJ. Set-GPPermissionK. GpupdateL. Add-ADGroupMember

Correct Answer: JSection: (none)Explanation

Explanation/Reference:Explanation - Detailed Description

Grants a level of permissions to a security principal (user, security group, or computer) for one GPO or all theGPOs in a domain. You use the TargetName and TargetType parameters to specify a user, security group, orcomputer for which to set the permission level. You can use the Name or the Guid parameter to set thepermission level for the security principal on a single GPO, or you can use the All parameter to set thepermission level for the security principal on all GPOs in the domain.

By default, if the security principal already has a higher permission level than the specified permission level, thechange is not applied. You can specify the Replace parameter, to remove the existing permission level from theGPO before the new permission level is set. This ensures that the existing permission level is replaced by thenew permission level.

Set-GPPermissionsGrants a level of permissions to a security principal for one GPO or all the GPOs in a domain.

Set-GPPermissions -Guid <Guid> -PermissionLevel <GPPermisssionType> -TargetName <string> -TargetType{<Computer> | <User> | <Group>} [-Domain <string>] [-Replace] [-Server <string>] [-Confirm] [-WhatIf][<CommonParameters>]

Set-GPPermissions [-Name] <string> -PermissionLevel <GPPermisssionType> -TargetName <string> -TargetType {<Computer> | <User> | <Group>} [-Domain <string>] [-Replace] [-Server <string>] [-Confirm] [-WhatIf] [<CommonParameters>]

Set-GPPermissions -All -PermissionLevel <GPPermisssionType> -TargetName <string> -TargetType{<Computer> | <User> | <Group>} [-Domain <string>] [-Replace] [-Server <string>] [-Confirm] [-WhatIf][<CommonParameters>]

Explanation/Reference: http://technet.microsoft.com/en-us/library/ee461038.aspx

QUESTION 10Your network contains an Active Directory domain named contoso.com. The domain contains more than 100Group Policy objects (GPOs). Currently, there are no enforced GPOs. You need to prevent all of the GPOs at

Page 67: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

the site level and at the domain level from being applied to users and computers in an organizational unit (OU)named OU1. You want to achieve this goal by using the minimum amount of administrative effort. What shouldyou use?

A. DcgpofixB. Get-GPOReportC. GpfixupD. GpresultE. Gptedit.mscF. Import-GPOG. Restore-GPOH. Set-GPInheritanceI. Set-GPLinkJ. Set-GPPermissionK. GpupdateL. Add-ADGroupMember

Correct Answer: HSection: (none)Explanation

Explanation/Reference:Explanation- Detailed Description

The Set-GPInheritance cmdlet blocks or unblocks inheritance for a specified domain or organizational unit(OU).

GPOs are applied according to the Group Policy hierarchy in the following order: local GPO, GPOs linked to thesite, GPOs linked to the domain, GPOs linked to OUs. By default, an Active Directory container inherits settingsfrom GPOs that are applied at the next higher level in the hierarchy. Blocking inheritance prevents the settingsin GPOs that are linked to higher-level sites, domains, or organizational units from being automatically inheritedby the specified domain or OU, unless the link (at the higher-level container) for a GPO is enforced.

Set-GPInheritance [-Target] <string> -IsBlocked {<No> | <Yes>} [-Domain <string>] [-Server <string>] [-Confirm] [-WhatIf] [<CommonParameters>]

Explanation/Reference: http://technet.microsoft.com/en-us/library/ee461032.aspx

QUESTION 11Your network contains an Active Directory domain named contoso.com. The domain contains more than 100Group Policy objects (GPOs). Currently, there are no enforced GPOs. You have two GPOs linked to anorganizational unit (OU) named OU1. You need to change the precedence order of the GPOs. What should youuse?

A. DcgpofixB. Get-GPOReportC. GpfixupD. GpresultE. Gpedit.mscF. Import-GPOG. Restore-GPOH. Set-GPInheritanceI. Set-GPLinkJ. Set-GPPermission

Page 68: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

K. GpupdateL. Add-ADGroupMember

Correct Answer: ISection: (none)Explanation

Explanation/Reference:Explanation - Detailed Description

The Set-GPLink cmdlet sets the properties of a GPO link.

