Question & Answers of Windows Server 2012
Question & Answers of Windows Server 2012
Question & Answers of Windows Server 2012
An active directory is a directory structure used on Microsoft Windows based servers and
computers to store data and information about networks and domains.
2) Mention what are the new features in Active Directory (AD) of Windows server 2012?
dcpromo (Domain Controller Promoter) with improved wizard: It allows you to view
all the steps and review the detailed results during the installation process
Enhanced Administrative Center: Compared to the earlier version of active directory,
the administrative center is well designed in Windows 2012. The exchange management
console is well designed
Recycle bin goes GUI: In windows server 12, there are now many ways to enable the
active directory recycle bin through the GUI in the Active Directory Administrative
Center, which was not possible with the earlier version
Fine grained password policies (FGPP): In windows server 12 implementing FGPP is
much easier compared to an earlier It allows you to create different password policies in
the same domain
Windows Power Shell History Viewer: You can view the Windows PowerShell
commands that relates to the actions you execute in the Active Directory Administrative
Center UI
The default protocol used in directory services is LDAP ( Lightweight Directory Access
Protocol).
Forest is used to define an assembly of AD domains that share a single schema for the AD. All
DC’s in the forest share this schema and is replicated in a hierarchical fashion among them.
The SysVOL folder keeps the server’s copy of the domain’s public files. The contents such as
users, group policy, etc. of the sysvol folders are replicated to all domain controllers in the
domain.
6) Mention what is the difference between domain admin groups and enterprise admins
group in AD?
Enterprise Admin
Domain Admin Group
Group
Members of this group have Members of this group have
complete control of all domains in complete control of the domain
the forest By default, this group is a member
By default, this group belongs to the of the administrators group on all
administrators group on all domain domain controllers, workstations and
controllers in the forest member servers at the time they are
As such this group has full control of linked to the domain
the forest, add users with caution As such the group has full control in
the domain, add users with caution
Kerberos is an authentication protocol for network. It is built to offer strong authentication for
server/client applications by using secret-key cryptography.
9) Explain where does the AD database is held? What other folders are related to AD?
AD database is saved in %systemroot%/ntds. In the same folder, you can also see other files;
these are the main files controlling the AD structures they are
dit
log
res 1.log
log
chk
10) Mention what is PDC emulator and how would one know whether PDC emulator is
working or not?
PDC Emulators: There is one PDC emulator per domain, and when there is a failed
authentication attempt, it is forwarded to PDC emulator. It acts as a “tie-breaker” and it controls
the time sync across the domain.
These are the parameters through which we can know whether PDC emulator is working or not.
Lingering objects can exists if a domain controller does not replicate for an interval of time that
is longer than the tombstone lifetime (TSL).
Tombstone lifetime in an Active Directory determines how long a deleted object is retained in
Active Directory. The deleted objects in Active Directory is stored in a special object referred as
TOMBSTONE. Usually, windows will use a 60- day tombstone lifetime if time is not set in the
forest configuration.
Schema is an active directory component describes all the attributes and objects that the directory
service uses to store data.
CDC or child DC is a sub domain controller under root domain controller which share name
space
RID master stands for Relative Identifier for assigning unique IDs to the object created in AD.
Components of AD includes
Infrastructure Master is accountable for updating information about the user and group and
global catalogue.
Active Directory (AD) is a directory service developed by Microsoft and used to store objects
like User, Computer, printer, Network information, It facilitate to manage your network
effectively with multiple Domain Controllers in different location with AD database, able to
manage/change AD from any Domain Controllers and this will be replicated to all other DC’s,
centralized Administration with multiple geographical location and authenticates users and
computers in a Windows domain
What is LDAP and how the LDAP been used on Active Directory(AD)?
http://www.windowstricks.in/ldap-and-ldap-query
What is Tree?
Tree is a hierarchical arrangement of windows Domain that share a contiguous name space
What is Domain?
Domain Controller is the server which holds the AD database, All AD changes get replicated to
other DC and vise vase
What is Forest?
Forest consists of multiple Domains trees. The Domain trees in a forest do not form a contiguous
name space however share a common schema and global catalog (GC)
What is Schema?
