70-412 Chapters 1 – 21

1. What is used to transparently distribute traffic equally across multiple servers by using virtual IP addresses and a shared name?

a. Network Load Balancing (NLB)
b. Failover cluster
c. DFS distribution
d. Site replication

a. Network Load Balancing (NLB)
2. Which of the following would use NLB to provide fault tolerance?

a. SQL databases
b. Exchange database
c. Websites
d. Shared folder

a. SQL databases
3. What is the maximum number of nodes that is supported in a Windows Server 2012 NLB cluster?

a. 2
b. 8
c. 16
d. 32

d. 32
4. What is used to detect the failure of cluster nodes?

a. autoconfig
b. whoami
c. Announcements
d. Heartbeats

d. Heartbeats
5. When you add or remove a node from an NLB cluster, what must happen?

a. Adaptation
b. Reset
c. Convergence
d. Redefine

c. Convergence
6. Which three types of parameters configure the NLB cluster?

a. Convergence rules
b. Balance parameters
c. Cluster parameters
d. Host parameters
e. Port rules

c. Cluster parameters
d. Host parameters
e. Port rules
7. What specifies how NLB directs traffic based on the port and protocol?

a. Convergence rules
b. Balance parameters
c. Cluster parameters
d. Host parameters
e. Port rule

e. Port rule
8. What determines how servers are balanced with NLB?

a. affinity
b. drainstop
c. state sequencing
d. convergence

a. affinity
9. Which mode allows an NLB cluster to use two MAC addresses for the NLB network adapter?

a. Unicast mode
b. Multicast mode
c. Internet Group Management Protocol multicast mode
d. Converging mode

b. Multicast mode
10. Which action blocks all new connections without terminating existing sessions?

a. blocking
b. suspended
c. drainstop
d. multimode

c. drainstop
1. Typically you would have port rules to be identical on all nodes on the cluster. What are the exceptions where the port rules don’t have to be identical?

a. Handling priority
b. TCP, UDP, or both
c. Load weight
d. Ports

a. Handling priority
c. Load weight
2. Which mode would you choose to configure affinity?

a. Multiple hosts
b. Single host
c. Disable
d. Converging host

a. Multiple hosts
3. You have a two-node NLB cluster. The cluster is intended to provide high availability and load balancing for the Contoso.com website. You have only the default port rule. Which two steps do you need to configure the NLB cluster to accept only HTTP traffic? (Choose two answers.)

a. Run the vlbs disable all command.
b. Delete the default port rule.
c. Create a new Allow rule for TCP port 80.
d. Change the default port rule to a disabled port range rule

b. Delete the default port rule.
c. Create a new Allow rule for TCP port 80.
4. You have a two-node NLB cluster. The cluster is intended to provide high availability and load balancing for the Contoso.com website. You have a single port rule that evenly distributes HTTP traffic between Server01 and Server02. What do you need to evenly distribute HTTP traffic while having all HTTPS traffic to go Server01? (Choose two answers.)

a. On Server02, change the Handling priority for the TCP 443 to a value of 0.
b. On Server01, change the Handling priority option for the TCP 443 port rule to the value of 0.
c. In the properties for the cluster, create a new port rule for TCP 443 that has a filtering mode option set to a single host.
d. In the properties for the cluster, create a new port for port TCP 443 that has the filtering option set to a multiple host and the Affinity set to Single.

a. On Server02, change the Handling priority for the TCP 443 to a value of 0.
c. In the properties for the cluster, create a new port rule for TCP 443 that has a filtering mode option set to a single host.
5. You have a server called Server01, which hosts the http://www.contoso.com and https:// www.contoso.com websites. You created an NLB cluster using Server01 and Server02. What must you do to ensure that users can connect to the https://www.contoso.com website without any security warnings?

a. Make sure both servers point to the same Enterprise CA.
b. Create a new digital certificate on Server02 for www.contoso.com.
c. Export the SSL certificate from Server01 and import the SSL certificate to Server02.
d. Create an image of the website on Server01 and import into Server02.

c. Export the SSL certificate from Server01 and import the SSL certificate to Server02.
1. Which type of clustering is used for back-end databases?

a. Network Load Balancing (NLB) cluster
b. failover cluster
c. aggregated cluster
d. power cluster

b. failover cluster
2. What is the maximum number of nodes you can have on a single cluster?

a. 2
b. 8
c. 32
d. 64

d. 64
3. Which of the following can networks use in a Windows failover cluster? (Choose all that apply.)

a. public-and-private
b. private
c. public
d. central

a. public-and-private
b. private
c. public
4. What port does heartbeats use?
a. 80
b. 2232
c. 3343
d. 3389
c. 3343
5. Which of the following are SAN technologies that are used for centralized storage when configuring failover clusters? (Choose all that apply.)

a. SAS
b. Fibre Channel
c. Serial ATA
d. iSCSI

a. SAS
b. Fibre Channel
d. iSCSI
6. Which type of storage allows multiple nodes to access the storage at the same time?

a. Cluster Shared Volume (CSV)
b. FAT Volume
c. LAN Volume
d. WAN Volume

a. Cluster Shared Volume (CSV)
7. What is used to provide quorum when you have only two nodes in a cluster? (Choose all that apply.)

a. heartbeat
b. witness disk
c. CSV disk
d. shared folder

b. witness disk
d. shared folder
8. What allows you to automatically patch a cluster node with little or no downtime?

a. Cluster-Aware Updating
b. Cluster Auto Update
c. Cluster Free Update
d. Orchestrated Updates

a. Cluster-Aware Updating
9. What type of quorum would you use if you have three nodes in a failover cluster?

a. Node Majority
b. Node and Disk Majority
c. Node and File Share Majority
d. No Majority

a. Node Majority
10. What Windows PowerShell cmdlet would you use to check the progress of updates when using CAU?

a. InspectCAU
b. Show-CAU
c. Run-CAU
d. Get-CAURUN

d. Get-CAURUN
1. You have an Active Directory Domain called contoso.com. You have two servers called Server1 and Server 2, both of which are running Windows Server 2012. Server1 and 2 make up the failover cluster called Cluster1. You add a third node. What do you need to configure so that the cluster will stop if two of the nodes fail?

a. Failover settings
b. Host priority
c. Cluster Quorum settings
d. Quick migration

c. Cluster Quorum settings
2. You are going to create a failover cluster that connects to an iSCSI SAN. What is the minimum number of network adapters recommended for each node?

a. 1
b. 2
c. 3
d. 4

b. 2
3. You are an administrator for the Contoso Corporation. You have a two-node failover cluster with a witness disk. One of the servers failed and the entire server has been replaced. How should you add the replacement server to the cluster?

a. Perform an authoritative restore.
b. Perform a non-authoritative restore.
c. Create an image from the remaining server and restore to the new server.
d. Install Windows and the cluster, and copy the cluster folder from the witness disk to the new server.

b. Perform a non-authoritative restore.
4. For a failover cluster, what type of network would you use to communicate with an iSCSI device?

