70-412 diglet 1-17 – Flashcards
Unlock all answers in this set
Unlock answersquestion
When you configure port rules for NLB clusters, you will need to configure all of the options listed here, except for one. Which option in this list will you not configure for a port rule?
answer
The node IP address the rule should apply to
question
Which of the following statements about Network Load Balancing is incorrect?
answer
Network adapters in the NLB cluster can use both multicast and unicast simultaneously.
question
From where would you add Network Load Balancing to a Windows Server 2012 computer?
answer
Server Manager
question
Which of the following technologies transparently distributes traffic across multiple servers by using virtual IP addresses and a shared name?
answer
Network Load Balancing
question
Which NLB control command would be the correct one to use to gracefully prepare a node for a planned maintenance activity?
answer
Drainstop
question
To configure an NLB cluster after installing NLB on the Windows Server 2012 computer, you must configure three types of parameters. Which of the following is not one of the three you must configure?
answer
Firewall rules
question
Which PowerShell cmdlet here will correctly install NLB and the NLB management console?
answer
Add-WindowsFeature NLB,RSAT-NLB
question
Which PowerShell cmdlet is used to delete an NLB cluster?
answer
Remove-NlbCluster
question
Which PowerShell cmdlet is used to add a new dedicated IP to an NLB cluster node?
answer
Add-NlbClusterNodeDip
question
In which NLB cluster operation mode is the MAC address of every node's network adapter replaced with a single shared MAC address?
answer
Unicast
question
While logged into a Windows Server 2012 computer that is part of an NLB cluster, which of the following PowerShell one-liners is the correct way to change or set the primary IP address of the cluster?
answer
Get-NlbCluster | Set-NlbCluster -ClusterPrimaryIP IPaddress
question
Which of the following is a constraint of using NLB clusters in unicast mode that you will need to design for?
answer
You will need separate cluster and management network adapters if you manage the nodes from a different TCP/IP subnet than the cluster network.
question
Which cluster operation mode is designed to prevent the network switch from flooding with traffic?
answer
IGMP Multicast
question
In Windows Server 2012, how many virtual machines can be utilized in a cluster?
answer
4000
question
How are storage devices typically assigned to only a single cluster on the network?
answer
By using LUN masking or zoning
question
Which storage technology is a low-cost option that typically requires the cluster nodes to be physically close to the drives?
answer
iSCSI
question
Clusters running on which of the following operating systems are supported for migration to Windows Server 2012? (Choose all that apply)
answer
Windows Server 2008 R2 Windows Server 2008
question
When failover clusters connect to, and use, a shared storage device using Fibre Channel, what name is given to the Fibre Channel network?
answer
The fabric
question
There are many requirements that must be met in order to build a failover cluster using Windows Server 2012. Which of the items listed here is not an actual requirement you must meet?
answer
All servers must be joined to an Active Directory domain
question
Put the following steps into the correct order to install the failover clustering feature on a Windows Server 2012 computer.
answer
a. Open Server Manager b. Click Manage, then click Add Roles and Features c. Select Role-based or feature-based installation d. Select the Failover Clustering option e. Click to Add Features f. Click Install
question
Which PowerShell cmdlet would you need to use to configure the possible nodes that can own a resource in a failover cluster?
answer
Set-ClusterOwnerNode
question
When configuring shared storage for a cluster, there are several requirements that you must keep in mind. Of the items listed here, which one is not a requirement when configuring the shared storage?
answer
The disks must be only GPT, not MBR
question
In a cluster with an even number of nodes, what must be used to break ties during node failure?
answer
A witness
question
Which PowerShell cmdlet would be used to add a new resource group to a failover cluster configuration?
answer
Add-ClusterGroup
question
What mode of Cluster Aware Updating has an administrator triggering the updates manually from the orchestrator?
answer
Remote-updating mode
question
A production-ready failover cluster requires what minimum number of nodes?
answer
Two
question
Cluster Shared Volume, in Windows Server 2012, offers faster throughput when integrated with what?
answer
Server Message Block (SMB) Multichannel
question
11. When using VM Monitoring for Hyper-V VMs, what event ID will be logged when a monitored service is deemed to be unhealthy?
answer
1250
question
2. Which of the following statements are true concerning SMB Multichannel in SMB 3.0? (Choose all that apply)
answer
All of the above
question
20. Server Message Block (SMB) 3.0 provides many changes that add functionality and improve performance. Which of the following features reduces the latency when accessing files over slow WAN links? Server Message Block (SMB) 3.0 provides many changes that add functionality and improve performance. Which of the following features reduces the latency when accessing files over slow WAN links?
answer
SMB Directory Leasing
question
12. When using VM Monitoring for Hyper-V VMs, into what event log will events be logged when a monitored service is deemed to be unhealthy?
answer
System
question
13. Which of the following PowerShell cmdlets correctly configures VM Monitoring for the DHCPClient service on the VM named VM42?
answer
Add-ClusterVMMonitoredItem â VirtualMachine â VM42â â Service DHCPClient
question
5. How does the Scale-Out File Server provide for multiple nodes to access the same volume at the same time?
answer
CSV and CSV cache
question
14. If a monitored VM is gracefully restarted on its current Hyper-V host and it subsequently fails again, what will VM Monitoring next attempt?
answer
Move the VM to another cluster node and restart it again
question
22. Server Message Block (SMB) 3.0 provides many changes that add functionality and improve performance. Which of the following features encrypts traffic?
answer
SMB Encryption
question
1. The High Availability Wizard allows you to configure several pre-selected high availability roles in a cluster. Which of the following are options that are available to choose from? (Choose all that apply)
answer
Distributed Transaction Coordinator (DTC) Exchange Server
question
10. When configuring the failure threshold on the Failover tab, you can opt to leave the cluster in a failed state by configuring what two options? (Choose two answers)
answer
The maximum number of failures that can occur The length of time in hours
question
4. Which of the following features are not supported on the Scale-Out File Server? (Choose all that apply)
answer
DFS replication File Server Resource Manager NFS
question
15. Which of the following features of the General Use File Server clustering role is the only change from Windows Server 2008 R2 to Windows Server 2012?
answer
Support for SMB 3.0
question
8. What does the priority value for the cluster role specify?
answer
The order in which roles are started up
question
9. How does the selection of the preferred node affect failover of the cluster resources?
answer
Allows you to control which node the resources come online on after a failure
question
7. How do you change the value of the preferred node in a cluster?
answer
List the servers in the preferred order
question
18. Which SMB 3.0 feature minimizes processor utilization when performing large file I/O operations?
answer
SMB Direct
question
16. When creating a new General Use File Server role, which SMB settings are enabled by default, but can be disabled if desired? (Choose all that apply)
answer
Enable continuous availability Encrypt data access
question
3.What new management functionality is introduced with SMB 3.0?
answer
PowerShell cmdlets for SMB
question
21. Server Message Block (SMB) 3.0 provides many changes that add functionality and improve performance. Which of the following features allows users to scale shared bandwidth by adding cluster nodes?