Active directory schema is the set of definitions that define the kinds of object and the type of
information about those objects that can be stored in Active Directory
http://www.windowstricks.in/2014/01/can-i-restore-schema-partition.html
Infrastructure Master
RID Master
PDC
Schema Master and Domain Naming Master are forest wide role and only available one on each
Forest, Other roles are Domain wide and one for each Domain
AD replication is multi master replication and change can be done in any Domain Controller and
will get replicated to others Domain Controllers, except above file roles, this will be flexible
single master operations (FSMO), these changes only be done on dedicated Domain Controller
so it’s single master replication
Interesting question which role is most important out of 5 FSMO roles or if one role fails that
will impact the end-user immediately
Most armature administrators pick the Schema master role, not sure why maybe they though
Schema is very critical to run the Active Directory
Correct answer is PDC, now the next question why? Will explain role by role what happens
when a FSMO role holder fails to find the answer
Schema Master – Schema Master needed to update the Schema, we don’t update the schema
daily right, when will update the Schema? While the time of operating system migration,
installing new Exchange version and any other application which requires extending the schema
So if are Schema Master Server is not available, we can’t able to update the schema and no way
this will going to affect the Active Directory operation and the end-user
Schema Master needs to be online and ready to make a schema change, we can plan and have
more time to bring back the Schema Master Server
Domain Naming Master – Domain Naming Master required to creating a new Domain and
creating an application partition, Like Schema Master we don’t cerate Domain and application
partition frequently
So if are Domain Naming Master Server is not available, we can’t able to create a new Domain
and application partition, it may not affect the user, user event didn’t aware Domain Naming
Master Server is down
Infrastructure Master – Infrastructure Master updates the cross domain updates, what really
updates between Domains? Whenever user login to Domain the TGT has been created with the
list of access user got through group membership (user group membership details) it also contain
the user membership details from trusted domain, Infrastructure Master keep this information up-
to-date, it update reference information every 2 days by comparing its data with the Global
Catalog (that’s why we don’t keep Infrastructure Master and GC in same server)
In a single Domain and single Forest environment there is no impact if the Infrastructure
Master server is down
In a Multi Domain and Forest environment, there will be impact and we have enough time to fix
the issue before it affect the end-user
RID Master –Every DC is initially issued 500 RID’s from RID Master Server. RID’s are used
to create a new object on Active Directory, all new objects are created with Security ID (SID)
and RID is the last part of a SID. The RID uniquely identifies a security principal relative to the
local or domain security authority that issued the SID
When it gets down to 250 (50%) it requests a second pool of RID’s from the RID master. If
RID Master Server is not available the RID pools unable to be issued to DC’s and DC’s are
only able to create a new object depends on the available RID’s, every DC has anywhere
between 250 and 750 RIDs available, so no immediate impact
PDC – PDC required for Time sync, user login, password changes and Trust, now you know
why the PDC is important FSMO role holder to get back online, PDC role will impact the end-
user immediately and we need to recover ASAP
The PDC emulator Primary Domain Controller for backwards compatibility and it’s responsible
for time synchronizing within a domain, also the password master. Any password change is
replicated to the PDC emulator ASAP. If a logon request fails due to a bad password the logon
request is passed to the PDC emulator to check the password before rejecting the login request.
Tel me about Active Directory Database and list the Active Directory Database files?
NTDS.DIT
EDB.Log
EDB.Che
All AD changes didn’t write directly to NTDS.DIT database file, first write to EDB.Log and
from log file to database, EDB.Che used to track the database update from log file, to know what
changes are copied to database file.
NTDS.DIT: NTDS.DIT is the AD database and store all AD objects, Default location is the
%system root%\nrds\nrds.dit, Active Directory database engine is the extensible storage engine
which us based on the Jet database
EDB.Log: EDB.Log is the transaction log file when EDB.Log is full, it is renamed to EDB
Num.log where num is the increasing number starting from 1, like EDB1.Log
EDB.Che: EDB.Che is the checkpoint file used to trace the data not yet written to database file
this indicate the starting point from which data is to be recovered from the log file in case if
failure
Res1.log and Res2.log: Res is reserved transaction log file which provide the transaction log
file enough time to shutdown if the disk didn’t have enough space
http://www.windowstricks.in/2010/07/recommended-raid-configuration-and-disk.html
Can we keep OS, log files, SYSVOL, AD database on same logical Disk?
http://www.windowstricks.in/2010/07/recommended-raid-configuration-and-disk.html
Active Directory partition is how and where the AD information logically stored.