a. private
b. public
c. public-and-private
d. internal

c. public-and-private
5. You are an administrator for the Contoso Corporation. You have a two-node failover cluster with a witness disk. You need to take one of the servers down for maintenance. What should you do?

a. Stop the Cluster service.
b. Unplug the network connections of the server before shutting down.
c. Drain the roles for the server that you want to shut down.
d. Add a new node and then remove the node that you need to take down for maintenance.

c. Drain the roles for the server that you want to shut down.
1. Which do you configure to make a service or application highly available?

a. role
b. resource
c. device
d. storage

a. role
2. Which type of role is designed to work with Windows Server 2012 failover cluster?

a. generic clustered role
b. available role
c. cluster-aware clustered role
d. clustered update role

c. cluster-aware clustered role
3. Which of the following is a benefit of Server Message Block (SMB) 3.0? (Choose all that apply.)

a. SMB Encryption
b. SMB Multichannel
c. SMB General Use File Services
d. SMB Directory Leasing

a. SMB Encryption
b. SMB Multichannel
d. SMB Directory Leasing
4. Which SMB feature allows multiple nodes to access a clustered disk at the same time?

a. SMB Transparent Failover
b. SMB Scale Out
c. SMB Direct
d. VSS for SMB file shares

b. SMB Scale Out
5. Which type of file server resembles the file server used in Windows Server 2008 R2?

a. General Use File Server
b. Scale-Out File Server
c. Highly Available CSV
d. Direct Access File Server

a. General Use File Server
6. Which type of volume should you use for highly available virtual machine?

a. SAS
b. GPT
c. DEP
d. CSV

d. CSV
7. What do you configure if you want one node to be an active node while it is available?

a. Failback partner
b. Prioritized member
c. Preferred owner
d. Primary Active node

c. Preferred owner
8. What Windows PowerShell cmdlet is used to enable VM Monitoring?

a. Set-ClusterVMMonitoredItem
b. Get-ClusterVMMonitoredItem
c. Configure-ClusterVMMonitoredItem
d. Add-ClusterVMMonitoredItem

d. Add-ClusterVMMonitoredItem
9. Which type of application or services would you configure on a cluster for an application or service that was not made for a cluster?

a. generic clustered role
b. available role
c. cluster-aware clustered role
d. clustered update role

a. generic clustered role
10. Which of the following is supported by a Scale-Out Server? (Choose all that apply.)

a. NFS
b. Data Deduplication
c. SMB
d. DFS Replication

c. SMB
1. You are an administrator for contoso.com. You have two servers called Server1 and Server2 that run Windows Server 2012 and have the Failover Clustering feature installed. You decide to add two more nodes to the cluster. You have a folder that you want all the servers to provide service for. What should you configure?

a. File server for general use
b. Scale-Out File Server
c. Preferred Server
d. handling priority

b. Scale-Out File Server
2. You are an administrator for contoso.com. You have two servers called Server1 and Server2 that run Windows Server 2012 and have the Failover Clustering feature installed. You have configured the application named APP1 on the cluster. You need to make sure that Server02 handles all requests for APP1. What should you configure?

a. preferred owner
b. possible owner
c. host priority
d. handling priority

a. preferred owner
3. You are an administrator for contoso.com.You have two servers called Server1 and Server2 that run Windows Server 2012 and have the Failover Clustering feature installed. You want to make a highly available file server that supports DFS. What should you configure?

a. File server for general use
b. Scale-Out File Server
c. Preferred Server
d. handling priority

a. File server for general use
4. You are an administrator for contoso.com. You have two servers called Server1 and Server2 that run Windows Server 2012 and have the Failover Clustering feature installed. You install a cluster that provides high availability for DHCP and a shared folder. You want to make sure that if two heartbeats are missed, the DHCP service is switched to another node on the cluster. What should you configure?

a. preferred owner
b. failover settings
c. host priority
d. handling priority

b. failover settings
5. You are an administrator for contoso.com. You have two servers called Server1 and Server2 that run Windows Server 2012 and have the Failover Clustering feature installed. You configure the server to run a highly available virtual machine that is the DHCP server. What do you configure to monitor the DHCP service?

a. Enable event forwarding
b. Enable VM Monitoring
c. Enable service monitoring
d. Enable event subscriptions

b. Enable VM Monitoring
1. Which of the following options are available when you select the Import Virtual Machine Wizard? (Choose two answers.)

a. Copy the virtual machine.
b. Move the virtual machine’s data by selecting where to move the items.
c. Register the virtual machine in place.
d. Move the virtual machine’s data automatically.

a. Copy the virtual machine.
c. Register the virtual machine in place.
2. Windows Server 2012 Hyper-V files are stored in what file types? (Choose two answers.)

a. .NSF
b. .HTM
c. .VHD
d. .VHDX

c. .VHD
d. .VHDX
3. Which of the following advanced options are available when you select where to move items during an LM?

a. Copy the virtual machine.
b. Move the virtual machine’s data by selecting where to move the items.
c. Register the virtual machine in place.
d. Move the virtual machine’s data automatically.

b. Move the virtual machine’s data by selecting where to move the items.
4. When using remote management tools to perform LM, what needs to be configured?

a. CredSSP
b. Kerberos
c. OVF
d. Constrained Delegation

b. Kerberos
5. Which process takes an existing partially or completely configured VM and creates other VMs without having to perform the installation and configuration from scratch?

a. Importing
b. Exporting
c. Copying
d. Extracting
e. Migrating

b. Exporting
6. Which process takes an existing set of VM files and recreates the exact same VM?

a. Importing
b. Exporting
c. Copying
d. Extracting

a. Importing
7. What is the name of the process for moving an entire VM or parts of a VM to another physical server without a cluster?

a. Quick Migration
b. Storage Migration
c. Constrained Delegation
d. Live Migration

d. Live Migration
8. What is the name of the process for moving an entire VM or parts of a VM to another physical server using a cluster?

a. Quick Migration
b. Storage Migration
c. Constrained Delegation
d. Live Migration

a. Quick Migration
9. In which file should all instances of the virtual hard disk file name be updated to reflect the converted file name?

a. .VHD
b. .NSF
c. OVF XML
d. .VHDX

c. OVF XML
10. Which of the following tools do you need to perform V2V conversions?

a. SCVMM
b. VMMCA
c. Disk2VHD
d. Any VSS-aware application

a. SCVMM
1. You need to migrate a physical computer to a Windows Server 2012 Hyper-VP server. You also need to capture all local user accounts in your migration. Which of the following tools should you use?

a. XenServer
b. Active Directory Users and Computers
c. Disk2VHD
d. OVF Import/Export Tool

c. Disk2VHD
2. The server hosting your mission-critical email server is failing. The email server has been created in a VM that is not in a cluster; however, its storage is maintained on an SAN. You need move the VM to a new host and maintain server availability. How should you proceed?