answer
SMB Scale Out
question
32. What is the process by which you move an entire VM or parts of a VM to another physical server without a cluster? v
answer
Live Migration
question
30. What is the process by which you move an entire VM or parts of a VM to another physical server using a cluster?
answer
Quick Migration
question
29. What is the process by which you move the storage of a VM from one physical server to another without a cluster?
answer
Storage Migration
question
1. In regard to Live Migration, which of the following prerequisites must be met before attempting the Live Migration? (Choose all that apply)
answer
All hosts must use processors from the same manufacturer All hosts must support hardware virtualization
question
14. What minimum version of VMware ESX/ESXi must a source VM be running on to allow it to be migrated to Hyper-V using P2V?
answer
3.5 update 5
question
7. When importing a VM in Windows Server 2012, you have three options available to select from that affect how the import is performed. Which of the following is not one of those options?
answer
Restore the virtual machine (create a new unique ID)
question
9. You want to use Microsoft System Center Virtual Machine Manager 2012 SP1 in your network to allow you to perform P2V migrations. What operating system must you install on the server to house SCVMM?
answer
Windows Server 2012 only
question
25. When performing a VM import operation, which option is best selected when you are working from an exported VM template that you will be importing more than once?
answer
Copy the virtual machine (create a new unique ID)
question
What two factors are the primary items impacting the speed of a Quick Migration? (Choose two answers)
answer
The speed of the network between the source and destination servers The amount of memory that needs to be written to disk
question
5. Quick Migration occurs within the confines of what?
answer
A failover cluster
question
11. Before you can work with OVF files on your SCVMM server, what must you first do?
answer
Apply the OVF Import/Export tool
question
8. If you want to use an exported VM as a template to create multiple VMs, what should you do on the source VM before performing the export?
answer
Run sysprep
question
32. What is the process by which you move an entire VM or parts of a VM to another physical server without a cluster?
answer
Live Migration
question
10. Which of the following VM file formats can be migrated using the V2V method by Microsoft System Center Virtual Machine Manager? (Choose all that apply)
answer
OVF VMware Citrix XenServer
question
3. When performing a Live Migration, there are several options available to choose from that control how the LM will occur. Which of the following is not one of these options?
answer
Move only the snapshot files
question
2. If you will be performing Live Migration using remote management tools, what must you first do to allow for Kerberos authentication to function?
answer
Configure Kerberos constrained delegation on the source server
question
13. When performing a P2V migration using SCVMM, there are several limitations that must be observed. Which of the following source operating systems would be disqualified from a P2V migration?
answer
Windows Server 2003 SP1 32-bit
question
31. What is the process by which you take a partially or completely configured VM and create other VMs without having to perform the installation and configuration from scratch?
answer
Exporting
question
23. When performing a Live Migration using the â Move the virtual machineâ s data by selecting where to move the itemsâ option, which of the following advanced options would be the best to choose from to ensure that the folder structure remains the same on the destination server after the LM completes?
answer
Move the VMâ s data automatically
question
15. Offline P2V migrations are the only available migration method for what types of source servers? (Choose all that apply)
answer
Servers that are domain controllers
question
6. What two factors are the primary items impacting the speed of a Quick Migration? (Choose two answers)
answer
The speed of the network between the source and destination servers The amount of memory that needs to be written to disk
question
12. When performing a P2V migration using SCVMM, there are several limitations that must be observed. Which of the following source server specifications would disqualify it from a P2V migration? (Choose all that apply)
answer
256 MB of RAM installed Uses BitLocker Drive Encryption on the data volume
question
29. Select the proper PowerShell cmdlet from this list that is used to configure BranchCache in local caching mode.
answer
Enable-BCLocal
question
6. Which mode of BranchCache configuration uses one or more dedicated servers to provide the cached copy in the branch office?
answer
b. Hosted cache mode
question
2. What feature of Windows enables you to integrate Windows users into an existing UNIX or Linux environment?
answer
Identity Management for UNIX
question
While logged into a Windows Server 2012 computer that is part of an NLB cluster, which of the following PowerShell one-liners is the correct way to change or set the primary IP address of the cluster?
answer
Get-NlbCluster | Set-NlbCluster -ClusterPrimaryIP IPaddress
question
7. Distributed cache mode is designed for branch offices with what number of clients?
answer
Fewer than 50
question
17. When configuring a cluster to provide highly available Hyper-V services, which of the following hardware requirements must your server hardware meet?
answer
Provide hardware-assisted virtualization
question
5. Which of the following protocols is not supported by BranchCache?
answer
NFS
question
14. What can be configured to create targeted audit policies based on resource properties, and expressions, so that you donâ t have to audit every file?
answer
Dynamic Access Control
question
15. How is Identity Management for UNIX installed?
answer
Using dism.exe
question
1. Which of the following is a distributed file system protocol used to access files over the network that is used with UNIX and Linux file server clients?
answer
NFS
question
4. When configuring UNIX Attributes for an Active Directory user account, which of the following attributes is not available for configuration?
answer
Login script
question
10. What can you use to configure automatic procedures for defining a desired property on a file based on the conditions specified in a rule?
answer
File classification
question
31. Select the proper PowerShell cmdlet from this list that is used to increase the BranchCache in storage space.
answer
Add-BCDataCacheExtension
question
12. When configuring file access auditing, which of the following audit types are available to choose from?
answer
Success, Fail, All
question
In a failover cluster configured on Windows Server 2012, how are heartbeats transmitted?
answer
Using UDP port 3343 unicast
question
30. Select the proper PowerShell cmdlet from this list that is used to modify BranchCache configuration.
answer
Set-BCCache
question
19. Server Message Block (SMB) 3.0 provides many changes that add functionality and improve performance. Which of the following features allows SMB 3.0 clients to not lose an SMB session when failover occurs?
answer
SMB Transparent Failover
question
9. When configuring the BranchCache hash publication options in Group Policy, you have three options available. Which of the options listed here is not available to configure?
answer
Disallow hash publication on shared folders on which BranchCache is not enabled
question
13. What feature, first available in Windows 7 and Windows Server 2008, enables you to configure object access auditing for every file and folder on the computerâ s file system?
answer
Global Object Access Auditing
question
25. Which of the following terms is best described as giving access to a user?
answer
Authorization
question
25. When performing a VM import operation, which option is best selected when you are working from an exported VM template that you will be importing more than once?
answer
Copy the virtual machine (create a new unique ID)
question
3. What feature or role must you install to extend the Active Directory schema with UNIX attributes?
answer
Server for NFS
question
29. Select the proper PowerShell cmdlet from this list that is used to configure BranchCache in local caching mode.
answer
Enable-BCLocal
question
Put the following steps into the correct order to validate a cluster configuration.
answer
a. Open Server Manager b. Select Tools > Failover Cluster Manager c. Enter the server name d. Select to Run all tests (recommended) e. Click View Reports
question
23. When a file is accessed using NFS, what attributes are used by the NFS server to determine if the user has the required permissions to access the file?
answer
UID and GID
question
24. To create an NFS shared folder on a cluster, you need to install which of the following items on each cluster node?
answer
All of the above
question
8. Before you can use BranchCache, you must perform several tasks. Which of the following tasks is not required to be performed to use BranchCache?
answer
Configure switches to support BranchCache
question
32. Select the proper PowerShell cmdlet from this list that is used to configure BranchCache in distributed caching mode.
answer
Enable-BCDistributed
question
11. Before you can audit access to files, what must you first do? (Choose all that apply)
answer
Specify files to be audited Enable object access auditing
question
Many components can be configured redundantly within a server system. Of the components listed, which one is typically not available in a redundant arrangement in a single server system?