Schema
Configuration
Domain
Application partition
Schema Partition – It store details about objects and attributes. Replicates to all domain
controllers in the Forest
Configuration Partition – It store details about the AD configuration information like, Site,
site-link, subnet and other replication topology information. Replicates to all domain controllers
in the Forest
DN Location is CN=Configuration,DC=Domainname,DC=com
Domain Partitions – object information for a domain like user, computer, group, printer and
other Domain specific information. Replicates to all domain controllers within a domain
DN Location is DC=Domainname,DC=com
How to move the DNS zone from Domain Partition to Application partition?
How many domain controllers need to back up? Or which domain controllers to back up?
Minimum requirement is to back up two domain controllers in each domain, one should be an
operations master role holder DC, no need to backup RID Master (relative ID) because RID
master should not be restored
The Sysvol folder on a Windows domain controller is used to stores domain’s Group Policy
settings, default profiles and logon/logoff/startup/shutdown scripts, which is available in
C:\Windows\SYSVOL directory in all domain controllers within the Domain
Netlogon folder contain logon/logoff/startup/shutdown scripts which is inside the Sysvol folder
Check more about: force sysvol replication on Windows 2003 and force sysvol replication on
Windows 2008 and windows server 2012
Sysvol share not sharing – May be an replication issue, please event log got more information
D2 is the default method for restoring SYSVOL and occurs automatically when you do a non-
authoritative restore of the Active Directory
When you non-authoritatively restore the SYSVOL, the local copy of SYSVOL on the restored
domain controller is compared with that of its replication partners. After the domain controller
restarts, it replicates the any necessary changes, bringing it up-to-date with the other domain
controllers within the domain.
Tel me about Authoritative restore of SYSVOL or D4 restore
IN D4 restore a copy of SYSVOL that is restored from backup is authoritative for the domain.
After the necessary configurations have been made, Active Directory marks the local SYSVOL
as authoritative and it is replicated to the other domain controllers within the domain.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/R
estore\Process at Startup
BurFlags
D2, for nonauthoritative mode restore
D4, for an authoritative mode restore
1 Comment
As an Windows AD Administrator I have many Active Directory real time issues and solutions,
we have seen the questions like, Tel me about 2 real time issues which you have faced in your
current Active Directory environment, share one or two challenging issues which you have
worked and resolved, Tel me most challenging issues you recently involved
Many of my blog readers are asked to share couple of real time scenarios from my past
experience to preparing for an Windows and Active Directory interview, list of articles from my
previous post, read and understand to face the interview confidently
Replication failed with “The destination server is currently rejecting replication requests” Error
Why we can’t edit/view windows 2008, Vista and windows 7 GPO settings from windows 2003
GPO update failed in Slow Link VPN site with Event ID 1000 and 1054
Other real time issues and solutions, Printer, User Profile and Account lockout
Account lockout
How to resolve the Print Spooler service crash issue (Print spooler service is not running)
How to find the domain controller that contains the lingering object
Reconfigure roaming profile folder and home folder permission for all the users
Ehab Shana
Active Directory
Exchange Connectivity
Infrastructure Engineer
interview
microsoft
Microsoft BASIC
Microsoft DNS
Microsoft Exchange Server
System administrator
Systems Engineer
Got these skills? Find your job match or Get your personalised skills analysis.
More and more companies are realizing the power of cloud services and networks. With the
release of Office 365, Cloud services, and employees working away from the office,
collaboration is crucial. Ensuring the networks that connect employees and allow access to the
documents and projects within an organization is therefore critical to allow organizations to
function efficiently. This means that the demand for good network administrators and system
administrators who understand Active Directory is increasing.
1. What is Active Directory? Active Directory (AD) is a directory service developed by
Microsoft and used to store objects like User, Computer, printer, Network information, It
facilitate to manage your network effectively with multiple Domain Controllers in
different location with AD database, able to manage/change AD from any Domain
Controllers and this will be replicated to all other DC’s, centralized Administration with
multiple geographical location and authenticates users and computers in a Windows
domain.
2. Define Active Directory? Active Directory is a database that stores data pertaining to the
users within a network as well as the objects within the network. Active Directory allows
the compilation of networks that connect with AD, as well as the management and
administration thereof.