a. Power down and export and import the VM registering the VM in place with the existing unique ID.
b. Power down and export and import the VM restoring the VM in place with the existing unique ID.
c. Power down and export and import the VM copying the VM in place to create a new unique ID.
d. Use Live Migration to move only the VM and keep the storage in place

b. Power down and export and import the VM restoring the VM in place with the existing unique ID.
3. You need to perform a LM but are unable to. You are a member of the Hyper-V Administrators group on the source Hyper-V server and a member of the Domain Admins group on the destination sever. You are using the Hyper-V Remote Management Tools on your Windows 7 Workstation. What do you need to do to perform the LM?

a. Have an Enterprise Admin add your account to the Hyper-V Administrators group on the destination server.
b. Upgrade your workstation to Windows 8.
c. Upgrade your Hyper-V Remote Management Tools to the latest version.
d. Reconfigure Constrained Delegation and reboot both the source and destination severs.

b. Upgrade your workstation to Windows 8.
c. Upgrade your Hyper-V Remote Management Tools to the latest version.
4. You need to create a VM template to create 20 identical VMs. How do you do this?

a. Run Sysprep on the VM, power it down, and export and import the VM registering the VM in place with the existing unique ID.
b. Power down and export and import the VM restoring the VM in place with the existing unique ID.
c. Run Sysprep on the VM, power it down, and export and import the VM copying the VM in place to create a new unique ID.
d. Use Live Migration to move only the VM as many times as you want.

c. Run Sysprep on the VM, power it down, and export and import the VM copying the VM in place to create a new unique ID.
5. You need to migrate a VM created in the VirtualBox hypervisor. You do not need to capture local user accounts in your migration. Which of the following tools do you use?
a. XenServer
b. Active Directory Users and Computers
c. Disk2VHD
d. OVF Import/Export Tool
a. XenServer
1. What method of file sharing is used with UNIX and Linux machines?

a. SMB
b. CIFS
c. NTFS
d. NFS

d. NFS
2. When using NFS, how do you connect to the shared folder?

a. You mount the volume to a local folder.
b. You mount the volume to a remote folder.
c. You access the shared folder using a UNC.
d. You access the shared folder using a URL.

a. You mount the volume to a local folder.
3. What allows you to integrate Windows users into an existing UNIX or Linux environment?

a. NFS snap-in
b. UNIX translator
c. Identity Management for UNIX
d. UNIX plug-in

c. Identity Management for UNIX
4. What command do you use to install Identity Management for UNIX?

a. install.exe
b. feature.exe
c. dism.exe
d. msiexec.exe

c. dism.exe
5. When you define access to NFS, which two items must you include?
(Choose two answers.)

a. domain name
b. GID
c. admin access
d. UID

b. GID
d. UID
6. What are the three requirements for the NFS Data Store? (Choose three answers.)

a. File Services role
b. Server for NFS role service
c. Failover Clustering feature
d. Identity Manage for UNIX

a. File Services role
b. Server for NFS role service
c. Failover Clustering feature
7. Which Windows Server 2012 server acts as a WAN accelerator?

a. NFS accelerator
b. BranchCache
c. File Server Resource Manager
d. GPO Cache

b. BranchCache
8. Which mode in BranchCache allows you to store the cache among multiple computers running Windows 7 or Windows 8?

a. hosted cache mode
b. distributed cache mode
c. WSCache
d. WideRanceCache

b. distributed cache mode
9. Which primary tool is used when classifying files?

a. File Administrator
b. Server Manager
c. Computer Management
d. File Server Resource Manager

d. File Server Resource Manager
10. What are the two items that you have to create when using file classification?

a. classification property
b. classification attribute
c. classification syntax
d. classification rule

a. classification property
d. classification rule
11. What are the two actions that need to be done when you need to audit whether a file is being read by a certain user? (Choose two answers.)

a. You need to specify which folders and files to audit.
b. You need to add a checksum to the file to be audited.
c. You need to enable object auditing.
d. You need to add an audit digital certificate to the system where the files reside.

a. You need to specify which folders and files to audit.
c. You need to enable object auditing.
2. What do you use to extend the Active Directory schema to store UNIX attributes?

a. NFS Management console
b. Server for NFS role
c. Computer Management console
d. Identity Management for UNIX

b. Server for NFS role
3. At the corporate office, you have a file server called Server01. At a remote site, you installed BranchCache on Server02, which is acting as a BranchCache hosted cache server. To move things along, you decide to preload the data from the file shares on Server1 to the cache on Server02. What would generate the hashes for the file share on Server01?

a. Use the Enable-BCCache PowerShell cmdlet.
b. Use the Publish-BCCache PowerShell cmdlet.
c. Use the Export-BCCachepackage PowerShell cmdlet.
d. Use the Set-BCCache PowerShell cmdlet.

c. Use the Export-BCCachepackage PowerShell cmdlet.
4. To fully use Identity Management for UNIX, what are the three components that you have to install? (Choose three answers.)

a. nis
b. adminui
c. Unix-add
d. psync

a. nis
b. adminui
d. psync
5. Which two commands allow you to specify the cache size for BranchCache hosted cache server?

a. netsh set cachsize command
b. netsh set publicationcachezie command
c. Set-BCCacheSize PowerShell cmdlet
d. Set-BCCache PowerShell cmdlet

a. netsh set cachsize command
d. Set-BCCache PowerShell cmdlet
1. Which of the following uses a trusted identity provider to provide authentication?

a. centralized access control
b. physical-based access control
c. password access control
d. claims-based access control

d. claims-based access control
2. Which digital identification is used by a user or computer?

a. passport
b. token
c. SID
d. GUID

b. token
3. Which identity provider is in Windows Server 2012?

a. Security Token Service
b. Kerberos Key Generator
c. Trust Replicator
d. Rights Management Service (RMS

a. Security Token Service
4. What is used to automatically label files based on content?

a. token rules
b. claim rules
c. resource properties
d. classification rules

d. classification rules
5. What do you specify when you create a claim type?

a. claim resource
b. claim name
c. claim token
d. claim property

b. claim name
6. What is used to grant permissions to those objects on multiple file servers within your domain?

a. Classification Policy
b. Central Access Policy
c. Token Policy
d. Distributed Access Policy

b. Central Access Policy
7. How do you enable staging of Dynamic Access Control (DAC)?

a. Use the netsh command.
b. Use Active Directory Administrative Center.
c. Use GPOs.
d. Use the Dynamic Access Control console.

c. Use GPOs.
8. Which log do you view when you enable staging when using DAC?

a. Application
b. Security
c. System
d. Forwarded

b. Security
9. How can you test DAC changes before you implement the changes?

a. Use the DAC emulator.
b. Use the Dynamic Access Control console.
c. Use the Computer Management console.
d. Use staging.

d. Use staging.
10. What is included with devices when using DAC?

a. users
b. files
c. computers
d. phones

c. computers
1. What is the best way to enable Access-Denied Assistant for all of your file servers?