answer
Mainboards (motherboards)
question
14. What can be configured to create targeted audit policies based on resource properties, and expressions, so that you donâ t have to audit every file?
answer
Dynamic Access Control
question
6. When adding nodes to a cluster, what permission must be granted to the account used to add the nodes to the cluster if that account is not a member of the Domain Administrators security group?
answer
Create Computer Objects
question
9. You want to use Microsoft System Center Virtual Machine Manager 2012 SP1 in your network to allow you to perform P2V migrations. What operating system must you install on the server to house SCVMM?
answer
Windows Server 2012 only
question
What type of quorum configuration can sustain the loss of one-half of the cluster nodes (rounded up), minus one?
answer
Node Majority
question
Put the following steps in the correct order to install the NLB feature on a computer running Windows Server 2012.
answer
Open Server Manager Click Manage Click Add Roles and Features Click Next on the Before you begin page of the Add roles and Features Wizard Select Role-based or Feature-based installation Click Next two more times Select the Network Load Balancing option Click to Add features when prompted
question
Which of these represents the largest benefit realized from classifying files and folders? Choose the best answer.
answer
Tasks for files and folders can be automated
question
To use claims-based authorization in a domain, which of the following items must you have?
answer
Domain Controllers running Windows Server 2012 in the domain d. Kerberos
question
From what locations in Windows Server 2012 can you set classifications on files and folders? (Choose all that apply)
answer
On the folder Properties dialog box In the File Server Resource Manager console On the folder Properties dialog box
question
What Windows Server 2012 feature allows you to define computer-wide auditing of the file system or the registry?
answer
Global Object Access Auditing
question
Before you attempt to implement a Central Access Policy, which of the following tasks should you first complete?
answer
All of the above
question
Which of the listed PowerShell cmdlets would be correctly used to modify a Central Access Policy in Active Directory?
answer
Set-ADCentralAccessPolicy
question
Put the following steps in the correct order to create a claim type based on a user's department.
answer
a. Open Active Directory Administrative Center b. Select the Claim Types container c. Click New > Claim Type d. Select user e. Select department
question
What should you configure if you want to limit access to files with certain classifications within a folder to a specific security group's members?
answer
A Central Access Policy
question
What is created so that files are automatically scanned and classified based on their content?
answer
Classification rules
question
What does Windows Server 2012 provide that allows you to verify that proposed Dynamic Access Control changes accomplish what you intend them to do before actually deploying the changes?
answer
Staging
question
Before you attempt to implement file classification, which of the following tasks should you not first determine?
answer
The schedule of disk defragmentation
question
After you create claim types, what is the next step you must perform to allow the claim to function properly?
answer
Configure resource properties
question
Which of the following would you skip in your planning for deploying Access-Denied Assistance?
answer
The share size where Access-Denied Assistance will be used
question
Put the following steps in the correct order to create a file classification rule.
answer
a. Open File Server Resource Manager b. Click Classification Properties c. Select Create Classification Rule d. Enter the rule name e. Set the scope of the rule f. Set the classification for the files and folders g. Configure evaluation properties h. Run the classification process
question
Claims authorization relies on what?
answer
The Kerberos KDC
question
What Windows Server 2012 feature helps users determine why they cannot access a folder or a file?
answer
Access-Denied Assistance
question
What is the best way to allow Dynamic Access Control staging for your Active Directory environment?
answer
Edit a domain Group Policy object to enable Audit Central Access Policy Staging
question
Which of the following statements are true concerning Kerberos armoring? (Choose all that apply)
answer
Increases Kerberos processing time Fully encrypts Kerberos messages
question
What must you specify to create a claim type?
answer
A specific attribute in Active Directory
question
10. Which Hyper-V disk management command would you need to use to reduce the file size of a virtual hard disk?
answer
Compact
question
17. You have just attached an iSCSI device to a server running Windows Server 2012. The disk does not show up in Windows Explorer. What is the best way to make the disk available to the server for usage?
answer
Rescan disks in Disk Management
question
9. What protocol is used to automatically discover, manage, and configure iSCSI devices on a TCP/IP network?
answer
iSNS
question
5. What role can you install in Windows Server 2012 to provide iSCSI storage to other clients?
answer
iSCSI Target Server role
question
14. Which component of the iSCSI Target Server role can also be installed to enable applications connected to an iSCSI target to perform volume shadow copies of data on iSCSI virtual disks?
answer
iSCSI Target Storage Provider
question
20. Which term corresponds to a portion of a storage subsystem?
answer
Logical Unit Number
question
2. SANs typically use what protocol for communication between servers and storage arrays?
answer
SCSI
question
15. How are SAN devices typically accessed over the network? (Choose all that apply)
answer
Using Fibre Channel Using iSCSI
question
1. How are NAS devices typically accessed over the network? (Choose all that apply)
answer
Using SMB Using NFS
question
22. Which term corresponds to an entity that receives iSCSI commands?
answer
iSCSI Target
question
13. After you have removed the binaries for a feature from your Windows Server 2012 computer, what status will be displayed for that feature if you run the dism /online /get-features command?
answer
Disabled with Payload Removed
question
3. What is the underlying network protocol used by iSCSI storage network?
answer
BGP
question
4. Which of the following methods can be used to restrict which servers can connect to an iSCSI target? (Choose all that apply)
answer
. IQN . DNS name . MAC address . IP address
question
12. Which of the following PowerShell cmdlets correctly removes the BitLocker feature and all of its binaries from the disk?
answer
uninstall-WindowsFeature Bitlocker -Remove
question
21. Which term corresponds to unique identifiers in an iSCSI network?
answer
iSCSI Qualified Name
question
8. What is the name of the high-availability technology that establishes multiple sessions or connections to the Fibre Channel storage array by using redundant path components such as switches, adapters, and cables?
answer
Multipath I/O
question
11. What is the name given to the new Windows Server 2012 capability that allows an administrator to completely remove binaries from the disk for an unneeded role or feature?
answer
Features on Demand
question
7. What is the name of the high-availability technology that enables multiple TCP/IP connections from the initiator to the target for the same iSCSI session?
answer
Multiple Connection Session
question
6. Which Windows versions support querying of the iSCSI Initiator computer for the iSCSI Initiator ID? (Choose all that apply)
answer
Windows Server 2012
question
19. Which term corresponds to an entity that sends SCSI commands to iSCSI storage devices?
answer
iSCSI Initiator
question
16. Fibre Channel of Ethernet (FCoE) is capable of _________ per second or more.
answer
10 gigabits
question
How can you manage the Windows Server Backup feature that has been installed on a server that only has the Server Core installation? (Choose all that apply)
answer
. Use the command-line backup tool Use RSAT from another computer . Use the Windows Server Backup MMC from another computer Use PowerShell cmdlets
question
What type of backup allows you to recover all of the files needed to recover Active Directory?
answer
System state
question
What is the minimum forest functional level your Active Directory forest must meet to enable the Active Directory Recycle Bin?
answer
Windows Server 2008 R2
question
What is the best way to back up the Certificate Services database without backing up any extra files? (Choose all that apply)
answer
Perform a full backup Perform a backup using the certutil.exe command
question
When you select the "Faster backup performance" option for your backups, what is the net result of this configuration? (Choose all that apply)
answer
Incremental backups are performed Windows keeps a shadow copy of the source volume
question
What command-line tool is installed when you install the Windows Server Backup feature?