You can set the following properties:-- Enabled. If the GPO link is enabled, the settings of the GPO are applied when Group Policy is processed forthe site, domain or OU.-- Enforced. If the GPO link is enforced, it cannot be blocked at a lower-level (in the Group Policy processinghierarchy) container.-- Order. The order specifies the precedence that the settings of the GPO take over conflicting settings in otherGPOs that are linked (and enabled) to the same site, domain, or OU.

Explanation/Reference: http://technet.microsoft.com/en-us/library/ee461022.aspx

QUESTION 12Your network contains an Active Directory domain named fabrikam.com. You implement DirectAccess and anIKEv2 VPN. You need to view the properties of the VPN connection.Which connection properties should you view?

To answer, select the appropriate connection properties in the answer area.

Hot Area:

Correct Answer:

Page 69: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Section: (none)Explanation

Explanation/Reference:Explanation/Reference: The first Workplace Connection is the DirectAccess connection; the second is theVPN. You can tell by the icons.

QUESTION 13Your network contains an Active Directory domain named fabrikam.com. You implement DirectAccess. Youneed to view the properties of the DirectAccess connection.Which connection properties should you view?

To answer, select the appropriate connection properties in the answer area.

Hot Area:

Correct Answer:

Page 70: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Section: (none)Explanation

Explanation/Reference:The icon for the first "Workplace Connection" denotes DirectAccess, the second one is a VPN connection.

QUESTION 14You have a server named Server1 that has the Network Policy and Access Services server role installed. Youplan to configure Network Policy Server (NPS) on Server1 to use certificate-based authentication for VPNconnections. You obtain a certificate for NPS. You need to ensure that NPS can perform certificate- basedauthentication.

To which store should you import the certificate? To answer, select the appropriate store in the answer area.

Hot Area:

Page 71: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Correct Answer:

Page 72: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Section: (none)Explanation

Explanation/Reference:

QUESTION 15You have a server named Server1 that has the Web Server (IIS) server role installed. You obtain a Web Servercertificate. You need to configure a website on Server1 to use Secure Sockets Layer (SSL). To which storeshould you import the certificate? To answer, select the appropriate store in the answer area

Hot Area:

Page 73: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Correct Answer:

Page 74: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Section: (none)Explanation

Explanation/Reference:

QUESTION 16Your network contains an Active Directory domain named contoso.com. You have several Windows PowerShellscripts that execute when client computers start. When a client computer starts, you discover that it takes along time before users are prompted to log on. You need to reduce the amount of time it takes for the clientcomputers to start. The solution must not prevent scripts from completing successfully.

Which setting should you configure? To answer, select the appropriate setting in the answer area.

Hot Area:

Page 75: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Correct Answer:

Section: (none)Explanation

Explanation/Reference:

QUESTION 17Your network contains an Active Directory domain named contoso.com. The domain contains two serversnamed Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed.You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1and Server2. You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on

Page 76: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Server2.

To which group on Server2 should you add Tech1? To answer, select the appropriate group in the answer area.

Hot Area:

Correct Answer:

Page 77: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Section: (none)Explanation

Explanation/Reference:If you are accessing the IPAM server remotely using Server Manager IPAM client RSAT, then you must be amember of the WinRMRemoteWMIUsers group on the IPAM server, in addition to being a member of theappropriate IPAM security group (or local Administrators group).

QUESTION 18Your network contains an Active Directory domain named contoso.com. The domain contains a server namedServer1 that runs Windows Server 2012. Server1 has the Active Directory Federation Services (AD FS) serverrole installed. Adatum.com is a partner organization. You are helping the administrator of adatum.com set up afederated trust between adatum.com and contoso.com. The administrator of adatum.com asks you to provide a file containing the federation metadata of contoso.com.