a. Dynamic Access Control console
b. File Server Resource Manager
c. Active Directory Administrative Center
d. Group Policy Objects

d. Group Policy Objects
2. Which of the following can you perform when using DAC? (Choose all that apply.)

a. Audit access by using an audit policy.
b. Encrypt all files on a server.
c. Classify and tag data.
d. Provide Access-Denied Assistance when a user is denied access to a shared file.
e. Allow connections from mobile phones to files protected by DAC.

a. Audit access by using an audit policy.
c. Classify and tag data.
d. Provide Access-Denied Assistance when a user is denied access to a shared file.
3. Which of the following are required when using DAC? (Choose two answers.)

a. Classification rules
b. Resource properties
c. Claim types
d. Staging

b. Resource properties
c. Claim types
4. What would you use to perform targeted auditing?

a. Staging
b. Advanced logging
c. Dynamic logging
d. Global Object Access Auditing

d. Global Object Access Auditing
5. How can you manually classify files in a folder?

a. Folder properties
b. File Server Resource Manager
c. Dynamic Access Control console
d. Active Directory Administrative Center

b. File Server Resource Manager
1. What protocol allows a server to connect to a SAN by sending SCIS commands over TCP/IP network?
a. Fibre Channel
b. iSCSI
c. SATA
d. MPIO
b. iSCSI
Which port does iSCSI use?
a. 1080
b. 8080
c. 3260
d. 4800
Port 3260
Which client connects to an iSCSI SAN?
a. iSCSI target
b. iSCSI source
c. iSCSI receiver
d. iSCSI initiator
d. iSCSI initiator
What can be installed so that Windows Server 2012 can be used to present iSCSI volumes to Windows servers?
a. iSCSI target
b. iSCSI source
c. iSCSI receiver
d. iSCSI initiator
a. iSCSI target
What is a unique identifier that is used to identify iSCSI initiators and targets?
a. iSNS
b. IQN
c. MPIO
d. MPC
b. IQN
Which protocol is used for authentication for iSCSI?
a. PAP
b. CHAP
c. MS-CHAPv2
d. SPAP
b. CHAP
How do you install iSCSI Target on Windows Server 2012?
a. You install the MMC snap-in
b. You install an add-in program
c. You install as a Windows feature
d. You install as a Windows Server role
d. You install as a Windows Server role
What can you use to encrypt iSCSI traffic?
a. CHAP
b. IPsec
c. BitLocker
d. EFS
b. IPsec
Which two technologies can help make iSCSI highly available (Choose two answers)
a. MCS
b. EFS
c. LUNX
d. MPIO
a. MCS
d. MPIO
What is used to automatically discover, manage, and configure iSCSI devices?
a. LUN
b. IQN
c. MPIP
d. iSNS
d. iSNS
Which tools do you have access to after installing the Windows Server Backup feature? (Select all that apply)
a. Windows Server backup MMC snap-in
b. wbadmin.exe
c. Windows PowerShell cmdlets for Windows Server Backup
d. RSAT
a. Windows Server Backup MMC snap-in
b. wbadmin.exe
c. Windows PowerShell cmlets for Windows Server Backup
Which of the following are true statements regarding Windows Server Backup in Windows Server 2012? (Select all that apply)
a. You can back up to tape drives and attached hard drives
b. Applications can be backed up to a DVD drive.
c. Applications can be backed up to a remote shared folder
d. Backing up to folders on a local or remote volume supports only one copy of the backup. Subsequent backups overwrite the contents of the previous backup
c. Applications can be backed up to a remote shared folder
d. Backing up to folders on a local or remote volume supports only one copy of the backup. Subsequent backups overwrite the contents of previous backups
Which of the following types of backups will back up all of the files needed to recover Active Directory? (Select all that apply)
a. system state
b. full backup
c. bare metal recovery
d. system reserved
a. system state
b. full backup
c. bare metal recovery
What is the name of the folder where your backups are stored?
a. Windows Backup
b. WindowsImageBackup
c. WindowsBkup
d. WindowsImageBkup
b. WindowsImageBackup
Which of the following are true regarding Windows Online Backups?
a. It’s only available with Windows Server 2012
b. It supports bandwidth throttling
c. It uses an agent that supports backing up BitLocker-enabled drives
d. It supports backup of files and folders
a. It’s only available with Windows Server 2012
Which of the following server roles should be backed up only in situations where you have static entries in the database?
a. DHCP
b. DNS
c. RAS
d. WINS
d. WINS
Which Windows PowerShell command installs the Windows Server Backup Feature?
a. PS C:Add-WindowsFeature Windows-Server-Backup
b. PS C:Add-WindowsFeature WindowsServerBackup
c. PS C:Install-WindowsFeature Windows-Server-Backup
d. PS C:Install-WindowsFeature WindowsServerBackup
a. PS C:Add-WindowsFeature Windows-Server-Backup
Which wbadmin command backs up the system state on a domain controller to a remote volume located on Server02 named SysState?
a. wbadmin start backup -backuptarget: \server02SysState
b. wbadmin start backup -systemstate \server02SysState
c. wbadmin start backup -systemstate -backuptarget: \server02SysState
d. wbadmin start backup -sstemstate -target: \server02SysState
c. wbadmin start backup-systemstate-backuptarget:\server02\SysState
This Volume Shadow Copy Service (VSS) component is responsible for making sure the data is ready for the shadow copy to be created.
a. VSS requester
b. VSS provider
c. VSS writer
d. VSS Shadow Writer
c. VSS writer
Which of the following are characteristics of Shared Copies for Shadow Volumes (SCSV)?
a. It’s enabled on a per-volume basis
b. By default, shadow copies are taken at 7:00 AM and 12:00 AM (Monday-Friday).
c. The volumes must be formatted using NTFS
d. Mount points are supported
a. It’s enabled on a per-volume basis
c. The volumes must be formatted using NTFS
When restoring files protected by SCSV, which of the following statements are true?
a. Copying a file causes it to lose its original permission settings
b. Copying a file allows it to retain its original permission settings
c. Restoring a file causes it to lose its original permission settings
d. Restoring a file allows it to retain its original permission settings
a. Copying a file causes it to lose its original permission settings
d. Restoring a file allows it to retain its original permission settings
What is the maximum number of shadow copies allowed per volume?
a. 24
b. 128
c. 64
d. unlimited
c. 64
Which of the following statements is incorrect regarding restoring a system volume?
a. The server’s hardware must not have changed and your data volumes must still be operational
b. The server’s current system volume will be erased
c. If there are any data volumes on the same disk that contains the system volumes, they are erased as part of the restore process
d. If there are any data volumes on the same disk that contains the system volumes, they will not be erased as part of the restore process
d. If there are any data volumes on the same disk that contains the system volumes, they will not be erased as part of the restore process
You would like to recover the system state for a member server from a backup. Which backup types include them by default? (Select all that apply)
a. full backups
b. system state backups
c. bare metal backups
d. simple volume backups
a. full backups
b. system state backups
c. bare metal backups
Which command can be used to boot into a special mode that allows you to repair and recover Active Directory?
a. bcdedit /set safeboot dsrepair
b. bcdedit /set safeboot dsrm
c. bcdedit /set safeboot ad repair
d. bcdedit /set safeboot repair DS
a. bcdedit /set safeboot dsrepair
Someone accidentally deleted an organizational unit (OU) in Active Directory. What type of restore do you need to perform if you do not have Active Directory Recycle Bin enabled?
a. non-authorative restore
b. ntdsutil.exe restore
c. authoritative restore
d. ntdsutil.exe auth restore
c. authoritative restore
What is the maximum number of days you can fully recover an Active Directory-deleted object and all of its attributes if you have Active Directory Recycle Bin enabled
a. 60 days
b. 180 days
c. 30 days
d. 360 days
d. 360 days (book answer)
(Correct answer would actually be b. 180 days as the question asks for the restoration of ALL attributes)
Which of the following are inaccurate statements regarding performing a bare metal recovery restore?