answer
wbadmin.exe
question
What type of backup allows you to recover the server to a Windows Recovery Environment?
answer
System reserved
question
What is contained within the Backup folder created by Windows Server Backup? (Choose all that apply)
answer
Virtual hard disk (VHD) files that are basically duplicates of your volumes XML files that provide backup history details
question
What Windows feature captures and stores copies of folders and files at specific points in time, allowing users or administrators to recover accidentally deleted or overwritten files as well as compare different versions of the same file?
answer
Shadow Copies for Shared Volumes
question
Which VSS component is responsible for ensuring that the data to be backed up is ready for the shadow copy to be created?
answer
VSS writer
question
What type of backup allows you to recover the server to a Windows Recovery Environment?
answer
System reserved
question
The maximum amount of time you have to bring a system back online before it has a significant impact on your organization is known as what?
answer
Recovery Time Objective
question
Which of the following statements is true concerning incremental backups in Windows Server Backup?
answer
You can restore from a single backup
question
What advantage is offered by using block-level backup in Windows Server Backup?
answer
The blocks are read in the order they appear on the disk
question
What type of backup allows you to recover all volumes of the failed server including critical data required for recovery?
answer
Full server
question
What happens if you are using a remote share as the backup location and you change the UNC path after backups have been executed?
answer
. You will not be able to recover the backup data without performing a full restore and creating a new UNC path or resetting the share back to the original configuration
question
By default, where will backups of DHCP be sent when you configure backups to occur?
answer
%systemroot%WindowsSystem32DhcpBackup
question
Which of the following would not be a good usage of manual backups?
answer
Making normal backups without a schedule
question
Which of the following items is not a limitation to keep in mind when deciding to use Windows Online Backups?
answer
Files and folders (data) cannot be backed up
question
Which of the following commands correctly demonstrates how to back up the forward lookup zone contoso.com to a backup folder location?
answer
DNSCMD /zoneexport contoso.com c:backupcontoso.com.dns.bak
question
What is the limitation you must be aware of when configuring Windows Server Backup to backup to a shared network folder?
answer
Only one backup at a time can exist
question
What is the limitation of backing up system state using Windows Server Backup?
answer
It cannot be backed up to a DVD drive
question
When is the best time to consider performing an authoritative restoration of Active Directory?
answer
When someone accidentally deletes one or more objects and the change is replicated to other domain controllers.
question
Which of the following can only be recovered using WinRE and the Windows installation media?
answer
System volumes
question
Regarding Shadow Copies for Shared Volumes, how many copies per volume can be retained before the oldest shadow copy is permanently deleted?
answer
64 copies
question
Which Advanced Boot option would be most appropriate if you wanted to roll back to a previous state following a server problem?
answer
Last Known Good Configuration
question
Which of the following system state items will only be found on a domain controller?
answer
SYSVOL
question
When a Hyper-V VM is reverted back to the state of the last snapshot, what happens to the hierarchy tree of snapshots for that VM?
answer
Nothing
question
The Boot Configuration Data (BCD) store contains information that controls how your server boots and replaces what file previously used for this function?
answer
boot.ini
question
Which Advanced Boot option would be most appropriate if your company was a hardware manufacturer and needed to troubleshoot drivers being developed?
answer
Disable Driver Signature Enforcement
question
From within a Windows session, what methods are available to reboot a domain controller into DSRM? (Choose all that apply)
answer
Use the bcdedit /set safeboot dsrepair command Use msconfig to configure the server to reboot into DSRM
question
Which Advanced Boot option would be most appropriate if you wanted to troubleshoot a problematic server that you suspected might be infected with malware?
answer
Safe Mode
question
What is the functional difference between a non-authoritative restoration of Active Directory versus an authoritative restoration?
answer
. The objects that are restored in the non-authoritative restoration could be overwritten during the next replication cycle.
question
Which of the following backup configurations does not include the system state data?
answer
Incremental backups
question
If you see the â Boot Configuration Data for your PC is missing or contains errorsâ message or a similar error during the boot process, what is usually the best first step to take in your corrective actions?
answer
Use the Bootrec /rebuildbcd command
question
When using the shutdown /r command, what happens when you add /o to the command?
answer
The server will reboot and open the Advanced Boot options menu
question
When performing a copy or a restore of a file from a volume protected by Shadow Copies for Shared Volumes, what is the difference between a copy and a restore? (Choose all that apply)
answer
A restore will delete the current version of the file that exists
question
Which Advanced Boot option would be most appropriate if you needed to boot a problematic server and needed to download a new video card driver?
answer
Safe Mode with Networking
question
Which of the following represents the correct command to use to set the boot timeout value that controls the length of time the computer waits to load the default operating system?
answer
Bcdedit /timeout
question
Which of the following is the most likely problem if your server can boot and log in to Safe Mode successfully, but cannot boot and log in normally?
answer
Malware infection
question
Which of the following WinRE Command Prompt tools would be most appropriately used to cause the computer to boot to a different partition at the next startup?
answer
Bcdedit
question
Which of the following presents a possible method to access the Windows Recovery Environment (WinRE)?
answer
All of the above
question
Which of the following represents what an operating system GUID would look like in the BCD store?
answer
. 849ab759-2b7d-11e2-9a4d-10bf4879ebe3
question
Which of the following items should you keep in mind when performing a restoration of a system volume using WinRE? (Choose all that apply)
answer
If there are any data volumes on the same disk that contain the system volumes, they will be erased as part of the restore process. The serverâ s current system volume will be erased and replaced with the restored system volume. The serverâ s hardware must not have changed and your data volumes must still be operational.
question
Which of the following quorum configurations would not be acceptable for a multi-site cluster configuration? (Choose all that apply)
answer
Node Majority No Majority
question
When configuring the subject common name (CN) on an X.509 digital certificate to be used for Hyper-V replication, what value should be used for the subject CN if a failover cluster hosts the VM?
answer
The FQDN of the Hyper-V Replica Broker
question
Which component of the Hyper-V replica feature tracks changes on the primary copy of a VM?
answer
Change tracking
question
Which component of the Hyper-V replica feature redirects all VM-specific events to the appropriate node in the replica cluster?
answer
Broker server
question
What is the default heartbeat interval in a Windows Server 2012 failover cluster?
answer
1 second
question
What network services will you require in the remote site used to host a multi-site cluster? (Choose all that apply)
answer
DNS
question
When configuring a multi-site cluster using Windows Server 2012, how can you configure data replication to occur? (Choose all that apply)
answer
. Block level hardware-based replication . Software-based file replication . Application-based replication
question
What must you use to apply encryption to replication traffic for Hyper-V replica?
answer
X.509
question
What is the primary security implication of choosing the Kerberos authentication option over the certificate-based authentication option when configuring Hyper-V replication?
answer
. The data will not be encrypted while in transit on the network
question
Which of the following initial replication methods might be best for organizations that wish to configure Hyper-V replication across a slow network connection?
answer
Send initial copy using external media
question
In order for a digital certificate to be considered valid, what conditions must it generally meet? (Choose all that apply)
answer
The certificate must terminate at a valid root certificate. The certificate must not be expired or revoked.
question
Which component of the Hyper-V replica feature provides a secure and efficient way to transfer VM replicas between hosts?