3. What is Domain? Active Directory Domain Services is Microsoft’s Directory Server. It
provides authentication and authorization mechanisms as well as a framework within
which other related services can be deployed.
4. What is Active Directory Domain Controller (DC)? Domain Controller is the server
which holds the AD database, All AD changes get replicated to other DC and vise vase.
5. What is a domain within Active Directory? A domain represents the group of network
resources that includes computers, printers, applications and other resources. Domains
share a directory database. The domain is represented by address of the resources within
the database. A domain address generally looks like 125.170.456. A user can log into a
domain to gain access to the resources that are listed as part that domain.
6. What is the domain controller? The server that responds to user requests for access to the
domain is called the Domain Controller or DC. The Domain Controller allows a user to
gain access to the resources within the domain through the use of a single username and
password.
7. What is Tree? Tree is a hierarchical arrangement of windows Domain that share a
contiguous name space.
8. What is Forest? Forest consists of multiple Domains trees. The Domain trees in a forest
do not form a contiguous name space however share a common schema and global
catalog (GC).
9. Explain what domain trees and forests are? Domains that share common schemas and
configurations can be linked to form a contiguous namespace. Domains within the trees
are linked together by creating special relationships between the domains based on trust.
Forests consist of a number of domain trees that are linked together within AD, based on
various implicit trust relationships. Forests are generally created where a server setup
includes a number of root DNS addresses. Trees within the forest do not share a
contiguous namespace.
10. What is Schema? Active directory schema is the set of definitions that define the kinds of
object and the type of information about those objects that can be stored in Active
Directory Active directory schema is Collection of object class and there attributes Object
Class = User Attributes = first name, last name, email, and others
11. What is FSMO? FSMO (flexible single master operations) is a specialized domain
controller (DC) set of tasks, used where standard data transfer and update methods are
inadequate. AD normally relies on multiple peer DCs, each with a copy of the AD
database, being synchronized by multi-master replication.
12. Tel me about the FSMO roles? Schema Master Domain Naming Master Infrastructure Master
RID Master PDC
Schema Master The schema is shared between every Tree and Domain in a forest and must be
consistent between all objects. The schema master controls all updates and modifications to the
schema.
Domain Naming Master Domain Naming Master FSMO Role. The Domain Naming Master
FSMO role owner is the DC responsible for making changes to the forest-wide domain name
space of the directory in the Partitions container.
Infrastructure Master The Infrastructure FSMO role is one of the three "per domain" Operations
Masters. The infrastructure FSMO keeps its domain's references to objects in other domains up-
to-date by comparing its data with information in the Global Catalog (GC).
RID Master This SID consists of a domain SID (the same for all SIDs created in a domain) and a
relative ID (RID) that is unique for each security principal SID created in a domain. RIDs are
allocated from a RID pool that is controlled by the RID Master FSMO.
Relative ID (RID) Master Allocates RIDs to DCs within a Domain. When an object such as a
user, group or computer is created in AD it is given a SID. The SID consists of a Domain SID
(which is the same for all SIDs created in the domain) and a RID which is unique to the Domain.
When moving objects between domains you must start the move on the DC which is the RID
master of the domain that currently holds the object.
PDC Microsoft recommends the careful division of FSMO roles, with standby DCs ready to take
over each role. The PDC emulator and the RID master should be on the same DC, if possible.
The Schema Master and Domain Naming Master should also be on the same DC.
PDC Emulator The PDC emulator acts as a Windows NT PDC for backwards compatibility, it
can process updates to a BDC.It is also responsible for time synchronizing within a domain. It is
also the password master (for want of a better term) for a domain. Any password change is
replicated to the PDC emulator as soon as is practical. If a logon request fails due to a bad
password the logon request is passed to the PDC emulator to check the password before rejecting
the login request.
1. How to check which server holds which role? Netdom query FSMO.
2. What is LDAP? LDAP is an acronym for Lightweight Directory Access Protocol and it
refers to the protocol used to access, query and modify the data stored within the AD
directories. LDAP is an internet standard protocol that runs over TCP/IP.
3. Explain what intrasite and intersite replication is and how KCC facilitates replication?
The replication of DC’s inside a single site is called intrasite replication whilst the
replication of DC’s on different sites is called Intersite replication. Intrasite replication
occurs frequently while Intersite replication occurs mainly to ensure network bandwidth.