a. You can restore cross architecture
b. You can recover to a server that has the different hardware
c. You will include the system state, system reserved, and critical volumes by default
d. If you are restoring from a backup that is no the server’s locally attached disk, that disk will be excluded automatically from being formatted if you select Format and repartition disk
a. You can restore cross architecture
Which of the following command-line tools can be used to display the boot loader/applications configured on a server?
a. bcdedit.exe
b. bootrec
c. sfc /verify
d. diskpart
a. bcdedit.exe
Which of the following would you select, withing Hyper-V Manager, to return a virtual machine (VM) to the last snapshot that was taken after selecting the VM in the console?
a. Action Menu > Apply
b. Action Menu > Return
c. Action Menu > Revert
d. Action Menu > Undo
c. Action Menu > Revert
What allows you to place an offline copy of a VM that is regularly updated?
a. Data Duplication
b. DFS replication
c. Cluster replication
d. Hyper-V replica
d. Hyper-V replica
Which component of the Hyper-V replica performs the replication of VM’s?
a. Replication Engine
b. Change Tracker
c. Network Module
d. Change Manager
a. Replication Engine
How is the data replicated when replicating to a Hyper-V replica?
a. HTTP
b. Telnet
c. FTP
d. TFTP
a. HTTP
What program is normally used to enable Hyper-V replication?
a. Hyper-V Manager
b. Hyper-V Replica
c. Failover Cluster Manager
d. Hyper-V Replica Broker
a. Hyper-V Manager
When a VM is replicated as a Hyper-V replica, what is the replicated VM considered?
a. cold server
b. warm server
c. hot server
d. dynamic server
a. cold server
What type of quorum is recommended for multi-site clusters consisting of two nodes on the primary site and two nodes on the backup site?
a. Node Majority with File Sharing Majority
b. Node Majority with Disk Witness
c. No Majority
d. Node Majority
a. Node Majority with File Share Majority
You have a total of five cluster nodes that are used by a multi-site cluster. Which type of quorum should you use?
a. Node Majority with File Share Majority
b. Node Majority with Disk Witness
c. No Majority
d. Node Majority
d. Node Majority
What provides encryption for Hyper-V replication over the network?
a. HTTPS
b. SSH
c. SFTP
d. TFTP
a. HTTPS
What is the advantage of using synchronous replication?
a. It keeps the source and target storage devices the same
b. It’s faster
c. It accommodates high latency
d. It accommodates low bandwidth
a. It keeps the source and target storage devices the same
10. If you have a secondary site to be used as a backup site, what basic network services will you need? (Choose all that apply)
a. SMTP
b. SQL Server
c. AD DS
d. DNS
c. AD DS
d. DNS
What is used to enable Hyper-V replica if you have a failover cluster installed on a server where you have Hyper-V installed?
a. Hyper-V Manager
b. Hyper-V Replica
c. Failover Cluster Manager
d. Hyper-V Replia Broker
a. Hyper-V Manager
You have two servers, Server1 and Server2, running Windows Server 2012. Both servers have the Hyper-V server role installed. Server1 is in the primary site and Server2 is in the secondary site, which are connected over a slow WAN link. Server1 is running a VM. If Server1 fails, how can you start a copy of the VM on Server2, while keeping the cost low?
a. Install MPIO on Server1 and modify the storage locations of the VM
b. Install MPIO on Server1 and modify the storage locations of the VM
c. On Server1. modify the Replication Configuration settings and enable the replication of VM
d. On Server2. modify the Replication Configuration settings, and enable the replication of the VM
c. On Server1, modify the Replication Configuration settings and enable the replication of VM
You have two servers, Server1 and Server2. Both are running Windows Server 2012 and the Hyper-V server role. You need to replicate VMs between Server1 and Server2. You need to use encryption with SSL. Of course, you need a digital certificate for SSL. What two intended purposes of the certificate would you need?
a. client authentication
b. server authentication
c. IP security
d. KDC authentication
a. client authentication
b. serer authentication
You have three physical hosts called Server1, Server2, and Server3, all of which are running Windows Server 2012. Server1 and Server2 make up the failover cluster Cluster1. Cluster1 has the Hyper-V Replica Broker installed and is hosting several VMs. What tools do you need to use to configure the VMs to replicate to Server3?
a. Hyper-V Manager console connected to Server3
b. Hyper-V Manager console connected to Cluster1
c. Failover Cluster Manager console connected to Cluster1
d. Failover Cluster Manager console connected to Server3
a. Hyper-V Manager console connected to Server3
c. Failover Cluster Manager console connected to Cluster1
What is desirable when you purchase a WAN link to connect two sites? (Choose two answers)
a. low latency
b. low bandwidth
c. high latency
d. high bandwidth
a. low latency
d. high bandwidth
You have a scope called Scope1 (192.168.3.0/24) that is running out of addresses. What can you do to expand the number of addresses?
a. Create a 192.168.4.0 scope and create a superscope
b. Create an IPv6 scope
c. Reassign the scope to 172.24.3.0/16
d. Create a multicast scope
a. Create a 192.168.4.0 scope and create a superscope
Which type of communication sends a single set of packets to multiple hosts at the same time?
a. unicast
b. broadcast
c. multicast
d. anycast
c. multicast
What type of IPv6 address mechanism is used to generate link-local addresses using the MAC address?
a. stateless
b. stateful
c. prefix-based
d. multicast
a. stateless
What is the default DHCP failover mode?
a. Stateless
b. Stateful
c. Load Sharing
d. Hot Standby
c. Load Sharing
What is used to prevent non-Windows to overwrite DNS information for you systems that use static addresses?
a. Dynamic Protection
b. Stateful Protection
c. Stateless Protection
d. DHCP Name Protection
a. Dynamic Protection
What ports are required for DHCP failover?
a. 20-21
b. 67-68
c. 101-102
d. 140-141
b. 67-68
When you add a DHCP reservation for a printer, what two components should you include in the reservation? (Choose two answers)
a. the MAC address
b. the Default gateway
c. the printer server name
d. the IP address
a. the MAC address
d. the IP address
You have two DHCP servers, Server1 and Server2, running Windows Server 2012. You create a scope called Scope1. Server1 is your primary DHCP server. What is the easiest way to assign 80 percent of the addresses to Server1 and 20 percent to Server2?
a. on Scope1, run the Split-Scope Wizard
b. Create a multicast scope
c. Create a DHCP policy
d. Create a superscope
a. On Scope1, run the Split-Scope Wizard
You have just installed a new DHCP server. You try to start the DHCP service, but it will not start. What should you do?
a. Restart the server
b. Configure a scope
c. Activate the scope
d. Authorize the server in Active Directory
d. Authorize the server in Active Directory
You replaced your DHCP server due to hardware failure. You restore the server from a backup. You need to ensure that DHCP clients do not receive IP address that are currently in use on the network. What should you do?
a. Set the Conflict Detection value to 2
b. Add the DHCP server option 60
c. Add the DHCP server option 44
d. Enable the Retry option
a. Set the Conflict Detection value to 2
You have a server running Windows Server 2012. You want to assign the same IP address from the DHCP server to the server every time. What do you need to do?
a. Create a DHCP policy
b. Create an exclusion policy
c. Create a single scope with the specified address
d. Create a reservation
d. Create a reservation
You have a 192.168.1.0/24 subnet. Using DHCP, you want IP phones to be assigned addresses between 192.168.1.51-100 and desktop computer assigned to addresses between 192.168.1.101-155. How should you proceed while keeping the administrative effort to a minimum?
a. Create a multicast scope
b. Create a superscope
c. Use DHCP policies
d. Create multiple standard scopes
c. Use DHCP policies
You have the following DHCP scope: 192.168.1.0/24. You need to migrate the clients to 172.24.1.0/16. What type of scope should you create to perform the migration?