answer
Network module
question
What extensions must be present in the enhanced key usage (EKU) section of the digital certificate to be used for Hyper-V replica? (Choose all correct answers)
answer
Client Authentication Server Authentication
question
Which component of the Hyper-V replica feature manages replication configuration details?
answer
Replication engine
question
When configuring the subject common name (CN) on an X.509 digital certificate to be used for Hyper-V replication, what value should be used for the subject CN if a standalone server hosts the VM?
answer
The FQDN of the Hyper-V host
question
What advantage does asynchronous replication offer over synchronous replication?
answer
Application performance is typically improved
question
IPv6 addresses are written using what number system?
answer
. Hexadecimal
question
Which of the following represents the best usage of a superscope in DHCP?
answer
To add more IP addresses in a new subnet
question
Which DHCP client option is used to provide a list of domain names to use in name resolution queries?
answer
Option 15
question
What term describes the network transmissions method where packets are sent from one host to all other hosts?
answer
Broadcast
question
When configuring Split Scopes for DHCP, what is the traditional percentage split of the scope range?
answer
80% to the primary server, 20% to the secondary server
question
By default, after how much time has elapsed in an active DHCP lease will a Windows client computer attempt to renew the lease?
answer
50% of the lease time
question
Which of the following criteria listed can be used to create conditions in a DHCP policy? (Choose all that apply)
answer
. User Class . Vendor Class . MAC address . Client identifier
question
Which of the following networks represents the multicast network space, as defined?
answer
224.0.0.0 to 239.255.255.255
question
Which of the following DHCP high-availability options in Windows Server 2012 allows you to configure two servers to provide DHCP with a load sharing arrangement?
answer
DHCP failover
question
What is the name of the configurable objects in DHCP that contain the range of IP addresses that can be allocated to clients?
answer
DHCP scopes
question
IPv4 addresses use an address space that is _____ bits long, as compared to IPv6 addresses, which use an address space that is _____ bits long.
answer
32, 128
question
When creating a multicast scope in Windows Server 2012, what is the default lease time set to?
answer
30 days
question
When configuring DHCP failover partners, the time synchronization between the partners is critical. What is the maximum allowable time skew between DHCP failover partners?
answer
60 seconds
question
Which of the following criteria listed can be used to create conditions in a DHCP policy? (Choose all that apply)
answer
. User Class .Vendor Class . MAC address . Client identifier
question
IPv6 addresses are written using what number system?
answer
Hexadecimal
question
What database engine is used for the DHCP database in Windows Server 2012?
answer
Jet
question
Which of these IPv6 address types is best used for hosts that are reachable from the Internet?
answer
Global unicast addresses
question
On what port does DHCP failover listen for failover traffic?
answer
TCP port 647
question
What is the name of the special resource record that Windows Server 2012 DHCP will create to track which machine originally requested a specific name in DNS?
answer
Dynamic Host Configuration Identifier
question
Which DHCP client option is used to provide a list of IP addresses for the default gateway to the client?
answer
Option 3
question
What term describes the network transmissions method where packets are sent from one to a specific group of other hosts?
answer
Multicast
question
Which of the following represents the correct default subnet mask used with Class A networks?
answer
255.0.0.0
question
Which DHCP client option is used to provide a list of IP addresses for DNS servers?
answer
Option 6
question
Which DHCP client option is used to provide a list of IP addresses for WINS servers?
answer
Option 44
question
In a Windows Server 2012 failover cluster, after how many missed heartbeats in a row will a node become failed?
answer
5
question
3. What is the underlying network protocol used by iSCSI storage network?
answer
BGP
question
18. Which of the following Hyper-V disk types is characterized as only allocating the amount of physical disk space that is required at that point in time, while still being able to grow to a fixed limit?
answer
Dynamically expanding disk
question
Regarding DNSSEC, what are the new records created once a zone is signed?
answer
DNSSEC Resource Records
question
How can you best go about delegating administrative access to those employees who need to be able to manage DNS?
answer
Add the userâ s Active Directory accounts to a special global security group created for this purpose (e.g., DNS Service Managers) and then add that group to the DNS Admins local group.
question
DNSSEC uses public key infrastructure (PKI) encryption to provide what assurances to DNS clients? (Choose all that apply)
answer
Proof of identity of DNS records Verified denial of existence
question
What Windows Server 2012 DNS feature prioritizes DNS responses based on the subnet of the requesting client?
answer
Netmask ordering
question
On which of the following DNS zone types can DNSSEC be enabled? (Choose all that apply)
answer
A standard primary forward lookup zone An Active Directory integrated reverse lookup zone
question
What is the default size of the DNS socket pool?
answer
2,500
question
By default, where are the DNS debug logs written to?
answer
The %SYSTEMROOT%System32Dns folder
question
After a DNS zone has been secured with DNSSEC, what additional data will be returned to a client as a result of a query?
answer
Digital signatures for the returned records
question
Which options should you configure for DNS debug logging to ensure you can later review the full contents of queries performed against the DNS server? (Choose two answers)
answer
Packet contents: Queries/Transfers Packet type: Request
question
What feature of Windows Server 2012 DNS is intended to eliminate the need for WINS by providing support for single label names?
answer
GlobalNames zone
question
What is the purpose of DNS Cache Locking?
answer
It prevents an attacker from replacing records in the resolver cache while the Time to Live (TTL) is still in force.
question
What DNS security feature in Windows Server 2012 can be configured to allow source port randomization for DNS queries?
answer
Socket pool
question
Regarding DNSSEC, what is used to sign the zone data?
answer
Zone Signing Key
question
Which of the following commands would correctly set the DNS socket pool to a value of 7,000?
answer
dnscmd /Config /SocketPoolSize 7000
question
Regarding DNSSEC, what is used to sign the DNSKEY records at the root of the zone?
answer
Key Signing Key
question
How are values for DNS Cache Locking expressed?
answer
As a percentage of the TTL
question
The main page of your companyâ s Intranet portal is accessible by the FQDN home.na.adatum.corp. How would you configure an entry in the GlobalNames zone for this?
answer
Add a single CNAME record pointing to the A record in another zone
question
What is the function of the RRSIG record?
answer
Used to sign the zone
question
What is the function of the NSEC record?
answer
Returned to positively deny that the requested A record exists in the zone
question
Once all IPAM server setup tasks are complete, several scheduled tasks run on the IPAM server. How often does the process run that collects zone status events from DNS servers?
answer
Every 30 minutes
question
As it pertains to IPAM, what is the name of the process of retrieving a list of all domain controllers, DNS servers, and DHCP servers?
answer
IPAM discovery
question
Which of the following tasks can you perform when you right-click on a DHCP-issued IP address in the IP Address Inventory section of the IPAM console? (Choose all that apply)
answer
. Delete DHCP reservation . Delete DNS host record . Create DHCP reservation
question
Which of the following can be imported into IPAM using the IPAM console?
answer
All of the above
question
Which of the following database types can be used with Windows IPAM? (Choose all that apply)
answer
Windows Internal Database
question
How do you configure multiple IPAM servers to communicate with each other?
answer
You canâ t configure multiple IPAM servers to communicate with each other
question
Members of which IPAM security group have the privileges to view IP address tracking information?
answer
IPAM IP Audit Administrators
question
When you opt to use automatic Group Policyâ based provisioning of an IPAM server, several Group Policy Objects are created. How many Group Policy Objects are created?