KCC is an acronym for the Knowledge Consistency Checker. The KCC is a process that
runs on all of the Domain Controllers. The KCC allows for the replication topology of
site replication within sites and between sites. Between sites, replication is done through
SMTP or RPC whilst Intersite replication is done using procedure calls over IP.
4. Name a few of the tools available in Active Directory and which tool would you use to
troubleshoot any replication issues? Active Directory tools include: • Dfsutil.exe •
Netdiag.exe • Repadmin.exe • Adsiedit.msc • Netdom.exe • Replmon.exe Replmon.exe is
a graphical tool designed to visually represent the AD replication. Due to its graphical
nature, replmon.exe allows you to easily spot and deal with replication issues.
5. What tool would you use to edit AD? Adsiedit.msc is a low level editing tool for Active
Directory. Adsiedit.msc is a Microsoft Management Console snap-in with a graphical
user interface that allows administrators to accomplish simple tasks like adding, editing
and deleting objects with a directory service. The Adsiedit.msc uses Application
Programming Interfaces to access the Active Directory. Since Adsiedit.msc is a
Microsoft Management Console snap-in, it requires access MMC and a connection to an
Active Directory environment to function correctly.
6. How would you manage trust relationships from the command prompt? Netdom.exe is
another program within Active Directory that allows administrators to manage the Active
Directory. Netdom.exe is a command line application that allows administrators to
manage trust relationship within Active Directory from the command prompt.
Netdom.exe allows for batch management of trusts. It allows administrators to join
computers to domains. The application also allows administrators to verify trusts and
secure Active Directory channels.
7. Where is the AD database held and how would you create a backup of the database? The
database is stored within the windows NTDS directory. You could create a backup of the
database by creating a backup of the System State data using the default NTBACKUP
tool provided by windows or by Symantec’s Netbackup. The System State Backup will
create a backup of the local registry, the Boot files, the COM+, the NTDS.DIT file as
well as the SYSVOL folder.
8. What is SYSVOL, and why is it important? SYSVOL is a folder that exists on all domain
controllers. It is the repository for all of the active directory files. It stores all the
important elements of the Active Directory group policy. The File Replication Service or
FRS allows the replication of the SYSVOL folder among domain controllers. Logon
scripts and policies are delivered to each domain user via SYSVOL. SYSVOL stores all
of the security related information of the AD.
9. Briefly explain how Active Directory authentication works? When a user logs into the
network, the user provides a username and password. The computer sends this username
and password to the KDC which contains the master list of unique long term keys for
each user. The KDC creates a session key and a ticket granting ticket. This data is sent to
the user’s computer. The user’s computer runs the data through a one-way hashing
function that converts the data into the user’s master key, which in turn enables the
computer to communicate with the KDC, to access the resources of the domain.
Microsoft 70-410
Question No : 1 - Topic 1
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the
Hyper-V server role installed. On Server1, you create a virtual machine named VM1. VM1
has a legacy network adapter.
You need to assign a specific amount of available network bandwidth to VM1.
What should you do first?
A. Remove the legacy network adapter, and then run the Set-VMNetworkAdapter cmdlet.
B. Add a second legacy network adapter, and then run the Set-VMNetworkAdopter cmdlet.
C. Add a second legacy network adapter, and then configure network adapter teaming.
D. Remove the legacy network adapter, and then add a network adapter.
24
Answer : D
Question No : 2 - Topic 1
Your network contains an Active Directory forest named contoso.com. The forest contains
a single domain. The domain contains two domain controllers named DC1 and DC2 that
run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1.
You need to modify the SAM account name of Group1.
Which cmdlet should you run?
A. Add-AdPrincipalGroupMembership
B. Install-AddsDomainController
C. Install-WindowsFeature
D. Install-AddsDomain
E. Rename-AdObject
F. Set AdAccountControl
G. Set-AdGroup
H. Set-User
13
Answer : G
Question No : 3 - Topic 1
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the
Hyper-V server role installed.
An iSCSI SAN is available on the network.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
You create a LUN on the SAN to host the virtual hard drive files for the virtual machines.
You need to create a 3-TB virtual hard disk for VM1 on the LUN. The solution must prevent
VM1 from being paused if the LUN runs out of disk space.