a. a multicast scope
b. a superscope
c. a split-scope
d. an IPv6 scope
b. a superscope
You are an administrator for the Contoso Corporation. Your primary office is in Sacramento and your data recovery site is in Las Vegas. You want to install a DHCP server at both locations to provide high availability. Which configuration should you use?
a. NLB cluster
b. Failover over cluster
c. Load Sharing mode failover partner
d. Hot Standby mode failover partner
d. Hot Standby mode failover partner
You have a server running Windows Server 2012 with five networks. You create two teams, each with two NICs. You want to use reservations to always assign the same iP addresses to the interfaces. how many reservations do you need on the DHCP server?
a. 2
b. 3
c. 4
d. 5
b. 3
Which of the following actions secures a DNS zone using a public key infrastructure?
a. Sign the zone
b. Lock the cache
c. Increase the socket pool
d. Create a Global Names zone
a. Sign the zone
Which of the following allows a DNS server to act as a key master?
a. KSK
b. ZSK
c. Locked Cache
d. AD CS Certificate Authority
a. KSK
Which DNS Resource Record provides a validated denial of existence?
a. DNSKEY
a. AAAA
c. SRV
d. NSEC3
d. NSEC3
Which dnscmd command-line parameter sets the capability to resolve non FQDN names?
a. /Socketpoolsize
b. /Cachelockingpercent
c. /Enableglobalnamessupport
d. /enumzones
c. /Enableglobalnamessupport
Which of the following actions can you not record or perform using DNS debug logging? (Choose all that apply)
a. Zone transfers
b. Start / Stop DNS service
c. Log file size
d. Query request packets
a. Zone transfer
b. Start / Stop DNS Service
Which security group has DNS administration privileges across the forest? (Choose all that apply)
a. Enterprise Admins
b. Domain Admins
c. Local administrators
d. DNS Admins
a. Enterprise Admins
Which LocalPriorityNet setting masks a Class A IP address?
a. 0x000000ff
b. 0x0000ffff
c. 0x0000003f
d. 0x00ffffff
a. 0x000000ff
Which of the following statements about the GlobalNames zones in Windows Server 2012 DNS Server role are true?
a. GlobalNames zone is domain-specific
b. GlobalNames zones require dynamic updates disable
c. GlobalNames zones are useful in multi-DNS domain systems
d. GlobalNames zones are enabled by default
c. GlobalNames zones are useful in multi-DNS domain system
Disabling Server recursion has which of the following effects?
a. Speeds up client queries
b. Increases the server workload
c. Restricts a DNS server to its own database
d. Disables access to the Internet
c. Restricts a DNS server to its own database
Which built-in Domain Local Security group allows full control of the DNS server functions within a single domain?
a. DNS Users
b. Power Users
c. DNS Admins
d. Enterprise Admins
c. DNS Admins
Which IPAM Security Group allows access to IP address tracking information but not full administration of an IPAM server?
a. IPAM Users
b. IPAM ASM Administrators
c. IPAM Audit Administrators
d. IPAM Administrators
c. IPAM Audit Administrators
IPAM servers should be installed on which Windows Server 2012?
a. domain controller
b. non-domain joined
c. DNS server
d. domain-joined sole purpose
d. domain-joined sole purpose
Which of the following functions does IPAM not carry out?
a. planning
b. auditing
c. tracking
d. monitoring
d. monitoring
IPAM can be administered from which operating system?
a. Windows 7
b. Windows Server 2008 R2 SP1
c. Windows 8
d. Windows Server 2008 SP2
c. Windows 8
Which of the following GPOs is not created when IPAM is provisioned using the automatic Group Policy method?
a. IPAM1_DHCP
b. IPAM1_DNS
c. IPAM1_NPS
d. IPAM1_DC_NPS
c. IPAM1_NPS
How many DNS servers can be managed from a single IPAM server?
a. 25
b. 500
c. 250
d. 50
b. 500
How much RAM is required to install an IPAM server?
a. 1 GB
b. 2 GB
c. 4 GB
d. 8 GB
c. 4 GB
Which Windows PowerShell cmdlet commences the automatic Group Policy provisioning on an IPAM server?
a. Invoke-IpamGpoProvisioning
b. Start-IpamGpoProvisioning
c. Start-IpamAutoGpoProvisioning
d. Invoke-IpamAutoGpoProvisioning
a. Invoke-IpamGpoProvisioning
Which of the following devices will IPAM manage? (Choose all that apply)
a. Windows Server 2008 R2 DNS server
b. Windows Server 2003 DHCP server
c. Cisco DHCP device
d. Windows Server 2012 NPS server
a. Windows Server 2008 R2 DNS Server
d. Windows Server 2012 NPS server
Which of the following are IPAM collection tasks? (Choose all that apply)
a. AddressExpiry
b. Audit
c. Service Monitoring
d. ServerConfiguration
b. Audit
c. Service Monitoring
d. ServerConfiguration
Which IPAM local security group should you use to provide IP auditing permissions?
a. IPAM Audit Administrators
b. IPAM Administrators
c. IPAM Users
d. IPAM ASM Administrators
a. IPAM Audit Administrators
ON which Windows Server should you install the IPAM feature?
a. Windows Server 2008 R2 Domain Controller
b. Windows Server 2012 DHCP Server
c. Windows Server 2012 Domain Controller
d. Windows Server 2012 File Server
d. Windows Server 2012 File Server
Which of the following IPAM provisioning methods should you use?
a. Manual
b. Group Policy
c. Automatic Group Policy
d. Active Directory
c. Automatic Group Policy
To alter a DHCP scope using IPAM, which method should you use?
a. DHCP Scopes console in Server Manager
b. Directly on the DHCP console on the DHCP server
c. Directly via Windows Powershell on the DHCP server
d. Remotely via Windows PowerShell
a. DHCP Scopes console in Server Manager
What should be used to reflect the organizational structure of your organization?
a. domain
b. forest
c. trees
d. OU
d. OU
Which of the following uses non-contiguous namespace?
a. domain
b. forest
c. trees
d. OU
b. forest
Which partition are used by Active Directory? (Choose all that apply)
a. configuration partition
b. domain partition
c. forest partition
d. schema partition
a. configuration partition
b. domain partition
d. schema partition
What utility do you use to update the domain function level?
a. Active Directory Users and Computers
b. Active Directory Domains and Trusts
c. Active Directory Sites and Services
d. DNS
a. Active Directory Users and Computers
What is the minimum domain function level to support fine-grained password policies?
a. Windows Server 2003
b. Windows Server 2008
c. Windows Server 2008 R2
d. Windows Server 2012
b. Windows Server 2008
What is the minimum domain functional level to support read-only domain controller?
a. Windows Server 2003
b. Windows Server 2008
c. Windows Server 2008 R2
d. Windows Server 2012
b. Windows Server 2008
After using the Active Directory Migration tool to migrate users to your new domain, what concerns should you have when creating a new external trust or forest trust?
a. you will not be able to create new trusts
b. Recently migrated accounts will have a new Security Identifier (SID) and an updated SID History
c. Elevated privileges will not cross the trust
d. The RID Master role must be seized
b. Recently migrated accounts will have a new Security Identifier (SID) and an updated SID History
Users in a UNIX Realm need to access resources in a Windows Server 2012 domain. What type of trust will you create?
a. external trust
b. forest trust
c. shortcut trust
d. none of the above
d. none of the above
You have two domains in a single internal forest. What type of trust should you create so that all users can log into computers in both domains?
a. external trust
b. forest trust
c. shortcut trust
d. none – automatic trust
d. automatic trust
You have just created a two way forest trust between Forest A and Forest B and are using forest-wide authentication. Some users complain that they cannot log into their domain-joined computers in the other forest. What should you do.
a. Recreate the trust
b. Have users log in with a generic domain user account
c. Have users log in with their email address
d. Have users log in with a username local to the workstation
c. Have users log in with their email address
You are the Domain Administrator for support.adatum.local and have been working with the Enterprise Administrator for contoso.local to create a one-way external trust between support.adatum.local and support.contoso.local. Your domain, support.adatum.local will be the trusted domain. The Contoso Enterprise Admins have created a one way incoming turst with your domain. What will you need to do?