answer
Three
question
Once all IPAM server setup tasks are complete, several scheduled tasks run on the IPAM server. How often does the process run that collects IP address space usage data from DHCP servers?
answer
Every 1 day
question
Members of which IPAM security group have the ability to view information in IPAM and can perform server management tasks?
answer
IPAM MSM Administrators
question
Which PowerShell cmdlet is the correct one to use to create the IPAM provisioning GPOs?
answer
Invoke-IpamGpoProvisioning
question
Select the best answer regarding the management capabilities of Windows Server 2012 IPAM.
answer
IPAM cannot manage DNS servers other than those running on Windows Server 2008 and above.
question
In Window Server 2012 IPAM, what is the second-highest-level entity within the IP address space?
answer
IP address range
question
In Window Server 2012 IPAM, what is the highest-level entity within the IP address space?
answer
IP address block
question
Which of the followings statements regarding requirements for an IPAM server is false?
answer
An IPAM server can be a domain controller
question
Members of which IPAM security group have the privileges to view all IPAM data and perform all IPAM tasks?
answer
IPAM Administrators
question
Which of the following categories will you not find in the Monitor and Manage section of the IPAM console?
answer
DNS Zone Records
question
Which domain functional level is no longer supported by Windows Server 2012 domain controllers?
answer
Windows 2000 native
question
You are the administrator of a multi-domain Active Directory forest. All of your domain controllers are running Windows Server 2008 R2 and your domain and forest functional levels are set to Windows Server 2008. What is the first step you must perform to introduce new servers running Windows Server 2012 as domain controllers?
answer
Upgrade the forest schema
question
Which of the following items would not be considered a logical component of Active Directory?
answer
Domain Controllers
question
Which of the following desirable features first became available with the Windows Server 2003 domain functional level?
answer
LastLogonTimestamp attribute
question
What are the requirements to perform an in-place upgrade of a domain controller to Windows Server 2012? (Choose all that apply)
answer
The domain controller must be running Windows Server 2008 or Windows Server 2008 R2 The forest functional level will need to be at Windows Server 2008 or higher
question
Which of the following desirable features first became available with the Windows Server 2008 domain functional level?
answer
SYSVOL replication using DFSR instead of NTFRS
question
Which default security group is created to allow designated users to manage the Active Directory schema of the forest?
answer
Schema Admins
question
Your forest functional level is currently set to Windows Server 2008. What operating systems can you have domain controllers running on? (Choose all that apply)
answer
. Windows Server 2012 Windows Server 2008 . Windows Server 2008 R2
question
What data is found on a Global Catalog server? (Choose two parts)
answer
A partial copy of all objects for all other domains in the forest A full copy of all Active Directory objects in the directory for its host domain
question
In an organization that has three Active Directory forests with a total of six Active Directory domains, how many schemas will exist in the organization?
answer
Three
question
Which of the following accurately represents a User Principal Name?
answer
question
What console will you use to configure additional UPN suffixes for your domain?
answer
Active Directory Domains and Trusts
question
Which of the following desirable features first became available with the Windows Server 2008 R2 forest functional level?
answer
Active Directory recycle bin
question
You want to use the new features of Key Distribution Center (KDC) support for claims, compound authentication, and Kerberos armoring in your domain. What must you do first? (Choose two answers)
answer
Raise the domain functional level to Windows Server 2012 Install at least one Windows Server 2012 domain controller
question
Members of which IPAM security group have the privileges to view all IPAM data and perform all IPAM tasks?
answer
. IPAM Administrators
question
Which of the following statements regarding the server requirements for an IPAM server is false?
answer
Correct b. The server must be running Windows Server 2008 R2 or Windows Server 2012
question
What will happen to a client that needs to authenticate against Active Directory, but has no site defined for its subnet?
answer
The client will authenticate to a domain controller in another site, over the WAN link
question
Why is it generally not recommended to configure bridgehead servers manually?
answer
You could disrupt the flow of replication traffic between sites
question
When examining the netlogon.log file, what will be your indicator that you have a problem with your Active Directory sites or subnets configuration?
answer
A NO_CLIENT_SITE entry
question
When configuring site link costs in Active Directory, which of the listed WAN links might be considered the most â costlyâ ?
answer
A demand-dial analog link
question
Which of the following represents the best reason why you need to take care when creating site links within your organization?
answer
So you can optimize replication traffic between sites by using the highest quality, or lowest cost, routes
question
You have several sites in your Active Directory, some of which have Windows Server 2008 R2 RODCs and others still have Windows Server 2003 DCs. What is the simplest solution to fix the problem of Windows Server 2003 DCs performing automatic site coverage in sites where the Windows Server 2008 R2 RODCs exist?
answer
Download the RODC compatibility pack for the Windows Server 2003 domain controllers.
question
What default value are all site links costs configured with in Active Directory?
answer
100
question
Which PowerShell cmdlet is the correct one to use to create a new Active Directory site?
answer
New-ADReplicationSite
question
What management console is used to manage Active Directory Sites?
answer
Active Directory Sites and Services
question
What Active Directory component is a domain controller that is used to monitor and make connections with domain controllers in other sites to domain controllers in its site?
answer
Intersite Topology Generator
question
What value for DNS Cache Locking is considered to be the optimal setting?
answer
100
question
You have just created a two-way trust in your domain to an external domain used by a partner company to allow your domainâ s users to access a resource in the partnerâ s domain. What is the next step that will need to be performed to complete the trust?
answer
The partner will need to create a two-way trust in the external domain
question
What type of trust can be used to improve performance when accessing resources in an internal forest?
answer
Shortcut trusts
question
What type of trust allows users to authenticate and access resources in a non-Windows Kerberos v5 realm, or allows users in a non-Windows Kerberos v5 realm access to resources in an AD DS domain?
answer
Realm trusts
question
Which of the following is not a scope of trust authentication?
answer
Server authentication
question
Which of the following is not a type of trust that could be created manually?
answer
Internal trusts
question
What is the disadvantage of configuring selective authentication for a trust?
answer
The administrative overhead involved to configure and maintain user access to resources
question
Which of the following attributes are true of the automatically generated trusts created when a domain is added to the forest? (Choose all that apply)
answer
The trust is two-way between the child domain and the root domain The trust is always transitive
question
What type of trust allows users of an internal forest to authenticate to and/or gain access to all resources of an external forest?
answer
Forest trusts
question
To enable foreign security principals to access the shared folder with the UNC path of SERVER1DocsShare, what permission(s) will you need to configure on the ACL of SERVER1 for the foreign security principals?
answer
Read and Allowed to Authenticate
question
Which of the following attributes are true when discussing manually created trusts?
answer
The trust can be configured to be one-way or two-way The trust can be configured to be incoming or outgoing, or both
question
Members of which IPAM security group have the ability to view information in IPAM and can perform IP address space management tasks?
answer
IPAM ASM Administrators
question
In which scenario would you want to disable SID filtering?
answer
User accounts have been involved in a domain migration
question
The creation of a trust between external forests or domains depends on both sides of the trust (domains or forests, as applicable) being able to resolve the forest or domain names on each side of the trust. Which DNS configuration is most commonly used in the real world?
answer
The partner will need to create a two-way trust in the external domain
question
When disabling SID filtering on a forest trust, what netdom switch should be used?