You need to identify the location of the federation metadata file. Which node in the AD FS console should you select? To answer, select the appropriate node in the answerarea

Hot Area:

Page 78: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Correct Answer:

Page 79: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Section: (none)Explanation

Explanation/Reference:

QUESTION 19Your network contains an Active Directory domain named corp.contoso.com. The domain contains two memberservers named Server1 and Edge1. Both servers run Windows Server 2012. Your company wants toimplement a central location where the system events from all of the servers in the domain will be collected.From Server1, a network technician creates a collector-initiated subscription for Edge1. You discover thatServer1 does not contain any events from Edge1. You view the runtime status of the subscription as shown inthe exhibit. (Click the Exhibit button.)

You need to ensure that the system events from Edge1 are collected on Server1. What should you modify? Toanswer, select the appropriate object in the answer area.

Hot Area:

Page 80: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Correct Answer:

Page 81: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Section: (none)Explanation

Explanation/Reference:Explanation/Reference

Initial answer : "Advanced" area => to me that's false too the error message is not about permissions/rights

moreover, even if it's not documented on official MS sites, we can find people who had this error message andsolved it by filtering the events to report, which can be done in "Select events", not in "Advanced".

Here are two similar cases solved by filtering the collected events :

http://social.technet.microsoft.com/Forums/en-US/winserverManagement/thread/bb5246a6- 98f2-49a4-b7ed-5c7aa03b85da/2008 R2: forwarded events - data area passed to system call is too small I am trying to set up even logforwarding from about 200 Windows 7 workstations to my 2008 R2 server to make it easier to watch forworkstation problems.|...]Code (0x7A): The data area passed to a system call is too small.[...]After fiddling with this some more, it apparently is indeed because I had too many events selected during theinitial join event.By restricting the error reporting to only "Critical - System Events", the clients were now able to successfully join

Page 82: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

with a "started reporting" event.I have not yet tested if I can now crank the reporting back up to the high level where I was originally trying tostart from.

===============http://www.sysadminlab.net/windows/forward-event-log-from-several-server-to-a-central- windows-2008-serverForward Event Log from several server to a central Windows 2008 server

[WDS1.ad.local] - Error - Last retry time: 2010-09-28 16:43:18. Code (0x7A): The data area passed to a systemcall is too small. Next retry time: 2010-09-28 16:48:18.

Turns out I did select too many logs to collect in the filter. Selecting for example only the System logs got rid ofthis. Maybe this was a problem in my lab only but keep that in mind.

QUESTION 20Your network contains an Active Directory domain named contoso.com. The domain contains an enterprisecertification authority (CA). The domain contains a server named Server1 that runs Windows Server 2012. You install the Active Directory Federation Services server role on Server1. You plan to configure Server1 as anActive Directory Federation Services (AD FS) server. The Federation Service name will be set to adfsl.contoso.com. You need to identify which type of certificate template you must use to request a certificate for AD FS. Which certificate template should you identify? To answer, select the appropriate template in the answer area.

Hot Area:

Correct Answer:

Page 83: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Section: (none)Explanation

Explanation/Reference:

QUESTION 21You have a file server named Server1 that runs Windows Server 2012. The folders on Server1 are configuredas shown in the following table.

A new corporate policy states that backups must use Microsoft Online Backup whenever possible.

You need to identify which technology you must use to back up Server1. The solution must use MicrosoftOnline Backup whenever possible. What should you identify? To answer, drag the appropriate backup type to the correct location or locations. Each backup type may be used once, more than once, or not at all. You may need to drag the split bar betweenpanes or scroll to view content.

Page 84: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Select and Place:

Correct Answer:

Section: (none)Explanation

Explanation/Reference:

Explanation/Reference: http://technet.microsoft.com/en-us/library/hh831761.aspx

QUESTION 22Your network contains three servers. The servers are configured as shown in the following table.

Page 85: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Your company plans to standardize all of the servers on Windows Server 2012. You need to recommend anupgrade path for each server. The solution must meet the following requirements:· Upgrade the existing operating system whenever possible.· Minimize hardware purchases.Which upgrade path should you recommend for each server? To answer, drag the appropriate upgrade path toeach server in the answer area. Each upgrade path may be used once, more than once, or not at all.