a. Create a one-way shortcut trust
b. Create a two-way realm trust
c. Ask the Contoso Enterprise Admins to remove the recently created trust and create a one-way outgoing trust
d. Create a one-way outgoing trust with support.contoso.local
c. Ask the Contoso Enterprise Admins to remove the recently created trust and create a one-way outgoing trust
You are attempting to create a trust between Adatum.local and Contoso.local, both Windows Server 2012 domains. You run the New Trust Wizard and enter in the domain name for Contoso.local. The next screen of the wizard says “The name you specified is not a valid Windows Domain name. Is the specified name a Kerberosv5 realm”? What do you do to resolve the problem?
a. Configure DNS
b. Configure DHCP Split-Scope
c. Manually add contoso.local to the hosts file of the Adatum.local domain controllers.
d. Configure selective authentication
a. Configure DNS
You have recently installed a domain controller, but your clients are unable to authenticate against it. You notice the SRV records for the domain controller have not been populated in DNS. What will you do to re-register the SRV records in DNS?
a. Modify NETLOGON.DNS
b. Restart the NETLOGON service
c. Restart the DNS Server Cervice
d. Modify NETLOGON.LOG
b. Restart the NETLOGON service
Clients at a remote site are complaining that it takes an unacceptable amount of time to log in to their computers when they come in every morning. You check the logs of the domain controllers and notice that the clients are authenticating with a domain controller at the headquarters office and not with the domain controller at the remote office. You verify that the domain controller at the remote office is configured and registering SRV records in DNS correctly. What must be done to ensure all clients in the remote site authenticate with the domain controller in the remote site?
a. Create a new organizational unit and move the computers into it
b. Require all users to log in with their e-mail address for the username
c. Delete the NETLOGON.DNS file on the remote site domain controller
d. Create a subnet in the Active Directory Sites and Services tool
d. Create a subnet in the Active Directory Sites and Services tool
You have installed a Read Only Domain Controller (RODC) at a remote location. After looking through the logs, you notice that the Windows Server 2003 servers have automatically covered the remote site. What is the next step you need to take?
a. Modify the SearchFlags attribute
b. Open REGEDIT on the Windows Server 2003 domain controllers
c. Install the Microsoft Assessment and Planning Toolkit
d. Restart the NETLOGON service of the RODC
d. Restart the NETLOGON service of the RODC
You have recently have a physical domain controller fail during a routing maintenance reboot. The drives have failed and you cannot purchase new drives. Luckily you have recently implemented a Hyper-V solution. Instead of restoring it from backup, you brought online a new virtual domain controller running Windows Server 2012 Once the new server is back up and replicating with other partners within its site you notice no replication is taking place between the sites. Why has replication stopped between sites?
a. The failed domain controller was a manually configured bridgehead server
b. The second site is not compatible with Windows Server 2012
c. The site link needs to be re-registered
d. The Default-First-Site-Name still exists
a. The failed domain controller was a manually configured bridgehead server
You have recently bought a new site online. During your planning stages, you set up two new domain controllers for the new site and you are ready to move them. What tool will you use to move the domain controllers to the remote site.
a. Active Directory Domains and Trusts
b. Active Directory Users and Computers
c. Active Directory Sites and Services
d. Active Directory Administrative Center
c. Active Directory Sites and Services
You are working in an environment that has a non-Windows DNS server resolving all client requests. You are unable to use DNS Manager to view what records your Windows Server 2012 has registered with DNS. Where can you view the SRV records that the domain controller has created?
a. NETLOGON.DNS
b. DNS Manager
c. HOSTS
d. NETLOGON.LOG
a. NETLOGON.DNS
Which of the following commands, run from command prompt, allows you to monitor, troubleshoot, and force replication on Windows Server 2012?
a. REPLMON
b. NETSH
c. REPLSUM
d. REPADMIN
d. REPADMIN
Which of the following replication topologies, by default, uses change notification?
a. Knowledge Consistency Checker (KCC)
b. Intersite Topology Generator
c. Intrasite Replication
d. Intersite Replication
c. Intrasite Replication
Which of the following Domain Functional Levels is the minimum requirement to securely implement Filtered Attribute Sets?
a. Windows Server 2003
b. Windows Server 2008
c. Windows Server 2008 R2
d. Windows Server 2012
b. Windows Server 2008
You have configured a user group on the Managed by tab of an RODC. You receive a call from a member of the group indicating he is not able to log in to the RODC at the remote location. When the Wan link goes down. What do you need to do?
a. Add the group to the Domain Admins Group
b. Add the group to the Enterprise Admins Group
c. Add the group to the Allowed RODC Password Replication Group
d. Add the group to the Authenticated Users Group
c. Add the group to the Allowed RODC Password Replication Group
When replicating a single object between domain controllers, what will you use to specify the object name?
a. Distinguished Name (DN)
b. Relative Distinguished Name (RDN)
c. Security Account Manager ID (SAM ID)
d. Common Name (CN)
a. Distinguished Name (DN)
Which of the following allows passwords to be cached on an RODC before users log in to the RODC?
a. Change the user’s password on the PDC emulator
b. Disable and then re-enable the user account
c. Allow Password Replication and configure “User must change password at next logon.”
d. Allow Password Replication and Password Prepopulation
d. Allow Password Replication and Password Prepopulation
What allows a single sing-on when deploying an application for another organization on your network?
a. Active Directory Domain Services (AD DS)
b. Active Directory Rights Management Services (AD RMS)
c. Active Directory Lightweight Directory Services (AD LDS)
d. Active Directory Federation Services (AD FS)
d. Active Directory Federation Services (AD FS)
What is a statement made by a trusted entity for a user that includes key information to identify the user?
a. store
b. delegated party
c. proxy
d. claims
d. claims
What is the application that accepts claims from a claim provider?
a. claims provider
b. relying party
c. attribute store
d. federation server proxy
b. relying party
What is the server that issues claims and authenticates users?
a. claims provider
b. relying party
c. attribute store
d. federation server proxy
a. claims provider
What is a database that stores user information?
a. claims provider
b. relying party
c. attribute store
d. federation server proxy
c. attribute store
What type of certificate is assigned to the AD FS website?
a. server authentication
b. token-signing
c. token-decrypting
d. web authentication
a. server authentication
What kind of system are you creating when you install a certificate authority (CA)
a. JIF
b. SMB
c. CIF
d. PKI
d. PKI
Which of the following role services allows you to validate and revoke certificates?
a. Certificate Authority Policy Web Service
b. CA Web Enrollment
c. Online Responder
d. Network Device Enrollment Service
c. Online Responder
What is required to install enterprise CA?
a. Active Directory
b. multiple CAs
c. Online Responder
d. IIS
a. Active Directory
Which of the following can be used to check the validity of a digital certificate?
a. Online Responder
b. CAPolicy
c. NDES
d. CRL
a. Online Responder
d. CRL
You have two servers called Server01 and Server02, which are running Windows Server 2012. you configured Server01 as an enterprise root CA. You install the Online responder role service on Server02. What do you need to do so that Server01 uses the Online Responder Services?