answer
/enablesidhistory:No
question
You are attempting to create a one-way outgoing trust to an external domain that has resources in it that your domainâ s users will need to access. The authorized users will be able to access the resources without entering any additional credentials once they have successfully logged in to your domain. When you attempt to create the trust, it fails. You have verified that the domain controllers in the external domain are online. What is most likely the cause of this problem?
answer
Your domain controllers cannot resolve the information for the external domain in DNS
question
When using the netdom command to validate a trust, what specific switch will you need to use to ensure validation is performed?
answer
/verify
question
Which of the following scenarios represents the best reason for creating a forest trust between two Active Directory forests?
answer
Company A has purchased Company B
question
When do you want to enable domain-wide authentication for a trust?
answer
When all users in the trusted domain need to authenticate against the trusting domain
question
You have just created a one-way incoming trust in your domain for an external domain used by a partner company to allow your domainâ s users to access a resource in the partnerâ s domain. What is the next step that will need to be performed to complete the trust?
answer
The partner will need to create a one-way outgoing trust in the external domain
question
What type of trust is a one-way or two-way nontransitive trust between domains that are not in the same forest, and that are not already included in a forest trust?
answer
External trusts
question
To create a forest trust, which of the following requirements must be met? (Choose all that apply)
answer
Both domains involved in the trust must be the forest root domain Both domains involved in the trust must be at the Windows Server 2003 forest functional level or higher
question
Which of the following commands correctly illustrates how to create a one-way external trust from the adatum.local domain to the contoso.local domain?
answer
netdom trust adatum.local /Domain:contoso.local /add
question
What undesirable side effect may result from having the â Bridge All Site Linksâ option disabled?
answer
Replication time and traffic between spokes will increase due to needing to go through the hub location
question
What Active Directory component can be used to resolve the problem of costly bandwidth and timing restrictions of physical connections?
answer
Site links
question
Your organization is arranged in a Hub-and-Spoke topology with the main office as the hub and all branch offices as spokes. What two methods can be used to allow the branch offices (remote sites) to replicate directly with each other, not requiring replication via the main office? (Choose two answers)
answer
Enable the â Bridge All Site Linksâ option, with no further actions taken Create Site Link Bridges between the remote sites
question
__________ define the logical replication path between sites to perform _________ replication, allowing for faster and optimized replication between sites based on configured costs and frequencies.
answer
Site links, Intersite
question
It is possible to configure Intersite replication using SMTP transport. When this transport protocol is selected, which partition of the Active Directory database is not replicated?
answer
Domain
question
What is defined by the replication schedule?
answer
When replication is allowed to occur
question
Active Directory sites are a logical component of Active Directory that are intended to represent what physical item of an organization?
answer
Geographic locations
question
What is the lowest possible value that can be configured as a replication interval for site links?
answer
15 minutes
question
What Active Directory component dynamically creates connection objects between domain controllers that are used for replication?
answer
. Knowledge Consistency Checker
question
Your organization has six offices spread over three cities in North America. At a minimum, how many Active Directory sites should you plan to have?
answer
Three
question
By default, how often does Intersite replication occur in Active Directory?
answer
Every 180 minutes
question
What will happen if the SYSVOL or NETLOGON shares are open (being viewed) anywhere during the DFSR SYSVOL migration?
answer
. The migration will succeed, but the folders in the file system that correspond to the old share locations will not be deleted
question
Which SYSVOL replication migration state is the first state in which DFSR replication is used as the primary replication mechanism?
answer
Redirected (State 2)
question
Which SYSVOL replication migration state is done entirely using FRS?
answer
. Start (State 0)
question
On what domain controller should the DFSR SYSVOL migration process be performed from?
answer
The PDC Emulator of the domain
question
When a user changes his or her password, to what domain controller is the password change notification sent?
answer
The PDC Emulator
question
Which SYSVOL replication migration state is done entirely using DFSR?
answer
Eliminated (State 3)
question
Which of the following scenarios best represents an urgent replication-inducing event?
answer
. A change in the domain account lockout policies
question
When you initiate the deletion of an RODC, you are given several options to choose from with actions you can take for the passwords that were cached on the RODC. Which of these options is the default configuration when you receive the prompt?
answer
Reset all passwords for user accounts that were cached on this Read-Only Domain Controller Export the list of accounts that were cached on this Read-Only Domain Controller to this file
question
How does the KCC go about creating a replication topology for each partition of the Active Directory database?
answer
It will create a separate replication topology for each partition
question
What is maximum number of hops for replication traffic that the KCC will allow before creating shortcut connections?
answer
Three
question
What minimum domain functional level will you need to be at before attempting to migrate to DFSR SYSVOL replication?
answer
Windows Server 2008
question
Why must an RODC be able to connect to at least one Windows Server 2008 or higher domain controller? (Choose all that apply)
answer
a. To replicate the domain partition So that the Password Replication Policy (PRP) applied to the RODC can be configured and enforced
question
What happens if a domain controller cannot contact the PDC emulator after processing a user account password change?
answer
The change is non-urgently replicated
question
Which of the following represents the best reason why you might want to prepopulate passwords on an RODC?
answer
o speed up the initial login for the user at that site
question
Regarding Intersite and Intrasite replication, which of the following statements is untrue?
answer
Replication data within a site is compressed and encrypted
question
In which SYSVOL replication migration state is DFSR replication performed in the background?
answer
Prepared (State 1)
question
When you mark an attribute as â Confidentialâ in the schema, what are you effectively doing?
answer
Marking that attribute to not be replicated to an RODC
question
What requirements must be met in order to perform the configuration of the Filtered Attribute Set? (Choose all that apply)
answer
The Schema Master must be on a domain controller running Windows Server 2008 or Windows Server 2012 You must perform the change directly on the Schema Master
question
What is the net result of deleting an RODC and leaving the â Reset all passwords for user accounts that were cached on this Read-Only Domain Controllerâ option selected?
answer
Users will be forced to request a password reset before they can log in the next time
question
Which of the following scenarios best represents an urgent replication-inducing event?
answer
A change in the domain account lockout policies
question
To most effectively configure and use a Filtered Attribute Set, what should your domain and forest functional levels be, at a minimum?
answer
Windows Server 2008 or higher in the domain, Windows Server 2008 or higher in the forest
question
Which of the following repadmin commands would cause updates outward to replication partners and trigger replication across the enterprise as a whole?
answer
REPADMIN /SyncAll /APed
question
The creation of a trust between external forests or domains depends on both sides of the trust (domains or forests, as applicable) being able to resolve the forest or domain names on each side of the trust. Which DNS configuration is most commonly used in the real world?
answer
Configure conditional forwarders
question
What will happen if the SYSVOL or NETLOGON shares are open (being viewed) anywhere during the DFSR SYSVOL migration?
answer
Correct d. The migration will succeed, but the folders in the file system that correspond to the old share locations will not be deleted
question
What benefit does Single Sign-On provide for application users?
answer
Prevents users from needing to remember multiple usernames and passwords.
question
While testing AD FS claims-based authentication with a sample application, you encounter an error due to the self-signed certificate you opted to use. What can you do to eliminate this error? (Choose all that apply)
answer
Add the self-signed certificate to your computerâ s Trusted Root Certification Authorities store Issue a valid certificate from your internal CA
question
Which of the following are supported as attribute stores for AD FS?