Which type of virtual hard disk should you create on the LUN?
10
Answer : B
Explanation: The virtual disk needs to be a VHDX file since it is going to be over 2TB in size
and it must be fixed-size so that the space is already taken on the server (that way the server does
not run out of space as the volume grows) even if the actual virtual disk does not yet hold that
amount of data.
Question No : 4 - Topic 1
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has three physical network adapters named NIC1, NIC2, and NIC3.
On Server1, you create a NIC team named Team1 by using NIC1 and NIC2. You configure
Team1 to accept network traffic on VLAN 10.
You need to ensure that Server1 can accept network traffic on VLAN 10 and VLAN 11. The
solution must ensure that the network traffic can be received on both VLANs if a network
adapter fails.
What should you do?
14
Answer : C
Question No : 5 - Topic 1
Your network contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring K. Single-root I/O virtualization
Answer : J
Explanation: With Hyper-V Virtual Switch port mirroring, you can select the switch ports that
are monitored as well as the switch port that receives copies of all the traffic. And since Port
mirroring allows the network traffic of a virtual machine to be monitored by copying the traffic
and forwarding it to another virtual machine that is configured for monitoring, you should
configure port mirroring on VM2. Reference: http://technet.microsoft.com/en-
us/library/jj679878.aspx#bkmk_portmirror
Question No : 6 - Topic 1
In an isolated test environment, you deploy a server named Server1 that runs a Server
Core Installation of Windows Server 2012 R2. The test environment does not have Active
Directory Domain Services (AD DS) installed.
You install the Active Directory Domain Services server role on Server1.
You need to configure Server1 as a domain controller.
Which cmdlet should you run?
A. Install-ADDSDomainController
B. Install-ADDSDomain
C. Install-ADDSForest
D. Install-WindowsFeature
Answer : C
You have a server named Server1 that runs Windows Server 2012 R2.
You plan to create a storage pool that will contain a new volume.
You need to create a new 600-GB volume by using thin provisioning. The new volume
must use the parity layout.
What is the minimum number of 256-GB disks required for the storage pool?
A. 2
B. 3
C. 4
D. 5
17
Answer : C
Explanation: It takes 3 discs (minimum) in order to create a storage pool array with parity. If this
array were using fixed provisioning, this would not be enough given the 256MB capacity (since
only 2/3rds of 256 X 3 - less than 600 - could be used as actual data with the rest being parity
bits), but since this array uses thin provisioning, a 600GB volume could technically be set up on
a 20GB disc and it would still show as 600GB. (So, essentially, the question really becomes how
many drives it takes in a storage pool to create a parity array.) References:
http://technet.microsoft.com/en-us/library/hh831391.aspx
http://www.ibeast.com/content/tools/RaidCalc/RaidCalc.asp http://www.raid-
calculator.com/default.aspx https://www.icc-usa.com/raid-calculator
Question No : 8 - Topic 1
Answer : A,B,E
Question No : 9 - Topic 1
Your network contains an Active Directory forest. The forest functional level is Windows
Server 2012 R2. The forest contains a single domain. The domain contains a member
server named Server1. Server1 runs windows Server 2012 R2.
You purchase a network scanner named Scanner1 that supports Web Services on Devices
(WSD).
You need to share the network scanner on Server1.
Which server role should you install on Server1?
10
Answer : C
Explanation: The Print and Document Services role allows for the configuration to share printers,
scanners and fax devices. References: Exam Ref 70-410: Installing and Configuring Windows
Server 2012 R2, Chapter 1: Installing and Configuring servers, Objective 1.2: Configure servers,
p. 8 http://technet.microsoft.com/en-us/library/hh831468.aspx
Question No : 10 - Topic 1
You have a print server named Server1 that runs Windows Server 2012 R2.
On Server1, you create and share a printer named Printer1.
The Advanced settings of Printer1 are shown in the Advanced exhibit. (Click the Exhibit
button.)
The Security settings of Printer1 are shown in the Security exhibit. (Click the Exhibit
button.)
The Members settings of a group named Group1 are shown in the Group1 exhibit. (Click
the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information;
otherwise select No. Each correct selection is worth one point.
Answer :
Question No : 11 - Topic 1
You have a server named Server1 that runs Windows Server 2012 R2.