a. Configure the CRL Distribution Point extension
b. Configure the Authority Information Access (AIA) extension
c. Add the Online Responder to Server01 and point to Server02
d. Import the enterprise root CA certificate and install on Server02

b. Configure the Authority Information Access (AIA) extension
You have an Active Directory Domain. You install Active Directory Certificate Services (AD CS) role on a standalone server. However, when you install the AD CS role as an enterprise CA, the enterprise CA role option is not available. What should you do?
a. Add the DNS server role
b. Add the AD LDS role
c. Join the server to the domain
d. Load the AD CS Proxy role
c. Join the server to the domain
You are replacing a web server and you need to retrieve the digital certificate used for your website so that you can import it to the new web server. What format should you export the certificate to?
a. Base-64 encoded X.509 (.cer)
b. Cryptographic Message Syntax Standard PKCS #7 (.p7b)
c. DER encoded binary X.509 (.cer)
d. Personal Information Exchange PKCS #12 (.pfx)
d. Personal Information Exchange PKCS #12 (.pfx)
You have an enterprise certification authority for your company. You need to issue a certificate to all users for email security, client authentication, and Encrypting File System (EFS). What two actions do you need to perform to complete?
a. Duplicate the User certificate template, and then publish the template
b. Modify the properties of the User certificate template and publish the template
c. Using a group policy, configure the Certificate Services Client – Autoentrollment settings
d. Using group policies, configure the Certificate Services Client – Certificate Enrollment Policy settings
a. Duplicate the User certificate template, and then publish the template
c. Using a group policy, configure the Certificate Services Client – Autoentrollment settings
You have an enterprise certification authority for your company. Which console do you need to use to ensure that all members of the Sales group can enroll in the Sales certificate?
a. Certification Authority
b. Certificate Templates
c. Authorization Manager
d. Active Directory Administrative Center
b. Certificate Templates
Which of the following is the minimum schema version for certificates that is required for auto-enrollment?
a. v1
b. v2
c. v3
d. v4
b. v2
Which of the following are ways you can deploy certificates?
a. manual enrollment
b. blackbox copy
c. autoenrollment
d. web enrollment
a. manual enrollment
c. autoenrollment
d. web enrollment
Which of the following is the default URL for the CA Web enrollment?
a. https:///enroll
b. https:///certentroll
c. https:///certsrv
d. https:///webcert
c. https:///certsrv
What do you need to configure to grant licenses to another forest within your organization?
a. trusted publishing domain
b. trusted user domains
c. federation trust
d. email server
a. trusted publishing domain
By default, which group is the Super Users?
a. Domain admins
b. Enterprise admins
c. RMS Admins
d. It is disabled and not defined
d. It is disabled and not defined
What is the default validity time for RAC?
a. 7 days
b. 30 days
c. 365 days
d. 90 days
c. 365 days
Which certificate contains the public key that encrypts the content key in a publishing license?
a. AD RMS machine certificate
b. Client licensor certificate
b. RAC
d. SLC
d. SLC
In addition to the AD RMS root cluster, what is needed before you can create the AD RMS root cluster?
a. Failover cluster feature
b. Network load balancing feature
c. Microsoft SQL Server 2008
d. File Sharing Services Role
c. Microsoft SQL Server 2008
You have two Active Directory forests with your company, contoso.com and litware.com. Each forest has an AD RMS deployment. How can you allow users from the litware.com forest access AD RMS protection content in the contoso forest?
a. Create an external trust from liteware.com to contoso.com
b. Install a remote access gateway
c. Add a trusted user domain to the AD RMS cluster in the contoso.com domain
d. Add a trusted user domain ot the AD RMS cluster in the litware.com domain
c. Add a trusted user domain to the AD RMS cluster in the contoso.com domain