answer
All of the above
question
Which of the following components of Active Directory Federation Services is responsible for forwarding packets from external hosts to internal federation servers?
answer
Federation server proxy
question
In order to utilize AD FS, what is the oldest version of Windows Server that any domain controller can be using?
answer
Windows Server 2003 SP1
question
What add-on component can you download from the Microsoft.com website to create a test Windows Identity Foundation (WIF) application that you can use to test AD FS claims-based authentication?
answer
Windows Identity Foundation SDK 4.0
question
AD FS makes extensive use of HTTPS communications to provide data security. Which certificate is used by the claims provider to identify itself?
answer
Token-signing certificate
question
Which of the following components of Active Directory Federation Services is a statement made by a trusted entity and includes information identifying the entity?
answer
Claim
question
Which of the following components of Active Directory Federaation Services is the server that issues claims and authenticates users?
answer
Claims provider
question
Which of the following components of Active Directory Federaation Services is the application or web service that accepts claims?
answer
Relying party
question
By default, the AD FS server is configured with a claims provider trust named Active Directory. If you are communicating with other organizations, you need to create additional claims provider trusts for each federated organization. What options are available to get the data you need for the creation of these claims provider trusts? (Choose all that apply)
answer
Import data about the claims provider through the federation metadata Manually configure the claims provider trust Import data about the claims provider from a file
question
Which of the following statements is untrue regarding configuration of attribute stores for AD FS?
answer
When using AD LDS as the attribute store, no connection string is required
question
What options are available for the storage of the AD FS configuration settings? (Choose all that apply)
answer
SQL Server Windows Internal Database
question
Which PKI role in AD CS issues certificates and manages certificate validity?
answer
CA
question
What is the benefit of using asymmetric encryption instead of symmetric encryption?
answer
Asymmetric encryption does not require a complex infrastructure to manage private keys
question
The benefits of PKI include all of the following except one item. What item listed is not a benefit of PKI?
answer
Availability
question
In Windows Server 2012 AD CS, how many Root CAs can you install in a single certificate hierarchy?
answer
One
question
What is the function of the AIA?
answer
It specifies where to find up-to-date certificates for the CA
question
What is another name for Asymmetric encryption?
answer
Public key cryptography
question
Which of the following is not a choice when installing a new CA?
answer
Bridged CA
question
Why would you want to consider making the Root CA an offline CA?
answer
This improves security of the root CA and its private keys
question
You have built a two-tier PKI with an offline Root CA and an online Enterprise Subordinate CA. What must you do so that Active Directory clients will trust certificates issued from the Subordinate CA?
answer
Manually import the Root CA certificate into Active Directory one time
question
By default, if you install a CA server on January 1, 2014, when will the CA certificate expire?
answer
January 1, 2019
question
What should be done as soon as possible once you have been notified that a user has lost control of the private keys for their certificates?
answer
. Revoke the userâ s issued certificates
question
What is the best way to fully back up the CA without backing up more than necessary?
answer
System state backup
question
Which PKI role in AD CS can be used to issue certificates to routers and switches?
answer
Network Device Enrollment Service
question
How is an Online Responder different than a certificate revocation list (CRL)?
answer
The Online Responder provides a validation response for a single certificate, whereas the CRL provides revocation information about all revoked certificates
question
Which PKI role in AD CS is used to validate certificates?
answer
Online Responder
question
What two values would be required in a CAPolicy.inf file to set the CRL period to 4 hours?
answer
CRLPeriod=Hours CRLPeriodUnits=4
question
Which Windows client operating systems are capable of using the Online Responder to check certificate revocation status? (Choose all that apply)
answer
Windows 7 Windows 8
question
To grant a junior administrator the ability to issue and revoke all certificate templates on your CA, what permission would you grant his or her AD account?
answer
Manually import the Root CA certificate into Active Directory one time
question
What is the name of the role in the PKI that is responsible for the distribution of keys and the validation of identities?
answer
Registration authority
question
What file can you deploy to CAs so they have predefined values or parameters during installation?
answer
CAPolicy.inf
question
To recover a key from the CA database using the certutil utility, what information will you need to know about the certificate?
answer
Correct b. The certificate serial number
question
Which certificate format supports storage of a single certificate, does not support storage of the private key or certification path, has contents that are of a binary format, and is not used for importing into applications that require a â text blobâ ?
answer
Correct b. DER-encoded binary X.509
question
Which of the following options can be used to most easily ensure the currently logged-in user has all applicable autoenrollment certificates and that any roaming certificates have been downloaded locally?
answer
Correct d. Have the user issue the gpupdate /force command
question
Which certificate format supports storage of a single certificate, does not support storage of the private key or certification path, has contents that are of an ASCII format, and is generally used for importing into applications that require a â text blobâ ?
answer
Correct a. Base64-encoded X.509
question
What are the contents of the certificate chain?
answer
Correct d. It is a list of certificates that can be used to authenticate an entity certificate
question
Your organization issues certificates for code signing and user authentication to employees from a Windows Server 2012â based certificate authority. In what folders of the Certificates MMC snap-in would a user find the certificates that have been issued to him or her? (Choose all that apply)
answer
Correct a. Personal Correct d. Active Directory User Object
question
What is the advantage of configuring credential roaming?
answer
Correct b. The userâ s certificates follow the user to each computer he or she logs in to
question
Which of the following URLs would be the correct one to visit to get to the Web Enrollment pages?
answer
Correct b. https:///ca
question
What usages does the User certificate allow by default? (Choose all that apply)
answer
Correct a. Secure Email Correct b. Encrypting File System Correct c. Client Authentication
question
What must you do immediately after issuing the first KRA certificate to a trusted user to enable key archival and recovery on the CA? (Choose all that apply)
answer
b. Configure key archival on the CA properties c. Archive the keys for the issued KRA certificate
question
You work at a government agency and have been tasked to implement a PKI built on Windows Server 2012. What certificate template version will you need to use to meet the requirements imposed on your agency?
answer
Correct c. Version 3
question
Which of the following permissions must be configured on the ACL of a certificate template in order for a user to be able to automatically enroll for the certificate via Group Policy? (Choose all that apply)
answer
Correct a. Read Correct c. Enroll Correct d. Autoenroll
question
As a security precaution, what should you do immediately after you have configured a CA to issue a KRA certificate?
answer
a. Configure the ACL on the template with the specific security principals who will be designated KRAs
question
Which certificate format supports the export of a certificate and its private key?
answer
Correct c. Personal Information Exchange (PKCS #12)
question
In addition to the permissions required on the certificate templates used for autoenrollment, what other requirements must be met to support autoenrollment in your organization? (Choose all that apply)
answer
Correct d. Group Policy must be configured to support autoenrollment
question
Which certificate format supports storage of certificates and all certificates in a certification path and usually has a .p7b or .p7c filename extension?
answer
Correct d. Cryptographic Message Syntax Standard (PKCS #7)
question
When performing key recovery as a KRA, in what format will you retrieve the key from the database?
answer
Correct d. Cryptographic Message Syntax Standard (PKCS #7)
question
What minimum certificate version is required to enable key archival and recovery?
answer
Correct b. Version 2
question
Which of the following represents the correctly formatted command to recover the keys from the CA database?
answer
a. certutil â getkey 2BD06947947609FEF46B8D2E40A6F7474D7F085E c:outfile