Select and Place:

Correct Answer:

Section: (none)Explanation

Explanation/Reference:Explanation/Reference:Server 2012 does not support x86 processors; only 64bit.

http://www.zdnet.com/blog/microsoft/microsoft-pulls-the-plug-on-future-itanium-support/5796

Page 86: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

QUESTION 23Your network contains an Active Directory domain named contoso.com. All file servers in the domain runWindows Server 2012. The computer accounts of the file servers are in an organizational unit (OU) namedOU1. A Group Policy object (GPO) named GP01 is linked to OU1. You plan to modify the NTFS permissions formany folders on the file servers by using central access policies. You need to identify any users who will be denied access to resources that they can currently access once thenew permissions are implemented. In which order should you perform the five actions? To answer, move all actions from the list of actions to theanswer area and arrange them in the correct order.

Select and Place:

Correct Answer:

Page 87: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Section: (none)Explanation

Explanation/Reference:Correct Answer:create a Central Access Rule- create a Create Access Policy- modify GPO1- modify security settings- check the failure events

First point : we should create the rule before creating the policy and then add the rule to the policy :---------from the Microsoft.Press.Exam.Ref.70-417.Oct.2012 book :

Step 1: Create a central access policy that includes claims This step consists of two parts, both of which youcan perform in Active Directory Administrative Center. First, you create one or more central access rules thatinclude claims. Then, you add those rules to a central access policy.

EXAM TIPNormally you'd want to create access rules and then create the central access policy to add them to.--------------

Then i'm sure about one thing : the GPO is made to make the CAP available in the "Central Policy" tab in theadvanced security settings of Folder 1. So for sure, GPO1 should be modified before we modify the securitysettings of Folder1 (or our CAP won't be available in it).evidence :--------------from Microsoft.Press.Exam.Ref.70-417.Oct.2012

[...]In this step, you configure a policy setting at the domain level that will deliver chosen central access policies toyour file servers. Note that you can't actually enforce a central access policy by using Group Policy. You useGroup Policy only to make desired central access policies available for selection in the Advanced SecuritySettings dialog box of all objects within the folder structure on file servers. The policy must then be applied to

Page 88: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

the object (usually a folder) manually.--------------NB : i tested all of this in my lab and i confirm the Microsoft Press book version.So my final answer is :-

For the complete process, please check this (but that's long!) :http://technet.microsoft.com/en-us/library/hh846167.aspx#BKMK_1_2

Section: (none)Explanation

Explanation/Reference:I hate steps like this because you can create a rule first and then the policy, or you can create the policy andcreate the rule during the creation of the policy. Either way I'm going to go with creating the policy first, and thenthe rule.

QUESTION 24You have a server named Server2 that runs Windows Server 2012. You have storage provisioned on Server2as shown in the exhibit. (Click the Exhibit button.) You need to configure the storage so that it appears in Windows Explorer as a drive letter on Server1.

Which three actions should you perform in sequence? To answer, move the three appropriate actions from thelist of actions to the answer area and arrange them in the correct order.

Select and Place:

Correct Answer:

Page 89: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Section: (none)Explanation

Explanation/Reference:

Page 90: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

QUESTION 25Your network contains an Active Directory domain named contoso.com. The domain contains a file servernamed Server1. All servers run Windows Server 2012. All domain user accounts have the Division attributeautomatically populated as part of the user provisioning process. The Support for Dynamic Access Control andKerberos armoring policy is enabled for the domain.

You need to control access to the file shares on Server1 based on the values in the Division attribute and theDivision resource property. Which three actions should you perform in sequence? To answer, move the three appropriate actions from thelist of actions to the answer area and arrange them in the correct order.

Select and Place:

Select and Place:

Page 91: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

Correct Answer:

Section: (none)Explanation

Explanation/Reference:Answer: AExplanation/Reference: First create a claim type for the property, then create a reference resource property that

Page 92: Microsoft TestPrep 70-417 v2013-02-01 - GRATIS EXAM · 2013/2/1  · To allow only specific MMC snap-ins to connect, run: Enable-NetFirewallRule -DisplayGroup ""

points back to the claim. Finally set the classification value on the folder.

http://www.gratisexam.com/


Recommended