You plan to use Windows PowerShell Desired State Configuration (DSC) to confirm that
the Application Identity service is running on all file servers.
You define the following configuration in the Windows PowerShell Integrated Scripting
Environment (ISE):
A. Service1
B. Configuration1
C. Start DscConfiguration
D. Test-DscConfigu ration
Answer : B
Question No : 12 - Topic 1
Your network contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
VM2 sends and receives large amounts of data over the network.
You need to ensure that the network traffic of VM2 bypasses the virtual switches of the
parent partition.
What should you configure?
A. NUMA topology
B. Resource control
C. resource metering
D. virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring K. Single-root I/O virtualization
Answer : K
Explanation: Single-root I/O virtualization -capable network adapters can be assigned directly to
a virtual machine to maximize network throughput while minimizing network latency and the
CPU overhead required for processing network traffic. References:
http://technet.microsoft.com/en-us/library/cc766320(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/hh831410.aspx Exam Ref 70-410, Installing and
Configuring Windows Server 2012 R2, Chapter 3: Configure Hyper-V, Objective 3.1: Create
and Configure virtual machine settings, p.144 Training Guide: Installing and Configuring
Windows Server 2012 R2: Chapter 7: Hyper-V Virtualization, Lesson 2: Deploying and
configuring virtual machines, p.335
Question No : 13 - Topic 1
Your network contains an Active Directory domain named contoso.com. The domain
contains a domain controller named DC1 that hosts the primary DNS zone for
contoso.com.
All client computers are configured to use DC1 as the primary DNS server.
You need to configure DC1 to resolve any DNS requests that are not for the contoso.com
zone by querying the DNS server of your Internet Service Provider (ISP).
What should you configure?
Answer : C
Explanation: On a network with several servers and/or client computers a server that is
configured as a forwarder will manage the Domain Name System (DNS) traffic between your
network and the Internet.
Question No : 14 - Topic 1
Select Yes if the statement can be shown to be true based on the available information;
otherwise select No. Each correct selection is worth one point.
10
Answer :
Explanation:
C:\Users\Kamran\Desktop\1.jpg Group Policy does NOT APPLY TO SECURITY GROUPS, only users and
computers in an OU. Consequently, the only users in the OU are User2 and User4. Since the Security
Filtering specifies that the policy will only apply to users/computers in the OU who are members of
Group1 or User3, User4 will not have the policy applied. Since User2 is, in fact, a member of Group1, the
policy will be applied to user 2. Thus, the only user who will not be able to access the control panel is
User2.
Question No : 15 - Topic 1
Your network contains an Active Directory forest named contoso.com. The forest contains
a single domain. All servers run Windows Server 2012 R2. The domain contains two
domain controllers named DC1 and DC2. Both domain controllers are virtual machines on
a Hyper-V host.
You plan to create a cloned domain controller named DC3 from an image of DC1.
You need to ensure that you can clone DC1.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. Add the computer account of DC1 to the Cloneable Domain Controllers group.
B. Create a DCCloneConfig.xml file on DC1.
C. Add the computer account of DC3 to the Cloneable Domain Controllers group.
D. Run the Enable-AdOptionalFeaturecmdlet.
E. Modify the contents of the DefaultDCCIoneAllowList.xml file on DC1.
Answer : A,B
Explanation: A. Cloneable Domain Controllers Group Theres a new group in town. Its called
Cloneable Domain Controllers and you can find it in the Users container. Membership in this
group dictates whether a DC can or cannot be cloned. This group has some permissions set on
the domain head that should not be removed. Removing these permissions will cause cloning to
fail. Also, as a best practice, DCs shouldnt be added to the group until you plan to clone and DCs
should be removed from the group once cloning is complete. Cloned DCs will also end up in the
Cloneable Domain Controllers group. B. DCCloneConfig.xml Theres one key difference
between a cloned DC and a DC that is being restored to a previous snapshot:
DCCloneConfig.XML. DCCloneConfig.xml is an XML configuration file that contains all of the
settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD
site name, new DC name and more. This file can be generated in a few different ways. The New-
ADDCCloneConfigcmdlet in PowerShell By hand with an XML editor By editing an existing
config file, again with an XML editor. Reference: Virtual Domain Controller Cloning in
Windows Server 2012.